Expose & Explore: Discover misconfigured service protocols and ports using Linux
Internet Assigned Numbers Authority (IANA) is the organisation responsible for managing and assigning port number … ⌘ Read more
Hacking With No Tools: How to Break Web Apps Using Just Your Browser ️♂️
Hacking With No Tools: How to Break Web Apps Using Just Your Browser 🕵️♂️
[Continue reading on In … ⌘ Read more
Breaking In Through the Backdoor: Password Reset Gone Wrong
Imagine being able to take over any user’s account on a platform — even without their interaction. No phishing, no social engineering, and…
[Continue reading on InfoSec Wr … ⌘ Read more
從 Go 路由選擇看 “標準庫優先”:何時堅守?何時拓展?
大家好,我是 Tony Bai。最近,知名 Go 博主 Alex Edwards 更新了他那篇廣受歡迎的文章——“Which Go router should I use?1]”,特別提到了 [Go 1.22 版本對標準庫 http.ServeMux 的顯著增強。這篇文章再次引發了我們對 Go Web 開發中一個經典問題的思考:在選擇路由庫時,我們應該堅守標準庫,還是擁抱功能更豐富的第三方庫?這個 ⌘ Read more
從 Go 路由選擇看 “標準庫優先”:何時堅守?何時拓展?
大家好,我是 Tony Bai。最近,知名 Go 博主 Alex Edwards 更新了他那篇廣受歡迎的文章——“Which Go router should I use?1]”,特別提到了 [Go 1.22 版本對標準庫 http.ServeMux 的顯著增強。這篇文章再次引發了我們對 Go Web 開發中一個經典問題的思考:在選擇路由庫時,我們應該堅守標準庫,還是擁抱功能更豐富的第三方庫?這個 ⌘ Read more
🧮 USERS:1 FEEDS:2 TWTS:1341 ARCHIVED:87099 CACHE:2794 FOLLOWERS:22 FOLLOWING:14
Announcing Kyverno Release 1.14!
TL;DR We are excited to announce the release of Kyverno 1.14.0, marking a significant milestone in our journey to make policy management in Kubernetes more modular, streamlined, and powerful. This release introduces two new policy types… ⌘ Read more
↳
In-reply-to
»
@bender Basically the way I'm reading this is
⤋ Read More
1 RPM. This is a rather aggressive rate limit actually. This basically makes Github inaccessible and useless for basically anything unless you're logged in. You can basically kiss "pursuing" casually, anonymously goodbye.
@bender@twtxt.net 5, 4, 3, 2, 1 🤣
↳
In-reply-to
»
RIP GitHub https://github.blog/changelog/2025-05-08-updated-rate-limits-for-unauthenticated-requests/
⤋ Read More
@bender@twtxt.net Basically the way I’m reading this is 1 RPM. This is a rather aggressive rate limit actually. This basically makes Github inaccessible and useless for basically anything unless you’re logged in. You can basically kiss “pursuing” casually, anonymously goodbye.
Imagine if I imposed that kind of rate limit on twtxt.net?! 🤣
HAProxy 實現 MySQL 的負載均衡
使用 HAProxy 實現 MySQL 的負載均衡:1、DS 服務器、負載均衡服務器停掉 LVS 負載均衡的配置:[root@server04 ]# ./lvsdrdsmysql.sh stop[root@server04 ]#[root@server04 ~]# ipvsadm -LnIP Virtual Server version 1.2.1 (size=4096)Prot LocalA ⌘ Read more
** JWT Exploitation: How I Forged Tokens and Took Over Accounts**
🔐Free Article Link
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/jwt-exploitation-how-i-forged-tokens-and-took-over-accounts-2e7ab1cf4df8?sour … ⌘ Read more
How I Found a Way to Prolong Password Reset Code Expiry
Free Article Link: Click for free!
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/how-i-found-a-way-to-prolong-password-reset-code-expiry-6214391023de?source=rss—-7b7 … ⌘ Read more
How I Deleted Any User’s Account— No Interaction Needed
Free Article Link: Click for free!
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/how-i-deleted-any-users-account-no-interaction-needed-faae0442ff4f?source=rss—-7b722bfd1 … ⌘ Read more
**Forget Me Not: How Broken Logout Functionality Let Me Ride Sessions Forever **
Hey there!😁
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/forget-me-not-how-broken-logout-function … ⌘ Read more
🧮 USERS:1 FEEDS:2 TWTS:1340 ARCHIVED:87069 CACHE:2784 FOLLOWERS:22 FOLLOWING:14
Excelize 2.9.1 Released - Open-source library for Excel (XLAM/XLSM/XLSX/XLTM/XLTX) spreadsheets
1 points posted by xuri ⌘ Read more
1 year without my baby. Miss him every day ⌘ Read more
$256 Bounty : XSS via Web Cache Poisoning in Discourse
How Injecting Headers and Poisoning Cache Led to Stored Cross-Site Scripting
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/256-bounty-xss-via-web-cache-poisoning-in-d … ⌘ Read more
The Human Firewall: Why Your Employees Are Both Your Greatest Vulnerability and Asset
In the high-stakes world of cybersecurity, organizations invest millions in sophisticated technologic … ⌘ Read more
DCShadow Attacks: Subverting Active Directory Replication for Stealthy Persistence
Technique that allows adversaries to manipulate directory data by simulating the behavior of a legitimate Doma … ⌘ Read more
Part 1: How to Become a Pentester in 2025: Free & Affordable Online Labs ⌘ Read more
** How Hackers Bypass Login Pages with SQL, Logic Flaws, and Headers **
Welcome to the underworld of cybersecurity! 🌐 In this blog, we dive deep into how hackers bypass login pages — the digital gatekeepers of…
[Continue rea … ⌘ Read more
SameSite? SameMess: How I Bypassed Cookie Protections to Hijack Sessions ️♂️
Hey there!😁
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/samesi … ⌘ Read more
🧮 USERS:1 FEEDS:2 TWTS:1339 ARCHIVED:87053 CACHE:2780 FOLLOWERS:22 FOLLOWING:14
A brief history of the numeric keypad
The title is a lie. This isn’t brief at all. Picture the keypad of a telephone and calculator side by side. Can you see the subtle difference between the two without resorting to your smartphone? Don’t worry if you can’t recall the design. Most of us are so used to accepting the common interfaces that we tend to overlook the calculator’s inverted key sequence. A calculator has the 7–8–9 buttons at the top whereas a phone uses the 1–2–3 format. Subtle, but … ⌘ Read more
Master CRLF Injection: The Underrated Bug with Dangerous Potential
Learn how attackers exploit CRLF Injection to manipulate HTTP responses, hijack headers and unlock hidden vulnerabilities in modern web…
[Continue rea … ⌘ Read more
↳
In-reply-to
»
Sometimes things go wrong when buying CDs second-hand. I bought an album quite cheap – but as it turned out, they only checked the cover, not the content, so I got something else instead which is actually much more expensive. 🤣
⤋ Read More
The album I got by accident is starting to grow on me. Not that bad. 🤔 It’s Dredg – El Cielo, btw: https://www.youtube.com/watch?v=e4JB8rmXaO8&list=PLRASiMqDV8psZSFQi7nUX4p0R8oRHbUy_&index=1
Compress-a-thon — CSP Bypass via Redirection — Pentathon 2025
Compress-a-thon is a “web exploitation” challenge that was featured in Pentathon 2025 Finale Jeopardy CTF Round. This challenge involved…
[Continue reading on InfoSec Write-ups »](https://inf … ⌘ Read more
SSRF via PDF Generator? Yes, and It Led to EC2 Metadata Access
👨💻Free Article Link
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/ssrf-via-pdf-generator-yes-and-it-led-to-ec2-metadata-access-39b8e5b41840 … ⌘ Read more
**The Hidden Language: Exploiting GraphQL for Unauthorized Data Dump **
Free Link🎈
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/the-hidden-language-exploiting-graphql-for-unauthorized-data-dump-8 … ⌘ Read more
Bug Hunting in JS Files: Tricks, Tools, and Real-World POCs
✅Free Article Link
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/bug-hunting-in-js-files-tricks-tools-and-real-world-pocs-b4d43dd41d8e?source=rss—-7 … ⌘ Read more
**Top 5 Easiest Bugs for Beginners in Bug Bounty **
Top 5 Easiest Bugs for Beginners in Bug Bounty 🐞
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/top-5-easiest-bugs-for-beginners-in-bug-bounty-45dd81c49e03?source=rss—-7b722bfd1b8d- … ⌘ Read more
$10,000 Bounty: HackerOne Report Comments Leak via “Export as .zip”
How a new export feature unintentionally exposed private discussions in limited disclosure reports
[Continue reading on InfoSec Write-ups »](https://infose … ⌘ Read more
Understanding Stealer Logs and Their Role in Security Testing — Part 1 ⌘ Read more
API Key Exposure in NASA GitHub Repository Leads to Unauthorized Access to Academic Data
🔓Free Article Link
[Continue reading on InfoSec Write-ups »](https://infosecwriteu … ⌘ Read more
Subdomain Takeover: My $450 Win & How You Can Do It Too
Free Article Link: Click for free!
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/subdomain-takeover-my-450-win-how-you-can-do-it-too-3337ca0513b6?source=rss—-7b722 … ⌘ Read more
Hidden HackerOne & Bugcrowd Programs: How to Get Private Invites
“Private programs are where the real gold lies… but no one tells you how to get there. Let me break it down for you — with secrets most…
[Continue reading on In … ⌘ Read more
🧮 USERS:1 FEEDS:2 TWTS:1338 ARCHIVED:87031 CACHE:2786 FOLLOWERS:22 FOLLOWING:14
Maeve is a little hellion. Just turned 1 years yesterday ⌘ Read more
** CSP? More Like Can’t Stop Payloads — Bypassing CSP to XSS Like a Pro**
Hey there!😁
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/csp-more-like-cant-stop-payloads-bypassing-csp-to-xss-like-a-pro-9 … ⌘ Read more
🧮 USERS:1 FEEDS:2 TWTS:1337 ARCHIVED:87027 CACHE:2787 FOLLOWERS:22 FOLLOWING:14
↳
In-reply-to
»
My main domain name turned 24 years old today. That feels weird.
⤋ Read More
@bender@twtxt.net I’m not sure this is accurate, if you lookup mine:
$ whois shortcircuit.net.au 2>&1 | grep -i creat
created: 1986-03-05
I think this has to be the registrar’s creation date no? 🤔
🧮 USERS:1 FEEDS:2 TWTS:1336 ARCHIVED:87006 CACHE:2816 FOLLOWERS:22 FOLLOWING:14