Hacking Tools

Broken authentication: A complete guide to exploiting advanced authentication vulnerabilities Featured Image

Broken authentication: A complete guide to exploiting advanced authentication vulnerabilities

Hacking Tools

November 30, 2024

Authentication vulnerabilities are fun to find as they are impactful by nature and often grant unauthorized users access to various resources with elevated privileges. Even though they are harder to spot, placed just at the 7th position on the OWASP Top 10 list, they still form a significant risk an

Crafting your bug bounty methodology: A complete guide for beginners

Hacking Tools

November 25, 2024

Bug bounty hunting can seem overwhelming when you're just starting, especially when you are coming from a non-technical background. And even then, bug bounty (or web security in general) is a vast topic with so much to grasp. Participating in bug bounties often also means competing along on bug boun

Complete guide to finding more vulnerabilities with Shodan and Censys

Hacking Tools

November 19, 2024

You've probably seen another bug bounty hunter or security researcher find cool bugs using internet search engines like Shodan or Censys. But when you tried to replicate their steps, it seemed like an impossible task and all you can conclude is that they just came across a unique case and got lucky.

A beginner's roadmap for playing CTFs: 10 practical tips for beginners

Hacking Tools

November 8, 2024

Capture The Flag (CTF) challenges are fun to play, form a powerful training ground and help drastically develop your hacking skills. CTF competitions come in many forms, from malware analysis to web vulnerability challenges. Some CTF events also provide the winners with cash rewards (bounties), excl

Top 4 new attack vectors in web application targets

Hacking Tools

October 29, 2024

We all like to find vulnerabilities in bug bounty programs, they get us bounties, increase our ranks on platform leaderboards and help us stay motivated to look for more of them. If you've been doing bug bounty for a while, your methodology will focus on finding an edge so that you can spot more vul

Google dorking for beginners: how to find more vulnerabilities using Google search

Hacking Tools

October 27, 2024

Bug bounty hunters who spend time in content discovery and reconnaissance, in general, are always rewarded well for their efforts as they often come across untested and hidden assets or endpoints. Google dorking is another way to leverage search engines to discover hidden assets and endpoints to inc

7 Ways to achieve remote code execution

Hacking Tools

October 22, 2024

Remote code execution (RCE) vulnerabilities are always fun to find for bug bounty hunters, they usually carry a huge impact and indicate a big upcoming payday. In this article, we will go over the 7 most common ways to achieve remote code execution by exploiting several vulnerability types. Let's di

Recon for bug bounty: 8 essential tools for performing effective reconnaissance

Hacking Tools

October 15, 2024

We all know that reconnaissance is important in bug bounty, in fact, it is the most important phase in bug bounty & web app pentesting. Bug bounty hunters who perform effective recon are always rewarded well as they come across untouched features and hidden assets more often than others. This provid

7 Tips for bug bounty beginners

Hacking Tools

September 27, 2024

We all had to start somewhere in bug bounty hunting and we all made mistakes along the way. Most of these often helped us learn more and become even better bug bounty hunters! If you're in your first years of doing bug bounty hunting or just starting and exploring bug bounties, we want to help you s

Hacking misconfigured Cloudflare R2 buckets: a complete guide

Hacking Tools

September 12, 2024

Cloudflare R2 buckets are recently becoming more popular as an alternative to AWS S3 buckets for their simplicity, integration support and zero-egress fees. Customers who opt-in to use Cloudflare R2 are not going to be charged for any traffic to and from the bucket. This often means a severely reduc

Hacking misconfigured AWS S3 buckets: A complete guide

Hacking Tools

September 5, 2024

AWS S3 (Simple Storage Service) buckets are a popular storage service used by software companies and organizations to store public as well as sensitive data. However, the implementation of this service is not always correctly done. A single missing access policy can often introduce security risks, d

CSRF: A complete guide to exploiting advanced CSRF vulnerabilities

Hacking Tools

August 19, 2024

Cross-site request forgery—or for short CSRF—vulnerabilities are one of the most exploited web security vulnerabilities that result in performing unwanted actions. This client-side vulnerability can sometimes go unnoticed but delivers a devastating impact depending on the context. From basic action

SSRF: A complete guide to exploiting advanced SSRF vulnerabilities

Hacking Tools

August 1, 2024

SSRF—short for Server-Side Request Forgery—vulnerabilities are amongst one of the most impactful web security vulnerabilities. Even though they are less commonly found on targets they do take place on the OWASP Top 10 2021 ladder scoring the latest place (A10). SSRF vulnerabilities are known to have

Hacking Salesforce Lightning: A Guide for Bug Hunters

Hacking Tools

July 24, 2024

Salesforce Experience (or Community) Cloud is a CRM platform that helps software companies and organizations manage their customer relationships. Software companies and organizations often use it to manage their customer relationships, share information, and work with employees and customers (docume

Exploring Third-Party Services for Open Signups: Security Risks and Best Practices

Hacking Tools

July 4, 2024

Most software companies resort to using third-party solutions for completing certain tasks within their company. A common example is a ticketing platform that helps teams and companies stay organized with issues that internal employees or customers may experience. Unfortunately, due to lack of time

Five easy ways to hack GraphQL targets

Hacking Tools

May 31, 2024

GraphQL is a widely used query language that provides developers with the ability to query data easily. Unlike via a REST API, developers can send a schema in a single HTTP request and retrieve back all the necessary data. It’s an awesome query language that can help simplify several aspects during

4 bug bounty mistakes and how to avoid them

Hacking Tools

April 17, 2024

Getting into bug bounties is no easy task, we know. There’s so much to consider and your path to becoming a bug bounty hunter can vary in so many ways. Bug bounty hunting can be fraught with challenges, and even the most skilled individuals can fall victim to common mistakes. 1. Striking the wrong b

Aggressive scanning in bug bounty (and how to avoid it)

Hacking Tools

March 18, 2024

Presented by CryptoCat What is aggressive scanning? In bug bounty, researchers are expected to configure automated tools and scanners to remain within the defined limits of the program’s requirements. Any activity outside these limits can be defined as “aggressive” or “intrusive”. Hunters with exper

Testing static websites and uncovering hidden security vulnerabilities

Hacking Tools

March 14, 2024

By not conducting tests on the static websites of your targets, you may be overlooking numerous potential vulnerabilities. In today’s post, we will go through the top 3 most common ways of finding security vulnerabilities in static websites. What are static websites? You’ve probably come across a st

Turbo Intruder – Hacker Tools: Going faster than ever! 👩‍💻

Hacking Tools

March 1, 2022

How often do you find yourself running scans that take ages to complete? How often do you cancel a scan because it has been taking too long? But what if you left it to run for 3 more minutes? Would that have given you a breakthrough result? Today, we’re going to go fast, really fast! Let’s take a lo