PinnedsecureITmaniainentersoftsecurityWeird “Subdomain Take Over” pattern of Amazon S3Even though you have an idea on the subdomain takeover via AWS S3. In this write-up, I will show the non-typical way of S3 subdomain·5 min read·May 31, 2020----
secureITmaniaNever use the GET method for Sensitive Actions in Web App: Ft. CSRFThe Limitation of Cookie’s “SameSite: Lax” Security·3 min read·5 days ago----
secureITmaniaWhy Appropriate Content-Type Header Matters In REST API Security: Ft. JSON XSSLet's Explore the Content-Type Header Role in API Security ·3 min read·Oct 15, 2023----
secureITmaniaThe Art of Identifying X$$ & WAF Bypass Fuzzing TechniqueA smart way to hunt Cross-Site Scripting vulnerability·3 min read·Sep 30, 2023----
secureITmaniaLearn and Earn with the Most Common Unsecured Methods of OTP Bypass Techniques: Unpacking the…Discover the ultimate guide for bug bounty hunters to detect sneaky OTP validation vulnerabilities!·4 min read·Jul 11, 2023----
secureITmaniaThe Importance of Checking User-Agent Header Dependency in Penetration TestingNever ever give a chance to leave a bug to automated scanners.·3 min read·Jun 2, 2023----
secureITmaniaSecure docker instance with basic AuthenticationNginx reverse proxy with Basic Authentication·2 min read·Jul 1, 2022----
secureITmaniaNever leave this tip while you hunting Broken Access ControlA special Bug-Bounty tip for Bug hunters and Pen-testers·2 min read·Nov 12, 2021----
secureITmaniainentersoftsecurityDeploy a personal VPN in LinodeA better way to take control of your online privacy·4 min read·Jul 11, 2021----
secureITmaniainInfoSec Write-upsGenymotion+Xposed+InspeckageAndroid application dynamic analysis lab setup on windows·5 min read·Jul 3, 2021----