It’s been months since I have released ppmap and it didn’t take much for the tool to be popular because of how crazy and trending Prototype Pollution vulnerability actually is.

On this article I’m not going to introduce you what Prototype Pollution is, since there are a lot of articles/videos…

Even though HTTP Request Smuggling is documented back on 2005, it is still one of the least known Webapp vulnerabilities out there.

After a little break I decided to hunt a private company (which is not eligible for Bug Bounty, but still accepting reports) and what I found might be…

Gaining a foothold in an internal network can be challenging, as AV and Defender make this a little tougher. Modern Windows versions have put in place some mitigation that prevents the shellcode to run properly. …


Recently, I performed a Cross Site Scripting vulnerability, however a normal XSS payload wasn’t being triggered because CSP was blocking external Javascript code (XSS) being executed. …

During penetration testing, I faced with a website which on this article I will name it as

While browsing the website, I didn’t see any single Parameter, even though the website was built with PHP. I quit browsing and started to Google Dorking.

Google Dorking to look for endpoints

Using a simple dork inurl:

Hello researchers and bug hunters! Recently I found an interesting attack vector which I would like to share with you. Without losing time, let’s jump into it.

Finding LFI vulnerability

Let’s browse through the website to see if we can find any interesting endpoint. Clicking to Contact Us leads to an interesting endpoint:

During Bug Hunting, everyone aims for triggering the “1” alert. However, if you want to escalate your impact of XSS, now you can do this easily by using XSScope.

What is XSScope?

What is XSScope? XSScope is an advanced XSS payload generator platform for Client-Side attacks and also with an aim of increaing…

This is an extremely helpful and practical Cheatsheet for Bug Hunters, which helps you find CORS missconfiguration in every possible method. Simply replace with the URL you want to target. This will help you scan for CORS vulnerability without the need of an external tool. …

Recently I was hunting for some XSS and I come up to a website (lets call it for privacy reason) where it had an admin login form on /admin directory.

Admin Panel on

Instinctively I tried entering random credentials to see what kind of response I will get.

Hello researchers, hope you are doing great during these tough times. However recently I was doing some research on JWT (JSON Web Token), for CTF-Purpose, however I couldn’t get what I wanted, so here is my article dedicated to Red Team/Pentesters.

Brief explanation for JWT (JSON Web Token)

Wikipedia explains this part very well

JSON Web Token


Red Team Operator | Bug Hunter

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store