Welcome! The goal of this blog is to help people get into web application security by sharing my experience with hunting in production environments. Many researchers get their start in a learning environment such as PortSwigger’s platform or TryHackMe, but it can be a shock moving from these learning platforms to live networks.

Prod is a strange place and I aim to give you a few tools that might make the journey a bit easier.

Articles

 

Mapping Terrain With In-Depth Recon

Mapping Terrain With In-Depth Recon Introduction This guide is about assessing an organization’s attack surface through the lens of application security. When I refer to attack surface, I mean the totality of endpoints that an organization has exposed to the public and are thus are able to be attacked. Most...

Read More

RCE Via Backend Parameter Injection

Background After performing my recon on a private bug bounty program, I came across a pretty standard web form that accepted numerical values, performed some unknown calculations, and then emailed the results back to the user. It looked something like this example web form from ResearchGate: This behavior piqued my...

Read More