Top 10 API Bugs — Where To Find Them Ladies and Gentlemen, let’s do some API hacking today. I will discuss some of the top 10 API bugs and where one can find them. Top 10 API Bugs API: API stands for Application Programming Interface. It provides a computer friendly method of interacting with a data source or backend logic. 1. API1: 2019 Broken Object Level Authorization API’s tend to expose endpoints that handle object identifiers, creating wide attack surface level Access Control issue. Object level authorization checks should be considered in every function that accesse ..read more

Bug Bounty — Bypassing Endpoints Bypassing Endpoints Hello there, let’s discuss on how to bypass endpoints. Before moving further, let’s take a quick glance about endpoints. API: An Application Programming Interface (API) allows two systems to communicate with one another. An API essentially provides the language and contract for how two systems interact. Each API has documentation and specifications which determine how information can be transferred. APIs are typically categorized as either SOAP or REST and both are used to access web services. SOAP relies solely on XML to provide messagin ..read more

Bug Bounty Methodology — Bug Hunting Checklist(PART-2) Bug Hunting Checklist — PART 2 Hello people, it’s me again. I apologize for being late about the second part. I had some examinations going on and have been busy for the past 3 days. So, here I am and let’s dive right in… I see, we covered up to Session Management in the previous article, we will be continuing from there. 9. Authorization People would often confuse security controls such as Authentication and Authorization. Authentication is the one which verifies user’s identity, like the apps everyone uses such as “Mi ..read more

Subdomain Enumeration — The Right way (Prerequisites) So, I have seen various articles about subdomain enumeration and decided to make one in detail without confusing everyone with various tools. Without any further ado, let’s jump right in. Prerequisites: What things do we need before performing a great enumeration? API keys of Passive DNS source 100% accurate open public DNS resolvers A VPS (Virtual Private Server) 1. API keys for Passive DNS data ? What is Passive DNS data? Whenever a domain is alive on the internet, to access it, a DNS query needs to be made ..read more

2FA Bypass Techniques Hello lads, it’s me again. Let’s discuss different techniques about bypassing 2FA. 1. 2FA Code Leakage in Response: At 2FA Code Triggering request, such as Send OTP functionality, capture the request. 2. See the response of this request and analyze if the 2FA Code is leaked. 2. JS File Analysis: While triggering the 2FA Code Request, Analyze all the JS Files that are referred in the response to see if any JS file contains information that can help bypass 2FA code. 3. Lack of brute-Force Protection: This involves all sorts of issues which comes under secur ..read more

Hello again, today let’s discuss about accessing ransomware sites using TOR browser. Every now and then, you would be seeing articles and news about new ransomware attacks and if you are active in twitter, many of them will be posting pics about the news feed of what the hackers posted on their particular ransomware sites. But, you will also notice that none of them post “.onion” links, referring to twitter’s security policy about posting dangerous links. But how do you find a particular “.onion” site address? For starters, Install TOR browser. If you don’t know what “TOR” is, it is ..read more

Wanna Cry Ransomware — A Hacker’s Perspective (Part 2) Malware Propagation — SMB Vuln Exploitation WannaCry also tries to propagate to the network by actually exploiting the SMB EternalBlue vulnerability. The exploit used is the DoublePulsar which was initially developed by the NSA and was later leaked by a hacking group called Shadow Brokers. We will now take a look at how the WannaCry leverages the vulnerability to exploit it and propagates to the network like a worm. The WannaCry dropper, if executed without the command line arguments which we saw earlier, that malware was checkin ..read more

Bug Bounty Methodology — Bug Hunting Checklist (PART-1) Hey, it’s me again back with another checklist. I saw various articles and tools specifically designed to exploit one vulnerability. It may be nuclei, ZAP or any other automated tools. But I noticed everyone was using these tools without having any predefined method set when testing for web application vulnerabilities. If you automate everything, this will be the most likely situation. Today, I designed a checklist which will be helpful for bug bounty hunters and security engineers when testing for various functionalities. 1. Recon on Wi ..read more

Bug Bounty Recon — Horizontal Enumeration Hello guys and gals, it’s me again back with another article about horizontal enumeration. While performing a security assessment our main goal is to map out all the domains owned by a single entity. This means knowing all the assets facing the internet of a particular organization. It is a bit trickier to find related domains/acquisitions of a particular organization as this step includes some tedious methods and doesn’t give accurate results always. One has to solely perform manual analysis. From the below image you can get an idea of what a horizont ..read more

Hello guys, it’s me again. I know malware analysis might be boring because of debugging and code analysis especially for the people who are just getting started. So, I decided to change the topics specifically to bug bounty and pentesting. Today, I will be discussing about the methodology one should follow before performing web app pentesting. In every pentesting scenarios there are several hidden and obvious places that might be vulnerable. This post is meant to be a checklist to confirm that you have searched vulnerabilities in all the possible places. Refer to below checklists for web ..read more