OUR
BLOG

19 Jun 2018

Knoxss vs Burpsuite(A practical Demonstration)

Hello guys. So this is going to be an interesting blog as we are going to watch a practical demonstration of two awesome tools in the penetration testing industry. One is Burpsuite. If you are here, then we probably assume that you know what Burpsuite is and how it works. This post will give you […]

Read more
13 Jun 2018

Bypassing Cloudflare WAF to get more vulnerabilities

Hey guys, If you have been doing penetration testing or bug bounties for some time now, then you must have come across applications which uses Cloudflare as their Content Delivery Network(CDN). As a new bug bounty hunter or penetration tester, you must be feeling kind of frustrated when any XSS Payload you provide leads to […]

Read more
30 Apr 2018

IDOR to change the email notifications of user

Hey guys. Welcome to this new post from ENCIPHERS. Recently we have been writing a lot about bypass of different access controls and in the recent pentest conducted by our team, we again got some medium priority vulnerabilities regarding horizontal access bypass. And we will be discussing what was the vulnerability and how we proceeded […]

Read more
30 Apr 2018

Doing Subdomain Enumeration the right way

Hey guys. Welcome to this new post from ENCIPHERS. For the last few months, we have been continuously writing about different Findings and the approach our team took to find those. But there was one thing, which we wanted to share and that was the very first step itself. Be it bug bounties or Penetration […]

Read more
14 Mar 2018

Bypassing Access Control to see the private videos of an user

Hello security professionals. In the last post, we talked about the XSS finding in the recent penetration test conducted by our company ENCIPHERS. Here is a link to that post. In the same penetration test, we found another vulnerability which was really an interesting one. But first thing’s first, if you are not sure about […]

Read more
14 Mar 2018

How self XSS got turned into an stored XSS ?

Hey everyone. Our company ENCIPHERS recently conducted a penetration test for a certain client XYZ and in this post, we will be sharing my XSS finding which was among the most critical vulnerabilities we found in the application. The client here was a very reputed company which works in the field of video creation and […]

Read more

Want to know anything about Enciphers or how we work?