Brute Forcing Web Application Passwords
ToxSec | A guide to password brute forcing on the web.
Nov 16, 202513 min read
Command Palette
Search for a command to run...
#bug-bounty
Articles tagged with #bug-bounty
OSCP Proving Grounds – Levram Walkthrough
ToxSec | Web Exploitation & Linux Privilege Escalation Practice 0x00 OSCP Proving Grounds - Levram Levram is lean and surgical. No filler, no rabbit holes. You go from lazy creds on a forgotten web panel, to an authenticated RCE, and finish with a s...
Nov 16, 20255 min readFile Upload Vulnerabilities for Bug Bounty
ToxSec | A discussion on file upload vulnerabilities.
Nov 16, 20255 min read1Privacy as a Bounty Vector: GDPR for Higher-Severity Reports
TL;DR: The bug bounty game is expanding. Massive payouts are now coming from privacy flaws due to huge GDPR/CCPA fines. This guide shows you how to find common data exposure bugs, report them based on legal and business risk, and cash in on the new f...
Nov 6, 20257 min readGet Paid: Your First Bug Bounty
ToxSec | Cashing in on your first bug bounty program.
Nov 6, 20255 min read2IAM: A Bug Hunter's Field Manual
ToxSec | Identity and Access Management (IAM) is the brain of any modern application. These are the vulnerabilities that get you paid, and get you not
Nov 6, 20259 min read1