Hey everyone! I’m back with another cool write-up about a bug bounty report I submitted to a private program on HackerOne. Guess what? I got a $5,000 reward and they took care of it in just 30 minutes! I won’t go into the nitty-gritty of dependency confusion since there are…

Hello Hunters, This is a quick write-up on how my blind XSS payload executed within an internal support portal via an SMS support chat. This company (example.com) had a support site allowing users to submit a support ticket. You can create a support ticket in three ways: Email Support Phone…

As the world becomes increasingly reliant on technology and the internet, the need for skilled application security engineers to protect our online systems and data grows. But can chatbots and large language models, such as ChatGPT and OpenAI, replace the need for human application security engineers? On the one hand…

As an application security engineer, your job is to ensure the security of your company’s software and systems. But in order to do that effectively, you need to work closely with your team of developers. …

An Ethical Hacker’s Perspective — Introduction Hi, my name is Chevon Phillip. I am a Security Researcher and Penetration Tester. In this article, I will explain what are sub-domain takeovers, how hackers can exploits these vulnerabilities by finding potential targets, and how companies should secure their assets from these types of vulnerabilities. What are Sub-Domains? For those of you…