PinnedPublished inentersoftsecurityWeird “Subdomain Take Over” pattern of Amazon S3Even though you have an idea on the subdomain takeover via AWS S3. In this write-up, I will show the non-typical way of S3 subdomainMay 31, 2020May 31, 2020
S3 bucket enumeration simplified.A web-based tool to scan the S3 bucket misconfiguration.May 291May 291
Never use the GET method for Sensitive Actions in Web App: Ft. CSRFThe Limitation of Cookie’s “SameSite: Lax” SecurityApr 28Apr 28
Why Appropriate Content-Type Header Matters In REST API Security: Ft. JSON XSSLet's Explore the Content-Type Header Role in API Security Oct 15, 2023Oct 15, 2023
The Art of Identifying X$$ & WAF Bypass Fuzzing TechniqueA smart way to hunt Cross-Site Scripting vulnerabilitySep 30, 2023Sep 30, 2023
Learn and Earn with the Most Common Unsecured Methods of OTP Bypass Techniques: Unpacking the…Discover the ultimate guide for bug bounty hunters to detect sneaky OTP validation vulnerabilities!Jul 11, 2023Jul 11, 2023
The Importance of Checking User-Agent Header Dependency in Penetration TestingNever ever give a chance to leave a bug to automated scanners.Jun 2, 2023Jun 2, 2023
Secure docker instance with basic AuthenticationNginx reverse proxy with Basic AuthenticationJul 1, 2022Jul 1, 2022
Never leave this tip while you hunting Broken Access ControlA special Bug-Bounty tip for Bug hunters and Pen-testersNov 12, 2021Nov 12, 2021
Published inentersoftsecurityDeploy a personal VPN in LinodeA better way to take control of your online privacyJul 11, 2021Jul 11, 2021
