Hello people, it’s me again. In most cases, with automated tools, you can possibly find low level security bugs i.e most likely Blind XSS, Directory Bruteforcing using both wordlists and using ffuf tool, subdomain gathering, information disclosure, etc. …

Ladies and Gentlemen, let’s do some API hacking today. I will discuss some of the top 10 API bugs and where one can find them. API: API stands for Application Programming Interface. It provides a computer friendly method of interacting with a data source or backend logic. 1. API1: 2019…

Hello lads, it’s me again. Let’s discuss different techniques about bypassing 2FA. 1. 2FA Code Leakage in Response: At 2FA Code Triggering request, such as Send OTP functionality, capture the request. 2. See the response of this request and analyze if the 2FA Code is leaked. 2. JS File Analysis: …

Hello again, today let’s discuss about accessing ransomware sites using TOR browser. Every now and then, you would be seeing articles and news about new ransomware attacks and if you are active in twitter, many of them will be posting pics about the news feed of what the hackers posted…

Hello people, it’s me again. I apologize for being late about the second part. I had some examinations going on and have been busy for the past 3 days. So, here I am and let’s dive right in… I see, we covered up to Session Management in the previous article…

Hey, it’s me again back with another checklist. I saw various articles and tools specifically designed to exploit one vulnerability. It may be nuclei, ZAP or any other automated tools. But I noticed everyone was using these tools without having any predefined method set when testing for web application vulnerabilities. …

Hello guys and gals, it’s me again back with another article about horizontal enumeration. While performing a security assessment our main goal is to map out all the domains owned by a single entity. This means knowing all the assets facing the internet of a particular organization. It is a…

So, I have seen various articles about subdomain enumeration and decided to make one in detail without confusing everyone with various tools. Without any further ado, let’s jump right in. Prerequisites: What things do we need before performing a great enumeration? API keys of Passive DNS source 100% accurate open public DNS resolvers A VPS (Virtual Private Server) 1. API keys for Passive DNS data 🔑

Hello guys, it’s me again. I know malware analysis might be boring because of debugging and code analysis especially for the people who are just getting started. So, I decided to change the topics specifically to bug bounty and pentesting. Today, I will be discussing about the methodology one…