Ashish Dhone ./blog

[ Cyber Warrior Field Notes ]

Field notes from a Cyber Warrior

Offensive security, red teaming, SOC operations, digital forensics, and bug bounty write-ups — covering web, mobile, network, and cloud. Hands-on field notes from the trenches.

⚡ Subscribe — $5/month Full access to all posts · Cancel anytime
📌

Pinned

Jun 16, 2026

How I Earned $1,750 from Shopify by Hacking Their Google Login Button

By Ashish Dhone (@ashketchum) · Bug Bounty Write-up · HackerOne Report #691611

Read →

6 views · 67 👏

Jun 15, 2026

How I Found a $5,300 Stored XSS Bug in Shopify's Admin Panel

By Ashish Dhone (@ashketchum) · Bug Bounty Write-up · HackerOne Report #1147433

Read →

11 views · 101 👏

May 25, 2026

How I Hacked My College - Part 3

The final part of the series covers how a vulnerable file upload functionality led to Remote Code Execution (RCE) on college infrastructure. What appeared secure initially was bypassed through weak server-side validation, highlighting how small security mistakes can lead to critical system compromise.

Read →

6 views · 50 👏

May 24, 2026

How I Hacked My College - Part 2

A simple challenge turned into a real-world demonstration of why cybersecurity matters. In this part, I share how a vulnerable search functionality led to a Blind SQL Injection attack that exposed critical college database information and how responsible disclosure helped secure the systems before any real damage could happen.

Read →

8 views · 60 👏

May 24, 2026

How I Hacked My College - Part 1

Started as curiosity during my college days and eventually uncovered multiple critical vulnerabilities through authorized security testing. This series covers how weak configurations, exposed files, and insecure coding practices led to a complete compromise of college systems.

Read →

10 views · 62 👏