Logo YesWeHack
Blog
LoginContact Us

Learn Bug Bounty

  1. Blog
  2. Learn Bug Bounty
Practical guide to path traversal and arbitrary file read attacks

Beyond ‘../../’ - a practical guide to path traversal and arbitrary file read attacks

Read More ->
Port scanning techniques for finding hidden services

Recon series #4: Port scanning – uncovering attack vectors by revealing open ports and hidden services

Read More ->
HTTP header exploitation

HTTP header hacks: basic and advanced exploit techniques explored

Read More ->
GraphQL exploitation

Hacking GraphQL endpoints with introspection, query, mutation, batching attacks

Read More ->
The art of payload obfuscation

The art of payload obfuscation: how to mask malicious scripts and bypass defence mechanisms

Read More ->
server-side template injection

Limitations are just an illusion – advanced server-side template exploitation with RCE everywhere

Read More ->
GraphQL exploitation

Hacking GraphQL endpoints with introspection, query, mutation, batching attacks

HTTP fingerprinting in web applications: article number three in YesWeHack’s bug bounty recon series

Recon series #3: HTTP fingerprinting – sleuthing for a web application’s hidden vulnerabilities

Read More ->
YesWeHack Bug Bounty recon series, guide to subdomain enumeration, illustrated with endpoint nodes

Recon Series #2: Subdomain enumeration – expand attack surfaces with active, passive techniques

Read More ->
Trophy for the top web hacking techniques of 2024

Top web hacking techniques of 2024, McDelivery hijack, 4D SOTA jailbreak – ethical hacker news roundup

Read More ->
HTTP fingerprinting in web applications: article number three in YesWeHack’s bug bounty recon series

Recon series #3: HTTP fingerprinting – sleuthing for a web application’s hidden vulnerabilities

XSS attacks and exploitation illustrated with laptop and www.example.com website: The ultimate guide to cross-site scripting

XSS attacks and exploitation: The ultimate guide to cross-site scripting

Read More ->
Bug Bounty Recon Series by YesWeHack

Recon Series #1: Discover and Map Hidden Endpoints and Parameters

Read More ->
Pimp My Burp #11 shows you how to use Burp Suite extension Sign Saboteur to master signed token exploits

PimpMyBurp #11 – Master Signed Token Exploits with SignSaboteur

Read More ->
XSS attacks and exploitation illustrated with laptop and www.example.com website: The ultimate guide to cross-site scripting

XSS attacks and exploitation: The ultimate guide to cross-site scripting

1/5
12345
Next

Footer

Logo YesWeHack
Logo YesWeHack

Products

  • Bug Bounty
  • Vulnerability Disclosure Policy
  • Pentest Management
  • Attack Surface Management
  • Live Hacking Events

Researchers

  • Start Hunting
  • Public Programs
  • Tools
  • Ranking
  • Dojo

Resources

  • Blog
  • Case Studies
  • Videos
  • Help Center
  • API
  • Github
  • Newsletter

Company

  • About YesWeHack
  • Trust & Security
  • Career
  • Press
  • Events
  • Contact

Follow us

Linkedin White
Twitter Logo
Youtube White
GitHub, YesWeHack

©2025 YESWEHACK

  • Legal Notices
  • Privacy Policy
  • Cookies Policy
  • Change Cookie Preferences