Account Take Over | P1 — Critical
It started off like any other day until I got an unexpected email — an invite to a private bug bounty program. Curious, I jumped in. The…
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/account-take-over-p1-critical-5468ce8218b9?sour … ⌘ Read more
The weirdest bug:When Reflected XSS Won’t Let a Page Breathe ⌘ Read more
The Critical $1000 Bug:(blind SQL injection) ⌘ Read more
How to break RSA? A guide for Hackers and CTF players to crack the RSA encryption algorithm ⌘ Read more
Kerberos Authentication — In Layman terms ⌘ Read more
22. How to Get Invites to Private Programs
Unlock the secrets to landing exclusive private program invites and level up your bug bounty journey.
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/22-how-to-get-invites-to-private-programs-9bbb5166 … ⌘ Read more
How I found an unauthenticated goldmine of PII ⌘ Read more
Living Off the Cloud: Abusing Cloud Services for Red Teaming | Cyber Codex ⌘ Read more
21. Tips for Staying Consistent and Avoiding Burnout
What if the secret to lasting success isn’t working harder, but pacing yourself smarter?
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/21-tips-for-staying-consistent-an … ⌘ Read more
Business Logic Error - Bypassing Payment with Test Cards ⌘ Read more
My BTL1 Review ⌘ Read more
Unbelievable Security Hole: JWT Secret in a Series-B Funded Company
It started as a routine penetration test. Little did I know I was about to uncover one of the most basic yet catastrophic security…
[Continue reading on … ⌘ Read more
The $500 Stored XSS Bug in SideFX’s Messaging System
Hacking the Inbox: How a $500 Stored XSS Bug Exposed SideFX’s Messaging Flaw
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/the-500-stored-xss-bug-in-sidefxs-messaging-sys … ⌘ Read more
A Beginner’s Guide to Finding Hidden API Endpoints in JavaScript Files
How to discover what others miss in plain sight
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/a-beginners-guide-to-finding-h … ⌘ Read more
How I Solved TryHackMe Madness CTF: Step-by-Step Beginner-Friendly Walkthrough for 2025
How I Solved “Madness”: An Easy TryHackMe CTF Walkthrough
[Continue reading on InfoSec W … ⌘ Read more
Learn what MITM attack is, and how to identify the footprints of this attack in the network traffic.
Imagery HTB WriteUp: Season 9 Machine 2 ⌘ Read more
How I found Multiple Bugs on CHESS.COM & they refused
I found JS crash, disallowing anyone to view your profile and HTML Injection. But they ignored everything.
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/how-i-found-multiple-bug … ⌘ Read more
CORS Vulnerability with Trusted Insecure Protocols BurpSuite Walkthrough
CORS misconfig + HTTP subdomain XSS analysis showing API key exfiltration, exploit breakdown and remediation.
[Continue reading on InfoSec W … ⌘ Read more
Getting Hands-On with Kerbrute: Practical AD Enumeration & Attack Tactics ⌘ Read more
How to Repair Outlook PST File without ScanPST.exe? ⌘ Read more
**Hidden API Endpoints: The Hacker’s Secret Weapon **
I’m a cybersecurity enthusiast and the writer behind The Hacker’s Log — where I break down how real hackers think, find, and exploit…
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/ … ⌘ Read more
Adversary TTP Simulation Lab ⌘ Read more
How a Single Signup Flaw Exposed 162,481 User Records
My $8,500 Bug Bounty Story and the Critical Lesson in Authentication
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/how-a-single-signup-flaw-exposed-162-481-user-re … ⌘ Read more
Actuator Unleashed: A Guide to Finding and Exploiting Spring Boot Actuator Endpoints ⌘ Read more
Breaking Into HackTheBox: My Journey from Script Kiddie to Root
How I went from copying Pastebin scripts to actually understanding what I was doing — and how you can too.
[Continue reading on InfoSec Write-ups »](https://i … ⌘ Read more
SQHell: Manually hunting SQL injection with detailed explanation ⌘ Read more
Week 12— Async API Calls: fetch, Axios, and Promises ⌘ Read more
OSINT: Google Dorking Hacks: The X-Ray Vision for Google Search
You type in some keywords, scroll past 10 pages of useless results, and wonder why the internet’s hiding the good stuff. Sound familiar?
[Continue reading on Inf … ⌘ Read more
New Data Exfiltration Technique Using Brave Sync ⌘ Read more
Excel 2025 CTF | Anonymous (Miscellaneous) challenge Writeup ⌘ Read more
Mastering Google Dorking: Discovering Website Vulnerabilities
Deep Recon Made Simple: Powering Bug Hunting with Dorking Strategies
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/mastering-google-dorking-d … ⌘ Read more
** Secrets Hackers Don’t Tell: Recon Techniques That Actually Pay**
You see it in the movies: a hacker slams the keyboard, green text scrolls by, and BAM! They’re in. The entire breach takes 90 seconds.
[Continue reading on InfoSe … ⌘ Read more
Hiding in Plain Sight: Steganography, C2, and SVG Files ⌘ Read more
The Price of Neglect. The Big Questions Behind Jaguar Land Rover’s Government £1.5 B Cyber Bailout. ⌘ Read more
My Recon Automation Found an Email Confirmation Bypass
How a simple parameter led to a complete authentication bypass
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/my-recon-automation-found-an-email-confirmation-byp … ⌘ Read more
Expressway — HackTheBox walkthough ⌘ Read more
Red Stone One Carat — TryHackMe Challenge Write-up ⌘ Read more
TryHackMe Infinity Shell Walkthrough: Web Shell Forensics & CTF Guide ⌘ Read more
Pretty happy with my zs-blog-template starter kit for creating and maintaining your own blog using zs 👌 Demo of what the starter kit looks like here – Basic features include:
- Clean layout & typography
- Chroma code highlighting (aligned to your site palette)
- Accessible copy-code button
- “On this page” collapsible TOC
- RSS, sitemap, robots
- Archives, tags, tag cloud
- Draft support (hidden from lists/feeds)
- Open Graph (OG) & Twitter card meta (default image + per-post overrides)
- Ready-to-use 404 page
As well as custom routes (redirects, rewrites, etc) to support canonical URLs or redirecting old URLs as well as new zs external command capability itself that now lets you do things like:
$ zs newpost
to help kick-start the creation of a new post with all the right “stuff”™ ready to go and then pop open your $EEDITOR 🤞
↳
In-reply-to
»
I have a Python script that transforms the original YouTube channel Atom feed into a more useful Atom feed by removing the spam description and replacing it with the video duration, filtering out videos by title, duration, etc. I just updated it to exclude the damn Shorts garbage more efficiently. Finally, YouTube updated their Atom feed generation, so that the video URL contains
⤋ Read More
/short/ if it's of this useless kind. Never thought that they ever actually will improve their Atom feeds. Thank you, much appreciated!
@kat@yarn.girlonthemoon.xyz @movq@www.uninformativ.de Sorry, I neither finished it nor in time. :-( That’s as good as it’s gonna get for the moment: https://git.isobeef.org/lyse/gelbariab/-/tree/master/rss-proxys?ref_type=heads
The README should hopefully provide a crude introduction. The example configuration file is documented fairly well, I believe (but maybe not). You probably still have to consult and maybe also modify the source code to fit your needs.
Let me know if you run into issues, have questions, wishes etc.
Ghost in the Network ⌘ Read more
Cracking JWTs: A Bug Bounty Hunting Guide [Part 6] ⌘ Read more
GraphQL Gatecrash: When an Introspection Query Opened the Whole Backend ️
Free Link 🎈
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/graphql-gatecrash-when-an-intro … ⌘ Read more