Today I am going to talk about the period when you don’t find bugs for several days, weeks or even months. This talk is going to be non-technical and completely related to mental health. I will try explaining it as simple as possible.

During our bug bounty days, specially when we start the bug bounties and do it at regular basis, we go through the period where we don’t find bugs regularly. You don’t feel it in starting days but once you find some cool bugs, you develop a mindset where you want to find bugs daily. You want to…


Source: Google images

Hi homies, I hope you all are doing great and learning new things daily. Recently, I had posted a bash oneliner on Twitter which solves some of your automation queries and I got a lot of questions regarding how to, where to with bash. Many of the people found it difficult to understand and that’s completely fine, there is nothing to worry about. So this is the reason I thought to write this blog if it helps some people out there to understand the basic concept of bash automation.

So, what is bash scripting? Bash is a command language interpreter…


Hi homies, I hope you all are safe and doing your stuff constantly. Summer is up and we are increasing our speed:) I have so many plans to execute as well and let’s see what future has held. If we talk about this read, this is NOT going to be a write-up on findings or anything like that.

So, what’s this article about? Well, as the heading clearly says, it is a blog on learning. Learning what? Well, in recent weeks, I have got so many messages on LinkedIn and twitter regarding the learning process i.e. what are the things…


Welcome back my hacker homies! I hope you all are doing great, like me! So many things to learn daily and new resources keep coming. Keep upgrading yourself:) I’m here with another read of Bragging rights series and here I will be discussing a bunch of bugs which I found recently. It includes some XSS with bypasses, IDORs and a 2FA bypass. What are we waiting for? Let’s start!

Synack has been awesome for me till now and there are no mixed emotions. Only happiness and learning. Recently I was hunting on a program and it had multiple functionalities. I…


Hi buddies, I hope you all are doing great and breaking internet on regular basis. I have started hacking on Synack since a month or so and I must say it has been a great journey so far. In recent days, I have worked on file upload functionality a lot and in this writeup-cum-blog, I will be discussing some recent unrestricted file upload findings. I hope this helps you in some way. Let’s move forward.

If you are unfamilier or quite new with the file upload functionalities, here is the resource which will help you to understand this better: FileUpload.


Hi my fellow hacker buddies, I hope you all are doing well. We have entered in a new year(finally) and probably we all have set some goals for this year. I pray those come true for you. I am starting a series of articles and blogs where I will be posting my findings & some interesting reads. I am calling it Bragging Rights! I hope you enjoy and learn from it.

Well, the first part is based on my recent bug hunts where I found 6 bugs on a single target. I will try to explain the bugs and let…


Hi my fellow hackers, my buddies! Welcome to my new blog! We are here, ending the year which we badly wanted. Yes!! We survived 2k20!!xD I hope you all are doing great and putting your efforts into whatever you are doing. I thought to end this year by giving back something to the community and here we go! With this note, let's move forward.

So, as the title says, this blog will be based on my Shodan hacks and in case if you are new to it, “Shodan is a search engine that lets the user find specific types of…


Hello my hacker buddies, I hope you all are doing great. Keep finding bugs and even if you are not finding them, keep putting effort in it:) In recent days, I have focused less on bounties since I was doing office stuff and many other things. Anyways, I fell in love with it again last week or so, and results have been quite nice. We will talk here about a bug which I found recently with GitHub Dorks and in case if you are new to this, follow this video by Bugcrowd university to understand how GitHub dorks work. Basically…


Hi fellow hackers, I hope you all are hunting on your favorite targets and finding bugs. Even if you are not finding them, make sure you keep your back up and continue hunting:)

So why I am writing this blog? The reason is, a lot of people start their hacking journey but they don’t understand what leads to a successful bug bounty chase. A lot of people have asked me the same question and it is either “how to start bug bounties” or “I have started bug bounties but not finding bugs. How to find them”. …


The clearer you see, the better you win!

So, I was trying Google this time to see if I get something interseting in it. I spent like 20 days on an acquisition and finally I found some interesting stuffs over there. This is the tell about one of them:)

While I was testing almost everything, I saw a URI in burp which was providing some user data including thier user IDs and usernames. It was looking something like this:- redected.com/c/ask/20/l/latest.json. It got my attention so I started searching for some info where I could try other users’ user IDs or username as well.

Finally I found an endpoint…

Manas Harsh

Information security consultant | Synack Red Teamer | Writer | Learner, achiever & Contributor

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store