Skip to content

TechKranti

CyberSecurity Revolution

Category: Bounty Hunting

This is the place where I share stories from my bounty hunting adventures.

Why are there so many OPTIONS requests in my Proxy History: All about pre-flight requests

December 30, 2024 Amey Anekar Bounty Hunting, Cyber Security Gyaan

Understanding the WHY behind technological concepts is extremely important to understanding the concept at a fundamental level. Numerous concepts in the Web Security field often get ignored because of their apparent complexities. One such concept

Continue reading
Burp

BurpSuite Setup For An Optimal Hacking Experience

August 29, 2023 Amey Anekar Bounty Hunting

This article will provide you tips to configure your Burp for an optimal hacking experience. De-clutter your Burp to de-clutter your mind. Noisy Proxy traffic is a deterrent to an optimal hacking experience. Cut the crap and follow 4 simple steps towards peace of mind.

Continue reading

Delete IDOR on a Fashion eCommerce Website

August 26, 2020 Amey Anekar Bounty Hunting

This is a story of an IDOR I reported on an Asian fashion eCommerce website’s private program. Like most eCommerce websites, this website provided a feature to store addresses in the customer’s account …

Continue reading
Structure Of a Mongo Object ID

IDOR through MongoDB Object IDs Prediction

August 25, 2020 Amey Anekar Bounty Hunting

Historically, system developers have been assigning auto-incrementing integer identifiers to database rows. This made it trivial to exploit IDORs. Just one vulnerability could allow exfiltration of all objects belonging to any user in the application. Same goes for delete or edit IDORs.

Continue reading

How I Reported a DoS Vulnerability to AWS

March 11, 2020 Amey Anekar Bounty Hunting

BadBotHoneypotEndpoint is used by AWS customers who do not want bots, unauthorised spiders and scrapers to scan their site. It works by blacklisting IP addresses of such bots. I discovered a vulnerability with this endpoint that could allow an attacker to blacklist random IPs.

Continue reading

How I discovered an SSRF leading to AWS Metadata Leakage

February 10, 2020 Amey Anekar Bounty Hunting

This is the story of a juvenile SSRF bug who did know it had the potential to look at AWS secrets. 😮

Continue reading

About Me

Hey There, I am Amey Anekar - Cyber Security Specialist with a passion for solving security problems even when resources are limited. I've been fortunate to develop a knack for gauging an organization's cyber security posture and helping them plan a transition towards becoming more resilient in the face of cyber threats. It's a privilege to be able to contribute to the field and assist organizations in safeguarding their digital assets. Get In Touch    

Search TechKranti

Top Posts & Pages

  • What is "Content-Type: application/x-protobuf": Protobuf Explained For Hackers
  • IDOR through MongoDB Object IDs Prediction
  • How I discovered an SSRF leading to AWS Metadata Leakage

Categories

  • Bounty Hunting
  • Chrome Extension Development
  • Cyber Security Gyaan
  • Cyber Security News & Updates
  • Malware Reports & Analysis
  • Programming
  • Secure Coding
  • Tips & Tricks

Follow Us

  • Facebook
  • Twitter
WordPress Theme: Mercia by ThemeZee.