Author: Muhammad Khizer Javed

I am a cybersecurity researcher, I work as a Lead Penetration Tester at SecurityWall, I work with a team of skilled cybersecurity professionals who conduct web and mobile application penetration testing, vulnerability assessments, and information security consulting for various clients. I hold multiple certifications from EC-council, The SecOps Group, and Training From ICSI|UK PentesterLab, & Google Workshop. I am also an avid bug bounty hunter, actively participating in the HackerOne and Bugcrowd platforms, where I have earned acknowledgments from renowned companies such as Apple, Microsoft, Facebook, the Government of Singapore, and the US Department of Defense. I have extensive experience in web application security testing, Android application security testing, and vulnerability assessment, delivering exceptional results and robust solutions. My passion for cybersecurity drives me to constantly learn new skills and techniques and to share my knowledge and insights with the community. I have a proven track record of helping organizations fortify their digital infrastructure and protect against potential threats, by leveraging my expertise in web and mobile application security, information security consultancy, and vulnerability management.
Bug Bounty Blueprint: A Beginner’s Guide

Bug Bounty Blueprint: A Beginner’s Guide

Posted on by Muhammad Khizer Javed

This guide is a must-read for beginners to dive into Bug Bounty Hunting. It provides foundational skills, tips, tools, and resources for Bug Bounty Hunters. I’ve covered various aspects including vulnerabilities and learning resources. Are you ready to embark on your Bug Bounty adventure?

Read more

Using Inspect Element to Bypass Security restrictions | Bug Bounty POC

Posted on by Muhammad Khizer Javed

Hey guys so this blog post is about bug bounty report, I was able to Bypass Security restrictions by using inspect element and use Paid Features. About the Issue: The issue is really simple to execute. I was looking for a way to use the service for free and managed to find it so easily…

Read more

Microsoft Apache Solr RCE Velocity Template | Bug Bounty POC

Posted on by Muhammad Khizer Javed

Hey guys so this blog post is about RCE issue reported to Microsoft bug bounty program, Remote Code execution issue existed in microsoft.com subdomain running Apache Solr.   I’ll try to be as simple as possible. Participated in Microsoft Bug Bounty Program first time.. About the RCE: While doing some recon on microsoft.com website i…

Read more

Getting Started in Android Apps Pen-testing (Part-1)

Posted on by Muhammad Khizer Javed

Hey Everyone, My name is M.Qasim Munir and this is my first blog article that I’m writing about getting started in android apps pen-testing. I hope this article will help you with learning something new. Getting Started in Android apps Pen-testing (PART-1):   Amazing development and growth in mobile apps have carried a bunch of…

Read more

Exploiting Insecure Firebase Database!

Posted on by Muhammad Khizer Javed

Hey guys so this blog post is about Exploiting Insecure Firebase Databases, due to Improper set security rules one can write data to the database in certain conditions here’s a Short POC tutorial of the issue. A few days ago i was doing static analysis of an Android app on a bug bounty target, as…

Read more

Improper Input Validation | Add Custom Text and URLs In SMS send by Snapchat | Bug Bounty POC

Posted on by Muhammad Khizer Javed

Hey guys so this blog post is about an Issue in Snapchat’s Website, due to Improper Input Validation one can add custom text & urls in SMS send by Snapchat here’s a Short POC of the issue.     HackerOne Report: #420420 A Subdomain on Snapchat’s website https://whatis.snapchat.com/ Gives the basic information about Snapchat, what…

Read more
%d bloggers like this: