Open in app

Sign in

Medium Logo
Write

Sign in

Mahmoud Hamed
Mahmoud Hamed

1.2K followers

Home

About

Pinned

XSS + OAuth Misconfigs = Token Theft and ATO

Hi all, In this blog post, I will walk through finding an ATO via OAuth misconfigurations and stealing Auth Tokens through collaborative…

Sep 30, 2024
5
XSS + OAuth Misconfigs = Token Theft and ATO
XSS + OAuth Misconfigs = Token Theft and ATO
Sep 30, 2024
5

How Disabling 2FA Could End with a Bug?

In 2023, I focused on hunting on HackerOne and found many logical flaws, resulting in achieving the 5th rank in the HackerOne program for…

Oct 8, 2024
3
How Disabling 2FA Could End with a Bug?
How Disabling 2FA Could End with a Bug?
Oct 8, 2024
3

How I Got $5,000 for Out-of-Scope XSS

A few months ago, I received an invitation to a private bug bounty program on HackerOne. Initially, I did my usual testing and I discovered…

Feb 24, 2024
14
How I Got $5,000 for Out-of-Scope XSS
How I Got $5,000 for Out-of-Scope XSS
Feb 24, 2024
14
Mahmoud Hamed

Mahmoud Hamed

1.2K followers

https://www.linkedin.com/in/7odamoo/

Following
  • Asem Eleraky

    Asem Eleraky

  • Muhammed K. Sayed

    Muhammed K. Sayed

  • Ahmed Samir Ghallab

    Ahmed Samir Ghallab

  • bombon

    bombon

  • L0da

    L0da

See all (42)

Help

Status

About

Careers

Press

Blog

Privacy

Rules

Terms

Text to speech