Hey guys, hope you are doing well.
As promised earlier this is a write-up of my recent findings on CSRF(Cross-site request forgery) bugs. It’s so amazing to know the time invested to understand the bugs and their impact is paying off drastically. If interested you can check my recent CSRF related finding below. So without further ado let’s dive in.
In simple terms, it’s the ability of an attacker to make any victim/user perform actions in the application wanted by the attacker with the help of cookies.
For technical details please refer to this blog
One fine evening, I started…
Hey guys, Hope you are doing well.
In this article, I’m going to share my recent finding which was mostly about the enumeration part. So without any further delay let’s dive in.
The main tool I use for finding a CSRF vulnerability is Burp…
Hello, guys hope you all are doing good.
Firstly I would like to thank everyone for showing much love and support on my first bounty write-up which inspired me to share a few more nudges with the community.
Link to my first bug — (https://medium.com/@balapraneeth98/journey-to-my-first-bug-hunt-6dc5e4552128)
So unlike my first bug, this write-up is going to be very short and crisp which details about the way you can bypass an OTP auth function whenever you come across it next time.
Hey guys. Hope you all are safe and sound.
Diving straight into the topic.
At times you must have encountered what the heck these TAR files are and why do they have those weird extensions. I had the same thought when I came across this while watching IPPSEC vids. Have researched this but couldn’t get the exact meaning.
So here is a nudge on TAR files.
Let me explain the scenario — Assume you want to send 10 files to your friend through email. One approach is to select every file, upload, and send it. Rather wouldn’t it be easy…
Hey, folks hope you all are doing good.
Okay. Everyone wants to get their first bug and receive that amazing bounty and feel confident that you can hack. So here it is finally. I always wanted to write such an article and share it with the community. The journey of my first bug hunt.
Having a CS background I started learning information security in June 2020 and was super excited to get hands-on learning in security. But I was so stuck, confused and didn’t know where to start. So, as everyone does I asked “Google” How to get started in…
Hello, guys hope you are doing well, this is a write-up of Bounty Hacker room in Try hack me platform. So let's get started and dive in straight.
Deploy the machine and give it a moment to start. Do not worry if the IP is not seen for 2 minutes or so. As this turned out as a new feature of this platform. Once the machine is deployed successfully go ahead and run the Nmap scans. I always tend to use threader 3000 which is developed by Joe Helle which is combined with Nmap and a much faster tool.
Understanding the fundamentals of Pen-testing and working our way up.
Hey folks, hope you all are having a wonderful day.
Pen-testing is a field in Computer security where it does require some pre-requisite knowledge on Linux, Programming, and Networking. It’s not mandatory to be a professional in these areas. But a good understanding of the basics will establish a strong foundation. Resources for learning these concepts will be attached below.
Hey guys, ever wondered when you request for a specific file back in the olden days, how would the system process and handles the request. Just think over it.
So here’s the deal, back then, when a particular file is requested by the user the following things are required to retrieve it successfully. The name of the file, server in which the file is present and path of the file requested
In order to overcome these requirements windows came up with the idea of Active directory.
Active directory (A.D) — You can think of it as a centralized and distributed…