My name is Ahmad Halabi, Founder & CTO at Cybit Sec and I am currently a part time bug bounty hunter mostly on Hackerone.
At the beginning of this month, I got an invitation to a private program specialized in Big Data and Integration services. The scope was limited to a website having dashboard.
Going after the Dashboard, I was able to find one valid bug. Then while checking the traffic in Burpsuite, I found that there is an API for this dashboard as the following: https://redacted.com/api.
Time For Some Recon:
First interesting thing to do is Discovering API…
I want to share with you a new methodology about finding rate limit vulnerabilities and even bypassing rate limit protections.
For those who don’t know me, my name is Ahmad Halabi and I am a part time bug bounty hunter.
A lot of programs and companies implement Rate Limiting protections on sensitive endpoints that requires authentication and important functionalities like Login and creating posts as an example. Protections can vary a lot, and since there are multiple types and ways how protections are implemented, there are also methods to bypass some of these protections.
Today I am…
My Bug Bounty Journey & Ranking 1st in U.S. DoD & Achieving top 100 hackers in 1 year
My name is Ahmad Halabi. A lot of people are asking me how I reached top 100 hackers scoring over 8k reputation on hackerone in a very short time (1 year and 4 months) and how I reached 1st rank in U.S. DoD. I am also receiving lots of questions about how to start in bug bounty hunting, what is my methodology that I use, and so many other related questions. …
Cyber Security Specialist | Hacker | Founder & CTO at Cybit Sec