Learn Bug Bounty

Port scanning techniques for finding hidden services

Recon series #4: Port scanning – uncovering attack vectors by revealing open ports and hidden services

HTTP header exploitation

HTTP header hacks: basic and advanced exploit techniques explored

GraphQL exploitation

Hacking GraphQL endpoints with introspection, query, mutation, batching attacks

The art of payload obfuscation

The art of payload obfuscation: how to mask malicious scripts and bypass defence mechanisms

server-side template injection

Limitations are just an illusion – advanced server-side template exploitation with RCE everywhere

HTTP fingerprinting in web applications: article number three in YesWeHack’s bug bounty recon series

Recon series #3: HTTP fingerprinting – sleuthing for a web application’s hidden vulnerabilities

YesWeHack Bug Bounty recon series, guide to subdomain enumeration, illustrated with endpoint nodes

Recon Series #2: Subdomain enumeration – expand attack surfaces with active, passive techniques

Trophy for the top web hacking techniques of 2024

Top web hacking techniques of 2024, McDelivery hijack, 4D SOTA jailbreak – ethical hacker news roundup

XSS attacks and exploitation illustrated with laptop and www.example.com website: The ultimate guide to cross-site scripting

XSS attacks and exploitation: The ultimate guide to cross-site scripting

Bug Bounty Recon Series by YesWeHack

Recon Series #1: Discover and Map Hidden Endpoints and Parameters

Pimp My Burp #11 shows you how to use Burp Suite extension Sign Saboteur to master signed token exploits

PimpMyBurp #11 – Master Signed Token Exploits with SignSaboteur

Our Hacker’s Toolbox series, illustrated with a question mark and angle brackets that close HTML and XML tags, focuses on Dom-Explorer, a new open-source tool for understanding how popular browsers parse HTML and uncovering mutation XSS vulnerabilities

Dom-Explorer tool launched to reveal how browsers parse HTML and find mutated XSS vulnerabilities