Harsh Bothra – Medium

Home

Following

Library

Reading history

Stories

Stats

Harsh Bothra

Featured Book

Hacking : Be a Hacker with Ethics

Hacking : Be a Hacker with Ethics

The book aims to provide a pocket book like learning approach for ethical hacking.

2018

Stories

The Power of Reporting: How to write effective reports

The bulwark of our digital ecosystem, Penetration Testing (pentesting), has the arduous task of staving off numerous cyber threats. An…

Aug 6, 2023

The Power of Reporting: How to write effective reports

Aug 6, 2023

Learn365 Challenge Review & Year 2021 in a Nutshell

Learning is an essential factor irrespective of your domain, level of expertise and experience. It helps one to constantly improve their…

Dec 22, 2021

Dec 22, 2021

Attacking Social Logins: Pre-Authentication Account Takeover

Authentication is one of the most crucial aspects when it comes to the security of an application. However, suppose an attacker can bypass…

Jun 11, 2021

Attacking Social Logins: Pre-Authentication Account Takeover

Jun 11, 2021

How do I get Started in Cyber Security? — My Perspective & Learning Path!

Cyber Security, Ethical Hacking, Application Security, Penetration Testing, Bug Bounties, etc., these career options are blooming and…

Mar 6, 2021

How do I get Started in Cyber Security? — My Perspective & Learning Path!

Mar 6, 2021

Got Cookies? Cookie Based Authentication Vulnerabilities in Wild

Cookies are a widely used way to enable authentication in the majority of applications. Over time, there has been a lot of security…

Mar 2, 2021

Got Cookies? Cookie Based Authentication Vulnerabilities in Wild

Mar 2, 2021

Published in
InfoSec Write-ups

eWPTXv2 Exam Review

Web Application is commonly found part of any organization’s infrastructure and often is exposed publicly and accessible by the world. Due…

Feb 16, 2021

eWPTXv2 Exam Review

Feb 16, 2021

Scope Based Recon: Smart Recon Tactics

Reconnaissance a.k.a. Recon is an essential process, especially when dealing with Black Box Penetration Testing where you have no…

Feb 16, 2021

Scope Based Recon: Smart Recon Tactics

Feb 16, 2021

Bypassing the Protections — MFA Bypass Techniques for the Win

Multi-Factor Authentication (MFA) often known as Two-Factor Authentication (2FA) is an added layer of protection added to an application…

Jan 27, 2021

Bypassing the Protections — MFA Bypass Techniques for the Win

Jan 27, 2021

Published in
InfoSec Write-ups

eCPPTv2 Exam Review

The penetration Testing domain has grown exponentially in the last couple of years and so the competition. Validating and Proving your…

Jan 12, 2021

eCPPTv2 Exam Review

Jan 12, 2021

Published in
InfoSec Write-ups

Evading Filters to perform the Arbitrary URL Redirection Attack

Arbitrary URL Redirection Attack often is popularly known as an Open Redirection attack, which is a common web vulnerability that allows…

Nov 12, 2020

Evading Filters to perform the Arbitrary URL Redirection Attack

Nov 12, 2020

Published in
InfoSec Write-ups

Accidental Observation to Critical IDOR

Insecure Direct Object Reference falls under the category for Broken Access Controls as per OWASP TOP 10 (2017 Edition). This issue…

Oct 24, 2020

Accidental Observation to Critical IDOR

Oct 24, 2020

Published in
InfoSec Write-ups

S3 Bucket Misconfigured Access Controls to Critical Vulnerability

Amazon S3 (Simple Storage Service) is one of the popular and widely used storage services. Many companies are using S3 buckets to store…

Jul 2, 2020

S3 Bucket Misconfigured Access Controls to Critical Vulnerability

Jul 2, 2020

Published in
InfoSec Write-ups

Let’s Bypass CSRF Protection & Password Confirmation to Takeover Victim Accounts :D

Cross-Site Request Forgery (CSRF) is hardly seen with new frameworks but is yet exploitable like old beautiful days. CSRF, a long story…

Jun 12, 2020

Let’s Bypass CSRF Protection & Password Confirmation to Takeover Victim Accounts :D

Jun 12, 2020

Published in
InfoSec Write-ups

XSS to Database Credential Leakage & Database Access — Story of total luck!

Reflected Cross-Site Scripting happens when you provide a malicious javascript code to some input parsing functionality and due to lack of…

Jun 6, 2020

XSS to Database Credential Leakage & Database Access — Story of total luck!

Jun 6, 2020

Published in
InfoSec Write-ups

Found Stored Cross-Site Scripting — What’s Next? — Privilege Escalation like a Boss :D

Cross-site scripting is one of the prominent attacks of all time. It is still being exploited in the wild. Cross-site scripting is always…

May 19, 2020

Found Stored Cross-Site Scripting — What’s Next? — Privilege Escalation like a Boss :D

May 19, 2020

Published in
InfoSec Write-ups

Weak Cryptography in Password Reset to Full Account Takeover

Most of the applications provide the user’s with functionality to “Reset Password” via email. This functionality has always been a part of…

May 15, 2020

Weak Cryptography in Password Reset to Full Account Takeover

May 15, 2020

Published in
InfoSec Write-ups

Weird Story of Captcha to Rate Limit Bypass

When an application is not implementing a mechanism to limit the number of emails and messages triggered in an X amount of time, this…

May 9, 2020

Weird Story of Captcha to Rate Limit Bypass

May 9, 2020

Published in
InfoSec Write-ups

Effective Vulnerability Report Writing — Quick Triages to Bonus $$$ (Always a Win)

Bug Bounty or Vulnerability research always has two sides. One is to discover & exploit security vulnerabilities and another important…

May 2, 2020

Effective Vulnerability Report Writing — Quick Triages to Bonus $$$ (Always a Win)

May 2, 2020

Recon to Sensitive Information Disclosure in Minutes

Previously at this Post, I talked about a critical security vulnerability as a result of Recon. Reconnaissance plays an important role and…

Apr 28, 2020

Recon to Sensitive Information Disclosure in Minutes

Apr 28, 2020

From Recon to P1 (Critical) — An Easy Win

Reconnaissance is an important phase when you do an application assessment, especially to gather in-depth knowledge about your target…

Apr 24, 2020

Apr 24, 2020

Harsh Bothra

Harsh Bothra

Book Author

Security Engineer | Bugcrowd Top 150 & MVP| Synack Red Teamer | Cobalt Core Pentester | Bug Hunter | Author | Speaker | Learner | Poet | Twitter — @harshbothra_

Following

Help
Status
About
Careers
Press
Blog
Privacy
Rules
Terms
Text to speech