Pinned
From Dorks to Defense: How I Secured Two CERT-In Hall of Fames
2025
-
From Shodan to SQLi: Hacking an Exposed Company Dashboard
-
Shellshock: The Bash Bug That Shook the Internet 🐚
-
NoSQL Injection: Exploitation Techniques and Attack Scenarios 💣
-
Business Logic: Broken. Wallet: Hacked. OTP: Bypassed.
-
Subdomain Takeover: When Your Own Domain Becomes Your Enemy 🕵️♂️
-
Mastering Nmap: The Ultimate Guide to Port Scanning
-
XSS Meets IDOR: A Double Vulnerability Story on a Learning Platform 🔥
-
Why IDORs Are Everywhere — And How to Find Them — Part I
-
How We Discovered a Stored HTML Injection in a Chatbot System 🕷️
-
SSRF: When Your Server Becomes a Nosy Hacker — Part 1
-
FlashCrawler v2.0 — The Hacker’s Browser-Powered, JavaScript-Crunching Web Crawler
-
Sweet Security Disaster: How I Could Verify Any Account on a Dessert Website 🍦
-
Rate Limiting: When Your Server Says Chill, Bro.
-
SQLMap: The Ultimate Guide to Automated SQL Injection Testing 💉
-
🕵️♂️ Google Dorks: The Power of Advanced Search Operators
-
The Silent Threat: Understanding Pre-Account Takeover Attacks 🕵️♀️
-
When Data Whispers Secrets: Understanding Sensitive Information Disclosure in Modern Systems 🔐
-
Understanding Reverse DNS (rDNS) — A Behind-the-Scenes Lookup