PinnedRachid.AWAF as a weapon and DOS as a bulletBlog migration, find my new article here: https://zhero-web-sec.github.io/research-and-things/waf-as-a-weapon-and-dos-as-a-bullet1 min read·May 30, 2024----
PinnedRachid.AinInfoSec Write-upsDOS via cache poisoningToday I’m going to talk about cache, denial of service, and a vulnerability I recently found in a very large company.8 min read·May 17, 2023--7--7
Rachid.AinInfoSec Write-upsA web cache deception chained to a CSRF, the recipeRecently, I received a bounty for a vulnerability discovered on an e-commerce site allowing the personal information — including the…6 min read·Oct 25, 2023--2--2
Rachid.AinInfoSec Write-upsXSS Intigriti challenge 0523Let me explain how did I overcome this XSS challenge set up by the bug bounty platform Intigriti. It may be a source of inspiration for…7 min read·May 29, 2023--1--1
Rachid.AinInfoSec Write-upsA successful prototype pollution chained to a DOM XSSI recently found a vulnerability that is a little less common and quite interesting in how it works.7 min read·Apr 10, 2023--3--3
Rachid.AinInfoSec Write-upsAn IDOR vulnerability often hides many othersSome errors are occasional, others result from poor design, in this case, finding a vulnerability allows you to find many others…6 min read·Jan 31, 2023--2--2
Rachid.AinInfoSec Write-upsCreating your own tools to hunt bugs, a power often neglectedCreating your own tools based on the needs encountered while hunting bugs is often a power that is overlooked…4 min read·Jan 20, 2023----
Rachid.AinInfoSec Write-upsHTML injection in an email templateSend emails on behalf of a company? Here’s how I found this vulnerability in several large companies allowing me to easily earn bounties.5 min read·Jan 8, 2023----