Lately, I have been thinking about automation. Funny, this isn’t something I have thought of in the past. I have just been trying to find some really good bugs, one by one. Saving the world one small to high CVSS score bug at a time. I don’t have much automation…

Hey, Well this is my first writeup and there might be ton of mistakes as i go along writing it out so please give me feedback so that i can work over it. So lets start! 0x01 JWT workflow Starting with JWT, it is a very lightweight specification This specification allows us to…

Hello Fellows, In this article, I will demonstrate a vulnerability idea that I have encountered multiple times lately during penetration tests and bug bounty, you can make use of it and include it in your methodology. Apparently, some organizations are separating their web and mobile applications, while the business and…

Hello guys! Today we are going to talk about a very well known flaw called IDOR, this is a very simple flaw to exploit and very dangerous. IDOR (Insecure Direct Object Reference) is a vulnerability that could allow unauthorized access to web pages or files. …

Google Dorking is a technique that hackers use to find information that may have been accidentally exposed to the internet. What is Google Dorking? Advanced use of Google Search Operator is called Google Dorking. In simple terms, it is using Google to run targeted search queries using specific keywords or commands. Basically narrowing down…

This article is all about pentesting JWT. You can practice all of these techniques on vulnerable target that I have designed(will publish shortly). I will try to make the article as easy as possible and will try to make you understand in very layman language. What is JWT: JWT is…

Hello guys👋👋 ,Prajit here from the BUG XS Team, it’s been a long time since my last story, sorry for the delay was held back in exams and viva😅. …

HEY! Amazing hackers, let’s talk about instant bounties, the low-hanging fruits. Google Dorking is very powerful and yet people do not like to generally use it in their workflow. Any experienced hunter will tell you that this is one of the quickest ways to know around a system. What is Google Dorking? Google Dorking…