Passkeys: The Waterproof Defense Against Phishing Attacks
The Passkeys — a next-generation authentication technology poised to be a game-changer, offering what many describe as a truly waterproof…
[Continue reading on InfoSec Write-ups … ⌘ Read more
A Hidden Backdoor: Bypassing reCAPTCHA on the Sign-up Page
Free Article Link: Click for free!
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/a-hidden-backdoor-bypassing-recaptcha-on-the-sign-up-page-2b5b3c18257f … ⌘ Read more
** Cache Me If You Can: How I Poisoned the CDN and Hijacked User Sessions**
Free Link 🎈
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/cache-me-if-you-can-how-i-poisoned-the-cdn-and-hijacked … ⌘ Read more
Unauthenticated Remote Code Execution in vBulletin 6.0.1 via replaceAdTemplate Method ⌘ Read more
Walkthrough — Assessment Methodologies: Vulnerability Assessment CTF 1 ⌘ Read more
GitHub Recon: The Underrated Technique to Discover High-Impact Leaks in Bug Bounty
Master the Art of Finding API Keys, Credentials and Sensitive Data in Public Repositories
[Continue re … ⌘ Read more
10 Quirky, but Necessary, Food Safety Rules of the Past
Long before “hand sanitizer” became a household staple or single-use packaging sparked environmental debates, a series of surprisingly odd—and occasionally ingenious—food-safety laws quietly reshaped what ended up on our plates (and in our hands). From Victorian London’s shared ice-cream glasses that contributed to typhoid outbreaks to postwar Japan’s precision-sealed juice jars, each bizarre reform emerged […]
The post [1 … ⌘ Read more
**Uncovering Amazon S3 Bucket Vulnerabilities: A Comprehensive Guide for Ethical Hackers **
How to Identify, Exploit, and Secure S3 Bucket Misconfigurations
[Continue reading on InfoSec Wr … ⌘ Read more
Logic Flaw: Deleting HackerOne Team Reports Without Access Rights
How a GraphQL Mutation Allowed Unauthorized Report Deletion Across Teams
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/logic-flaw … ⌘ Read more
This One Hacker Trick Got Me Access to an Admin Dashboard ️
Sometimes, it’s not about brute force. It’s about finesse. One header. One oversight. One open door.
— A Hacker’s Mindset 🧠
[Continue reading on InfoSec … ⌘ Read more
Cracking JWTs: A Bug Bounty Hunting Guide [Part 1] ⌘ Read more
Walkthrough — Assessment Methodologies: Information Gathering CTF 1 ⌘ Read more
**Unsafe Redirects = Unlimited Ride: How Open Redirect Led Me to Internal Dashboards **
Hey there!😁
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/unsafe-redirects-unlimi … ⌘ Read more
I Tried 10 Recon Tools for 7 Days — Here’s What Actually Found Bugs
Free Article Link
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/i-tried-10-recon-tools-for-7-days-heres-what-actually-found-bug … ⌘ Read more
MYIR Launches Sub-$100 i.MX 91 Board for Embedded and Industrial Use
MYIR has introduced the MYC-LMX91, a compact SoM powered by NXP’s energy-efficient i.MX 91 processor. Designed for smart devices, the module targets applications such as industrial gateways, EV chargers, smart home systems, medical platforms, and building automation. The MYC-LMX91 is built around the 1.4 GHz Arm Cortex-A55-based i.MX 91 (MIMX9131CVVXJAA) and comes equipped with 1GB […] ⌘ Read more
$500 Bounty: Shopify Referrer Leak: Hijacking Storefront Access with a Single Token
Referrer Header Leaks + Iframe Injection = Storefront Password Bypass
[Continue reading on InfoSec Writ … ⌘ Read more
$750 Bounty: for HTTP Reset Password Link in Mattermost
How an Unsecured Protocol in a Critical Workflow Opened the Door for Network-Based Account Takeovers
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/750-bounty-for … ⌘ Read more
Exploiting Web Cache Poisoning with X-Host Header Using Param Miner
[Write-up] Web Cache Poisoning Using an Unknown Header.
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/exploiting-web-ca … ⌘ Read more
**Header Injection to Hero: How I Hijacked Emails and Made the Server Sing **
Hey there!😁
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/header-injection-to-hero-how-i-hijacked-emails-an … ⌘ Read more
Carney says Canada is looking to join major European military buildup by July 1 ⌘ Read more
10biForthOS: a full 8086 OS in 46 bytes
An incredibly primitive operating system, with just two instructions: compile (1) and execute (0). It is heavily inspired by Frank Sergeant 3-Instruction Forth and is a strip down exercise following up SectorForth, SectorLisp, SectorC (the C compiler used here) and milliForth. Here is the full OS code in 46 bytes of 8086 assembly opcodes. ↫ 10biForthOS sourcehut page Yes, the entire operating system easily fits right here, inside an OSNews quote block: … ⌘ Read more
Beyond best practices: Using OWASP ASVS to bake security into your delivery pipeline for 2025
How to turn a community-driven checklist into a living part of your SDLC.
[Cont … ⌘ Read more
Find Secrets in Hidden Directories Using Fuzzing ️
Free Article Link
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/find-secrets-in-hidden-directories-using-fuzzing-%EF%B8%8F-1666d6f34fd8?source=rss—-7b722bfd1b8d- … ⌘ Read more
Lab: Exploiting server-side parameter pollution in a query string
Server Side parameter pollution
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/lab-exploiting-server-side-parameter-pollution-in-a … ⌘ Read more
Breaking Twitter’s VPN: $20,160 Bounty for a Pre-Auth RCE via Pulse Secure Chain
How Orange Tsai & Meh Chang Combined File Read, Session Hijack, and Admin Injection to Breach Twitter’s Internal … ⌘ Read more
**One Endpoint to Rule Them All: How I Chained 3 Bugs into Full Account Takeover **
Hey there!😁
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/one-endpoint-to-rule-them-all-h … ⌘ Read more
Demystifying Cookies : The Complete Guide for Bug Bounty Hunters — Part 1
Everything you need to know about cookies to expand your attack surface and find real bugs.
[Continue reading on InfoSec Write-ups »](h … ⌘ Read more
**Silent but Deadly: How Blind XSS in Email Notifications Gave Me Root Alerts **
Hey there!😁
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/silent-but-deadly-how-blind-xss-in-email … ⌘ Read more
DFIR: An Introduction | TryHackMe Write-Up | FarrosFR
Here is my article on the walkthrough of a free room: DFIR: An Introduction. Introductory room for the DFIR module. I wrote this in 2025…
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/ … ⌘ Read more
MITM HTTPS Payload with Python
A lightweight MITM tool for monitoring encrypted traffic and detecting threats powered by AI and built in Python
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/mitm-https-payload-with-python-499ebf8e933f?source=rss—-7b722bfd1b8d— … ⌘ Read more
**From CSP to OMG: How a Tiny Misconfigured Header Let Me Run JS Anywhere **
Hey there!😁
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/from-csp-to-omg-how-a-tiny-misconfigured-header-let- … ⌘ Read more
I Gave Myself 60 Minutes to Find a Bug — This Is What Happened
Free Article Link
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/i-gave-myself-60-minutes-to-find-a-bug-this-is-what-happened-e5fa76563a33?so … ⌘ Read more
Maybe you’ll enjoy this as well:
I still have one of my first modems, a Creatix LC 144 VF:
I think this was the modem that I used when I first connected to the internet, but I’m not sure.
I plugged it in again and it still works:
The firmware appears to be from 1994, which sounds about right. I don’t think we had internet access before that. We certainly did use local mailboxes, though. (Or BBS’s, as you might call them.)
I now want to actually use that modem again. For the moment, I can only use a phone to dial into it, I lack a second modem to actually establish a connection. Here’s a video:
Not spectacular, but the modem does answer after me entering ATA.
I bought another cheap old modem on eBay and am now waiting for it to arrive. Once it’s here, I want to simulate an actual dial-up session, hopefully from OS/2 or Windows 3.x.
Trump crashes Russian stock market: minus US$1 billion in few hours ⌘ Read more
Drones hit Russia’s Shahed drone factory 1,200 km from Ukraine again ⌘ Read more
From Zero to $1000/Month | Bug Bounty Automation Blueprint
Proven Tactics, Tools, and Code to Automate Your Way to Consistent Bounties
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/from-zero-to-1000-month-bug-boun … ⌘ Read more
️My Top 7 Mistakes as a New Bug Hunter (And How to Avoid Them)
Free Article Link only for you
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/%EF%B8%8Fmy-top-7-mistakes-as-a-new-bug-hunter- … ⌘ Read more
** The Misconfigured Magnet: How Public Buckets Exposed Millions of User Files **
Hey there😁
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/the-misconfigured-magnet-how-public-buck … ⌘ Read more