Learn Bug Bounty

Bug Bounty recon roundup

Recon series recap: The ultimate guide to Bug Bounty reconnaissance and footprinting

YesWeCaido: a new Caido plugin for tracking Bug Bounty Programs

YesWeCaido: a new Caido plugin for tracking Bug Bounty Programs

Recon Series #6: Excavating hidden artifacts with Wayback Machine and other web-archive tools

Recon Series #6: Excavating hidden artifacts with Wayback Machine and other web-archive tools

Bug Bounty recon series on information gathering with search engines – aka Google Dorking – which is illustrated with a magnifying glass zooming in on a web browser.

Recon series #5: A hacker’s guide to Google dorking

Practical guide to path traversal and arbitrary file read attacks

Beyond ‘../../’ - a practical guide to path traversal and arbitrary file read attacks

Port scanning techniques for finding hidden services

Recon series #4: Port scanning – uncovering attack vectors by revealing open ports and hidden services

HTTP header exploitation

HTTP header hacks: basic and advanced exploit techniques explored

GraphQL exploitation

Hacking GraphQL endpoints with introspection, query, mutation, batching attacks

The art of payload obfuscation

The art of payload obfuscation: how to mask malicious scripts and bypass defence mechanisms

server-side template injection

Limitations are just an illusion – advanced server-side template exploitation with RCE everywhere

HTTP fingerprinting in web applications: article number three in YesWeHack’s bug bounty recon series

Recon series #3: HTTP fingerprinting – sleuthing for a web application’s hidden vulnerabilities

YesWeHack Bug Bounty recon series, guide to subdomain enumeration, illustrated with endpoint nodes

Recon Series #2: Subdomain enumeration – expand attack surfaces with active, passive techniques