infosec-write-ups-medium
feeds.twtxt.netNo description provided.
My First P1 ⌘ Read more
Wazuh: The Free and Open Source SIEM/XDR Platform ⌘ Read more
A User to Admin: How I Went From Nobody to Owning the Admin Panel ⌘ Read more
** DevSecOps Phase 4B: Manual Penetration Testing** ⌘ Read more
Google Dorking: A Hacker’s Best Friend
Hey, hacker friends! Ever wonder why people say Google is a hacker’s best friend? Well, I’m about to show you why.
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/google-dorking-a-hackers-best-friend-716dfb3e9739? … ⌘ Read more
The Hidden Admin Backdoor in Reddit Ads
An Invisibility Cloak for Attackers: How One Admin Created a Stealth Account That Even the Owner Couldn’t See or Remove
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/the-hidden-admin-backdoor-in-reddit-ads … ⌘ Read more
Bypassing Regex Validations to Achieve RCE: A Wild Bug Story
Free Article Lin
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/bypassing-regex-validations-to-achieve-rce-a-wild-bug-story-6476faccbc23?source=r … ⌘ Read more
The Year We Lost Control: How the AI Race Could End Humanity — or Save It
By now, you’ve probably heard whispers of a future shaped entirely by artificial intelligence. From Nobel laureates to the godfather of AI…
… ⌘ Read more
Security Logs Made Simple: The Foundation of Cybersecurity Monitoring ⌘ Read more
Why Multi-Factor Authentication Matters: A Guide I Wrote After Getting Hacked. ⌘ Read more
Memory Analysis Introduction | TryHackMe Write-Up | FarrosFR
Non-members are welcome to access the full story here.
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/memory-analysis-introduction-tryhackme-write-up-farrosfr-32e … ⌘ Read more
Passkeys: The Waterproof Defense Against Phishing Attacks
The Passkeys — a next-generation authentication technology poised to be a game-changer, offering what many describe as a truly waterproof…
[Continue reading on InfoSec Write-ups … ⌘ Read more
A Hidden Backdoor: Bypassing reCAPTCHA on the Sign-up Page
Free Article Link: Click for free!
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/a-hidden-backdoor-bypassing-recaptcha-on-the-sign-up-page-2b5b3c18257f … ⌘ Read more
Aditya Birla Capital Threat Intelligence Report: A 360° View of External Digital Risks ⌘ Read more
** Cache Me If You Can: How I Poisoned the CDN and Hijacked User Sessions**
Free Link 🎈
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/cache-me-if-you-can-how-i-poisoned-the-cdn-and-hijacked … ⌘ Read more
Unauthenticated Remote Code Execution in vBulletin 6.0.1 via replaceAdTemplate Method ⌘ Read more
Leaking in Plain Sight: How Short Links Expose Sensitive Data ⌘ Read more
Walkthrough - Host & Network Penetration Testing: System-Host Based Attacks CTF 2 ⌘ Read more
Walkthrough — Assessment Methodologies: Vulnerability Assessment CTF 1 ⌘ Read more
GitHub Recon: The Underrated Technique to Discover High-Impact Leaks in Bug Bounty
Master the Art of Finding API Keys, Credentials and Sensitive Data in Public Repositories
[Continue re … ⌘ Read more
**Uncovering Amazon S3 Bucket Vulnerabilities: A Comprehensive Guide for Ethical Hackers **
How to Identify, Exploit, and Secure S3 Bucket Misconfigurations
[Continue reading on InfoSec Wr … ⌘ Read more
Logic Flaw: Deleting HackerOne Team Reports Without Access Rights
How a GraphQL Mutation Allowed Unauthorized Report Deletion Across Teams
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/logic-flaw … ⌘ Read more
AI-Powered SQLMap: Smarter SQL Injection Testing Guide ⌘ Read more
Bypassing Windows Defender & AVs with an LNK Exploit to Gain a Reverse Shell ⌘ Read more
This One Hacker Trick Got Me Access to an Admin Dashboard ️
Sometimes, it’s not about brute force. It’s about finesse. One header. One oversight. One open door.
— A Hacker’s Mindset 🧠
[Continue reading on InfoSec … ⌘ Read more
Cracking JWTs: A Bug Bounty Hunting Guide [Part 1] ⌘ Read more
ChatGPT Jailbreaking: A Sneaky Loophole That Exposes Ethical Gaps ⌘ Read more
Walkthrough — Assessment Methodologies: Information Gathering CTF 1 ⌘ Read more
**Unsafe Redirects = Unlimited Ride: How Open Redirect Led Me to Internal Dashboards **
Hey there!😁
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/unsafe-redirects-unlimi … ⌘ Read more
I Tried 10 Recon Tools for 7 Days — Here’s What Actually Found Bugs
Free Article Link
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/i-tried-10-recon-tools-for-7-days-heres-what-actually-found-bug … ⌘ Read more
$500 Bounty: Shopify Referrer Leak: Hijacking Storefront Access with a Single Token
Referrer Header Leaks + Iframe Injection = Storefront Password Bypass
[Continue reading on InfoSec Writ … ⌘ Read more
Extracting saved passwords in Chrome using python ⌘ Read more
Profiler: Your Digital Detective Platform ⌘ Read more
Hacking Insights: Gaining Access to University of Hyderabad Ganglia Dashboard ⌘ Read more
Part 3: How to Become a Pentester in 2025: Programming & Scripting Foundations for pentester ⌘ Read more
$750 Bounty: for HTTP Reset Password Link in Mattermost
How an Unsecured Protocol in a Critical Workflow Opened the Door for Network-Based Account Takeovers
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/750-bounty-for … ⌘ Read more
Day 5: DOM XSS in jQuery anchor href attribute sink using location.search ⌘ Read more
Exploiting Web Cache Poisoning with X-Host Header Using Param Miner
[Write-up] Web Cache Poisoning Using an Unknown Header.
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/exploiting-web-ca … ⌘ Read more
**Header Injection to Hero: How I Hijacked Emails and Made the Server Sing **
Hey there!😁
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/header-injection-to-hero-how-i-hijacked-emails-an … ⌘ Read more
Beyond best practices: Using OWASP ASVS to bake security into your delivery pipeline for 2025
How to turn a community-driven checklist into a living part of your SDLC.
[Cont … ⌘ Read more
Find Secrets in Hidden Directories Using Fuzzing ️
Free Article Link
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/find-secrets-in-hidden-directories-using-fuzzing-%EF%B8%8F-1666d6f34fd8?source=rss—-7b722bfd1b8d- … ⌘ Read more
Day 4: DOM XSS in innerHTML sink using source location.search: Zero to Hero Series — Portswigger ⌘ Read more
Lab: Exploiting server-side parameter pollution in a query string
Server Side parameter pollution
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/lab-exploiting-server-side-parameter-pollution-in-a … ⌘ Read more
Exploiting Server-Side Parameter Pollution in Query Strings — An API Hacking Tale ⌘ Read more
Breaking Twitter’s VPN: $20,160 Bounty for a Pre-Auth RCE via Pulse Secure Chain
How Orange Tsai & Meh Chang Combined File Read, Session Hijack, and Admin Injection to Breach Twitter’s Internal … ⌘ Read more
**One Endpoint to Rule Them All: How I Chained 3 Bugs into Full Account Takeover **
Hey there!😁
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/one-endpoint-to-rule-them-all-h … ⌘ Read more