Open in app

Sign in

Write

Sign in

Ahmad Halabi
Ahmad Halabi

3.2K Followers

Home

About

Aug 12

From Revealing Emails to Taking Over Accounts (Hacking Telecom)

بِسْمِ اللَّـهِ الرَّحْمَـٰنِ الرَّحِيمِ Hello, My name is Ahmad Halabi. Working at Resecurity — A Cyber Security Intelligence Company protecting Fortune 500 against threats of all types. Part of what we do via our Hunter Unit Operations is investigate and identify new zero days, attacks and techniques that allow threat…

Bug Bounty

4 min read

From Revealing Emails to Taking Over Accounts (Hacking Telecom)
From Revealing Emails to Taking Over Accounts (Hacking Telecom)
Bug Bounty

4 min read


Jul 7, 2022

PII Disclosure of Apple Users ($10k)

بِسْمِ اللَّـهِ الرَّحْمَـٰنِ الرَّحِيمِ Hello, My name is Ahmad Halabi. I work as a Senior Cyber Security Specialist in UAE. I also do some Bug Bounty Hunting when I have a Free Time. You can check my Biography here: https://ahmadhalabi.net/biography/ . Intro :: After I saw that Apple started paying…

Bug Bounty

7 min read

PII Disclosure of Apple Users ($10k)
PII Disclosure of Apple Users ($10k)
Bug Bounty

7 min read


Dec 22, 2021

Ultimate Reconnaissance RoadMap for Bug Bounty Hunters & Pentesters

بِسْمِ اللَّـهِ الرَّحْمَـٰنِ الرَّحِيمِ Hello, This article is targeting anyone who is a bug bounty hunter and penetration tester. The content of this article is not new, it is indeed available on the internet, but the way of delivering it is different. Who Am I ? My name is Ahmad…

Bug Bounty

7 min read

Ultimate Reconnaissance RoadMap for Bug Bounty Hunters & Pentesters
Ultimate Reconnaissance RoadMap for Bug Bounty Hunters & Pentesters
Bug Bounty

7 min read


Aug 13, 2021

Taking Over Employee Accounts by Managers with Zero Employee Interaction

Hello, My name is Ahmad Halabi. I used to do bug bounty hunting a lot in the previous months. In this writeup I will discuss a Security Misconfiguration that leads to Business Logic Error and caused Account Takeover. Overview :: In April I was invited to a new private program…

Bug Bounty

7 min read

Taking Over Employee Accounts by Managers with Zero Employee Interaction
Taking Over Employee Accounts by Managers with Zero Employee Interaction
Bug Bounty

7 min read


Jun 26, 2021

My Experience For 2 Years In Bug Bounty Hunting

Hello, My name is Ahmad Halabi. I am writing this article as a summary about my experience that was gathered during my Bug Bounty Journey that I started 2 years ago. Before proceeding, I previously wrote an article about How I started in bug bounties and how I achieved some…

Bug Bounty

6 min read

My Experience For 2 Years In Bug Bounty Hunting
My Experience For 2 Years In Bug Bounty Hunting
Bug Bounty

6 min read


Published in

InfoSec Write-ups

·Apr 24, 2021

RCE via Internal Access to Adminer Database Management (Critical)

Hello, My name is Ahmad Halabi, I do bug bounty hunting on my free time. I mainly hunt on HackerOne. In this article I am going to share with you how I was able to access internal database management leading to Remote Code Execution. Overview :: While I was hunting…

Bug Bounty

4 min read

RCE via Internal Access to Adminer Database Management (Critical)
RCE via Internal Access to Adminer Database Management (Critical)
Bug Bounty

4 min read


Mar 7, 2021

Finding Hidden Login Endpoint Exposing Secret `Client ID`

Hello, My name is Ahmad Halabi, Founder & CTO at Cybit Sec and part time bug bounty hunter on Hackerone. Today I am going to share one of my cool findings about an information disclosure bug in a private program on HackerOne. Turning a Low Severity bug into a High…

Bug Bounty

4 min read

Finding Hidden Login Endpoint Exposing Secret `Client ID`
Finding Hidden Login Endpoint Exposing Secret `Client ID`
Bug Bounty

4 min read


Feb 28, 2021

Secret Key Exposure in API Config Directory

Hello, My name is Ahmad Halabi, Founder & CTO at Cybit Sec and I am currently a part time bug bounty hunter mostly on Hackerone. At the beginning of this month, I got an invitation to a private program specialized in Big Data and Integration services. …

Bug Bounty

3 min read

Secret Key Exposure in API Config Directory
Secret Key Exposure in API Config Directory
Bug Bounty

3 min read


Nov 29, 2020

Chaining Multiple Requests to Achieve Rate Limiting Vulnerabilities

Hello, I want to share with you a new methodology about finding rate limit vulnerabilities and even bypassing rate limit protections. For those who don’t know me, my name is Ahmad Halabi and I am a part time bug bounty hunter. Overview :: A lot of programs and companies implement…

Bug Bounty Hunting

4 min read

Chaining Multiple Requests to Achieve Rate Limiting Vulnerabilities
Chaining Multiple Requests to Achieve Rate Limiting Vulnerabilities
Bug Bounty Hunting

4 min read


Published in

InfoSec Write-ups

·Oct 17, 2020

My Bug Bounty Journey & Ranking 1st in U.S. DoD & Achieving top 100 hackers in 1 year

My Bug Bounty Journey & Ranking 1st in U.S. DoD & Achieving top 100 hackers in 1 year Hello, My name is Ahmad Halabi. A lot of people are asking me how I reached top 100 hackers scoring over 8k reputation on hackerone in a very short time (1 year…

Bug Bounty

10 min read

My Bug Bounty Journey & Ranking 1st in U.S. DoD & Achieving top 100 hackers in 1 year
My Bug Bounty Journey & Ranking 1st in U.S. DoD & Achieving top 100 hackers in 1 year
Bug Bounty

10 min read

Ahmad Halabi

Ahmad Halabi

3.2K Followers

Hacker | Managing Director at Resecurity®.

Help

Status

About

Careers

Blog

Privacy

Terms

Text to speech

Teams