Found a critical vulnerability involving leaked AWS credentials within an Android App API during a bug bounty hunt. by utilizing Dynamic Application Security Testing (DAST) and the Mobile Security Framework (MobSF) to uncover the vulnerability. This blog post provides a step-by-step guide for newcomers to set up their own testing environments and utilize MobSF.
Hey Guys, So This Blog is Basically About an issue i found in a web where a missing file and an Unsecured S3 Bucket connected to that website gave...
Hi All, So Last month i decided to test Uber for Fun & Profit, So while scanning for subdomains to target i found a subdomain “design.uber.com” While navigating to the...
The POST explains What is Subdomain Hijack/takeover Vulnerability, What are the Impacts of the Vulnerability & How can You prevent such attacks, In addition to this I Tried my best...
Hey, I decided to Write about this Issue because I have seen some people are still confused about “Fastly error: unknown domain” Many Subdomains of BugBounty programs have This error...
Hey Guys! So I have to accept that I’m a Huge Fan of Lamborghini Cars 👊 So I was just looking at their website lamborghini.com when I decided to scan...