Chandravarma Hattaraki

In the world of cybersecurity, bug bounty programs offer a unique opportunity for ethical hackers to find vulnerabilities in organizations’ systems. One of the most critical phases of a bug bounty hunt is reconnaissance, where we gather as much information as possible about the target. In this blog, we’ll explore a Python-based script designed to automate various reconnaissance tasks and finding vulnerebility, making your bug bounty engagement more efficient and systematic.

Leveraging the VirusTotal API to check malicious scores for IP addresses and file hashes, this blog post will explore how to efficiently use the API for bulk data analysis, thereby streamlining your threat detection process.

The Sumo Logic Auto Collector Management Python script is designed to interact with the Sumo Logic API to manage auto collectors, including configuring new collectors and retrieving information about existing ones

In this section, we’ll explain what SQL injection is, describe some common examples, explain how to find and exploit various kinds of SQL injection vulnerabilities, and summarize how to prevent SQL injection.

I've successfully reported my first security vulnerability in a bug bounty program—an Unauthenticated Blind SSRF! Unauthenticated Blind SSRF (Server-Side Request Forgery) occurs when an attacker can manipulate a server to make unintended requests to internal or external resources without authentication. Since it’s blind, the attacker doesn’t directly see the response but can infer details through time delays, error messages,or out-of-band interactions

Methods used to exploit Box: Cookie Manipulation, revershell file upload, privilage escalations, Arbitrary File Upload

Methods: mssql, SMB shares, Privilage escalation, revershell upload via http.server

Methods: Anonymous FTP, convert zip to hash, hash cracker, md5 hash cracker, get shell using SQl injection