Articles by Tag #bugbounty
Browse our collection of articles on various topics related to IT technologies. Dive in and explore something new!
404ping v2 — The API Testing CLI That Went From Side-Project to Beast Mode 💥
curl + Postman + brain = 404ping When I built 404ping v0.0.1, it was a tiny experiment. I just...
How to Install DVWS (Damn Vulnerable Web Services) on Nginx
DVWS (Damn Vulnerable Web Services) is a deliberately vulnerable web application for learning web and...
200 reports, 11 valid bugs, 0 critical issues. Why our HackerOne VDP was still worth it
In July 2024, we launched a Vulnerability Disclosure Program (VDP) on HackerOne. Customers and...
Building 404fuzz: A Multi-Core Fuzzer That Never Gets Tired
Most people think fuzzers are just “tools that send fast requests.” That’s true. But building a...
Hunting Hidden GraphQL Mutations How I Found AddWorkspaceWhitelistDomains Using JavaScript Analysis
( صل علي النبي) Introduction During a recent penetration test, I encountered an...
Bug Bounty Hunting for GenAI
ToxSec | How to deal with GenAI in bug bounty programs.
Monitor HTTP Response Headers Like a Pro: Introducing Header Change Notifier for Burp Suite
A must-have tool for every security researcher, penetration tester, or bug bounty hunter who cares...
Bug Bounty Hunting in 2026
A complete guide to start earning money through bug bounty hunting. Table of...
Git Tales: Secrets in the Shadows
Part 1 of 3 in Git Tales Series Enter fullscreen mode Exit fullscreen mode ...
My Journey: Discovering the Relationship Between Kali Linux and Black Arch
My Journey: Discovering the Relationship Between Kali Linux and Black Arch As a...
Meet ReVex: The Cyberpunk HTTP Repeater that lives in your DevTools ☠️
We’ve all been there. You’re browsing a target site, hunting for bugs or debugging an API. You spot...
Final Tale: Part 3 - The Gateways We Left Open
Part 3 of 3 in Git Tales Series Enter fullscreen mode Exit fullscreen mode ...
Git Tales: Part 2 - Demons in the Cloud
Part 2 of 3 in Git Tales Series Enter fullscreen mode Exit fullscreen mode ...
Understanding APIs Beyond the Textbook: A Bug Hunter’s Perspective
When people first learn about APIs, the textbook definition usually sounds something like this: “An...
Comprehensive CEH v13 Study Guide
Link to article In today’s rapidly evolving digital landscape, cybersecurity has become paramount....
Bug Bounty 2025: The Unfiltered Roadmap to Hunting Success
Introduction Let's cut through the noise: the bug bounty landscape of 2025 isn't what...
Found Critical Bugs in Lovense - They Ignored Researchers for 2 Years Until I Went Public
I found critical vulnerabilities in Lovense that affected 11M+ users. Discovered email disclosure...
Next.js Middleware Broken Access Controls
Recently, an Authorization Bypass vulnerability was discovered in the Next.js framework (one of the...
🐞 Comprehensive Bug Bounty Hunting Methodology
Comprehensive Bug Bounty Hunting Methodology This document outlines a detailed methodology...
Credential Dumping Applications: What They Are, How They Work, and How to Defend Against Them
Credential dumping is a common post-exploitation technique used by attackers to harvest user...
Day 1 of My Bug Bounty Journey - Starting from Zero
🧠 Why I’m Starting I've decided to begin my bug bounty journey — not because I'm an...
My 100 Hour Rule for Bug Bounty !
In this post, I share my 100-Hour Rule - how I structure every minute of hunting into focused phases,...
How to Deploy SafeLine WAF on a CyberPanel VPS
SafeLine is a self-hosted Web Application Firewall (WAF) that operates independently from any...
Web Cache Deception Attacks
Web Cache Deception is a vulnerability first described in 2017. It occurs when a caching system —...
🧭 Selecting the Right Bug Bounty Targets & Reconnaissance
🎯 Target Prioritization Not all targets are created equal. Prioritization helps you allocate your...
25000$ IDOR: How a Simple ID Enumeration Exposed Private Data
Timeline June 28, 2022: A security researcher submits a report detailing a critical GraphQL...
How to Use Burp Suite for Bug Bounty Hunting: A Beginner-Friendly Guide
** 🛠️ What is Burp Suite? **Burp Suite is one of the most powerful tools for web...
Is Legally Non-Compliant Behavior a Security Vulnerability?
1. Introduction In the evolving landscape of information security, compliance and...
🚀 Introducing Astra v1.1 – Local, Powerful, and Now Even More Flexible
I'm excited to announce the release of Astra v1.1, the latest version of my open-source network...
How I found my "First Bug" in a public bug bounty program
Today I was reviewing my Telegram channels and realized that I hadn't written a summary of my "first...