PinnedPublished inInfoSec Write-upsI reproduced a $10,000 bug🎭 “I wasn’t an admin… until I became one with just a JSON object.”Jun 8A response icon2Jun 8A response icon2
PinnedPublished inInfoSec Write-ups⏱️ There were no visible errors, no hints… only the server’s hesitation told me the truth.It didn’t scream. It whispered… and I heard it.Apr 26A response icon1Apr 26A response icon1
PinnedPublished inInfoSec Write-ups🔍 How I discovered a hidden user thanks to server responses ?My first real step into web hacking and it wasn’t what i thought it would be.Apr 16Apr 16
Published inInfoSec Write-ups🧨 OS Command Injection — When Your Server Obeys My Commands Like a SoldierYou were just thinking “ping”? I was already thinking “root access.”Jun 28Jun 28
Published inInfoSec Write-ups🎯 WebSocket Attacks — The protocol that dances under your security radar (POC inside)A channel built for speed, hijacked in silenceJun 24A response icon1Jun 24A response icon1
Published inInfoSec Write-ups💥 Web Cache Deception — The Vulnerability Even Developers Don’t See ComingExploiting path mapping for web cache deception — a subtle yet powerful technique.Jun 13Jun 13
Published inInfoSec Write-ups🔐 Cookie Attributes — More Than Just Name & ValueUnderstanding the Security & Scope Behind Every CookieJun 5Jun 5
Published inInfoSec Write-upsDemystifying Cookies 🍪: The Complete Guide for Bug Bounty Hunters — Part 1Everything you need to know about cookies to expand your attack surface and find real bugs.May 27May 27
Published inInfoSec Write-ups🔓 “Before injection, understanding” — What every hacker needs to master before exploiting a NoSQL…Behind every exploit, there’s knowledge. Here’s what to know before injecting.May 19May 19
Published inInfoSec Write-ups🔐 How I bypassed an IP block… without changing my IP?Good protection doesn’t just block — it anticipates. But what if you learn to play by its rules… and win anyway?May 1A response icon1May 1A response icon1
