Two Years of Bug Bounty Hunting
Two years ago this month, I created my first bug bounty account on Bugcrowd. I decided to try my hand at bug bounty hunting for a number of months. As outlin...
Two years ago this month, I created my first bug bounty account on Bugcrowd. I decided to try my hand at bug bounty hunting for a number of months. As outlin...
As it has been some time since my last blog post, I decided I would set aside some time to write one now. The topic of this blog post is inspired by a bug I ...
I am proud to have completed Offensive Security’s Evasion Techniques and Breaching Defenses (PEN-300) course. After successfully passing the 48-hour exam, I ...
Today marks a huge personal milestone in my bug bounty hunting career. I have achieved an all-time ranking of top 100 on Bugcrowd. This accomplishment comes ...
OpenSIS v7.3 is vulnerable to unauthenticated SQL injection via the ‘username’ field, this allows for remote database compromise as well as authentication by...
On April 1st 2019, I decided to try my hand at bug bounty hunting. What started initially as a short experiment quickly evolved into a daily obsession and a ...
This last week I took and passed the Certified Red Team Professional exam. Certified Red Team Professional (CRTP) is the introductory level Active Directory ...
This post a brief description of the discovery and development of CVE-2020-10557.
I figure it is about time for another blog post, as it has been just over one month since my last one. However, I am feeling a little lazy so in this entry I...
Dairy Farm Management System is vulnerable to SQLi and XSS. This post will be a brief write up about discovery and exploitation of CVE-2020-5307 & CVE-20...
This post is a brief review of Tib3rius’ Linux Privilege Escalation course, available on Udemy.
Recently x00pwn, a few others from the InfoSec-Prep Discord server, and myself have been participating in a challenge we dubbed “The 12 Days of CVE-mas.” The...
I have successfully taken eLearnSecurity’s Web Application Penetration Testing (WAPT) course and passed eLearnSecurity’s Web Application Penetration Tester (...
This is a writeup for the recently retired box Wall from Hack The Box. While this machine does not currently appear on the list of “OSCP-like boxes”, I belie...
This is a writeup for the retired Hack The Box machine Chatterbox. I decided to do a writeup on this machine because it appears on TJNull’s list of “OSCP-lik...