Hey guys, hope you are doing well.

As promised earlier this is a write-up of my recent findings on CSRF(Cross-site request forgery) bugs. It’s so amazing to know the time invested to understand the bugs and their impact is paying off drastically. If interested you can check my recent CSRF related finding below. So without further ado let’s dive in.

Cross-Site Request Forgery —

In simple terms, it’s the ability of an attacker to make any victim/user perform actions in the application wanted by the attacker with the help of cookies.

Attack type.

For technical details please refer to this blog

Enumeration —

One fine evening, I started…

Hey guys, Hope you are doing well.

In this article, I’m going to share my recent finding which was mostly about the enumeration part. So without any further delay let’s dive in.

Enumeration -

  1. I picked a target from Bug crowd assume it as redacted.com (coz everyone mentions that way :). The specialty of this program is you are able to view any previously submitted vulnerabilities by other security researchers. On viewing this list there were no CSRF bugs reported. This gave me a better opportunity to look for CSRF.
Type of Vulnerability!!

Tools Used -

The main tool I use for finding a CSRF vulnerability is Burp…

Hey Guys, This is my first blog which I shall be documenting through my journey of pursuing OSCP. Inspired by @thecybermentor and Joe Helle.

Box Owned

Let’s get started!


Run Nmap to enumerate open ports and services running on the box.

Hello, guys hope you all are doing good.

Firstly I would like to thank everyone for showing much love and support on my first bounty write-up which inspired me to share a few more nudges with the community.

Link to my first bug — (https://medium.com/@balapraneeth98/journey-to-my-first-bug-hunt-6dc5e4552128)

So unlike my first bug, this write-up is going to be very short and crisp which details about the way you can bypass an OTP auth function whenever you come across it next time.

Methodology —

  1. Since its a non-disclosure program I cannot disclose the website name so let's assume it as vulnerable.com
  2. So initially I created…

Hey guys. Hope you all are safe and sound.

Diving straight into the topic.

At times you must have encountered what the heck these TAR files are and why do they have those weird extensions. I had the same thought when I came across this while watching IPPSEC vids. Have researched this but couldn’t get the exact meaning.

So here is a nudge on TAR files.

TAR files

Let me explain the scenario — Assume you want to send 10 files to your friend through email. One approach is to select every file, upload, and send it. Rather wouldn’t it be easy…

Hey, folks hope you all are doing good.

Okay. Everyone wants to get their first bug and receive that amazing bounty and feel confident that you can hack. So here it is finally. I always wanted to write such an article and share it with the community. The journey of my first bug hunt.

Having a CS background I started learning information security in June 2020 and was super excited to get hands-on learning in security. But I was so stuck, confused and didn’t know where to start. So, as everyone does I asked “Google” How to get started in…

Hello, guys hope you are doing well, this is a write-up of Bounty Hacker room in Try hack me platform. So let's get started and dive in straight.

Deploy the machine and give it a moment to start. Do not worry if the IP is not seen for 2 minutes or so. As this turned out as a new feature of this platform. Once the machine is deployed successfully go ahead and run the Nmap scans. I always tend to use threader 3000 which is developed by Joe Helle which is combined with Nmap and a much faster tool.

Threader3000 scans

Understanding the fundamentals of Pen-testing and working our way up.

Hey folks, hope you all are having a wonderful day.

Pen-testing is a field in Computer security where it does require some pre-requisite knowledge on Linux, Programming, and Networking. It’s not mandatory to be a professional in these areas. But a good understanding of the basics will establish a strong foundation. Resources for learning these concepts will be attached below.

Hey guys, ever wondered when you request for a specific file back in the olden days, how would the system process and handles the request. Just think over it.

So here’s the deal, back then, when a particular file is requested by the user the following things are required to retrieve it successfully. The name of the file, server in which the file is present and path of the file requested

In order to overcome these requirements windows came up with the idea of Active directory.

Active directory (A.D) — You can think of it as a centralized and distributed…

Bala Praneeth (Begin_hunt)


Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store