Archives

Bug bounty isn’t fast money or a game of luck — it’s a long-term craft built on discipline, creativity, and pattern recognition. Here’s what mindset separates successful hunters from frustrated ones.

In this post, we’ll break down why busywork generators are low-leverage security solutions, how they create noise instead of fixing root causes, and how to move toward high-leverage mechanisms like platform guardrails and secure-by-default designs.

Learn how to reduce alert fatigue and prioritize high-fidelity detections using Wiz's Zero Noise Approach. Tailor alerts, implement feedback loops, and ensure outcome-based triaging for real-world SOC efficiency.

In this lab, we will be solving an lab with an attack vector through a s3 bucket versioning feature and through that we can able to exfil the secrets and elevating further more

Exploiting weakness in Amazon RDS and elevating further to get the flag

In this lab, we will be solving an lab on understanding what ebs snapshots are and there misconfigurations....

Exploiting weakness in Amazon RDS and elevating further to get the flag

Understanding the shared responsibility model first and then how the cloud pentest works?

Getting to know about how we can able to fecth a AWS account ID from a publicly available s3 bucket

Review of BSCP in a way possible to document

A detailed dive into client certificate authentication, its role in the TLS handshake, and how it adds an extra layer of security in sensitive communications.

Walkthrough of exploring AWS securityhub and a simulation activity to identify an issue that lead to some interesting findings

In this lab, we will see how the leaked credentials through dockerhub can be leveraged atmost and more further

Put in my notes as a blog for IAM in minimalist way

Understanding the differences between the IAM roles and IAM uders

An Individual research on bugbounty programs that I took an unique approach on choosing porn industry based programs which paid me pretty much..

Notes that I took while preparing for BSCP exam on prototype pollution lab

This is a challenge from pwnedlabs where I've been provided with the cloudtrial logs and from there I've to do log analysis and trying to reproduce the attack from the attacker perspective

Lab from pwnedlabs where we have provided with a webserver and we are gonna look into how we can leverage it to SSRF

Getting to know about cloudtrial in a such a way to understad easily

Some DNS notes which I had in my archive

IAM Challenge from Wiz where we will be given an IAM rules and need to identify misconfiguration and exploit it to get a flag

My First Bug in my bugbounty journey where I took an approach of guy who solves the CTF... Unfortunately it worked and I found some sensitive files which lead to a bounty

Walkthrough of Protostar from exploit exercises