Rabbit Store | TryHackMe Medium
Problems: What is user.txt? What is root.txt? Solution: First of all we get a IP address so I preformed an NMAP scan discovering ports…
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/rabbit-store-tryhackme-medium-f9f5069fbb50?source=r … ⌘ Read more
Build Your Own AI SOC — Part 7 Build a Security Knowledge Assistant With RAG + GPT
From Search to Understanding
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/build-you … ⌘ Read more
Exciting Cybersecurity Careers That Don’t Require Coding
Do you believe that cybersecurity is only for programmers who are bent over keyboards, typing code after code to ward off hackers? Rethink…
[Continue reading on InfoSec Write-ups »] … ⌘ Read more
Writing Pentest Reports | TryHackMe Write-Up | FarrosFR
Non-members are welcome to access the full story here. Write-Up by FarrosFR | Cybersecurity
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/writing-pentest-reports-tryhackme-wri … ⌘ Read more
** “Before injection, understanding” — What every hacker needs to master before exploiting a NoSQL…**
NoSQL database types
[Continue reading on InfoSec Write-ups »](https: … ⌘ Read more
↳
In-reply-to
»
Wanna read something very scary?
⤋ Read More
@prologic@twtxt.net That’s an interesting premise in that article:
The fun has been sucked out of the process of creation because nothing I make organically can compete with what AI already produces—or soon will.
This is like saying it’s pointless to make music yourself because some professional player/audio engineer does a better job. Really, there’s always someone or something that’s better than you at a particular job.
If we focus too much on “competition”, then yes, you can just stop doing anything. I don’t know how common this mindset is, especially among artists or creative people. 🤔 I would have assumed that many writers, for example, simply enjoy the process of writing. Am I being too naive once more? 🤣
I Broke Rate Limits and Accessed 1000+ User Records — Responsibly
👉Free Article Link
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/i-broke-rate-limits-and-accessed-1000-user-records-responsibly-8c45f … ⌘ Read more
Write Cybersecurity Blog Titles That Get Clicks ⌘ Read more
Crypto Failures | TryHackMe Medium
Questions: What is the value of the web flag? What is the encryption key? Solution: We are firstly given an IP address. I preformed a…
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/crypto-failures-tryhackme-medium-d60d55b849 … ⌘ Read more
Strengthening Web service security with Apache2: Best practices for 2025
Keeping your Apache2 web services safe: What you need to know this year
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/ … ⌘ Read more
Build Your Own AI SOC — Part 6 Daily AI-Powered Threat Briefings With n8n + GPT
Introduction: Information Without Overload
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/buil … ⌘ Read more
** Redirect Roulette: How Poor OAuth Redirect Handling Gave Me Account Takeover **
Hey there!😁
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/redirect-roulette-how-poor-oauth-red … ⌘ Read more
5 Linux Commands You’ve Probably Never Heard Of
In this article, I will show you five Linux commands you’ve probably never heard of. They’re simple, practical, and designed to make your…
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.c … ⌘ Read more
$750 Bounty: for HTTP Request Smuggling on Data.gov
How a cleverly crafted desync attack revealed a hidden path to client-side compromise, JS injection and potential cookie theft
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/ … ⌘ Read more
The Most Dangerous Bug I’ve Ever Found (And No One Was Looking)
👉Free Article Link
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/the-most-dangerous-bug-ive-ever-found-and-no-one-was-looking-2e96e5079a01? … ⌘ Read more
Sharpening Command Injections to get Full RCE
Uncommon Bash tricks to Bypass WAF and achieve Remote Code Execution (RCE)
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/sharpening-command-injections-to-get-full-rce-e4cf257d2c66?source= … ⌘ Read more
**Token of Misfortune: How a Refresh Token Leak Let Me Regenerate Unlimited Sessions **
Free Link 🎈
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/token-of-misfortune … ⌘ Read more
$10,500 Bounty: A Grammarly Account Takeover Vector
When a Space Breaks the System: How Improper Entity Validation Led to a Full SSO Denial and Potential Account Takeovers
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/10-500- … ⌘ Read more
0 to First Bug: What I’d Do Differently If I Started Bug Bounty Today
Free Article Link
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/0-to-first-bug-what-id-do-differently-if-i-started-bug … ⌘ Read more
I Built a Tool to Hack AI Models — Here’s What It Uncovered
A few months ago, I was auditing a chatbot deployed inside a financial services platform. It used a mix of retrieval-augmented generation…
[Continue reading on InfoSec Write-ups »](http … ⌘ Read more
**Caching Trouble: The Public Cache That Leaked Private User Data **
Hey there!😁
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/caching-trouble-the-public-cache-that-leaked-private-user-data-0d410af5cb4c … ⌘ Read more
$500 Bounty: A Referer Leak in Brave’s Private Tor Window
When Anonymity Isn’t Anonymous: $500 Bounty for Revealing a Brave Referer Exposure
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/500-bounty-a-referer-leak-in … ⌘ Read more
What Problems are Truly Technical, not Social?
Most “tech” problems (and solutions) seem social, with e.g. most newer startups relying on internal connections to gain real world adoption, otherwise blocked due to institutional apathy and bad regulations (sms 2fa, hospital faxes…)
A recent (unlocated) poll asked a similar question: “what percent of workers in the software industry are employed writing programs that should not exist?” While we do have NP-hard problems, politically hard problems like avoi … ⌘ Read more
Part-2️♂️Bug Bounty Secrets They Don’t Tell You: Tricks From 100+ Reported Bugs
✨Free Article Link
[Continue reading on InfoSec Write-ups »](https://infosecwri … ⌘ Read more
$500 Bounty: Race Condition in Hacker101 CTF Group Join
$500 for discovering a timing flaw in Hacker101’s invite system that let users join the same team multiple times
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/50 … ⌘ Read more
How a Simple Logic Flaw Led to a $3,250 Bounty
Claiming Unclaimed Restaurants on Zomato via OTP Manipulation
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/how-a-simple-logic-flaw-led-to-a-3-250-bounty-476d747bf57a?source=rss—-7b722 … ⌘ Read more
↳
In-reply-to
»
(#2s6kqsa) @lyse what is the advantage for keeping it small? Will tt/tt2 bog down if your feed isn't rotated?
⤋ Read More
@bender@twtxt.net basically because we don’t readily use or support range hunters when requesting feeds it’s ideal to keep feed small for the time being at least until we think about writing up a formal specification for this, but it’s also only for Http hosted feeds
** Blog Title: Not Your File: How Misconfigured MIME Types Let Me Upload Evil Scripts **
Hey there!😁
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/blog-title-not-your … ⌘ Read more
☕Best Tool for Analyzing Java Files (90% of Hackers Don’t Know This)
Free Article Link
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/best-tool-for-analyzing-java-files-90-of-hackers-dont-know-this- … ⌘ Read more
Documentation done right: A developer’s guide
Learn why and how you should write docs for your project with the Diátaxis framework.
The post Documentation done right: A developer’s guide appeared first on The GitHub Blog. ⌘ Read more
** JWT Exploitation: How I Forged Tokens and Took Over Accounts**
🔐Free Article Link
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/jwt-exploitation-how-i-forged-tokens-and-took-over-accounts-2e7ab1cf4df8?sour … ⌘ Read more
How I Found a Way to Prolong Password Reset Code Expiry
Free Article Link: Click for free!
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/how-i-found-a-way-to-prolong-password-reset-code-expiry-6214391023de?source=rss—-7b7 … ⌘ Read more
How I Deleted Any User’s Account— No Interaction Needed
Free Article Link: Click for free!
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/how-i-deleted-any-users-account-no-interaction-needed-faae0442ff4f?source=rss—-7b722bfd1 … ⌘ Read more
**Forget Me Not: How Broken Logout Functionality Let Me Ride Sessions Forever **
Hey there!😁
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/forget-me-not-how-broken-logout-function … ⌘ Read more
$256 Bounty : XSS via Web Cache Poisoning in Discourse
How Injecting Headers and Poisoning Cache Led to Stored Cross-Site Scripting
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/256-bounty-xss-via-web-cache-poisoning-in-d … ⌘ Read more
SameSite? SameMess: How I Bypassed Cookie Protections to Hijack Sessions ️♂️
Hey there!😁
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/samesi … ⌘ Read more
↳
In-reply-to
»
⤋ Read More
tar and find were written by the devil to make sysadmins even more miserable
@kat@yarn.girlonthemoon.xyz @prologic@twtxt.net Given that all these programs are super old (tar is from the late 1970ies), while trying to retain backwards-compatibilty, I’m not surprised that the UI isn’t too great. 🤔
find has quite a few pitfalls, that is very true. At work, we don’t even use it anymore in more complex scenarios but write Python scripts instead. find can be fast and efficient, but fewer and fewer people lack the knowledge to use it … The same goes for Shell scripting in general, actually.
Compress-a-thon — CSP Bypass via Redirection — Pentathon 2025
Compress-a-thon is a “web exploitation” challenge that was featured in Pentathon 2025 Finale Jeopardy CTF Round. This challenge involved…
[Continue reading on InfoSec Write-ups »](https://inf … ⌘ Read more
SSRF via PDF Generator? Yes, and It Led to EC2 Metadata Access
👨💻Free Article Link
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/ssrf-via-pdf-generator-yes-and-it-led-to-ec2-metadata-access-39b8e5b41840 … ⌘ Read more