Discover the ultimate guide for bug bounty hunters to detect sneaky OTP validation vulnerabilities! — Introduction: As the digital world expands, so does the importance of cybersecurity. One Time Passwords (OTP) have become increasingly popular in the realm of authentication. They are known for providing an extra layer of security, making it difficult for hackers to gain unauthorized access. However, if not properly implemented, OTP validation…

Never ever give a chance to leave a bug to automated scanners. — Introduction: In the world of penetration testing, it is crucial to employ the right tools and methodologies to uncover vulnerabilities in a system. However, blindly relying on security tools without considering certain factors can lead to false positive results, wasting valuable time and resources. One such factor that requires careful analysis…

Nginx reverse proxy with Basic Authentication — Introduction: Recently, I faced a challenge to deploy a docker web application with basic authentication. Instead of modifying the docker web application, I deployed the docker instance behind the Nginx reverse proxy with Basic Auth. …

A special Bug-Bounty tip for Bug hunters and Pen-testers — If you already know about Broken Access Control weakness. Please skip explanation and go to the “Observation” section. What is Broken Access Control Broken Access Control is a type of weakness in the software program or application. …

A better way to take control of your online privacy — Internet Privacy Day to day the technology is growing rapidly. In this technological world, we are becoming the products of giant companies. We are monitored by these giant companies while we are surfing the internet. Using our search content stats on multiple platforms and combined them with ML technology they are influencing…

Android application dynamic analysis lab setup on windows — To perform the android application penetration testing we need a rooted android device. But it is not always safe to root our personal devices. So, I came with a solution and you to analyze the android application without an actual device. …

A weird approach to escalate the Server-Side Request Forgery — Thanks for huge response to my previous write-ups. Recently I have participated in a private program and I found an OS command injection. In this write-up, want share my experience, approach and the challenge I faced during the exploitation. What is SSRF: SSRF stands for Server-Side Request Forgery. SSRF is a kind of…

A new era in Android Reverse Engineering part-2 — In my previous write-up I explain the React Native reverse engineering technique. Again I have found a bug in Xamarin based application that was found by a different approach instead of old reverse engineering methodology. Introduction: Xamarin is a free and open source mobile app platform for building native and high-performance…

A new era in Android Reverse Engineering part-1 — Thanks for the huge response to my previous write-up. Recently I have found a bug regards to hard-coded credentials issue that was found by a different approach instead of old reverse engineering methodology. Introduction: React Native is a mobile application framework that is most commonly used to develop applications for Android…