Writeups
Collection of real-world bug hunting writeups and security research articles
The Ultimate Guide to WAF Bypass Using SQLMap, Proxychains & Tamper Scripts
Mastering Advanced SQLMap Techniques with Proxychains and tamper scripts Against Cloudflare and ModSecurity
Read on InfoSec WriteupsHow Hackers Exploit CVE-2025–29927 in Next.js Like a Pro
Step-by-Step mass hunting Authorization Bypass by Middleware in next.js: A Complete Exploit Walkthrough
Read on InfoSec WriteupsHow Hackers Abuse XML-RPC to Launch Bruteforce and DDoS Attacks
From Recon to full Exploitation: The XML-RPC Attack Path
Read on InfoSec WriteupsHow to Route Traffic from WSL to Burp Suite on Windows: A Step-by-Step Guide
Learn how to properly configure WSL to route all traffic through Burp Suite for effective penetration testing
Read on InfoSec WriteupsFrom Zero to Hero: Hunting High-Paying Open Redirect Bugs in Web Apps
Complete methodology for finding and exploiting open redirect vulnerabilities in modern web applications
Read on InfoSec WriteupsLostFuzzer: Passive URL Fuzzing & Nuclei DAST for Bug Hunters
An advanced tool for discovering hidden endpoints and vulnerabilities through passive fuzzing techniques
Read on InfoSec WriteupsS3 Bucket Recon: Finding Exposed AWS Buckets Like a Pro
Techniques and methodologies for identifying misconfigured Amazon S3 buckets during security assessments
Read on InfoSec WriteupsBest Browser Extensions for Bug Hunting and Cybersecurity
A comprehensive guide to essential browser extensions that enhance your bug hunting workflow
Read on InfoSec WriteupsFFUF Mastery: The Ultimate Web Fuzzing Guide
Master the powerful FFUF fuzzing tool for discovering hidden endpoints, parameters, and vulnerabilities
Read on OSINT TeamMy Private Nuclei Template Collection for Easy Bounties
Custom Nuclei templates that have led to successful bug bounty reports and vulnerability discoveries
Read on MediumUnlock the Full Potential of the Wayback Machine for Bug Bounty
Advanced techniques for leveraging Internet Archive's Wayback Machine in your bug hunting methodology
Read on InfoSec WriteupsSQL Injection in Largest Electricity Board of Sri Lanka
A detailed case study of discovering and responsibly reporting a critical SQL Injection vulnerability
Read on InfoSec WriteupsPDF.js Arbitrary JavaScript Code Execution (CVE-2024-4367)
Analysis and exploitation guide for the critical code execution vulnerability in Mozilla's PDF.js library
Read on InfoSec WriteupsHow to Find Origin IP of Any Website Behind a WAF
Techniques for identifying the true origin IP address of servers protected by web application firewalls
Read on InfoSec WriteupsFind XSS Vulnerabilities in Just 2 Minutes
Rapid methodology for identifying Cross-Site Scripting vulnerabilities in web applications
Read on OSINT TeamHow to Identify Sensitive Data in JavaScript Files: JSRecon
Techniques for discovering credentials, API keys, and other sensitive information in client-side JavaScript
Read on OSINT Team