Overview Hello everyone! Welcome back to another bug bounty writeup. Today, I’ll be discussing an often-overlooked but impactful issue involving HTTP caching layers. I recently found an Unauthenti...

Overview Hello everyone! In this writeup, I want to share a recent finding from a bug bounty program on Bugcrowd that was triaged as a P3. While performing perimeter recon on a target’s infrastru...

Overview This is a writeup for a P4 vulnerability I discovered and submitted on Bugcrowd. The vulnerability involves a hardcoded API key exposed in the frontend, which granted unauthorized access ...

This methodology was built out of need to automate and properly sequence the many tools required for bug bounty hunting and penetration testing. Subdomain Enumeration findomain -t $target --quiet...

Intruduction Hello guys, welcome back to my blog. Today’s, we will discover the Dog challenge on HackTheBox. This challenge that focuses on penetration testing skills. This challenge include skill...

Introduction Cypher on HackTheBox is an important aspect of the cybersecurity CTF challenges. It is a CTF on linux that involves enumeration, google dorking, decomplier java file, command injectio...

Introdution As is common in Windows pentests, you will start the Certified box with credentials for the following account: Username: judith.mader Password: judith09 Enumeration ┌──(trit㉿chimp)-[...

Enumeration As is common in real life Windows pentests, you will start the Vintage box with credentials for the following account: P.Rosa / Rosaisbest123 Scan With Nmap ┌──(trit㉿chimp)-[~/HackT...

Enumeration EscapeTwo is a machine that aggregates skills about enmeration, active airectory enumeration, active directory exploitation,… ┌──(trit㉿chimp)-[~/HackTheBox/Administrator] └─$ echo "10...

Enumeration Titanic is a machine that aggregates skills about enmeration, exploitfile traversal vulnerability, crack password,… ┌──(trit㉿chimp)-[~/HackTheBox/Administrator] └─$ echo "10.10.11.55 ...