Welcome!
I created this site as a way to document my bug bounty journey in the form of blogs. I hope they’re helpful and informative. 🙂 happy hacking!
-
HTB – AD Enumeration & Attacks – Skills Assessment Part I Walkthrough
I’ve been making my way through the Penetration Tester path on Hack the Box, in hopes of getting my CPTS. The Active Directory Enumeration & Attacks module in particular has been super helpful and loads of fun. I didn’t realize how little I knew about Active Directory attacks. The two skills assessments at the end…
-
Error-Based SQLi
This has been my favorite (and most rewarding) bug since I started my bug bounty journey. I was hacking on a private program testing for SQL injection on API endpoints that contained some data value in the URL (like /api/user/1234). I was fuzzing the value with typical characters you would use to test for SQLi…
-
IDOR Exposing PII
I was testing on a private program when I came across several endpoints that utilized a customer ID to retrieve information about that user’s account. I was going through each one testing for IDOR and not having any luck. The server was doing proper authorization checks and denying me access to other account’s data. I…