My name is Ahmad Halabi. I am writing this article as a summary about my experience that was gathered during my Bug Bounty Journey that I started 2 years ago.

Before proceeding, I previously wrote an article about How I started in bug bounties and how I achieved some goals. I recommend reading it before reading this article.

Brief Introduction ::

In February 2019 I heard about Bug Bounty Hunting, I was curious to enter this World and put my name in the Hall Of Fame of great companies like Facebook and Google, so I started looking for this…


My name is Ahmad Halabi, I do bug bounty hunting on my free time. I mainly hunt on HackerOne.

In this article I am going to share with you how I was able to access internal database management leading to Remote Code Execution.

Overview ::

While I was hunting on a public program, I found an interesting subdomain remoteservices.target.com, I said to myself that there should be definitely something hidden there.

Recon Approach ::

I love recon and I spend a lot of time doing it than actual hacking.

So browsing the target website https://remoteservices.target.com


My name is Ahmad Halabi, Founder & CTO at Cybit Sec and part time bug bounty hunter on Hackerone.

Today I am going to share one of my cool findings about an information disclosure bug in a private program on HackerOne.

Turning a Low Severity bug into a High one.

Overview ::

I came across a Subdomain as the following https://accounts.redacted.com/redacted/login but I found that there is no Login Form in the page, And there is an error stating No client id found.


My name is Ahmad Halabi, Founder & CTO at Cybit Sec and I am currently a part time bug bounty hunter mostly on Hackerone.

At the beginning of this month, I got an invitation to a private program specialized in Big Data and Integration services. The scope was limited to a website having dashboard.

Going after the Dashboard, I was able to find one valid bug. Then while checking the traffic in Burpsuite, I found that there is an API for this dashboard as the following: https://redacted.com/api.

Time For Some Recon:

First interesting thing to do is Discovering API…


I want to share with you a new methodology about finding rate limit vulnerabilities and even bypassing rate limit protections.

For those who don’t know me, my name is Ahmad Halabi and I am a part time bug bounty hunter.

Overview ::

A lot of programs and companies implement Rate Limiting protections on sensitive endpoints that requires authentication and important functionalities like Login and creating posts as an example. Protections can vary a lot, and since there are multiple types and ways how protections are implemented, there are also methods to bypass some of these protections.

Today I am…

My Bug Bounty Journey & Ranking 1st in U.S. DoD & Achieving top 100 hackers in 1 year


My name is Ahmad Halabi. A lot of people are asking me how I reached top 100 hackers scoring over 8k reputation on hackerone in a very short time (1 year and 4 months) and how I reached 1st rank in U.S. DoD. I am also receiving lots of questions about how to start in bug bounty hunting, what is my methodology that I use, and so many other related questions. …

Ahmad Halabi

Cyber Security Specialist | Hacker | Founder & CTO at Cybit Sec

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store