Learing Red Team - Journey are supported natively.

Burpsuite Pwn

Hello, folks! I’m a bug hunter, and, well, I was bored… [Detailed post about malicious extensions, code for system commands and reverse shells]. [Full explanation of security risks and Burp r...

Hey there, fellow bughunters! 🐞 It’s time to dive into the bug-hunting journey… [Chapter 1-7 detail from July 2023 beginnings to first $2k bounty in September 2024].

I stumbled upon a boolean-based blind SQL injection vulnerability on https://portal.sddc.army.mil/… [Details on discovery via User-Agent header and SQLMap usage].

I stumble upon something extraordinary… A vulnerability so subtle yet powerful, it could redirect unsuspecting users to malicious websites… [Details of MyTrainPal redirect and cookie theft via next...

Exposing Broken Access Control in Salesforce: How Public Aura Endpoints Leaked Sensitive Data How I Discovered a Broken Access Control Vulnerability that Leaked Sensitive Data Hello Folks Whil...

I uncovered a significant misconfiguration that allowed unauthenticated access to internal Salesforce data through publicly exposed Aura endpoints… [Technical breakdown of Aura framework and Python...

Open Redirect To Account TakeOver Today, I’m thrilled to share my adventure of discovering a critical flaw in the MyTrainPal website—an open redirect vulnerability that could potentially lead to a...