infosec-write-ups-medium
feeds.twtxt.netNo description provided.
$2,900 Bounty: Public S3 Bucket Exposure in Shopify
How a Simple S3 Misconfiguration Exposed Private Images Across Shopify Stores and Earned a $2,900 Bounty
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/2-900-bounty-public-s … ⌘ Read more
2025 Mobile App Pentesting Guide: Tools, Techniques & Real-World Examples ⌘ Read more
Beyond Alert Boxes: Exploiting DOM XSS for Full Account Takeover
Hello Hunters, as you all know, XSS is one of the most common web vulnerabilities, often underestimated but capable of causing severe…
[Continue reading on … ⌘ Read more
Hack Any Mobile Phone Remotely
Ethically — but note — this used to work great with phone under android 10
Containers vs Virtual Machines: Key Differences, Benefits, and Use Cases Explained
Discover the difference between containers and virtual machines, their benefits, and use cases to make smarter inf … ⌘ Read more
Threat Profiling 101: How to Create a Threat Profile
Learn how to create effective threat profiles to identify and prioritize relevant cyber threats for your organization.
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/th … ⌘ Read more
The Ultimate Guide to Cyber Threat Actors: Exploring Hackers, Hacktivists, and Their Tactics
How can we understand the impact of hackers and hacktivists on global cyberse … ⌘ Read more
$1000 Bounty: Account Takeover via Host Header Injection in Password Reset Flow
Free Article Link: Click for free!
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/1000-boun … ⌘ Read more
** Bypassing Regex Validations to Achieve RCE: A Wild Bug Story**
✨Free Article Link
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/bypassing-regex-validations-to-achieve-rce-a-wild-bug-story-4c523f69b9f8?sourc … ⌘ Read more
$750 Bounty: Sensitive Data Exposure
When Deep Links Go Deeply Wrong: The Zomato Insecure WebView Story
** I Slashed My Spring Boot Startup Time to 1.8**
When people complain about Spring Boot being slow, it’s not entirely wrong — but it’s often misunderstood. Out of the box, Spring Boot is…
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/i-sl … ⌘ Read more
Stored XSS Led to OAuth App Credential Theft and Info Disclosure
Hello folks,
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/stored-xss-led-to-oauth-app-credential-theft-and-info-disclosure-85545fca3948?sou … ⌘ Read more
Bug Hunting for Real: Tools, Tactics, and Truths No One Talks About
Let’s Skip the “Sign Up on HackerOne” Talk
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/bug-hunting-for-real-tools-tactics-and-truths-no … ⌘ Read more
Equifax Breach: How a $700M Mistake Happened
When Trust Crumbled: The Human Toll of a Single Unpatched Server
Secure your Python applications: Best practices for developers
Practical security tips every Python developer should know — from dependency safety to protecting against injection attacks and securing…
[Continue reading on InfoSec Write … ⌘ Read more
** DevSecOps Phase 3: Build Stage — CI/CD Security Gate with SAST + SCA** ⌘ Read more
Modest Payouts, Major Payoff: 4 IDORs That Netted $12K ⌘ Read more
The Ultimate Guide to Email Input Field Vulnerability Testing
Real-world methods and payloads for testing email field security
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/the-ultimate-guide-to-email- … ⌘ Read more
$800 Bounty: Account Takeover in Shopify
A Simple Trick to Steal Creator Accounts? $800 Bounty for Account Takeover
“Low on Space in Kali Linux? Here’s How I Fixed It and Freed Up GBs”
“I was in the middle of a pentesting session when Kali refused to cooperate.”
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/lo … ⌘ Read more
This Simple Domain Hack Is Fooling Millions: Don’t Be Next!
Cybercriminals are using lookalike URLs powered by Punycode to mimic trusted sites and steal your data.
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/t … ⌘ Read more
** DevSecOps Phase 2: Code & Commit Stage — Harden the Developer Workflow** ⌘ Read more
** DevSecOps Phase 1: Planning & Security Requirements Engineering** ⌘ Read more
$3750 Bounty: Account Creation with Invalid Email Addresses
How a Simple Email Validation Flaw Earned a $3,750 Bounty
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/3750-bounty-account-creation-with-invalid-em … ⌘ Read more
How To Set Up Your Ultimate OOB Bug-Hunting Server
Having your own hacking server is one of the most important investments you can make in your bug bounty journey.
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/how-to-set-up-your-ultimate … ⌘ Read more
** How I Found Internal Dashboards Using Google Dorks + OSINT**
Free Article Link
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/how-i-found-internal-dashboards-using-google-dorks-osint-5f2c9515fcd6?source=rss—-7b7 … ⌘ Read more
Beyond the Click: Writing Introductions That Keep Readers Glued to the Page
Got the click? Now keep them reading! Discover the powerful introduction writing secrets top Medium writers use to hook read … ⌘ Read more
** AI-Powered Mystery Box Scams** ⌘ Read more
DORA Has Entered the Chat: EU’s New Cyber Rulebook Reshaping Financial Security ⌘ Read more
Exploiting File Inclusion: From Dot-Dot-Slash to RCE using PHP Sessions, Log Poisoning, and…
Advanced File Inclusion Exploits: Sessions, Log Poisoning & Wrapper Chaining.
… ⌘ Read more
**IDOR Attacks Made Simple: How Hackers Access Unauthorized Data **
IDOR Attacks Made Simple: How Hackers Access Unauthorized Data 🔐
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/idor-attacks-made-simple-h … ⌘ Read more
9 Sources of Security & Privacy Threats in LLM Agents ⌘ Read more
Why You Can’t Stop Online Scams (Fast Flux Secrets Revealed)
Learn How Fast Flux Helps Cybercriminals Avoid Detection and Keep Their Scams Online
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/why-you-cant-stop-onlin … ⌘ Read more
** Payloads in Plain Sight: How Open Redirect + JavaScript Led to Full Account Takeover **
Hey there!😁
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/payloads-in-plai … ⌘ Read more
Active Storage’s Big Mistake: A $4,323 Lesson in Session Security
How to Install and Deploy Applications on Apache Tomcat Complete Guide
Learn how to install Apache Tomcat on CentOS, explore its directory structure, deploy Java web apps, and optimize your production setup…
[Cont … ⌘ Read more
Mastering Apache Web Server on CentOS: Installation, Configuration, and Virtual Hosts
Learn to install, configure, and manage the Apache web server on CentOS, including virtual hosts and bes … ⌘ Read more
Will AI Replace Cybersecurity? The Truth About the Future of Cyber Defense ⌘ Read more
Mastering Git Remote Repositories, Push, Pull, Clone, and Merge Conflicts: The Complete Beginner’s…
Learn everything about Git remote repositories, pushing, pullin … ⌘ Read more
Let’s Encrypt: Why You should (and Shouldn’t) use free SSL certificates
Free, fast, and secure — but is Let’s Encrypt the right SSL solution for your website?
[Continue reading on InfoSec Write-ups »](https://infosecwriteup … ⌘ Read more
** The $2500 bug: Remote Code Execution via Supply Chain Attack** ⌘ Read more
How I Earned $8947 bounty for Remote Code Execution via a Hijacked GitHub Module ⌘ Read more
Crack Windows Password [Ethical Hacking Article]
This Article describes you to reset your windows password by using manipulation technique.
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/crack-windows-password-ethical-hacking-artic … ⌘ Read more
$1000+ Passive Recon Strategy You’re Not Using (Yet)
Still using subfinder & sublist3r tools for finding assets while recon??
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/1000-passive-recon-strategy-youre-not-using-yet-164f5b1e … ⌘ Read more
The Ultimate Guide to a Successful Career in Cybersecurity
As a newcomer to cybersecurity, you’re going to encounter a lot of difficulties, and at times, you’ll feel overwhelmed and frustrated.
[Continue reading on InfoSec Write-ups »](https … ⌘ Read more