Found a critical vulnerability involving leaked AWS credentials within an Android App API during a bug bounty hunt. by utilizing Dynamic Application Security Testing (DAST) and the Mobile Security Framework (MobSF) to uncover the vulnerability. This blog post provides a step-by-step guide for newcomers to set up their own testing environments and utilize MobSF.
This guide is a must-read for beginners to dive into Bug Bounty Hunting. It provides foundational skills, tips, tools, and resources for Bug Bounty Hunters. I’ve covered various aspects including vulnerabilities and learning resources. Are you ready to embark on your Bug Bounty adventure?
This vulnerability on the Bugcrowd platform allowed manipulating rank on the platform using the API.
This blog post is about how a hacker could have Hacked 100k+ Loyalty Programs to get free points & redeem them for free stuff or coupons.
Hey guys so this blog post is about bug bounty report, I was able to Bypass Security restrictions by using inspect element and use Paid Features. About the Issue: The...
Hey Everyone, I hope you all are fine and doing well. Today I wanna share something related JSON Web Tokens (JWT). In this writeup, I’ll tell you how I was...
Hey guys so this blog post is about RCE issue reported to Microsoft bug bounty program, Remote Code execution issue existed in microsoft.com subdomain running Apache Solr. I’ll try...
Hey Everyone, My name is M.Qasim Munir and this is my first blog article that I’m writing about getting started in android apps pen-testing. I hope this article will help...
Hey guys so this blog post is about doing static analysis of an Android App, And due to insecure storage of SMS API credentials I was able to Takeover the SMS API here’s a Short POC of the issue.
