She just turned 4 today!! ⌘ Read more
IPinfo Free Geolocation API: Tools, Setup & Use Cases ⌘ Read more
$10,500 Bounty: A Grammarly Account Takeover Vector
When a Space Breaks the System: How Improper Entity Validation Led to a Full SSO Denial and Potential Account Takeovers
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/10-500- … ⌘ Read more
How I Gained Root Access on a Vulnerable Web Server: From Reconnaissance to Privilege Escalation
Web Server Exploitation & Privilege Escalation - Full Walkthr … ⌘ Read more
0 to First Bug: What I’d Do Differently If I Started Bug Bounty Today
Free Article Link
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/0-to-first-bug-what-id-do-differently-if-i-started-bug … ⌘ Read more
I Built a Tool to Hack AI Models — Here’s What It Uncovered
A few months ago, I was auditing a chatbot deployed inside a financial services platform. It used a mix of retrieval-augmented generation…
[Continue reading on InfoSec Write-ups »](http … ⌘ Read more
**Caching Trouble: The Public Cache That Leaked Private User Data **
Hey there!😁
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/caching-trouble-the-public-cache-that-leaked-private-user-data-0d410af5cb4c … ⌘ Read more
$500 Bounty: A Referer Leak in Brave’s Private Tor Window
When Anonymity Isn’t Anonymous: $500 Bounty for Revealing a Brave Referer Exposure
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/500-bounty-a-referer-leak-in … ⌘ Read more
Instagram API Documentation: Key Concepts Explained for Developers ⌘ Read more
Get Geocoding API Key: Step-by-Step Guide for Developers ⌘ Read more
On my blog: Free Culture Book Club — Pilogy, part 4 https://john.colagioia.net/blog/2025/05/17/pilogy-4.html #freeculture #bookclub
Buying a TV these days, means trying to avoid endless enshitification:
-Spyware and adware
-Shitty AI upscaling/ frame interpolation
-HW that breaks after 2 - 3 years
-One off OS, dead on arrival
-Android OS, that starts lagging after the third update
-8 buttons worth of ads, on your remote
You probably have to make some kind of a compromise. I thought that was buying from some other brand like Hyundai, but that one also felt into some of those categories and just broke, after less than 3 years of use. At this point I’ll probably go back to LG and hope their HW is still reliable and the rest manageable… It has AI bullshit and knowing LG, probably some spyware you have to try your best to get rid of, can buy a remote with “only” 2 ads on it, some web-based OS shared between all their TVs, that usually gets 4 - 5 years worth of updates and works decently enough afterwards.
At this point, I’ll probably settle for anything that doesn’t literally fall apart, not even 3 years in, like the Hyundai did.
Part-2️♂️Bug Bounty Secrets They Don’t Tell You: Tricks From 100+ Reported Bugs
✨Free Article Link
[Continue reading on InfoSec Write-ups »](https://infosecwri … ⌘ Read more
$500 Bounty: Race Condition in Hacker101 CTF Group Join
$500 for discovering a timing flaw in Hacker101’s invite system that let users join the same team multiple times
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/50 … ⌘ Read more
Secret to find bugs in five minutes. Juicy reality. ⌘ Read more
Securing MCP Servers: Key Lessons from a Vulnerable Project ⌘ Read more
Microsoft Goes Passwordless: What You Need to Know ⌘ Read more
** NoSQL Injection Detection — A hands-on Exploitation Walkthrough** ⌘ Read more
How a Simple Logic Flaw Led to a $3,250 Bounty
Claiming Unclaimed Restaurants on Zomato via OTP Manipulation
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/how-a-simple-logic-flaw-led-to-a-3-250-bounty-476d747bf57a?source=rss—-7b722 … ⌘ Read more
From 0 to $$$: Finding Rate Limit Bypasses Like a Pro ⌘ Read more
Xiaomi joins Google Pixel in making its own smartphone chip
Following rumors, Xiaomi today announced that it will launch its very own chip for smartphones later this month. The “XRING 01” is a chip that the company has apparently been working on for over 10 years now. Details about the chip are scarce so far, but GizmoChina points to recent leaks that suggest the chip is built on a 4nm process through TSMC. The chip supposedly has a 1+3+4 layout and should lag just a bit … ⌘ Read more
** Blog Title: Not Your File: How Misconfigured MIME Types Let Me Upload Evil Scripts **
Hey there!😁
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/blog-title-not-your … ⌘ Read more
☕Best Tool for Analyzing Java Files (90% of Hackers Don’t Know This)
Free Article Link
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/best-tool-for-analyzing-java-files-90-of-hackers-dont-know-this- … ⌘ Read more
Application Security Checklist: From Idea to Production ⌘ Read more
How to Pitch at RSA Innovation Sandbox, Black Hat Startup Spotlight, and GISEC Cyberstars ⌘ Read more
Expose & Explore: Discover misconfigured service protocols and ports using Linux
Internet Assigned Numbers Authority (IANA) is the organisation responsible for managing and assigning port number … ⌘ Read more
Hacking With No Tools: How to Break Web Apps Using Just Your Browser ️♂️
Hacking With No Tools: How to Break Web Apps Using Just Your Browser 🕵️♂️
[Continue reading on In … ⌘ Read more
Breaking In Through the Backdoor: Password Reset Gone Wrong
Imagine being able to take over any user’s account on a platform — even without their interaction. No phishing, no social engineering, and…
[Continue reading on InfoSec Wr … ⌘ Read more
↳
In-reply-to
»
@bender Basically the way I'm reading this is
⤋ Read More
1 RPM. This is a rather aggressive rate limit actually. This basically makes Github inaccessible and useless for basically anything unless you're logged in. You can basically kiss "pursuing" casually, anonymously goodbye.
@bender@twtxt.net 5, 4, 3, 2, 1 🤣
** JWT Exploitation: How I Forged Tokens and Took Over Accounts**
🔐Free Article Link
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/jwt-exploitation-how-i-forged-tokens-and-took-over-accounts-2e7ab1cf4df8?sour … ⌘ Read more
Top 8 Best Vulnerability Scanning Tools (2025 Guide) ⌘ Read more
HTB Zephyr Lab Explained: Real-World Red Team Operator Strategies for OSEP ⌘ Read more
How I Found a Way to Prolong Password Reset Code Expiry
Free Article Link: Click for free!
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/how-i-found-a-way-to-prolong-password-reset-code-expiry-6214391023de?source=rss—-7b7 … ⌘ Read more
How I Deleted Any User’s Account— No Interaction Needed
Free Article Link: Click for free!
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/how-i-deleted-any-users-account-no-interaction-needed-faae0442ff4f?source=rss—-7b722bfd1 … ⌘ Read more
**Forget Me Not: How Broken Logout Functionality Let Me Ride Sessions Forever **
Hey there!😁
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/forget-me-not-how-broken-logout-function … ⌘ Read more
I Broke Authentication — Without Exploiting Anything ⌘ Read more
$256 Bounty : XSS via Web Cache Poisoning in Discourse
How Injecting Headers and Poisoning Cache Led to Stored Cross-Site Scripting
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/256-bounty-xss-via-web-cache-poisoning-in-d … ⌘ Read more
The Human Firewall: Why Your Employees Are Both Your Greatest Vulnerability and Asset
In the high-stakes world of cybersecurity, organizations invest millions in sophisticated technologic … ⌘ Read more
DCShadow Attacks: Subverting Active Directory Replication for Stealthy Persistence
Technique that allows adversaries to manipulate directory data by simulating the behavior of a legitimate Doma … ⌘ Read more
Part 1: How to Become a Pentester in 2025: Free & Affordable Online Labs ⌘ Read more
Logic Flaw: Using Invitation Function to Block Other Accounts ⌘ Read more
Bug Chain: pre-auth takeover to permanent access. ⌘ Read more