Bypassing HackerOne Report Ban Using API Key
How a Banned Researcher Could Still Submit Reports Using the REST API
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/bypassing-hackerone-report-ban-using-api-key-061711e873c6?source=rss—-7b … ⌘ Read more
Top File Read Bug POCs that made $20000
Learning & Methodology to find File Read from top 5 POCs by Elite hackers
JWT the Hell?! How Weak Tokens Let Me Become Admin with Just a Text Editor ️
Hey there!😁
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/jwt-the-hell-how-weak-to … ⌘ Read more
404 to $4,000: Exposed .git, .env, and Hidden Dev Files via Predictable Paths”
How Bug Bounty Hunters Can Turn Common 404s Into Critical Information Disclosure Bounties
[Continue reading on InfoSec Write-u … ⌘ Read more
**2. Setting Up the Ultimate Hacker’s Lab (Free Tools Only) **
“You don’t need a fortune to break into bug bounty. You just need the right mindset — and the right setup.”
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/2-se … ⌘ Read more
{CyberDefenders Write-up}OskiCategory: Threat Intel ⌘ Read more
Exploiting the Gaps in Password Reset Verification
Free Article Link: Click for free!
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/exploiting-the-gaps-in-password-reset-verification-9bb86ec95d29?source=rss—-7b722bfd1b8d– … ⌘ Read more
Learning YARA: A Beginner SOC Analyst’s Notes
Learn how to build a YARA-powered malware detection and automation system using n8n, GPT, and hybrid analysis tools. This hands-on guide…
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/learnin … ⌘ Read more
**From Forgot Password to Forgot Validation: A Broken Flow That Let Me Take Over Accounts **
Hey there!😁
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/from … ⌘ Read more
Bug Bounty from Scratch | Everything You Need to Know About Bug Bounty
📌Free Article Link
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/bug-bounty-from-scratch-everything-you-need-to-know … ⌘ Read more
** Admitting that they’re really never weekly notes **
While everyone is up to their eyeballs in puzzles playing Blue Prince I’ve been playing some Fire Emblem: Blazing Sword on the Gameboy Advanced. I’ve also set up the playdate to mirror at my computer and have been having fun exploring the games in season 2! Mostly just Dig! Dig! Dino!, so far.
I decided to learn OCaml a few weeks ago. I’ve been writing a rogue clone in it. I am enjoying is and the entire ML fami … ⌘ Read more
Google Dorking: A Hacker’s Best Friend
Hey, hacker friends! Ever wonder why people say Google is a hacker’s best friend? Well, I’m about to show you why.
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/google-dorking-a-hackers-best-friend-716dfb3e9739? … ⌘ Read more
The Hidden Admin Backdoor in Reddit Ads
An Invisibility Cloak for Attackers: How One Admin Created a Stealth Account That Even the Owner Couldn’t See or Remove
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/the-hidden-admin-backdoor-in-reddit-ads … ⌘ Read more
Bypassing Regex Validations to Achieve RCE: A Wild Bug Story
Free Article Lin
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/bypassing-regex-validations-to-achieve-rce-a-wild-bug-story-6476faccbc23?source=r … ⌘ Read more
Memory Analysis Introduction | TryHackMe Write-Up | FarrosFR
Non-members are welcome to access the full story here.
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/memory-analysis-introduction-tryhackme-write-up-farrosfr-32e … ⌘ Read more
Passkeys: The Waterproof Defense Against Phishing Attacks
The Passkeys — a next-generation authentication technology poised to be a game-changer, offering what many describe as a truly waterproof…
[Continue reading on InfoSec Write-ups … ⌘ Read more
A Hidden Backdoor: Bypassing reCAPTCHA on the Sign-up Page
Free Article Link: Click for free!
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/a-hidden-backdoor-bypassing-recaptcha-on-the-sign-up-page-2b5b3c18257f … ⌘ Read more
** Cache Me If You Can: How I Poisoned the CDN and Hijacked User Sessions**
Free Link 🎈
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/cache-me-if-you-can-how-i-poisoned-the-cdn-and-hijacked … ⌘ Read more
Logic Flaw: Deleting HackerOne Team Reports Without Access Rights
How a GraphQL Mutation Allowed Unauthorized Report Deletion Across Teams
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/logic-flaw … ⌘ Read more
**Unsafe Redirects = Unlimited Ride: How Open Redirect Led Me to Internal Dashboards **
Hey there!😁
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/unsafe-redirects-unlimi … ⌘ Read more
I Tried 10 Recon Tools for 7 Days — Here’s What Actually Found Bugs
Free Article Link
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/i-tried-10-recon-tools-for-7-days-heres-what-actually-found-bug … ⌘ Read more
I am disappointed in the AI discourse
Yeah I know this place is generally super anti-AI. But I figured it’s dishonest to not also post it here. I’d love to see more nuanced posts on this topic here.
$750 Bounty: for HTTP Reset Password Link in Mattermost
How an Unsecured Protocol in a Critical Workflow Opened the Door for Network-Based Account Takeovers
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/750-bounty-for … ⌘ Read more
Exploiting Web Cache Poisoning with X-Host Header Using Param Miner
[Write-up] Web Cache Poisoning Using an Unknown Header.
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/exploiting-web-ca … ⌘ Read more
**Header Injection to Hero: How I Hijacked Emails and Made the Server Sing **
Hey there!😁
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/header-injection-to-hero-how-i-hijacked-emails-an … ⌘ Read more
Find Secrets in Hidden Directories Using Fuzzing ️
Free Article Link
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/find-secrets-in-hidden-directories-using-fuzzing-%EF%B8%8F-1666d6f34fd8?source=rss—-7b722bfd1b8d- … ⌘ Read more
Lab: Exploiting server-side parameter pollution in a query string
Server Side parameter pollution
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/lab-exploiting-server-side-parameter-pollution-in-a … ⌘ Read more
**One Endpoint to Rule Them All: How I Chained 3 Bugs into Full Account Takeover **
Hey there!😁
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/one-endpoint-to-rule-them-all-h … ⌘ Read more
Demystifying Cookies : The Complete Guide for Bug Bounty Hunters — Part 1
Everything you need to know about cookies to expand your attack surface and find real bugs.
[Continue reading on InfoSec Write-ups »](h … ⌘ Read more
**Silent but Deadly: How Blind XSS in Email Notifications Gave Me Root Alerts **
Hey there!😁
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/silent-but-deadly-how-blind-xss-in-email … ⌘ Read more
DFIR: An Introduction | TryHackMe Write-Up | FarrosFR
Here is my article on the walkthrough of a free room: DFIR: An Introduction. Introductory room for the DFIR module. I wrote this in 2025…
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/ … ⌘ Read more
MITM HTTPS Payload with Python
A lightweight MITM tool for monitoring encrypted traffic and detecting threats powered by AI and built in Python
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/mitm-https-payload-with-python-499ebf8e933f?source=rss—-7b722bfd1b8d— … ⌘ Read more
**From CSP to OMG: How a Tiny Misconfigured Header Let Me Run JS Anywhere **
Hey there!😁
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/from-csp-to-omg-how-a-tiny-misconfigured-header-let- … ⌘ Read more
I Gave Myself 60 Minutes to Find a Bug — This Is What Happened
Free Article Link
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/i-gave-myself-60-minutes-to-find-a-bug-this-is-what-happened-e5fa76563a33?so … ⌘ Read more
From Zero to $1000/Month | Bug Bounty Automation Blueprint
Proven Tactics, Tools, and Code to Automate Your Way to Consistent Bounties
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/from-zero-to-1000-month-bug-boun … ⌘ Read more
️My Top 7 Mistakes as a New Bug Hunter (And How to Avoid Them)
Free Article Link only for you
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/%EF%B8%8Fmy-top-7-mistakes-as-a-new-bug-hunter- … ⌘ Read more
Exploiting Unsanitized URL Handling & SQL Injection via Deep Links in iOS App: Write-up of Flipcoin ⌘ Read more