Get to know our security research through our blog. Insights on penetration testing, the latest security issues, security best practices, reverse engineering and much more.

Credential Leakage | Weak Encryption | Firmware Emulation

Inside the Router: How I Accessed Industrial Routers and Reported the Flaws

by Bipin Jitiya | on Oct 1, 2023

Router Vulnerability Hunt, From Google Dorks to Firmware Emulation - The Full Story - Hello, World! ❤️ Today, I have an exciting story about how I exposed admin passwords and gained access to thousands of 3G/4G/5G Industrial Cellular Routers with the help of some old-school vulnerabilities...

Continue reading
Responsible Disclosure | Collective Intelligence

Internet security: The cyber risk we can't afford to ignore

by Bipin Jitiya | on Mar 31, 2023

Why businesses and governments need a collective intelligence approach to security — Throughout the centuries, human history has been shaped by an endless cycle of conflicts and wars. But in today's world, we are not only fighting with swords and shields, we are also fighting…

Continue reading
OS Command Injection | AWS Data Leak

Facebook bug: A Journey from Code Execution to S3 Data Leak

by Bipin Jitiya | on Feb 16, 2023

A Tale of Two Threats: OS Command Injection and Data Leak in Meta’s (formerly Facebook) Careers Platform — Hello, World! ❤️ It was a beautiful weekend evening in April last year, I was exploring the Facebook Careers Platform and came across an interesting security issue…

Continue reading
Vulnerability Chaining | RCE

Remote Command Execution in a Bank Server

by Bipin Jitiya | on Nov 18, 2022

A detailed article on how I exploited Remote Command Execution (RCE) with the help of the Vulnerability Chain. Hello, World! ❤️ Welcome to my blog post. In this blog post, I will explain in depth how I exploited RCE in a highly reputed non-Indian banking website with the help of…

Continue reading
Code Review | rXSS

Simple story of some complicated XSS on Facebook

by Bipin Jitiya | on Jun 21, 2020

How did I found multiple reflected cross-site scripting (rXSS) vulnerabilities on Facebook — Hello, World! ❤️ Welcome to my another blog post. I hope you all are doing well and safe. This post is about the reflected cross-site scripting (rXSS) vulnerabilities I found on Facebook…

Continue reading
Code Review | SSRF

SSRF vulnerability in Facebook production server - Exploit Details

by Bipin Jitiya | on May 31, 2020

Detailed story on how did we discovered Server-Side Request Forgery in a Facebook production server and leaked some internal data — Hello World ❤️, Facebook is the largest social networking site in the world and one of the most widely used. I have always been interested in testing…

Continue reading