↳
In-reply-to
»
Sometimes things go wrong when buying CDs second-hand. I bought an album quite cheap â but as it turned out, they only checked the cover, not the content, so I got something else instead which is actually much more expensive. đ€Ł
†Read More
The album I got by accident is starting to grow on me. Not that bad. đ€ Itâs Dredg â El Cielo, btw: https://www.youtube.com/watch?v=e4JB8rmXaO8&list=PLRASiMqDV8psZSFQi7nUX4p0R8oRHbUy_&index=1
Compress-a-thonâââCSP Bypass via Redirection ââPentathon 2025
Compress-a-thon is a âweb exploitationâ challenge that was featured in Pentathon 2025 Finale Jeopardy CTF Round. This challenge involvedâŠ
[Continue reading on InfoSec Write-ups »](https://inf ⊠â Read more
SSRF via PDF Generator? Yes, and It Led to EC2 Metadata Access
đšâđ»Free Article Link
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/ssrf-via-pdf-generator-yes-and-it-led-to-ec2-metadata-access-39b8e5b41840 ⊠â Read more
**The Hidden Language: Exploiting GraphQL for Unauthorized Data Dump **
Free Linkđ
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/the-hidden-language-exploiting-graphql-for-unauthorized-data-dump-8 ⊠â Read more
Bug Hunting in JS Files: Tricks, Tools, and Real-World POCs
â Free Article Link
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/bug-hunting-in-js-files-tricks-tools-and-real-world-pocs-b4d43dd41d8e?source=rssâ-7 ⊠â Read more
**Top 5 Easiest Bugs for Beginners in Bug Bounty **
Top 5 Easiest Bugs for Beginners in Bug Bounty đ
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/top-5-easiest-bugs-for-beginners-in-bug-bounty-45dd81c49e03?source=rssâ-7b722bfd1b8d- ⊠â Read more
$10,000 Bounty: HackerOne Report Comments Leak via âExport as .zipâ
How a new export feature unintentionally exposed private discussions in limited disclosure reports
[Continue reading on InfoSec Write-ups »](https://infose ⊠â Read more
Understanding Stealer Logs and Their Role in Security TestingâââPart 1 â Read more
API Key Exposure in NASA GitHub Repository Leads to Unauthorized Access to Academic Data
đFree Article Link
[Continue reading on InfoSec Write-ups »](https://infosecwriteu ⊠â Read more
Subdomain Takeover: My $450 Win & How You Can Do It Too
Free Article Link: Click for free!
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/subdomain-takeover-my-450-win-how-you-can-do-it-too-3337ca0513b6?source=rssâ-7b722 ⊠â Read more
Hidden HackerOne & Bugcrowd Programs: How to Get Private Invites
âPrivate programs are where the real gold lies⊠but no one tells you how to get there. Let me break it down for youâââwith secrets mostâŠ
[Continue reading on In ⊠â Read more
Maeve is a little hellion. Just turned 1 years yesterday â Read more
** CSP? More Like Canât Stop Payloads â Bypassing CSP to XSS Like a Pro**
Hey there!đ
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/csp-more-like-cant-stop-payloads-bypassing-csp-to-xss-like-a-pro-9 ⊠â Read more
↳
In-reply-to
»
My main domain name turned 24 years old today. That feels weird.
†Read More
@bender@twtxt.net Iâm not sure this is accurate, if you lookup mine:
$ whois shortcircuit.net.au 2>&1 | grep -i creat
created: 1986-03-05
I think this has to be the registrarâs creation date no? đ€
JĂĄn BulĂk medzi ocenenĂœmi v Martine
V Martine sa 8. mĂĄja odohralo podujatie, ktorĂ© spojilo historickĂș reflexiu s kultĂșrnou spomienkou â Matica slovenskĂĄ si pripomenula 80. vĂœroÄie oslobodenia Slovenska a ukonÄenia druhej svetovej vojny. V sĂdle tejto najstarĆĄej slovenskej kultĂșrnej ustanovizne sa uskutoÄnila slĂĄvnosĆ„ venovanĂĄ osobnostiam, ktorĂ© v Äase vojny so cĆ„ou a odvahou vzdorovali faĆĄizmu. Medzi ocenenĂœmi bol aj JĂĄn BulĂk (1. januĂĄra 1897 KovaÄica â 30. januĂĄra 1942 Mauthause ⊠â Read more
Design system annotations, part 1: How accessibility gets left out of components
The Accessibility Design team created a set of annotations to bridge the gaps that design systems alone canât fix and proactively addresses accessibility issues within Primer components.
The post [Design system annotations, part 1: How accessibility gets left out of components](https://github.blog/engineering/user-experience/design-system-annotations-part-1-how ⊠â Read more
Mastering Rate Limit Bypass Techniques
Learn How Hackers Bypass Rate Limitsâââand How You Can Too
UUIDs: A False Sense Of Security
Hi Hunters, would you like to learn about a broken access control vulnerability that I discovered recently for a client.
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/uuids-a-false-sense-of-security-10467497daae?source=rssâ-7b7 ⊠â Read more
$50,000 Bounty: GitHub Access Token
How a hidden token in a desktop app could have compromised one of the worldâs biggest e-commerce platforms
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/50-000-bounty-github-access-token-c29cb6f00182?source=rssâ-7b722bf ⊠â Read more
ïžRecon Automation Like a Pro: My 5-Stage System to Catch More Bugs
â Free Article Link
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/%EF%B8%8Frecon-automation-like-a-pro-my-5-sta ⊠â Read more
Top 10 Ways Hackers Exploit Web Applications (and How to Prevent Them)
Hackers donât wait for big websites. They look for easy mistakes. Letâs fix them before they find yours.
[Continue reading on InfoSec Write- ⊠â Read more
HACK-ERA CTFâââPhase 1 Walkthrough â Read more
$840 Bounty: How I Stole OAuth Tokens from Twitter
A critical OAuth misconfiguration allowed stealing tokens with just a click
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/840-bounty-how-i-stole-oauth-tokens-from-twitter-733f8 ⊠â Read more
Vim9.1(macOS-arm/Sequaoia) && iTerm2(cask): CursorShape for Insert Mode - How? â Read more
Is there any way to retain vim 7.4 search setting while using vim 9.1? â Read more
Bug Hunting in JS Files: Tricks, Tools, and Real-World POCs
đïžFree Article Link
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/bug-hunting-in-js-files-tricks-tools-and-real-world-pocs-70406e3eb72e?source=rssâ-7 ⊠â Read more
A Guide to SQL Injection Attacks: Hackers Donât Want You to Know This!
Imagine your website as a big toy box filled with treasuresâââlike user info, passwords, or blog postsâââand youâve got a robot helperâŠ
[Contin ⊠â Read more
$100 Bounty: How a Spoofed Email Could Change Any Username on HackerOne
A simple email spoofing trick could let anyone hijack your HackerOne username and profile link
[Continue reading on InfoSec Write-ups »] ⊠â Read more
ïžââïž Unlisted but Not Unseen: How I Found the Admin Panel in a JavaScript Comment
Hey there!đ
[Continue reading on InfoSec Write-ups »](https://infosecwriteu ⊠â Read more
Mastering Linux Part 3: A Beginnerâs Guide to APT and YUM Package Management
A Beginnerâs Guide to APT and YUM Package Management
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com ⊠â Read more
curl bans âAIâ security reports as Zuckerberg claims weâll all have more âAIâ friends than real ones
Daniel Stenberg, creator and maintainer of curl, has had enough of the neverending torrent of âAIâ-generated security reports the curl project has to deal with. Thatâs it. Iâve had it. Iâm putting my foot down on this craziness. 1. Every reporter submitting security reports on Hackerone for curl now needs to answer this question: âDid you ⊠â Read more
Step 1: Show belly. Step 2: Bite the fool. â Read more
How to setup a Monthly Free VPS for Bug Hunting
In this article, I explained how to setup and use (GitHub CodeSpaces) for bug hunting
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/how-to-setup-a-monthly-free-vps-for-bug-hunting-d4 ⊠â Read more
Revisiting the Past, Hacking the Future
From Invalid Reports to Real Vulnerabilities: The Path to Growth in Hacking
A Penetration Testerâs Journey
Part 4 of âBeginner to Master in LinuxââââA Penetration Testerâs Journey
AI Agents Unleashed: The Rise of Autonomous Systems Transforming Industries
The emergence of AI agents signifies a transformative shift in generative AI, evolving from simple chatbots to sophisticated ⊠â Read more
Is Your App Protected? The Branch API Vulnerability You Need to Know About
$fallback_url is a helpful feature in Branchâs deep linking systemâââuntil someone uses it to redirect your users to phishing ⊠â Read more
A Must-Have Tool for Bug Hunters: Find Open Redirect Vulnerabilities on Linux
Automate open redirection detection, save hours of manual testing, and level up your bug bounty recon game.
[Continue ⊠â Read more
**Query Confusion: How HTTP Parameter Pollution Made the App Spill Secrets **
Hey there!đ
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/query-confusion-how-http-parameter-pollution-made ⊠â Read more
Securing Apache2 + PHP: Practical guide for safer web hosting
A practical security checklist to harden your Apache2 + PHP stack and protect your web applications from common vulnerabilities.
[Continue reading on InfoSec Write-ups »](https:// ⊠â Read more
$2,900 Bounty: Public S3 Bucket Exposure in Shopify
How a Simple S3 Misconfiguration Exposed Private Images Across Shopify Stores and Earned a $2,900 Bounty
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/2-900-bounty-public-s ⊠â Read more