Sign in Subscribe
rashahacks
Writeups For Hackers By Hackers

Featured articles

jsmon-cli - Enhanced Security Tooling for JavaScript (jsmon.sh)

jsmon-cli - Enhanced Security Tooling for JavaScript (jsmon.sh)

How I Got Multiple Privilege Escalations - The Easy Trick?

How I Got Multiple Privilege Escalations - The Easy Trick?

Soft Deletion of Resources - [Privacy Violation]

Soft Deletion of Resources - [Privacy Violation]

Binary Exploitation: 64-bit Buffer Overflow Attack

Binary Exploitation: 64-bit Buffer Overflow Attack

API Excessive Data Exposure: Why Devs? Why?

API Excessive Data Exposure: Why Devs? Why?

Bypassing Okta SSO=> HTTPS/HTTP

Bypassing Okta SSO=> HTTPS/HTTP

Pwning Admin Panel To Change Movie Ticket Prices at Disney

Pwning Admin Panel To Change Movie Ticket Prices at Disney

Slides: GraphQL Hacking

Slides: GraphQL Hacking

Changing Others Profile Pic with IDOR

Changing Others Profile Pic with IDOR

[1->2->3] or [2->3]: Bypassing Authentication Barriers

[1->2->3] or [2->3]: Bypassing Authentication Barriers

Why Shift to Manual Hacking?

Why Shift to Manual Hacking?

Writeup: Delete Replies on LinkedIn Learning

Writeup: Delete Replies on LinkedIn Learning

Guide to Parameter Enumeration

Guide to Parameter Enumeration

ffuf - Fuzz The Web

ffuf - Fuzz The Web

Puredns - Bruteforce Domains

Puredns - Bruteforce Domains

How do I approach exploiting access control bugs?

How do I approach exploiting access control bugs?

Exposing Users Table From a Leaky GraphQL Query

Exposing Users Table From a Leaky GraphQL Query

Hacking GraphQL API Using Suggestions

Hacking GraphQL API Using Suggestions

Phases of Hacking

Phases of Hacking

Guide to Permutations Subdomain Enumeration

Guide to Permutations Subdomain Enumeration

Setting up Vulnerable REST API Penetration Testing Lab

Setting up Vulnerable REST API Penetration Testing Lab

How do I enumerate more root domain names than others?

How do I enumerate more root domain names than others?

Securing Smart Contracts: The extcodesize Pitfall

Securing Smart Contracts: The extcodesize Pitfall

Cheatsheet - 15 Methods to Bypass 2FA Mechanism

Cheatsheet - 15 Methods to Bypass 2FA Mechanism

How I fuzz and hack APIs?

How I fuzz and hack APIs?

How I Pwned 10 Admin Panels and got rewarded 8000$+?

How I Pwned 10 Admin Panels and got rewarded 8000$+?

Guide to Password Cracking

Guide to Password Cracking

Exploiting GraphQL Aliases

Exploiting GraphQL Aliases

Reverse Whois - Increase Attack Surface Area

Reverse Whois - Increase Attack Surface Area

My Favourite 10 Shodan Dorks

My Favourite 10 Shodan Dorks

OpenAdmin(Linux-based) Machine Walkthrough HTB

Password Vulnerabilities: How to Prevent Them from Happening?

Password Vulnerabilities: How to Prevent Them from Happening?

Privacy Violation In Chat System

Privacy Violation In Chat System

Change Any User Profile Details On Disney

Change Any User Profile Details On Disney

Ethical Hacking Roadmap and Resources

Ethical Hacking Roadmap and Resources

Aug
28

jsmon-cli - Enhanced Security Tooling for JavaScript (jsmon.sh)

4 min read
Feb
13

How I Got Multiple Privilege Escalations - The Easy Trick?

2 min read
Nov
24

Discovering private chats between users and the support team

5 min read
Oct
13

Android Hacking: The libwebp Vulnerability (zero-day/zero-click)

4 min read
Oct
13

Soft Deletion of Resources - [Privacy Violation]

3 min read
Sep
23

Binary Exploitation: 64-bit Buffer Overflow Attack

8 min read
Aug
25

API Excessive Data Exposure: Why Devs? Why?

1 min read
Aug
10

5500$ Bug Story - Ezzy 2FA Bypass

1 min read
Jun
30

Default OTP: Account Takeover

1 min read
Jun
24

Unmasking Scammers

4 min read
Jun
20

Bypassing Okta SSO=> HTTPS/HTTP

1 min read
Jun
14

Pwning Admin Panel To Change Movie Ticket Prices at Disney

1 min read
May
31

The Impact of XSS on SEO and Website Reputation: Strategies for Recovery and Prevention

3 min read
May
28

Slides: GraphQL Hacking

3 min read
May
27

Changing Others Profile Pic with IDOR

2 min read
May
23

[1->2->3] or [2->3]: Bypassing Authentication Barriers

3 min read
Apr
25

Tools for reconnaissance and footprinting

4 min read
Apr
17

Why Shift to Manual Hacking?

4 min read
Apr
12

Writeup: Delete Replies on LinkedIn Learning

2 min read
Apr
04

Guide to Parameter Enumeration

5 min read