Day 1 = CORS bug on google's 404 page (rewarded)
Day 2 = Google Bug bounty Clickjacking on Google payment
Day 3 = From P5 to P2 to 100 BXSS
Day 4 = How a simple CSRF attack turned into a P1
Day 5 = Disclose Private Dashboard Chart's name and data in Facebook Analytics
Day 6 = How I bought my way to subdomain takeover on tokopedia
Day 7 = Touch ID authentication Bypass on evernote and dropbox iOS apps
Day 1 = RFI LFI Writeup
Day 2 = 2FA Bypass via logical rate limiting Bypass
Day 3 = Long String DOS
Day 4 = Exploiting a Race condition vulnerabililty
Day 5 = Exploiting an SSRF trials and tribulations
Day 6 = Tricky oracle SQLI situation
Day 7 = Microsoft RCE bugbounty
Day 1 = CORS misconfiguration leading to private information disclosure
Day 2 = Google APIs Clickjacking worth 1337$
Day 3 = Google Acquisition XSS (Apigee)
Day 4 = How I exploited the json csrf with method override technique
Day 5 = Disclosing privately shared gaming clips of any user
Day 6 = Subdomain Takeover via pantheon
Day 7 = Oauth authentication bypass on airbnb acquistion using wierd 1 char open redirect
Day 1 = My first LFI
Day 2 = Bypass 2FA in a website
Day 3 = AIRDOS
Day 4 = Race condition that could result to RCE a story with an app
Day 5 = SSRF on PDF generator
Day 6 = Exploiting โGoogle BigQueryโ SQLI
Day 7 = OTP bruteforce account takeover
Last updated 1 year ago
