Hello, My name is Ahmad Halabi. I used to do bug bounty hunting a lot in the previous months. In this writeup I will discuss a Security Misconfiguration that leads to Business Logic Error and caused Account Takeover. Overview :: In April I was invited to a new private program…

Hello, My name is Ahmad Halabi. I am writing this article as a summary about my experience that was gathered during my Bug Bounty Journey that I started 2 years ago. Before proceeding, I previously wrote an article about How I started in bug bounties and how I achieved some…

Hello, My name is Ahmad Halabi, I do bug bounty hunting on my free time. I mainly hunt on HackerOne. In this article I am going to share with you how I was able to access internal database management leading to Remote Code Execution. Overview :: While I was hunting…

Hello, My name is Ahmad Halabi, Founder & CTO at Cybit Sec and part time bug bounty hunter on Hackerone. Today I am going to share one of my cool findings about an information disclosure bug in a private program on HackerOne. Turning a Low Severity bug into a High…

Hello, My name is Ahmad Halabi, Founder & CTO at Cybit Sec and I am currently a part time bug bounty hunter mostly on Hackerone. At the beginning of this month, I got an invitation to a private program specialized in Big Data and Integration services. …

Hello, I want to share with you a new methodology about finding rate limit vulnerabilities and even bypassing rate limit protections. For those who don’t know me, my name is Ahmad Halabi and I am a part time bug bounty hunter. Overview :: A lot of programs and companies implement…

My Bug Bounty Journey & Ranking 1st in U.S. DoD & Achieving top 100 hackers in 1 year Hello, My name is Ahmad Halabi. A lot of people are asking me how I reached top 100 hackers scoring over 8k reputation on hackerone in a very short time (1 year…