Depremzede Dolandırıcılarına Dikkat!Kendini depremzede olarak tanıtıp insanların duygularını sömürerek dolandırmaya çalışan sosyal medya dolandırıcılarına karşı en dikkatli…Feb 28, 2023Feb 28, 2023
BigQuery SQL Injection Cheat SheetLast year, we (My researcher partner on this topic, Anil and me) and found a SQL injection vulnerability on a target at Synack which was…Feb 14, 2022Feb 14, 2022
How to Start Bug Bounties 101 & How to Make a Million in 4 YearsI got lots of questions and requests especially from new beginners to the area, so wanted to prepare a blog post regarding how to start at…Oct 27, 20218Oct 27, 20218
Turning Blind Error Based SQL Injection Into An Exploitable Boolean OneWhile I was recently hunting on a promising host target, from my well configured (only checking SQLi) active scan results, I found out a…Nov 20, 2020Nov 20, 2020
Google Maps API (Not the key) Bugs That I Found Over the YearsAfter publishing my blog post Unauthorized Google Maps API Key Usage Cases, and Why You Need to Care and scanner script for it, I got…Apr 19, 20203Apr 19, 20203
Using Vulnerability Analytics Feature Like a BossFor the %90 of my working time, I am hunting bugs on the Synack for 2 reasons:Mar 15, 20201Mar 15, 20201
Write-up: AWS Document Signing Security Control BypassWhile I prefer more to write/talk about far-going topics instead of just one vulnerability write-up, I decided to make an exception for…Feb 26, 2020Feb 26, 2020
Published inDataSeriesWeird Vulnerabilities Happening on Load Balancers, Shallow Copies and CachesWhen looking for security vulnerabilities on a web application - either for bug hunting or a penetration test project -, I always check 2…Feb 11, 2020Feb 11, 2020
Simple Remote Code Execution Vulnerability Examples for BeginnersEspecially when I talk with newbie security researchers/bug bounty hunters, they always make me feel as not thinking theirselves capable…Feb 5, 20201Feb 5, 20201
A Less Known Attack Vector, Second Order IDOR AttacksMost of you probably familiar within the vulnerability types “IDOR (Insecure Object Direct Reference)” and second order vulnerabilities…Jan 22, 20204Jan 22, 20204