🔥The 9th Round of Easy Loan, Earn $40 Reward is in progress❗️ ⏰ Promotion Period: January 15th - Feburary 15th, 2025 👉 Register now and check more details at gate.io/campaigns/358

Turkcell kullanıp da Github 2FA aktif olan var mıdır acaba? Turkcell ile ne konuştuysak ne yaptıysak bir türlü halledemedik. Başkalarında da aynı problemin olup olmadığını anlayabilirsem süper olacak. 1 aydır hesaba hiçbir şekilde erişemiyorum, şaka gibi.

Looks like Github SMS issue is finally solved. I can access my account after 3 months 😃

If you still cannot find your first RCE vulnerability on bug bounty programs, here is my blog post about of Simple Remote Code Execution Vulnerability Examples for Beginners from 3 years ago, which I found mostly at Synack Red Team programs. Link: ozguralp.medium.com/simple-remote-…

Do you want to find different type of vulnerabilities that automatic scanners mostly missing? Here is a blog post that I wrote 3 years ago about Load Balancer, Shallow Copy and Cache problems that causes data leakages, resulting even account takeovers. link.medium.com/jC9QQK72VGb

If you are testing an application which is integrated within AWS document services and S3 buckets; here is my vulnerability write-up from 4 years ago which allowed me to view all sensitive files within bypassing the document signing mechanism. link.medium.com/gcm96FBJ7Gb

Do you have a blind error based SQL injection, which you cannot exploit further? If that's the case, here is my blog post titled "Turning Blind Error Based SQL Injection Into An Exploitable Boolean One" which covers an additional technique to exploit. link.medium.com/rNOGW2mujHb

Do you want to dive into the bug bounty platforms but still struggle how to start? Here is my non-technical advisory blog post from 2.5 years ago that I recommend all people who is interested to start bug hunting or newbie at the sector. Link: link.medium.com/cBKGfPSYuHb

I started seeing BigQuery SQL database more often at the applications that I tested. While it has a similar technology to other DBMS'es, it still has a unique syntax for exploitation. Here is my blog post from 2 years ago in case you missed it. link.medium.com/Ed5ybJoBBHb

Check out my latest technical post published at Synack blog, titled as “Multi-factor Authentication Bypass Examples via Response Tampering” synack.com/blog/multi-fac…

🔥 107th edition of IWWeekly is LIVE 🔥 Read here: weekly.infosecwriteups.com/iw-weekly-107

Examine ways to get around multi-factor authentication, thanks to Ozgur Alp for investigating response manipulation scenarios. Check out more such cool stuff in 107th edition of IWWeekly Newsletter! weekly.infosecwriteups.com/iw-weekly-107/

Synack Red Team (SRT) member Ozgur Alp dives into two two real-world MFA bypass techniques via response tampering that were found in the Synack Platform during his time as an SRT member, starting from easiest to complicated. Read the full blog here → hubs.ly/Q02v6_Xc0

Hi everyone! After a long period of work, I have completed the full analysis of the incident in Lebanon, as well as a detailed examination of one of the devices involved. I even demonstrated, with censored details, how certain modifications and additions could lead to an

2️⃣ Authentication bypasses Ozgur Alp shares 5 ways to bypass authentication on your target! synack.com/blog/exploits-…

An amazing time in live hacking event in #hongkong with Mustafa Can İPEKÇİ Ozgur Alp Nicolas Krassas Busra Ahmet Burak Gökalp Ryan Rutan 🌮 #bugbounty

Interesting approach. The redirect seem to google calendar but it actually points to 'caiendar-redirect.xyz/gXX' , where the link will ask for the following nice permissions for the Twitter account (last screenshot).