Description: This is the second and final part of How I hacked Facebook you can find part one here [ How I hacked Facebook: part one ].

I highly recommend reading part one to understand the storyline.

In part one I have found Account takeover by an unsecured API which allowed me to change the password of any admin account with no user interaction, and I got rewarded 7500$ by the Facebook security team, In part two I have found account takeover using cookies manipulation and chained it with Internal SSRF I got rewarded a bounty of $xxxxx Yes 5…


Automate background checks to the next level.

What does a Background check mean? —

A background check is a process that a person or company uses to verify that an individual is who they claim to be, and this provides an opportunity to check and confirm the validity of someone’s criminal record, education, employment history, and other activities from their past.

Today I’m going to talk about how to do a quick background check, and how to automate it.

So sometimes we might wonder, how the big companies doing the background checks for the people who are applying for a…


serpapi.com

Serpscan is a powerful PHP tool designed to allow you to leverage the power of dorking straight from the comfort of your command line.

As in the title, today I’m presenting a new tool, but maybe it’s an idea more than a tool for those who are looking to make an automated vulnerabilities scanner for bug hunting, and for those companies who have plans to make a paid pen-testing services.

You’re a bug bounty hunter? — I’m not sure if you’re familiar with this information or no, but the top security companies and some of the TOP 100 hackers on…


We’ve been in this pandemic since March and once the pandemic started I was having plenty of free time, And I need to use that time wisely, So I’ve decided to take the OSWE certification and I finished the exam on 8 of August, after that, I took a couple of weeks to recover from the OSWE exam, then in the med of September, I said you know what? I did not register my name in the Facebook hall of fame for 2020 as I do every year. okay, let’s do it.

I never found a vulnerability on one of…

Alaa Abdulridha

Cybersecurity Engineer and #OSWE certified

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store