"Let's go hacking!"

Tutorials by zseano

Welcome to tutorials by zseano

I'm going to keep this plain and simple and hopefully teach others some interesting things when it comes to testing websites. I'll be discussing each of the vuln types I report along with interesting bypasses, as well as areas people sometimes miss.

I am currently in the top 10 on bugcrowd.

Questions? tweet me @zseano

View - Tutorial One: Open Url Redirects

Open url redirects are always considered as "low impact", but can we really turn an open url redirect into a $2500 payout? Let's dive in to the world of open url redirects and everything about them.

View - Tutorial Two: IDOR.. the roads less travelled

IDOR's (Insecure Direct Object Reference) are everywhere if you know where to look. In this tutorial we discuss various areas i've found them and what to do when you think you've found one.

View - Tutorial Three: Rate limits and bypassing them

Rate limiting can be considered critical based on what your attacking. In this tutorial we discuss various techniques for bypassing rate limits.

View - Tutorial Four: XSS and getting the alert..

WAF's and XSS filters can sometimes pose a problem, but don't fear as methods to bypass are available. In this tutorial we look into some things you can try.

View - Tutorial Five: Bypassing CSRF protection

Cross Site Request Forgery protection can sometimes be bypassed. In this tutorial I give an exammple of a site wide CSRF issue, and things you can try to get a CSRF bypass.

View - Tutorial Six: Basic methods of recon

In this tutorial I go through some methods I use for recon and finding lots of endpoints to play with