Benja (bronxi)😎 Chaining bugs for Account TakeoverI’m going to share with you my second account takeover for which I was rewarded in the wonderful world of bug bounty hunting. I want to…Jun 232Jun 232
Benja (bronxi)FB OAuth Misconfigurations to Account Takeover 😎Today I’m going to share my experience through a bug, my first account takeover in bug bounty through authentication via Facebook. It was…Apr 52Apr 52
Benja (bronxi)My First IDOR - Hiding in the Header RequestIn the midst of a busy schedule, the little time I dedicate to bug hunting brings immense joy, especially when I stumble upon something…Nov 21, 20233Nov 21, 20233
Benja (bronxi)My First 2 Paid Bugs in the Wonderful World of Bug BountyIn May 2022, I ventured into the Bug Bounty Hunting universe. I already had basic pentesting knowledge, but as you all know, even though…Oct 14, 20234Oct 14, 20234
Benja (bronxi)How do I search for Web Cache Deception?One of the methods I use, which can vary depending on the target and scope size, begins with navigating the target web application and…Sep 10, 20233Sep 10, 20233
Benja (bronxi)My first two valid and rewarded Web Cache Deceptions, earning $2250In April, I became interested in understanding how vulnerabilities related to web cache worked: web cache deception and web cache…Jun 25, 20238Jun 25, 20238
Benja (bronxi)My summary of the White Paper “Web Cache Deception Attack” by Omer GilStatic files such as .css, .js, .txt, .png, .bmp, .gif, and others are considered public files and are stored in the public cache to serve…May 28, 20231May 28, 20231
Benja (bronxi)Hash como huella digitalMe juego a que han visto alguna película o serie policial en la que hay una cadena de custodia de evidencia. Es esa confianza que se le da…Mar 27, 2022Mar 27, 2022
Benja (bronxi)Blockchain, una base de datos diferenteUna base de datos -también conocida como DB (Data Base)- se define como el almacenamiento ordenado de datos. Las redes sociales y Apps que…Mar 11, 2022Mar 11, 2022