Honors / Awards
Bugcrowd’s Status – Feb 05th, 2020 Currently rank #65 (from Feb 05th, 2020) at Bugcrowd Bug Bounty Platform with: P1 Warrior (start from 2019): 5th Tier...
June 1, 2015
Tagged: Honors
Search
Recent Posts
- From Recon to Optimizing RCE Results – Simple Story with One of the Biggest ICT Company in the World
- If Allah willed it, will be back soon!
- 5,000 USD XSS Issue at Avast Desktop AntiVirus for Windows (Yes, Desktop!)
- CVE-2019–18624 – Illegal Rendered at Download Feature in Several Apps (including Opera Mini) that Lead to Extension Manipulation (with RTLO)
- Race Condition that could Result to RCE – (A story with an App that temporary stored an uploaded file within 2 seconds before moving it to Amazon S3)
- USB HID – Rubber Duck Payload – Auto Turn Off UAC, Firewall, & Defender at Windows 10 & Connect to Reverse Shell in 10 sec
- Adobe Photoshop CC 2019 v. 20.0.0 (for OS X) Expired Subscription Bypass – Bypass Trial Expired
Categories
- About Me (3)
- Achievements (2)
- Bug Report (19)
- Desktop Apps (4)
- Mobile Apps (3)
- Random Things (8)
- Web Apps (12)
- Write-Up (13)
Latest Tweets
I received a $500 reward from Facebook for DoS I found in Instagram direct messages. Below is a scenario that shows impact on group messages.
#bugbounty #bugbountytip
Good slides: https://docs.google.com/presentation/d/1N9Ygrpg0Z-1GFDhLMiG3jJV6B_yGqBk8tuRWO1ZicV8/edit#slide=id.g82807e23a8_0_8
The last trick (Authy 2FA bypass) is covered in "Idor to Shell" from @PentesterLab
My first bounty + first CVE-2013-6674 was from Mozilla back in 2014-01-29. The vulnerability was Stored XSS and affected Mozilla Thunderbird email client (desktop) version. Affected millions of users at that time.
More details + POC Video:
https://securityaffairs.co/wordpress/21692/hacking/vulnerability-mozilla-thunderbird.html
#BugBounty
Incredible research: $75,000 bounty🤯
"My research uncovered 7 0day vulnerabilities in Safari (CVE-2020-3852, CVE-2020-3864, CVE-2020-3865, CVE-2020-3885, CVE-2020-3887, CVE-2020-9784, & CVE-2020-9787), 3 were used in kill chain to access the camera."
https://www.ryanpickren.com/webcam-hacking-overview