Posts

• October 26, 2022 CVE demystified
• September 21, 2022 One takeover to rule them all
• August 1, 2022 The underlying rules of bug bounty
•  
• April 4, 2020 How to keep hackers motivated in bug bounty
• January 30, 2020 5 things to avoid in bug bounty
• January 16, 2020 5 things to do before running your first bug bounty program
•  
• December 16, 2019 Bug bounty management, a bad example
• November 19, 2019 Bug bounty management, a great example: Zomato
• October 10, 2019 GitHub tools collection
• July 31, 2019 Cloudflare origin server
• July 13, 2019 Swag Store
• March 24, 2019 The Hunter Games
• March 1, 2019 How to write a Bug Bounty report
•  
• October 2, 2018 AWS takeover through SSRF in JavaScript
• September 10, 2018 Interview with a Bug Bounty program
• August 1, 2018 Colorize your hunt
• June 15, 2018 Cons of Bug Bounty
• May 17, 2018 Find vulnerabilities in Flash SWF
• April 21, 2018 Subdomain enumeration
• March 29, 2018 Why Bug Bounty
• February 11, 2018 The Bug Bounty program that changed my life
• February 3, 2018 Massive pwnage
•  
• November 20, 2017 Fail at CTF h1-212 - The Evil Job
• September 12, 2017 Wordpress testing
• August 1, 2017 Kick the bucket
• April 19, 2017 My way to go
•  
• October 12, 2016 Subdomain takeover - DNS expiration
• September 6, 2016 GitHub search
• April 15, 2016 Playing with S3 buckets
• January 28, 2016 An extremely buggy web app !
• January 18, 2016 Sqlmap
•  
• October 26, 2015 File transfer with ping
• October 18, 2015 Steganography
• October 8, 2015 Bug Bounty Programs
• September 17, 2015 Port forwarding and tunneling
• September 8, 2015 Offensive Security Certified Professional
• June 9, 2015 Document Metadata
• May 10, 2015 Secure your Wordpress
• May 9, 2015 SMB null session
• March 26, 2015 DVWA - CSRF
• March 13, 2015 DVWA - Insecure CAPTCHA
• March 13, 2015 Ping sweep
• March 5, 2015 Hacker Test 1-10
• March 2, 2015 Choose your password
• February 27, 2015 DNS enumeration with Host
• February 19, 2015 Weevely
• February 12, 2015 Vulnerability in Wordpress Video Gallery
• February 11, 2015 DVWA - File upload
• February 9, 2015 OWASP Top 10
• February 5, 2015 Introduction to pentesting
• January 28, 2015 MySQL Truncation
• January 23, 2015 DotDotPwn
• January 22, 2015 Exploit Exercices, Nebula – level03
• January 22, 2015 theHarvester
• January 20, 2015 DVWA - XSS reflected
• January 14, 2015 Browser extensions
• January 13, 2015 Exploit Exercices, Nebula - level00
• January 13, 2015 Exploit Exercices, Nebula - level01
• January 13, 2015 Exploit Exercices, Nebula - level02
• January 10, 2015 Null Byte Injection
•  
• December 22, 2014 Vulnerable by Design
• December 15, 2014 Vulnerability in HD FLV Player
• December 10, 2014 Damn Vulnerable Web Application
•  
• January 1, 1990 Resources
•  
• January 1, 1980 Pentest - Exploitation tools
• January 1, 1980 Pentest - Information gathering tools
• January 1, 1980 Pentest - Post exploitation tools
• January 1, 1980 Pentest - Vulnerability assessment tools
•  
• January 1, 1970 Vulnerabilities list
• January 1, 1970 Vulnerability - Clickjacking
• January 1, 1970 Vulnerability - Cross Origin Resource Sharing aka CORS
• January 1, 1970 Vulnerability - Cross Site Request Forgery aka CSRF
• January 1, 1970 Vulnerability - Cross Site Scripting aka XSS
• January 1, 1970 Vulnerability - Relative Path Overwrite aka RPO or PRSSI
• January 1, 1970 Vulnerability - SQL Injection aka SQLi
• January 1, 1970 Vulnerability - Subdomain takeover