بِسْمِ اللَّـهِ الرَّحْمَـٰنِ الرَّحِيمِ Hello, My name is Ahmad Halabi. I work as a Senior Cyber Security Specialist in UAE. I also do some Bug Bounty Hunting when I have a Free Time. You can check my Biography here: https://ahmadhalabi.net/biography/ . Intro :: After I saw that Apple started paying…

بِسْمِ اللَّـهِ الرَّحْمَـٰنِ الرَّحِيمِ Hello, This article is targeting anyone who is a bug bounty hunter and penetration tester. The content of this article is not new, it is indeed available on the internet, but the way of delivering it is different. Who Am I ? My name is Ahmad…

Hello, My name is Ahmad Halabi. I used to do bug bounty hunting a lot in the previous months. In this writeup I will discuss a Security Misconfiguration that leads to Business Logic Error and caused Account Takeover. Overview :: In April I was invited to a new private program…

Hello, My name is Ahmad Halabi. I am writing this article as a summary about my experience that was gathered during my Bug Bounty Journey that I started 2 years ago. Before proceeding, I previously wrote an article about How I started in bug bounties and how I achieved some…

Hello, My name is Ahmad Halabi, I do bug bounty hunting on my free time. I mainly hunt on HackerOne. In this article I am going to share with you how I was able to access internal database management leading to Remote Code Execution. Overview :: While I was hunting…

Hello, My name is Ahmad Halabi, Founder & CTO at Cybit Sec and part time bug bounty hunter on Hackerone. Today I am going to share one of my cool findings about an information disclosure bug in a private program on HackerOne. Turning a Low Severity bug into a High…

Hello, My name is Ahmad Halabi, Founder & CTO at Cybit Sec and I am currently a part time bug bounty hunter mostly on Hackerone. At the beginning of this month, I got an invitation to a private program specialized in Big Data and Integration services. …

Hello, I want to share with you a new methodology about finding rate limit vulnerabilities and even bypassing rate limit protections. For those who don’t know me, my name is Ahmad Halabi and I am a part time bug bounty hunter. Overview :: A lot of programs and companies implement…

My Bug Bounty Journey & Ranking 1st in U.S. DoD & Achieving top 100 hackers in 1 year Hello, My name is Ahmad Halabi. A lot of people are asking me how I reached top 100 hackers scoring over 8k reputation on hackerone in a very short time (1 year…