- 🧑 Whoami
- 🕸️ Web-AppSec
- Features Abuse
- Reconnaissance
- Subdomain Enumeration
- Fingerprinting
- Dorking
- XSS-HTML Injection
- Improper Authentication
- OAUTH Misconfigurations
- Broken Access Control
- Broken Link Injection
- Command Injection
- CORS
- CRLF
- CSRF
- Host Header Attacks
- HTTP request smuggling
- JSON Request Testing
- LFI
- No Rate Limit
- Parameters Manual Testing
- Open Redirect
- Registration & Takeover Bugs
- Remote Code Execution (RCE)
- Session Fixation
- SQL Injection
- SSRF
- SSTI
- Subdomain Takeover
- Web Caching Vulnerabilities
- WebSockets
- XXE
- Cookie Based Attacks
- CMS
- XSSI (Cross Site Script Inclusion)
- NoSQL injection
- Local VS Remote Session Fixation
- JavaScript Analysis
- Protection
- Hacking IIS Applications
- Dependency Confusion
- Attacking Secondary Context
- Hacking Web Sockets
- IDN Homograph Attack
- DNS Rebinding Attack
- LLM Hacking Checklist
- Bypass URL Filtration
- Cross-Site Path Traversal (CSPT)
- PostMessage Security
- Prototype Pollution
- Tools-Extensions-Bookmarks
- WAF Bypassing Techniques
- SSL/TLS Certificate Lifecycle
- Serialization in .NET
- ✉️ API-Sec
- 📱 Android-AppSec
- APK Pentesting Checklist
- Hacking InsecureBankv2 App
- Android App Fundamentals
- How To Get APK file for application
- ADB Commands
- APK structure
- Android Permissions
- Exported Activity Hacking
- BroadcastReceiver Hacking
- Content Provider Hacking
- Signing the APK
- Reverse Engineering APK
- Deep Links Hacking
- SMALI
- 📶 Network-Sec
- 💻 Desktop AppSec
- ☁️ Cloud Sec
- 👨💻 Programming
- 🖥️ Operating Systems
- ✍️ Write-Ups
- Hunting Methodology
- API BAC leads to PII Data Disclosure
- Misconfigured OATUH leads to Pre-Account Takeover
- Automating Bug Bounty with GitHub Actions
- From Recon to Reward: My Bug Bounty Methodology when Hunting on Public Bug Bounty Programs
- Exploring Subdomains: From Enumeration to Takeover Victory
- 0-Click Account Takeover via Insecure Password Reset Feature
- How a Simple Click Can Lead to Account Takeover: An OAuth Insecure Implementation Vulnerability
- The Power Of IDOR even if it is unpredictable IDs
- Unlocking the Weak Spot: Exploiting Insecure Password Reset Tokens
- AI Under Siege: Discovering and Exploiting Vulnerabilities
- Inside the Classroom: How We Hacked Our Way Past Authorization on a Leading EdTech Platform
- How We Secured Our Client’s Platform Against Interaction-Free Account Thefts
- Unchecked Privileges: The Hidden Risk of Role Escalation in Collaborative Platforms
- Decoding Server Behavior: The Key to Mass Account Takeover
- Exploiting JSON-Based CSRF: The Hidden Threat in Profile Management