Hello everyone, This is a short article to pinpoint a recent finding I have discovered in many targets. TBH, it’s an easy one that can be leveraged during recon and info gathering. However, I did not know about it until I found it lately. During the “fuzzing” process I found…

Hello there, This is one of the recent things I learned for API injection. In fact, SQLi is one of the most common API security vulnerabilities. Honestly, I wasn’t giving APIs and attention in testing before. So here I am exploring and sharing this piece of knowledge. 1-Fuzzing You might be…

هذا المقال سيكون باللغة العربية للطلاب والطالبات الذين يبحثون عن مصادر ممتازة لأفكار مشاريع التخرج (العملية/التطبيقية) في مجال علوم الحاسب والأمن السيبراني. من المهم جدًا البحث عن مصادر جيدة لاستلهام فكرة ذات قيمة وفائدة في المجال. …

Hello there! In this write-up, I will go through my recent P3. As you know, some platforms do not accept open redirect vulnerability and consider it out of scope. However, in some cases, you can upgrade the open redirect to XSS or other significant vulnerabilities. Started with waybackurls and greb for the keyword “post_logout_redirect_uri=” since it’s usually used by web apps for redirection.

Hey there! It’s been a while since I published on Medium… In this article, I will introduce you to my steps in finding a “Sensitive Information leak via Log File” in one of the programs I worked on recently. I am not allowed to disclose the program name, so for…

Hello folks In this short article, I will list the top favorite Google dorks I have been using on web penetration testing and they got me some awesome results and juicy endpoints. Introduction Google Dorks are very useful in the recon phase. Not only they are good in recon, but they…

Three months ago, I passed The CompTIA Cybersecurity Analyst (CySA+) certification exam CS0–002. Here, I will answer the most common question regarding the exam for those who are interested in taking it. I will go through the common questions from a specialized/technical perspective rather than the general info (e.g. price…