Bug Bounty for Beginners: Your First Steps to Finding Vulnerabilities
Ready to start bug bounty hunting? This guide for beginners covers essential skills, tools, and strategies to find your first vulnerability and earn rewards. Practical tips from experienced pentesters.
Metasploit Tutorial for Pentesters: Your Ultimate Exploitation Guide
Master Metasploit with this hands-on tutorial. Learn setup, scanning, exploitation, and post-exploitation techniques for effective penetration testing and bug bounties.
HackTheBox CTF Walkthroughs: A Pentester's Practical Guide
Master HackTheBox CTF walkthroughs with this expert guide. Learn practical techniques, tools, and strategies for penetration testing and bug bounty hunting.
Reverse Shell Cheatsheet: Your Ultimate Pentesting Guide
Master reverse shells with this ultimate cheatsheet for pentesters & bug bounty hunters. Get practical code examples, bypass techniques, and troubleshooting tips.
OWASP Top 10 Explained: A Pentester's Practical Guide
Dive deep into the OWASP Top 10 with practical insights, real-world examples, and hands-on advice for bug bounty hunters, red teamers, and AppSec engineers. Master critical web security vulnerabilities.
Nmap Tutorial for Pentesters: Deep Dive into Network Scanning
Master Nmap with this in-depth tutorial for pentesters, bug bounty hunters, and red teamers. Learn essential commands, advanced scripts, and practical scanning techniques.
Wireshark Tutorial for Pentesters: Deep Dive into Packet Analysis
Master Wireshark for penetration testing and bug bounty hunting. This practical Wireshark tutorial covers installation, advanced filters, protocol analysis, and real-world scenarios for security research.
Kali Linux Commands for Pentesters & Bug Bounty Hunters
Master essential Kali Linux commands for penetration testing, bug bounty hunting, and red teaming. Practical examples, powerful tools, and expert tips for security professionals.
SQL Injection Explained: A Deep Dive for Pentesters & Bug Bounty Hunters
Uncover the dangers of SQL Injection. This practical guide for pentesters, red teamers, and bug bounty hunters breaks down common types, real-world attacks, and detection techniques. Learn to exploit and prevent SQLi.
Welcome to our blog.
Welcome to our blog.
Multiple Stored XSS and HTML Injection in...
Title: Multiple Stored XSS and HTML Injection in Edueto. Found by: Skelor
RCE In AddThis
This vulnerability has been fixed as of July 20, 2016 and is shared with consent from the vendor. If you wish to share the information provided in the write up, provide credit f…
PornHub: Email Confirmation Bypass
Reporter : Vaxo Dai (@___0x00) After signing up client needs to verify his email address to further use but the confirmation can be bypassed and can put any email address to con…
Reading Uber’s Internal Emails [Uber Bug Bounty report worth $10,000]
After recent finding about one of the Uber’s subdomain takeover was publicly disclosed, I looked into Uber to find similar bugs. One of my colleagues Abhibandu Kafle, pointed ou…
How I snooped into your private Slack messages [Slack Bug bounty worth $2,500]
When researching about MX records of slack.com, I noticed that they used a 3rd party email service. In that service, however slack.com was already claimed. After a little more r…
Bypassing Ebay XSS Protection to launch XSS by Nirmal Dahal
This is a small proof of concept regarding “Reflective Cross-Site Scripting [ R-XSS ]” which I had found on Ebay. I am not an active participant in bug bounty programs, but one …
I got emails - G Suite Vulnerability
After recent finding about Uber and SendGrid bug, I decided to check other third party applications that were also used for similar cases. During the investigation, some third p…
This domain is my domain - G Suite A record vulnerability
In part two of G Suite vulnerability discussion, I am writing about a simple but quite serious vulnerability in yet another part of G Suite Application. In general, G Suite is a…