Ashish Dhone ./blog

[ Cyber Warrior Field Notes ]

Field notes from a Cyber Warrior

Offensive security, red teaming, SOC operations, digital forensics, and bug bounty write-ups — covering web, mobile, network, and cloud. Hands-on field notes from the trenches.

⚡ Subscribe — $5/month Full access to all posts · Cancel anytime
📌

Pinned

All Posts

Jul 4, 2026

I Found a Stored XSS in Microsoft Dynamics 365 for $3,000

By Ashish Dhone (@ashketchum) · Bug Bounty Writeup · Microsoft Dynamics 365 and Power Platform Bounty Program

Read →

0 views · 0 👏

Jul 4, 2026

I Bypassed Microsoft's Enterprise License Check for $7,500

By Ashish Dhone (@ashketchum) · Bug Bounty Writeup · Microsoft M365 Bounty Program

Read →

2 views · 0 👏

Jul 3, 2026

Decoding an APT Beacon at the BlackHat MEA CTF Finals 2023 (NoopAPT)

By Ashish Dhone (@ashketchum) · CTF Writeup · BlackHat MEA CTF Finals 2023

Read →

3 views · 0 👏

Jul 3, 2026

It Was Right There In The Hex: BlackHat MEA CTF 2023 Forensics (Not Supported)

By Ashish Dhone (@ashketchum) · CTF Writeup · BlackHat MEA 2023

Read →

4 views · 0 👏

Jul 3, 2026

A RAR File, a Hidden Password, and a Memory Dump — BlackHat MEA CTF 2022 Forensics (Mem)

By Ashish Dhone (@ashketchum) · CTF Writeup · BlackHat MEA 2022

Read →

1 views · 0 👏

Jul 2, 2026

One Parameter. One Payload. Another CVE — XSS in IceWarp WebClient Calendar (CVE-2020-25925)

By Ashish Dhone (@ashketchum) · CVE Research · Published April 2021

Read →

4 views · 0 👏

Jul 2, 2026

I Typed a URL and Became a Hospital Admin — CVE-2020-35745

By Ashish Dhone (@ashketchum) · CVE Research · Published January 2021

Read →

3 views · 0 👏

Jul 2, 2026

Blind XSS in Google Analytics Admin Panel — $3,133.70

By Ashish Dhone (@ashketchum) · Bug Bounty Write-up · Google VRP

Read →

4 views · 0 👏

Jun 16, 2026

All In One Bug Bounty

By Ashish Dhone (@ashketchum) · Bug Bounty · Updated June 2026

Read →

16 views · 66 👏