When you look at the researcher counts on the four major bug bounty platforms, you’ll notice they all have hundreds of thousands of users. Impressive, right? But dig a little deeper, and you’ll see...

In this post, I’ll walk you through how to perform a subdomain takeover on an unclaimed azurewebsites.net app. This guide includes screenshots, command-line examples, and a Python-based approach fo...

For just over two years now, it’s been legally permitted to conduct security research on digital assets located in Belgium. This is a huge step forward for the ethical hacking community and an exci...

As security researchers, we often stumble upon vulnerabilities that have the potential to compromise systems and expose sensitive information. One such discovery is the Cross-Site Scripting (XSS) v...

I recently discovered my first vulnerability in a software and had no idea how or where to request a CVE. After some investigation, I realized that since the exploit wasn’t part of a CVE numbering ...