Alan Brian @soyelmagoHackeando GraphQL: IntroducciónGraphQL se ha convertido en una herramienta indispensable en el mundo del desarrollo Web. En esta publicación, exploraremos qué es GraphQL…Dec 24, 2023Dec 24, 2023
Alan Brian @soyelmagoBypassing a Creation Limit on Free Accounts: A Race Condition Vulnerability in a Bug Bounty ProgramThe following vulnerability was reported in a self-hosted bug bounty program. The program reported that it was a duplicate. I find it…Jan 24, 2023Jan 24, 2023
Alan Brian @soyelmagoNever Give Up, The Story Behind a Dupe To a TriagedThis is the story about how I get a dupe (within a 24hs!) and get another (valid) vulnerability with the same impact.Sep 6, 20201Sep 6, 20201
Alan Brian @soyelmagoVery cool XXE bug in a Web ServiceXXE offers a great attack avenue for reading files from a vulnerable Web Apps. I found an XXE bug in a SOAP Web Service during a pentest…Jan 13, 20201Jan 13, 20201
Alan Brian @soyelmagoAndroid: How to Bypass Root Check and Certificate Pinning (My first Android App Reversing)Recently i needed to pentest an Android application. When i installed the app in my device i read “This app can’t run in rooted devices”……Mar 31, 20191Mar 31, 20191
Alan Brian @soyelmagoBugBounty TIPS (continuously updated)Here you can find tips for BugBountysMar 18, 2019Mar 18, 2019