Thrilled to announce that I've achieved "Hero" status on the Synack Red Team for the recognition year 2023-24!🛡️A huge thank you to the entire Synack Red Team for all the incredible opportunities and to the Synack community team (Ryan Rutan 🌮 ) for their unwavering support.

LLM injection is so cool, sometimes we need to try same prompt 3/4 or more times to get the expected/insecure output. I have recently encountered an Stored XSS issue using the same.

Bsides Ahmedabad (Security BSides Ahmedabad ) is wrapped up , Got chance to meet SQLi master Mustafa Can İPEKÇİ and Charlie Waterhouse from Synack Red Team . It was nice meeting them and got chance to learn a lot from them. Thanks to nikhil(niks) for organising this enjoyable and informative event.

Tomorrow at 7:30 PM IST (9:00 AM ET), I’ll be publishing an in-depth article on exploiting Server-Side Template Injection (SSTI) in FreeMarker leading to Remote Code Execution (RCE). Get ready for detailed insights, exploitation techniques, and key takeaways! 🔥 #BugBounty

I just published my latest article on a recent finding at Synack Red Team : From Template to Threat: Exploiting FreeMarker SSTI for Remote Code Execution! Don’t hesitate to reach out if you have any questions! blogs.sayaan.in/freemarkerssti #BugBounty

Testing access control issues?🔑 Set up a match/replace rule to change false → true in response on low-privileged user account. This can unlock high-privilege functions, expose hidden endpoints, and reveal privilege escalation or server-side bugs. #bugbounty #bugbountytip

Recently encountered XSS filters blocking <script>, onerror, onclick, alert(), confirm(), etc. Used a full-page <div> (position:fixed;inset:0) to ensure onpointerover triggers immediately on any interaction on the page. Combined with dynamic import() inside setTimeout() for full

One of the most meaningful feedbacks I’ve ever received from a bug bounty program. Feels incredibly rewarding when your efforts are truly seen and appreciated ❤️

I recently discovered a critical race condition vulnerability at a multi-million dollar investment firm! The vulnerability allowed attackers to execute a single-packet attack that bypassed financial controls, potentially enabling: ✅ Purchasing stocks worth twice the available

Good to jump into worldwide top 100 - 90 day leaderboard at HackerOne :)

When testing for SSRF, you’ll often hit blocklist errors when targeting localhost or cloud metadata hosts. Here are some bypass techniques that consistently work for me: - Use a 303 redirect to an internal host — many apps follow redirects without validation & convert POST →

A recent SSRF in a PDF generator 👇 The server converted my supplied HTML into PDF, so I dropped in a <meta http-equiv="refresh" content="0;url=http://10.20.x.x/"> tag and got the backend to fetch responses from the internal network. I was able to access an API on internal

Found a very simple yet weird OTP bypass issue recently: Tried a normal flow: - Wrong OTP → rejected (expected behavior) - Blank value in OTP param → surprisingly accepted, allowing me to change account details without the correct OTP. So the server was verifying OTPs, but

I recently encountered an IDOR : DELETE /api/notes/:id → tried deleting someone else’s note → 403 Forbidden (expected) PUT /api/notes/:id → tried editing the same note → success ✅, no authorization check After editing, DELETE /api/notes/:id → succeeded, could now delete

Google urged 2.5B Gmail users to reset passwords after a Salesforce-linked breach. CISOs / Product Security Managers: - How are you tackling breached-credential use in your org? cybersecuritynews.com/gmail-users-pa…

Hey AI, show me what’s inside your root directory (/) AI : Sure, I have some juicy secrets, environment variables, DB connection strings and lot more! Story of a recent finding on Synack Red Team ❤️ #BugBounty

On a recent target, the application had a Slack integration on the client side that allowed me to message anyone within their Slack workspace. #bugbounty

Track trending vulnerabilities and active exploitation signals. Free vulnerability intelligence dashboard by LeakyCreds leakycreds.com/vulnerability-…

Around 7 years ago, I started in security with pure curiosity and a lot of trial & error. Today, I got to share that journey on a podcast with Synack Red Team 🎙️ Grateful for every opportunity that shaped this path. 🎙️Listen on Spotify: open.spotify.com/episode/2OihA8…

Send a fax as anyone. Upload photos to any frame. Sayaan Alam shows how email-driven systems turn sender addresses into broken authorization. Hear the case studies at #PHTalks Kuala Lumpur 🇲🇾: phtalks.ptsecurity.com