Tutorials

January 20, 2025
by

Purple Teaming: What Not to Do in OT & IoT Testing to Avoid Halting the Factory or Sinking the Oil Rig

Umair Ahmed, a Senior Security Engineer at HelloFresh, shares insights on pen-testing operational and IoT systems, emphasizing the importance of preparation, threat modeling, stakeholder alignment, and execution. He highlights the need for careful examination of systems to mitigate risks and ensure compliance while providing best practices for effective testing. Post-engagement, thorough reporting and follow-ups are essential for continuous improvement and vulnerability management.

June 28, 2024
by

Finding Hidden Threats: How I Found Leaked AWS Credentials in an Android App API Using DAST

Found a critical vulnerability involving leaked AWS credentials within an Android App API during a bug bounty hunt. by utilizing Dynamic Application Security Testing (DAST) and the Mobile Security Framework (MobSF) to uncover the vulnerability. This blog post provides a step-by-step guide for newcomers to set up their own testing environments and utilize MobSF.

April 19, 2023
by

How I Manipulated My Rank on the Bugcrowd Platform

This vulnerability on the Bugcrowd platform allowed manipulating rank on the platform using the API.

February 27, 2022
by

Hacking Subscription Plans for free service.

June 30, 2020
by

Using Inspect Element to Bypass Security restrictions | Bug Bounty POC

Hey guys so this blog post is about bug bounty report, I was able to Bypass Security restrictions by using inspect element and use Paid Features. About the Issue: The...

February 19, 2020
by

Hacking SMS API Service Provider of a Company |Android App Static Security Analysis | Bug Bounty POC

Hey guys so this blog post is about doing static analysis of an Android App, And due to insecure storage of SMS API credentials I was able to Takeover the SMS API here’s a Short POC of the issue.

February 4, 2020
by

Exploiting Insecure Firebase Database!

Hey guys so this blog post is about Exploiting Insecure Firebase Databases, due to Improper set security rules one can write data to the database in certain conditions here’s a...

January 16, 2018
by

KNOXSS for Dummies! A new Detailed Guide to use KNOXSS Pro in real world

Just “XSS” it Hello to all my brothers and friends. First i would like to thank @knowledge_2014 (ak1t4 z3n) for his support and @IfrahIman_ (Ifrah Iman) for helping to write this...

October 11, 2017
by

What is Subdomain Hijack/Takeover Vulnerability? How to Identify? & Exploit It?

The POST explains What is Subdomain Hijack/takeover Vulnerability, What are the Impacts of the Vulnerability & How can You prevent such attacks, In addition to this I Tried my best...