Exploiting an SSRF: Trials and Tribulations

I mostly wanted to share this post not because it’s a novel and unique attack, but…

The Wondeful World of OAuth: Bug Bounty Edition

If you’ve ever been on a website, you’ve probably come across OAuth at some point or another, even if you’ve never heard of it. Have you seen a “Sign in with Google” button? If so, you’ve come across OAuth! This article will discuss briefly what…

Bug Hunting Methodology from an Average Bug Hunter

Some of the most common questions out there in the industry are “what is your methodology?” or “how do you look for bugs”? This post will be an attempt to answer that from the point of view of an average and continuously learning bug hunter…

The Bugs Are Out There, Hiding in Plain Sight

It’s no secret, bug bounty is not an easy field to jump into and be successful. The top hunters likely have years of experience in not only bug hunting, but technology & security in general. The reality is that targets that have bug bounty programs…

From Reflected XSS to Account Takeover — Showing XSS Impact

I started bug hunting a little over 2 months ago, and this is my first bug writeup, enjoy!