Note before you start.

I have heard a lot about GraphQL but never got time to understand due to time constraints. Recently, I got an application to pentest with…

Hi Folks, hope you are all fine, so this writeup is about exploiting JSONP to extract private data from API endpoints and bypassing the…

AppSecure is an offensive cybersecurity company, works with businesses across the world to protect their data, reputation, and brand.

Intigriti Hackademy. This is the landing page for Intigriti's learning platform, where you can dive into multiple vulnerability classes.

Hacking Facebook for fun and profit: It’s not that hard, apparently (exclusive) - Symbo1/facebook-bug-bounties

NOTE:I may be wrong in my analysis in many way but hope it would be helpful.Please donot leave comment below ,but you can DM me or tweet me in twitter.



Initially when I started Bug bounty in 2015  I used to try to upload SVG for stored xss after reading…

REDIRECTING TO THE NEW BLOG ... Hello Hunters,                         This time I am writing about a Vulnerability found in another ...

بسم الله الرحمن الرحيم

Modern penetration tests and calm bug bounty programs for startups.

Hello guys,

Today I‘ll share with you a interesting XSS in Yahoo. My favorite target is Yahoo, because they have a big scope, so let’s start.

Offensive website security Bug bounty Ethical hacking

JavaScript has become one of the most ubiquitous technologies in the modern web browsers. Applications built using client-side JavaScript…

This actually worked on the first site we tested! 🤯 P.S.: Legacy or unimplemented OAuth flows often contain vulnerabilities that can lead to account takeover. 😈 Thanks for the #BugBountyTip, @ngalongc!

I got invite for private program on bugcrowd. Program do not have huge scope , just a single app with lots of features to test. I usually…

Google’s Gmail email service is used by upwards of 1.5 billion people. The Google Calendar app, meanwhile, has been downloaded more than a…

And maximize their impact while hunting for bugs.

This blogpost is about a recently disclosed security issue with the LastPass browser extension discovered by Tavis Ormandy from the Google…

This repository will serve as the "master" repo containing all trainings and tutorials done in preperation for OSWE in conjunction with the AWAE course. This repo will likely cont...