From Social Media Complaints to $12,000: Story of Hacking Another Airline Company using OSINT
Hi, I am Ashutosh, a security researcher with 8+ years of professional experience in application security, VAPT, and Purple teaming. I have worked for a Big 4 firm where I conducted security assessments for multiple Fortune 500 clients. In my free time, I hunt for vulnerabilities in some of the largest companies’ systems through bug […]
Evading SMS Security Feature of a Prominent Mobile Antivirus
This article is about a security feature bypass I reported in a mobile antivirus. As I sat at the airport, waiting for someone, I found myself with roughly two hours to kill. I decided to find some vulnerabilities using my phone. So, I started exploring the mobile antivirus of my phone. The company behind the […]
How I (ethically) hacked an Airline
During the weekends, I am usually exploring targets for bug bounty; however, this time I thought of securing Indian cyber space. I had a target in mind. it was Akasa Air. The Airline started its flight operations on the same day, 07th August 2022. I thought of looking into it in July, but I decided […]
How I Received 3 CVEs in Quick Heal Total Security
I was scrolling through Twitter and I thought I should be spending more time on testing thick clients. I decided to find vulnerabilities in an anti virus software as I like to hunt for bugs in cyber security products. I have used QuickHeal during my childhood days also they are doing great research in order […]
Protect Your MongoDB – Story of “The Same Database”
It’s normal now to hear stories about data breaches. Some of them involve publicly exposed Databases, S3 buckets etc. The vulnerability falls into ‘Security Misconfiguration’, A6 – OWASP Top 10 (2017). ” Attackers will often attempt to exploit unpatched flaws or access default accounts, unused pages, unprotected files and directories, etc to gain unauthorized access […]
Crypto-Mining Marketplace NiceHash Fixed a Vulnerability Which Leaked Miners’ Information
Privacy matters to most of us! That applies for crypto world too. Bitcoin transactions don’t directly link to a person, but in case of NiceHash, attackers could find a miner’s BTC wallet address using his Email address. This is a story about How I found a random guy’s recent payments from his cryptocurrency mining activity […]