New blog post: BigQuery SQL Injection Cheat Sheet with Anil Yuksel link.medium.com/ziAChPpCDnb

Introducing nrich: a tool to quickly find the open ports and vulnerabilities for a list of IPs - gitlab.com/shodan-public/…

My Path Traversal writeup got republished on Synack's blog. More blogs coming soon. Check it out at: synack.com/blog/path-trav…

On recent engagements to the on program on Synack Red Team, I find out that target had error based SQL injection on LIMIT clause, it appears that DBMS was MariaDB 10.4.13 so it was limiting options to be used on the injection. #bugbountytips #bugbounty 1/5

Exploiting DOM Based XSS via Misconfigured postMessage() Function medium.com/@armaanpathan/…

Check out my vulnerability write up about critical bugs in Apple infrastructure worth 36,000 in bounties. medium.com/@StealthyBugs/… #BugBounty #exploit #infosec #whitehat #bugbountytips #ethicalhacking

Blogged about a fun SSRF I found last month on Synack Red Team #bugbounty #bugbountytips infosecwriteups.com/svg-ssrfs-and-…

Got my full collection of coins today. Thank you Synack for this amazing gift.

6 Free Labs to master XXE attack 🧵

Bypassing WAF to Weaponize a Stored XSS infosecwriteups.com/bypassing-waf-…

I hacked a gaming company this year. Here's how I did it:

Thank you Synack and Synack Red Team for the amazing gifts #swag #redteam

Got my first ever XXE accepted on Synack Red Team. Here's a writeup on how I did it: kuldeep.io/posts/second-o…

I earned $2,500 for my submission on @bugcrowd bugcrowd.com/l0cpd #ItTakesACrowd SQL to RCE Thanks for the post below that gave me the idea. infosecwriteups.com/how-i-escalate…

I just published a blog post for the people that want to get into bug bounties. I hope it helps people that are thinking about doing bug bounties, but haven't started yet. It explains what to expect and how to deal with common problems / situations: shubs.io/so-you-want-to…

New blog post on a recent collab with Usman Mansha where I bypassed Akamai WAF to get RCE on a Java application with Spring EL injection. Spent some time writing about the process of constructing the custom payload. Hope you enjoy! h1pmnh.github.io/post/writeup_s…

Au pays des rêves. #HappyNewYear2023

Thanks a lot Synack Synack Red Team for sending this amazing jacket 🔥🔥🔥 #synack #redteam #BugBounty

Happy New Year everyone! I hope the past year was wonderful for you and this one will be even more amazing. #Welcome2024