Security Research


Proof of Concepts As someone wise once said, "POC or GTFO". Share your favorite security write-ups and POC's with the community. Share your POCs, share others'. Discuss them here. Tools Discussion Chat about tools that are new to you or new to the world. Discuss what works, what doesn't, how things could improve, etc. Tool Talk. Tool Time.
Researcher Resources - How to become a Bug Bounty Hunter ( 2 ) [Security Research] (29)

Congratulations! It’s very exciting that you’ve decided to become a security researcher and pick up some new skills. We’ve collected several resources below that will help you get started. Read on for our walkthrough. S…

Researcher Resources - Getting Started [Security Research] (12)
Researcher Resources - Tutorials [Security Research] (9)
Researcher Resources - Bounty Bug Write-ups [Security Research] (2)

This is a collection of bug bounty reports that were submitted by security researchers in the infosec community. These write-ups are a great way to learn from fellow hackers. Web Hacking Uber Bug Bounty Turning Self-…

Researcher Resources: Thick Client Focused [Security Research] (3)

A collection of thick client specific resources. A handy list for your reference! Books: * Hacking - the Art of Exploitation (2nd edition) * Hacker Disassembling Uncovered * The Shellcoders Handbook - Discovering And E…

Researcher Resources: Mobile Focused [Security Research] (3)

A collection of Mobile specific resources. You may see these elsewhere, but this is a handy list for your reference! Resources compiled by Bugcrowd's Director of Technical Operations, Jason Haddix: Mobile App Security …

Dirb Issues and further dir hunting [Tools Discussion] (4)
No Automation need some help [Tools Discussion] (3)
Bug hunter build-out? [Tools Discussion] (3)
Bulk IP scanning for ports by masscan [Tools Discussion] (7)
Researcher Resources - Tools ( 2 3 ) [Tools Discussion] (46)
Getting started in mobile app testing [Security Research] (13)
Looking for ways to do some undetecable web crawling [Security Research] (10)
Gmail phishing command and control framework [Tools Discussion] (2)
Open Redirect Vulnerability [Security Research] (7)
Is this considered directory traversal? [Security Research] (3)
Free hacking books [Security Research] (2)
Best way to get into RCE XXE SSRF? [Security Research] (3)
Writing a bug report - Attack Scenario and Impact are key! [Security Research] (4)
How To trigger JS execution on 302 page [Proof of Concepts] (6)
Help Gaining XXE in Spring Boot Mobile Application API [Security Research] (4)
Any Idea to Trigger Execution of JavaScript in rel Tag [Security Research] (3)
Link rel=canonical XSS exploitation [Security Research] (4)
Application Security Engineer [Security Research] (1)
Instrumenting Android Applications with Frida [Tools Discussion] (1)
Is it common for bug bounty hunters to use exploits found in one site, on other sites? [Security Research] (4)
Keeping track of how companies respond to bug reports [Security Research] (14)
? - Help/Input - BwAPP – Medium Security SQLi Practice -? [Security Research] (1)
Symantec Data loss prevention (DLP) Policy Bypass [Security Research] (1)
XSS in Search bar [Security Research] (3)