Strengthen your digital infrastructure with our Penetration Testing specialized for Web3 & Web2. We identify and fix vulnerabilities to safeguard your assets and data. Curious about how we can help? Click the link to contact us!.

Always a pleasure working with teams that take security seriously. Great collaboration with @TradeonNova on this one.

We recently had the pleasure of working with @privy_io . “Borg Security conducted a thorough security audit of parts of our application stack, and we were impressed with their professional approach and technical expertise throughout the engagement. (. )” - @AndrewMohawk

Found a race condition in a checkout flow. Sent 20 parallel requests before the balance check finalized. Ended up getting 20 items, only paid once. Want to test your app against real-world attack patterns? DMs are open. #websecurity #pentesting #web3 #bugbounty.

🧨 Exploit Breakdown: GraphQL Mutation Abuse. An attacker can intercept a createOrder mutation and modify the price field. If the backend does not validate it and only relies on frontend checks they can complete purchases for free. Always enforce validation on the backend.

Found open redirect, but no XSS? 🤔 OAuth might still leak tokens via Referer headers or open redirect_uris. Sometimes, a simple scope change or open redirect is all it takes. ⚠️ . OAuth is full of sharp edges. Curious how to fix? DMs are open. 🛠️. #web3 #pentesting.

During a recent Web3 assessment 🕵️‍♂️, we discovered a dApp with hardcoded admin privileges in the frontend JavaScript. Anyone with basic dev tools could escalate to full admin access, no authentication required. Web3 isn’t just about contracts 🔐. Frontends leak power too.

We know, it looks simple. But this kind of misconfiguration is still one of the most common ways sensitive information gets exposed. An unauthenticated API endpoint quietly returns full user data. No access checks. No filtering. Sometimes it’s emails, phone numbers, internal

What is XSS (Cross-site scripting)?.It's when an attacker tricks a website into running their code in your browser. If the website doesn’t handle that properly, the script runs in the browser of anyone who visits the page. That means attackers can:.• Steal your cookies

What makes someone a good bug hunter? 🐞🔎.It’s not about being some elite hacker or knowing everything. It’s about being curious, asking “what happens if I do this?” even when it seems pointless. It’s about noticing the little things most people ignore 👀. It’s about being.

7/ Want help finding flaws like this before they go public?.That’s what we do. DMs open. #CyberSecurity #BugBounty #WebSecurity #ResponsibleDisclosure #Pentesting #penetrationtesting #web3.

6/ 🏁 Conclusion.The URL scheme for uploaded documents was entirely predictable. We responsibly disclosed everything to the vendor. Full scripts, PoCs, and detailed reports included. The takeaway is simple. Randomness matters. Protect your users, or someone else will find the.

5/ ⚠️ Impact:.• Access to previous sensitive documents.• Potential to enumerate the entire document repository.• Major privacy risks for users. This wasn’t theoretical. We successfully retrieved real examples.

Predict ➡ Download ➡ Repeat.We even managed to pull old files like driver’s licenses from their system 🪪.

4/ By uploading files and watching patterns, we figured out how to predict older hashes. Then we automated the whole process with Python:

3/ The hash was made up of 4 segments:.🕒 Time-related:.• ETS (Epoch Timestamp Segment).• SCS (Subsecond Counter Segment).📦 Upload-related:.• BAS (Batch Upload Segment).• USS (Upload Sequence Segment).Each part incremented systematically.

2/ The issue involved KYB (Know Your Business) document uploads. Each file was assigned a “random” hash. Turns out… it wasn’t random at all. We broke down the structure and exposed predictable patterns 🧩.

1/ 🚨 Vulnerability disclosure:.We found a way to access sensitive user documents by reverse-engineering a broken image hashing system. Yeah, this included pulling previously uploaded documents, like IDs. Here’s how we broke it 👇.

Most teams focus on what’s already known, and that’s a good thing. But real threats don’t usually come with warning labels. We help projects go beyond the checklist, uncovering vulnerabilities before they become headlines. Web3 deserves better security. We’re here to help.

New blog post just dropped. "What You're Actually Paying for in a Penetration Test". Check it out!.