by doepichack | Nov 15, 2024 | Blog
We were doing recon on a Bugcrowd public program and attempting to find information disclosure in JavaScript files. We grepped all subdomains using different tools, also brute-forcing subdomains, and then passed the results through Wayback and Gau tools to grep for JS...
by doepichack | Nov 15, 2024 | Blog
Investigating GitHub leaks, we were hunting on a private program on HackerOne. During our search, we discovered that the program was using Zendesk as its support desk service. While reviewing their company GitHub repository, we found a .zat file that exposed a Zendesk...
by doepichack | Apr 22, 2024 | Blog
We were hunting one of the private programs on HackerOne. The scope of this program was limited to a single domain, which was hosting an internal admin panel on a staging environment for testing purposes. We randomly tested various functionalities and focused on the...
