Hackings & Tech Stuff

Just me, tinkering with tech, hacking, and whatever else I find cool

Hacking High-Profile Bug Bounty Targets: Deep Dive into a Client-Side Chain

I’ve always wanted to hack on one of those targets that top hackers were going after—not just because they pay well, but because they usually have fair triaging and amazing scopes. But how? Finding bugs on private targets is already challenging enough—now imagine a target that has the best eyes on it 24/7, constantly searching for new gadgets and vulnerabilities. The target had already been through multiple LHEs (Live Hacking Events), which made it even more intimidated....

February 26, 2025 · 12 min

Automating Client-Side Path Traversals Discovery

A few months ago, I returned to the bug bounty world and stumbled upon a gadget that caught my attention: Client-Side Path Traversals (CSPT). I might have been out of the loop because, despite its age (2007), I wasn’t familiar with it. In fact, I rarely focused on client-side bugs in the past, but shifting my attention to them has recently brought me some great bounties. After a conversation with Keith, he encouraged me to start sharing what I’ve been working on....

October 3, 2024 · 8 min