PinnedHacking the Giant: XSS on GoogleHello everyone, today I will share how I’ve found bug in Google. I mainly do WebApp & Cloud vulnerability research (more focused on cloud)…Mar 275Mar 275
A Thrilling Dive into Cloud Penetration TestingHello everyone, Today I am back with Cloud Penetration learning resources which I have followed to learn. By following which you can also…May 7May 7
Become a Bug Bounty hunter: Unveiling the Secrets to Success!This guide from me is for beginners and also those who are already struggling in bug hunting. Follow this roadmap of mine and you will get…May 25May 25
Unveiling Strategies to Identify Potentially Sensitive Data Stored by iOS ApplicationsOverviewApr 27Apr 27
Exploring IAM for Effective GCP Pentesting (comprehensive guide)To Conduct through a GCP pentest comprehensive understanding of identity and access management (IAM) is crucial. So, let’s begin delving…Apr 21Apr 21
Unveiling all techniques to find IDOR’S in web applicationsHere I explain in depth where a pentester and bug hunter can find bugs: Indetifying IDOR’S in URL Parameters & APIs , IDOR Enumeration …Mar 28Mar 28
Attacking XSLT in Web ApplicationsExtensible Stylesheet Language Transformations (XSLT) is an XML-based language usually used when transforming XML documents into HTML…Mar 23Mar 23
SSTI Exploitation Part III In Web Applications (with exploitation example)Once again, our focus will be on identifying if the application is vulnerable to Server-Side Template Injection.Mar 231Mar 231
SSTI Exploitation Part II In Web Applications (with exploitation example)we are tasked with pentesting yet another internet-facing application. Our focus will be on identifying if the application is vulnerable to…Mar 23Mar 23
SSTI Injections Identification During Pentesting Web Applications (with exploitation example)Let’s understand what is Template Engines First?Mar 23Mar 23