gitGraber: monitor GitHub to search and find sensitive data in real time for different online services such as: Google, Amazon, Paypal, Github, Mailgun, Facebook, Twitter, Heroku, Stripe... - hisxo...

Introduction

Hi guy I am back with another POC that I found in PRIVATE program on bugcrowd let get started. So let assume the SITE name private.com I…

This article about how I found two sites for HTTP Request Smuugling

Hi there again,

I followed the usual Recon process after enumerating subdomains ,

MEGA provides free cloud storage with convenient and powerful always-on privacy. Claim your free 20GB now

A list of interesting payloads, tips and tricks for bug bounty hunters. - BugHunterID/bugbounty-cheatsheet

Hacker101. Contribute to AlexisAhmed/hacker101 development by creating an account on GitHub.

List of Awesome Red Teaming Resources. Contribute to AlexisAhmed/Awesome-Red-Teaming development by creating an account on GitHub.

I got invite for private program on bugcrowd. Program do not have huge scope , just a single app with lots of features to test. I usually…

And maximize their impact while hunting for bugs.

This is my second blog about #bugbounty.You can check out my first blog that is full of resources and content for bug bounty hunters. If…

MEGA provides free cloud storage with convenient and powerful always-on privacy. Claim your free 20GB now

The Invicti SQL Injection Cheat Sheet is the definitive resource for payloads and technical details about exploiting many different variants of SQLi vulnerabilities.

All about hacking, here you can learn all new methods of hacking ,

Everyone has a phone, using at least one phone number. Phone numbers are a very common resource for Social Engineering. It’s something we…

Story about Race Condition and understanding the logic of application

TL;DR : A page on domain manager.paypal.com was vulnerable to “Expression Language Injection” (JSTL) and I was able to extract some…