Expose & Explore: Discover misconfigured service protocols and ports using Linux
Internet Assigned Numbers Authority (IANA) is the organisation responsible for managing and assigning port number ⊠â Read more
Hacking With No Tools: How to Break Web Apps Using Just Your Browser ïžââïž
Hacking With No Tools: How to Break Web Apps Using Just Your Browser đ”ïžââïž
[Continue reading on In ⊠â Read more
Breaking In Through the Backdoor: Password Reset Gone Wrong
Imagine being able to take over any userâs account on a platformâââeven without their interaction. No phishing, no social engineering, andâŠ
[Continue reading on InfoSec Wr ⊠â Read more
𧟠USERS:1 FEEDS:2 TWTS:1341 ARCHIVED:87099 CACHE:2794 FOLLOWERS:22 FOLLOWING:14
Announcing Kyverno Release 1.14!
TL;DR We are excited to announce the release of Kyverno 1.14.0, marking a significant milestone in our journey to make policy management in Kubernetes more modular, streamlined, and powerful. This release introduces two new policy types⊠â Read more
↳
In-reply-to
»
@bender Basically the way I'm reading this is
†Read More
1 RPM. This is a rather aggressive rate limit actually. This basically makes Github inaccessible and useless for basically anything unless you're logged in. You can basically kiss "pursuing" casually, anonymously goodbye.
@bender@twtxt.net 5, 4, 3, 2, 1 đ€Ł
↳
In-reply-to
»
RIP GitHub https://github.blog/changelog/2025-05-08-updated-rate-limits-for-unauthenticated-requests/
†Read More
@bender@twtxt.net Basically the way Iâm reading this is 1 RPM. This is a rather aggressive rate limit actually. This basically makes Github inaccessible and useless for basically anything unless youâre logged in. You can basically kiss âpursuingâ casually, anonymously goodbye.
Imagine if I imposed that kind of rate limit on twtxt.net?! đ€Ł
** JWT Exploitation: How I Forged Tokens and Took Over Accounts**
đFree Article Link
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/jwt-exploitation-how-i-forged-tokens-and-took-over-accounts-2e7ab1cf4df8?sour ⊠â Read more
How I Found a Way to Prolong Password Reset Code Expiry
Free Article Link: Click for free!
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/how-i-found-a-way-to-prolong-password-reset-code-expiry-6214391023de?source=rssâ-7b7 ⊠â Read more
How I Deleted Any Userâs Accountâ No Interaction Needed
Free Article Link: Click for free!
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/how-i-deleted-any-users-account-no-interaction-needed-faae0442ff4f?source=rssâ-7b722bfd1 ⊠â Read more
**Forget Me Not: How Broken Logout Functionality Let Me Ride Sessions Forever **
Hey there!đ
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/forget-me-not-how-broken-logout-function ⊠â Read more
𧟠USERS:1 FEEDS:2 TWTS:1340 ARCHIVED:87069 CACHE:2784 FOLLOWERS:22 FOLLOWING:14
1 year without my baby. Miss him every day â Read more
$256 Bounty : XSS via Web Cache Poisoning in Discourse
How Injecting Headers and Poisoning Cache Led to Stored Cross-Site Scripting
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/256-bounty-xss-via-web-cache-poisoning-in-d ⊠â Read more
The Human Firewall: Why Your Employees Are Both Your Greatest Vulnerability and Asset
In the high-stakes world of cybersecurity, organizations invest millions in sophisticated technologic ⊠â Read more
DCShadow Attacks: Subverting Active Directory Replication for Stealthy Persistence
Technique that allows adversaries to manipulate directory data by simulating the behavior of a legitimate Doma ⊠â Read more
Part 1: How to Become a Pentester in 2025: Free & Affordable Online Labs â Read more
** How Hackers Bypass Login Pages with SQL, Logic Flaws, and Headers **
Welcome to the underworld of cybersecurity! đ In this blog, we dive deep into how hackers bypass login pagesâââthe digital gatekeepers ofâŠ
[Continue rea ⊠â Read more
SameSite? SameMess: How I Bypassed Cookie Protections to Hijack Sessions ïžââïž
Hey there!đ
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/samesi ⊠â Read more
𧟠USERS:1 FEEDS:2 TWTS:1339 ARCHIVED:87053 CACHE:2780 FOLLOWERS:22 FOLLOWING:14
A brief history of the numeric keypad
The title is a lie. This isnât brief at all. Picture the keypad of a telephone and calculator side by side. Can you see the subtle difference between the two without resorting to your smartphone? Donât worry if you canât recall the design. Most of us are so used to accepting the common interfaces that we tend to overlook the calculatorâs inverted key sequence. A calculator has the 7â8â9 buttons at the top whereas a phone uses the 1â2â3 format. Subtle, but ⊠â Read more
Master CRLF Injection: The Underrated Bug with Dangerous Potential
Learn how attackers exploit CRLF Injection to manipulate HTTP responses, hijack headers and unlock hidden vulnerabilities in modern webâŠ
[Continue rea ⊠â Read more
↳
In-reply-to
»
Sometimes things go wrong when buying CDs second-hand. I bought an album quite cheap â but as it turned out, they only checked the cover, not the content, so I got something else instead which is actually much more expensive. đ€Ł
†Read More
The album I got by accident is starting to grow on me. Not that bad. đ€ Itâs Dredg â El Cielo, btw: https://www.youtube.com/watch?v=e4JB8rmXaO8&list=PLRASiMqDV8psZSFQi7nUX4p0R8oRHbUy_&index=1
Compress-a-thonâââCSP Bypass via Redirection ââPentathon 2025
Compress-a-thon is a âweb exploitationâ challenge that was featured in Pentathon 2025 Finale Jeopardy CTF Round. This challenge involvedâŠ
[Continue reading on InfoSec Write-ups »](https://inf ⊠â Read more
SSRF via PDF Generator? Yes, and It Led to EC2 Metadata Access
đšâđ»Free Article Link
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/ssrf-via-pdf-generator-yes-and-it-led-to-ec2-metadata-access-39b8e5b41840 ⊠â Read more
**The Hidden Language: Exploiting GraphQL for Unauthorized Data Dump **
Free Linkđ
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/the-hidden-language-exploiting-graphql-for-unauthorized-data-dump-8 ⊠â Read more
Bug Hunting in JS Files: Tricks, Tools, and Real-World POCs
â Free Article Link
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/bug-hunting-in-js-files-tricks-tools-and-real-world-pocs-b4d43dd41d8e?source=rssâ-7 ⊠â Read more
**Top 5 Easiest Bugs for Beginners in Bug Bounty **
Top 5 Easiest Bugs for Beginners in Bug Bounty đ
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/top-5-easiest-bugs-for-beginners-in-bug-bounty-45dd81c49e03?source=rssâ-7b722bfd1b8d- ⊠â Read more
$10,000 Bounty: HackerOne Report Comments Leak via âExport as .zipâ
How a new export feature unintentionally exposed private discussions in limited disclosure reports
[Continue reading on InfoSec Write-ups »](https://infose ⊠â Read more
Understanding Stealer Logs and Their Role in Security TestingâââPart 1 â Read more
API Key Exposure in NASA GitHub Repository Leads to Unauthorized Access to Academic Data
đFree Article Link
[Continue reading on InfoSec Write-ups »](https://infosecwriteu ⊠â Read more
Subdomain Takeover: My $450 Win & How You Can Do It Too
Free Article Link: Click for free!
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/subdomain-takeover-my-450-win-how-you-can-do-it-too-3337ca0513b6?source=rssâ-7b722 ⊠â Read more
Hidden HackerOne & Bugcrowd Programs: How to Get Private Invites
âPrivate programs are where the real gold lies⊠but no one tells you how to get there. Let me break it down for youâââwith secrets mostâŠ
[Continue reading on In ⊠â Read more
𧟠USERS:1 FEEDS:2 TWTS:1338 ARCHIVED:87031 CACHE:2786 FOLLOWERS:22 FOLLOWING:14
Maeve is a little hellion. Just turned 1 years yesterday â Read more
** CSP? More Like Canât Stop Payloads â Bypassing CSP to XSS Like a Pro**
Hey there!đ
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/csp-more-like-cant-stop-payloads-bypassing-csp-to-xss-like-a-pro-9 ⊠â Read more
𧟠USERS:1 FEEDS:2 TWTS:1337 ARCHIVED:87027 CACHE:2787 FOLLOWERS:22 FOLLOWING:14
↳
In-reply-to
»
My main domain name turned 24 years old today. That feels weird.
†Read More
@bender@twtxt.net Iâm not sure this is accurate, if you lookup mine:
$ whois shortcircuit.net.au 2>&1 | grep -i creat
created: 1986-03-05
I think this has to be the registrarâs creation date no? đ€
𧟠USERS:1 FEEDS:2 TWTS:1336 ARCHIVED:87006 CACHE:2816 FOLLOWERS:22 FOLLOWING:14
JĂĄn BulĂk medzi ocenenĂœmi v Martine
V Martine sa 8. mĂĄja odohralo podujatie, ktorĂ© spojilo historickĂș reflexiu s kultĂșrnou spomienkou â Matica slovenskĂĄ si pripomenula 80. vĂœroÄie oslobodenia Slovenska a ukonÄenia druhej svetovej vojny. V sĂdle tejto najstarĆĄej slovenskej kultĂșrnej ustanovizne sa uskutoÄnila slĂĄvnosĆ„ venovanĂĄ osobnostiam, ktorĂ© v Äase vojny so cĆ„ou a odvahou vzdorovali faĆĄizmu. Medzi ocenenĂœmi bol aj JĂĄn BulĂk (1. januĂĄra 1897 KovaÄica â 30. januĂĄra 1942 Mauthause ⊠â Read more
Design system annotations, part 1: How accessibility gets left out of components
The Accessibility Design team created a set of annotations to bridge the gaps that design systems alone canât fix and proactively addresses accessibility issues within Primer components.
The post [Design system annotations, part 1: How accessibility gets left out of components](https://github.blog/engineering/user-experience/design-system-annotations-part-1-how ⊠â Read more
Mastering Rate Limit Bypass Techniques
Learn How Hackers Bypass Rate Limitsâââand How You Can Too
UUIDs: A False Sense Of Security
Hi Hunters, would you like to learn about a broken access control vulnerability that I discovered recently for a client.
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/uuids-a-false-sense-of-security-10467497daae?source=rssâ-7b7 ⊠â Read more
$50,000 Bounty: GitHub Access Token
How a hidden token in a desktop app could have compromised one of the worldâs biggest e-commerce platforms
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/50-000-bounty-github-access-token-c29cb6f00182?source=rssâ-7b722bf ⊠â Read more