Securitycipher
@securitycipher.bsky.social
📃 Write-ups and Resources 🚀 related to Bug Bounty💲 #bugbounty #bugbountytips
Behind the Scenes of a CTF Exploit Walkthrough: Master the Art of Real-World Pentesting
https://medium.com/@verylazytech/behind-the-scenes-of-a-ctf-exploit-walkthrough-master-the-art-of-real-world-pentesting-382cf8d76f9a?source=rss------bug_bounty-5
https://medium.com/@verylazytech/behind-the-scenes-of-a-ctf-exploit-walkthrough-master-the-art-of-real-world-pentesting-382cf8d76f9a?source=rss------bug_bounty-5
November 12, 2025 at 7:09 AM
Behind the Scenes of a CTF Exploit Walkthrough: Master the Art of Real-World Pentesting
https://medium.com/@verylazytech/behind-the-scenes-of-a-ctf-exploit-walkthrough-master-the-art-of-real-world-pentesting-382cf8d76f9a?source=rss------bug_bounty-5
https://medium.com/@verylazytech/behind-the-scenes-of-a-ctf-exploit-walkthrough-master-the-art-of-real-world-pentesting-382cf8d76f9a?source=rss------bug_bounty-5
The Rust Bug That Lived in My Code for 3 Days — and the One Trick That Finally Killed It
https://medium.com/@kedarbpatil07/the-rust-bug-that-lived-in-my-code-for-3-days-and-the-one-trick-that-finally-killed-it-e98668df30c2?source=rss------bug_bounty-5
https://medium.com/@kedarbpatil07/the-rust-bug-that-lived-in-my-code-for-3-days-and-the-one-trick-that-finally-killed-it-e98668df30c2?source=rss------bug_bounty-5
November 12, 2025 at 6:14 AM
The Rust Bug That Lived in My Code for 3 Days — and the One Trick That Finally Killed It
https://medium.com/@kedarbpatil07/the-rust-bug-that-lived-in-my-code-for-3-days-and-the-one-trick-that-finally-killed-it-e98668df30c2?source=rss------bug_bounty-5
https://medium.com/@kedarbpatil07/the-rust-bug-that-lived-in-my-code-for-3-days-and-the-one-trick-that-finally-killed-it-e98668df30c2?source=rss------bug_bounty-5
Vulnerabilities in GraphQL API: Exploitation, Discovery, and Mitigation Guide
https://medium.com/@jpablo13/vulnerabilities-in-graphql-api-exploitation-discovery-and-mitigation-guide-fd36cbbe0309?source=rss------bug_bounty-5
https://medium.com/@jpablo13/vulnerabilities-in-graphql-api-exploitation-discovery-and-mitigation-guide-fd36cbbe0309?source=rss------bug_bounty-5
November 12, 2025 at 12:45 AM
Vulnerabilities in GraphQL API: Exploitation, Discovery, and Mitigation Guide
https://medium.com/@jpablo13/vulnerabilities-in-graphql-api-exploitation-discovery-and-mitigation-guide-fd36cbbe0309?source=rss------bug_bounty-5
https://medium.com/@jpablo13/vulnerabilities-in-graphql-api-exploitation-discovery-and-mitigation-guide-fd36cbbe0309?source=rss------bug_bounty-5
postMessage` XSS: It’s Like Passing Secret Notes in Class… But the Whole School Can Read Them**…
https://medium.com/@shadyfarouk1986/postmessage-xss-its-like-passing-secret-notes-in-class-but-the-whole-school-can-read-them-842c113b61dc?source=rss------bug_bounty-5
https://medium.com/@shadyfarouk1986/postmessage-xss-its-like-passing-secret-notes-in-class-but-the-whole-school-can-read-them-842c113b61dc?source=rss------bug_bounty-5
November 11, 2025 at 10:09 PM
postMessage` XSS: It’s Like Passing Secret Notes in Class… But the Whole School Can Read Them**…
https://medium.com/@shadyfarouk1986/postmessage-xss-its-like-passing-secret-notes-in-class-but-the-whole-school-can-read-them-842c113b61dc?source=rss------bug_bounty-5
https://medium.com/@shadyfarouk1986/postmessage-xss-its-like-passing-secret-notes-in-class-but-the-whole-school-can-read-them-842c113b61dc?source=rss------bug_bounty-5
A Story of a Slowloris DoS — the coolest DoS Attack
https://medium.com/@Appsec_pt/a-story-of-a-slowloris-dos-the-coolest-dos-attack-9279442ed89a?source=rss------bug_bounty-5
https://medium.com/@Appsec_pt/a-story-of-a-slowloris-dos-the-coolest-dos-attack-9279442ed89a?source=rss------bug_bounty-5
November 11, 2025 at 9:07 PM
A Story of a Slowloris DoS — the coolest DoS Attack
https://medium.com/@Appsec_pt/a-story-of-a-slowloris-dos-the-coolest-dos-attack-9279442ed89a?source=rss------bug_bounty-5
https://medium.com/@Appsec_pt/a-story-of-a-slowloris-dos-the-coolest-dos-attack-9279442ed89a?source=rss------bug_bounty-5
When a Bug Turned Into My Best Learning Experience as a Developer
https://medium.com/activated-thinker/when-a-bug-turned-into-my-best-learning-experience-as-a-developer-f278b65976e9?source=rss------bug_bounty-5
https://medium.com/activated-thinker/when-a-bug-turned-into-my-best-learning-experience-as-a-developer-f278b65976e9?source=rss------bug_bounty-5
November 11, 2025 at 6:13 PM
When a Bug Turned Into My Best Learning Experience as a Developer
https://medium.com/activated-thinker/when-a-bug-turned-into-my-best-learning-experience-as-a-developer-f278b65976e9?source=rss------bug_bounty-5
https://medium.com/activated-thinker/when-a-bug-turned-into-my-best-learning-experience-as-a-developer-f278b65976e9?source=rss------bug_bounty-5
libcurl FTP path normalization flaw allows decoded %2e%2e CWD .. and directory escape (Path Traversal, CWE-22)
https://hackerone.com/reports/3418861
https://hackerone.com/reports/3418861
November 11, 2025 at 5:12 PM
libcurl FTP path normalization flaw allows decoded %2e%2e CWD .. and directory escape (Path Traversal, CWE-22)
https://hackerone.com/reports/3418861
https://hackerone.com/reports/3418861
An interesting duplicate: open redirect I found while bug hunting
https://medium.com/@offsec12/an-interesting-duplicate-open-redirect-i-found-while-bug-hunting-456ee30723b8?source=rss------bug_bounty-5
https://medium.com/@offsec12/an-interesting-duplicate-open-redirect-i-found-while-bug-hunting-456ee30723b8?source=rss------bug_bounty-5
November 11, 2025 at 12:18 PM
An interesting duplicate: open redirect I found while bug hunting
https://medium.com/@offsec12/an-interesting-duplicate-open-redirect-i-found-while-bug-hunting-456ee30723b8?source=rss------bug_bounty-5
https://medium.com/@offsec12/an-interesting-duplicate-open-redirect-i-found-while-bug-hunting-456ee30723b8?source=rss------bug_bounty-5
November 11, 2025 at 10:15 AM
SSH Isn’t Just a Service: How Outdated Daemons Create Unseen Backdoors
https://medium.com/@bishopx_09/ssh-isnt-just-a-service-how-outdated-daemons-create-unseen-backdoors-58ac0f47eaa9?source=rss------bug_bounty-5
https://medium.com/@bishopx_09/ssh-isnt-just-a-service-how-outdated-daemons-create-unseen-backdoors-58ac0f47eaa9?source=rss------bug_bounty-5
November 11, 2025 at 10:10 AM
SSH Isn’t Just a Service: How Outdated Daemons Create Unseen Backdoors
https://medium.com/@bishopx_09/ssh-isnt-just-a-service-how-outdated-daemons-create-unseen-backdoors-58ac0f47eaa9?source=rss------bug_bounty-5
https://medium.com/@bishopx_09/ssh-isnt-just-a-service-how-outdated-daemons-create-unseen-backdoors-58ac0f47eaa9?source=rss------bug_bounty-5
Behind the Scenes of a CTF Exploit Walkthrough: Master the Art of Real-World Pentesting
https://medium.com/@verylazytech/behind-the-scenes-of-a-ctf-exploit-walkthrough-master-the-art-of-real-world-pentesting-e0283d9f185e?source=rss------bug_bounty-5
https://medium.com/@verylazytech/behind-the-scenes-of-a-ctf-exploit-walkthrough-master-the-art-of-real-world-pentesting-e0283d9f185e?source=rss------bug_bounty-5
November 11, 2025 at 8:13 AM
Behind the Scenes of a CTF Exploit Walkthrough: Master the Art of Real-World Pentesting
https://medium.com/@verylazytech/behind-the-scenes-of-a-ctf-exploit-walkthrough-master-the-art-of-real-world-pentesting-e0283d9f185e?source=rss------bug_bounty-5
https://medium.com/@verylazytech/behind-the-scenes-of-a-ctf-exploit-walkthrough-master-the-art-of-real-world-pentesting-e0283d9f185e?source=rss------bug_bounty-5
November 11, 2025 at 7:13 AM
API Mass Assignment Explained
https://medium.com/@jungoskillet/api-mass-assignment-explained-e16c27088d6f?source=rss------bug_bounty-5
https://medium.com/@jungoskillet/api-mass-assignment-explained-e16c27088d6f?source=rss------bug_bounty-5
November 11, 2025 at 6:14 AM
API Mass Assignment Explained
https://medium.com/@jungoskillet/api-mass-assignment-explained-e16c27088d6f?source=rss------bug_bounty-5
https://medium.com/@jungoskillet/api-mass-assignment-explained-e16c27088d6f?source=rss------bug_bounty-5
CORS Vulnerability with Trusted Insecure Protocols
https://infosecwriteups.com/cors-vulnerability-with-trusted-insecure-protocols-82ba36766c07?source=rss------bug_bounty-5
https://infosecwriteups.com/cors-vulnerability-with-trusted-insecure-protocols-82ba36766c07?source=rss------bug_bounty-5
November 11, 2025 at 4:13 AM
CORS Vulnerability with Trusted Insecure Protocols
https://infosecwriteups.com/cors-vulnerability-with-trusted-insecure-protocols-82ba36766c07?source=rss------bug_bounty-5
https://infosecwriteups.com/cors-vulnerability-with-trusted-insecure-protocols-82ba36766c07?source=rss------bug_bounty-5
How I Turned a Failed “Race Condition” into a $ Bug Bounty Win
https://medium.com/@UrsaBear/how-i-turned-a-failed-race-condition-into-a-bug-bounty-win-647143a83cdd?source=rss------bug_bounty-5
https://medium.com/@UrsaBear/how-i-turned-a-failed-race-condition-into-a-bug-bounty-win-647143a83cdd?source=rss------bug_bounty-5
November 11, 2025 at 3:39 AM
How I Turned a Failed “Race Condition” into a $ Bug Bounty Win
https://medium.com/@UrsaBear/how-i-turned-a-failed-race-condition-into-a-bug-bounty-win-647143a83cdd?source=rss------bug_bounty-5
https://medium.com/@UrsaBear/how-i-turned-a-failed-race-condition-into-a-bug-bounty-win-647143a83cdd?source=rss------bug_bounty-5
Vulnerabilidades en GraphQL API: Guía de Explotación, Descubrimiento y Mitigación
https://medium.com/@jpablo13/vulnerabilidades-en-graphql-api-gu%C3%ADa-de-explotaci%C3%B3n-descubrimiento-y-mitigaci%C3%B3n-1ea376ba4455?source=rss------bug_bounty-5
https://medium.com/@jpablo13/vulnerabilidades-en-graphql-api-gu%C3%ADa-de-explotaci%C3%B3n-descubrimiento-y-mitigaci%C3%B3n-1ea376ba4455?source=rss------bug_bounty-5
November 11, 2025 at 12:45 AM
Vulnerabilidades en GraphQL API: Guía de Explotación, Descubrimiento y Mitigación
https://medium.com/@jpablo13/vulnerabilidades-en-graphql-api-gu%C3%ADa-de-explotaci%C3%B3n-descubrimiento-y-mitigaci%C3%B3n-1ea376ba4455?source=rss------bug_bounty-5
https://medium.com/@jpablo13/vulnerabilidades-en-graphql-api-gu%C3%ADa-de-explotaci%C3%B3n-descubrimiento-y-mitigaci%C3%B3n-1ea376ba4455?source=rss------bug_bounty-5
The Hunt for a WAF Bypass: A Bug Bounty Story
https://0dayscyber.medium.com/the-hunt-for-a-waf-bypass-a-bug-bounty-story-0aebb17685da?source=rss------bug_bounty-5
https://0dayscyber.medium.com/the-hunt-for-a-waf-bypass-a-bug-bounty-story-0aebb17685da?source=rss------bug_bounty-5
November 10, 2025 at 11:08 PM
The Hunt for a WAF Bypass: A Bug Bounty Story
https://0dayscyber.medium.com/the-hunt-for-a-waf-bypass-a-bug-bounty-story-0aebb17685da?source=rss------bug_bounty-5
https://0dayscyber.medium.com/the-hunt-for-a-waf-bypass-a-bug-bounty-story-0aebb17685da?source=rss------bug_bounty-5
One Cookie to Steal Them All: A Story of IDOR
https://scriptjacker.medium.com/one-cookie-to-steal-them-all-a-story-of-idor-f99870c3a683?source=rss------bug_bounty-5
https://scriptjacker.medium.com/one-cookie-to-steal-them-all-a-story-of-idor-f99870c3a683?source=rss------bug_bounty-5
November 10, 2025 at 10:09 PM
One Cookie to Steal Them All: A Story of IDOR
https://scriptjacker.medium.com/one-cookie-to-steal-them-all-a-story-of-idor-f99870c3a683?source=rss------bug_bounty-5
https://scriptjacker.medium.com/one-cookie-to-steal-them-all-a-story-of-idor-f99870c3a683?source=rss------bug_bounty-5
SSH Isn’t Just a Service — It’s a Backdoor
https://medium.com/@samuelayomip2009/ssh-isnt-just-a-service-it-s-a-backdoor-88d579f4b798?source=rss------bug_bounty-5
https://medium.com/@samuelayomip2009/ssh-isnt-just-a-service-it-s-a-backdoor-88d579f4b798?source=rss------bug_bounty-5
November 10, 2025 at 7:07 PM
SSH Isn’t Just a Service — It’s a Backdoor
https://medium.com/@samuelayomip2009/ssh-isnt-just-a-service-it-s-a-backdoor-88d579f4b798?source=rss------bug_bounty-5
https://medium.com/@samuelayomip2009/ssh-isnt-just-a-service-it-s-a-backdoor-88d579f4b798?source=rss------bug_bounty-5
How I Unlocked Enterprise Features with One Parameter — and Earned $947
https://medium.com/@ferdusalam0/how-i-unlocked-enterprise-features-with-one-parameter-and-earned-947-7a0fef6b2ad0?source=rss------bug_bounty-5
https://medium.com/@ferdusalam0/how-i-unlocked-enterprise-features-with-one-parameter-and-earned-947-7a0fef6b2ad0?source=rss------bug_bounty-5
November 10, 2025 at 6:13 PM
How I Unlocked Enterprise Features with One Parameter — and Earned $947
https://medium.com/@ferdusalam0/how-i-unlocked-enterprise-features-with-one-parameter-and-earned-947-7a0fef6b2ad0?source=rss------bug_bounty-5
https://medium.com/@ferdusalam0/how-i-unlocked-enterprise-features-with-one-parameter-and-earned-947-7a0fef6b2ad0?source=rss------bug_bounty-5
Arbitrary Configuration File Inclusion: via External Control of File Name or Path
https://hackerone.com/reports/3418646
https://hackerone.com/reports/3418646
November 10, 2025 at 5:12 PM
Arbitrary Configuration File Inclusion: via External Control of File Name or Path
https://hackerone.com/reports/3418646
https://hackerone.com/reports/3418646
The macOS Microkernel | IPC Message Basics for Injections
https://medium.com/@RandomFlawsFinder/the-macos-microkernel-ipc-message-basics-for-injections-f358dde99926?source=rss------bug_bounty-5
https://medium.com/@RandomFlawsFinder/the-macos-microkernel-ipc-message-basics-for-injections-f358dde99926?source=rss------bug_bounty-5
November 10, 2025 at 5:09 PM
The macOS Microkernel | IPC Message Basics for Injections
https://medium.com/@RandomFlawsFinder/the-macos-microkernel-ipc-message-basics-for-injections-f358dde99926?source=rss------bug_bounty-5
https://medium.com/@RandomFlawsFinder/the-macos-microkernel-ipc-message-basics-for-injections-f358dde99926?source=rss------bug_bounty-5
SMTP CRLF Injection in curl/libcurl via MAIL FROM/RCPT TO parameters
https://hackerone.com/reports/3418616
https://hackerone.com/reports/3418616
November 10, 2025 at 4:17 PM
SMTP CRLF Injection in curl/libcurl via MAIL FROM/RCPT TO parameters
https://hackerone.com/reports/3418616
https://hackerone.com/reports/3418616
Unsafe use of strcpy in Curl_ldap_err2string (packages/OS400/os400sys.c) stack-buffer-overflow (PoC + ASan)
https://hackerone.com/reports/3418528
https://hackerone.com/reports/3418528
November 10, 2025 at 3:15 PM
Unsafe use of strcpy in Curl_ldap_err2string (packages/OS400/os400sys.c) stack-buffer-overflow (PoC + ASan)
https://hackerone.com/reports/3418528
https://hackerone.com/reports/3418528
When GPTs Call Home: Exploiting SSRF in ChatGPT’s Custom Actions
https://sirleeroyjenkins.medium.com/when-gpts-call-home-exploiting-ssrf-in-chatgpts-custom-actions-5df9df27dbe9?source=rss------bug_bounty-5
https://sirleeroyjenkins.medium.com/when-gpts-call-home-exploiting-ssrf-in-chatgpts-custom-actions-5df9df27dbe9?source=rss------bug_bounty-5
November 10, 2025 at 3:10 PM
When GPTs Call Home: Exploiting SSRF in ChatGPT’s Custom Actions
https://sirleeroyjenkins.medium.com/when-gpts-call-home-exploiting-ssrf-in-chatgpts-custom-actions-5df9df27dbe9?source=rss------bug_bounty-5
https://sirleeroyjenkins.medium.com/when-gpts-call-home-exploiting-ssrf-in-chatgpts-custom-actions-5df9df27dbe9?source=rss------bug_bounty-5