Securitycipher
LightNews LightNews
banner
securitycipher.bsky.social
Securitycipher
@securitycipher.bsky.social
140 followers 9 following 5.1K posts
📃 Write-ups and Resources 🚀 related to Bug Bounty💲 #bugbounty #bugbountytips
Posts Replies Media Videos
securitycipher.bsky.social
A Story of a Slowloris DoS — the coolest DoS Attack

https://medium.com/@Appsec_pt/a-story-of-a-slowloris-dos-the-coolest-dos-attack-9279442ed89a?source=rss------bug_bounty-5
November 11, 2025 at 9:07 PM
securitycipher.bsky.social
When a Bug Turned Into My Best Learning Experience as a Developer

https://medium.com/activated-thinker/when-a-bug-turned-into-my-best-learning-experience-as-a-developer-f278b65976e9?source=rss------bug_bounty-5
November 11, 2025 at 6:13 PM
securitycipher.bsky.social
libcurl FTP path normalization flaw allows decoded %2e%2e CWD .. and directory escape (Path Traversal, CWE-22)

https://hackerone.com/reports/3418861
November 11, 2025 at 5:12 PM
securitycipher.bsky.social
An interesting duplicate: open redirect I found while bug hunting

https://medium.com/@offsec12/an-interesting-duplicate-open-redirect-i-found-while-bug-hunting-456ee30723b8?source=rss------bug_bounty-5
November 11, 2025 at 12:18 PM
securitycipher.bsky.social
Two click Account Takeover

https://hackerone.com/reports/3079738
November 11, 2025 at 10:15 AM
securitycipher.bsky.social
SSH Isn’t Just a Service: How Outdated Daemons Create Unseen Backdoors

https://medium.com/@bishopx_09/ssh-isnt-just-a-service-how-outdated-daemons-create-unseen-backdoors-58ac0f47eaa9?source=rss------bug_bounty-5
November 11, 2025 at 10:10 AM
securitycipher.bsky.social
Behind the Scenes of a CTF Exploit Walkthrough: Master the Art of Real-World Pentesting

https://medium.com/@verylazytech/behind-the-scenes-of-a-ctf-exploit-walkthrough-master-the-art-of-real-world-pentesting-e0283d9f185e?source=rss------bug_bounty-5
November 11, 2025 at 8:13 AM
securitycipher.bsky.social
Command Injection - CRITICISM

https://hackerone.com/reports/3418760
November 11, 2025 at 7:13 AM
securitycipher.bsky.social
API Mass Assignment Explained

https://medium.com/@jungoskillet/api-mass-assignment-explained-e16c27088d6f?source=rss------bug_bounty-5
November 11, 2025 at 6:14 AM
securitycipher.bsky.social
CORS Vulnerability with Trusted Insecure Protocols

https://infosecwriteups.com/cors-vulnerability-with-trusted-insecure-protocols-82ba36766c07?source=rss------bug_bounty-5
November 11, 2025 at 4:13 AM
securitycipher.bsky.social
How I Turned a Failed “Race Condition” into a $ Bug Bounty Win

https://medium.com/@UrsaBear/how-i-turned-a-failed-race-condition-into-a-bug-bounty-win-647143a83cdd?source=rss------bug_bounty-5
November 11, 2025 at 3:39 AM
securitycipher.bsky.social
Vulnerabilidades en GraphQL API: Guía de Explotación, Descubrimiento y Mitigación

https://medium.com/@jpablo13/vulnerabilidades-en-graphql-api-gu%C3%ADa-de-explotaci%C3%B3n-descubrimiento-y-mitigaci%C3%B3n-1ea376ba4455?source=rss------bug_bounty-5
November 11, 2025 at 12:45 AM
securitycipher.bsky.social
The Hunt for a WAF Bypass: A Bug Bounty Story

https://0dayscyber.medium.com/the-hunt-for-a-waf-bypass-a-bug-bounty-story-0aebb17685da?source=rss------bug_bounty-5
November 10, 2025 at 11:08 PM
securitycipher.bsky.social
One Cookie to Steal Them All: A Story of IDOR

https://scriptjacker.medium.com/one-cookie-to-steal-them-all-a-story-of-idor-f99870c3a683?source=rss------bug_bounty-5
November 10, 2025 at 10:09 PM
securitycipher.bsky.social
SSH Isn’t Just a Service — It’s a Backdoor

https://medium.com/@samuelayomip2009/ssh-isnt-just-a-service-it-s-a-backdoor-88d579f4b798?source=rss------bug_bounty-5
November 10, 2025 at 7:07 PM
securitycipher.bsky.social
How I Unlocked Enterprise Features with One Parameter — and Earned $947

https://medium.com/@ferdusalam0/how-i-unlocked-enterprise-features-with-one-parameter-and-earned-947-7a0fef6b2ad0?source=rss------bug_bounty-5
November 10, 2025 at 6:13 PM
securitycipher.bsky.social
Arbitrary Configuration File Inclusion: via External Control of File Name or Path

https://hackerone.com/reports/3418646
November 10, 2025 at 5:12 PM
securitycipher.bsky.social
The macOS Microkernel | IPC Message Basics for Injections

https://medium.com/@RandomFlawsFinder/the-macos-microkernel-ipc-message-basics-for-injections-f358dde99926?source=rss------bug_bounty-5
November 10, 2025 at 5:09 PM
securitycipher.bsky.social
SMTP CRLF Injection in curl/libcurl via MAIL FROM/RCPT TO parameters

https://hackerone.com/reports/3418616
November 10, 2025 at 4:17 PM
securitycipher.bsky.social
Unsafe use of strcpy in Curl_ldap_err2string (packages/OS400/os400sys.c) stack-buffer-overflow (PoC + ASan)

https://hackerone.com/reports/3418528
November 10, 2025 at 3:15 PM
securitycipher.bsky.social
When GPTs Call Home: Exploiting SSRF in ChatGPT’s Custom Actions

https://sirleeroyjenkins.medium.com/when-gpts-call-home-exploiting-ssrf-in-chatgpts-custom-actions-5df9df27dbe9?source=rss------bug_bounty-5
November 10, 2025 at 3:10 PM
securitycipher.bsky.social
How I Built an AI Test Agent That Runs Playwright Tests Based on Jira Bug Reports

https://skakarh.medium.com/how-i-built-an-ai-test-agent-that-runs-playwright-tests-based-on-jira-bug-reports-02b8b259c8d3?source=rss------bug_bounty-5
November 10, 2025 at 2:09 PM
securitycipher.bsky.social
Bug Hunting : Walking the Path of IDORs

https://medium.com/@hello.chris001/bug-hunting-walking-the-path-of-idors-a6b86ffdfa1f?source=rss------bug_bounty-5
November 10, 2025 at 1:24 PM
securitycipher.bsky.social
Bug Bounty Hunting — Complete Guide (Part-137)

https://medium.com/@rafid19/bug-bounty-hunting-complete-guide-part-137-7974b05e547e?source=rss------bug_bounty-5
November 10, 2025 at 12:18 PM
securitycipher.bsky.social
SMTP CRLF Command Injection in CURLOPT_MAIL_FROM and CURLOPT_MAIL_RCPT

https://hackerone.com/reports/3414088
November 10, 2025 at 11:12 AM