While hunting on a program on H1 I needed to register an account to start exploring authenticated requests of the application, tried to register with my phone number but found that it only accepts phone numbers from specific country, so I wasn’t able to use my phone number and had to start attacking from this point only to get an account.


To register an account the application was sending SMS to registered phone number then forcing 3 controls on verification function:

1- Rate limit control that only allows 60 requests per minute.
2- Once exceeding the rate limit IP and phone…

Hello All,

Here is my journey into taking the GWAPT (GIAC Web Application Penetration Tester) exam without attending the course and with a score of 86%.


Mohamed Talaat (@T4144t)

Penetration Tester | Bug Bounty Hunter

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store