List: Reading list | Curated by Sriram Kesavan

Sep 18, 2023
333 stories
Reading list
In
csictf
by
Rishit Bansal
Self-hosting a CTF Platform (CTFd)Tips to setup stable and secure infra for showing the scoreboard/challenges during a CTF.
Jul 28, 2020
2
Jul 28, 2020
2
In
InfoSec Write-ups
by
Arvind
WhatsApp Bug Bounty: Bypassing biometric authentication using voipBypassing biometric authentication just by making a call and access the app completely
Mar 6, 2022
5
Mar 6, 2022
5
Sam Lerner
Car (Key) Hacking (Not Really)Here is the key fob for my 2000 Toyota Camry (possibly the best car ever made):
Feb 28, 2020
1
Feb 28, 2020
1
In
PC Magazine
by
PCMag
FTC to US Companies: Patch Log4J Flaw or Face Legal ActionIn issuing the warning, the FTC cites the huge settlement Equifax paid for a 2017 data breach involving a known vulnerability it failed to…
Jan 6, 2022
Jan 6, 2022
In
InfoSec Write-ups
by
Aseem Shrey (@aseemshrey)
One Token to leak them all : The story of a  $8000 NPM_TOKENNot long ago, I started a youtube channel, HackingSimplified.
Jun 19, 2020
2
Jun 19, 2020
2
In
ShiftLeft Blog
by
Vickie Li
API Security 101: Improper Assets ManagementAnd why missing documentation is a vulnerability.
Sep 14, 2021
Sep 14, 2021
Ozgur Alp
Unauthorized Google Maps API Key Usage Cases, and Why You Need to CareFor the ones who do not have any information about this service and its API Key’s, Google Maps API is a paid service which allows…
Jan 20, 2020
4
Jan 20, 2020
4
In
InfoSec Write-ups
by
Pratik Dabhi
How to get started in CTF | Complete Begineer GuideHey folks, in this blog I’m going to share how do you guys get started in CTF: Capture The Flag (“Jhande Ukhaadne Hai”). So let’s jump…
May 19, 2020
May 19, 2020
Ashish Dhone
All In One Bug BountyHello Everyone,
Jun 1, 2020
4
Jun 1, 2020
4
Lokesh Kumar
How to Rotate IP ADDRESS For Each Request in Burp SuiteThis post is about to explain how to rotate IP address for each request using Burp Suite.
Aug 17, 2021
2
Aug 17, 2021
2
Orwa Atyat
My Methodology In Recon And Find Bugs & My Methodology In Hunting Using Phone#Dears Hunters
Aug 19, 2021
13
Aug 19, 2021
13
Gonzalo Carrasco
Fuzzing + IDOR = Admin TakeOverHello everyone, this is my first post. I’ve been thinking about writing about my findings for a while, so here we go.
Aug 9, 2021
7
Aug 9, 2021
7
In
InfoSec Write-ups
by
Xcheater
All about Password Reset vulnerabilitiesBug bounty approach for finding bugs in password reset function
May 17, 2021
6
May 17, 2021
6
Kamal Sharma
RESEARCH METHODOLOGIES FOR BUG BOUNTY HUNTERSGood morning everyone , its me Kamal Sharma from Nepal. Cyber security has been so important in today’s world. Social media has…
Jul 28, 2021
1
Jul 28, 2021
1
In
InfoSec Write-ups
by
Dhanush
Leveraging Burp Suite extension for finding HTTP Request Smuggling.HTTP Request Smuggling is often left behind in bug bounty findings. But with the right extension, you can automate the task of finding HTTP…
Jul 7, 2021
Jul 7, 2021
In
InfoSec Write-ups
by
secureITmania
Genymotion+Xposed+InspeckageAndroid application dynamic analysis lab setup on windows
Jul 3, 2021
Jul 3, 2021
In
InfoSec Write-ups
by
Nikhil (niks)
XXE in Public Transport Ticketing Mobile APPThis finding was an another private bug bounty program. The scope of the target was a ticketing android app (Prod). This app was a major…
Jul 29, 2021
Jul 29, 2021
Sumit Gupta
Add all subdomains to scope | Burp SuiteFor example, if your target is only www.google.com then the below setting will be fine
Jan 8, 2021
Jan 8, 2021
Jerry Shah (Jerry)
GitHub Recon - It’s Really DeepHello everyone, I know that my speed of writing blogs has been decreased it’s because I’m busy with some other stuff. Doesn’t matter I…
Jul 9, 2020
2
Jul 9, 2020
2
+Bilal Rizwan
Wordpress xmlrpc.php -common vulnerabilites & how to exploit themHello there! , whats up ? ,Bilal Rizwan here hope your doing great & having fun learning from the community like I am.
Apr 26, 2018
22
Apr 26, 2018
22