Simple Python Fully Undetectable (FUD) Reverse Shell Backdoor

  During Internal penetration testing, sometimes you get an environment, where Antiviruses are up to date , which means that, you cannot use “fancy” shells to get a reverse shell as they get detected. Metasploit is obviously not an option here, as most (if not all) metasploit exploits and tools are flagged by Antiviruses as […]

Simple Python Fully Undetectable (FUD) Reverse Shell Backdoor

Cyber Security Myths Busted for National Cyber Security Awareness Month

Cyber Security Myths Busted for National Cyber Security Awareness Month

singleHop contacted me to write a post about  Cyber Security Myths Busted for National Cyber Security Awareness Month, as this month october is National Cyber Security Awareness Month by HomeLand Security. National Cyber Security Awareness Month is designed to engage and educate public and private sector partners through events and initiatives with the goal of raising awareness […]


Setup SSL on WordPress Behind Cloudflare Reverse Proxy 3

Setup SSL on WordPress Behind Cloudflare Reverse Proxy I usually don’t write “how to” stuff , but I struggled myself to get this working, so I thought yeah, lets write about Setup SSL on WordPress Behind Cloudflare Reverse Proxy, this might help some poor fella who is googling all day to get this right:P.  So […]

How to Setup HTTPS on wordpress behind Cloudflare Proxy

Flood.io AntiCSRF Token Bypass Vulnerability Writeup

Flood.io AntiCSRF Token Bypass Vulnerability Heyy00, sup homies, hows ya doin? xD.Flood.io AntiCSRF Token Bypass Vulnerability is related to a post a wrote couple of weeks back about CSRF Token Protection Bypass Methods. One of the vulnerabilities in AntiCSRF token mechanisms that I wrote was Token redundancy. Well, I don’t know if their is a name […]


Second Order SQL Injection Explained with Example

Second Order SQL Injection Explained with Example   Introduction Second Order Sql injection occurs when user submitted values contain SQL injection attacks that are stored  in the database, instead of getting executed immediately. Which means that when user data is stored in database and later used by some other functionality of the application it doesn’t […]

Second Order SQL Injection

List of Bug Bounties

List of Bug Bounties

List of Bug Bounties List of Bug Bounties ,  help yourself bug hunters , enjoy the feast     Hall Of Fame Only 123contactform 99designs Abacus 37signals Acquia ActiveCampaign Activeprospect Adobe Adapcare Aerofs Aerochive Agora Androidfreeapp.net Apple Atlassian Base CRM Beanstalk Bitcasa BitWall BlackBerry BrainTree Card Chargify Clojars CloudApp Constant Contact Di Martino Entertainment DigitalOcean […]


CSRF Token Protection Bypass Methods

CSRF Token Protection Bypass Methods Heya, as  web and websecurity is getting intense day by day , use of CSRF tokens are becoming a part of web security. Some time ago, use of CSRF token was enough for CSRF protection.Although, CSRF token protection can be bypassed using several  techniques. So This post briefly touches the CSRF […]

CSRF Token Protection Bypass Methods Edit

Polarssl Bug Bounty Write up

Polarssl Vulnerability Bug Bounty Write up

Polarssl Vulnerability Bug Bounty Write up Polarssl Vulnerability Bug Bounty Write up, So after like 6 months, I decided to get back in Bug Bounty game. I was kind of away from Pentesting / Bug hunting, because I was loosing interest. Anyway, now I am gonna hunt ;). So I googled list of bug bounties […]


Facebook HTML Injection Vulnerability Bug Bounty

Facebook HTML Injection Vulnerability Bug Bounty Hello everyone, Last year, i started getting into Bug Bounty game, My first target was facebook. Getting Facebook Hall of Fame was my wish, So i started pentesting  and after a week, found the vulnerability as the title says “Facebook HTML Injection Vulnerability Bug Bounty”. It was an HTML […]

Facebook HTML Injection Vulnerability Bug Bounty

Hacking Beginner's Frequently Asked Questions

Hacking Beginner’s Frequently Asked Questions

Hacking Beginner’s Frequently Asked Questions This post is for all beginners who wants to become a “hacker” / Penetration Tester. As the title says, Hacking Beginner’s Frequently Asked Questions. In my own experiences, these questions are frequently asked by beginners. This post will help them in answering their basic questions and clearing out their confusions.  […]