** Hostile Host Headers: How I Hijacked the App with One Sneaky Header **
Hey there!š
[Continue reading on InfoSec Write-ups Ā»](https://infosecwriteups.com/hostile-host-headers-how-i-hijacked-the-app-with-one-sneaky-hea ā¦ ā Read more
GitLab CI for Python Developers: A Complete Guide
Automating Testing, Linting, and Deployment for Python projects using GitLab CI/CD
[Continue reading on InfoSec Write-ups Ā»](https://infosecwriteups.com/gitlab-ci-for-python-developers-a-complete-guide-83794cb91 ā¦ ā Read more
š§® USERS:1 FEEDS:2 TWTS:1320 ARCHIVED:86540 CACHE:2803 FOLLOWERS:21 FOLLOWING:14
** How I discovered a hidden user thanks to server responsesĀ ?**
My first real step into web hacking and it wasnāt what i thought it would be.
[Continue reading on InfoSec Write-ups Ā»](https://infosecwriteups.com/how-i-discovered-a-hidde ā¦ ā Read more
How to Build a Threat Detection Pipeline from Scratch (Like a Cyber Ninja!)
Hey, cyber fam! Have you ever asked yourself:
[Continue reading on InfoSec Write-ups Ā»](https://infosecwriteups.com/how-to-build-a-threat ā¦ ā Read more
Nothing changedā¦ except for one detail. And that was enough to hack
Sometimes, hacking doesnāt require any exploitā¦ just good observation.
[Continue reading on InfoSec Write-ups Ā»](https://infosecwriteups.com/nothing-c ā¦ ā Read more
How to Create a Botnet Using One Tool: A Proof of Concept for Educational Purposes Aspiringā¦
Learn how attackers build and control botnetsāāāsafely and ethicallyāāāusing ā¦ ā Read more
**Burp, Bounce, and Break: How Web Cache Poisoning Let Me Control the App **
Hey there!š
[Continue reading on InfoSec Write-ups Ā»](https://infosecwriteups.com/burp-bounce-and-break-how-web-cache-poisoning-let-me-con ā¦ ā Read more
OWASP Juice Shop | Part 1āāāScoreBoard SolutionāāāStrawHat Hackers ā Read more
š§® USERS:1 FEEDS:2 TWTS:1319 ARCHIVED:86501 CACHE:2810 FOLLOWERS:21 FOLLOWING:14
I Lost $3,750 in 30 SecondsāāāThe ATO Bug 99% of Hackers Miss (Hereās How to Avoid It)
The 1 Burp Suite Mistake That Cost Me $3,750āāāFix It in 30 Seconds
[Continue reading on InfoSec Writ ā¦ ā Read more
SOC L1 Alert ReportingĀ : Step-by-Step Walkthrough | Tryhackme
As a SOC analyst, it is important to detect high-severity logs and handle them to protect against disasters. A SOC analyst plays theā¦
[Continue reading on InfoSec Write-ups ā¦ ā Read more
**404 to 0wnage: How a Broken Link Led Me to Admin Panel Access **
Hey there!š
[Continue reading on InfoSec Write-ups Ā»](https://infosecwriteups.com/404-to-0wnage-how-a-broken-link-led-me-to-admin-panel-access-2b58e1fffaa3?source=r ā¦ ā Read more
How to Start Bug Bounty in 2025 (No Experience, No Problem)
ā Free Article Link
[Continue reading on InfoSec Write-ups Ā»](https://infosecwriteups.com/how-to-start-bug-bounty-in-2025-no-experience-no-problem-89adc68da592?source=rssā-7b ā¦ ā Read more
ļø Hacking and Securing Kubernetes: A Deep Dive into Cluster Security
Disclaimer: This document is for educational purposes only. Exploiting systems without authorization is illegal and punishable by ā¦ ā Read more
š§® USERS:1 FEEDS:2 TWTS:1317 ARCHIVED:86476 CACHE:2798 FOLLOWERS:20 FOLLOWING:14
Marekove kolĆ”Äe ā sladkĆ” pomoc z Petrovca
TrinĆ”sÅ„roÄnĆ½ Marek PoniÄan z BĆ”Äskeho Petrovca je dĆ“kazom, že aj detskĆ” dobrota dokĆ”Å¾e meniÅ„ svet k lepÅ”iemu. Tento mladĆ½ humanitĆ”rny pracovnĆk mĆ” za sebou už pĆ¤Å„ ĆŗspeÅ”nĆ½ch charitatĆvnych akciĆ, vrĆ”tane najnovÅ”ej veľkonoÄnej, ktorĆŗ organizoval s maminou pomocou ā od nĆ”padu, cez peÄenie kolĆ”Äov, až po ich balenie a predaj. TĆŗto ākolĆ”ÄovĆŗā akciu venoval Teodore Martinko (25) z KysĆ”Äa, na ktorĆŗ 1. novembra 2024 spadol prĆstreÅ”ok na železn ā¦ ā Read more
This is something for @movq@www.uninformativ.de and old OS hobbyists alike: FreeDOS 1.4! Get it while itās hot!
š§® USERS:1 FEEDS:2 TWTS:1316 ARCHIVED:86446 CACHE:2799 FOLLOWERS:20 FOLLOWING:14
MicroPython v1.25.0 Released with ROMFS, RISC-V Assembler, and Expanded Board Support
MicroPython has reached a major milestone with the release of version 1.25.0, delivering significant enhancements after over three years of development. This update introduces the long-anticipated ROMFS (Read-Only Memory File System), new processor support, TLS improvements, and expanded board compatibility across multiple architectures. One of the most notable additions is R ā¦ ā Read more
Regex Isnāt Hard - Tim Kellogg š this is a pretty good conscience article on regexes, and I agree, regex isnāt that hardā¢ ā However I think I can make the TL;DR even shorter š
Regex core subset (portable across languages):
Character sets
ā¢ a matches āaā
ā¢ [a-z] any lowercase
ā¢ [a-zA-Z0-9] alphanumeric
ā¢ [^ab] any char but a or b
Repetition (applies to the preceding atom)
ā¢ ? zero or one
ā¢ * zero or more
ā¢ + one or more
Groups
ā¢ (ab)+ matches āabā, āababā, ā¦
ā¢ Capture for extract/substitute via $1 or \1
Operators
ā¢ foo|bar = foo or bar
ā¢ ^ start anchor
ā¢ $ end anchor
Ignore nonāportable shortcuts: \w, ., {n}, *?, lookarounds.
ļø Free TryHackMe Jr Penetration Tester Roadmap with Resources and Labs
A free, TryHackMe-inspired roadmap with resources and labs to kickstart your penetration testing journey.
[Continue read ā¦ ā Read more
I Clicked a Random Button in Google SlidesāāāThen Google Paid Me $2,240
The strange trick that exposed a hidden security flaw (and how you can find bugs like this too).
[Continue reading on InfoSec Write-ups Ā»](https://in ā¦ ā Read more
Lab: Exploiting an API endpoint using documentation
We will solve this lab based on the API documentation exposed to delete Carlosās user.
[Continue reading on InfoSec Write-ups Ā»](https://infosecwriteups.com/lab-exploiting-an-api-endpoint-using-d ā¦ ā Read more
** HTTP Parameter Pollution: The Dirty Little Secret That Gave Me Full Backend Access ļø**
Free Linkš
[Continue reading on InfoSec Write-ups Ā»](https://infosecwriteups.co ā¦ ā Read more
↳
In-reply-to
»
#event:abc123 Go Meetup ā Sat Apr 27, 3pm @ Darling Harbour
ā¤ Read More
#event:abc123 RSVP: yes +1
golf.vim v0.1.1 - fixed keystroke logging, removed ultraāshort runs, now captures all modes ā Read more
š§® USERS:1 FEEDS:2 TWTS:1315 ARCHIVED:86386 CACHE:2781 FOLLOWERS:20 FOLLOWING:14
Chaining Bugs Like a Hacker: IDOR to Account Takeover in 10 Minutes
šFree Article Linkā¦
[Continue reading on InfoSec Write-ups Ā»](https://infosecwriteups.com/chaining-bugs-like-a-hacker-idor-to-account-takeover-in-1 ā¦ ā Read more
Exposed Secrets in JavaScript Files
š„Free Article https://medium.com/@Abhijeet_kumawat_/exposed-secrets-in-javascript-files-430a76834952?sk=ffd9ca6c8ede38ac77dcb68a507b9299
[Continue reading on InfoSec Write-ups Ā»](https://infosecwriteups.com/exposed-secrets-in-javascript-fi ā¦ ā Read more
ļø TryHackMe: Agent T Walkthrough
āA sneaky mission to uncover secrets from Agent Tās server.ā
Wazuh Installation & Configuration: A Step-by-Step Tutorial
Hello, my digital adventurers! In this article, I will provide you with a step-by-step guide for installing and configuring the Wazuhā¦
[Continue reading on InfoSec Write-ups Ā» ā¦ ā Read more
**CORSplay of the Century: How I Hijacked APIs with One Misconfigured Header **
Free Linkš
[Continue reading on InfoSec Write-ups Ā»](https://infosecwriteups.com/corsplay-of-the-century-how-i-hijacked-apis- ā¦ ā Read more
**Bypassing Like a Pro: How I Fooled the WAF and Made It Pay **
Hi there!
[Continue reading on InfoSec Write-ups Ā»](https://infosecwriteups.com/bypassing-like-a-pro-how-i-fooled-the-waf-and-made-it-pay-e433193e1d9d?source=rssā-7b722bf ā¦ ā Read more
Hmmm thereās a bug somewhere in the way Iām ingesting archived feeds š¤
sqlite> select * from twts where content like 'The web is such garbage these days%';
hash = 37sjhla
feed_url = https://twtxt.net/user/prologic/twtxt.txt/1
content = The web is such garbage these days š Or is it the garbage search engines? š¤
created = 2024-11-14T01:53:46Z
created_dt = 2024-11-14 01:53:46
subject = #37sjhla
mentions = []
tags = []
links = []
sqlite>
š§® USERS:1 FEEDS:2 TWTS:1314 ARCHIVED:86338 CACHE:2754 FOLLOWERS:20 FOLLOWING:14
Should we adopt 1 or 2 cats? ā Read more
↳
In-reply-to
»
@lyse It wasnāt our building, yeah, luckily. But Iām pretty scared it might happen some day. I think Iāll put more effort into preparing for that. But whatever I do, it would be horrific to lose all your stuff and the memories attached to it ā¦
ā¤ Read More
@prologic@twtxt.net @bmallred@staystrong.run Ah, I just found this, didnāt see it before:
https://restic.net/#compatibility
So, yeah, they do use semver and, yes, theyāre not at 1.0.0 yet, so things might break on the next restic update ā¦ but they āpromiseā to not break things too lightheartedly. Hm, well. š Probably doesnāt make a big difference (they donāt say ādonāt use this software until we reach 1.0.0ā).
↳
In-reply-to
»
Some A hole has been trying to pull every single Twtxt feed that existed/still exists since forever. How do I know? Welp' They've been querying my Timelineā¢ instance for all of it, every single twtxt file and twt Hash they can find. šš¤¦ It must have been going on for days and I have just noticed... + it's all coming from the same ASN
ā¤ Read More
AS136907 HWCLOUDS-AS-AP HUAWEI CLOUDS
@prologic@twtxt.net This shi_ is as fun as it is frustrating! š the bot is poking at me from a different ASN now, Alibabaās.
- Short term solution: Iāve geo-locked my Timeline instance since Iām the only one using it (and I only do so for reading twts when Iām away from terminal).
- Long term: I took a look at your Caddy WAF but couldnāt figure things out on my own; until then, Iāll be poking at Caddy-Defender, maybe throw in a Crowdsec for lolsā¦ #FUN
We adopted Klaus today! He has 1 eye, half of each ear, and a partially amputated tail, but we think heās a perfect handsome baby. ā Read more
š§® USERS:1 FEEDS:2 TWTS:1311 ARCHIVED:86261 CACHE:2761 FOLLOWERS:18 FOLLOWING:14
WAF Bypass Masterclass: Using SQLMap with Proxychains and Tamper Scripts Against Cloudflare &ā¦
A hands-on guide to understanding and testing WAF evasion techniques usin ā¦ ā Read more
Burp Suite Beyond Basics: Hidden Features That Save Time and Find More Bugs
šFree Article Link
[Continue reading on InfoSec Write-ups Ā»](https://infosecwriteups.com/burp-suite-beyond-basics-hidden-f ā¦ ā Read more
ResolverRAT: A Sophisticated Threat Targeting Healthcare and Pharma
he healthcare and pharmaceutical sectors are prime targets for cybercriminals due to their sensitive data and critical infrastructure. Inā¦
[Continue read ā¦ ā Read more
** CVSS 10.0 Critical Vulnerability in Erlang/OTPās SSH: Unauthenticated Remote Code Execution Risk**
A critical security vulnerability (CVE-2025ā32433) with a CVSS ā¦ ā Read more
š§® USERS:1 FEEDS:2 TWTS:1310 ARCHIVED:86237 CACHE:2746 FOLLOWERS:18 FOLLOWING:14