Hello folks, I am Krishna Agarwal (Kr1shna 4garwal) from India 🇮🇳. An ordinary bug hunter and So called security researcher :) Today is my Birthday, So I planned to celebrate it in different way so that’s why I’m writing about some common vulnerabilities and misconfiguration that I have found in my bug bounty journey in this writeup :) I hope you’ll learn something new from this series. I have divided this writeup in two parts. the first one is Water and second is Fire. …

Welcome to the 2nd Episode of Cool Recon Techniques. We are back with some more cool recon techniques which we think hackers out there usually miss out on! If you haven’t read the first Episode here’s the link! So here we go!! Technique 9: Effective Google Dorking All of us…

بِسْمِ اللَّـهِ الرَّحْمَـٰنِ الرَّحِيمِ Hello, This article is targeting anyone who is a bug bounty hunter and penetration tester. The content of this article is not new, it is indeed available on the internet, but the way of delivering it is different. Who Am I ? My name is Ahmad…

If you’re new to using software for pentesting, here are some tools you need to know about. The very best pentesting tools can be found in Pwnbox and Parrot OS. Pwnbox runs on Hack The Box’s infrastructure. You can also install Linux-based Parrot OS directly onto your PC. As you…

Note: This article is strictly for educational purpose only. If you have not read my previous article on BITB attack, here is the link. What is Browser In The Browser (BITB) Attack? Social-Engineering has played a key role in digging out information, especially credentials for attackers. With more…thetorjancaptain.medium.com Google Dorking Google search based hacking, sometimes referred as Google Dorking, is an information gathering technique. …

Hey Readers, 👋, Hope you are doing great, This is my 8th writeup and I will show step by step how I was able to bypass bank verification and fully verified my account from the attacker's side without any involvement of the support/review team, I found this on one of…

Follow this article if you wanna take eJPT exam. Course: eJPT(eLearnSecurity Junior Penetration Tester) Exam Description: The eLearnSecurity Junior Penetration Tester (eJPT) is a 100% practical certification on penetration testing and information security essentials. By passing the exam, a cyber security professional proves to employers they are ready for a…

GOOGLE HUNT TOOL — OSINT — Open Source Intelligence is gathering information that is publicly accessible. …

This assumes that you already have BurpSuite set up as the proxy for your browser! What is CSRF? CSRF stands for cross-site request forgery. It is listed as one of the OWASP top 10 web application security vulnerabilities! CSRF attacks get the user’s browser to perform an unwanted or unintended action on a…

File extension spoofing is a handy trick when creating trojans. In this blog, I will be spoofing the ‘.exe’ extension to the ‘.jpg’ extension. But this method can be extended to spoof any extension type. I have a file named trojan.exe whose name I will change to sports_complexe.jpg by the…