Learing Red Team - Journey Beyond bug bounty and web hacking, I’m stepping into red teaming—offensive security, adversary simulation, and understanding how defenders think. This is the start of th...

When bug bounties get quiet, sometimes the best move is to step back and do some noob research—diving into 0-day and N-day territory, messing with tools we use every day, and seeing what breaks. T...

Hello, folks! I’m a bug hunter, and, well, I was bored… My HackerOne profile was looking kinda sad with no fresh bounties, so I thought, “Why not do some noob research and see what happens?” So he...

Hey there, fellow bughunters! 🐞 It’s time to dive into the bug-hunting journey of someone who’s been in your shoes—me! So grab a cup of coffee, sit back, and let’s embark on this thrilling adventur...

Hey everyone! Gather around, because I’ve got an exciting tale from my latest bug bounty adventure. It’s a story of discovery, persistence, and a bit of clever trickery as I stumbled upon a boolean...

Hey hunters, hope you’re all doing well. Today I want to share my story about how I discovered a Stored XSS vulnerability that allowed full account takeover (ATO) on a Web3 website. The Beginnin...

Exposing Broken Access Control in Salesforce: How Public Aura Endpoints Leaked Sensitive Data How I Discovered a Broken Access Control Vulnerability that Leaked Sensitive Data Hello Folks Whil...

Hey everyone! So, let me take you on a little journey of discovery. It all started with a curious mind and a knack for uncovering the unseen. During one of my recent bug hunts, I stumbled upon a v...

Open Redirect To Account TakeOver Today, I’m thrilled to share my adventure of discovering a critical flaw in the MyTrainPal website—an open redirect vulnerability that could potentially lead to a...