Today I am going to talk about the period when you don’t find bugs for several days, weeks or even months. This talk is going to be non-technical and completely related to mental health. I will try explaining it as simple as possible.

During our bug bounty days, specially when we start the bug bounties and do it at regular basis, we go through the period where we don’t find bugs regularly. You don’t feel it in starting days but once you find some cool bugs, you develop a mindset where you want to find bugs daily. You want to…


Source: Google

Before we go deep into the ACTUAL bypasses section, It’s really important to understand what is a WAF(Web application firewall) and it’s types.

Hi guys, welcome to this new blog and here, we are talking about WAFs which is considered as one of the biggest enemies of hackers. Well, it is also important to keep in mind WAF is not same as usual firewalls(Network firewalls). …


Source: Google

We all know about HTTP and HTTPS but how many of us have seen Gopher in wild? The one we use a lot in bypassing and escalating Server side request forgeries. Well, believe me or not, Gopher was conceived in 1991 as one of the Internet’s first data/file access protocols to run on top of a TCP/IP network. So, this blog is based on understandings and its uses in wild:)

Before we see how Gopher works, it is very important to understand what actually it is and how it was different from HTTP and HTTPS. Gopher is an application-layer protocol…


Source: Google

Hello homies! I hope you are doing great and working on your stuff. We are getting pretty good amount of time due to pandemic and luckily we are one of the rarest group of people who are happy with it(I mean people from bounty and stuff). As you can see the heading of this blog, it is based on an evergreen debate whether you need some coding knowledge, or you need to be really good at it, or it is fine even if you have some sound knowledge of multiple programming languages. I believed this is the time to clear…


Source: Google images

Hi homies, I hope you all are doing great and learning new things daily. Recently, I had posted a bash oneliner on Twitter which solves some of your automation queries and I got a lot of questions regarding how to, where to with bash. Many of the people found it difficult to understand and that’s completely fine, there is nothing to worry about. So this is the reason I thought to write this blog if it helps some people out there to understand the basic concept of bash automation.

So, what is bash scripting? Bash is a command language interpreter…


Hi homies, I hope you all are safe and doing your stuff constantly. Summer is up and we are increasing our speed:) I have so many plans to execute as well and let’s see what future has held. If we talk about this read, this is NOT going to be a write-up on findings or anything like that.

So, what’s this article about? Well, as the heading clearly says, it is a blog on learning. Learning what? Well, in recent weeks, I have got so many messages on LinkedIn and twitter regarding the learning process i.e. what are the things…


Welcome back my hacker homies! I hope you all are doing great, like me! So many things to learn daily and new resources keep coming. Keep upgrading yourself:) I’m here with another read of Bragging rights series and here I will be discussing a bunch of bugs which I found recently. It includes some XSS with bypasses, IDORs and a 2FA bypass. What are we waiting for? Let’s start!

Synack has been awesome for me till now and there are no mixed emotions. Only happiness and learning. Recently I was hunting on a program and it had multiple functionalities. I…


Hi buddies, I hope you all are doing great and breaking internet on regular basis. I have started hacking on Synack since a month or so and I must say it has been a great journey so far. In recent days, I have worked on file upload functionality a lot and in this writeup-cum-blog, I will be discussing some recent unrestricted file upload findings. I hope this helps you in some way. Let’s move forward.

If you are unfamilier or quite new with the file upload functionalities, here is the resource which will help you to understand this better: FileUpload.


Hi my fellow hacker buddies, I hope you all are doing well. We have entered in a new year(finally) and probably we all have set some goals for this year. I pray those come true for you. I am starting a series of articles and blogs where I will be posting my findings & some interesting reads. I am calling it Bragging Rights! I hope you enjoy and learn from it.

Well, the first part is based on my recent bug hunts where I found 6 bugs on a single target. I will try to explain the bugs and let…


Hi my fellow hackers, my buddies! Welcome to my new blog! We are here, ending the year which we badly wanted. Yes!! We survived 2k20!!xD I hope you all are doing great and putting your efforts into whatever you are doing. I thought to end this year by giving back something to the community and here we go! With this note, let's move forward.

So, as the title says, this blog will be based on my Shodan hacks and in case if you are new to it, “Shodan is a search engine that lets the user find specific types of…

Manas Harsh

Information security consultant | Synack Red Teamer | Writer | Learner, achiever & Contributor

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store