Bug Bounty Tips on Medium

How Secure Password Hashing Can Take Down Your Server

byte&borrow — Tue, 05 May 2026 19:15:54 GMT

Your login endpoint might be the most expensive API you run, and you probably don’t treat it that way.

Saurabh Jain — Tue, 05 May 2026 09:17:36 GMT

Exploiting temporary credentials giving access to AWS

Gourav(spidergk) — Mon, 04 May 2026 18:26:59 GMT

The complete Field Guide — 2025 | 2026 Edition

Parth Narula — Mon, 04 May 2026 17:42:05 GMT

Hey Hackers, I am Parth Narula. A penetration tester, bug hunter, red teamer and overall a security researcher. I live for those moments…

c0dejump — Mon, 04 May 2026 07:35:39 GMT

Exploring how response format switching leads to CPDoS

elcezeri — Sun, 03 May 2026 16:47:45 GMT

1. Entry Point: Phone Verification (KYC) Bypass

Tanvi Chauhan — Sun, 03 May 2026 16:41:01 GMT

If you’ve ever booked a “non-refundable” hotel room, you know that feeling of dread when your plans change. You’re locked in. The money is…

0xoroot — Sun, 03 May 2026 11:01:27 GMT

Introduction

Mohamed Adel — Sun, 03 May 2026 09:14:45 GMT

It was 2:00 AM, and my terminal was a blur of scrolling green text. I was deep into a private bug bounty program for a massive corporate…

SilentExploit — Sat, 02 May 2026 18:54:51 GMT

As part of my OSCP preparation series; I will be covering walk throughs for all the boxes on the TJ null list. Today we are looking at…