Learn Bug Bounty

Vulnerability vectors: The ultimate Bug Bounty guide to exploiting CSRF

Cross-site request forgery: The ultimate Bug Bounty guide to exploiting CSRF vulnerabilities

The bug hunter’s guide to building an Android mobile hacking lab

Building an Android Bug Bounty lab: the ultimate guide to configuring emulators, real devices, proxies and other mobile hacking tools (featuring Magisk, Burp, Frida)

Vulnerability vectors: SQL injection for Bug Bounty hunters

SQL injection for Bug Bounty hunters

Bug Bounty recon roundup

Recon series recap: The ultimate guide to Bug Bounty reconnaissance and footprinting

YesWeCaido: a new Caido plugin for tracking Bug Bounty Programs

YesWeCaido: a new Caido plugin for tracking Bug Bounty Programs

Recon Series #6: Excavating hidden artifacts with Wayback Machine and other web-archive tools

Recon Series #6: Excavating hidden artifacts with Wayback Machine and other web-archive tools

Bug Bounty recon series on information gathering with search engines – aka Google Dorking – which is illustrated with a magnifying glass zooming in on a web browser.

Recon series #5: A hacker’s guide to Google dorking

Practical guide to path traversal and arbitrary file read attacks

Beyond ‘../../’ - a practical guide to path traversal and arbitrary file read attacks

Port scanning techniques for finding hidden services

Recon series #4: Port scanning – uncovering attack vectors by revealing open ports and hidden services

HTTP header exploitation

HTTP header hacks: basic and advanced exploit techniques explored

GraphQL exploitation

Hacking GraphQL endpoints with introspection, query, mutation, batching attacks

The art of payload obfuscation

The art of payload obfuscation: how to mask malicious scripts and bypass defence mechanisms