Writeups
Detailed technical writeups and guides on security research and penetration testing
The Ultimate Guide to WAF Bypass Using SQLMap, Proxychains & Tamper Scripts
Mastering Advanced SQLMap Techniques with Proxychains and tamper scripts Against Cloudflare and ModSecurity
How Hackers Exploit CVE-2025–29927 in Next.js Like a Pro
Step-by-Step mass hunting Authorization Bypass by Middleware in next.js: A Complete Exploit Walkthrough
How Hackers Abuse XML-RPC to Launch Bruteforce and DDoS Attacks
From Recon to full Exploitation: The XML-RPC Attack Path
How to Route Traffic from WSL to Burp Suite on Windows: A Step-by-Step Guide
Learn how to properly configure WSL to route all traffic through Burp Suite for effective penetration testing
From Zero to Hero: Hunting High-Paying Open Redirect Bugs in Web Apps
Complete methodology for finding and exploiting open redirect vulnerabilities in modern web applications
LostFuzzer: Passive URL Fuzzing & Nuclei DAST for Bug Hunters
An advanced tool for discovering hidden endpoints and vulnerabilities through passive fuzzing techniques
S3 Bucket Recon: Finding Exposed AWS Buckets Like a Pro
Techniques and methodologies for identifying misconfigured Amazon S3 buckets during security assessments
Best Browser Extensions for Bug Hunting and Cybersecurity
A comprehensive guide to essential browser extensions that enhance your bug hunting workflow
FFUF Mastery: The Ultimate Web Fuzzing Guide
Master the powerful FFUF fuzzing tool for discovering hidden endpoints, parameters, and vulnerabilities
My Private Nuclei Template Collection for Easy Bounties
Custom Nuclei templates that have led to successful bug bounty reports and vulnerability discoveries
Unlock the Full Potential of the Wayback Machine for Bug Bounty
Advanced techniques for leveraging Internet Archive's Wayback Machine in your bug hunting methodology
SQL Injection in Largest Electricity Board of Sri Lanka
A detailed case study of discovering and responsibly reporting a critical SQL Injection vulnerability
PDF.js Arbitrary JavaScript Code Execution (CVE-2024-4367)
Analysis and exploitation guide for the critical code execution vulnerability in Mozilla's PDF.js library
How to Find Origin IP of Any Website Behind a WAF
Techniques for identifying the true origin IP address of servers protected by web application firewalls
Find XSS Vulnerabilities in Just 2 Minutes
Rapid methodology for identifying Cross-Site Scripting vulnerabilities in web applications
How to Identify Sensitive Data in JavaScript Files: JSRecon
Techniques for discovering credentials, API keys, and other sensitive information in client-side JavaScript