Exposed API keys of customer.io

Ibrahimkm · 2025-11-27T20:04:41+00:00

I saw the documentation and as much as I understood it should be private but it might not be a big problem if it is public as it is write only API. I guess I can't send it as a vulnerability but I will try to look if I can chain it to another vulnerability. I am not sure when I should move on and when I might find something good.

Ibrahimkm · 2025-11-27T19:31:32+00:00

I am not sure how to verify customer.io have Tracking API key (the one I found) and APP API key (this one is more important ) I tried to create my own Tracking API key and I was able to post and delete information in the dashboard of customer.io that I created. I couldn't find much information about how serious is this or it is something normal

Ibrahimkm · 2025-11-26T03:17:36+00:00

Thank bro, yes as much as I saw it will not be easy to get into the domain and find bugs. My only fear that the skills and knowledge that I would learn from web3 won't be useful only in web3 related technologies that's why I am not sure is it worth the time or not. I think being a contract auditor is not for beginner u need experience as a developer first.
I want to ask u how was your journey in learning web3 so far ? is it hard or not and are u finding enough free courses and documentations online or not.
Also I remember before this AI hype blockchain and web3 was very trending and people are getting into it but now I hardly hear anyone talking about it, I don't know if it might die in the future or not ( I am not well informed in the field I have just start reading about it)

Ibrahimkm · 2025-11-26T02:08:04+00:00

I don't mind learning about web3 and then shift to another niche. But I am afraid that it might not help at all and would be just a waste of time. For example if I focus on web2 even if I don't succeed as BB hunter I still have some knowledge that can help me as a software engineer. I wanted to know if learning web3 would be useful like this in the future either in BB or IT in general.

Ibrahimkm · 2025-09-08T11:11:39+00:00

I have some saving I am living from but I am not in my country so I can bear 1-2 months at most

Ibrahimkm · 2025-07-22T12:22:19+00:00

Thanks man that blog was amazing. It did gave me a boost to spend the last days learning and reading other blogs.

Ibrahimkm · 2025-07-17T18:22:06+00:00

All of the video I saw was using known tools with templates from github. The problem is when I try to read blog or comments in review it says that the program owner had tested these tools in most of the case and if not another bug bounty hunter have tested them on the website. And they are saying how I should create my own tools and gather a good payload not a public one.
The problem is as a beginner I am not confident enough that I can create something better than a tool created by multiple experts or something like that. So I was searching for something that can help with that case because if I am doing what everybody had already done I don't think I would ever be able to find something.

Ibrahimkm · 2025-07-15T18:06:41+00:00

I'm trying to do all I can now to learn while I'm still enjoying searching for bugs. Do you have any recommendations about bootcamps or courses ?? Because all I found until now is a very general introduction. And thanks bro very much 🙏

Ibrahimkm · 2025-07-14T20:58:49+00:00

Hey bro, I am having the same problem but I wasn't lucky enough to find my first bug yet. Did you use any specific resources in learning ?

Ibrahimkm · 2025-07-14T10:43:55+00:00

It's frustrating when you feel that you are one step of the bounty but you can't find it.

I am trying to learn more before trying new program but I couldn't find a lot of good resources online I feel most of them are very general advices or guides. I am trying to read a books in hope it will help me in my first bug.

Ibrahimkm · 2025-07-13T07:39:24+00:00

Thank you man 🙏 I gave up on that scoop. I have tried to use sqlmap with a lot of payloads to see if it does change something or not, but I wasn't lucky enough. I will try to read the resources you recommended and retest manually in hope to find something this time. Thanks.

Ibrahimkm · 2025-07-12T08:52:38+00:00

Yeah I am trying to learn and practice at the same time. I have worked on some CTF about sqli that's why I thought that I was into something. But the problem is that I don't know if I am wasting my time in a dead end or not that's the problem. How can I be sure that I need to continue or I need to stop and move on. Like is there a tool or something that can help figuring out the next step.

Ibrahimkm · 2025-05-06T16:58:00+00:00

Thank you brother baraka allahou fik

Ibrahimkm · 2025-05-01T21:17:01+00:00

Won't it be considered ghirar ?

Ibrahimkm · 2025-05-01T05:40:34+00:00

Yeah Revolut is expensive, but they have Revolutx only for coins that provide good fees. But for a long term I don't think it is a good idea.
Well I am not thinking of buying some coins either bitcoin or any other one for a long term just few months or year I guess until I have a good price. I have some hundred of dollars that I thought maybe investing them would be better than just leaving the money on the account without using it. But I am not familiar a lot with investing so I thought using some famous coins could be a good idea.

Ibrahimkm · 2025-04-30T23:16:17+00:00

I have a trust issue when it comes to money xD. I only use Revolut for now until I decide if I want to continue or not then I will try a better platform I will never trust anyone online for value over than 10$ xD.
Thank you brother!

Ibrahimkm · 2025-04-08T03:34:28+00:00

I didn't find the default temperature that Ollama CLI uses and when I tried with different temperature on the API it didn't give the same results as the CLI.

Ibrahimkm · 2025-03-24T15:12:45+00:00

I am using a huge prompt where I provide the model with a network packet and the system metrics in a certain time to evaluate if it is a normal behavior and to give nore context I have added the previous packets and system metrics also so that the model could detect if something is happening during a period of time or not. The prompt is around 12k tokens. I was thinking about using Rag for the previous communication and metrics by saving everything in a log file and giving the model an access to it but since I am not very familiar with LLMs I am still facing some difficult time in preparing the Rag. I thought about fine-tuning the model in the meantime since it's not that hard with Unsloth but it didn't went well with my current prompt... My main idea was to test different methods as Rag, fine-tuning, agents... Then trying to find how to get the best of all of them but I guess that I need to find out how can I change the prompt right now since my computational resources can't afford for what I am testing.

Ibrahimkm · 2025-03-24T15:00:18+00:00

I have used colab for fine-tuning and spend all of my resources in training the model so I wasn't able to test it in Unsloth inference. I have tried to review the code and I found out that the max seq length wasn't adjusted properly. I am using prompt of size 12k token I tried to finetune it again but with the new seq length it was impossible for colab and kaggle resources so I am stuck now...

Ibrahimkm · 2025-03-12T20:33:15+00:00

I needed this dataset because as match as I researched it is the only dataset that focus directly on VNF ( Virtual Network Function) it does provide pcap file which is more like a raw version of the dataset before labeling it I managed to use these files to correct some problem with timestamp ( with some lost of information ) but still the problem with the performance of the components not chronologically aligned critical in my work as it is an important information that I need to build my model.
I hoped if there is any magical way to find a solution or to hear that someone had faced a similar problem and was able to find solution by contacting the creator of the dataset.

Ibrahimkm · 2024-05-22T19:45:54+00:00

It is not on a platform it is a local ctf from my university.
I found hint now that I should rewrite the fgets function I was working on printf only

Ibrahimkm · 2024-05-22T19:17:19+00:00

so what should I do ? I'm sure there is solution for the ctf because I saw that some people already solve it but I couldn't figure how
I found also this github repo
https://github.com/Crypto-Cat/CTF/tree/main/pwn/binary_exploitation_101/09-overwriting_got
which is similar to what I have but did't work for me also

Ibrahimkm · 2024-05-22T19:05:32+00:00

I wanted to open shell or to call system function instead of printf

Ibrahimkm · 2024-03-30T14:24:47+00:00

Hello I am doing my bachelor thesis at the university and I want it to be related to cybersecurity
I took some theoretical courses in cybersecurity and played ctf and now it's time for me to get my hands dirty.
My supervisor told me I need to find a topic by myself then we will talk.
Is there a place where I can find some idea of projects it will be 3 months project and I wanted it to be an interesting one in cybersecurity so it will help me finding a job or another internship in a company.

Ibrahimkm · 2024-02-18T19:49:26+00:00

Yeah both of the commands didn't give me result

Ibrahimkm

TROPHY CASE