3 days agoSubdomain Takeover at Khan academyHey there, fellow earthlings! Brace yourselves for the grand entrance of Varshini Ramesh(https://www.linkedin.com/in/varshini~ramesh/)Prepare to be dazzled by my irresistible charm and undeniable wit as I present to you yet another captivating topic. Buckle up, folks, ’cause this ride is about to get funnier than a clown on roller skates! Well…Subdomain Takeover4 min readSubdomain Takeover4 min read
May 23Epic Bug Hunting FailuresHey People, I am Varshini Ramesh trying to be a Security analyst from years!). So When I started bug hunting it was so funny I made blunders like: I joined a course which said clickjacking( an attack that fools users into thinking they are clicking on one thing when they…Bug Bounty4 min readBug Bounty4 min read
May 17Downplaying CybersecurityHey there, fellow tech enthusiasts and cyber-doubters! It’s time to have a little chat about something we’ve been taking a bit too lightly — cybersecurity. …Cybersecurity4 min readCybersecurity4 min read
May 11Broken Link Hijacking In FreshworksHello! I hope everyone is doing splendidly, Hey there! I know lots of people are already familiar with how to hunt this vulnerability, but for those who are curious, I wanted to share my experience. I found out about it while browsing the website of a company that provides chatbot services…Bug Bounty4 min readBug Bounty4 min read
Feb 22Exposure of Grafana and Prometheus metrics (/debug/pprof)I always have had an interest in recon. Recon is the primary and essential step in pen testing. So please do give more importance to Reconnaissance. What is Reconnaissance? Reconnaissance consists of techniques that involve adversaries actively or passively gathering information that can be used to support targeting. Such information may include details…Security2 min readSecurity2 min read
