VDP/BBP’de avlanırken daha keşif aşamasında denediğimiz o en umut veren nokta,IDOR. En başından anlaşalım. IDOR , ID değişmesi değildir…

Bug bounty programs allow security hobbyists to legally discover vulnerabilities in apps and be compensated. They are an excellent means…

“Most bug bounty hunters stop after a fix is deployed. That’s a mistake.”

✍️Design-level Stored Xss In Matomo I18n Rendering — Public Write-up

1. Introduction: The Myth of the Clean Slate

Introduction (Task 1 to Task 3)

Every secure system is built on trust.

Navigating the Shadows: A Comprehensive Guide to Entering the Dark Web

We all like finding complicated bugs — the kind that takes days to figure out and makes you feel like a genius hacker. But sometimes, the…

Every SOC analyst knows this moment if you've been in the industry for a while.

One stolen token can destroy a production system faster than any zero day exploit.

When most people hear the word “hacker”, they imagine someone in a dark room typing furiously on a keyboard. That image is dramatic, but it…

A Simple Mental Model Most Defenders Ignore

A Web Hacking Tool

https://tryhackme.com/room/ignite

This CTF focuses on subdomain enumeration — a critical reconnaissance technique used to discover hidden services and potential attack…

After opening the lab, I put the basic alert payload into the search bar and after putting search we got the alert function that lets us…

Welcome to this new Medium post! In this one we’re gonna mess around with something pretty cool: RPC (Remote Procedure Call), basically the…

A story about why “secure” networks still fail, and why most defenses are pointed in the wrong direction.

A series of articles focused on freely available hacking tools, in this edition we look at the web recon tool Dirb.

সাইবার সিকিউরিটি এবং পেনিট্রেশন টেস্টিংয়ের জগতে একটি বহুল প্রচলিত কথা আছে — “আপনি যা দেখতে পাচ্ছেন না, তা আপনি হ্যাক করতে পারবেন না।” এই…