Bug Bounty Tips Over the past years we have shared a lot of  tips to help our readers in one way or another. Thinking outside the box or trying a different approach could be the defining factor in...

While I prefer more to write/talk about far-going topics instead of just one vulnerability write-up, I decided to make an exception for…

Hello everyone, I would like to share a riveting issue regarding XSS (Cross-Site Scripting ) I endured a few months ago. Cross-site scripting (XSS) is a type of security vulnerability typically fou…

During the latest years Web Security has become a very important topic in the IT Security field. The advantages the web offers resulted in very critical services being developed as web applications. The business requirements for their web applications security…

Summary : By sending a very long string (100000 characters) it’s possible to cause a denial a service attack on the server. This may lead…

The Internet of things is a network of devices that are connected to the Internet, controlled through it, and can exchange data with each…

In this article, we will discuss an interesting data exfiltration technique

One of the first thing I learned when I started security, is that the report is just as important as the pentest itself.
Some bug bounty platforms give reputation points according the quality.
While there is no official rules to write a good report, there…

Knightsbr1dge.red

This is one of my findings back in last year when I was testing a back-office application of a big company. As the application was on the…

JSMon: Automated JavaScript File Monitoring Today I’m proud to release JSMon, an online change monitoring tool for javascript files!

Turning a P5 Content Injection into P3 Reflected XSS

Hi! This write-up is about my experience and my walk-through, How I solved the Bugcrowd’s LevelUp0x07 CTF :)