Not only websites and companies get hacked, A real-life story

Photo by Ludovic Toinel on Unsplash


For some weird reason, I thought my neighbor was a secret service agent, CIA, or something similar. The way he move, talk and behave just gave me that feeling. One night after seeing him go to his garage and staying there for hours, I knew something strange was going on. I need evidence to back up my claims, and the only thing that came to my mind was to get into his home network.


I fired up my…

When not letting go, and fighting for your rights, payback..

Photo by Markus Spiske on Unsplash

The Death Eaters

If you are a Harry Potter fan, just like my girlfriend is, you already know who these people are. Some of you might know them by their most common name — triagers.

After a while of doing Bug Bounty, you will quickly learn to be careful when answering questions to triagers. In most cases finding a bug is not the hardest part, but getting…

Many websites have private S3 buckets holding secrets inside. We want them.

Photo by Christian Wiediger on Unsplash

What Is An Amazon S3 Bucket?

Is a public static cloud file storage resource available in Amazon Web Services’ (AWS) Simple Storage Service (S3), an object storage offering. S3 buckets, are similar to file folders, store objects, which consist of data and its descriptive metadata.

Amazon S3 uses the same scalable storage infrastructure that uses to run its global e-commerce network. It can be employed to store any type of object, which allow users storage for Internet applications, backup and recovery, disaster recovery, data archives, data lakes for analytics, and hybrid cloud storage.

The Weakest Link

Many web developers use this service to host files like JavaScript, HTML…

Exploiting smart TVs.

The Swiss Knife Phone

When hacking is not a job but a way of life or isn’t?!

Photo by Adrian Swancar on Unsplash

Personal Thought

Bug Bounty is one of the hardest things that exists today. Unlike many other jobs where you have to use your body and strength, this only requires your mind, which may sound like something good, but is not. Using only your mind doesn’t translate to easy. In fact, Bug Bounty is one of the hardest jobs out there right now. …

How to Get a Shell on a Website using a File [Tutorial]

Photo by Alexander Shatov on Unsplash

User-uploaded files can give hackers a potential entry-point into web apps, making their safe handling an extremely important task for administrators and the security team. If these files are not validated properly, a remote attacker could upload a malicious file on the web server and cause a serious breach. Malicious files uploads are the result of improper file validation. This leading to code execution. According to OWASP, unrestricted file upload vulnerabilities can allow two different types of attacks. …

Broken Access Control (BAC) > Server-Side Request Forgery (SSRF)

Photo by Justaf Abduh on Unsplash

What is SSRF?!

Server-Side Request Forgery (SSRF) is an exploit use to attack internal systems behind firewalls that are not accessible from external networks. SSRF is to access internally running services like SSH, Local-Host, FTP, and others. An SSRF scenario would be to force the server to make a connection to internal-only services within the organization’s infrastructure.


Testing TripAdvisor for vulnerabilities and bugs, I found that it was vulnerable to SSRF. I found this vulnerability using the Burp Suite feature Collaborator. What is Burp Collaborator? Burp Collaborator is a network service that Burp Suite uses to help discover many kinds of vulnerabilities.

This is something new and innovative, I know…

Photo by FLY:D 🔶Art Photographer on Unsplash

Intro Part 1:

Trying to log in to Quora using my browser, I realized I didn’t remember my password. I have this account logged in multiple places. One of those places is my phone. After successfully changing my password using the web app, I opened the android app to log back in using the new password(As it was supposed to work). Well, my account was still log in using the old password. For some reason, Quora never logged me out.

Steps To Reproduce:

  1. Log in to both the Android and Web App using the same account
  2. In the Web App, ask for a password reset link

Testing for Auth Flows I found one

Photo by NeONBRAND on Unsplash


If you had been following my cybersecurity articles, you already know that I don’t like to hunt on Facebook but every now and then their bugs just get in my way. This one, in particular, is one of those vulnerabilities.

What is OAuth?

OAuth is a commonly used authorization framework that enables websites and web applications to request limited access to a user’s account on another application, in this case, Facebook. Granting access without exposing login credentials to the requesting application. Users can decide the amount of data to share rather than giving full control of their accounts to a third-party application. Applications…

There is no need to pay to host or share your streaming.

Photo by Rachit Tank on Unsplash

any apps let us share content or visualize displays from abroad. The problems with these apps are many. Starting with security concerns since we never know who is on the other end and because they are not free.

I had never been a big fan of paying for apps. I make my own or find an alternative to whatever problem I have. I’m on the internet to make money, not to spend it. Many of you may use or know Mikogo, which is widely used, for this kind of task.

Programming Language

  • Python 3

Things You Can Do With This App

  • Host your remote computer display
  • Streaming video data…


Top Writer |CyberSecurity| Motorcycle Racer| Bug Hunter |#InfoSec #BugBounty #Gym #Programming #Coder

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store