Zonduhackerone

Apr 20

What VPS to choose?

There are tons of cloud providers that offer different types of servers with a lot of different options. I will talk about the ones I tried/tested and compare them here so people can choose which one suits them better. AWS ec2 Instances AWS ec2 instances provide a lot of different options but I…

Hacking

4 min read

Feb 27, 2021

SSRF to fetch AWS credentials with full access to multiple services

This is a post about how I found a simple yet really critical vulnerability in a bug bounty program. It was the most critical bug I have ever found. All started after I found a path in a subdomain that was almost a blank page with no functionality at all. …

Hackerone

4 min read

SSRF to fetch AWS credentials with full access to various services

Jun 22, 2020

Bug Bounty — Beginner’s guide

There are lots of guides on how to start into Bug Bounty Hunting but I will share my personal experience of getting into bug bounty hunting without previous knowledge of coding or web development and will also share some useful resources as well as answering some common questions. How I…

Bug Bounty

6 min read

May 29, 2020

IDOR in session cookie leading to Mass Account Takeover

If you are familiar with what IDOR is, you will know that it can be anywhere from url, request body, GET or POST requests and yes, in cookies too.. After spending quite a lot of time in a private program i was invited, i started to learn how everything works…

Hacking

3 min read

IDOR in session cookie leading to Mass Account Takeover