Hi everyone! I have a great news to share with you all. After a lot of struggle, I am very excited to tell you all that i'll be doing live session with all you on the topic of Server Side Request Forgery! The webinar will be around 2 hrs long and will cover everything about ssrf from basics to advanced. The best part? IT WILL BE FREE FOR EVERYONE! We are going to do it in the month of November! See you all soon

Hi everyone! Excited to tell you all that i have finished creating a new video and it will be releasing tomorrow 11am IST! This video will help beginners to understand one of the very common misconfiguration in web application in depth. At the end of this video, you will be able to understand everything about that misconfiguration and then also learn how to fix it! Hope you all will like it.

Thanks again for all your support
Keep learning & Keep hacking 💪🏻

Hi everyone, The new video is out!
Check it here: https://www.youtube.com/watch?v=y0BnRuCdX-0

Hi everyone, On this special occasion of getting over 1M views on YouTube and 20K+ subscribers, I'll be conducting a webinar on Securzy on server side request forgery absolutely free!



If you are interested, then make sure to register yourself using the link: https://lab.securzy.io/c/securzy-events/bug-bounty-all-about-ssrf



Keep learning & Keep hacking!

Note: The recordings on this webinar could be paid so it will be best if you all can watch live!

Hi everyone, Please make sure to register using your actual email address for the event otherwise you'll get removed.

Thank you!!!

Have you ever struggled with rate limits during content discovery? Here's how to break through without slowing down.






I just released a video where I walk you through a step-by-step guide on bypassing rate limits using IP rotation through Tor. Whether you're diving into bug bounties, ethical hacking, or just honing your content discovery skills, knowing how to handle rate limits can make a huge difference. In the video, I explain how to use Tor to rotate IPs efficiently so you can keep your exploration seamless and uninterrupted.

If you're looking for actionable techniques that actually work, this video is for you. Check it out and take your content discovery skills to the next level.

Video Link: https://www.youtube.com/watch?v=lbpFBYTpyPg

Let me know your thoughts or if this approach has been helpful to you.

In one of my recent pentest, I was able to hack their zimbra webserver which is used to handle their emails. Once logged in, I was able to read all their private emails, get organization details and lot of other sensitive data!



Here's how i did that:

1. Their main application was created on angular. So by reading the source code, I identified some internal api endpoints.

2. Upon sending the request to these api endpoints, I was able to grab the credentials for webserver.

3. Enumerated all subdomains to find their mailing server and tested the creds

4. Got access to the portal!!!! (Sample picture attached for reference)



Tip: Always keep a close look at the source code, You might find something juicy there😉

See you all tomorrow!

See you all in about 30 mins!

Join with this link: https://lab.securzy.io/c/securzy-events/bug-bounty-all-about-ssrf

Hi everyone, I hope you enjoyed the session! Once again, Thank you so much for the love and support💪

Regarding recording, Unfortunately, I don't think you will be able to get it unless you are a pro member on Securzy

We have already posted about it to aware you all that you may not get the recording for free. However, Given the love and support by you all, We will definitely plan to launch another session soon in the near future!

Hi Everyone! Apologies for the delays in video uploads. I am actually at my hometown and been really busy because of some personal reason. But finally got some time to work on a new video and trust me, You will definitely like it!!! It will be very useful when you are hacking modern apps developed in node, python etc

Keep learning & Keep Hacking!

Releasing soon!!!

How Dependency Confusion Exposed Millions: The Hack Every Developer Should Know











Ever heard of Dependency Confusion? It’s a clever way attackers can exploit package managers to infiltrate systems—and it’s a serious threat to software supply chains.

In my latest video, I break it all down: what it is, how it works, and how you can protect yourself. There’s even a live demo to make it super easy to follow.

If you’re into bug bounty hunting, ethical hacking, or just want to level up your security knowledge, this one’s for you.

Check it out and let me know what you think!


Video Link: https://www.youtube.com/watch?v=7ZcRNvmRz6E

Thinking on creating some videos on iOS Pentesting. Let me know what you all think

Hi everyone! Hope you all are having a great day! For the past two days, I have been creating a challenge based on my recent findings in a web app pentest which was highly secured. The video of it will be releasing soon on our official channel. However, For anyone who is going to solve the challenge, their name will be mention on our new video

Target: http://portal.bepractical.tech
Credential:
username: local
password: bepractical

Hint: We already have two videos on this topic already..maybe you can use it for reference😉

You can send us the report at: business@bepractical.tech

Last date to submit the report: 13th December 2024