Personal Website: | bug bounty hunter | Python developer

[Friend Link] Obtaining any user’s Backup data via Mishandled token in Backup endpoint

Image for post
Image for post

Friend Link for those without a Medium Paid subscription:

Hi y'all guys, I haven’t been writing for a long time as I focused more on bounties. Wanted to share with you one of the many bugs I found on one public program in H1. However, they don’t have public disclosure so I’ll redact the target.

Also, this gives an important takeaway, which we’ll see later.

So, approaching the target. Every time I logged in to the app, a call was made to a backup endpoint. Returning a user’s backup data. No cookies were used, only a token in the…

These code snippets will breathe life into your static website

Flare lit up in the dark
Flare lit up in the dark

Over the last few weeks, I’ve been working on my new website. I wanted to give it a touch of dynamism. After giving it some thought, I decided to use CSS and JS — and I’m pretty satisfied with the final results.

This article isn’t about building or designing a webpage. Today, I’ll show you some code snippets (with explanations) to breathe life into the website you’re building right now.

1. 3D Animation in JS

The first trick is a wonderful three-dimensional effect in JS.

So it can for you

Image for post
Image for post

Hi everyone, I’ve not been writing on Medium for a while(busy months here), however today I wanted to share with you how Response manipulation got me a Low severity bug, going hand in hand with a quickly earned bounty. When targeting a Website/Web App(or Both :D), you usually spend a while on it and search mainly for medium/high severity bugs(sometimes also critical ones). However, there are some “easy” Bugs out there which can sometimes get you from 50$ to 200$.

Seems good enough to continue reading?

Response Manipulation

When talking about response manipulation we are talking about a technique that is used…

This tool from TomNomNom will drastically improve your Dorking Efficiency

Image for post
Image for post

Hello guys, in my previous write-up I talked about how I was able to bypass CSRF protection on a web app using session fixation, today I will bring you a more “theoric” article, how to boost up your Dorking productivity using webpaste tool from TomNomNom.

Dorking is wonderful, it is plenty of bugs you can find by using Dorking out there. What is there is a tool that can take this to the next level? It has nothing to do with automated tools, it is just your Dorking experience and knowledge mixed with productivity. …

CSRF token is not always enough

Image for post
Image for post

Hello Guys,

I hope you are doing well these times. I decided to write some interesting bug bounty write-ups to help newbies find their first bug.

Today I would like to talk about a Bug I found in a private bug bounty program. It consists of bypassing the entire csrf protection system of the company’s Web app.

As it is a private bug bounty program, let’s assume that our target is

Now, when editing my account’s settings, I always look for CSRF. When saving my account’s settings, I get a request like this:

POST /User/Edit?status=success HTTP/1.1 Host: User-Agent…

How to perform a python-based Trojan Horse Attack

Image for post
Image for post

For the ones who didn’t know yet, a Trojan Horse Attack consists of embedding en exploit in an innocent-looking Application, or even in a document. As you might have guessed today we will embed a backdoor into a Kivy-made GUI. This attack is quite simple, the only thing you need to know is just some python and networking basics. Let us get started!

The Trojan

How to build?

The Backdoor

Among the many things we can embed in a Trojan Horse, I choose to embed a Backdoor. We will be using the one I talked about in this article:

Basically, you can embed everything…

How to use and set up Vim for productive development

Image for post
Image for post

Vim is a highly configurable text editor built that makes creating and editing any kind of text more efficient. I don’t have enough space here to describe all the advantages and features of Vim, but the main reason I use this editor is that you can hack it to do anything you want: use common configurations, create custom commands, custom configs, etc.

Perhaps you’ve heard that Vim is difficult to use and configure — well, it’s true. That’s why today I’m going to show you how I set up Vim for Python programming. I have built the perfect Python development…

Sharpen your Machine Learning skills by starting one of these Projects

Image for post
Image for post

Are you bored? Want to build something interesting using ML? Well, here there are some Machine Learning fun and exciting project ideas that you can start to build right now.

Completing one of these projects will surely help you improve your practical skills in Machine Learning. In fact, I hope you make all these projects. Although they may seem trivial to some of you, learning to do things multiple times is another essential skill of a Senior Data Scientist. I also still have a lot to learn!

1. Sentiment Analysis System

Image for post
Image for post

How to hunt down Social Media accounts from usernames using Sherlock

Today, we will Hunt Down Social Media Accounts across social networks by using a great tool: Sherlock. This tool allows us to search for Social Media accounts by their usernames.

The first thing we’ll do is installing Sherlock, then we are going to learn how to use it. Finally, we’ll discover on what Social Media platforms Sherlock operates. Let’s get started!


Sherlock is a tool made in Python, so if you don’t have Python3 installed Sherlock won’t work. To install python3 you can follow this guide.

After having installed Python3, we’re ready to install Sherlock from Github:

git clone

Introduction to Text-To-Speech(TTS) in Python to perform useful tasks

Image for post
Image for post

Text to speech (TTS) is the use of software to create an audio output in the form of a spoken voice. The program that is used by programs to change the text on the page to an audio output of the spoken voice is normally a text to speech engine. TTS engines are needed for an audio output of machine translation results.

TTS Softwares are widely used by important companies such as Google, Apple, Microsoft, Amazon, and others. Google developed the Google Assistant, Apple developed Siri, Microsoft developed Cortana, and Amazon developed Alexa. …

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store