Learning YARA: A Beginner SOC Analyst’s Notes
Learn how to build a YARA-powered malware detection and automation system using n8n, GPT, and hybrid analysis tools. This hands-on guide…
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/learnin … ⌘ Read more
$540 Bounty: How a Misconfigured Warning Endpoint in Apache Airflow Exposed DAG Secrets
CVE-2023–42780: An Improper Access Control Bug That Let Low-Privileged Users View DAG Impo … ⌘ Read more
**From Forgot Password to Forgot Validation: A Broken Flow That Let Me Take Over Accounts **
Hey there!😁
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/from … ⌘ Read more
Bug Bounty from Scratch | Everything You Need to Know About Bug Bounty
📌Free Article Link
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/bug-bounty-from-scratch-everything-you-need-to-know … ⌘ Read more
What technology to use for a small NGO website?
Hi Lobsters :) hope you’re having a cozy weekend
I’m volunteering to set up and maintain the website of an association/small NGO, and I need to choose the technology we will use. I would appreciate advice from the hive mind on what technologies/setup to use :)
The key constraints are:
- It should be feasible to teach a motivated non-coder how to adjust website content. Most of the content will be text & images describing the organisation and its va … ⌘ Read more
Google Dorking: A Hacker’s Best Friend
Hey, hacker friends! Ever wonder why people say Google is a hacker’s best friend? Well, I’m about to show you why.
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/google-dorking-a-hackers-best-friend-716dfb3e9739? … ⌘ Read more
The Hidden Admin Backdoor in Reddit Ads
An Invisibility Cloak for Attackers: How One Admin Created a Stealth Account That Even the Owner Couldn’t See or Remove
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/the-hidden-admin-backdoor-in-reddit-ads … ⌘ Read more
Bypassing Regex Validations to Achieve RCE: A Wild Bug Story
Free Article Lin
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/bypassing-regex-validations-to-achieve-rce-a-wild-bug-story-6476faccbc23?source=r … ⌘ Read more
The Year We Lost Control: How the AI Race Could End Humanity — or Save It
By now, you’ve probably heard whispers of a future shaped entirely by artificial intelligence. From Nobel laureates to the godfather of AI…
… ⌘ Read more
Memory Analysis Introduction | TryHackMe Write-Up | FarrosFR
Non-members are welcome to access the full story here.
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/memory-analysis-introduction-tryhackme-write-up-farrosfr-32e … ⌘ Read more
Passkeys: The Waterproof Defense Against Phishing Attacks
The Passkeys — a next-generation authentication technology poised to be a game-changer, offering what many describe as a truly waterproof…
[Continue reading on InfoSec Write-ups … ⌘ Read more
A Hidden Backdoor: Bypassing reCAPTCHA on the Sign-up Page
Free Article Link: Click for free!
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/a-hidden-backdoor-bypassing-recaptcha-on-the-sign-up-page-2b5b3c18257f … ⌘ Read more
** Cache Me If You Can: How I Poisoned the CDN and Hijacked User Sessions**
Free Link 🎈
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/cache-me-if-you-can-how-i-poisoned-the-cdn-and-hijacked … ⌘ Read more
GitHub Recon: The Underrated Technique to Discover High-Impact Leaks in Bug Bounty
Master the Art of Finding API Keys, Credentials and Sensitive Data in Public Repositories
[Continue re … ⌘ Read more
**Uncovering Amazon S3 Bucket Vulnerabilities: A Comprehensive Guide for Ethical Hackers **
How to Identify, Exploit, and Secure S3 Bucket Misconfigurations
[Continue reading on InfoSec Wr … ⌘ Read more
Logic Flaw: Deleting HackerOne Team Reports Without Access Rights
How a GraphQL Mutation Allowed Unauthorized Report Deletion Across Teams
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/logic-flaw … ⌘ Read more
This One Hacker Trick Got Me Access to an Admin Dashboard ️
Sometimes, it’s not about brute force. It’s about finesse. One header. One oversight. One open door.
— A Hacker’s Mindset 🧠
[Continue reading on InfoSec … ⌘ Read more
**Unsafe Redirects = Unlimited Ride: How Open Redirect Led Me to Internal Dashboards **
Hey there!😁
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/unsafe-redirects-unlimi … ⌘ Read more
I Tried 10 Recon Tools for 7 Days — Here’s What Actually Found Bugs
Free Article Link
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/i-tried-10-recon-tools-for-7-days-heres-what-actually-found-bug … ⌘ Read more
$500 Bounty: Shopify Referrer Leak: Hijacking Storefront Access with a Single Token
Referrer Header Leaks + Iframe Injection = Storefront Password Bypass
[Continue reading on InfoSec Writ … ⌘ Read more
$750 Bounty: for HTTP Reset Password Link in Mattermost
How an Unsecured Protocol in a Critical Workflow Opened the Door for Network-Based Account Takeovers
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/750-bounty-for … ⌘ Read more
Exploiting Web Cache Poisoning with X-Host Header Using Param Miner
[Write-up] Web Cache Poisoning Using an Unknown Header.
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/exploiting-web-ca … ⌘ Read more
**Header Injection to Hero: How I Hijacked Emails and Made the Server Sing **
Hey there!😁
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/header-injection-to-hero-how-i-hijacked-emails-an … ⌘ Read more
Signal uses Windows’ DRM to counter Recall snooping
Microsoft’s Recall feature, which takes screenshots of the contents of your screen every few seconds, saves them, and then runs text and image recognition to extract information from them, has had a rocky start. Even now that it’s out there and Microsoft deems it ready for everyone to use, it has huge security and privacy gaps, and one of them is that applications that contain sensitive information, such as the Windows Signal app … ⌘ Read more
Beyond best practices: Using OWASP ASVS to bake security into your delivery pipeline for 2025
How to turn a community-driven checklist into a living part of your SDLC.
[Cont … ⌘ Read more
Find Secrets in Hidden Directories Using Fuzzing ️
Free Article Link
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/find-secrets-in-hidden-directories-using-fuzzing-%EF%B8%8F-1666d6f34fd8?source=rss—-7b722bfd1b8d- … ⌘ Read more
Lab: Exploiting server-side parameter pollution in a query string
Server Side parameter pollution
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/lab-exploiting-server-side-parameter-pollution-in-a … ⌘ Read more
Breaking Twitter’s VPN: $20,160 Bounty for a Pre-Auth RCE via Pulse Secure Chain
How Orange Tsai & Meh Chang Combined File Read, Session Hijack, and Admin Injection to Breach Twitter’s Internal … ⌘ Read more
**One Endpoint to Rule Them All: How I Chained 3 Bugs into Full Account Takeover **
Hey there!😁
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/one-endpoint-to-rule-them-all-h … ⌘ Read more
Demystifying Cookies : The Complete Guide for Bug Bounty Hunters — Part 1
Everything you need to know about cookies to expand your attack surface and find real bugs.
[Continue reading on InfoSec Write-ups »](h … ⌘ Read more
**Silent but Deadly: How Blind XSS in Email Notifications Gave Me Root Alerts **
Hey there!😁
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/silent-but-deadly-how-blind-xss-in-email … ⌘ Read more
DFIR: An Introduction | TryHackMe Write-Up | FarrosFR
Here is my article on the walkthrough of a free room: DFIR: An Introduction. Introductory room for the DFIR module. I wrote this in 2025…
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/ … ⌘ Read more
MITM HTTPS Payload with Python
A lightweight MITM tool for monitoring encrypted traffic and detecting threats powered by AI and built in Python
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/mitm-https-payload-with-python-499ebf8e933f?source=rss—-7b722bfd1b8d— … ⌘ Read more
**From CSP to OMG: How a Tiny Misconfigured Header Let Me Run JS Anywhere **
Hey there!😁
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/from-csp-to-omg-how-a-tiny-misconfigured-header-let- … ⌘ Read more
I Gave Myself 60 Minutes to Find a Bug — This Is What Happened
Free Article Link
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/i-gave-myself-60-minutes-to-find-a-bug-this-is-what-happened-e5fa76563a33?so … ⌘ Read more
From Zero to $1000/Month | Bug Bounty Automation Blueprint
Proven Tactics, Tools, and Code to Automate Your Way to Consistent Bounties
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/from-zero-to-1000-month-bug-boun … ⌘ Read more
️My Top 7 Mistakes as a New Bug Hunter (And How to Avoid Them)
Free Article Link only for you
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/%EF%B8%8Fmy-top-7-mistakes-as-a-new-bug-hunter- … ⌘ Read more
** The Misconfigured Magnet: How Public Buckets Exposed Millions of User Files **
Hey there😁
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/the-misconfigured-magnet-how-public-buck … ⌘ Read more
↳
In-reply-to
»
@thecanine @movq So I actually agree with you! I think Dustin is taking a bit of a "deep and dark" path here (depression), and there are many parallels to other types of activities that we can all talk to. "AI" or "LLM"(s) here should be no different. Use them, Don't use them. I don't really see how it takes away our creativity or critical thinking.
⤋ Read More
@prologic@twtxt.net What I meant, is that I will not say that someone is not really a writer, if they choose to have what they wrote, ran through some spelling and sentence structure checker, like the one included in MS Word, the average phone keyboard, or on reverso.net - given that they look over the output and make sure the corrections make sense.
Similarly, I won’t complain much, if someone uses AI, to remove backgrounds from images, where the AI can preform this task, as well as a human would and makes sure to check it afterwards, or use ai as a way to sort large quantities of images - usually done for science. An example of this, would be having terabytes of plant photos, from some cities camera system and having an AI analyse them, in an attempt to detect notable changes, like mold, parasites, or the plants needing more water.
** They Missed This One Tiny Parameter — I Made $500 Instantly**
✨Free Article Link
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/they-missed-this-one-tiny-parameter-i-made-500-instantly-f2f7d1c1c1d9?source=rss—-7 … ⌘ Read more
The Battle for Python’s Soul: How uv is Challenging pip’s Championship Reign
The stadium lights flicker on. The crowd falls silent. In the blue corner, weighing in with over a decade of dominance and … ⌘ Read more
You are not needed
You want more “AI”? No? Well, too damn bad, here’s “AI” in your file manager. With AI actions in File Explorer, you can interact more deeply with your files by right-clicking to quickly take actions like editing images or summarizing documents. Like with Click to Do, AI actions in File Explorer allow you to stay in your flow while leveraging the power of AI to take advantage of editing tools in apps or Copilot functionality without having to open your file. AI actions in File Explorer are easi … ⌘ Read more
↳
In-reply-to
»
@thecanine @movq So I actually agree with you! I think Dustin is taking a bit of a "deep and dark" path here (depression), and there are many parallels to other types of activities that we can all talk to. "AI" or "LLM"(s) here should be no different. Use them, Don't use them. I don't really see how it takes away our creativity or critical thinking.
⤋ Read More
@bender@twtxt.net @prologic@twtxt.net Jokes aside, I don’t think that’s the right approach either. We had spell checkers, since I can remember, as well as other tools, like the smart image select, used mostly to remove backgrounds. These are tools, that just simplify the process of either opening up a dictionary and looking up a word, you can’t remember the spelling of, or the process of placing a billion little dots around the part of an image you want to select - none of these are creative or enjoyable tasks, we already had tools for them, decades before AI. I don’t think we need to go back to cave paintings, to be free of AIs influence on our creative work.
Rabbit Store | TryHackMe Medium
Problems: What is user.txt? What is root.txt? Solution: First of all we get a IP address so I preformed an NMAP scan discovering ports…
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/rabbit-store-tryhackme-medium-f9f5069fbb50?source=r … ⌘ Read more