1 year without my baby. Miss him every day â Read more
$256 Bounty : XSS via Web Cache Poisoning in Discourse
How Injecting Headers and Poisoning Cache Led to Stored Cross-Site Scripting
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/256-bounty-xss-via-web-cache-poisoning-in-d ⊠â Read more
The Human Firewall: Why Your Employees Are Both Your Greatest Vulnerability and Asset
In the high-stakes world of cybersecurity, organizations invest millions in sophisticated technologic ⊠â Read more
DCShadow Attacks: Subverting Active Directory Replication for Stealthy Persistence
Technique that allows adversaries to manipulate directory data by simulating the behavior of a legitimate Doma ⊠â Read more
Part 1: How to Become a Pentester in 2025: Free & Affordable Online Labs â Read more
** How Hackers Bypass Login Pages with SQL, Logic Flaws, and Headers **
Welcome to the underworld of cybersecurity! đ In this blog, we dive deep into how hackers bypass login pagesâââthe digital gatekeepers ofâŠ
[Continue rea ⊠â Read more
SameSite? SameMess: How I Bypassed Cookie Protections to Hijack Sessions ïžââïž
Hey there!đ
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/samesi ⊠â Read more
𧟠USERS:1 FEEDS:2 TWTS:1339 ARCHIVED:87053 CACHE:2780 FOLLOWERS:22 FOLLOWING:14
A brief history of the numeric keypad
The title is a lie. This isnât brief at all. Picture the keypad of a telephone and calculator side by side. Can you see the subtle difference between the two without resorting to your smartphone? Donât worry if you canât recall the design. Most of us are so used to accepting the common interfaces that we tend to overlook the calculatorâs inverted key sequence. A calculator has the 7â8â9 buttons at the top whereas a phone uses the 1â2â3 format. Subtle, but ⊠â Read more
Master CRLF Injection: The Underrated Bug with Dangerous Potential
Learn how attackers exploit CRLF Injection to manipulate HTTP responses, hijack headers and unlock hidden vulnerabilities in modern webâŠ
[Continue rea ⊠â Read more
↳
In-reply-to
»
Sometimes things go wrong when buying CDs second-hand. I bought an album quite cheap â but as it turned out, they only checked the cover, not the content, so I got something else instead which is actually much more expensive. đ€Ł
†Read More
The album I got by accident is starting to grow on me. Not that bad. đ€ Itâs Dredg â El Cielo, btw: https://www.youtube.com/watch?v=e4JB8rmXaO8&list=PLRASiMqDV8psZSFQi7nUX4p0R8oRHbUy_&index=1
Compress-a-thonâââCSP Bypass via Redirection ââPentathon 2025
Compress-a-thon is a âweb exploitationâ challenge that was featured in Pentathon 2025 Finale Jeopardy CTF Round. This challenge involvedâŠ
[Continue reading on InfoSec Write-ups »](https://inf ⊠â Read more
SSRF via PDF Generator? Yes, and It Led to EC2 Metadata Access
đšâđ»Free Article Link
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/ssrf-via-pdf-generator-yes-and-it-led-to-ec2-metadata-access-39b8e5b41840 ⊠â Read more
**The Hidden Language: Exploiting GraphQL for Unauthorized Data Dump **
Free Linkđ
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/the-hidden-language-exploiting-graphql-for-unauthorized-data-dump-8 ⊠â Read more
Bug Hunting in JS Files: Tricks, Tools, and Real-World POCs
â Free Article Link
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/bug-hunting-in-js-files-tricks-tools-and-real-world-pocs-b4d43dd41d8e?source=rssâ-7 ⊠â Read more
**Top 5 Easiest Bugs for Beginners in Bug Bounty **
Top 5 Easiest Bugs for Beginners in Bug Bounty đ
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/top-5-easiest-bugs-for-beginners-in-bug-bounty-45dd81c49e03?source=rssâ-7b722bfd1b8d- ⊠â Read more
$10,000 Bounty: HackerOne Report Comments Leak via âExport as .zipâ
How a new export feature unintentionally exposed private discussions in limited disclosure reports
[Continue reading on InfoSec Write-ups »](https://infose ⊠â Read more
Understanding Stealer Logs and Their Role in Security TestingâââPart 1 â Read more
API Key Exposure in NASA GitHub Repository Leads to Unauthorized Access to Academic Data
đFree Article Link
[Continue reading on InfoSec Write-ups »](https://infosecwriteu ⊠â Read more
Subdomain Takeover: My $450 Win & How You Can Do It Too
Free Article Link: Click for free!
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/subdomain-takeover-my-450-win-how-you-can-do-it-too-3337ca0513b6?source=rssâ-7b722 ⊠â Read more
Hidden HackerOne & Bugcrowd Programs: How to Get Private Invites
âPrivate programs are where the real gold lies⊠but no one tells you how to get there. Let me break it down for youâââwith secrets mostâŠ
[Continue reading on In ⊠â Read more
𧟠USERS:1 FEEDS:2 TWTS:1338 ARCHIVED:87031 CACHE:2786 FOLLOWERS:22 FOLLOWING:14
Maeve is a little hellion. Just turned 1 years yesterday â Read more
** CSP? More Like Canât Stop Payloads â Bypassing CSP to XSS Like a Pro**
Hey there!đ
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/csp-more-like-cant-stop-payloads-bypassing-csp-to-xss-like-a-pro-9 ⊠â Read more
𧟠USERS:1 FEEDS:2 TWTS:1337 ARCHIVED:87027 CACHE:2787 FOLLOWERS:22 FOLLOWING:14
↳
In-reply-to
»
My main domain name turned 24 years old today. That feels weird.
†Read More
@bender@twtxt.net Iâm not sure this is accurate, if you lookup mine:
$ whois shortcircuit.net.au 2>&1 | grep -i creat
created: 1986-03-05
I think this has to be the registrarâs creation date no? đ€
𧟠USERS:1 FEEDS:2 TWTS:1336 ARCHIVED:87006 CACHE:2816 FOLLOWERS:22 FOLLOWING:14
JĂĄn BulĂk medzi ocenenĂœmi v Martine
V Martine sa 8. mĂĄja odohralo podujatie, ktorĂ© spojilo historickĂș reflexiu s kultĂșrnou spomienkou â Matica slovenskĂĄ si pripomenula 80. vĂœroÄie oslobodenia Slovenska a ukonÄenia druhej svetovej vojny. V sĂdle tejto najstarĆĄej slovenskej kultĂșrnej ustanovizne sa uskutoÄnila slĂĄvnosĆ„ venovanĂĄ osobnostiam, ktorĂ© v Äase vojny so cĆ„ou a odvahou vzdorovali faĆĄizmu. Medzi ocenenĂœmi bol aj JĂĄn BulĂk (1. januĂĄra 1897 KovaÄica â 30. januĂĄra 1942 Mauthause ⊠â Read more
Design system annotations, part 1: How accessibility gets left out of components
The Accessibility Design team created a set of annotations to bridge the gaps that design systems alone canât fix and proactively addresses accessibility issues within Primer components.
The post [Design system annotations, part 1: How accessibility gets left out of components](https://github.blog/engineering/user-experience/design-system-annotations-part-1-how ⊠â Read more
Mastering Rate Limit Bypass Techniques
Learn How Hackers Bypass Rate Limitsâââand How You Can Too
UUIDs: A False Sense Of Security
Hi Hunters, would you like to learn about a broken access control vulnerability that I discovered recently for a client.
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/uuids-a-false-sense-of-security-10467497daae?source=rssâ-7b7 ⊠â Read more
$50,000 Bounty: GitHub Access Token
How a hidden token in a desktop app could have compromised one of the worldâs biggest e-commerce platforms
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/50-000-bounty-github-access-token-c29cb6f00182?source=rssâ-7b722bf ⊠â Read more
ïžRecon Automation Like a Pro: My 5-Stage System to Catch More Bugs
â Free Article Link
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/%EF%B8%8Frecon-automation-like-a-pro-my-5-sta ⊠â Read more
Top 10 Ways Hackers Exploit Web Applications (and How to Prevent Them)
Hackers donât wait for big websites. They look for easy mistakes. Letâs fix them before they find yours.
[Continue reading on InfoSec Write- ⊠â Read more
HACK-ERA CTFâââPhase 1 Walkthrough â Read more
$840 Bounty: How I Stole OAuth Tokens from Twitter
A critical OAuth misconfiguration allowed stealing tokens with just a click
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/840-bounty-how-i-stole-oauth-tokens-from-twitter-733f8 ⊠â Read more
𧟠USERS:1 FEEDS:2 TWTS:1335 ARCHIVED:86994 CACHE:2814 FOLLOWERS:22 FOLLOWING:14
Vim9.1(macOS-arm/Sequaoia) && iTerm2(cask): CursorShape for Insert Mode - How? â Read more
Is there any way to retain vim 7.4 search setting while using vim 9.1? â Read more
Bug Hunting in JS Files: Tricks, Tools, and Real-World POCs
đïžFree Article Link
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/bug-hunting-in-js-files-tricks-tools-and-real-world-pocs-70406e3eb72e?source=rssâ-7 ⊠â Read more
A Guide to SQL Injection Attacks: Hackers Donât Want You to Know This!
Imagine your website as a big toy box filled with treasuresâââlike user info, passwords, or blog postsâââand youâve got a robot helperâŠ
[Contin ⊠â Read more
$100 Bounty: How a Spoofed Email Could Change Any Username on HackerOne
A simple email spoofing trick could let anyone hijack your HackerOne username and profile link
[Continue reading on InfoSec Write-ups »] ⊠â Read more
ïžââïž Unlisted but Not Unseen: How I Found the Admin Panel in a JavaScript Comment
Hey there!đ
[Continue reading on InfoSec Write-ups »](https://infosecwriteu ⊠â Read more
Mastering Linux Part 3: A Beginnerâs Guide to APT and YUM Package Management
A Beginnerâs Guide to APT and YUM Package Management
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com ⊠â Read more
𧟠USERS:1 FEEDS:2 TWTS:1334 ARCHIVED:86974 CACHE:2839 FOLLOWERS:22 FOLLOWING:14
curl bans âAIâ security reports as Zuckerberg claims weâll all have more âAIâ friends than real ones
Daniel Stenberg, creator and maintainer of curl, has had enough of the neverending torrent of âAIâ-generated security reports the curl project has to deal with. Thatâs it. Iâve had it. Iâm putting my foot down on this craziness. 1. Every reporter submitting security reports on Hackerone for curl now needs to answer this question: âDid you ⊠â Read more