SSRF vulnerabilities and where to find them
It’s no secret that cloud architectures have several characteristics that make SSRF attacks challenging to defend against. While SSRFs are not a new threat vector, …
hakluke
How To Hack Web Applications in 2022: Part 2
TL/DR: Web applications have both authentication and authorization as key concepts and if bypassed by an attacker, it can compromise sensitive data. With threats such …
How To Hack Web Applications in 2022: Part 1
TL/DR: Web applications can be exploited to gain unauthorized access to sensitive data and web servers. Threats include SQL Injection, Code Injection, XSS, Defacement, and …
New tool release: Discovering the origin host to bypass web application firewalls
TL/DR: Crowdsource hacker Luke “hakluke” Stephens documents a tool for discovering the origin host behind a reverse proxy which is useful for bypassing WAFs and other …
Hakluke: Creating the perfect bug bounty automation
I think I have a problem. I’m addicted to building bug bounty automation. I’ve built a full bug bounty automation framework from the ground up …
10 Types of Web Vulnerabilities that are Often Missed
Crowdsource hackers Hakluke and Farah Hawa share the top web vulnerabilities that are often missed during security testing. When hunting for bugs, especially on competitive bug bounty …
Hakluke’s huge list of resources for beginner hackers
When you first start learning something, it can be difficult to discover high-quality resources to help you on your journey. This article is going to …
How to Hack APIs in 2021
Detectify Crowdsource is not your average bug bounty platform. It’s an invite-only community of the best ethical hackers who are passionate about securing modern technologies …