Part 1 : Hunting Vulnerabilities in Smart contracts

  • Independent Information Security Consultant focusing on security assessments (applications, infrastructures and smart contracts)
  • Previously worked as bug bounty hunter with Multiple organizations like Microsoft (MSRC), Google, Zoho etc
  • here is my personal portfolio https://www.ad3sh.com

So first how smart contracts works ? 🤔


Basic Cross Site Request Forgery

CSRF (Cross site request forgery) is the vulnerability that tricks the user to submit the malicious request if there is no implementation of the Anti-CSRF tokens in the forms or site. When implemented your website https://example.com will include a random generated number or token to…


Hello, Guys, I m back with a new Story on bug bounty, I found this bug last year on AT&T bug bounty program (Now its H1 Program), thought of sharing it

So here I would like to share how I got 1000$ for reporting CSRF vulnerability in AT&T which Leads…


Hi Guyz found a very common Vulnerability in oxford’s web portal

Disclosed report -

Vulnerability Found: Host Header Poisoning

logo

Description :
Modifying the Host header in Mavenlink’s password reset functionality would inject an attacker’s link into the password reset email. …


chaliye shuru Karte Hai

I’m going to talk about a common and strange password reset system that I have seen many times in Bug Hunting and in many VAPT projects. and in many cases this system opens the door to attacker to hack user’s accounts.

The story started when I was testing Change password…


I am Adesh Nandkishor Kolte an Independent Security Resercher From India

and also working with SecureLayer7 as a Security Consultant

Talking about Microsoft bug bounty first point they only accept submission which is high impact. Big `NO` to low hanging fruits and big `NO` if you can not exploit the…


SQL Injection Vulnerability In University Of Cambridge

Hello

Introduction Of Author:

I am Adesh Nandkishor Kolte ,An Independent Security Resercher From India

Found a SQL Injection Vulnerability in University Of Cambridge

This is the most prevalent and most dangerous of web application vulnerabilities. Having this SQLi vulnerability in the application…


Hello Guyz

This Is Adesh Nandkishor Kolte

An Independent Security Resercher From India

AT&T Bug Bounty Board has authorized a payout of $750.00 for Me in recognition of on one or more report submissions that AT&T have remediated during 1Q18..

AT&T Inc. is an American multinational conglomerate holding company headquartered…

Adesh Kolte

Listed in Top 100 most respected hackers in the world by Microsoft at the BlackHat conference in America 2018

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store