Benja (bronxi)😎 Chaining bugs for Account TakeoverI’m going to share with you my second account takeover for which I was rewarded in the wonderful world of bug bounty hunting. I want to…5 min read·1 day ago--2--2
Benja (bronxi)FB OAuth Misconfigurations to Account Takeover 😎Today I’m going to share my experience through a bug, my first account takeover in bug bounty through authentication via Facebook. It was…7 min read·Apr 5, 2024--2--2
Benja (bronxi)My First IDOR - Hiding in the Header RequestIn the midst of a busy schedule, the little time I dedicate to bug hunting brings immense joy, especially when I stumble upon something…2 min read·Nov 21, 2023--3--3
Benja (bronxi)My First 2 Paid Bugs in the Wonderful World of Bug BountyIn May 2022, I ventured into the Bug Bounty Hunting universe. I already had basic pentesting knowledge, but as you all know, even though…6 min read·Oct 14, 2023--4--4
Benja (bronxi)How do I search for Web Cache Deception?One of the methods I use, which can vary depending on the target and scope size, begins with navigating the target web application and…4 min read·Sep 10, 2023--2--2
Benja (bronxi)My first two valid and rewarded Web Cache Deceptions, earning $2250In April, I became interested in understanding how vulnerabilities related to web cache worked: web cache deception and web cache…2 min read·Jun 25, 2023--8--8
Benja (bronxi)My summary of the White Paper “Web Cache Deception Attack” by Omer GilStatic files such as .css, .js, .txt, .png, .bmp, .gif, and others are considered public files and are stored in the public cache to serve…5 min read·May 28, 2023--1--1
Benja (bronxi)Hash como huella digitalMe juego a que han visto alguna película o serie policial en la que hay una cadena de custodia de evidencia. Es esa confianza que se le da…3 min read·Mar 27, 2022----
Benja (bronxi)Blockchain, una base de datos diferenteUna base de datos -también conocida como DB (Data Base)- se define como el almacenamiento ordenado de datos. Las redes sociales y Apps que…3 min read·Mar 11, 2022----