# Twtxt is an open, distributed microblogging platform that # uses human-readable text files, common transport protocols, # and free software. # # Learn more about twtxt at https://github.com/buckket/twtxt # # This is an automated Yarn.social feed running feeds v0.1.0@72e53a9 # Learn more about Yarn.social at https://yarn.social # # nick = infosec-write-ups-medium # url = https://feeds.twtxt.net/infosec-write-ups-medium/twtxt.txt # type = rss # source = https://infosecwriteups.com/feed # avatar = https://feeds.twtxt.net/infosec-write-ups-medium/avatar.png#g7lgdrxj7kzxpnt5cnipgwwla267fo37sbahua7sc7vx6z6d6bdq # description = # updated_at = 2023-12-01T09:36:57Z # 2022-04-13T12:54:52Z **Heap Exploitation for Homo sapiens.** ⌘ [Read more](https://infosecwriteups.com/heap-exploitation-for-homo-sapiens-f166cd6a59fe?source=rss----7b722bfd1b8d---4) 2022-04-13T12:54:25Z **Arming the Use-After-Free()** ⌘ [Read more](https://infosecwriteups.com/arming-the-use-after-free-bc174a26c5f4?source=rss----7b722bfd1b8d---4) 2022-04-13T12:53:18Z **ROP Chains on ARM** ⌘ [Read more](https://infosecwriteups.com/rop-chains-on-arm-3f087a95381e?source=rss----7b722bfd1b8d---4) 2022-04-13T12:52:42Z **Integer Overflows in ARM** ⌘ [Read more](https://infosecwriteups.com/integer-overflows-in-arm-b4e650d072d4?source=rss----7b722bfd1b8d---4) 2022-04-13T12:51:32Z **Invoking mprotect() using ROP Chains in ARM** ⌘ [Read more](https://infosecwriteups.com/invoking-mprotect-using-rop-chains-in-arm-d737bea2a9bb?source=rss----7b722bfd1b8d---4) 2022-04-13T12:47:30Z **500$ Bug: Sensitive Data Exposure to Broken Access Control leads, How I able to take over any…** ⌘ [Read more](https://infosecwriteups.com/500-bug-sensitive-data-exposure-to-broken-access-control-leads-how-i-able-to-take-over-any-33658f16e265?source=rss----7b722bfd1b8d---4) 2022-04-13T12:47:04Z **P1 Vulnerability: How I chained Logical-Error to Account-Takeover Vulnerability ‍that No-One…** ⌘ [Read more](https://infosecwriteups.com/p1-vulnerability-how-i-chained-logical-error-to-account-takeover-vulnerability-that-no-one-59aa88a9cae8?source=rss----7b722bfd1b8d---4) 2022-04-13T08:21:05Z **How hackers impersonate email-id’s : Email Spoofing and Phishing Attacks** ⌘ [Read more](https://infosecwriteups.com/how-hackers-impersonate-email-ids-email-spoofing-and-phishing-attacks-a215fcf9341b?source=rss----7b722bfd1b8d---4) 2022-04-13T07:20:01Z **How a YouTube Video lead to pwning a web application via SQL Injection worth $4324 bounty** ⌘ [Read more](https://infosecwriteups.com/how-a-youtube-video-lead-to-pwning-a-web-application-via-sql-injection-worth-4324-bounty-285f0a9b9f6c?source=rss----7b722bfd1b8d---4) 2022-04-13T07:19:50Z **Android Pentesting Setup On Macbook M1** ⌘ [Read more](https://infosecwriteups.com/android-pentesting-setup-on-macbook-m1-d2f1f0a8db4b?source=rss----7b722bfd1b8d---4) 2022-04-14T09:47:09Z **BITB (browser in the browser)Attack** ⌘ [Read more](https://infosecwriteups.com/bitb-browser-in-the-browser-attack-e2008c405701?source=rss----7b722bfd1b8d---4) 2022-04-14T09:46:47Z **Develop Bluetooth Apps | Fundamentals, Tools & Coding** ⌘ [Read more](https://infosecwriteups.com/develop-bluetooth-apps-fundamentals-tools-coding-4a08922a7cd6?source=rss----7b722bfd1b8d---4) 2022-04-14T10:48:46Z **Bypass Rate Limit — A blank space leads to this random encounter!** ⌘ [Read more](https://infosecwriteups.com/bypass-rate-limit-a-blank-space-leads-to-this-random-encounter-e18e72fbf228?source=rss----7b722bfd1b8d---4) 2022-04-14T12:50:58Z **Serialization&Deserialization Attacks** ⌘ [Read more](https://infosecwriteups.com/serialization-deserialization-attacks-on-php-d5fb02e29248?source=rss----7b722bfd1b8d---4) 2022-04-17T20:37:21Z **THM Writeup: VulnNet Roasted** ⌘ [Read more](https://infosecwriteups.com/thm-writeup-vulnnet-roasted-8f4e18314ca7?source=rss----7b722bfd1b8d---4) 2022-04-17T20:37:15Z **Devzat from HackTheBox — Detailed Walkthrough** ⌘ [Read more](https://infosecwriteups.com/devzat-from-hackthebox-detailed-walkthrough-46f39b25fa82?source=rss----7b722bfd1b8d---4) 2022-04-17T20:35:55Z **Tech_Supp0rt: 1 (Tryhackme)** ⌘ [Read more](https://infosecwriteups.com/tech-supp0rt-1-tryhackme-59896cbb9957?source=rss----7b722bfd1b8d---4) 2022-04-17T21:37:17Z **TryHackMe writeup: Bebop** ⌘ [Read more](https://infosecwriteups.com/tryhackme-writeup-bebop-ed290135d7e2?source=rss----7b722bfd1b8d---4) 2022-04-18T12:47:57Z **How Mobile Operators should Thousands of Dollars because of SMS Malware.** ⌘ [Read more](https://infosecwriteups.com/how-mobile-operators-should-thousands-of-dollars-because-of-sms-malware-2a4d7ac1e3a2?source=rss----7b722bfd1b8d---4) 2022-04-20T10:23:00Z **$1000: How I could have Hack any account and become a billionaire overnightTop Crypto-Trading….** ⌘ [Read more](https://infosecwriteups.com/1000-how-i-could-have-hack-any-account-and-become-a-billionaire-overnight-top-crypto-trading-ff0e25b6013c?source=rss----7b722bfd1b8d---4) 2022-04-20T10:22:53Z **Create Bind and Reverse Shells using Netcat** ⌘ [Read more](https://infosecwriteups.com/create-bind-and-reverse-shells-using-netcat-c53b23df8059?source=rss----7b722bfd1b8d---4) 2022-04-20T11:27:00Z **Burp Suite Extensions for Web Hunting**
[![](https://cdn-images-1.medium.com/max/600/1*FhcCd_K_IiFpaoQIy6C66w.png)](https://infosecwriteups.com/burp-suite-extensions-for-web-hunting-44ffc3b655aa?source=rss----7b722bfd1b8d---4)

Introduction

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/burp-suite-extensions-for-web-hunting-44ffc3b655aa?source=rss----7b722bfd1b8d---4) ⌘ [Read more](https://infosecwriteups.com/burp-suite-extensions-for-web-hunting-44ffc3b655aa?source=rss----7b722bfd1b8d---4) 2022-04-22T11:06:35Z **A Facebook Bug that Disclosed Unused Custom Thumbnails of Any Facebook Page’s Public Videos** ⌘ [Read more](https://infosecwriteups.com/a-facebook-bug-that-disclosed-unused-custom-thumbnails-of-any-facebook-pages-public-videos-6414dc1f7adb?source=rss----7b722bfd1b8d---4) 2022-04-22T12:06:09Z **Pythonic Malware Part-2: Reversing Python Executables**
[![](https://cdn-images-1.medium.com/max/2600/0*RqfyqDbuA5dzxWp-)](https://infosecwriteups.com/pythonic-malware-part-2-reversing-python-executables-1b197bd023ca?source=rss----7b722bfd1b8d---4)

In Pythonic Malware Part-1, I demonstrated how Python executables can be used to bypass Windows Defender and successfully launch…

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com ... ⌘ [Read more](https://infosecwriteups.com/pythonic-malware-part-2-reversing-python-executables-1b197bd023ca?source=rss----7b722bfd1b8d---4) 2022-04-22T13:06:06Z **How I Bypass 2FA while Resetting Password**
[![](https://cdn-images-1.medium.com/max/725/1*tb1iUKE5DjTJiAz1L8sdkA.png)](https://infosecwriteups.com/how-i-bypass-2fa-while-resetting-password-3f73bf665728?source=rss----7b722bfd1b8d---4)

It was a private program on “Hackerone” , I had set target in my mind that I have to bypass 2fa, so I checked every method to bypass “Two…

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/how-i-bypass-2f ... ⌘ [Read more](https://infosecwriteups.com/how-i-bypass-2fa-while-resetting-password-3f73bf665728?source=rss----7b722bfd1b8d---4) 2022-04-24T08:09:13Z **How to perform a basic SQL Injection Attack? — Ethical Hacking** ⌘ [Read more](https://infosecwriteups.com/how-to-perform-a-basic-sql-injection-attack-ethical-hacking-f59e5ccbe51f?source=rss----7b722bfd1b8d---4) 2022-04-24T21:53:58Z **THM: Raz0rBlack** ⌘ [Read more](https://infosecwriteups.com/thm-raz0rblack-b368631c38a5?source=rss----7b722bfd1b8d---4) 2022-04-24T22:57:33Z **Secret from HackTheBox — Detailed Walkthrough** ⌘ [Read more](https://infosecwriteups.com/secret-from-hackthebox-detailed-walkthrough-d256fb39a910?source=rss----7b722bfd1b8d---4) 2022-04-26T15:58:35Z **Tryhackme: Anonymous** ⌘ [Read more](https://infosecwriteups.com/tryhackme-anonymous-d7d5b6d14478?source=rss----7b722bfd1b8d---4) 2022-04-26T15:57:31Z **Tryhackme: AgentSudo** ⌘ [Read more](https://infosecwriteups.com/tryhackme-agentsudo-fcc701caeae3?source=rss----7b722bfd1b8d---4) 2022-04-26T17:03:25Z **Advanced Docker Security Part II**
[![](https://cdn-images-1.medium.com/max/750/1*yRcI2Y7WBKbSTsEuqVLPyg.jpeg)](https://infosecwriteups.com/advanced-docker-security-part-ii-4a6994f0c328?source=rss----7b722bfd1b8d---4)

Introduction

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/advanced-docker-security-part-ii-4a6994f0c328?source=rss----7b722bfd1b8d---4) ⌘ [Read more](https://infosecwriteups.com/advanced-docker-security-part-ii-4a6994f0c328?source=rss----7b722bfd1b8d---4) 2022-04-27T09:27:33Z **Using PGP to enhance security and non-repudiation of terraform ops** ⌘ [Read more](https://infosecwriteups.com/using-pgp-to-enhance-security-and-non-repudiation-of-terraform-ops-93c0b4bb209f?source=rss----7b722bfd1b8d---4) 2022-04-28T12:24:13Z **Hacking IPMI and Zabbix in HackTheBox — Shibboleth** ⌘ [Read more](https://infosecwriteups.com/hacking-ipmi-and-zabbix-in-hackthebox-shibboleth-e48c4f235faf?source=rss----7b722bfd1b8d---4) 2022-04-28T13:27:35Z **PicoCTF 2022 Web Exploitation** ⌘ [Read more](https://infosecwriteups.com/picoctf-2022-web-exploitation-558673a65f79?source=rss----7b722bfd1b8d---4) 2022-05-01T14:31:52Z **NahamCon CTF 2022 Write-up: Click Me! Android challenge** ⌘ [Read more](https://infosecwriteups.com/nahamcon-ctf-2022-write-up-click-me-android-challenge-63ccba7cb663?source=rss----7b722bfd1b8d---4) 2022-05-01T14:31:40Z **TryHackMe — Content Discovery** ⌘ [Read more](https://infosecwriteups.com/tryhackme-content-discovery-ade077cf7437?source=rss----7b722bfd1b8d---4) 2022-05-01T15:38:25Z **Vulnerabilities that shook the internet**
[![](https://cdn-images-1.medium.com/max/1920/1*V6k1ntnSRUjmG6aWTL8EFA.jpeg)](https://infosecwriteups.com/vulnerabilities-that-shook-the-internet-4cb82a22d3ff?source=rss----7b722bfd1b8d---4)

Introduction

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/vulnerabilities-that-shook-the-internet-4cb82a22d3ff?source=rss----7b722bfd1b8d---4) ⌘ [Read more](https://infosecwriteups.com/vulnerabilities-that-shook-the-internet-4cb82a22d3ff?source=rss----7b722bfd1b8d---4) 2022-05-03T13:51:52Z **THM Writeup: Ra** ⌘ [Read more](https://infosecwriteups.com/thm-writeup-ra-7e276f05700?source=rss----7b722bfd1b8d---4) 2022-05-03T14:57:41Z **Shibboleth from HackTheBox — Detailed Walkthrough** ⌘ [Read more](https://infosecwriteups.com/shibboleth-from-hackthebox-detailed-walkthrough-97c7055cb94d?source=rss----7b722bfd1b8d---4) 2022-05-03T15:57:42Z **The ABCs of Kerberoasting**
[![](https://cdn-images-1.medium.com/max/2600/0*qnhxgfd5CAtfeUpS)](https://infosecwriteups.com/the-abcs-of-kerberoasting-4b192e6a9fb4?source=rss----7b722bfd1b8d---4)

Introduction

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/the-abcs-of-kerberoasting-4b192e6a9fb4?source=rss----7b722bfd1b8d---4) ⌘ [Read more](https://infosecwriteups.com/the-abcs-of-kerberoasting-4b192e6a9fb4?source=rss----7b722bfd1b8d---4) 2022-05-04T13:01:27Z **Rate Limiting attack bypassing invisible captcha** ⌘ [Read more](https://infosecwriteups.com/rate-limiting-attack-bypassing-invisible-captcha-a6e800903c5f?source=rss----7b722bfd1b8d---4) 2022-05-04T14:03:33Z **NahamCon 2022 CTF Write-up: “No Space Between Us” Challenge** ⌘ [Read more](https://infosecwriteups.com/nahamcon-2022-ctf-write-up-no-space-between-us-challenge-887965280f77?source=rss----7b722bfd1b8d---4) 2022-05-06T05:31:48Z **Clique Writeup — ångstromCTF 2022** ⌘ [Read more](https://infosecwriteups.com/clique-writeup-%C3%A5ngstromctf-2022-e7ae871eaa0e?source=rss----7b722bfd1b8d---4) 2022-05-06T06:37:15Z **TryHackMe writeup: Atlas** ⌘ [Read more](https://infosecwriteups.com/tryhackme-writeup-atlas-c3dff235d109?source=rss----7b722bfd1b8d---4) 2022-05-06T07:38:39Z **Backdoor from HackTheBox — Detailed Walkthrough** ⌘ [Read more](https://infosecwriteups.com/backdoor-from-hackthebox-detailed-walkthrough-93d238979397?source=rss----7b722bfd1b8d---4) 2022-05-07T20:49:40Z **Shellcode Analysis** ⌘ [Read more](https://infosecwriteups.com/shellcode-analysis-313bf4ca4dec?source=rss----7b722bfd1b8d---4) 2022-05-07T20:49:29Z **I Secured More Than 10 Million User's Data on the Kerala Government Website Maintained by NIC.** ⌘ [Read more](https://infosecwriteups.com/i-secured-more-than-10-million-users-data-on-the-kerala-government-website-maintained-by-nic-fb7d5a9f156b?source=rss----7b722bfd1b8d---4) 2022-05-07T20:49:04Z **C Language for Hackers & Beyond! 0x01** ⌘ [Read more](https://infosecwriteups.com/c-language-for-hackers-beyond-0x01-23bdb00e53f2?source=rss----7b722bfd1b8d---4) 2022-05-07T20:48:32Z **India’s Biggest Hack — 1100+ Security bugs in Indian Government Websites and Servers compromised** ⌘ [Read more](https://infosecwriteups.com/indias-biggest-hack-1100-security-bugs-in-indian-government-websites-and-servers-compromised-1f10a4c0a631?source=rss----7b722bfd1b8d---4) 2022-05-07T21:52:39Z **TryHackMe — Nessus** ⌘ [Read more](https://infosecwriteups.com/tryhackme-nessus-3bcd7a04e484?source=rss----7b722bfd1b8d---4) 2022-05-07T22:52:59Z **What caused Psychic Signatures Vulnerability (CVE-2022–21449)?**
[![](https://cdn-images-1.medium.com/max/2600/0*FgNC8xUGciscl1Zp)](https://infosecwriteups.com/what-caused-psychic-signatures-vulnerability-cve-2022-21449-60542811eac2?source=rss----7b722bfd1b8d---4)

Introduction

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/what-caused-psychic-signatures-vulnerability-cve-2022-21449-60542811eac2?source=rss----7b722b ... ⌘ [Read more](https://infosecwriteups.com/what-caused-psychic-signatures-vulnerability-cve-2022-21449-60542811eac2?source=rss----7b722bfd1b8d---4) 2022-05-09T13:56:05Z **THM Writeup: Ra 2** ⌘ [Read more](https://infosecwriteups.com/thm-writeup-ra-2-ed3de7c719a8?source=rss----7b722bfd1b8d---4) 2022-05-10T16:14:13Z **Common C Vulnerabilities**
[![](https://cdn-images-1.medium.com/max/2600/0*0KiOvYYHbaIQAxdX)](https://infosecwriteups.com/common-c-vulnerabilities-b84777e071b9?source=rss----7b722bfd1b8d---4)

Introduction

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/common-c-vulnerabilities-b84777e071b9?source=rss----7b722bfd1b8d---4) ⌘ [Read more](https://infosecwriteups.com/common-c-vulnerabilities-b84777e071b9?source=rss----7b722bfd1b8d---4) 2022-05-11T10:45:37Z **PWN101 Walkthrough | TryHackMe** ⌘ [Read more](https://infosecwriteups.com/pwn101-walkthrough-tryhackme-d34b4236b2a0?source=rss----7b722bfd1b8d---4) 2022-05-11T10:45:30Z **Cryptography essential for H4CK3R and CTF player 0x1(encoding).** ⌘ [Read more](https://infosecwriteups.com/cryptography-essential-for-h4ck3r-and-ctf-player-0x1-encoding-b638ab5821a9?source=rss----7b722bfd1b8d---4) 2022-05-11T11:47:36Z **11 Essential Tools for Java Developers** ⌘ [Read more](https://infosecwriteups.com/11-essential-tools-for-java-developers-725228f41234?source=rss----7b722bfd1b8d---4) 2022-05-12T10:47:44Z **Api endpoint- Revealed Transaction Details of about Millions of users** ⌘ [Read more](https://infosecwriteups.com/api-endpoint-revealed-transaction-details-of-about-millions-of-users-9d5a5324547f?source=rss----7b722bfd1b8d---4) 2022-05-16T09:47:02Z **Module-1 | Introduction -Pentesting & Bypassing AWS/Azure/GCP Cloud WAF Fun & Profit** ⌘ [Read more](https://infosecwriteups.com/module-1-introduction-pentesting-bypassing-cloud-waf-fun-profit-75f315951aa8?source=rss----7b722bfd1b8d---4) 2022-05-17T07:35:47Z **Create Your Ultimate Bug Bounty Automation Without Nerdy Bash Skills (Part 3)** ⌘ [Read more](https://infosecwriteups.com/create-your-ultimate-bug-bounty-automation-without-nerdy-bash-skills-part-3-7ee2b353a781?source=rss----7b722bfd1b8d---4) 2022-05-17T07:35:40Z **Create Your Ultimate Bug Bounty Automation Without Nerdy Bash Skills (Part 2)** ⌘ [Read more](https://infosecwriteups.com/create-your-ultimate-bug-bounty-automation-without-nerdy-bash-skills-part-2-c8cd72018922?source=rss----7b722bfd1b8d---4) 2022-05-17T07:35:28Z **What is SSH and How to use it? | With Examples** ⌘ [Read more](https://infosecwriteups.com/what-is-ssh-and-how-to-use-it-with-examples-578c72ff32b0?source=rss----7b722bfd1b8d---4) 2022-05-17T07:35:19Z **Module-2 | Introduction -Pentesting & Bypassing AWS/Azure/GCP Cloud WAF Fun & Profit** ⌘ [Read more](https://infosecwriteups.com/module-2-introduction-pentesting-bypassing-aws-azure-gcp-cloud-waf-fun-profit-cfcfd55454f6?source=rss----7b722bfd1b8d---4) 2022-05-17T07:35:12Z **This is how my Windows 10 Hacked! and how i overcome it (Remove a Trojan-Horse from affected PC).** ⌘ [Read more](https://infosecwriteups.com/this-is-how-my-windows-10-hacked-and-how-i-overcome-it-remove-a-trojan-horse-from-affected-pc-9cb5c90df26d?source=rss----7b722bfd1b8d---4) 2022-05-17T07:34:40Z **Create Your Ultimate Bug Bounty Automation Without Nerdy Bash Skills (Part 1)** ⌘ [Read more](https://infosecwriteups.com/create-your-ultimate-bug-bounty-automation-without-nerdy-bash-skills-part-1-a78c2b109731?source=rss----7b722bfd1b8d---4) 2022-05-17T08:37:06Z **Bypassing WAF to Weaponize a Stored XSS** ⌘ [Read more](https://infosecwriteups.com/bypassing-waf-to-weaponize-a-stored-xss-ff9963c421ee?source=rss----7b722bfd1b8d---4) 2022-05-18T08:00:02Z **The Basics of Subdomain Takeovers** ⌘ [Read more](https://infosecwriteups.com/the-basics-of-subdomain-takeovers-a0bbd4c84a4?source=rss----7b722bfd1b8d---4) 2022-05-19T08:42:44Z **Active Directory Overview** ⌘ [Read more](https://infosecwriteups.com/active-directory-overview-98692e1b0233?source=rss----7b722bfd1b8d---4) 2022-05-19T08:42:25Z **Unicode from HackTheBox — Detailed Walkthrough** ⌘ [Read more](https://infosecwriteups.com/unicode-from-hackthebox-detailed-walkthrough-5da3481816de?source=rss----7b722bfd1b8d---4) 2022-05-20T07:30:09Z **Cyber Apocalypse CTF 2022 — Web — Intergalactic Post Write-up** ⌘ [Read more](https://infosecwriteups.com/cyber-apocalypse-ctf-2022-web-intergalactic-post-write-up-9f2b1acc5386?source=rss----7b722bfd1b8d---4) 2022-05-20T07:30:04Z **Cyber Apocalypse CTF 2022 — Web — Amidst Us Write-up** ⌘ [Read more](https://infosecwriteups.com/cyber-apocalypse-ctf-2022-web-amidst-us-write-up-a6864e23c3b9?source=rss----7b722bfd1b8d---4) 2022-05-20T07:29:59Z **Cyber Apocalypse CTF 2022 — Misc — Compressor Write-up (easy way)** ⌘ [Read more](https://infosecwriteups.com/cyber-apocalypse-ctf-2022-misc-compressor-write-up-easy-way-de9efcccd6af?source=rss----7b722bfd1b8d---4) 2022-05-20T07:29:55Z **Cyber Apocalypse CTF 2022 — Web — Kryptos Support Write-up** ⌘ [Read more](https://infosecwriteups.com/cyber-apocalypse-ctf-2022-web-kryptos-support-write-up-2cf5057c4161?source=rss----7b722bfd1b8d---4) 2022-05-20T07:29:36Z **Cyber Apocalypse CTF 2022 — Intergalactic Chase Write up** ⌘ [Read more](https://infosecwriteups.com/cyber-apocalypse-ctf-2022-intergalactic-chase-write-up-6d2e89b1633e?source=rss----7b722bfd1b8d---4) 2022-05-20T08:31:16Z **Implementing Security in SDLC**
[![](https://cdn-images-1.medium.com/max/1400/0*WgbwcIcQFGpwkF8j)](https://infosecwriteups.com/implementing-security-in-sdlc-631ff4fd5451?source=rss----7b722bfd1b8d---4)

Introduction

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/implementing-security-in-sdlc-631ff4fd5451?source=rss----7b722bfd1b8d---4) ⌘ [Read more](https://infosecwriteups.com/implementing-security-in-sdlc-631ff4fd5451?source=rss----7b722bfd1b8d---4) 2022-05-20T08:28:56Z **Wireless Penetration Testing (WPA-2 Cracking)** ⌘ [Read more](https://infosecwriteups.com/wireless-penetration-testing-wpa-2-cracking-9c925e51a873?source=rss----7b722bfd1b8d---4) 2022-05-22T09:05:45Z **OTP Bypass on Vahak.in** ⌘ [Read more](https://infosecwriteups.com/otp-bypass-on-vahak-in-f4931e195697?source=rss----7b722bfd1b8d---4) 2022-05-22T09:05:07Z **TryHackMe: Biblioteca** ⌘ [Read more](https://infosecwriteups.com/tryhackme-biblioteca-c56be949564c?source=rss----7b722bfd1b8d---4) 2022-05-24T07:51:18Z **Cybersecurity & Application Attacks**
[![](https://cdn-images-1.medium.com/max/2600/1*jVeAyZy_4ryg0MG8XjPilw.jpeg)](https://infosecwriteups.com/objective-1-3-application-attacks-3f36896715fd?source=rss----7b722bfd1b8d---4)

Buffer Overflow and XSS Cross-site Scripting attacks for SY0–601

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/objective-1-3-application-attacks-3f36896715fd?source=rss----7b722bfd1b8d---4) ⌘ [Read more](https://infosecwriteups.com/objective-1-3-application-attacks-3f36896715fd?source=rss----7b722bfd1b8d---4) 2022-05-24T08:57:21Z **How I Found a company’s internal S3 Bucket with 41k Files** ⌘ [Read more](https://infosecwriteups.com/how-i-found-a-companys-internal-s3-bucket-with-41k-files-94b453e588b5?source=rss----7b722bfd1b8d---4) 2022-05-25T06:54:10Z **Antivirus Evasion — Part 1** ⌘ [Read more](https://infosecwriteups.com/antivirus-evasion-26a30f072f76?source=rss----7b722bfd1b8d---4) 2022-05-25T06:51:50Z **Hacking Web3: Introduction and How to Start** ⌘ [Read more](https://infosecwriteups.com/hacking-web3-introduction-and-how-to-start-88ae2c51f3ec?source=rss----7b722bfd1b8d---4) 2022-05-25T06:51:34Z **Kerberos Authentication in Active Directory** ⌘ [Read more](https://infosecwriteups.com/kerberos-authentication-in-active-directory-2dc4af232f65?source=rss----7b722bfd1b8d---4) 2022-05-25T07:52:39Z **Nunchucks from HackTheBox — Detailed Walkthrough** ⌘ [Read more](https://infosecwriteups.com/nunchucks-from-hackthebox-detailed-walkthrough-c09ba0f276fa?source=rss----7b722bfd1b8d---4) 2022-05-25T08:53:58Z **TryHackMe writeup: HackPark** ⌘ [Read more](https://infosecwriteups.com/tryhackme-writeup-hackpark-bd9c075c5262?source=rss----7b722bfd1b8d---4) 2022-05-25T09:53:21Z **Approaching CTF OSINT Challenges — Learn by Example** ⌘ [Read more](https://infosecwriteups.com/approaching-ctf-osint-challenges-learn-by-example-b92be1dddc8d?source=rss----7b722bfd1b8d---4) 2022-05-25T10:52:35Z **Learning Linux & InfoSec Principles Using OverTheWire’s Bandit — Part 4** ⌘ [Read more](https://infosecwriteups.com/learning-linux-infosec-principles-using-overthewires-bandit-part-4-a202c2e44843?source=rss----7b722bfd1b8d---4) 2022-05-26T05:54:22Z **Secure Code Review -1 | Cheat sheet For Security Vulnerability In Python — Injection Flaws**
Based on OWASP Top-10 Vulnerabilities. This time we are looking for secure coding bugs related to Injection Flaws

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/secure-code-review-1-cheat-sheet-for-security-vulnerability-in-python-injection-flaws-15c93b9d754f?source=rss----7b722bfd1b8d---4) ⌘ [Read more](https://infosecwriteups.com/secure-code-review-1-cheat-sheet-for-security-vulnerability-in-python-injection-flaws-15c93b9d754f?source=rss----7b722bfd1b8d---4) 2022-05-26T05:54:16Z **Module-2 | Introduction -Pentesting & Bypassing AWS/Azure/GCP Cloud WAF Fun & Profit**
[![](https://cdn-images-1.medium.com/max/1290/1*-rZYQ4hufBSXDednAQ3XqQ.png)](https://infosecwriteups.com/module-2-introduction-pentesting-bypassing-aws-azure-gcp-cloud-waf-fun-profit-9c87b6276fe7?source=rss----7b722bfd1b8d---4)

Q. What is Core Rule Set & why it is utilized by all the cloud WAFs?
A. We will try to understand more about ... ⌘ [Read more](https://infosecwriteups.com/module-2-introduction-pentesting-bypassing-aws-azure-gcp-cloud-waf-fun-profit-9c87b6276fe7?source=rss----7b722bfd1b8d---4) 2022-05-26T05:54:07Z **Module-3 | Introduction -Pentesting & Bypassing AWS/Azure/GCP Cloud WAF Fun & Profit**
[![](https://cdn-images-1.medium.com/max/1290/1*eulqyvUY36J18tEwCHskFA.png)](https://infosecwriteups.com/module-3-introduction-pentesting-bypassing-aws-azure-gcp-cloud-waf-fun-profit-6b38a836d78f?source=rss----7b722bfd1b8d---4)

1\. Setting up Vulnerable Application For AWS WAF

[Continue reading on InfoSec Write-ups »](https://infosecw ... ⌘ [Read more](https://infosecwriteups.com/module-3-introduction-pentesting-bypassing-aws-azure-gcp-cloud-waf-fun-profit-6b38a836d78f?source=rss----7b722bfd1b8d---4) 2022-05-26T20:38:18Z **Operational Methodologies of Cyber Terrorist Organization “Transparent Tribe”** ⌘ [Read more](https://infosecwriteups.com/operational-methodologies-of-cyber-terrorist-organization-transparent-tribe-3389bdc1db3e?source=rss----7b722bfd1b8d---4) 2022-05-26T20:38:07Z **Penetration Testing Benefits** ⌘ [Read more](https://infosecwriteups.com/penetration-testing-benefits-348aa3a168a3?source=rss----7b722bfd1b8d---4) 2022-05-26T20:37:54Z **How an Open Redirection Leads to an Account Takeover?** ⌘ [Read more](https://infosecwriteups.com/how-an-open-redirection-leads-to-an-account-takeover-73ea883055d1?source=rss----7b722bfd1b8d---4) 2022-05-27T09:02:36Z **Firewall Evasion Techniques using Nmap**
[![](https://cdn-images-1.medium.com/max/1400/0*nR0pYXwZKKMcsmR6)](https://infosecwriteups.com/firewall-evasion-techniques-using-nmap-523dd18b1b1c?source=rss----7b722bfd1b8d---4)

Introduction

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/firewall-evasion-techniques-using-nmap-523dd18b1b1c?source=rss----7b722bfd1b8d---4) ⌘ [Read more](https://infosecwriteups.com/firewall-evasion-techniques-using-nmap-523dd18b1b1c?source=rss----7b722bfd1b8d---4) 2022-05-29T04:33:24Z **Hacking GraphQL — Part 1** ⌘ [Read more](https://infosecwriteups.com/hacking-graphql-part-1-61d7a31b30c3?source=rss----7b722bfd1b8d---4) 2022-05-29T04:33:07Z **Bypass the Firewall with SSH Tunnelling** ⌘ [Read more](https://infosecwriteups.com/bypass-the-firewall-with-ssh-tunnelling-711fa78ea97f?source=rss----7b722bfd1b8d---4) 2022-05-29T04:31:40Z **CyberStarters CTF — Gunship** ⌘ [Read more](https://infosecwriteups.com/cyberstarters-ctf-gunship-93c23b3d5f1d?source=rss----7b722bfd1b8d---4) 2022-05-29T13:19:57Z **Learning Linux & InfoSec Principles Using OverTheWire’s Bandit — Part 4** ⌘ [Read more](https://infosecwriteups.com/learning-linux-infosec-principles-using-overthewires-bandit-part-4-69803b6f43ed?source=rss----7b722bfd1b8d---4) 2022-05-30T06:17:04Z **Pen #004: Linux Basics (Part 1)** ⌘ [Read more](https://infosecwriteups.com/pen-4-linux-basics-part-1-8559551db747?source=rss----7b722bfd1b8d---4) 2022-05-30T06:16:54Z **AWS IAM Exploitation Techniques** ⌘ [Read more](https://infosecwriteups.com/aws-iam-exploitation-techniques-565830bf704b?source=rss----7b722bfd1b8d---4) 2022-05-30T06:16:47Z **Anatomy Of Spring4Shell CVE-2022–22965** ⌘ [Read more](https://infosecwriteups.com/anatomy-of-spring4shell-cve-2022-22965-e0df259cef9d?source=rss----7b722bfd1b8d---4) 2022-05-31T13:39:32Z **HackThebox: Lame** ⌘ [Read more](https://infosecwriteups.com/hackthebox-lame-649ae6d39ac6?source=rss----7b722bfd1b8d---4) 2022-05-31T13:39:21Z **Erlik Machine Writeup** ⌘ [Read more](https://infosecwriteups.com/erlik-machine-writeup-4565f27a5695?source=rss----7b722bfd1b8d---4) 2022-05-31T13:39:11Z **Serial Communication with Raspberry Pi Pico in Windows 10/11 via WSL** ⌘ [Read more](https://infosecwriteups.com/serial-communication-with-raspberry-pi-pico-in-windows-10-11-via-wsl-50f93e29e2cb?source=rss----7b722bfd1b8d---4) 2022-05-31T13:38:27Z **Top 5 Hacking Book , Must Read !!** ⌘ [Read more](https://infosecwriteups.com/top-5-hacking-book-must-read-72b37d7f885a?source=rss----7b722bfd1b8d---4) 2022-05-31T13:38:20Z **Persistent Windows 10 and 11 keylogger (keylogiq)** ⌘ [Read more](https://infosecwriteups.com/persistent-windows-10-and-11-keylogger-keylogiq-eada8f2dbf9c?source=rss----7b722bfd1b8d---4) 2022-05-31T13:38:11Z **Zero Day Vulnerability: Chromium v8 js engine issue 1303458 — Use After Free in x64 Instruction…** ⌘ [Read more](https://infosecwriteups.com/zero-day-vulnerability-chromium-v8-js-engine-issue-1303458-use-after-free-in-x64-instruction-e874419436a6?source=rss----7b722bfd1b8d---4) 2022-05-31T14:43:56Z **Tryhackme Pcap Analysis Room Official Writeup** ⌘ [Read more](https://infosecwriteups.com/tryhackme-pcap-analysis-room-official-writeup-5788e5853acf?source=rss----7b722bfd1b8d---4) 2022-05-31T15:41:06Z **SSO: A Secure way for authentication and authorization ?**
[![](https://cdn-images-1.medium.com/max/2600/0*Mp4aBiuz1aTEoDeV)](https://infosecwriteups.com/sso-a-secure-way-for-authentication-and-authorization-6a4fb8794dd6?source=rss----7b722bfd1b8d---4)

Introduction

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/sso-a-secure-way-for-authentication-and-authorization-6a4fb8794dd6?source=rss----7b722bfd1b8d---4) ⌘ [Read more](https://infosecwriteups.com/sso-a-secure-way-for-authentication-and-authorization-6a4fb8794dd6?source=rss----7b722bfd1b8d---4) 2022-05-31T22:35:40Z **Tryhackme linuxloganalysis Writeup** ⌘ [Read more](https://infosecwriteups.com/tryhackme-linuxloganalysis-writeup-8a28fca4ac02?source=rss----7b722bfd1b8d---4) 2022-05-31T22:35:32Z **Tryhackme ramanalysis Writeup** ⌘ [Read more](https://infosecwriteups.com/tryhackme-ramanalysis-writeup-c305dd88f150?source=rss----7b722bfd1b8d---4) 2022-05-31T22:35:27Z **Tryhackme tsharkpcapanalysis Writeup** ⌘ [Read more](https://infosecwriteups.com/tryhackme-tsharkpcapanalysis-writeup-7b9ed3a19ea3?source=rss----7b722bfd1b8d---4) 2022-06-01T09:52:06Z **How I am winning battle with Windows 10 and 11 Security and avoiding detection** ⌘ [Read more](https://infosecwriteups.com/how-i-am-winning-battle-with-windows-10-and-11-security-and-avoiding-detection-6ea9f954b2a7?source=rss----7b722bfd1b8d---4) 2022-06-03T05:36:47Z **Android Pentesting Methodology (Pt. 1)** ⌘ [Read more](https://infosecwriteups.com/android-pentesting-methodology-pt-1-9557f6664307?source=rss----7b722bfd1b8d---4) 2022-06-03T06:50:01Z **Kubernetes 101 | Setting up Kubernetes Cluster Locally**
[![](https://cdn-images-1.medium.com/max/832/1*C5qJjcTuJvY7Xh0hFmwjGQ.png)](https://infosecwriteups.com/kubernetes-101-setting-up-kubernetes-cluster-locally-aa8c34c89862?source=rss----7b722bfd1b8d---4)

This blog is about setting the local Kubernetes cluster for learning & testing using multiple tools like Kind, Minikube, Kubeadm & K3s.

[Continue reading on InfoSec Write-ups »](https://inf ... ⌘ [Read more](https://infosecwriteups.com/kubernetes-101-setting-up-kubernetes-cluster-locally-aa8c34c89862?source=rss----7b722bfd1b8d---4) 2022-06-03T06:49:53Z **Enumeration and lateral movement in GCP environments** ⌘ [Read more](https://infosecwriteups.com/enumeration-and-lateral-movement-in-gcp-environments-c3b82d342794?source=rss----7b722bfd1b8d---4) 2022-06-04T07:56:16Z **Linux Hardening techniques**
[![](https://cdn-images-1.medium.com/max/2600/0*Osq2YkbhVyeraqQC)](https://infosecwriteups.com/linux-hardening-techniques-802b12bebcae?source=rss----7b722bfd1b8d---4)

Introduction

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/linux-hardening-techniques-802b12bebcae?source=rss----7b722bfd1b8d---4) ⌘ [Read more](https://infosecwriteups.com/linux-hardening-techniques-802b12bebcae?source=rss----7b722bfd1b8d---4) 2022-06-04T07:55:31Z **#Part 1 : The reality of modern information security in enterprise around the world.** ⌘ [Read more](https://infosecwriteups.com/part-1-the-reality-of-modern-information-security-in-enterprise-around-the-world-57bcd3feb169?source=rss----7b722bfd1b8d---4) 2022-06-05T07:20:28Z **Creating a backdoor in PAM in 5 line of code** ⌘ [Read more](https://infosecwriteups.com/creating-a-backdoor-in-pam-in-5-line-of-code-e23e99579cd9?source=rss----7b722bfd1b8d---4) 2022-06-05T07:15:57Z **Owasp crAPI: Introducing API Security The Hacker Way** ⌘ [Read more](https://infosecwriteups.com/crapi-api-security-the-hacker-way-7f8402bb6e65?source=rss----7b722bfd1b8d---4) 2022-06-05T07:15:54Z **Testing EDRs for Linux — Things I wish I knew before getting started** ⌘ [Read more](https://infosecwriteups.com/testing-edrs-for-linux-things-i-wish-i-knew-before-getting-started-3ab15112c183?source=rss----7b722bfd1b8d---4) 2022-06-06T11:22:35Z **Pen #005: Linux Basics (Part 2)** ⌘ [Read more](https://infosecwriteups.com/pen-5-linux-basics-part-2-57f8392ea216?source=rss----7b722bfd1b8d---4) 2022-06-07T08:24:36Z **Spring4Shell (SpringShell) Vulnerability** ⌘ [Read more](https://infosecwriteups.com/spring4shell-springshell-vulnerability-7a616e2f20ff?source=rss----7b722bfd1b8d---4) 2022-06-07T08:23:54Z **VLAN Hopping Attack** ⌘ [Read more](https://infosecwriteups.com/vlan-hopping-attack-33a8b109c068?source=rss----7b722bfd1b8d---4) 2022-06-07T08:22:47Z **NoSQL Injection** ⌘ [Read more](https://infosecwriteups.com/hacking-nosql-c07e74d8ce2c?source=rss----7b722bfd1b8d---4) 2022-06-07T08:20:49Z **Hacking Nginx: Best ways** ⌘ [Read more](https://infosecwriteups.com/hacking-nginx-best-ways-7c576cc17ccc?source=rss----7b722bfd1b8d---4) 2022-06-07T08:20:19Z **Capture the Ether — Challenge Writeup**
[![](https://cdn-images-1.medium.com/max/625/1*Q3IFpaR0r5HIzEGUJ8H07A.png)](https://infosecwriteups.com/capture-the-ether-challenge-writeup-b10853807690?source=rss----7b722bfd1b8d---4)

I started concentrating in smart contract security and it is really interesting.

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/capture-the-ether-challenge-writeup-b10853807690?source=rss----7b722bfd1b8d---4) ⌘ [Read more](https://infosecwriteups.com/capture-the-ether-challenge-writeup-b10853807690?source=rss----7b722bfd1b8d---4) 2022-06-07T09:21:10Z **Pandora from HackTheBox — Detailed Walkthrough** ⌘ [Read more](https://infosecwriteups.com/pandora-from-hackthebox-detailed-walkthrough-7d52066e5dc5?source=rss----7b722bfd1b8d---4) 2022-06-08T12:41:10Z **Detecting DNS Tunneling using Spark Structured Streaming**
[![](https://cdn-images-1.medium.com/max/1536/1*3_2FywRePkmco2Q5Cd-U5A.png)](https://infosecwriteups.com/detecting-dns-tunneling-using-spark-structured-streaming-c7e2b6af0349?source=rss----7b722bfd1b8d---4)

From generating DNS logs to end-to-end implementation of structured streaming

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/detecting-dns-tunneling-using- ... ⌘ [Read more](https://infosecwriteups.com/detecting-dns-tunneling-using-spark-structured-streaming-c7e2b6af0349?source=rss----7b722bfd1b8d---4) 2022-06-10T06:46:35Z **[BugBounty] Tips to Find Stored XSS**
[![](https://cdn-images-1.medium.com/max/600/1*Q4FqFV_y2V7Ue3CDEnU13A.png)](https://infosecwriteups.com/bugbounty-tips-to-find-stored-xss-9995814d353f?source=rss----7b722bfd1b8d---4)

Intro

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/bugbounty-tips-to-find-stored-xss-9995814d353f?source=rss----7b722bfd1b8d---4) ⌘ [Read more](https://infosecwriteups.com/bugbounty-tips-to-find-stored-xss-9995814d353f?source=rss----7b722bfd1b8d---4) 2022-06-10T15:26:46Z **Brainpan 1 WriteUp Tryhackme** ⌘ [Read more](https://infosecwriteups.com/brainpan-1-writeup-tryhackme-ba33c01c4fc4?source=rss----7b722bfd1b8d---4) 2022-06-11T17:14:30Z **[Bug Bounty] How I was able edit AWS’s files from file upload function?** ⌘ [Read more](https://infosecwriteups.com/bug-bounty-how-i-was-able-edit-awss-files-from-file-upload-function-cb33bc3bd3a9?source=rss----7b722bfd1b8d---4) 2022-06-11T18:17:21Z **Timing from HackTheBox — Detailed Walkthrough** ⌘ [Read more](https://infosecwriteups.com/timing-from-hackthebox-detailed-walkthrough-7671466227fd?source=rss----7b722bfd1b8d---4) 2022-06-12T14:01:12Z **TryHackMe: LazyAdmin** ⌘ [Read more](https://infosecwriteups.com/tryhackme-lazyadmin-9441e1240cb7?source=rss----7b722bfd1b8d---4) 2022-06-12T15:03:36Z **Learning More About YAML Deserialization**
[![](https://cdn-images-1.medium.com/max/1600/0*qiKO_Eao27BOQL6_)](https://infosecwriteups.com/learning-more-about-yaml-deserialization-9c08093b4a3d?source=rss----7b722bfd1b8d---4)

Introduction

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/learning-more-about-yaml-deserialization-9c08093b4a3d?source=rss----7b722bfd1b8d---4) ⌘ [Read more](https://infosecwriteups.com/learning-more-about-yaml-deserialization-9c08093b4a3d?source=rss----7b722bfd1b8d---4) 2022-06-13T05:36:09Z **NTLM Authentication in Active Directory** ⌘ [Read more](https://infosecwriteups.com/ntlm-authentication-in-active-directory-b99ea9087519?source=rss----7b722bfd1b8d---4) 2022-06-13T05:35:58Z **How to get started in Cybersecurity in 2022** ⌘ [Read more](https://infosecwriteups.com/how-to-get-started-in-cybersecurity-in-2022-e36bd5732da?source=rss----7b722bfd1b8d---4) 2022-06-14T10:37:34Z **How I found a Critical Bug in Instagram and Got 49500$ Bounty From Facebook** ⌘ [Read more](https://infosecwriteups.com/how-i-found-a-critical-bug-in-instagram-and-got-49500-bounty-from-facebook-626ff2c6a853?source=rss----7b722bfd1b8d---4) 2022-06-15T08:03:44Z **Phishing Domain Detection using Neural Networks**
[![](https://cdn-images-1.medium.com/max/1000/1*quHtZCsfOml6gtt0_FUTmw.jpeg)](https://infosecwriteups.com/phishing-domain-detection-using-neural-networks-b133a6495a78?source=rss----7b722bfd1b8d---4)

Applying neural networks on domain name analysis to detect phishing

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/phishing-domain-detection-using-neural-networks-b133a6495a78?sourc ... ⌘ [Read more](https://infosecwriteups.com/phishing-domain-detection-using-neural-networks-b133a6495a78?source=rss----7b722bfd1b8d---4) 2022-06-15T09:06:06Z **AdmirerToo from HackTheBox — Detailed Walkthrough** ⌘ [Read more](https://infosecwriteups.com/admirertoo-from-hackthebox-detailed-walkthrough-b005ec7a4877?source=rss----7b722bfd1b8d---4) 2022-06-16T16:52:43Z **Attacks on Blockchain** ⌘ [Read more](https://infosecwriteups.com/attacks-on-blockchain-84fac903b20a?source=rss----7b722bfd1b8d---4) 2022-06-17T16:16:06Z **Vulnerabilities in JS based Applications**
[![](https://cdn-images-1.medium.com/max/1400/0*8mbMihOcjOTdVrD7)](https://infosecwriteups.com/vulnerabilities-in-js-based-applications-397e0dc90124?source=rss----7b722bfd1b8d---4)

Introduction

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/vulnerabilities-in-js-based-applications-397e0dc90124?source=rss----7b722bfd1b8d---4) ⌘ [Read more](https://infosecwriteups.com/vulnerabilities-in-js-based-applications-397e0dc90124?source=rss----7b722bfd1b8d---4) 2022-06-19T14:56:45Z **LDAP in Active Directory** ⌘ [Read more](https://infosecwriteups.com/ldap-in-active-directory-f0de5729f72f?source=rss----7b722bfd1b8d---4) 2022-06-21T08:21:08Z **Kubernetes Security Policy Enforcement — OPA** ⌘ [Read more](https://infosecwriteups.com/kubernetes-security-policy-enforcement-opa-70975ec51272?source=rss----7b722bfd1b8d---4) 2022-06-21T08:20:59Z **Google Dorks: An Advanced Hacking Tool** ⌘ [Read more](https://infosecwriteups.com/google-dorks-an-advanced-hacking-tool-a523c4996279?source=rss----7b722bfd1b8d---4) 2022-06-21T08:20:42Z **Create a Hidden IRC Server with The Onion Router (TOR)** ⌘ [Read more](https://infosecwriteups.com/create-a-hidden-irc-server-with-the-onion-router-tor-c839e3a81d78?source=rss----7b722bfd1b8d---4) 2022-06-21T13:58:30Z **HacktheBox Writeup: Paper** ⌘ [Read more](https://infosecwriteups.com/hackthebox-writeup-paper-5a13adfcc549?source=rss----7b722bfd1b8d---4) 2022-06-21T14:36:39Z **Telangana, Andhra Pradesh, Karnataka, Himachal Pradesh & Kerala — All Government bus services were…** ⌘ [Read more](https://infosecwriteups.com/telangana-andhra-pradesh-karnataka-himachal-pradesh-kerala-all-government-bus-services-were-885b44c21a?source=rss----7b722bfd1b8d---4) 2022-06-21T15:03:25Z **What are supply chains and they security**
[![](https://cdn-images-1.medium.com/max/1400/0*FstMp3fX0oEzs5Eu)](https://infosecwriteups.com/what-are-supply-chains-and-they-security-8295f437061f?source=rss----7b722bfd1b8d---4)

What are Supply Chains Attacks

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/what-are-supply-chains-and-they-security-8295f437061f?source=rss----7b722bfd1b8d---4) ⌘ [Read more](https://infosecwriteups.com/what-are-supply-chains-and-they-security-8295f437061f?source=rss----7b722bfd1b8d---4) 2022-06-21T15:53:06Z **Infosec Weekly #2 — Docker, Google Dorks, Bug Bounty and other interesting Infosec stuff.** ⌘ [Read more](https://infosecwriteups.com/https-weekly-infosecwriteups-com-infosec-weekly-2-an-in-depth-79c080c14f5e?source=rss----7b722bfd1b8d---4) 2022-06-23T18:23:13Z **Why is the Zero Trust Security Model Effective?** ⌘ [Read more](https://infosecwriteups.com/why-is-the-zero-trust-security-model-effective-93e853bee9c5?source=rss----7b722bfd1b8d---4) 2022-06-23T19:27:54Z **Information Leak: Posted, Discovered & Misused! How easy for Criminals to get your data?** ⌘ [Read more](https://infosecwriteups.com/information-leak-posted-discovered-misused-how-easy-for-criminals-to-get-your-data-7a83b39f9df7?source=rss----7b722bfd1b8d---4) 2022-06-25T09:09:00Z **Meta from HackTheBox — Detailed Walkthrough** ⌘ [Read more](https://infosecwriteups.com/meta-from-hackthebox-detailed-walkthrough-a26925443ab7?source=rss----7b722bfd1b8d---4) 2022-06-27T15:31:51Z **Analyzing CVE-2022–22980 to discover a real exploitable path in the source code review process with…** ⌘ [Read more](https://infosecwriteups.com/analyzing-cve-2022-22980-to-discover-a-real-exploitable-path-in-the-source-code-review-process-with-145d97717656?source=rss----7b722bfd1b8d---4) 2022-06-27T15:31:43Z **How i was able to takeover 3 Subdomains of an Organization via Shopify?** ⌘ [Read more](https://infosecwriteups.com/how-i-was-able-to-takeover-3-shopify-subdomains-of-an-organization-867141854d37?source=rss----7b722bfd1b8d---4) 2022-06-27T15:30:36Z **Getting Your First Bug (Part II)** ⌘ [Read more](https://infosecwriteups.com/getting-your-first-bug-part-ii-f7081a027f71?source=rss----7b722bfd1b8d---4) 2022-06-27T17:17:57Z **IW Weekly #3: SQL Injection, Data Exfiltration, Log Poisoning, Blind XSS, and more.** ⌘ [Read more](https://infosecwriteups.com/iw-weekly-3-sql-injection-data-exfiltration-log-poisoning-blind-xss-and-more-bb98cd5523f?source=rss----7b722bfd1b8d---4) 2022-06-28T09:21:18Z **Make a Self-Replicating Virus in Python** ⌘ [Read more](https://infosecwriteups.com/make-a-self-replicating-virus-in-python-bb29404e3f6b?source=rss----7b722bfd1b8d---4) 2022-06-28T09:20:40Z **Learning More about File Upload Vulnerabilities**
[![](https://cdn-images-1.medium.com/max/1400/0*tia56VnJ3cTu8KmT)](https://infosecwriteups.com/learning-more-about-file-upload-vulnerabilities-1833bed29f5d?source=rss----7b722bfd1b8d---4)

The vulnerability associated with file uploads is well-known and considered to be of high severity. This vulnerability exists because the…

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/learni ... ⌘ [Read more](https://infosecwriteups.com/learning-more-about-file-upload-vulnerabilities-1833bed29f5d?source=rss----7b722bfd1b8d---4) 2022-06-29T10:03:19Z **HTML and Hyperlink Injection via Share Option In Microsoft Onenote Application**
[![](https://cdn-images-1.medium.com/max/2600/1*ZDW696xGKELspXP6bhWs9A.png)](https://infosecwriteups.com/html-and-hyperlink-injection-via-share-option-in-microsoft-onenote-application-47e94d0e6478?source=rss----7b722bfd1b8d---4)

Hyperlink Injection it’s when attacker injecting a malicious link when sending an email invitation.

[Continue re ... ⌘ [Read more](https://infosecwriteups.com/html-and-hyperlink-injection-via-share-option-in-microsoft-onenote-application-47e94d0e6478?source=rss----7b722bfd1b8d---4) 2022-06-29T12:39:14Z **Text Based Injection | Content Spoofing on ISRO Website** ⌘ [Read more](https://infosecwriteups.com/text-based-injection-content-spoofing-96e9eb1615d8?source=rss----7b722bfd1b8d---4) 2022-06-29T16:34:19Z **IW Weekly #4: BITB Attack, Hackthebox Walkthrough, Twitter Link Takeover, and more.** ⌘ [Read more](https://infosecwriteups.com/iw-weekly-4-bitb-attack-hackthebox-walkthrough-twitter-link-takeover-and-more-d7909993ecc7?source=rss----7b722bfd1b8d---4) 2022-06-30T16:14:29Z **All About String in Python** ⌘ [Read more](https://infosecwriteups.com/all-about-string-in-python-b13d2306029f?source=rss----7b722bfd1b8d---4) 2022-06-30T16:51:25Z **Choosing your job role in cybersecurity** ⌘ [Read more](https://infosecwriteups.com/choosing-your-job-role-in-cybersecurity-75ab920285a0?source=rss----7b722bfd1b8d---4) 2022-07-01T07:46:50Z **Let’s Understand SSRF vulnerability**
[![](https://cdn-images-1.medium.com/max/1400/0*ng8Lok1fxomlENRU)](https://infosecwriteups.com/lets-understand-ssrf-vulnerability-6f1d28b228f9?source=rss----7b722bfd1b8d---4)

Introduction

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/lets-understand-ssrf-vulnerability-6f1d28b228f9?source=rss----7b722bfd1b8d---4) ⌘ [Read more](https://infosecwriteups.com/lets-understand-ssrf-vulnerability-6f1d28b228f9?source=rss----7b722bfd1b8d---4) 2022-07-01T12:42:40Z **IW Weekly #5: Account Takeover, Recon, Ransomware Creation, and more.** ⌘ [Read more](https://infosecwriteups.com/iw-weekly-5-account-takeover-recon-ransomware-creation-and-more-9b662e6e0c88?source=rss----7b722bfd1b8d---4) 2022-07-03T15:48:36Z **A swag for a Open Redirect — Google Dork — Bug Bounty**
[![](https://cdn-images-1.medium.com/max/2000/1*Rli0gKZWWLdQktrxLGFOhw.png)](https://infosecwriteups.com/a-swag-for-a-open-redirect-google-dork-bug-bounty-2143b943f34e?source=rss----7b722bfd1b8d---4)

Hello Folks 👋,I have found a good open redirect with my param scanner. I will tell you here how I found it and what kind of swag I got…

[Continue reading on InfoSec Write-ups »](https://infosecwr ... ⌘ [Read more](https://infosecwriteups.com/a-swag-for-a-open-redirect-google-dork-bug-bounty-2143b943f34e?source=rss----7b722bfd1b8d---4) 2022-07-03T15:47:39Z **DNS in Active Directory** ⌘ [Read more](https://infosecwriteups.com/dns-in-active-directory-dcb93b10c3f3?source=rss----7b722bfd1b8d---4) 2022-07-04T14:27:29Z **CVE-2022–32511 | Exploit | Remote Code Execution** ⌘ [Read more](https://infosecwriteups.com/cve-2022-32511-exploit-remote-code-execution-daeffdc94219?source=rss----7b722bfd1b8d---4) 2022-07-06T06:53:28Z **Undetected from HackTheBox — Detailed Walkthrough** ⌘ [Read more](https://infosecwriteups.com/undetected-from-hackthebox-detailed-walkthrough-82847eadf7a7?source=rss----7b722bfd1b8d---4) 2022-07-07T07:21:05Z **Annie From TryHackme** ⌘ [Read more](https://infosecwriteups.com/annie-from-tryhackme-edfea2b78eb5?source=rss----7b722bfd1b8d---4) 2022-07-07T10:32:15Z **W Weekly #6: Bypassing 2FA, Steghide Challenges, PEStudio Walkthrough, and more…** ⌘ [Read more](https://infosecwriteups.com/w-weekly-6-bypassing-2fa-steghide-challenges-pestudio-walkthrough-and-more-1688a8e24b09?source=rss----7b722bfd1b8d---4) 2022-07-08T11:58:22Z **Let’s Learn about Cookie and Its Security**
[![](https://cdn-images-1.medium.com/max/1400/0*dbMwNM_xNhn7DoIZ)](https://infosecwriteups.com/lets-learn-about-cookie-and-its-security-f6d349f2ccc0?source=rss----7b722bfd1b8d---4)

Introduction

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/lets-learn-about-cookie-and-its-security-f6d349f2ccc0?source=rss----7b722bfd1b8d---4) ⌘ [Read more](https://infosecwriteups.com/lets-learn-about-cookie-and-its-security-f6d349f2ccc0?source=rss----7b722bfd1b8d---4) 2022-07-09T11:38:04Z **IW Weekly #7: Facebook account takeover, Java Deserialization, SSRF, and more…** ⌘ [Read more](https://infosecwriteups.com/https-weekly-infosecwriteups-com-iw-weekly-7-facebook-account-takeover-java-deserialization-ssrf-and-more-adb10046c646?source=rss----7b722bfd1b8d---4) 2022-07-09T19:30:08Z **Exposing Millions of Voter ID card user’s details.** ⌘ [Read more](https://infosecwriteups.com/exposing-millions-of-voter-id-card-users-details-8a993c9a5d35?source=rss----7b722bfd1b8d---4) 2022-07-09T19:29:59Z **Docker: Creating a Pivoting Lab and Exploiting it** ⌘ [Read more](https://infosecwriteups.com/docker-creating-a-pivoting-lab-and-exploiting-it-a66646dc2cf3?source=rss----7b722bfd1b8d---4) 2022-07-09T19:29:02Z **HackTheBox Writeup: RouterSpace** ⌘ [Read more](https://infosecwriteups.com/hackthebox-writeup-routerspace-d0a4d5c1ce78?source=rss----7b722bfd1b8d---4) 2022-07-09T19:28:54Z **How I Hacked My College Server?** ⌘ [Read more](https://infosecwriteups.com/how-i-hacked-my-college-server-738f038712c3?source=rss----7b722bfd1b8d---4) 2022-07-09T20:32:24Z **RouterSpace From Hackthebox** ⌘ [Read more](https://infosecwriteups.com/routerspace-from-hackthebox-74de4a9ba988?source=rss----7b722bfd1b8d---4) 2022-07-10T16:31:46Z **Hunting malwares with Yara** ⌘ [Read more](https://infosecwriteups.com/hunting-malwares-with-yara-6b451b2ad1a8?source=rss----7b722bfd1b8d---4) 2022-07-10T17:32:06Z **Sandboxing python modules in your code** ⌘ [Read more](https://infosecwriteups.com/sandboxing-python-modules-in-your-code-1e590d71fc26?source=rss----7b722bfd1b8d---4) 2022-07-11T11:18:10Z **IW Weekly #8: Cloudflare WAF, OAuth, TLS Fingerprinting, Talosplus, and more…** ⌘ [Read more](https://infosecwriteups.com/https-weekly-infosecwriteups-com-iw-weekly-8-2b8f40c888e3?source=rss----7b722bfd1b8d---4) 2022-07-13T11:22:37Z **‍IW Weekly #9: Web3 Hacking, Leveraging Google Dorks, Python Flaws, and more…** ⌘ [Read more](https://infosecwriteups.com/https-weekly-infosecwriteups-com-iw-weekly-9-web3-hacking-leveraging-google-dorks-python-flaws-and-more-c230c4b6fea3?source=rss----7b722bfd1b8d---4) 2022-07-14T14:35:30Z **Let’s talk about buffer overflow**
[![](https://cdn-images-1.medium.com/max/2240/1*D89RU58NsgWw2ohreS_7Fg.png)](https://infosecwriteups.com/lets-talk-about-buffer-overflow-54764101030b?source=rss----7b722bfd1b8d---4)

A buffer overflow, or buffer overrun, occurs when more data is put into a fixed-length buffer than the buffer can handle.

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/lets-talk-about-buffer-overflow-54764101030b?source=rss----7 ... ⌘ [Read more](https://infosecwriteups.com/lets-talk-about-buffer-overflow-54764101030b?source=rss----7b722bfd1b8d---4) 2022-07-14T15:37:10Z **Understanding and Bypassing Rate Limiting's**
[![](https://cdn-images-1.medium.com/max/1400/0*g42Mdx-kCUyeC1lc)](https://infosecwriteups.com/understanding-and-bypassing-rate-limitings-7c99a1252635?source=rss----7b722bfd1b8d---4)

Introduction

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/understanding-and-bypassing-rate-limitings-7c99a1252635?source=rss----7b722bfd1b8d---4) ⌘ [Read more](https://infosecwriteups.com/understanding-and-bypassing-rate-limitings-7c99a1252635?source=rss----7b722bfd1b8d---4) 2022-07-15T08:05:11Z **WiFi Hacking Week Pt. 4 — Evil Twin Attacks** ⌘ [Read more](https://infosecwriteups.com/wifi-hacking-week-pt-4-evil-twin-attacks-63f79a800206?source=rss----7b722bfd1b8d---4) 2022-07-15T08:04:58Z **Android WebView Hacking — Enable WebView Debugging** ⌘ [Read more](https://infosecwriteups.com/android-webview-hacking-enable-webview-debugging-d292b53f7a63?source=rss----7b722bfd1b8d---4) 2022-07-15T11:07:58Z **‍IW Weekly #10: 5 Articles, 4 Threads, 3 Videos, 2 Github Repos, 1 Job Alert** ⌘ [Read more](https://infosecwriteups.com/https-weekly-infosecwriteups-com-iw-weekly-10-5-articles-4-threads-3-videos-2-github-repos-1-job-alert-2ebff2c27f80?source=rss----7b722bfd1b8d---4) 2022-07-16T09:32:33Z **RouterSpace from HackTheBox — Detailed Walkthrough** ⌘ [Read more](https://infosecwriteups.com/routerspace-from-hackthebox-detailed-walkthrough-d40c22ad9d7c?source=rss----7b722bfd1b8d---4) 2022-07-17T17:14:30Z **FFUF-ing RECON**
[![](https://cdn-images-1.medium.com/max/720/1*o29QbJycAhYssrg274Fz5w.png)](https://infosecwriteups.com/ffuf-ing-recon-1ee4e79b3256?source=rss----7b722bfd1b8d---4)

, or how to get to P1–P3 from a slightly different recon

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/ffuf-ing-recon-1ee4e79b3256?source=rss----7b722bfd1b8d---4) ⌘ [Read more](https://infosecwriteups.com/ffuf-ing-recon-1ee4e79b3256?source=rss----7b722bfd1b8d---4) 2022-07-17T18:17:17Z **Finding 0-days in Enterprise Application** ⌘ [Read more](https://infosecwriteups.com/finding-0-days-in-enterprise-application-471a409ade8d?source=rss----7b722bfd1b8d---4) 2022-07-19T05:15:27Z **Good things takes time | Story of my first “valid” critical bug!** ⌘ [Read more](https://infosecwriteups.com/story-of-my-first-valid-critical-bug-22029115f8d7?source=rss----7b722bfd1b8d---4) 2022-07-19T05:13:12Z **Hacking Facebook Invoice: How I could’ve bought anything for Free from Facebook Business Pages** ⌘ [Read more](https://infosecwriteups.com/hacking-facebook-invoice-how-i-couldve-bought-anything-for-free-from-facebook-business-pages-42bcfaa73ec4?source=rss----7b722bfd1b8d---4) 2022-07-20T07:03:19Z **TryHackMe — Offensive Security** ⌘ [Read more](https://infosecwriteups.com/tryhackme-offensive-security-a5ed067ca234?source=rss----7b722bfd1b8d---4) 2022-07-20T07:03:08Z **Paper from HackTheBox — Detailed Walkthrough** ⌘ [Read more](https://infosecwriteups.com/paper-from-hackthebox-detailed-walkthrough-8afa8de0ff3e?source=rss----7b722bfd1b8d---4) 2022-07-20T07:37:45Z **File Permissions in Linux** ⌘ [Read more](https://infosecwriteups.com/file-permissions-in-linux-8d35ed810a23?source=rss----7b722bfd1b8d---4) 2022-07-21T06:15:16Z **HTB-Business CTF** ⌘ [Read more](https://infosecwriteups.com/htb-business-ctf-e388db78649?source=rss----7b722bfd1b8d---4) 2022-07-22T05:33:36Z **TryHackMe — Antivirus** ⌘ [Read more](https://infosecwriteups.com/tryhackme-antivirus-2c69a4b3e26e?source=rss----7b722bfd1b8d---4) 2022-07-22T06:38:25Z **A Lab for Practicing Azure Service Principal Abuse** ⌘ [Read more](https://infosecwriteups.com/a-lab-for-practicing-azure-service-principal-abuse-bd000e6c48eb?source=rss----7b722bfd1b8d---4) 2022-07-22T10:42:19Z **The more predictable you are, the less you get detected — hiding malicious shellcodes via Shannon…** ⌘ [Read more](https://infosecwriteups.com/the-more-predictable-you-are-the-less-you-get-detected-hiding-malicious-shellcodes-via-shannon-111a83fe60e4?source=rss----7b722bfd1b8d---4) 2022-07-22T11:47:05Z **Let’s Understand Path Traversal Vulnerabilities**
[![](https://cdn-images-1.medium.com/max/1400/0*cFk5Ddgy1dOcaS8o)](https://infosecwriteups.com/lets-understand-path-traversal-vulnerabilities-e4263dcb4e39?source=rss----7b722bfd1b8d---4)

Introduction

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/lets-understand-path-traversal-vulnerabilities-e4263dcb4e39?source=rss----7b722bfd1b8d---4) ⌘ [Read more](https://infosecwriteups.com/lets-understand-path-traversal-vulnerabilities-e4263dcb4e39?source=rss----7b722bfd1b8d---4) 2022-07-22T15:53:26Z **How Malicious Hackers Can Takeover Your Headless Browser: Part 1** ⌘ [Read more](https://infosecwriteups.com/how-malicious-hackers-can-takeover-your-headless-browser-part-1-bcab9e3a2f9c?source=rss----7b722bfd1b8d---4) 2022-07-22T15:53:10Z **How Malicious Hackers Can Takeover Your Headless Browser: Part 2** ⌘ [Read more](https://infosecwriteups.com/how-malicious-hackers-can-takeover-your-headless-browser-part-2-e56fe87b567b?source=rss----7b722bfd1b8d---4) 2022-07-22T15:52:57Z **Don’t let evil hackers abuse this simple Flask/Jinja2 mistake** ⌘ [Read more](https://infosecwriteups.com/walkthrough-templated-hack-the-box-web-challenge-defc45ebbf01?source=rss----7b722bfd1b8d---4) 2022-07-23T07:19:47Z **I mean, IDOR is NOT only about others ID** ⌘ [Read more](https://infosecwriteups.com/i-mean-idor-is-not-only-about-others-id-2d26115072ba?source=rss----7b722bfd1b8d---4) 2022-07-23T07:19:34Z **How to NOT keep your Active Directory safe.** ⌘ [Read more](https://infosecwriteups.com/walkthrough-phonebook-hack-the-box-web-challenge-b853924b5542?source=rss----7b722bfd1b8d---4) 2022-07-23T07:19:22Z **This one trick will exploit URL parsers to perform SSRF** ⌘ [Read more](https://infosecwriteups.com/walkthrough-weather-app-hack-the-box-web-challenge-34b0c930dfca?source=rss----7b722bfd1b8d---4) 2022-07-23T07:19:10Z **This is why you should NEVER use the eval() function — RCE!** ⌘ [Read more](https://infosecwriteups.com/walkthrough-lovetok-hack-the-box-web-challenge-430c44f6a0c9?source=rss----7b722bfd1b8d---4) 2022-07-23T07:18:39Z **Be Careful of User Input. You will get hacked.** ⌘ [Read more](https://infosecwriteups.com/walkthrough-toxic-hack-the-box-web-challenge-de8badbded86?source=rss----7b722bfd1b8d---4) 2022-07-23T07:18:19Z **Beware of Ghosts!! — when CVE-2018–16509 leads to Remote Code Execution.** ⌘ [Read more](https://infosecwriteups.com/walkthrough-petpet-rcbee-hack-the-box-web-challenge-e0f23fe487a6?source=rss----7b722bfd1b8d---4) 2022-07-23T13:12:09Z **Un3xpected DoS Attack on Profile Pictur3** ⌘ [Read more](https://infosecwriteups.com/un3xpected-dos-attack-on-profile-pictur3-b957979dcc7?source=rss----7b722bfd1b8d---4) 2022-07-24T08:19:23Z **Pivoting Techniques with THM Wreath** ⌘ [Read more](https://infosecwriteups.com/pivoting-techniques-with-thm-wreath-95fecba1b580?source=rss----7b722bfd1b8d---4) 2022-07-24T09:22:45Z **How I chained multiple CVEs and other web vulnerabilities during a past Red Team Op to pwn the** ⌘ [Read more](https://infosecwriteups.com/how-i-chained-multiple-cves-and-other-web-vulnerabilities-during-a-past-red-team-op-to-pwn-the-77274ef6b7e3?source=rss----7b722bfd1b8d---4) 2022-07-25T08:26:56Z **This is why you should ALWAYS check for Race Conditions (even in JavaScript)** ⌘ [Read more](https://infosecwriteups.com/this-is-why-you-should-always-check-for-race-conditions-even-in-javascript-410b6021ad1a?source=rss----7b722bfd1b8d---4) 2022-07-26T09:06:11Z **Mail Server Misconfiguration leads to sending a fax from anyone’s account on HelloFax (Dropbox BBP)…** ⌘ [Read more](https://infosecwriteups.com/mail-server-misconfiguration-leads-to-sending-a-fax-from-anyones-account-on-hellofax-dropbox-bbp-aab3d97ab4e7?source=rss----7b722bfd1b8d---4) 2022-07-26T10:12:43Z **You MUST sanitize PHP mail() inputs — or else RCE!** ⌘ [Read more](https://infosecwriteups.com/you-must-sanitize-php-mail-inputs-or-else-rce-7ac7ba906dca?source=rss----7b722bfd1b8d---4) 2022-07-26T11:06:06Z **IW Weekly #11: Hacking Nginx, eJPT2.0, Free Hacking Resources, OWASP API, and more** ⌘ [Read more](https://infosecwriteups.com/iw-weekly-11-hacking-nginx-ejpt2-0-free-hacking-resources-owasp-api-and-more-642045883c0?source=rss----7b722bfd1b8d---4) 2022-07-27T07:22:45Z **How a Race Condition made these crypto hackers $5000 bug bounty** ⌘ [Read more](https://infosecwriteups.com/how-a-race-condition-made-these-crypto-hackers-5000-bug-bounty-a72158a472a8?source=rss----7b722bfd1b8d---4) 2022-07-27T14:26:22Z **Catch from HackTheBox — Detailed Walkthrough** ⌘ [Read more](https://infosecwriteups.com/catch-from-hackthebox-detailed-walkthrough-d0ad7cf318b3?source=rss----7b722bfd1b8d---4) 2022-07-28T08:04:48Z **Why this SIMPLE mistake earned a $5000 bug bounty from Reddit** ⌘ [Read more](https://infosecwriteups.com/why-this-simple-mistake-earned-a-5000-bug-bounty-from-reddit-d906cb46c60e?source=rss----7b722bfd1b8d---4) 2022-07-28T08:03:25Z **How to Install Elastic Stack on Ubuntu 22.04 LTS** ⌘ [Read more](https://infosecwriteups.com/how-to-install-elastic-stack-on-ubuntu-22-04-lts-a2f1b00eced?source=rss----7b722bfd1b8d---4) 2022-07-29T11:51:51Z **How this team accidentally found a SSRF in Slack exposing AWS credentials! A $4000 bug bounty** ⌘ [Read more](https://infosecwriteups.com/how-this-team-accidentally-found-a-ssrf-in-slack-exposing-aws-credentials-a-4000-bug-bounty-513be19286e?source=rss----7b722bfd1b8d---4) 2022-07-29T12:21:36Z **IW Weekly #12: $O to $150,000/month mindset, Zoom RCE, Abusing FB Features, Bypass CSRF Protection…** ⌘ [Read more](https://infosecwriteups.com/iw-weekly-12-o-to-150-000-month-mindset-zoom-rce-abusing-fb-features-bypass-csrf-protection-abf86efeca5e?source=rss----7b722bfd1b8d---4) 2022-07-30T08:38:16Z **GSuite domain takeover through delegation** ⌘ [Read more](https://infosecwriteups.com/gsuite-domain-takeover-through-delegation-9d6664c91142?source=rss----7b722bfd1b8d---4) 2022-08-01T06:27:29Z **Cybersecurity Learning Path** ⌘ [Read more](https://infosecwriteups.com/cybersecurity-learning-path-19f64f6a547e?source=rss----7b722bfd1b8d---4) 2022-08-01T06:27:00Z **Zero-day XSS** ⌘ [Read more](https://infosecwriteups.com/zero-day-xss-309916922ea6?source=rss----7b722bfd1b8d---4) 2022-08-01T06:24:18Z **Why this EASY vulnerability resulted in a $20,000 bug bounty from GitLab**
[![](https://cdn-images-1.medium.com/max/1420/1*q8df8dhpfcAcknz5iHA78A.png)](https://infosecwriteups.com/how-this-easy-vulnerability-resulted-in-a-20-000-bug-bounty-from-gitlab-d9dc9312c10a?source=rss----7b722bfd1b8d---4)

The hidden dangers of numerical IDs

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/how-this-easy-vulnerabilit ... ⌘ [Read more](https://infosecwriteups.com/how-this-easy-vulnerability-resulted-in-a-20-000-bug-bounty-from-gitlab-d9dc9312c10a?source=rss----7b722bfd1b8d---4) 2022-08-01T06:24:05Z **This SIMPLE vulnerability in Shopify earned a $2500 bug bounty**
[![](https://cdn-images-1.medium.com/max/1308/1*Wdq44-jgI1mZFiwv_tv3sg.png)](https://infosecwriteups.com/this-simple-vulnerability-in-shopify-earned-a-2500-bug-bounty-25f0b8358012?source=rss----7b722bfd1b8d---4)

Don’t forget to check for user access rights

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/this-simple-vulnerability-in-shopify-earned-a-2 ... ⌘ [Read more](https://infosecwriteups.com/this-simple-vulnerability-in-shopify-earned-a-2500-bug-bounty-25f0b8358012?source=rss----7b722bfd1b8d---4) 2022-08-01T08:13:03Z **IW Weekly #13: 1000s of user tokens exposed, pre-auth RCEs in Oracle, AWS Misconfigurations, IDOR…** ⌘ [Read more](https://infosecwriteups.com/iw-weekly-13-1000s-of-user-tokens-exposed-pre-auth-rces-in-oracle-aws-misconfigurations-idor-46d1771fdbd6?source=rss----7b722bfd1b8d---4) 2022-08-02T10:56:51Z **Learn SQL injection in practice by hacking vulnerable application! — StackZero** ⌘ [Read more](https://infosecwriteups.com/learn-sql-injection-in-practice-by-hacking-vulnerable-application-stackzero-ef7931c72aec?source=rss----7b722bfd1b8d---4) 2022-08-02T10:54:48Z **How to Setup BurpSuite on Linux** ⌘ [Read more](https://infosecwriteups.com/how-to-setup-burpsuite-on-linux-350d17780fdb?source=rss----7b722bfd1b8d---4) 2022-08-02T10:50:50Z **Is CSRF really dead? Examining Stripe’s $5000 CSRF bug bounty.**
[![](https://cdn-images-1.medium.com/max/1272/1*DUBayO9EToMxhGPHDsObUg.png)](https://infosecwriteups.com/is-csrf-really-dead-examining-stripes-5000-csrf-bug-bounty-37bbd6631de3?source=rss----7b722bfd1b8d---4)

Testing for CSRF can be worth it.

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/is-csrf-really-dead-examining-stripes-5000-csrf-bug-bounty-37bbd ... ⌘ [Read more](https://infosecwriteups.com/is-csrf-really-dead-examining-stripes-5000-csrf-bug-bounty-37bbd6631de3?source=rss----7b722bfd1b8d---4) 2022-08-03T06:16:08Z **IW Weekly #14: $1M bounty, bug bounty tips, upcoming CTF events, API attacks, bypassing .NET,** ⌘ [Read more](https://infosecwriteups.com/iw-weekly-14-1m-bounty-bug-bounty-tips-upcoming-ctf-events-api-attacks-bypassing-net-2f6ed3439976?source=rss----7b722bfd1b8d---4) 2022-08-03T12:44:44Z **Cyber Security Detection Frameworks** ⌘ [Read more](https://infosecwriteups.com/cyber-security-detection-frameworks-b5fec0c93195?source=rss----7b722bfd1b8d---4) 2022-08-03T12:44:35Z **Abusing URL Shortners for fun and profit**
[![](https://cdn-images-1.medium.com/max/2600/0*EfOdlUz3Y7H7EHn6)](https://infosecwriteups.com/abusing-url-shortners-for-fun-and-profit-c83c67713916?source=rss----7b722bfd1b8d---4)

Hello Security Researchers

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/abusing-url-shortners-for-fun-and-profit-c83c67713916?source=rss----7b722bfd1b8d---4) ⌘ [Read more](https://infosecwriteups.com/abusing-url-shortners-for-fun-and-profit-c83c67713916?source=rss----7b722bfd1b8d---4) 2022-08-03T12:44:21Z **Multiple bugs in one program leads to 1500€** ⌘ [Read more](https://infosecwriteups.com/multiple-bugs-in-one-program-leads-to-1500-c35fcde06bc7?source=rss----7b722bfd1b8d---4) 2022-08-04T11:34:14Z **Intro to Digital Forensics** ⌘ [Read more](https://infosecwriteups.com/intro-to-digital-forensics-f41093f37a05?source=rss----7b722bfd1b8d---4) 2022-08-04T11:34:03Z **This is how he could hijack Reddit accounts with just ONE click: a $10,000 bug bounty**
[![](https://cdn-images-1.medium.com/max/1306/1*9UKYd90liOFnN5aVSVE1YA.png)](https://infosecwriteups.com/this-is-how-he-could-hijack-reddit-accounts-with-just-one-click-a-10-000-bug-bounty-7fd8d54d5582?source=rss----7b722bfd1b8d---4)

Exploring Frans Rosén’s bypass of OAuth security

[Continue reading on InfoSec Write-ups »](http ... ⌘ [Read more](https://infosecwriteups.com/this-is-how-he-could-hijack-reddit-accounts-with-just-one-click-a-10-000-bug-bounty-7fd8d54d5582?source=rss----7b722bfd1b8d---4) 2022-08-04T12:37:43Z **A Multi-Layered Security Architecture for Databases** ⌘ [Read more](https://infosecwriteups.com/a-multi-layered-security-architecture-for-databases-3d2b3a60070f?source=rss----7b722bfd1b8d---4) 2022-08-04T17:22:10Z **Analyzing a Remcos RAT Infection** ⌘ [Read more](https://infosecwriteups.com/analyzing-a-remcos-rat-infection-5c9b6bfd7139?source=rss----7b722bfd1b8d---4) 2022-08-05T04:58:25Z **HTB — Dirty Money — Debugger Unchained Write Up** ⌘ [Read more](https://infosecwriteups.com/htb-dirty-money-debugger-unchained-write-up-e831a83941e6?source=rss----7b722bfd1b8d---4) 2022-08-05T04:57:32Z **Malware Traffic Analysis Exercise | Burnincandle | IcedID Malware** ⌘ [Read more](https://infosecwriteups.com/malware-traffic-analysis-exercise-burnincandle-icedid-malware-67e78ef1d46c?source=rss----7b722bfd1b8d---4) 2022-08-05T11:04:56Z **What do we learn from modern Cyber Warfare & State Sponsored Threats (SCADA & ICS)** ⌘ [Read more](https://infosecwriteups.com/what-do-we-learn-from-the-modern-cyber-warfare-state-sponsored-threats-scada-ics-32d224288934?source=rss----7b722bfd1b8d---4) 2022-08-05T12:07:14Z **Let’s Learn API Security: More about Broken Object Level Authorization**
[![](https://cdn-images-1.medium.com/max/1400/0*MzF39G_22FLWCQ4N)](https://infosecwriteups.com/lets-learn-api-security-more-about-broken-object-level-authorization-b5fd1d73e0d8?source=rss----7b722bfd1b8d---4)

Introduction

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/lets-learn-api-security-more-about-broken-object-level-authorizatio ... ⌘ [Read more](https://infosecwriteups.com/lets-learn-api-security-more-about-broken-object-level-authorization-b5fd1d73e0d8?source=rss----7b722bfd1b8d---4) 2022-08-06T05:22:32Z **Another day, Another IDOR vulnerability— $5000 Reddit Bug Bounty**
[![](https://cdn-images-1.medium.com/max/1828/1*R8GhyIN5OvOdH1gP8cu0eQ.png)](https://infosecwriteups.com/another-day-another-idor-vulnerability-5000-reddit-bug-bounty-22a75003d999?source=rss----7b722bfd1b8d---4)

Gaining unprivileged access to Reddit moderator logs

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/another-day-another-idor-vulnerabilit ... ⌘ [Read more](https://infosecwriteups.com/another-day-another-idor-vulnerability-5000-reddit-bug-bounty-22a75003d999?source=rss----7b722bfd1b8d---4) 2022-08-06T06:21:05Z **How i was able to get 29 free products. | Bug Bounty** ⌘ [Read more](https://infosecwriteups.com/how-i-was-able-to-get-29-free-products-bug-bounty-845667ab4ad4?source=rss----7b722bfd1b8d---4) 2022-08-06T11:32:05Z **Smart contract security best practices: PART 1** ⌘ [Read more](https://infosecwriteups.com/smart-contract-security-best-practices-part-1-c35b640ee2ff?source=rss----7b722bfd1b8d---4) 2022-08-06T11:31:56Z **Post-Exploitation Basics In Active Directory Environment By Hashar Mujahid** ⌘ [Read more](https://infosecwriteups.com/post-exploitation-basics-in-active-directory-enviorment-by-hashar-mujahid-d46880974f87?source=rss----7b722bfd1b8d---4) 2022-08-07T17:04:13Z **Enterprise: Active Directory Room From TryHackMe By** ⌘ [Read more](https://infosecwriteups.com/enterprise-active-directory-room-from-tryhackme-87f8738efc96?source=rss----7b722bfd1b8d---4) 2022-08-07T17:03:59Z **TryHackMe WriteUp: Agent T** ⌘ [Read more](https://infosecwriteups.com/tryhackme-writeup-agent-t-4807b77f768d?source=rss----7b722bfd1b8d---4) 2022-08-07T17:03:48Z **What is command injection and how to exploit it — StackZero** ⌘ [Read more](https://infosecwriteups.com/what-is-command-injection-and-how-to-exploit-it-stackzero-ac7643bc492?source=rss----7b722bfd1b8d---4) 2022-08-08T12:15:33Z **Kubernetes Security** ⌘ [Read more](https://infosecwriteups.com/kubernetes-security-df58a8e5f379?source=rss----7b722bfd1b8d---4) 2022-08-08T12:15:17Z **PortSwigger Web Security Academy Lab: SQL injection vulnerability in WHERE clause allowing…** ⌘ [Read more](https://infosecwriteups.com/portswigger-web-security-academy-lab-sql-injection-vulnerability-in-where-clause-allowing-be11d2611987?source=rss----7b722bfd1b8d---4) 2022-08-09T10:10:18Z **IW Weekly #15: Admin account takeover, IDOR broken authentication, CyberChef alternatives, Dark web…** ⌘ [Read more](https://infosecwriteups.com/iw-weekly-15-admin-account-takeover-idor-broken-authentication-cyberchef-alternatives-dark-web-ce821697e49e?source=rss----7b722bfd1b8d---4) 2022-08-09T15:04:05Z **Stored XSS to Account Takeover : Going beyond document.cookie (Dumping IndexedDB)** ⌘ [Read more](https://infosecwriteups.com/stored-xss-to-account-takeover-going-beyond-document-cookie-970e42362f43?source=rss----7b722bfd1b8d---4) 2022-08-09T15:03:36Z **PortSwigger Web Security Academy Lab: SQL injection vulnerability allowing login bypass** ⌘ [Read more](https://infosecwriteups.com/portswigger-web-security-academy-lab-sql-injection-vulnerability-allowing-login-bypass-2cb40fcf4a10?source=rss----7b722bfd1b8d---4) 2022-08-09T15:03:00Z **About the discovery of another security vulnerability in NASA** ⌘ [Read more](https://infosecwriteups.com/about-the-discovery-of-another-security-vulnerability-in-nasa-427ea194f537?source=rss----7b722bfd1b8d---4) 2022-08-09T16:06:04Z **Creating a basic backdoor on an android mobile** ⌘ [Read more](https://infosecwriteups.com/creating-a-basic-backdoor-on-an-android-mobile-66bb58fc7507?source=rss----7b722bfd1b8d---4) 2022-08-10T07:28:41Z **IIot, Operational Technology Cybersecurity Challenges** ⌘ [Read more](https://infosecwriteups.com/iiot-operational-technology-cybersecurity-challenges-8fd522ad84ef?source=rss----7b722bfd1b8d---4) 2022-08-10T10:37:45Z **RazorBlack: Active Directory Room From TryHackMe By Hashar Mujahid** ⌘ [Read more](https://infosecwriteups.com/razorblack-active-directory-room-from-tryhackme-by-hashar-mujahid-52985f24d929?source=rss----7b722bfd1b8d---4) 2022-08-10T11:42:49Z **Hunting webshell with NeoPI** ⌘ [Read more](https://infosecwriteups.com/hunting-webshell-with-neopi-62b76ce10d6b?source=rss----7b722bfd1b8d---4) 2022-08-10T12:42:51Z **Write-up: Pickle Rick @ TryHackMe** ⌘ [Read more](https://infosecwriteups.com/write-up-pickle-rick-tryhackme-6a3c838507c2?source=rss----7b722bfd1b8d---4) 2022-08-10T16:06:35Z **Hacker101 CTF — Travial CTF Flag 0** ⌘ [Read more](https://infosecwriteups.com/hacker101-ctf-travial-ctf-flag-0-9912113630bc?source=rss----7b722bfd1b8d---4) 2022-08-10T16:06:25Z **Car Hacking: Cyber Security in Automotive Industry** ⌘ [Read more](https://infosecwriteups.com/car-hacking-cyber-security-in-automotive-industry-e9a7a4ffd6bb?source=rss----7b722bfd1b8d---4) 2022-08-11T14:44:29Z **PortSwigger Web Security Lab: SQL injection UNION attack, determining the number of columns…** ⌘ [Read more](https://infosecwriteups.com/portswigger-web-security-lab-sql-injection-union-attack-determining-the-number-of-columns-5f0a4fa95e5e?source=rss----7b722bfd1b8d---4) 2022-08-11T14:44:16Z **Hacker101 CTF — Micro CMS v1 Flag 0** ⌘ [Read more](https://infosecwriteups.com/hacker101-ctf-micro-cms-v1-flag-0-dd5b40652282?source=rss----7b722bfd1b8d---4) 2022-08-11T14:44:04Z **Phoenix Challenges — Stack Zero** ⌘ [Read more](https://infosecwriteups.com/phoenix-challenges-stack-zero-f8743cc871ed?source=rss----7b722bfd1b8d---4) 2022-08-12T07:01:19Z **Let’s Learn API Security: More about Excessive Data Exposure**
[![](https://cdn-images-1.medium.com/max/1400/0*N7EWy7Ibg6xXN8W0)](https://infosecwriteups.com/lets-learn-api-security-more-about-excessive-data-exposure-372fe2dd70c8?source=rss----7b722bfd1b8d---4)

We are going to talk about “Excessive Data Exposure” in this post that we are making for API Security.

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/lets-le ... ⌘ [Read more](https://infosecwriteups.com/lets-learn-api-security-more-about-excessive-data-exposure-372fe2dd70c8?source=rss----7b722bfd1b8d---4) 2022-08-12T08:03:23Z **Configuring TOR with Python** ⌘ [Read more](https://infosecwriteups.com/configuring-tor-with-python-1a90fc1c246f?source=rss----7b722bfd1b8d---4) 2022-08-13T07:50:29Z **An interesting voice confusion discovery in Meta bug bounty** ⌘ [Read more](https://infosecwriteups.com/an-interesting-voice-confusion-discovery-in-meta-bug-bounty-a9b65175af32?source=rss----7b722bfd1b8d---4) 2022-08-13T07:49:06Z **Server Side Template Injections By Hashar Mujahid.** ⌘ [Read more](https://infosecwriteups.com/server-side-template-injections-by-hashar-mujahid-e5a1a383027e?source=rss----7b722bfd1b8d---4) 2022-08-15T10:34:42Z **Irremovable guest in facebook event — Facebook bug bounty** ⌘ [Read more](https://infosecwriteups.com/irremovable-guest-in-facebook-event-facebook-bug-bounty-e10e03c98cd5?source=rss----7b722bfd1b8d---4) 2022-08-15T10:34:11Z **PortSwigger Web Security Academy Lab: SQL injection UNION attack, finding a column containing text** ⌘ [Read more](https://infosecwriteups.com/portswigger-web-security-academy-lab-sql-injection-union-attack-finding-a-column-containing-text-f67728a4240a?source=rss----7b722bfd1b8d---4) 2022-08-15T11:36:05Z **Salesforce bug hunting to Critical bug**
[![](https://cdn-images-1.medium.com/max/720/1*xrtmfuoiJmDfTkjGNrtK7g.jpeg)](https://infosecwriteups.com/salesforce-bug-hunting-to-critical-bug-b5da44789d3?source=rss----7b722bfd1b8d---4)

Or how I learned that some bugs are truly rare

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/salesforce-bug-hunting-to-critical-bug-b5da44789d3?source=rss----7b722bfd1b8d---4) ⌘ [Read more](https://infosecwriteups.com/salesforce-bug-hunting-to-critical-bug-b5da44789d3?source=rss----7b722bfd1b8d---4) 2022-08-16T07:10:54Z **IW Weekly #16: AWS Vulnerability, Threat Hunting, Reflected XSS, Pentesting Resource, Command…** ⌘ [Read more](https://infosecwriteups.com/iw-weekly-16-aws-vulnerability-threat-hunting-reflected-xss-pentesting-resource-command-1b172801f2b7?source=rss----7b722bfd1b8d---4) 2022-08-16T07:18:55Z **How To Hack With SQL Injection Attacks! DVWA low security — StackZero** ⌘ [Read more](https://infosecwriteups.com/how-to-hack-with-sql-injection-attacks-dvwa-low-security-stackzero-9286d7d0dfd1?source=rss----7b722bfd1b8d---4) 2022-08-16T18:30:26Z **PortSwigger Web Security Academy Lab: SQL injection UNION attack, retrieving data from other tables** ⌘ [Read more](https://infosecwriteups.com/portswigger-web-security-academy-lab-sql-injection-union-attack-retrieving-data-from-other-tables-92d776fa0059?source=rss----7b722bfd1b8d---4) 2022-08-16T19:33:03Z **StepSecurity releases tool that it used to improve security of 30 critical open-source projects…** ⌘ [Read more](https://infosecwriteups.com/stepsecurity-releases-tool-that-it-used-to-improve-security-of-30-critical-open-source-projects-4ebbef31b908?source=rss----7b722bfd1b8d---4) 2022-08-17T07:19:06Z **PortSwigger Web Security Academy Lab: SQL injection UNION attack, retrieving multiple values in a…** ⌘ [Read more](https://infosecwriteups.com/portswigger-web-security-academy-lab-sql-injection-union-attack-retrieving-multiple-values-in-a-3f025ac94b67?source=rss----7b722bfd1b8d---4) 2022-08-17T15:48:37Z **Using Kubernetes Plugins for Better Security** ⌘ [Read more](https://infosecwriteups.com/using-kubernetes-plugins-for-better-security-7b083cc3a7b7?source=rss----7b722bfd1b8d---4) 2022-08-18T08:18:08Z **IW Weekly #17: $30,000 Bounty, Instagram Account Takeover, AWS Security Series, Google…** ⌘ [Read more](https://infosecwriteups.com/iw-weekly-17-30-000-bounty-instagram-account-takeover-aws-security-series-google-a0f3e6f980fb?source=rss----7b722bfd1b8d---4) 2022-08-19T17:06:09Z **Erlik — Vulnerable SOAP Service** ⌘ [Read more](https://infosecwriteups.com/erlik-vulnerable-soap-service-d0a71355058e?source=rss----7b722bfd1b8d---4) 2022-08-19T17:05:56Z **C Language for Hackers & Beyond! 0x02** ⌘ [Read more](https://infosecwriteups.com/c-language-for-hackers-beyond-0x01-eb885c8a189a?source=rss----7b722bfd1b8d---4) 2022-08-19T18:07:21Z **Write-up: Git Happens @ TryHackMe** ⌘ [Read more](https://infosecwriteups.com/write-up-git-happens-tryhackme-408a111e880f?source=rss----7b722bfd1b8d---4) 2022-08-20T16:01:34Z **IW Weekly #18: $45,000 Facebook Bug Bounty, Cross-site Scripting, Hacking, Recon and Breaking into…** ⌘ [Read more](https://infosecwriteups.com/iw-weekly-18-45-000-facebook-bug-bounty-cross-site-scripting-hacking-recon-and-breaking-into-7c7cff7cde76?source=rss----7b722bfd1b8d---4) 2022-08-21T17:34:23Z **Redline Stealer Malware Static Analysis** ⌘ [Read more](https://infosecwriteups.com/redline-stealer-malware-static-analysis-69367b37a146?source=rss----7b722bfd1b8d---4) 2022-08-21T17:34:09Z **Confidential — TryHackMe Walkthrough** ⌘ [Read more](https://infosecwriteups.com/tryhackme-confidential-walk-through-8b8294579134?source=rss----7b722bfd1b8d---4) 2022-08-21T17:33:59Z **Hackers use String of Emojis to hack you.** ⌘ [Read more](https://infosecwriteups.com/hackers-use-string-of-emojis-to-hack-you-296499845b0d?source=rss----7b722bfd1b8d---4) 2022-08-21T17:33:20Z **BrainStrom TryHackme** ⌘ [Read more](https://infosecwriteups.com/brainstrom-tryhackme-523b916661ff?source=rss----7b722bfd1b8d---4) 2022-08-21T17:31:58Z **Linux fundamentals — Summary:** ⌘ [Read more](https://infosecwriteups.com/linux-fundamentals-summary-98a1d24cae17?source=rss----7b722bfd1b8d---4) 2022-08-21T18:33:23Z **Write-up: JWT authentication bypass via flawed signature verification @ PortSwigger Academy** ⌘ [Read more](https://infosecwriteups.com/write-up-jwt-authentication-bypass-via-flawed-signature-verification-portswigger-academy-2107eddec3b7?source=rss----7b722bfd1b8d---4) 2022-08-22T11:14:36Z **First Bug Bounty from DOS: Taking the service down** ⌘ [Read more](https://infosecwriteups.com/first-bug-bounty-from-dos-taking-the-service-down-30f9ad4e0246?source=rss----7b722bfd1b8d---4) 2022-08-22T11:14:21Z **Account takeover worth $1000** ⌘ [Read more](https://infosecwriteups.com/account-takeover-worth-1000-611452063cf?source=rss----7b722bfd1b8d---4) 2022-08-22T11:11:30Z **PortSwigger Web Security Academy Lab: SQL injection attack, querying the database type and versio** ⌘ [Read more](https://infosecwriteups.com/portswigger-web-security-academy-lab-sql-injection-attack-querying-the-database-type-and-versio-c6ca5bd380e2?source=rss----7b722bfd1b8d---4) 2022-08-22T12:18:31Z **Create a simple phishing website and a Javascript keylogger** ⌘ [Read more](https://infosecwriteups.com/create-a-simple-phishing-website-and-a-javascript-keylogger-9bcafbe6ffda?source=rss----7b722bfd1b8d---4) 2022-08-22T13:18:20Z **Portswigger Labs, how to get the most out of it**
[![](https://cdn-images-1.medium.com/max/1442/1*vckzb3TCXzHlKxtId-nmZw.png)](https://infosecwriteups.com/portswigger-labs-how-to-get-the-most-out-of-it-7add3553f88c?source=rss----7b722bfd1b8d---4)

or why looking up the solution underneath the lab isn’t cheating, it’s part of learning

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/portswigger-labs-how-to-get-the-most-out-of-it-7a ... ⌘ [Read more](https://infosecwriteups.com/portswigger-labs-how-to-get-the-most-out-of-it-7add3553f88c?source=rss----7b722bfd1b8d---4) 2022-08-23T08:10:52Z **‍$5000 Bounty, Free Certification Courses, IndexDB, Reconnaissance Guide, Elasticsearch, and…** ⌘ [Read more](https://infosecwriteups.com/5000-bounty-free-certification-courses-indexdb-reconnaissance-guide-elasticsearch-and-da29bf1ba28a?source=rss----7b722bfd1b8d---4) 2022-08-24T11:44:45Z **PortSwigger Web Security Academy Lab: SQL injection attack, querying the database type and version…** ⌘ [Read more](https://infosecwriteups.com/portswigger-web-security-academy-lab-sql-injection-attack-querying-the-database-type-and-version-acd2688592aa?source=rss----7b722bfd1b8d---4) 2022-08-24T12:47:32Z **Write-up: Upload Vulnerabilities @ TryHackMe** ⌘ [Read more](https://infosecwriteups.com/write-up-upload-vulnerabilities-tryhackme-32bbaca5686c?source=rss----7b722bfd1b8d---4) 2022-08-24T13:06:31Z **Break the Logic: Insecure Parameters (€300)** ⌘ [Read more](https://infosecwriteups.com/break-the-logic-insecure-parameters-300-e655cc4fcc42?source=rss----7b722bfd1b8d---4) 2022-08-25T07:21:26Z **Bug Bounty Tips, Desync Attacks, SSRF, SQL Injection, Vulnerabilities in CPU, RCE, and much more…** ⌘ [Read more](https://infosecwriteups.com/bug-bounty-tips-desync-attacks-ssrf-sql-injection-vulnerabilities-in-cpu-rce-and-much-more-f4d43635dd23?source=rss----7b722bfd1b8d---4) 2022-08-25T10:19:38Z **Server Side Template Injections Portswiggers Labs Walkthrough.** ⌘ [Read more](https://infosecwriteups.com/server-side-template-injections-portswiggers-labs-walkthrough-5a1a06f057d2?source=rss----7b722bfd1b8d---4) 2022-08-25T10:19:25Z **How I found my first RCE!** ⌘ [Read more](https://infosecwriteups.com/how-i-found-my-first-rce-c063546114ef?source=rss----7b722bfd1b8d---4) 2022-08-25T10:18:46Z **Cool Recon techniques every hacker misses! ** ⌘ [Read more](https://infosecwriteups.com/cool-recon-techniques-every-hacker-misses-1c5e0e294e89?source=rss----7b722bfd1b8d---4) 2022-08-25T11:22:10Z **This SIMPLE trick will exploit image uploads - $2500 TikTok bug bounty.**
[![](https://cdn-images-1.medium.com/max/1000/1*_5yeoPC54yupPaf0KGJ_Pg.png)](https://infosecwriteups.com/this-simple-trick-will-exploit-image-uploads-2500-tiktok-bug-bounty-41fc01128ee?source=rss----7b722bfd1b8d---4)

Stored XSS in SVG files.

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/this-simple-trick-will-exploit-image-uploads-250 ... ⌘ [Read more](https://infosecwriteups.com/this-simple-trick-will-exploit-image-uploads-2500-tiktok-bug-bounty-41fc01128ee?source=rss----7b722bfd1b8d---4) 2022-08-25T12:22:11Z **Write-up: Host header authentication bypass @ PortSwigger Academy** ⌘ [Read more](https://infosecwriteups.com/write-up-host-header-authentication-bypass-portswigger-academy-30bee8fbf05c?source=rss----7b722bfd1b8d---4) 2022-08-25T13:17:02Z **‍Bug Bounty Tips, Desync Attacks, SSRF, SQL Injection, Vulnerabilities in CPU, RCE, and much…** ⌘ [Read more](https://infosecwriteups.com/bug-bounty-tips-desync-attacks-ssrf-sql-injection-vulnerabilities-in-cpu-rce-and-much-703c547810c3?source=rss----7b722bfd1b8d---4) 2022-08-26T06:57:24Z **Bypassing unexpected IDOR** ⌘ [Read more](https://infosecwriteups.com/bypassing-unexpected-idor-e6a9da2e0498?source=rss----7b722bfd1b8d---4) 2022-08-26T06:56:52Z **Stored XSS using SVG file** ⌘ [Read more](https://infosecwriteups.com/stored-xss-using-svg-file-2e3608248fae?source=rss----7b722bfd1b8d---4) 2022-08-26T06:55:59Z **Break the Logic: 5 Different Perspectives in Single Page (€1500)** ⌘ [Read more](https://infosecwriteups.com/break-the-logic-5-different-perspectives-in-single-page-1500-5aa09da0fe7a?source=rss----7b722bfd1b8d---4) 2022-08-26T07:58:17Z **Sometimes times the best hack is no hack at all — $2900 Shopify Bug Bounty**
[![](https://cdn-images-1.medium.com/max/2600/0*JBC8ZRklV_pU_Q2c)](https://infosecwriteups.com/sometimes-times-the-best-hack-is-no-hack-at-all-2900-shopify-bug-bounty-38531b279c67?source=rss----7b722bfd1b8d---4)

Access control is key.

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/sometimes-times-the-best-hack-is-no-hack-at-all ... ⌘ [Read more](https://infosecwriteups.com/sometimes-times-the-best-hack-is-no-hack-at-all-2900-shopify-bug-bounty-38531b279c67?source=rss----7b722bfd1b8d---4) 2022-08-27T06:41:26Z **$7000 Bounty, Web3 Bug Hunting, API Hacking, IDOR, Triggering XSS with emojis, XSS Flyer, and much…** ⌘ [Read more](https://infosecwriteups.com/7000-bounty-web3-bug-hunting-api-hacking-idor-triggering-xss-with-emojis-xss-flyer-and-much-fb4c51fb26ef?source=rss----7b722bfd1b8d---4) 2022-08-27T11:18:05Z **SSRF leads to access AWS metadata.** ⌘ [Read more](https://infosecwriteups.com/ssrf-leads-to-access-aws-metadata-21952c220aeb?source=rss----7b722bfd1b8d---4) 2022-08-27T13:22:40Z **‍$7000 Bounty, Web3 Bug Hunting, API Hacking, IDOR, Triggering XSS with emojis, XSS Flyer, and…** ⌘ [Read more](https://infosecwriteups.com/7000-bounty-web3-bug-hunting-api-hacking-idor-triggering-xss-with-emojis-xss-flyer-and-7c9d691354e4?source=rss----7b722bfd1b8d---4) 2022-08-27T20:30:50Z **SSRF — The Server’s Loophole 01** ⌘ [Read more](https://infosecwriteups.com/ssrf-the-servers-loophole-01-6e7e33fb1d57?source=rss----7b722bfd1b8d---4) 2022-08-27T20:30:19Z **Server Side Template Injections Portswiggers Labs Walkthrough Part III** ⌘ [Read more](https://infosecwriteups.com/server-side-template-injections-portswiggers-labs-walkthrough-part-iii-bc6983412a3d?source=rss----7b722bfd1b8d---4) 2022-08-29T08:29:27Z **Double free() attacks in ARM Part one.** ⌘ [Read more](https://infosecwriteups.com/double-free-attacks-in-arm-part-one-4519eee6770a?source=rss----7b722bfd1b8d---4) 2022-08-29T08:28:31Z **Out-Of-Bond Remote code Execution(RCE) on De Nederlandsche Bank N.V. with burp-suite collaborator** ⌘ [Read more](https://infosecwriteups.com/out-of-bond-remote-code-execution-rce-on-de-nederlandsche-bank-n-v-with-burp-suite-collaborator-2ce50260e2e4?source=rss----7b722bfd1b8d---4) 2022-08-29T09:33:32Z **Definitive Guide to SQL Injection**
[![](https://cdn-images-1.medium.com/max/941/1*FpzOjoG5IEvmsM4phCB31w.png)](https://infosecwriteups.com/definitive-guide-to-sql-injection-df5ac445eef1?source=rss----7b722bfd1b8d---4)

Introduction

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/definitive-guide-to-sql-injection-df5ac445eef1?source=rss----7b722bfd1b8d---4) ⌘ [Read more](https://infosecwriteups.com/definitive-guide-to-sql-injection-df5ac445eef1?source=rss----7b722bfd1b8d---4) 2022-08-29T09:33:32Z **Secure Messaging **
[![](https://cdn-images-1.medium.com/max/2600/0*QXoy5ohqMOgzWc9G)](https://infosecwriteups.com/secure-messaging-5d2fc7748c24?source=rss----7b722bfd1b8d---4)

Confidentiality, Reliability, Privacy, Usability, Cross-Platform support… — So many things to consider!

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/secure-messaging-5d2fc7748c24?source=rss----7b722bfd1b8d---4) ⌘ [Read more](https://infosecwriteups.com/secure-messaging-5d2fc7748c24?source=rss----7b722bfd1b8d---4) 2022-08-29T10:33:27Z **Bypassing Amazon WAF to pop an alert()** ⌘ [Read more](https://infosecwriteups.com/bypassing-amazon-waf-to-pop-an-alert-4646ce35554e?source=rss----7b722bfd1b8d---4) 2022-08-30T11:50:00Z **‍File Leakage, Blockchain Security, Bypass 2FA, Kerberoasting, Exploiting Security Bugs, and…** ⌘ [Read more](https://infosecwriteups.com/file-leakage-blockchain-security-bypass-2fa-kerberoasting-exploiting-security-bugs-and-58bdf350dd25?source=rss----7b722bfd1b8d---4) 2022-08-30T11:47:59Z **Hack With SQL Injection Attacks! DVWA medium security — StackZero** ⌘ [Read more](https://infosecwriteups.com/hack-with-sql-injection-attacks-dvwa-medium-security-stackzero-d4af0a9a5f9?source=rss----7b722bfd1b8d---4) 2022-08-30T11:47:47Z **AWS Attribute-Based Access Control (ABAC) With Tags** ⌘ [Read more](https://infosecwriteups.com/aws-attribute-based-access-control-abac-with-tags-f4340385011e?source=rss----7b722bfd1b8d---4) 2022-08-30T11:47:34Z **SSRF — Exploitation 02** ⌘ [Read more](https://infosecwriteups.com/ssrf-exploitation-02-b682de16594?source=rss----7b722bfd1b8d---4) 2022-08-30T12:52:04Z **Write-up: Authentication bypass via OAuth implicit flow @ PortSwigger Academy** ⌘ [Read more](https://infosecwriteups.com/write-up-authentication-bypass-via-oauth-implicit-flow-portswigger-academy-c98b841d3d3d?source=rss----7b722bfd1b8d---4) 2022-08-31T12:07:52Z **mfa bypass in private program, the abdulsec way** ⌘ [Read more](https://infosecwriteups.com/mfa-bypass-in-private-program-the-abdulsec-way-f677fea209f7?source=rss----7b722bfd1b8d---4) 2022-09-01T07:52:57Z **Mass Hunting CVE’s Part-1** ⌘ [Read more](https://infosecwriteups.com/mass-hunting-cves-part-1-1e162ba6028b?source=rss----7b722bfd1b8d---4) 2022-09-01T07:52:28Z **S3 Bucket: Cloud Trail Log Analysis** ⌘ [Read more](https://infosecwriteups.com/s3-bucket-cloud-trail-log-analysis-ddefee0f025f?source=rss----7b722bfd1b8d---4) 2022-09-01T07:52:08Z **OAuth 2.0 (Introduction and Exploitation Part I)Explained By Hashar Mujahid** ⌘ [Read more](https://infosecwriteups.com/oauth-2-0-introduction-and-exploitation-part-i-explained-by-hashar-mujahid-262f9c59de6c?source=rss----7b722bfd1b8d---4) 2022-09-02T09:39:36Z **Utkuici — Nessus Automation** ⌘ [Read more](https://infosecwriteups.com/utkuici-nessus-automation-2c8db08df0ec?source=rss----7b722bfd1b8d---4) 2022-09-03T18:09:53Z **Exploiting OAuth authentication vulnerabilities Part II** ⌘ [Read more](https://infosecwriteups.com/exploiting-oauth-authentication-vulnerabilities-part-ii-6c150f492e62?source=rss----7b722bfd1b8d---4) 2022-09-03T18:09:28Z **Hack With SQL Injection Attacks! DVWA high security — StackZero** ⌘ [Read more](https://infosecwriteups.com/hack-with-sql-injection-attacks-dvwa-high-security-stackzero-713638840515?source=rss----7b722bfd1b8d---4) 2022-09-03T19:11:09Z **Thick Client Pentest: Modern Approaches and Techniques: PART 1** ⌘ [Read more](https://infosecwriteups.com/thick-client-pentest-modern-approaches-and-techniques-part-1-7bb0f5f28e8e?source=rss----7b722bfd1b8d---4) 2022-09-05T08:43:21Z **Phoenix Challenges — Stack One** ⌘ [Read more](https://infosecwriteups.com/phoenix-challenges-stack-one-4a9d2100274f?source=rss----7b722bfd1b8d---4) 2022-09-05T08:40:50Z **Passing a Role to AWS CloudFormation to Escalate Privileges** ⌘ [Read more](https://infosecwriteups.com/passing-a-role-to-cloudformation-to-escalate-privileges-602010d26f55?source=rss----7b722bfd1b8d---4) 2022-09-05T08:40:31Z **Pen #007: Wi-Fi Hacking 101** ⌘ [Read more](https://infosecwriteups.com/pen-7-wi-fi-hacking-101-544c79bd77c9?source=rss----7b722bfd1b8d---4) 2022-09-05T08:40:09Z **Bayanay — Python Wardriving Tool** ⌘ [Read more](https://infosecwriteups.com/bayanay-python-wardriving-tool-e105a4ad3c63?source=rss----7b722bfd1b8d---4) 2022-09-05T09:46:01Z **Timelapse from HackTheBox — Detailed Walkthrough** ⌘ [Read more](https://infosecwriteups.com/timelapse-from-hackthebox-detailed-walkthrough-5b36f5cde290?source=rss----7b722bfd1b8d---4) 2022-09-05T10:49:49Z **Why broken access control is the most severe vulnerability**
[![](https://cdn-images-1.medium.com/max/700/1*mPqyjo3rcuwSEsigkPANdQ.jpeg)](https://infosecwriteups.com/why-broken-access-control-is-the-most-severe-vulnerability-2223baf9bb48?source=rss----7b722bfd1b8d---4)

Introduction

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/why-broken-access-control-is-the-most-severe-vulnerability-2223baf9bb48?source=rss----7b7 ... ⌘ [Read more](https://infosecwriteups.com/why-broken-access-control-is-the-most-severe-vulnerability-2223baf9bb48?source=rss----7b722bfd1b8d---4) 2022-09-05T22:03:30Z **‍Smart Contract Security, WAF Bypassing, HTTP Parameter Pollution, Race Condition, IDOR, Web…** ⌘ [Read more](https://infosecwriteups.com/smart-contract-security-waf-bypassing-http-parameter-pollution-race-condition-idor-web-cf9ab2793aac?source=rss----7b722bfd1b8d---4) 2022-09-09T07:36:04Z **Anti-Reversing Techniques (Part 1)** ⌘ [Read more](https://infosecwriteups.com/anti-reversing-techniques-part-1-3200db42f1e3?source=rss----7b722bfd1b8d---4) 2022-09-09T07:35:47Z **Malware Analysis — NanoCore Rat** ⌘ [Read more](https://infosecwriteups.com/malware-analysis-nanocore-rat-6cae8c6df918?source=rss----7b722bfd1b8d---4) 2022-09-09T07:35:25Z **Malware Analysis — FFDroider** ⌘ [Read more](https://infosecwriteups.com/malware-analysis-ffdroider-21a3fc0fe40f?source=rss----7b722bfd1b8d---4) 2022-09-09T07:35:04Z **[Malware Analysis #3] — Disk Writer** ⌘ [Read more](https://infosecwriteups.com/malware-analysis-3-disk-writer-5ee764819597?source=rss----7b722bfd1b8d---4) 2022-09-09T08:37:01Z **Retired from HackTheBox — Detailed Walkthrough** ⌘ [Read more](https://infosecwriteups.com/retired-from-hackthebox-detailed-walkthrough-ee2f7cf288a?source=rss----7b722bfd1b8d---4) 2022-09-09T12:24:52Z **Insufficient Logging and Monitoring**
[![](https://cdn-images-1.medium.com/max/1920/1*tYSCAzds4LQ_p00GekCSvA.jpeg)](https://infosecwriteups.com/insufficient-logging-and-monitoring-65f2bc42b6d5?source=rss----7b722bfd1b8d---4)

Introduction

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/insufficient-logging-and-monitoring-65f2bc42b6d5?source=rss----7b722bfd1b8d---4) ⌘ [Read more](https://infosecwriteups.com/insufficient-logging-and-monitoring-65f2bc42b6d5?source=rss----7b722bfd1b8d---4) 2022-09-10T06:24:34Z **How I found 3 RXSS on the Lululemon bug bounty program** ⌘ [Read more](https://infosecwriteups.com/how-i-found-3-rxss-on-the-lululemon-bug-bounty-program-fa357a0154c2?source=rss----7b722bfd1b8d---4) 2022-09-10T06:24:09Z **Reflected XSS DVWA — An Exploit With Real World Consequences — StackZero** ⌘ [Read more](https://infosecwriteups.com/reflected-xss-dvwa-an-exploit-with-real-world-consequences-stackzero-171cfb2d87d2?source=rss----7b722bfd1b8d---4) 2022-09-12T10:29:24Z **How I found 3 rare security bugs in a day** ⌘ [Read more](https://infosecwriteups.com/how-i-found-3-bug-bounties-in-a-day-c82fe023716e?source=rss----7b722bfd1b8d---4) 2022-09-12T10:29:01Z **New technique 403 bypass lyncdiscover.microsoft.com** ⌘ [Read more](https://infosecwriteups.com/403-bypass-lyncdiscover-microsoft-com-db2778458c33?source=rss----7b722bfd1b8d---4) 2022-09-12T10:28:35Z **Take Confusion Out of IAM Policies, AWS S3 Bucket Policies and AWS S3 ACLs** ⌘ [Read more](https://infosecwriteups.com/take-confusion-out-of-iam-policies-aws-s3-bucket-policies-and-aws-s3-acls-61d8fa04a658?source=rss----7b722bfd1b8d---4) 2022-09-12T10:28:11Z **Raccoon Stealer v2 Malware Analysis** ⌘ [Read more](https://infosecwriteups.com/raccoon-stealer-v2-malware-analysis-55cc33774ac8?source=rss----7b722bfd1b8d---4) 2022-09-12T10:27:55Z **How To Perform Command Injection Attacks (DVWA) For Aspiring Hackers! — StackZero** ⌘ [Read more](https://infosecwriteups.com/how-to-perform-command-injection-attacks-dvwa-for-aspiring-hackers-stackzero-c9d521c6f934?source=rss----7b722bfd1b8d---4) 2022-09-12T10:27:40Z **How to prevent more than 200 million users from using Google services** ⌘ [Read more](https://infosecwriteups.com/how-to-prevent-more-than-200-million-users-from-using-google-services-136b3b8e221f?source=rss----7b722bfd1b8d---4) 2022-09-12T11:32:09Z **‍Thick Client Pentest, Out-of-band XXE, Bug Hunting Resources, RDP, LogonTypes, PowerShell…** ⌘ [Read more](https://infosecwriteups.com/thick-client-pentest-out-of-band-xxe-bug-hunting-resources-rdp-logontypes-powershell-2363bc3c7752?source=rss----7b722bfd1b8d---4) 2022-09-12T11:26:59Z **Detecting Log4j & its Remediation**
[![](https://cdn-images-1.medium.com/max/2400/1*pCBv7DtBtOgBbaq9lEr80A.jpeg)](https://infosecwriteups.com/detecting-log4j-its-remediation-58ab3a59c865?source=rss----7b722bfd1b8d---4)

This article is dedicated to log4j and how it’s being exploited in the wild by attackers.

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/detecting-log4j-its-remediation-58ab3a59c865?source=rss----7b722bfd1b8d---4) ⌘ [Read more](https://infosecwriteups.com/detecting-log4j-its-remediation-58ab3a59c865?source=rss----7b722bfd1b8d---4) 2022-09-13T14:32:03Z **Exploiting OAuth authentication vulnerabilities Part III** ⌘ [Read more](https://infosecwriteups.com/exploiting-oauth-authentication-vulnerabilities-part-iii-e3db79c83359?source=rss----7b722bfd1b8d---4) 2022-09-14T07:08:18Z **CVE-2022-31625: PHP Vulnerability due to uninitialized array** ⌘ [Read more](https://infosecwriteups.com/cve-2022-31625-php-vulnerability-due-to-uninitialized-array-30b04f6536f?source=rss----7b722bfd1b8d---4) 2022-09-14T07:07:48Z **How to start Penetration testing of Artificial Intelligence** ⌘ [Read more](https://infosecwriteups.com/how-to-start-penetration-testing-of-artificial-intelligence-c11e97b77dfa?source=rss----7b722bfd1b8d---4) 2022-09-14T07:07:18Z **Attacking GPP (Group Policy Preferences) Credentials | Active Directory Pentesting** ⌘ [Read more](https://infosecwriteups.com/attacking-gpp-group-policy-preferences-credentials-active-directory-pentesting-16d9a65fa01a?source=rss----7b722bfd1b8d---4) 2022-09-19T07:12:05Z **Write-up: JWT authentication bypass via weak signing key @ PortSwigger Academy** ⌘ [Read more](https://infosecwriteups.com/write-up-jwt-authentication-bypass-via-weak-signing-key-portswigger-academy-f212ee600ddd?source=rss----7b722bfd1b8d---4) 2022-09-19T07:02:23Z **How I Found My FIRST Vulnerability/Bug Bounty and How You Can Too: Part 2**
[![](https://cdn-images-1.medium.com/max/1024/1*b1htFX-Uy2ieSGT-fol-Ag.png)](https://infosecwriteups.com/how-i-found-my-first-vulnerability-bug-bounty-and-how-you-can-too-part-2-2e8681f4e3b7?source=rss----7b722bfd1b8d---4)

Simple hacks!

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/how-i-found-my-first-vulnerability-bug-bounty ... ⌘ [Read more](https://infosecwriteups.com/how-i-found-my-first-vulnerability-bug-bounty-and-how-you-can-too-part-2-2e8681f4e3b7?source=rss----7b722bfd1b8d---4) 2022-09-19T07:01:51Z **How I Found My FIRST Vulnerability/Bug Bounty and How You Can Too: Part 1**
[![](https://cdn-images-1.medium.com/max/1024/1*jnKaUju7BKX0wO5afMRS8g.png)](https://infosecwriteups.com/how-i-found-my-first-vulnerability-bug-bounty-and-how-you-can-too-part-1-f2dd0b7d7665?source=rss----7b722bfd1b8d---4)

How to start ethically hacking websites

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/how-i-found-my-firs ... ⌘ [Read more](https://infosecwriteups.com/how-i-found-my-first-vulnerability-bug-bounty-and-how-you-can-too-part-1-f2dd0b7d7665?source=rss----7b722bfd1b8d---4) 2022-09-19T07:01:16Z **Cool Recon techniques every hacker misses! Episode 2** ⌘ [Read more](https://infosecwriteups.com/cool-recon-techniques-every-hacker-misses-episode-2-8024e8338756?source=rss----7b722bfd1b8d---4) 2022-09-19T07:24:42Z **30 Search Engines for Cybersecurity Researchers (Part 1 of 3)** ⌘ [Read more](https://infosecwriteups.com/30-search-engines-for-cybersecurity-researchers-part-1-of-3-faf68bfc6be8?source=rss----7b722bfd1b8d---4) 2022-09-19T07:51:38Z **30 Search Engines for Cybersecurity Researchers (Part 2 of 3)** ⌘ [Read more](https://infosecwriteups.com/30-search-engines-for-cybersecurity-researchers-part-2-of-3-3412d6a35118?source=rss----7b722bfd1b8d---4) 2022-09-19T08:21:57Z **Living Off The Land: Suspicious System32**
[![](https://cdn-images-1.medium.com/max/779/0*DZZ-mOcCO8qIjc_D)](https://infosecwriteups.com/living-off-the-land-suspicious-system32-6ad8d8119fe1?source=rss----7b722bfd1b8d---4)

The services below are some of the most commonly abused services for malicious parties to “live of the land”. Each are built into Windows…

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/living-off-the-land-suspicious ... ⌘ [Read more](https://infosecwriteups.com/living-off-the-land-suspicious-system32-6ad8d8119fe1?source=rss----7b722bfd1b8d---4) 2022-09-19T12:36:52Z **How I abused the file upload function to get a high severity vulnerability in Bug Bounty** ⌘ [Read more](https://infosecwriteups.com/how-i-abused-the-file-upload-function-to-get-a-high-severity-vulnerability-in-bug-bounty-7cdcf349080b?source=rss----7b722bfd1b8d---4) 2022-09-19T12:36:11Z **The terrifying world of Cross-Site Scripting (XSS) (Part 2) — StackZero** ⌘ [Read more](https://infosecwriteups.com/the-terrifying-world-of-cross-site-scripting-xss-part-2-stackzero-cc7fa7e8dcbb?source=rss----7b722bfd1b8d---4) 2022-09-19T14:57:55Z **‍Hacking Smart Contracts, Android Vulnerability, RCE, Prototype Poisoning, Anti-Human Server…** ⌘ [Read more](https://infosecwriteups.com/hacking-smart-contracts-android-vulnerability-rce-prototype-poisoning-anti-human-server-881a42ba43c1?source=rss----7b722bfd1b8d---4) 2022-09-20T05:55:01Z **Sharkbot Virus in Android** ⌘ [Read more](https://infosecwriteups.com/sharkbot-virus-in-android-b5be7c2ead16?source=rss----7b722bfd1b8d---4) 2022-09-20T05:54:07Z **Bypassing 2FA With Cookies!**
[![](https://cdn-images-1.medium.com/max/602/0*W3m2LM6epd1Bmsfg.png)](https://infosecwriteups.com/bypassing-2fa-with-cookies-ff2c79022f63?source=rss----7b722bfd1b8d---4)

If you have two-factor authentication (2FA) enabled on your account, you can’t be compromised, right?

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/bypassing-2fa-with-cookies-ff2c79022f63?source=rss----7b722bfd1b8d---4) ⌘ [Read more](https://infosecwriteups.com/bypassing-2fa-with-cookies-ff2c79022f63?source=rss----7b722bfd1b8d---4) 2022-09-20T11:10:53Z **Cross-site request forgery (CSRF) Explained and Exploited I** ⌘ [Read more](https://infosecwriteups.com/cross-site-request-forgery-csrf-explained-and-exploited-i-db464a61a582?source=rss----7b722bfd1b8d---4) 2022-09-20T11:10:23Z **Phishing and its effect on healthcare sector** ⌘ [Read more](https://infosecwriteups.com/phishing-and-its-effect-on-healthcare-sector-bde4cb767374?source=rss----7b722bfd1b8d---4) 2022-09-20T11:09:52Z **Domain-based Message Authentication Reporting and Conformance (DMARC) and its importance for…** ⌘ [Read more](https://infosecwriteups.com/domain-based-message-authentication-reporting-and-conformance-dmarc-and-its-importance-for-57872e93954c?source=rss----7b722bfd1b8d---4) 2022-09-20T11:09:13Z **Key Web 3.0 Security Issues That Need to be Settled** ⌘ [Read more](https://infosecwriteups.com/key-web-3-0-security-issues-that-need-to-be-settled-2fd59c41d7d7?source=rss----7b722bfd1b8d---4) 2022-09-20T15:03:18Z **Abusing Broken Link In Fitbit (Google Acquisition)To Collect BugBounty Reports On Behalf Of Google !** ⌘ [Read more](https://infosecwriteups.com/abusing-broken-link-in-fitbit-google-acquisition-to-collect-bugbounty-reports-on-behalf-of-google-5885a556eb7c?source=rss----7b722bfd1b8d---4) 2022-09-20T19:48:14Z **30 Search Engines for Cybersecurity Researchers (Part 3 of 3)** ⌘ [Read more](https://infosecwriteups.com/30-search-engines-for-cybersecurity-researchers-part-3-of-3-aa6cae94db0d?source=rss----7b722bfd1b8d---4) 2022-09-20T19:50:05Z **How I Hacked my College’s student portal** ⌘ [Read more](https://infosecwriteups.com/how-i-hacked-my-colleges-student-portal-f51775d75a3d?source=rss----7b722bfd1b8d---4) 2022-09-20T19:49:34Z **Bypassing CSRF Protection (I)** ⌘ [Read more](https://infosecwriteups.com/bypassing-csrf-protection-i-bc014384d0aa?source=rss----7b722bfd1b8d---4) 2022-09-20T19:48:57Z **OSINT AND TOP 15 OPEN-SOURCE INTELLIGENCE TOOLS** ⌘ [Read more](https://infosecwriteups.com/osint-and-top-15-open-source-intelligence-tools-f5132bf9e40f?source=rss----7b722bfd1b8d---4) 2022-09-21T10:11:20Z **Vulnerable Flask App** ⌘ [Read more](https://infosecwriteups.com/vulnerable-flask-app-881bcc960889?source=rss----7b722bfd1b8d---4) 2022-09-21T11:12:18Z **Write-up: File path traversal, validation of file extension with null byte bypass @ PortSwigger…** ⌘ [Read more](https://infosecwriteups.com/write-up-file-path-traversal-validation-of-file-extension-with-null-byte-bypass-portswigger-801300e13799?source=rss----7b722bfd1b8d---4) 2022-09-22T06:43:43Z **OSINT Information Gathering with Informer** ⌘ [Read more](https://infosecwriteups.com/osint-information-gathering-with-informer-28176a704cf6?source=rss----7b722bfd1b8d---4) 2022-09-22T06:43:31Z **Understanding the NMAP methodology — Part 1** ⌘ [Read more](https://infosecwriteups.com/network-mapping-part-1-112116ce6555?source=rss----7b722bfd1b8d---4) 2022-09-22T06:43:18Z **Try Hack Me: Basic Pentesting Walkthrough** ⌘ [Read more](https://infosecwriteups.com/try-hack-me-basic-pentesting-walkthrough-a70b85308b0a?source=rss----7b722bfd1b8d---4) 2022-09-22T06:42:51Z **Try Hack Me: Intro to Digital Forensics Walkthrough** ⌘ [Read more](https://infosecwriteups.com/try-hack-me-intro-to-digital-forensics-write-up-566977aabe4e?source=rss----7b722bfd1b8d---4) 2022-09-22T06:42:28Z **How I hacked an exam portal and got access to 10K+ users data including webcams** ⌘ [Read more](https://infosecwriteups.com/how-i-hacked-exam-portal-and-got-access-to-10k-users-data-including-webcams-ec2262b43df7?source=rss----7b722bfd1b8d---4) 2022-09-22T07:46:54Z **Write-up: JWT authentication bypass via jwk header injection @ PortSwigger Academy**
[![](https://cdn-images-1.medium.com/max/843/0*zPhDGGupNrqISE6M.png)](https://infosecwriteups.com/write-up-jwt-authentication-bypass-via-jwk-header-injection-portswigger-academy-a08975256e8c?source=rss----7b722bfd1b8d---4)

This write-up for the lab JWT authentication bypass via jwk header injection is part of my walk-through series for ... ⌘ [Read more](https://infosecwriteups.com/write-up-jwt-authentication-bypass-via-jwk-header-injection-portswigger-academy-a08975256e8c?source=rss----7b722bfd1b8d---4) 2022-09-22T15:10:04Z **AWS control tower — the best way to govern multi-account environments**
[![](https://cdn-images-1.medium.com/max/1024/0*KO3NW0Pzm7PYMA1W.png)](https://infosecwriteups.com/aws-control-tower-the-best-way-to-govern-multi-account-environments-27a727a529dd?source=rss----7b722bfd1b8d---4)

Anyone who has worked in the cloud knows how quickly this environment can increase in complexity as more and more workloads get migrated…

[Continue r ... ⌘ [Read more](https://infosecwriteups.com/aws-control-tower-the-best-way-to-govern-multi-account-environments-27a727a529dd?source=rss----7b722bfd1b8d---4) 2022-09-23T13:06:28Z **How I Found Multiple SQL Injections in 5 Minutes in Bug Bounty** ⌘ [Read more](https://infosecwriteups.com/how-i-found-multiple-sql-injections-in-5-minutes-in-bug-bounty-40155964c498?source=rss----7b722bfd1b8d---4) 2022-09-23T13:05:52Z **Bypassing CSRF Protection (II)** ⌘ [Read more](https://infosecwriteups.com/bypassing-csrf-protection-ii-b479009b4a7a?source=rss----7b722bfd1b8d---4) 2022-09-24T13:39:31Z **How to exploit a stored XSS vulnerability on DVWA — StackZero** ⌘ [Read more](https://infosecwriteups.com/how-to-exploit-a-stored-xss-vulnerability-on-dvwa-stackzero-1de6cc9545b9?source=rss----7b722bfd1b8d---4) 2022-09-24T13:39:22Z **Understanding the NMAP methodology — Part 2** ⌘ [Read more](https://infosecwriteups.com/understanding-the-nmap-methodology-part-2-3d0442f1c482?source=rss----7b722bfd1b8d---4) 2022-09-26T12:11:42Z **Top 10 Dockerfile Security Best Practices for a More Secure Container** ⌘ [Read more](https://infosecwriteups.com/top-10-dockerfile-security-best-practices-for-a-more-secure-container-e5426f69738b?source=rss----7b722bfd1b8d---4) 2022-09-26T12:11:27Z **Android Hardening Guide** ⌘ [Read more](https://infosecwriteups.com/android-hardening-guide-2439a77f7e83?source=rss----7b722bfd1b8d---4) 2022-09-26T12:09:01Z **Connect State Attack — First Request Validation** ⌘ [Read more](https://infosecwriteups.com/connect-state-attack-first-request-validation-2bea8e42a647?source=rss----7b722bfd1b8d---4) 2022-09-26T12:08:15Z **HTML Injection inside Email body- The First BUG I hunted down in a Bug Bounty Platform!** ⌘ [Read more](https://infosecwriteups.com/html-injection-inside-email-body-the-first-bug-i-hunted-in-a-bug-bounty-platform-3c96b1e0ae9f?source=rss----7b722bfd1b8d---4) 2022-09-26T13:16:52Z **JSON web tokens**
[![](https://cdn-images-1.medium.com/max/640/1*wCj6WtTPC19CWK23qzBMkQ.jpeg)](https://infosecwriteups.com/json-web-tokens-c1f01028f5ac?source=rss----7b722bfd1b8d---4)

For decades cookies have been used to authenticate a user and hold session data. But a simple session cookie has certain limitations and…

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/json-web-tokens-c1f01028f5ac?source=rss----7b722bfd1b8d---4) ⌘ [Read more](https://infosecwriteups.com/json-web-tokens-c1f01028f5ac?source=rss----7b722bfd1b8d---4) 2022-09-26T13:12:27Z **Monitoring your targets for bug bounties** ⌘ [Read more](https://infosecwriteups.com/monitoring-your-targets-for-bug-bounties-36f6be3e69c9?source=rss----7b722bfd1b8d---4) 2022-09-27T16:27:43Z **Complete take-over of Cisco Unified Communications Manager due consecutively misconfigurations** ⌘ [Read more](https://infosecwriteups.com/complete-take-over-of-cisco-unified-communications-manager-due-consecutively-misconfigurations-2a1b5ce8bd9a?source=rss----7b722bfd1b8d---4) 2022-09-27T16:27:32Z **SANS Top 25 Software Errors (Part 1 of 25): CWE-787 Out-of-bounds Write** ⌘ [Read more](https://infosecwriteups.com/sans-top-25-software-errors-part-1-of-25-cwe-787-out-of-bounds-write-4e1a7c63ff38?source=rss----7b722bfd1b8d---4) 2022-09-27T16:27:22Z **How to exploit DOM XSS on DVWA — StackZero**
[![](https://cdn-images-1.medium.com/max/930/0*zKV9DnQqKZW7NkWQ.jpg)](https://infosecwriteups.com/how-to-exploit-dom-xss-on-dvwa-stackzero-c83a682ed7b7?source=rss----7b722bfd1b8d---4)

In this write-up we are going to we will learn how to pass all levels of DOM XSS on DVWA so we can better understand that vulnerability.

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/how-to-exploit-dom-xss-o ... ⌘ [Read more](https://infosecwriteups.com/how-to-exploit-dom-xss-on-dvwa-stackzero-c83a682ed7b7?source=rss----7b722bfd1b8d---4) 2022-09-27T16:27:07Z **Multi-Factor Authentication Vulnerabilities** ⌘ [Read more](https://infosecwriteups.com/multi-factor-authentication-vulnerabilities-7a4b647a7b09?source=rss----7b722bfd1b8d---4) 2022-09-28T11:40:44Z **CVE-2022–36934: An integer overflow in WhatsApp leading to remote code execution in an established…** ⌘ [Read more](https://infosecwriteups.com/cve-2022-36934-an-integer-overflow-in-whatsapp-leading-to-remote-code-execution-in-an-established-e0fc4e2cd900?source=rss----7b722bfd1b8d---4) 2022-09-28T11:38:59Z **A Tale of Account Takeover** ⌘ [Read more](https://infosecwriteups.com/a-tale-of-account-takeover-fcae914f067b?source=rss----7b722bfd1b8d---4) 2022-09-28T11:38:39Z **CVE-2022–27492: An integer underflow in WhatsApp causing remote code execution when receiving a…** ⌘ [Read more](https://infosecwriteups.com/cve-2022-27492-an-integer-underflow-in-whatsapp-causing-remote-code-execution-when-receiving-a-b50bebae14f4?source=rss----7b722bfd1b8d---4) 2022-09-28T11:38:19Z **Writing and Using Python Burp Extension — Adding a Custom Header Field** ⌘ [Read more](https://infosecwriteups.com/writing-and-using-python-burp-extension-adding-a-custom-header-field-770fe1cbabc9?source=rss----7b722bfd1b8d---4) 2022-09-28T12:19:48Z **‍ $600k Bounty, Jetty Features, Response Queue Poisoning, Bypass SSRF Protections, XSS…** ⌘ [Read more](https://infosecwriteups.com/600k-bounty-jetty-features-response-queue-poisoning-bypass-ssrf-protections-xss-9b7644077829?source=rss----7b722bfd1b8d---4) 2022-09-28T12:42:22Z **How To Attack Admin Panels Successfully**
[![](https://cdn-images-1.medium.com/max/2600/0*IicDJ5FsOki0m8Mr)](https://infosecwriteups.com/how-to-attack-admin-panels-successfully-72c90eeb818c?source=rss----7b722bfd1b8d---4)

Attacking Web Apps Admin Panels The Right Way

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/how-to-attack-admin-panels-successfully-72c90eeb818c?source=rss----7b722bfd1b8d---4) ⌘ [Read more](https://infosecwriteups.com/how-to-attack-admin-panels-successfully-72c90eeb818c?source=rss----7b722bfd1b8d---4) 2022-09-28T16:20:16Z **Integrated Approach for Application Security and Security Operations Center using data correlation…** ⌘ [Read more](https://infosecwriteups.com/integrated-approach-for-application-security-and-security-operations-center-using-data-correlation-dc723f493316?source=rss----7b722bfd1b8d---4) 2022-09-28T16:19:50Z **Cloud Security Tooling Series — What the heck is a CSPM ?**
[![](https://cdn-images-1.medium.com/max/1638/1*N96VhaUAoyTvjt-dOi9s6A.png)](https://infosecwriteups.com/cloud-security-tooling-series-what-the-heck-is-a-cspm-8f37f6b1db19?source=rss----7b722bfd1b8d---4)

Understanding the concept of Cloud Security Posture Management (CSPM)

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/cloud-security-tooling-series-what-the-heck ... ⌘ [Read more](https://infosecwriteups.com/cloud-security-tooling-series-what-the-heck-is-a-cspm-8f37f6b1db19?source=rss----7b722bfd1b8d---4) 2022-09-28T17:21:53Z **Write-up: Authentication bypass via flawed state machine @ PortSwigger Academy** ⌘ [Read more](https://infosecwriteups.com/write-up-authentication-bypass-via-flawed-state-machine-portswigger-academy-e7448edeeb3d?source=rss----7b722bfd1b8d---4) 2022-09-29T06:26:22Z **Understanding the NMAP methodology — Part 3** ⌘ [Read more](https://infosecwriteups.com/understanding-the-nmap-methodology-part-3-bb377b7767e0?source=rss----7b722bfd1b8d---4) 2022-09-29T07:27:07Z **Try Hack Me: Simple CTF Walkthrough** ⌘ [Read more](https://infosecwriteups.com/try-hack-me-simple-ctf-walkthrough-62824db116fa?source=rss----7b722bfd1b8d---4) 2022-09-29T14:37:07Z **Blockchain Network is Secured! But not the apps and their Integrations** ⌘ [Read more](https://infosecwriteups.com/blockchain-network-is-secured-but-not-the-apps-and-their-integrations-8077195d2c49?source=rss----7b722bfd1b8d---4) 2022-10-01T12:54:42Z **TryHackMe: Corridor Room Write-Up [No Answer]** ⌘ [Read more](https://infosecwriteups.com/tryhackme-corridor-room-write-up-no-answer-3732354e72ed?source=rss----7b722bfd1b8d---4) 2022-10-01T12:54:32Z **Security vs Compliance-Cloudflare Password Policy Restriction Bypass** ⌘ [Read more](https://infosecwriteups.com/security-vs-compliance-cloudflare-password-policy-restriction-bypass-da07ca7df4f2?source=rss----7b722bfd1b8d---4) 2022-10-01T12:54:23Z **CVE-2022–35405: Critical ManageEngine RCE** ⌘ [Read more](https://infosecwriteups.com/cve-2022-35405-critical-manageengine-rce-30d16f2e9ce6?source=rss----7b722bfd1b8d---4) 2022-10-03T12:56:19Z **Orange Arbitrary Command Execution** ⌘ [Read more](https://infosecwriteups.com/orange-arbitrary-command-execution-75ba7f283d53?source=rss----7b722bfd1b8d---4) 2022-10-03T12:59:11Z **‍$40,000 Bounty, Authentication Bypass Techniques, Cache Poisoning, IDORs, Password Recovery…** ⌘ [Read more](https://infosecwriteups.com/40-000-bounty-authentication-bypass-techniques-cache-poisoning-idors-password-recovery-2ec097380c57?source=rss----7b722bfd1b8d---4) 2022-10-03T13:57:27Z **Credential Stuffing Attack: Countermeasures using Patterns and Machine Learning** ⌘ [Read more](https://infosecwriteups.com/credential-stuffing-attack-countermeasures-using-patterns-and-machine-learning-4b356d6cb741?source=rss----7b722bfd1b8d---4) 2022-10-05T14:51:45Z **Cloud Security Tooling — What does a CIEM do exactly ??**
[![](https://cdn-images-1.medium.com/max/2600/0*nQXn4oZ0ua-FXIPx)](https://infosecwriteups.com/cloud-security-tooling-what-does-a-ciem-do-exactly-aca98f988784?source=rss----7b722bfd1b8d---4)

One more cloud abbreviation to understand

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/cloud-security-tooling-what-does-a-ciem-do-exactly-aca98f988784?source=rss----7b722bfd1b8 ... ⌘ [Read more](https://infosecwriteups.com/cloud-security-tooling-what-does-a-ciem-do-exactly-aca98f988784?source=rss----7b722bfd1b8d---4) 2022-10-05T14:50:51Z **Ransomware Attacks — Current Trends and Protection Strategies** ⌘ [Read more](https://infosecwriteups.com/ransomware-attacks-current-trends-and-protection-strategies-11265c8ae36d?source=rss----7b722bfd1b8d---4) 2022-10-05T14:49:46Z **TryHackMe: OhSINT Room Write-Up [No Answers]** ⌘ [Read more](https://infosecwriteups.com/tryhackme-ohsint-room-write-up-no-answers-9765366c3849?source=rss----7b722bfd1b8d---4) 2022-10-06T05:59:32Z **How to properly enforce authorization**
[![](https://cdn-images-1.medium.com/max/720/1*0KvydQpwzgxw8PKoBSZ74Q.jpeg)](https://infosecwriteups.com/how-to-properly-enforce-authorization-65dc62d21745?source=rss----7b722bfd1b8d---4)

Introduction

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/how-to-properly-enforce-authorization-65dc62d21745?source=rss----7b722bfd1b8d---4) ⌘ [Read more](https://infosecwriteups.com/how-to-properly-enforce-authorization-65dc62d21745?source=rss----7b722bfd1b8d---4) 2022-10-06T05:58:50Z **The Day I End-Up finding that Critical Database Info leaking on CM Cell(TN) Application** ⌘ [Read more](https://infosecwriteups.com/the-day-i-end-up-finding-that-critical-database-info-leaking-on-cm-cell-tn-application-b6c126687f13?source=rss----7b722bfd1b8d---4) 2022-10-06T05:58:06Z **Cloud Security Tooling Series : What the heck is a CWPP ?**
[![](https://cdn-images-1.medium.com/max/2600/0*dQsXRrfDmy709vQj)](https://infosecwriteups.com/cloud-security-tooling-series-what-the-heck-is-a-cwpp-aa9758f9a339?source=rss----7b722bfd1b8d---4)

Understanding where CWPPs fit in the Cloud Security puzzle

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/cloud-security-tooling-series-what-the-heck-is-a-cwpp-aa9758f9a3 ... ⌘ [Read more](https://infosecwriteups.com/cloud-security-tooling-series-what-the-heck-is-a-cwpp-aa9758f9a339?source=rss----7b722bfd1b8d---4) 2022-10-06T06:05:44Z **Hacking the WordPress sites for fun and profit | Part-1 [ Water ]** ⌘ [Read more](https://infosecwriteups.com/hacking-the-wordpress-sites-for-fun-and-profit-part-1-water-7ba474ced0f8?source=rss----7b722bfd1b8d---4) 2022-10-06T08:20:17Z **HTTP-HOST HEADER ATTACKS** ⌘ [Read more](https://infosecwriteups.com/http-host-header-attacks-55ca4b7786c?source=rss----7b722bfd1b8d---4) 2022-10-06T08:19:36Z **HackTheBox Canvas CTF Writeup** ⌘ [Read more](https://infosecwriteups.com/hackthebox-canvas-ctf-writeup-75b0f4682ef5?source=rss----7b722bfd1b8d---4) 2022-10-06T08:18:46Z **Try Hack Me: Pickle Rick Walkthrough** ⌘ [Read more](https://infosecwriteups.com/try-hack-me-pickle-rick-walkthrough-f3378114dd7a?source=rss----7b722bfd1b8d---4) 2022-10-06T13:37:53Z **WordPress Security**
[![](https://cdn-images-1.medium.com/max/680/1*jE4AlZDGPVeGeIoj7rOeVA.png)](https://infosecwriteups.com/wordpress-security-c8ea1891bd51?source=rss----7b722bfd1b8d---4)

Initially started as a blogging platform has turned into a lifesaver for many startups, companies, influencers, and bloggers. WordPress…

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/wordpress-security-c8ea1891bd51?source=rss----7b722bfd1b8d---4) ⌘ [Read more](https://infosecwriteups.com/wordpress-security-c8ea1891bd51?source=rss----7b722bfd1b8d---4) 2022-10-06T13:37:07Z **Bugcrowd — Tale of multiple misconfigurations!! ❌** ⌘ [Read more](https://infosecwriteups.com/bugcrowd-tale-of-multiple-misconfigurations-cb5b98f09302?source=rss----7b722bfd1b8d---4) 2022-10-07T08:24:26Z **The Importance of Infrastructure as Code Security Scanning** ⌘ [Read more](https://infosecwriteups.com/the-importance-of-infrastructure-as-code-security-scanning-7add9e8dbb06?source=rss----7b722bfd1b8d---4) 2022-10-09T14:33:24Z **Finding of Directory/Path in Linux** ⌘ [Read more](https://infosecwriteups.com/finding-of-directory-path-in-linux-820be9ae759b?source=rss----7b722bfd1b8d---4) 2022-10-09T14:32:25Z **njRAT Malware Analysis** ⌘ [Read more](https://infosecwriteups.com/njrat-malware-analysis-8e90dce07a9e?source=rss----7b722bfd1b8d---4) 2022-10-09T14:31:47Z **Browser in the Browser Attack** ⌘ [Read more](https://infosecwriteups.com/browser-in-the-browser-attack-a670e9a2be11?source=rss----7b722bfd1b8d---4) 2022-10-09T14:31:18Z **CVE-2022–40684: New Authentication Bypass Affecting FortiGate and FortiProxy** ⌘ [Read more](https://infosecwriteups.com/cve-2022-40684-new-authentication-bypass-affecting-fortigate-and-fortiproxy-c9bd36112949?source=rss----7b722bfd1b8d---4) 2022-10-09T14:31:01Z **Best CTF Platforms**
[![](https://cdn-images-1.medium.com/max/1920/1*Nb-v4VlicZOUED-Sg_tMHA.png)](https://infosecwriteups.com/best-ctf-platforms-876cc0870f3b?source=rss----7b722bfd1b8d---4)

I have compiled a list of Red Team/Blue Team Capture The Flag Platforms to test your skills on.

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/best-ctf-platforms-876cc0870f3b?source=rss----7b722bfd1b8d---4) ⌘ [Read more](https://infosecwriteups.com/best-ctf-platforms-876cc0870f3b?source=rss----7b722bfd1b8d---4) 2022-10-09T14:30:34Z **Full Company Building Takeover** ⌘ [Read more](https://infosecwriteups.com/company-building-takeover-10a422385390?source=rss----7b722bfd1b8d---4) 2022-10-09T14:30:08Z **EXPLOITING OS COMMAND INJECTION VULNERABILITIES** ⌘ [Read more](https://infosecwriteups.com/exploiting-os-command-injection-vulnerabilities-14195c9a410b?source=rss----7b722bfd1b8d---4) 2022-10-09T15:31:51Z **Everything About Path Traversal Vulnerability**
[![](https://cdn-images-1.medium.com/max/601/1*Q3U83Z8FYycogZGRqndnCQ.png)](https://infosecwriteups.com/everything-about-path-traversal-vulnerability-c40ba5465bc4?source=rss----7b722bfd1b8d---4)

Introduction

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/everything-about-path-traversal-vulnerability-c40ba5465bc4?source=rss----7b722bfd1b8d---4) ⌘ [Read more](https://infosecwriteups.com/everything-about-path-traversal-vulnerability-c40ba5465bc4?source=rss----7b722bfd1b8d---4) 2022-10-10T12:48:13Z **‍Roadmap to Cybersecurity in 2022, Full-Read SSRF, IDOR in GraphQL, GCP Pentesting, and much…** ⌘ [Read more](https://infosecwriteups.com/roadmap-to-cybersecurity-in-2022-full-read-ssrf-idor-in-graphql-gcp-pentesting-and-much-74d2d906f7d7?source=rss----7b722bfd1b8d---4) 2022-10-10T13:09:34Z **Accidental Account takeover** ⌘ [Read more](https://infosecwriteups.com/accidental-account-takeover-4301b56f4fb2?source=rss----7b722bfd1b8d---4) 2022-10-11T05:39:36Z **Harley Malware: New Attack on Android Devices** ⌘ [Read more](https://infosecwriteups.com/harley-malware-new-attack-on-android-devices-ae2c599c2217?source=rss----7b722bfd1b8d---4) 2022-10-11T06:43:05Z **Why do Deserialization Vulnerabilities occur?**
[![](https://cdn-images-1.medium.com/max/720/1*VUUVxdI0qSHdO_ksAExrqQ.jpeg)](https://infosecwriteups.com/why-do-deserialization-vulnerabilities-occur-577aafd39785?source=rss----7b722bfd1b8d---4)

Introduction

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/why-do-deserialization-vulnerabilities-occur-577aafd39785?source=rss----7b722bfd1b8d---4) ⌘ [Read more](https://infosecwriteups.com/why-do-deserialization-vulnerabilities-occur-577aafd39785?source=rss----7b722bfd1b8d---4) 2022-10-12T14:47:54Z **Critical IDOR Vulnerability on Medium?** ⌘ [Read more](https://infosecwriteups.com/critical-idor-vulnerability-on-medium-f78346edbcb1?source=rss----7b722bfd1b8d---4) 2022-10-12T15:51:42Z **$6000 with Microsoft Hall of Fame | Microsoft Firewall Bypass | CRLF to XSS | Microsoft Bug Bounty** ⌘ [Read more](https://infosecwriteups.com/6000-with-microsoft-hall-of-fame-microsoft-firewall-bypass-crlf-to-xss-microsoft-bug-bounty-8f6615c47922?source=rss----7b722bfd1b8d---4) 2022-10-13T15:19:51Z **Server Hardening with OpenSCAP** ⌘ [Read more](https://infosecwriteups.com/server-hardening-with-openscap-be072ba2e415?source=rss----7b722bfd1b8d---4) 2022-10-13T15:19:39Z **TryHackMe writeup: Tools R Us**
[![](https://cdn-images-1.medium.com/max/767/0*2A8pzy_YD1bJzoDJ.png)](https://infosecwriteups.com/tryhackme-writeup-tools-r-us-daf0934f32f2?source=rss----7b722bfd1b8d---4)

ToolsRUs (“tryhackme”, 2019) is a fun little TryHackMe room that has its users “[p]ractise using tools such as dirbuster, hydra, nmap…

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/tryhackme-writeup-tools-r-us-daf0934f32f2?source=rss----7b722bf ... ⌘ [Read more](https://infosecwriteups.com/tryhackme-writeup-tools-r-us-daf0934f32f2?source=rss----7b722bfd1b8d---4) 2022-10-13T17:33:11Z **Get yourself a rooted Android Virtual Device (AVD)** ⌘ [Read more](https://infosecwriteups.com/get-yourself-a-rooted-android-virtual-device-avd-fb443d590dfa?source=rss----7b722bfd1b8d---4) 2022-10-13T18:37:04Z **It’s the Little Things : Breaking an AI** ⌘ [Read more](https://infosecwriteups.com/its-the-little-things-breaking-an-ai-40c30ae85f37?source=rss----7b722bfd1b8d---4) 2022-10-14T12:19:56Z **Threat Hunting Series: Using Threat Emulation for Threat Hunting** ⌘ [Read more](https://infosecwriteups.com/threat-hunting-series-using-threat-emulation-for-threat-hunting-f7ccaa4b85e5?source=rss----7b722bfd1b8d---4) 2022-10-14T12:19:46Z **Exploit Eternal Blue (MS17–010) for Windows XP with custom payload** ⌘ [Read more](https://infosecwriteups.com/exploit-eternal-blue-ms17-010-for-windows-xp-with-custom-payload-fabbbbeb692f?source=rss----7b722bfd1b8d---4) 2022-10-14T12:19:34Z **Exploit Eternal Blue (MS17–010) for Window 7 and higher (custom payload)** ⌘ [Read more](https://infosecwriteups.com/exploit-eternal-blue-ms17-010-for-window-7-and-higher-custom-payload-efd9fcc8b623?source=rss----7b722bfd1b8d---4) 2022-10-15T12:47:58Z **Write-up: Infinite money logic flaw @ PortSwigger Academy** ⌘ [Read more](https://infosecwriteups.com/write-up-infinite-money-logic-flaw-portswigger-academy-5b6182f42f57?source=rss----7b722bfd1b8d---4) 2022-10-17T11:36:44Z **SSH: Introduction, How to Secure and Working** ⌘ [Read more](https://infosecwriteups.com/ssh-introduction-how-to-secure-and-working-b446abb34309?source=rss----7b722bfd1b8d---4) 2022-10-17T11:36:25Z **CVE-2022–41040: ProxyNotShell Exchange Vulnerability** ⌘ [Read more](https://infosecwriteups.com/cve-2022-41040-proxynotshell-f0b8fb53ec8b?source=rss----7b722bfd1b8d---4) 2022-10-17T11:35:38Z **HTTP request smuggling Explained and Exploited Part 0x1** ⌘ [Read more](https://infosecwriteups.com/http-request-smuggling-explained-and-exploited-part-0x1-89ce2956534f?source=rss----7b722bfd1b8d---4) 2022-10-17T11:34:11Z **How I Got $10,000 From GitHub For Bypassing Filtration oF HTML tags** ⌘ [Read more](https://infosecwriteups.com/how-i-got-10-000-from-github-for-bypassing-filtration-of-html-tags-db31173c8b37?source=rss----7b722bfd1b8d---4) 2022-10-17T12:37:30Z **Conducting a free AWS Security Assessment with Prowler**
[![](https://cdn-images-1.medium.com/max/2600/0*8gHIe5GinsEmYZnw)](https://infosecwriteups.com/conducting-a-free-aws-security-assessment-with-prowler-f54a65de1020?source=rss----7b722bfd1b8d---4)

Get a complete AWS security report with this free tool

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/conducting-a-free-aws-security-assessment-with-prowler-f54a65de1020?s ... ⌘ [Read more](https://infosecwriteups.com/conducting-a-free-aws-security-assessment-with-prowler-f54a65de1020?source=rss----7b722bfd1b8d---4) 2022-10-17T12:50:10Z **‍$6000 from Microsoft, WAF Bypass, Manual Exploitation, Nuclei Guide, Admin Panel and much…** ⌘ [Read more](https://infosecwriteups.com/6000-from-microsoft-waf-bypass-manual-exploitation-nuclei-guide-admin-panel-and-much-48458802ee6f?source=rss----7b722bfd1b8d---4) 2022-10-17T17:37:25Z **Linux Privilege Escalation: Linux kernel / distribution exploits you should now about.** ⌘ [Read more](https://infosecwriteups.com/linux-privilege-escalation-linux-kernel-distribution-exploits-you-should-now-about-1c46152d133d?source=rss----7b722bfd1b8d---4) 2022-10-18T10:35:06Z **Hacking into a modern Linux distribution**
[![](https://cdn-images-1.medium.com/max/2600/1*CABHxpgY1e4UoQ_H91fsJg.jpeg)](https://infosecwriteups.com/how-to-hack-into-a-linux-machine-4fd2384a8700?source=rss----7b722bfd1b8d---4)

3 methods to gain access to the Linux filesystem

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/how-to-hack-into-a-linux-machine-4fd2384a8700?source=rss----7b722bfd1b8d---4) ⌘ [Read more](https://infosecwriteups.com/how-to-hack-into-a-linux-machine-4fd2384a8700?source=rss----7b722bfd1b8d---4) 2022-10-18T10:34:36Z **How I exploited Blind SQLi without using any tool!— StackZero**
[![](https://cdn-images-1.medium.com/max/930/0*nzhwtJt2LWjdzs8w.jpg)](https://infosecwriteups.com/how-i-exploited-blind-sqli-without-using-any-tool-stackzero-396e831ecbdf?source=rss----7b722bfd1b8d---4)

Hi hackers! Here is another article that will show how to exploit a WELL KNOWN vulnerability in practice.

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.co ... ⌘ [Read more](https://infosecwriteups.com/how-i-exploited-blind-sqli-without-using-any-tool-stackzero-396e831ecbdf?source=rss----7b722bfd1b8d---4) 2022-10-18T10:34:10Z **XML External Entities** ⌘ [Read more](https://infosecwriteups.com/xml-external-entities-9c2f2169430a?source=rss----7b722bfd1b8d---4) 2022-10-19T13:15:27Z **Reverse Engineering Function Call in C and Exploiting it**
[![](https://cdn-images-1.medium.com/max/717/1*cIS2KWpDmG0LOeI1Qe5n2w.png)](https://infosecwriteups.com/reverse-engineering-function-call-in-c-and-exploiting-it-b1b539974018?source=rss----7b722bfd1b8d---4)

Binary Exploitation of a Simple Function in C

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/reverse-engineering-function-call-in-c-and-exploiting-it-b1b539 ... ⌘ [Read more](https://infosecwriteups.com/reverse-engineering-function-call-in-c-and-exploiting-it-b1b539974018?source=rss----7b722bfd1b8d---4) 2022-10-19T14:16:54Z **Four Steps to Prepare for a Ransomware Attack** ⌘ [Read more](https://infosecwriteups.com/four-steps-to-prepare-for-a-ransomware-attack-ab74d98abdaa?source=rss----7b722bfd1b8d---4) 2022-10-20T11:42:35Z **Pylirt — Python Linux Incident Response Toolkit** ⌘ [Read more](https://infosecwriteups.com/pylirt-python-linux-incident-response-toolkit-d04fdbadae6c?source=rss----7b722bfd1b8d---4) 2022-10-20T11:42:26Z **JSON Web Tokens** ⌘ [Read more](https://infosecwriteups.com/json-web-tokens-409297c260a0?source=rss----7b722bfd1b8d---4) 2022-10-20T11:42:14Z **HTTP request smuggling Explained and Exploited Part 0x2** ⌘ [Read more](https://infosecwriteups.com/http-request-smuggling-explained-and-exploited-part-0x2-7768d04883fb?source=rss----7b722bfd1b8d---4) 2022-10-20T12:46:50Z **TEXT4Shell PoC (CVE-2022–42889)** ⌘ [Read more](https://infosecwriteups.com/text4shell-poc-cve-2022-42889-f6e9df41b3b7?source=rss----7b722bfd1b8d---4) 2022-10-21T17:23:51Z **Firing 8 Account Takeover Methods** ⌘ [Read more](https://infosecwriteups.com/firing-8-account-takeover-methods-77e892099050?source=rss----7b722bfd1b8d---4) 2022-10-21T17:22:27Z **Kerberos: The Ticket Authentication Protocol** ⌘ [Read more](https://infosecwriteups.com/kerberos-the-ticket-authentication-protocol-d545dde9fe03?source=rss----7b722bfd1b8d---4) 2022-10-22T11:29:58Z **Android Pentesting 101 — Part 1** ⌘ [Read more](https://infosecwriteups.com/android-pentesting-101-part-1-8e31b8cd8b2b?source=rss----7b722bfd1b8d---4) 2022-10-23T16:15:13Z **Exposed .git Directory Exploitation** ⌘ [Read more](https://infosecwriteups.com/exposed-git-directory-exploitation-3e30481e8d75?source=rss----7b722bfd1b8d---4) 2022-10-23T16:14:56Z **SQL Injection: An Overview** ⌘ [Read more](https://infosecwriteups.com/sql-injection-an-overview-1057c5729dc5?source=rss----7b722bfd1b8d---4) 2022-10-23T16:14:31Z **Hacked Tathva ’22 Biggest Techno-Management Fest in South India** ⌘ [Read more](https://infosecwriteups.com/hacked-tathva-22-biggest-techno-management-fest-in-south-india-6a95435c82e7?source=rss----7b722bfd1b8d---4) 2022-10-23T16:14:15Z **We’ve seized a hacker's computer, what now?**
[![](https://cdn-images-1.medium.com/max/1300/0*zZ_VMCudho7CEpNz.jpg)](https://infosecwriteups.com/hard-drive-forensics-7e5ffd6036fd?source=rss----7b722bfd1b8d---4)

Imagine you are given a hard drive that you need to examine for a criminal investigation. As is for handling all evidence, you need to be…

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/hard-drive-forensics-7e5ffd6036fd?source=rss----7b722bfd1b8d ... ⌘ [Read more](https://infosecwriteups.com/hard-drive-forensics-7e5ffd6036fd?source=rss----7b722bfd1b8d---4) 2022-10-23T17:16:51Z **Write-up: HTTP request smuggling, basic CL.TE vulnerability @ PortSwigger Academy** ⌘ [Read more](https://infosecwriteups.com/write-up-http-request-smuggling-basic-cl-te-vulnerability-portswigger-academy-5acbbc040c74?source=rss----7b722bfd1b8d---4) 2022-10-24T12:44:25Z **‍IW Weekly #30: $10,000 Bounty, Bypassing Filtration, DDoS Attack, Fuzzing for SQL Injection…** ⌘ [Read more](https://infosecwriteups.com/iw-weekly-30-10-000-bounty-bypassing-filtration-ddos-attack-fuzzing-for-sql-injection-96b11768523c?source=rss----7b722bfd1b8d---4) 2022-10-25T04:41:24Z **Faster your NMAP scan with “Agile Grabber”** ⌘ [Read more](https://infosecwriteups.com/faster-your-nmap-scan-with-agile-grabber-2786c236c3dc?source=rss----7b722bfd1b8d---4) 2022-10-25T13:23:31Z **Android Pentesting 101 — Part 2** ⌘ [Read more](https://infosecwriteups.com/android-pentesting-101-part-2-419facdf11c1?source=rss----7b722bfd1b8d---4) 2022-10-25T13:22:44Z **HTTP request smuggling Explained and Exploited Part 0x3** ⌘ [Read more](https://infosecwriteups.com/http-request-smuggling-explained-and-exploited-part-0x3-b61623287603?source=rss----7b722bfd1b8d---4) 2022-10-26T07:10:49Z **Burp Suite? No Thanks! Blind SQLi in DVWA With Python (Part 2) — StackZero** ⌘ [Read more](https://infosecwriteups.com/burp-suite-no-thanks-blind-sqli-in-dvwa-with-python-part-2-stackzero-a5c0acf431dc?source=rss----7b722bfd1b8d---4) 2022-10-26T08:11:45Z **TryHackMe writeup: Skynet**
[![](https://cdn-images-1.medium.com/max/1064/1*Drzbg6vwNnVVUsn9JIQ7Xg.jpeg)](https://infosecwriteups.com/tryhackme-writeup-skynet-2c068f19521b?source=rss----7b722bfd1b8d---4)

A fun TryHackMe room that has its twist and turns. Featuring a PHP Meterpreter, SMB enumeration, and PwnKit!

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/tryhackme-writeup-skynet-2c068f19521b?source=rss----7b722bfd1b8d---4) ⌘ [Read more](https://infosecwriteups.com/tryhackme-writeup-skynet-2c068f19521b?source=rss----7b722bfd1b8d---4) 2022-10-26T09:21:55Z **Devel From HackTheBox** ⌘ [Read more](https://infosecwriteups.com/devel-from-hackthebox-21c6436acf52?source=rss----7b722bfd1b8d---4) 2022-10-26T18:21:45Z **Chatterbox Hackthebox** ⌘ [Read more](https://infosecwriteups.com/chatterbox-hackthebox-4d5050018438?source=rss----7b722bfd1b8d---4) 2022-10-27T07:34:10Z **Cyber Security Control Validation Platform** ⌘ [Read more](https://infosecwriteups.com/cyber-security-control-validation-platform-bf22dca3657e?source=rss----7b722bfd1b8d---4) 2022-10-27T07:43:07Z **ANNOUNCEMENT: Paid Writing Opportunity for Infosec Writeups** ⌘ [Read more](https://infosecwriteups.com/announcement-paid-writing-opportunity-for-infosec-writeups-8750df0e0a74?source=rss----7b722bfd1b8d---4) 2022-10-27T08:37:04Z **OAuth and the flaws in its implementation**
[![](https://cdn-images-1.medium.com/max/1100/1*NAV0dHyrjPi3VB4r7PZUpw.jpeg)](https://infosecwriteups.com/oauth-and-the-flaws-in-its-implementation-74de16f115c0?source=rss----7b722bfd1b8d---4)

What is OAuth?

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/oauth-and-the-flaws-in-its-implementation-74de16f115c0?source=rss----7b722bfd1b8d---4) ⌘ [Read more](https://infosecwriteups.com/oauth-and-the-flaws-in-its-implementation-74de16f115c0?source=rss----7b722bfd1b8d---4) 2022-10-27T18:27:41Z **Openzeppelin Ethernaut Part — 0X00** ⌘ [Read more](https://infosecwriteups.com/openzeppelin-ethernaut-part-0x00-be38d7113110?source=rss----7b722bfd1b8d---4) 2022-10-28T10:59:06Z **Blind SSRF in Skype (Microsoft)** ⌘ [Read more](https://infosecwriteups.com/blind-ssrf-in-skype-microsoft-6639f4961052?source=rss----7b722bfd1b8d---4) 2022-10-30T08:46:55Z **Registrations Open for IWCON2022 Version 2.0 — the Online International Cybersecurity Conference** ⌘ [Read more](https://infosecwriteups.com/registrations-open-for-iwcon2022-version-2-0-the-online-international-cybersecurity-conference-ff4c4d1cddf3?source=rss----7b722bfd1b8d---4) 2022-10-31T08:42:18Z **Burp Suite? No Thanks! Blind SQLi in DVWA With Python (Part 3) — StackZero** ⌘ [Read more](https://infosecwriteups.com/burp-suite-no-thanks-blind-sqli-in-dvwa-with-python-part-3-stackzero-911545003f01?source=rss----7b722bfd1b8d---4) 2022-10-31T08:41:14Z **Android Pentesting 101 — Part 3** ⌘ [Read more](https://infosecwriteups.com/android-pentesting-101-part-3-2bf846b05594?source=rss----7b722bfd1b8d---4) 2022-10-31T08:40:44Z **Phoenix Challenges — Stack Two** ⌘ [Read more](https://infosecwriteups.com/phoenix-challenges-stack-two-da59b290dfa?source=rss----7b722bfd1b8d---4) 2022-10-31T09:41:36Z **Write-up: Forced OAuth profile linking @ PortSwigger Academy** ⌘ [Read more](https://infosecwriteups.com/write-up-forced-oauth-profile-linking-portswigger-academy-2ce996700c9c?source=rss----7b722bfd1b8d---4) 2022-11-01T12:27:42Z **Building a SIEM: centralized logging of all Linux commands with ELK + auditd** ⌘ [Read more](https://infosecwriteups.com/building-a-siem-centralized-logging-of-all-linux-commands-with-elk-auditd-3f2e70503933?source=rss----7b722bfd1b8d---4) 2022-11-01T13:31:35Z **Write-up: Remote code execution via web shell upload @ PortSwigger Academy** ⌘ [Read more](https://infosecwriteups.com/write-up-remote-code-execution-via-web-shell-upload-portswigger-academy-5fa00de47229?source=rss----7b722bfd1b8d---4) 2022-11-02T11:26:51Z **Upgrade Your Infosec Knowledge and Learn From the Speakers at IWCON 2022** ⌘ [Read more](https://infosecwriteups.com/upgrade-your-infosec-knowledge-and-learn-from-the-speakers-at-iwcon-2022-a74a2c1dafab?source=rss----7b722bfd1b8d---4) 2022-11-02T13:22:34Z **How I found accidentally copy-pasted Gmail inboxes** ⌘ [Read more](https://infosecwriteups.com/how-i-found-accidentally-copy-pasted-gmail-inboxes-49fcb8da5b8a?source=rss----7b722bfd1b8d---4) 2022-11-02T14:26:49Z **How to Assess Active Directory for Vulnerabilities Using Tenable Nessus’ Active Directory Starter…**
[![](https://cdn-images-1.medium.com/max/2600/1*bqx_uwhmLgXQP0ahnu_vTA.jpeg)](https://infosecwriteups.com/how-to-assess-active-directory-for-vulnerabilities-using-tenable-nessus-active-directory-starter-74b8bce2218a?source=rss----7b722bfd1b8d---4)

The Nessus vulnerability scanner from Tenable is a widel ... ⌘ [Read more](https://infosecwriteups.com/how-to-assess-active-directory-for-vulnerabilities-using-tenable-nessus-active-directory-starter-74b8bce2218a?source=rss----7b722bfd1b8d---4) 2022-11-02T15:26:55Z **How 403 Forbidden Bypass got me NOKIA Hall Of Fame (HOF)** ⌘ [Read more](https://infosecwriteups.com/how-403-forbidden-bypass-got-me-nokia-hall-of-fame-hof-8acbd2c1c2c8?source=rss----7b722bfd1b8d---4) 2022-11-03T12:20:06Z **The easiest bug to get a Hall of fame from a Billion dollar company.** ⌘ [Read more](https://infosecwriteups.com/the-easiest-bug-to-get-a-hall-of-fame-from-a-billion-dollar-company-8278fd7b3035?source=rss----7b722bfd1b8d---4) 2022-11-03T12:19:57Z **The Complete Guide to PortSwigger Directory Traversal and How to Prevent It** ⌘ [Read more](https://infosecwriteups.com/the-complete-guide-to-portswigger-directory-traversal-and-how-to-prevent-it-f6309d5aec94?source=rss----7b722bfd1b8d---4) 2022-11-03T12:19:48Z **Guess Your Enemies’ Passwords With Python (Brute Force Attack)** ⌘ [Read more](https://infosecwriteups.com/guess-your-enemies-passwords-with-python-brute-force-attack-99352e65ec8a?source=rss----7b722bfd1b8d---4) 2022-11-03T13:21:56Z **Fun with TurboIntruder,**
[![](https://cdn-images-1.medium.com/max/1391/1*TdM-VkIrbOhY2jDOSGmVJw.png)](https://infosecwriteups.com/fun-with-turbointruder-7be04ddcd73?source=rss----7b722bfd1b8d---4)

or, how to get ffuf with a gui while also doing some py coding

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/fun-with-turbointruder-7be04ddcd73?source=rss----7b722bfd1b8d---4) ⌘ [Read more](https://infosecwriteups.com/fun-with-turbointruder-7be04ddcd73?source=rss----7b722bfd1b8d---4) 2022-11-03T14:21:58Z **Write-up: Information disclosure in error messages @ PortSwigger Academy** ⌘ [Read more](https://infosecwriteups.com/write-up-information-disclosure-in-error-messages-portswigger-academy-b85f73054fa9?source=rss----7b722bfd1b8d---4) 2022-11-03T17:13:50Z **Get Blind XSS within 5 Minutes — $100** ⌘ [Read more](https://infosecwriteups.com/get-blind-xss-within-5-minutes-100-9718bd056570?source=rss----7b722bfd1b8d---4) 2022-11-03T17:13:29Z **OSCP — Cracking The New Pattern** ⌘ [Read more](https://infosecwriteups.com/oscp-cracking-the-new-pattern-6c4f1c9e2409?source=rss----7b722bfd1b8d---4) 2022-11-03T17:13:18Z **pentesting.cloud part 1: “Open To The Public” CTF walkthrough** ⌘ [Read more](https://infosecwriteups.com/pentesting-cloud-part-1-open-to-the-public-ctf-walkthrough-aa4dae59ec4e?source=rss----7b722bfd1b8d---4) 2022-11-04T10:00:37Z **4 Videos From 4 Infosec Experts to Explain Web3 Hacking** ⌘ [Read more](https://infosecwriteups.com/4-videos-from-4-infosec-experts-to-explain-web3-hacking-3f33c999264f?source=rss----7b722bfd1b8d---4) 2022-11-04T14:42:44Z **Python Source Code Analysis** ⌘ [Read more](https://infosecwriteups.com/python-source-code-analysis-53addcb3894?source=rss----7b722bfd1b8d---4) 2022-11-04T14:42:38Z **Automation of Buffer-Overflow** ⌘ [Read more](https://infosecwriteups.com/automation-of-buffer-overflow-b7252d77e72e?source=rss----7b722bfd1b8d---4) 2022-11-07T02:42:50Z **HTB ‘Blackfield’ [Writeup]**
[![](https://cdn-images-1.medium.com/max/2600/0*cyVwYPKkPbfAmgeP)](https://infosecwriteups.com/htb-blackfield-writeup-e7c3570aca00?source=rss----7b722bfd1b8d---4)

ASREPRoast \| Dictionary attack \|

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/htb-blackfield-writeup-e7c3570aca00?source=rss----7b722bfd1b8d---4) ⌘ [Read more](https://infosecwriteups.com/htb-blackfield-writeup-e7c3570aca00?source=rss----7b722bfd1b8d---4) 2022-11-07T02:42:40Z **Enterprise — Tryhackme Writeup** ⌘ [Read more](https://infosecwriteups.com/enterprise-tryhackme-writeup-aee8691afa17?source=rss----7b722bfd1b8d---4) 2022-11-07T02:42:26Z **Story of a $1k bounty — SSRF to leaking access token and other sensitive information** ⌘ [Read more](https://infosecwriteups.com/story-of-a-1k-bounty-ssrf-d5c4868680f5?source=rss----7b722bfd1b8d---4) 2022-11-07T03:47:00Z **Write-up: Unprotected admin functionality @ PortSwigger Academy** ⌘ [Read more](https://infosecwriteups.com/write-up-unprotected-admin-functionality-portswigger-academy-ff7de6a3c691?source=rss----7b722bfd1b8d---4) 2022-11-07T12:45:14Z **‍IW Weekly #32: 2FA Bypass, OpenSSL Vulnerabilities, Automated Recon Script, Subdomain…** ⌘ [Read more](https://infosecwriteups.com/iw-weekly-32-2fa-bypass-openssl-vulnerabilities-automated-recon-script-subdomain-d146e09e5157?source=rss----7b722bfd1b8d---4) 2022-11-07T15:01:30Z **P4 CTF: Apfel Seite** ⌘ [Read more](https://infosecwriteups.com/p4-ctf-apfel-seite-6eb03b7b60d7?source=rss----7b722bfd1b8d---4) 2022-11-08T11:07:03Z **Behind-the-Scenes of Infosec Writeups** ⌘ [Read more](https://infosecwriteups.com/behind-the-scenes-of-infosec-writeups-afa738793c9?source=rss----7b722bfd1b8d---4) 2022-11-08T17:58:59Z **Intro to & troubleshooting SIEM Collector Issues**
[![](https://cdn-images-1.medium.com/max/2600/0*p5w7G_PToHL2a-Kv)](https://infosecwriteups.com/intro-to-troubleshooting-siem-collector-issues-be92d01d19a6?source=rss----7b722bfd1b8d---4)

Blue Team in SOC

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/intro-to-troubleshooting-siem-collector-issues-be92d01d19a6?source=rss----7b722bfd1b8d---4) ⌘ [Read more](https://infosecwriteups.com/intro-to-troubleshooting-siem-collector-issues-be92d01d19a6?source=rss----7b722bfd1b8d---4) 2022-11-08T17:58:46Z **Auditing the Network Devices using Nipper**
[![](https://cdn-images-1.medium.com/max/602/1*mUaF02EdMny6_jsCnm8Ekg.png)](https://infosecwriteups.com/auditing-the-network-devices-using-nipper-ebb3217c6670?source=rss----7b722bfd1b8d---4)

SecTools

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/auditing-the-network-devices-using-nipper-ebb3217c6670?source=rss----7b722bfd1b8d---4) ⌘ [Read more](https://infosecwriteups.com/auditing-the-network-devices-using-nipper-ebb3217c6670?source=rss----7b722bfd1b8d---4) 2022-11-09T17:22:41Z **Interesting Account Takeover Bugs** ⌘ [Read more](https://infosecwriteups.com/interesting-account-takeover-bugs-in-the-wild-619df8466ca0?source=rss----7b722bfd1b8d---4) 2022-11-09T17:22:20Z **Cool Recon techniques every hacker misses! Episode 3** ⌘ [Read more](https://infosecwriteups.com/cool-recon-techniques-every-hacker-misses-episode-3-3812e7da3425?source=rss----7b722bfd1b8d---4) 2022-11-10T17:11:41Z **The tale of taking down the KBC scammers.** ⌘ [Read more](https://infosecwriteups.com/the-tale-of-taking-down-the-kbc-scammers-f8f8961a0bdd?source=rss----7b722bfd1b8d---4) 2022-11-10T17:11:26Z **Cross-origin resource sharing (CORS) Explanation & Exploitation ☠** ⌘ [Read more](https://infosecwriteups.com/cross-origin-resource-sharing-cors-explanation-exploitation-b4179235728b?source=rss----7b722bfd1b8d---4) 2022-11-10T17:11:07Z **A Beginner’s Guide to Nmap** ⌘ [Read more](https://infosecwriteups.com/a-beginners-guide-to-nmap-91aaecf15056?source=rss----7b722bfd1b8d---4) 2022-11-10T18:11:01Z **Write-up: Web shell upload via Content-Type restriction bypass @ PortSwigger Academy** ⌘ [Read more](https://infosecwriteups.com/write-up-web-shell-upload-via-content-type-restriction-bypass-portswigger-academy-839365e13bc?source=rss----7b722bfd1b8d---4) 2022-11-11T06:14:49Z **Router NR1800X — Command injection via setUssd** ⌘ [Read more](https://infosecwriteups.com/router-nr1800x-command-injection-via-setussd-7291f60b3c95?source=rss----7b722bfd1b8d---4) 2022-11-11T06:14:33Z **Destroying The Scammers Portal** ⌘ [Read more](https://infosecwriteups.com/destroying-the-scammers-portal-a78b034fb4b2?source=rss----7b722bfd1b8d---4) 2022-11-11T06:14:12Z **Reading My Crush Messages through XSS** ⌘ [Read more](https://infosecwriteups.com/reading-my-crush-messages-through-xss-f662661119c2?source=rss----7b722bfd1b8d---4) 2022-11-12T16:34:30Z **Understanding Privilege Escalation by Abusing Linux Access Control** ⌘ [Read more](https://infosecwriteups.com/understand-privilege-escalation-by-abusing-linux-access-control-6cab107e7203?source=rss----7b722bfd1b8d---4) 2022-11-12T16:34:03Z **From Shodan Dork to Grafana Local File Inclusion** ⌘ [Read more](https://infosecwriteups.com/from-shodan-dork-to-grafana-local-file-inclusion-e77dc4cfc264?source=rss----7b722bfd1b8d---4) 2022-11-12T17:36:42Z **Write-up: Information disclosure on debug page @ PortSwigger Academy** ⌘ [Read more](https://infosecwriteups.com/write-up-information-disclosure-on-debug-page-portswigger-academy-84fa667af24c?source=rss----7b722bfd1b8d---4) 2022-11-13T04:52:33Z **Analysis of a Smishing Text** ⌘ [Read more](https://infosecwriteups.com/analysis-of-a-smishing-text-2898a49e673d?source=rss----7b722bfd1b8d---4) 2022-11-14T07:31:40Z **Razor Black Active Directory Writeup** ⌘ [Read more](https://infosecwriteups.com/razor-black-active-directory-writeup-3636c53faa4c?source=rss----7b722bfd1b8d---4) 2022-11-14T07:31:15Z **Python APT1 Simulator** ⌘ [Read more](https://infosecwriteups.com/python-apt1-simulator-41df8f4fe655?source=rss----7b722bfd1b8d---4) 2022-11-14T12:54:40Z **‍IW Weekly #33: 15,000 Sites Hacked, $70,000 Bounty, API Injection Vulnerabilities, IDOR…** ⌘ [Read more](https://infosecwriteups.com/iw-weekly-33-15-000-sites-hacked-70-000-bounty-api-injection-vulnerabilities-idor-21b2e4c8038e?source=rss----7b722bfd1b8d---4) 2022-11-14T16:28:07Z **BugTrails-23 Writeup** ⌘ [Read more](https://infosecwriteups.com/bugtrails-23-writeup-96641e051aa5?source=rss----7b722bfd1b8d---4) 2022-11-15T09:07:51Z **Gauing+Nuclei for Instant Bounties** ⌘ [Read more](https://infosecwriteups.com/gauing-nuclei-for-instant-bounties-7a8a07979fff?source=rss----7b722bfd1b8d---4) 2022-11-15T09:07:35Z **Stealthy Persistence While Using Windows Terminal.** ⌘ [Read more](https://infosecwriteups.com/stealthy-persistence-while-using-windows-terminal-ff6f4927563a?source=rss----7b722bfd1b8d---4) 2022-11-15T10:52:40Z **Check Out The Full Speaker Line-Up of IWCON 2022** ⌘ [Read more](https://infosecwriteups.com/check-out-the-full-speaker-line-up-of-iwcon-2022-6989ab7976f5?source=rss----7b722bfd1b8d---4) 2022-11-16T08:22:53Z **Fine-Tuning & Optimising Security Alerts**
[![](https://cdn-images-1.medium.com/max/2600/0*wV5CvkpcDe08YDyK)](https://infosecwriteups.com/fine-tuning-optimising-security-alerts-5b12a1f6d42f?source=rss----7b722bfd1b8d---4)

Blue Team SOC Activity

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/fine-tuning-optimising-security-alerts-5b12a1f6d42f?source=rss----7b722bfd1b8d---4) ⌘ [Read more](https://infosecwriteups.com/fine-tuning-optimising-security-alerts-5b12a1f6d42f?source=rss----7b722bfd1b8d---4) 2022-11-16T09:27:11Z **DLL Hijacking Persistence Using Discord** ⌘ [Read more](https://infosecwriteups.com/dll-hijacking-persistence-using-discord-80691a63c559?source=rss----7b722bfd1b8d---4) 2022-11-17T13:02:05Z **Only 1 Month Left For Infosec Writeups Virtual Cybersecurity Conference** ⌘ [Read more](https://infosecwriteups.com/only-1-month-left-for-infosec-writeups-virtual-cybersecurity-conference-525cc5973be1?source=rss----7b722bfd1b8d---4) 2022-11-17T14:26:23Z **Frida & Objection without Jailbreak! ** ⌘ [Read more](https://infosecwriteups.com/frida-objection-without-jailbreak-27a66501bf38?source=rss----7b722bfd1b8d---4) 2022-11-19T14:32:02Z **4 Videos to Help You At The Start of Your Infosec/Hacking Career** ⌘ [Read more](https://infosecwriteups.com/4-videos-to-help-you-at-the-start-of-your-infosec-hacking-career-2a5bae0bbe5a?source=rss----7b722bfd1b8d---4) 2022-11-20T19:00:48Z **HTB Omni [writeup]**
[![](https://cdn-images-1.medium.com/max/2600/0*e-YqGj-KTD6TAv_P)](https://infosecwriteups.com/htb-omni-writeup-7efdc6fd1c10?source=rss----7b722bfd1b8d---4)

Exploiting Windows IoT Core using SireRAT

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/htb-omni-writeup-7efdc6fd1c10?source=rss----7b722bfd1b8d---4) ⌘ [Read more](https://infosecwriteups.com/htb-omni-writeup-7efdc6fd1c10?source=rss----7b722bfd1b8d---4) 2022-11-20T19:00:22Z **Russian roulette XSS** ⌘ [Read more](https://infosecwriteups.com/russian-roulette-xss-bbba6afd2570?source=rss----7b722bfd1b8d---4) 2022-11-20T19:00:04Z **Deep Dive into Hidden Web** ⌘ [Read more](https://infosecwriteups.com/deep-dive-into-hidden-web-a5110a9c65e7?source=rss----7b722bfd1b8d---4) 2022-11-20T19:08:30Z **Write-up: Reflected XSS into HTML context with nothing encoded @ PortSwigger Academy** ⌘ [Read more](https://infosecwriteups.com/write-up-reflected-xss-into-html-context-with-nothing-encoded-portswigger-academy-c45e7e53c775?source=rss----7b722bfd1b8d---4) 2022-11-20T19:08:08Z **How I earned $47000 USD as a high school student** ⌘ [Read more](https://infosecwriteups.com/how-i-earned-47000-usd-as-a-high-school-student-a9a68896b3a3?source=rss----7b722bfd1b8d---4) 2022-11-21T13:22:27Z **‍IW Weekly #34: Attacking SAML 2.0,** ⌘ [Read more](https://infosecwriteups.com/iw-weekly-34-attacking-saml-2-0-5d6cd7507ac4?source=rss----7b722bfd1b8d---4) 2022-11-21T14:27:32Z **TryHackMe writeup: AttackerKB**
[![](https://cdn-images-1.medium.com/max/696/1*MZZ3mE4V15WMzCz80juevQ.png)](https://infosecwriteups.com/tryhackme-writeup-attackerkb-48cef82cfefa?source=rss----7b722bfd1b8d---4)

This article discusses the AttackerKB project and a greater phenomena that it is based off of: the wisdom of the crowds.

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/tryhackme-writeup-attackerkb-48cef82cfefa?source=rss----7b722bfd1b8d--- ... ⌘ [Read more](https://infosecwriteups.com/tryhackme-writeup-attackerkb-48cef82cfefa?source=rss----7b722bfd1b8d---4) 2022-11-21T14:26:23Z **[ Malware Analysis #5] — Eternity Project — Eternity Worm** ⌘ [Read more](https://infosecwriteups.com/malware-analysis-5-eternity-project-eternity-worm-abd7803fcab?source=rss----7b722bfd1b8d---4) 2022-11-21T15:27:12Z **Pass the Hash Attack**
[![](https://cdn-images-1.medium.com/max/640/0*FXv0sK_Aq6bOI2iX.jpeg)](https://infosecwriteups.com/pass-the-hash-attack-ddf956cf9551?source=rss----7b722bfd1b8d---4)

We hear about breaches on a daily basis, and sometimes even about system compromises, so what stages does the attacker take and how does…

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/pass-the-hash-attack-ddf956cf9551?source=rss----7b722bfd1b8d---4) ⌘ [Read more](https://infosecwriteups.com/pass-the-hash-attack-ddf956cf9551?source=rss----7b722bfd1b8d---4) 2022-11-21T16:31:33Z **Write-up: Basic server-side template injection @ PortSwigger Academy** ⌘ [Read more](https://infosecwriteups.com/write-up-basic-server-side-template-injection-portswigger-academy-8e74931c6bd7?source=rss----7b722bfd1b8d---4) 2022-11-22T07:01:23Z **Must See Sites From The Depths of Dark Web!** ⌘ [Read more](https://infosecwriteups.com/must-see-sites-from-the-depths-of-dark-web-5bc42ab4b179?source=rss----7b722bfd1b8d---4) 2022-11-22T08:01:56Z **Write-up: Unprotected admin functionality @ PortSwigger Academy** ⌘ [Read more](https://infosecwriteups.com/write-up-unprotected-admin-functionality-portswigger-academy-d5804e3bb65?source=rss----7b722bfd1b8d---4) 2022-11-22T09:06:01Z **Bug Bounty Tips and Getting Persistence With Electron Applications** ⌘ [Read more](https://infosecwriteups.com/bug-bounty-tips-and-getting-persistence-with-electron-applications-c538d4dda446?source=rss----7b722bfd1b8d---4) 2022-11-22T20:24:39Z **Fastly Subdomain Takeover $2000** ⌘ [Read more](https://infosecwriteups.com/fastly-subdomain-takeover-2000-217bb180730f?source=rss----7b722bfd1b8d---4) 2022-11-23T08:06:51Z **3 Videos About Web3 Hacking to Fast-Forward Your Cybersecurity Journey** ⌘ [Read more](https://infosecwriteups.com/4-videos-about-web3-hacking-to-fast-forward-your-cybersecurity-journey-6e14b9b7d722?source=rss----7b722bfd1b8d---4) 2022-11-23T18:56:11Z **How To Exploit CSRF In DVWA — StackZero** ⌘ [Read more](https://infosecwriteups.com/how-to-exploit-csrf-in-dvwa-stackzero-bf1b6b557d85?source=rss----7b722bfd1b8d---4) 2022-11-24T11:52:38Z **Defending against ransomware in the Cloud**
[![](https://cdn-images-1.medium.com/max/2600/0*NTg1XD1eOSWTyhSI)](https://infosecwriteups.com/defending-against-ransomware-in-the-cloud-a6ff2c1efcab?source=rss----7b722bfd1b8d---4)

Is the Cloud more or less secure against ransomware ?

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/defending-against-ransomware-in-the-cloud-a6ff2c1efcab?source=rss----7b722bfd1b8d---4) ⌘ [Read more](https://infosecwriteups.com/defending-against-ransomware-in-the-cloud-a6ff2c1efcab?source=rss----7b722bfd1b8d---4) 2022-11-24T11:51:23Z **THE ANATOMY OF KERBEROS AUTHENTICATION (AD BASICS 0x1)** ⌘ [Read more](https://infosecwriteups.com/the-anatomy-of-kerberos-authentication-ad-basics-0x1-1532305a18a3?source=rss----7b722bfd1b8d---4) 2022-11-24T20:32:15Z **Write-up: Authentication bypass via information disclosure @ PortSwigger Academy** ⌘ [Read more](https://infosecwriteups.com/write-up-authentication-bypass-via-information-disclosure-portswigger-academy-f3998ded54e?source=rss----7b722bfd1b8d---4) 2022-11-25T06:53:56Z **From CloudSec to Web3 Security, Bug Bounties to DFIR, and More: 15 Power-Packed Talks at IWCON2022** ⌘ [Read more](https://infosecwriteups.com/from-cloudsec-to-web3-security-bug-bounties-to-dfir-and-more-15-power-packed-talks-at-iwcon2022-ae0691dc6c9d?source=rss----7b722bfd1b8d---4) 2022-11-26T12:38:05Z **Quick Update For Our Indian Members Who Want to Attend IWCON** ⌘ [Read more](https://infosecwriteups.com/quick-update-for-our-indian-members-who-want-to-attend-iwcon-e6b2a02e099d?source=rss----7b722bfd1b8d---4) 2022-11-28T09:01:00Z **Python Malware Analysis** ⌘ [Read more](https://infosecwriteups.com/python-malware-analysis-a36f75ec0cad?source=rss----7b722bfd1b8d---4) 2022-11-28T08:59:59Z **A great weekend hack(worth $8k)** ⌘ [Read more](https://infosecwriteups.com/a-great-weekend-hack-worth-8k-9bfda8ab65b9?source=rss----7b722bfd1b8d---4) 2022-11-28T08:59:48Z **TryHackMe WriteUp: Warzone 2** ⌘ [Read more](https://infosecwriteups.com/tryhackme-writeup-warzone-2-d74bc379e4b1?source=rss----7b722bfd1b8d---4) 2022-11-28T08:59:31Z **How I hacked into a government e-learning website** ⌘ [Read more](https://infosecwriteups.com/how-i-hacked-into-a-government-e-learning-website-ce8da8fb4ccc?source=rss----7b722bfd1b8d---4) 2022-11-28T08:58:03Z **Inyección SQL divertida 3— MSSQL ejemplo practico | In Spanish**
[![](https://cdn-images-1.medium.com/max/626/1*c0V6ZeKSGnQyYWd_OLm7dw.png)](https://infosecwriteups.com/inyecci%C3%B3n-sql-divertida-3-mssql-ejemplo-practico-43f883f5eeb7?source=rss----7b722bfd1b8d---4)

Hola querido lector, de verdad me da mucho gusto que me regales un poco de tu valioso tiempo para leer el siguiente escrito. En esta…

[Continue reading on InfoSec Write-ups »](htt ... ⌘ [Read more](https://infosecwriteups.com/inyecci%C3%B3n-sql-divertida-3-mssql-ejemplo-practico-43f883f5eeb7?source=rss----7b722bfd1b8d---4) 2022-11-28T10:01:59Z **Write-up: Basic server-side template injection (code context) @ PortSwigger Academy** ⌘ [Read more](https://infosecwriteups.com/write-up-basic-server-side-template-injection-code-context-portswigger-academy-910a3720c26d?source=rss----7b722bfd1b8d---4) 2022-11-28T11:02:01Z **TryHackMe writeup: BadByte**
[![](https://cdn-images-1.medium.com/max/966/0*U3rvar97WQdWSQaD.png)](https://infosecwriteups.com/tryhackme-writeup-badbyte-f224175ad302?source=rss----7b722bfd1b8d---4)

That lassie with the dragon tattoo took a bad byte — but nothing more than she can chew ;-)

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/tryhackme-writeup-badbyte-f224175ad302?source=rss----7b722bfd1b8d---4) ⌘ [Read more](https://infosecwriteups.com/tryhackme-writeup-badbyte-f224175ad302?source=rss----7b722bfd1b8d---4) 2022-11-28T12:01:58Z **Automate GitHub Actions Security Best Practices** ⌘ [Read more](https://infosecwriteups.com/automate-github-actions-security-best-practices-f5f178001291?source=rss----7b722bfd1b8d---4) 2022-11-28T13:29:19Z **‍IW Weekly #35: HTTP Desync Attack, Mass Account Takeover, SSRF via DNS Rebinding, Exploiting…** ⌘ [Read more](https://infosecwriteups.com/iw-weekly-35-http-desync-attack-mass-account-takeover-ssrf-via-dns-rebinding-exploiting-84b4c651af52?source=rss----7b722bfd1b8d---4) 2022-11-29T08:47:08Z **Unrestricted File Upload: A Common Bug With A High Potential Revenue On HackerOne! — StackZero** ⌘ [Read more](https://infosecwriteups.com/unrestricted-file-upload-a-common-bug-with-a-high-potential-revenue-on-hackerone-stackzero-dcf71e56e48b?source=rss----7b722bfd1b8d---4) 2022-11-29T08:46:53Z **Behind the SMS Bombing Application** ⌘ [Read more](https://infosecwriteups.com/behind-the-sms-bombing-application-33ac4e9924df?source=rss----7b722bfd1b8d---4) 2022-11-29T09:52:00Z **Unvalidated Redirects and Forwards**
[![](https://cdn-images-1.medium.com/max/640/0*IUwdvvr7TngPdmQQ.jpeg)](https://infosecwriteups.com/unvalidated-redirects-and-forwards-4cad5eb66b64?source=rss----7b722bfd1b8d---4)

Introduction

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/unvalidated-redirects-and-forwards-4cad5eb66b64?source=rss----7b722bfd1b8d---4) ⌘ [Read more](https://infosecwriteups.com/unvalidated-redirects-and-forwards-4cad5eb66b64?source=rss----7b722bfd1b8d---4) 2022-11-29T10:51:58Z **How to Plug Common Supply Chain Vulnerabilities** ⌘ [Read more](https://infosecwriteups.com/how-to-plug-common-supply-chain-vulnerabilities-3f7daadd4a7e?source=rss----7b722bfd1b8d---4) 2022-11-29T14:49:37Z **Best Information Technology Schools in 2023** ⌘ [Read more](https://infosecwriteups.com/best-information-technology-schools-in-2023-698d3c043bb3?source=rss----7b722bfd1b8d---4) 2022-11-29T15:46:21Z **Who Will You Learn From at IWCON2022?** ⌘ [Read more](https://infosecwriteups.com/who-will-you-learn-from-at-iwcon2022-451c238822cc?source=rss----7b722bfd1b8d---4) 2022-11-30T06:15:40Z **Unique Rate limit bypass worth 1800$** ⌘ [Read more](https://infosecwriteups.com/unique-rate-limit-bypass-worth-1800-6e2947c7d972?source=rss----7b722bfd1b8d---4) 2022-11-30T12:09:42Z **Attacktive Directory** ⌘ [Read more](https://infosecwriteups.com/attacktive-directory-d1ab5fef716a?source=rss----7b722bfd1b8d---4) 2022-11-30T12:09:16Z **Write-up: Source code disclosure via backup files @ PortSwigger Academy** ⌘ [Read more](https://infosecwriteups.com/write-up-source-code-disclosure-via-backup-files-portswigger-academy-3709812fa111?source=rss----7b722bfd1b8d---4) 2022-11-30T13:11:34Z **TryHackMe writeup: A cursory analysis of the Jigsaw ransomware**
[![](https://cdn-images-1.medium.com/max/1219/1*wUdCGsUSyvshMxVUzxtY3A.png)](https://infosecwriteups.com/tryhackme-writeup-a-cursory-analysis-of-the-jigsaw-ransomware-ee949b444f3f?source=rss----7b722bfd1b8d---4)

Ransomware is a threat that sent the computing world into a frenzy. In this article, I will discuss analysing a the Jigsaw stain of it.

[Continue reading on InfoS ... ⌘ [Read more](https://infosecwriteups.com/tryhackme-writeup-a-cursory-analysis-of-the-jigsaw-ransomware-ee949b444f3f?source=rss----7b722bfd1b8d---4) 2022-11-30T15:11:56Z **My Latest XSS Finding, Explained To Beginners | Bug Bounty** ⌘ [Read more](https://infosecwriteups.com/my-latest-xss-finding-explained-to-beginners-bug-bounty-8674fa3626e7?source=rss----7b722bfd1b8d---4) 2022-12-01T03:44:48Z **SSRF via DNS Rebinding (CVE-2022–4096)** ⌘ [Read more](https://infosecwriteups.com/ssrf-via-dns-rebinding-cve-2022-4096-b7bf75928bb2?source=rss----7b722bfd1b8d---4) 2022-12-01T03:44:34Z **RAVEN 2 Walkthrough (OSWE like machine )** ⌘ [Read more](https://infosecwriteups.com/raven-2-walkthrough-oswe-like-machine-98bdfc62b9bf?source=rss----7b722bfd1b8d---4) 2022-12-01T18:26:06Z **Hacking Into Social Media Account using Social Engineering!** ⌘ [Read more](https://infosecwriteups.com/hacking-social-media-account-1abb06c80e1a?source=rss----7b722bfd1b8d---4) 2022-12-01T18:25:54Z **DoS on a Wifi Router — Wifi Hacking #1** ⌘ [Read more](https://infosecwriteups.com/wifi-hacking-1-deauthenticating-users-6f8ed6a11d73?source=rss----7b722bfd1b8d---4) 2022-12-01T18:25:40Z **TryHackMe Advent of Cyber 2022 [Day 1] — No Answers :P**
[![](https://cdn-images-1.medium.com/max/950/1*JPEDYBhfGnu7arGfRcTeVQ.png)](https://infosecwriteups.com/tryhackme-advent-of-cyber-2022-day-1-no-answers-p-87cdbad59c7d?source=rss----7b722bfd1b8d---4)

I am so excited about this Cyber Advent from TryHackMe and today the 1st of December is Day 1. TryHackMe has a lot of prizes for this…

[Continue reading on InfoSec Write-ups »](https://infosecwri ... ⌘ [Read more](https://infosecwriteups.com/tryhackme-advent-of-cyber-2022-day-1-no-answers-p-87cdbad59c7d?source=rss----7b722bfd1b8d---4) 2022-12-01T18:25:11Z **pentesting.cloud part 2: “Is there an echo in here?” AWS CTF walkthrough** ⌘ [Read more](https://infosecwriteups.com/pentesting-cloud-part-2-is-there-an-echo-in-here-ctf-walkthrough-54ec188a585d?source=rss----7b722bfd1b8d---4) 2022-12-02T09:08:57Z **3 Free Videos to Turbocharge Your Infosec Journey** ⌘ [Read more](https://infosecwriteups.com/3-free-videos-to-turbocharge-your-infosec-journey-2acbe12aa9e?source=rss----7b722bfd1b8d---4) 2022-12-05T04:46:35Z **Learn From 16 Experts at IWCON2022 Cybersecurity Conference** ⌘ [Read more](https://infosecwriteups.com/learn-from-16-experts-at-iwcon2022-cybersecurity-conference-7b281e9cf4e3?source=rss----7b722bfd1b8d---4) 2022-12-05T11:39:58Z **Set up Cloud Instances**
[![](https://cdn-images-1.medium.com/max/2600/0*3enjfvsf1M9NtTfm)](https://infosecwriteups.com/set-up-cloud-instances-703340af4897?source=rss----7b722bfd1b8d---4)

AWS

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/set-up-cloud-instances-703340af4897?source=rss----7b722bfd1b8d---4) ⌘ [Read more](https://infosecwriteups.com/set-up-cloud-instances-703340af4897?source=rss----7b722bfd1b8d---4) 2022-12-05T11:39:48Z **My first experience in hosting a National Level Capture The Flag Competition** ⌘ [Read more](https://infosecwriteups.com/my-first-experience-in-hosting-a-national-level-capture-the-flag-competition-f274eb9db0f7?source=rss----7b722bfd1b8d---4) 2022-12-05T11:39:18Z **TryHackMe Advent of Cyber 2022 [Day 2] — No Answers :P**
[![](https://cdn-images-1.medium.com/max/600/1*pmDX3aN-SW-Xw6x1MjquEg.png)](https://infosecwriteups.com/tryhackme-advent-of-cyber-2022-day-2-no-answers-p-5bad39fb83ec?source=rss----7b722bfd1b8d---4)

Day 2 Learning Objectives

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/tryhackme-advent-of-cyber-2022-day-2-no-answers-p-5bad39fb83ec?source=rss----7b722bfd1b8d---4) ⌘ [Read more](https://infosecwriteups.com/tryhackme-advent-of-cyber-2022-day-2-no-answers-p-5bad39fb83ec?source=rss----7b722bfd1b8d---4) 2022-12-05T11:39:08Z **TryHackMe Advent of Cyber 2022 [Day 3] — No Answers :P**
[![](https://cdn-images-1.medium.com/max/1216/1*MMmdC1sSqy2RckVRs45Zmw.png)](https://infosecwriteups.com/tryhackme-advent-of-cyber-2022-day-3-no-answers-p-771895ffd492?source=rss----7b722bfd1b8d---4)

Day 3 Learning Objectives:

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/tryhackme-advent-of-cyber-2022-day-3-no-answers-p-771895ffd492?source=rss----7b722bfd1b8d---4) ⌘ [Read more](https://infosecwriteups.com/tryhackme-advent-of-cyber-2022-day-3-no-answers-p-771895ffd492?source=rss----7b722bfd1b8d---4) 2022-12-05T11:38:58Z **TryHackMe Advent of Cyber 2022 [Day 4] Scanning through the snow— No Answers :P**
[![](https://cdn-images-1.medium.com/max/744/1*Q7SnqxluYBT7RYBDXOCfhA.png)](https://infosecwriteups.com/tryhackme-advent-of-cyber-2022-day-4-scanning-through-the-snow-no-answers-p-791b6afd80c3?source=rss----7b722bfd1b8d---4)

Day 4 Learning Objectives

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/tryhackme-advent-of-cy ... ⌘ [Read more](https://infosecwriteups.com/tryhackme-advent-of-cyber-2022-day-4-scanning-through-the-snow-no-answers-p-791b6afd80c3?source=rss----7b722bfd1b8d---4) 2022-12-05T11:38:13Z **Phoenix Challenges — Stack Three** ⌘ [Read more](https://infosecwriteups.com/phoenix-challenges-stack-three-984e0434356b?source=rss----7b722bfd1b8d---4) 2022-12-05T11:38:02Z **Anti-Reversing Techniques (Part 2)** ⌘ [Read more](https://infosecwriteups.com/anti-reversing-techniques-part-2-bd5e0d3cd7aa?source=rss----7b722bfd1b8d---4) 2022-12-05T11:28:55Z **‍IW Weekly #36: 1,250€ Bounty, VoIP Spoofing, SSL Pinning, Intercepting Proxy, XSS Resources…** ⌘ [Read more](https://infosecwriteups.com/iw-weekly-36-1-250-bounty-voip-spoofing-ssl-pinning-intercepting-proxy-xss-resources-fc34f50220d3?source=rss----7b722bfd1b8d---4) 2022-12-06T11:46:56Z **Reflected XSS using Double Encoding** ⌘ [Read more](https://infosecwriteups.com/got-another-xss-using-double-encoding-e6493a9f7368?source=rss----7b722bfd1b8d---4) 2022-12-06T11:46:39Z **Intercepting HTTP traffic with OpenVPN on Android** ⌘ [Read more](https://infosecwriteups.com/intercepting-http-traffic-with-openvpn-on-android-5835fa40466d?source=rss----7b722bfd1b8d---4) 2022-12-06T11:45:52Z **HTB Time [writeup]**
[![](https://cdn-images-1.medium.com/max/766/1*0lAimW4DRYVnlyrjHJHwWA.png)](https://infosecwriteups.com/htb-time-writeup-1c5b51a82eb7?source=rss----7b722bfd1b8d---4)

Exploiting the RCE and SSRF Vulnerabilities

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/htb-time-writeup-1c5b51a82eb7?source=rss----7b722bfd1b8d---4) ⌘ [Read more](https://infosecwriteups.com/htb-time-writeup-1c5b51a82eb7?source=rss----7b722bfd1b8d---4) 2022-12-06T11:45:40Z **TryHackMe Advent of Cyber 2022 [Day 5] He knows when you’re awake — No Answers :P**
[![](https://cdn-images-1.medium.com/max/686/1*xNaz_ZlcRJoNsMXHAuUimw.png)](https://infosecwriteups.com/tryhackme-advent-of-cyber-2022-day-5-he-knows-when-youre-awake-no-answers-p-25db80f3a89e?source=rss----7b722bfd1b8d---4)

Day 5 Learning Objectives:

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/tryhackme-advent-of ... ⌘ [Read more](https://infosecwriteups.com/tryhackme-advent-of-cyber-2022-day-5-he-knows-when-youre-awake-no-answers-p-25db80f3a89e?source=rss----7b722bfd1b8d---4) 2022-12-06T11:45:29Z **How to Hack Applications’ Logic** ⌘ [Read more](https://infosecwriteups.com/how-to-hack-applications-logic-6b0219f0dd04?source=rss----7b722bfd1b8d---4) 2022-12-06T11:44:26Z **[WRITE-UP] ATO bug in a target who wasn’t running any bug bounty program (Bounty: 40K INR)** ⌘ [Read more](https://infosecwriteups.com/my-first-bug-bounty-write-up-about-my-first-valid-finding-a-very-simple-ato-bug-in-a-target-who-1b8259f531d6?source=rss----7b722bfd1b8d---4) 2022-12-06T11:43:40Z **HTB University CTF 2022 — Cloud — Enchanted** ⌘ [Read more](https://infosecwriteups.com/htb-university-ctf-2022-cloud-enchanted-2966780f13f5?source=rss----7b722bfd1b8d---4) 2022-12-06T11:43:26Z **Facebook page admin disclosure by "Message Seller" button (Bounty: 1500 USD)** ⌘ [Read more](https://infosecwriteups.com/facebook-page-admin-disclosure-by-message-seller-button-bounty-1500-usd-caaa2eac4121?source=rss----7b722bfd1b8d---4) 2022-12-06T11:43:12Z **Facebook page admin disclosure by "Create doc" button (Bounty: 5000 USD)** ⌘ [Read more](https://infosecwriteups.com/facebook-page-admin-disclosure-by-create-doc-button-bounty-5000-usd-2fd1ff615bf8?source=rss----7b722bfd1b8d---4) 2022-12-06T11:42:39Z **Irremovable Facebook group album photos and entire album under certain circumstances (Bounty: 1000…** ⌘ [Read more](https://infosecwriteups.com/irremovable-facebook-group-album-photos-and-entire-album-under-certain-circumstances-bounty-1000-b1b2a870b8e0?source=rss----7b722bfd1b8d---4) 2022-12-06T12:46:36Z **TryHackMe writeup: Bounty Hacker**
[![](https://cdn-images-1.medium.com/max/991/1*D6ThfLSMAjto813yFzolrg.png)](https://infosecwriteups.com/tryhackme-writeup-bounty-hacker-4f06536c94c4?source=rss----7b722bfd1b8d---4)

In this room, I join forces with Faye Valentine et al to get a bunch of internet terrorists with FTP and privilege escalation hacks!

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/tryhackme-writeup-bounty-hacker-4f06536c94c4?sourc ... ⌘ [Read more](https://infosecwriteups.com/tryhackme-writeup-bounty-hacker-4f06536c94c4?source=rss----7b722bfd1b8d---4) 2022-12-06T21:56:09Z **Pickle Rick -THM** ⌘ [Read more](https://infosecwriteups.com/picke-rick-thm-e8fb33d1f259?source=rss----7b722bfd1b8d---4) 2022-12-06T21:55:58Z **TryHackMe Advent of Cyber 2022 [Day 6] It’s beginning to look a lot like phishing — No Answers :P** ⌘ [Read more](https://infosecwriteups.com/tryhackme-advent-of-cyber-2022-day-6-its-beginning-to-look-a-lot-like-phishing-no-answers-p-66b57be74cb3?source=rss----7b722bfd1b8d---4) 2022-12-08T08:31:01Z **Hacking into Wi-Fi Camera TP-Link Tapo C200 (CVE-2021–4045)** ⌘ [Read more](https://infosecwriteups.com/hacking-into-wi-fi-camera-tp-link-tapo-c200-cve-2021-4045-4c4e43115864?source=rss----7b722bfd1b8d---4) 2022-12-09T04:42:00Z **Don’t Miss the Expert Talks at IWCON2022 Cybersecurity Conference** ⌘ [Read more](https://infosecwriteups.com/dont-miss-the-expert-talks-at-iwcon2022-cybersecurity-conference-ddf91d19ab17?source=rss----7b722bfd1b8d---4) 2022-12-09T11:59:02Z **HackTheBox — Networked Writeup** ⌘ [Read more](https://infosecwriteups.com/hackthebox-networked-writeup-3d0a1276ad3c?source=rss----7b722bfd1b8d---4) 2022-12-09T11:58:02Z **Email analysis : avoid phishing attacks** ⌘ [Read more](https://infosecwriteups.com/email-analysis-avoid-phishing-attacks-360a81e1ebf8?source=rss----7b722bfd1b8d---4) 2022-12-09T11:57:44Z **TryHackMe Advent of Cyber 2022 [Day 7] Maldocs roasting on an open fire— No Answers :P**
[![](https://cdn-images-1.medium.com/max/956/1*MN5g9P-B53V4qJT4KsgTJw.png)](https://infosecwriteups.com/tryhackme-advent-of-cyber-2022-day-7-maldocs-roasting-on-an-open-fire-no-answers-p-d9d90522bc94?source=rss----7b722bfd1b8d---4)

Day 7 Learning Objectives:

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/ ... ⌘ [Read more](https://infosecwriteups.com/tryhackme-advent-of-cyber-2022-day-7-maldocs-roasting-on-an-open-fire-no-answers-p-d9d90522bc94?source=rss----7b722bfd1b8d---4) 2022-12-09T11:56:51Z **The most underrated injection of all time — CYPHER INJECTION.** ⌘ [Read more](https://infosecwriteups.com/the-most-underrated-injection-of-all-time-cypher-injection-fa2018ba0de8?source=rss----7b722bfd1b8d---4) 2022-12-09T11:56:42Z **STRIPE Live Key Exposed:: Bounty: $1000** ⌘ [Read more](https://infosecwriteups.com/stripe-live-key-exposed-bounty-1000-dc670f2c5d9c?source=rss----7b722bfd1b8d---4) 2022-12-09T13:01:44Z **TryHackMe writeup: RootMe**
[![](https://cdn-images-1.medium.com/max/1117/1*d4q1ICseQBKebkrmGSXovw.png)](https://infosecwriteups.com/tryhackme-writeup-rootme-7140eeb6b99f?source=rss----7b722bfd1b8d---4)

A simple TryHackMe room that is good stuff for ctf practice. I root a boot2root system with a Katana sword (and Python ;-)

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/tryhackme-writeup-rootme-7140eeb6b99f?source=rss----7b722bfd1b8d---4) ⌘ [Read more](https://infosecwriteups.com/tryhackme-writeup-rootme-7140eeb6b99f?source=rss----7b722bfd1b8d---4) 2022-12-09T17:12:58Z **Supply Chain Attacks on the risk - Open Source Security** ⌘ [Read more](https://infosecwriteups.com/supply-chain-attacks-on-the-risk-open-source-security-ee7a8cf1ec58?source=rss----7b722bfd1b8d---4) 2022-12-10T17:17:13Z **Operationalizing MITRE ATT&CK to harden cyber defenses**
[![](https://cdn-images-1.medium.com/max/600/1*qMA2EYuHH4Uxdr6zX6V55Q.png)](https://infosecwriteups.com/operationalizing-mitre-att-ck-to-harden-cyber-defenses-ba9f6852228f?source=rss----7b722bfd1b8d---4)

Take Adversary’s perspective in Defender’s Team

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/operationalizing-mitre-att-ck-to-harden-cyber-defenses-ba9f6852228f ... ⌘ [Read more](https://infosecwriteups.com/operationalizing-mitre-att-ck-to-harden-cyber-defenses-ba9f6852228f?source=rss----7b722bfd1b8d---4) 2022-12-10T17:16:53Z **TryHackMe writeup: Basic Pentesting**
[![](https://cdn-images-1.medium.com/max/800/1*mF1JExrZtPXdOZu-nGh_kQ.png)](https://infosecwriteups.com/tryhackme-writeup-basic-pentesting-49fb45e97058?source=rss----7b722bfd1b8d---4)

In this room, I discuss the process that I used to complete TryHackMe’s “Basic Pentesting” room.

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/tryhackme-writeup-basic-pentesting-49fb45e97058?source=rss----7b722bfd1b8d--- ... ⌘ [Read more](https://infosecwriteups.com/tryhackme-writeup-basic-pentesting-49fb45e97058?source=rss----7b722bfd1b8d---4) 2022-12-10T17:16:34Z **Recon** ⌘ [Read more](https://infosecwriteups.com/recon-98cf42e60eff?source=rss----7b722bfd1b8d---4) 2022-12-10T17:14:38Z **Write-up: DOM XSS in document.write sink using source location.search @ PortSwigger Academy** ⌘ [Read more](https://infosecwriteups.com/write-up-dom-xss-in-document-write-sink-using-source-location-search-portswigger-academy-c8e270203773?source=rss----7b722bfd1b8d---4) 2022-12-10T17:14:28Z **Smart contracts** ⌘ [Read more](https://infosecwriteups.com/smart-contracts-931081d9649a?source=rss----7b722bfd1b8d---4) 2022-12-10T21:11:31Z **Year of the Rabbit — TryHackMe Writeup By Karthikeyan** ⌘ [Read more](https://infosecwriteups.com/year-of-the-rabbit-tryhackme-writeup-by-karthikeyan-a3223529e888?source=rss----7b722bfd1b8d---4) 2022-12-10T21:11:10Z **TryHackMe CMesS CTF** ⌘ [Read more](https://infosecwriteups.com/tryhackme-cmess-ctf-c1339774550e?source=rss----7b722bfd1b8d---4) 2022-12-12T04:51:39Z **Only 5 Days Left For IWCON 2022** ⌘ [Read more](https://infosecwriteups.com/only-5-days-left-for-iwcon-2022-55d7ee302ddb?source=rss----7b722bfd1b8d---4) 2022-12-12T09:09:03Z **Advent of Cyber 2022 [Day 11]-Memory Forensics-Not all gifts are nice Write up** ⌘ [Read more](https://infosecwriteups.com/advent-of-cyber-2022-day-11-memory-forensics-not-all-gifts-are-nice-write-up-1ec97f6d8249?source=rss----7b722bfd1b8d---4) 2022-12-12T09:08:49Z **Lian_Yu — TryHackMe Writeup by Karthikeyan** ⌘ [Read more](https://infosecwriteups.com/lian-yu-ae415d1f6fc7?source=rss----7b722bfd1b8d---4) 2022-12-12T09:08:40Z **Forensics —Writeup** ⌘ [Read more](https://infosecwriteups.com/forensics-6b4aaf85f87f?source=rss----7b722bfd1b8d---4) 2022-12-12T09:08:31Z **Advent of Cyber 2022 [Day 7]-Cyber Chef Maldocs roasting on an open fire Writeup by Karthikeyan…** ⌘ [Read more](https://infosecwriteups.com/advent-of-cyber-2022-day-7-cyber-chef-maldocs-roasting-on-an-open-fire-writeup-by-karthikeyan-edd2f2f8a4b5?source=rss----7b722bfd1b8d---4) 2022-12-12T09:08:21Z **Advent of Cyber 2022 [Day5] Email Analysis — It’s beginning to look a lot like phishing by…** ⌘ [Read more](https://infosecwriteups.com/advent-of-cyber-2022-day5-email-analysis-its-beginning-to-look-a-lot-like-phishing-by-978dab792ebf?source=rss----7b722bfd1b8d---4) 2022-12-12T09:08:08Z **Advent of Cyber Day 2~ Log Analysis Santa’s Naughty & Nice Log** ⌘ [Read more](https://infosecwriteups.com/advent-of-cyber-day-2-log-analysis-santas-naughty-nice-log-ff194383a9e3?source=rss----7b722bfd1b8d---4) 2022-12-12T09:07:57Z **Carnage — TryHackme Write-up (600 Points) | Cyberw1ng** ⌘ [Read more](https://infosecwriteups.com/carnage-tryhackme-write-up-600-points-cyberw1ng-6e4468c010a8?source=rss----7b722bfd1b8d---4) 2022-12-12T09:07:45Z **Memory Forensics — TryHackMe Write-up — Cyberw1ng** ⌘ [Read more](https://infosecwriteups.com/memory-forensics-tryhackme-write-up-cyberw1ng-945217d0cbc7?source=rss----7b722bfd1b8d---4) 2022-12-12T09:07:34Z **Wireshark: The Basics — TryHackMe** ⌘ [Read more](https://infosecwriteups.com/wireshark-the-basics-tryhackme-57e50c7d9c4f?source=rss----7b722bfd1b8d---4) 2022-12-12T09:07:23Z **Committed — TryHackMe** ⌘ [Read more](https://infosecwriteups.com/committed-tryhackme-b1def8f545e2?source=rss----7b722bfd1b8d---4) 2022-12-12T10:11:01Z **Write-up: SQL injection with filter bypass via XML encoding @ PortSwigger Academy** ⌘ [Read more](https://infosecwriteups.com/write-up-sql-injection-with-filter-bypass-via-xml-encoding-portswigger-academy-977aaeb2b04d?source=rss----7b722bfd1b8d---4) 2022-12-12T10:06:06Z **TryHackMe ultraTech CTF** ⌘ [Read more](https://infosecwriteups.com/tryhackme-ultratech-ctf-5f4a8e238ed9?source=rss----7b722bfd1b8d---4) 2022-12-12T11:06:27Z **Portswigger Lab: JWT authentication bypass via algorithm confusion with no exposed key, a slightly…**
[![](https://cdn-images-1.medium.com/max/1063/1*SzvEvjYyq7eNGCI4A_GZIQ.png)](https://infosecwriteups.com/portswigger-lab-jwt-authentication-bypass-via-algorithm-confusion-with-no-exposed-key-a-slightly-e28602b6ef70?source=rss----7b722bfd1b8d---4)

, or how I learned the importance of RTFM yet again

[Co ... ⌘ [Read more](https://infosecwriteups.com/portswigger-lab-jwt-authentication-bypass-via-algorithm-confusion-with-no-exposed-key-a-slightly-e28602b6ef70?source=rss----7b722bfd1b8d---4) 2022-12-12T13:24:05Z **‍IW Weekly #37: ChatGPT for Pentesting, Hacking Govt.** ⌘ [Read more](https://infosecwriteups.com/iw-weekly-37-chatgpt-for-pentesting-hacking-govt-a3d4952a407e?source=rss----7b722bfd1b8d---4) 2022-12-13T09:56:31Z **SQL Injection Payload List**
[![](https://cdn-images-1.medium.com/max/1422/1*qWAFJ0WnyExJw37sQcR3xQ.png)](https://infosecwriteups.com/sql-injection-payload-list-b97656cfd66b?source=rss----7b722bfd1b8d---4)

PayloadBox

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/sql-injection-payload-list-b97656cfd66b?source=rss----7b722bfd1b8d---4) ⌘ [Read more](https://infosecwriteups.com/sql-injection-payload-list-b97656cfd66b?source=rss----7b722bfd1b8d---4) 2022-12-13T09:56:10Z **XML External Entity (XXE) Injection Payload List** ⌘ [Read more](https://infosecwriteups.com/xml-external-entity-xxe-injection-payload-list-937d33e5e116?source=rss----7b722bfd1b8d---4) 2022-12-13T09:54:18Z **Write-up: DOM XSS in innerHTML sink using source location.search @ PortSwigger Academy** ⌘ [Read more](https://infosecwriteups.com/write-up-dom-xss-in-innerhtml-sink-using-source-location-search-portswigger-academy-94c6691f89b0?source=rss----7b722bfd1b8d---4) 2022-12-13T10:28:12Z **Advent of Cyber 2022 [Day 12]-Malware Analysis Forensic McBlue to the REVscue! Write up** ⌘ [Read more](https://infosecwriteups.com/advent-of-cyber-2022-day-12-malware-analysis-forensic-mcblue-to-the-revscue-write-up-44fc80e95c7?source=rss----7b722bfd1b8d---4) 2022-12-13T10:27:58Z **Windows LNK File Analysis in Forensic IT Reviews** ⌘ [Read more](https://infosecwriteups.com/windows-lnk-file-analysis-in-forensic-it-reviews-75b3dfd49f36?source=rss----7b722bfd1b8d---4) 2022-12-13T10:27:37Z **Directory Payload List via PayloadBox** ⌘ [Read more](https://infosecwriteups.com/directory-payload-list-via-payloadbox-433f689b8afd?source=rss----7b722bfd1b8d---4) 2022-12-13T21:26:47Z **Pivoting** ⌘ [Read more](https://infosecwriteups.com/pivoting-253d65c6c867?source=rss----7b722bfd1b8d---4) 2022-12-13T21:26:34Z **Advent of Cyber 2022 [Day 14]-Packet Analysis | Simply having a wonderful pcap time — Simple Write…** ⌘ [Read more](https://infosecwriteups.com/advent-of-cyber-2022-day-14-packet-analysis-simply-having-a-wonderful-pcap-time-simple-write-37169e62c23f?source=rss----7b722bfd1b8d---4) 2022-12-14T15:11:20Z **Why and How to Use HTTP Security Headers?** ⌘ [Read more](https://infosecwriteups.com/why-and-how-to-use-http-security-headers-d2034306fb33?source=rss----7b722bfd1b8d---4) 2022-12-14T18:04:21Z **Recon Skills and Tips — Learn All About Them at IWCON 2022** ⌘ [Read more](https://infosecwriteups.com/recon-skills-and-tips-learn-all-about-them-at-iwcon-2022-43e6564b7a96?source=rss----7b722bfd1b8d---4) 2022-12-15T11:37:41Z **How To Exploit File Inclusion Vulnerabilities: A Beginner’s Introduction. — StackZero** ⌘ [Read more](https://infosecwriteups.com/how-to-exploit-file-inclusion-vulnerabilities-a-beginners-introduction-stackzero-a55267b5fafb?source=rss----7b722bfd1b8d---4) 2022-12-15T12:42:05Z **Tryhackme: Simple CTF** ⌘ [Read more](https://infosecwriteups.com/tryhackme-simple-ctf-879a19561438?source=rss----7b722bfd1b8d---4) 2022-12-16T04:56:53Z **Only 24 Hours Left For IWCON2022** ⌘ [Read more](https://infosecwriteups.com/only-24-hours-left-for-iwcon2022-d5fbd0496233?source=rss----7b722bfd1b8d---4) 2022-12-16T09:21:43Z **Custom Browser Analysis** ⌘ [Read more](https://infosecwriteups.com/custom-browser-analysis-c0ef18fb75a8?source=rss----7b722bfd1b8d---4) 2022-12-16T09:21:24Z **Cyber Threat Intelligence (C.T.I)** ⌘ [Read more](https://infosecwriteups.com/cyber-threat-intelligence-c-t-i-92c09832fe18?source=rss----7b722bfd1b8d---4) 2022-12-16T09:21:14Z **Getting Started with Reverse Engineering** ⌘ [Read more](https://infosecwriteups.com/getting-started-with-reverse-engineering-609a42e86cc1?source=rss----7b722bfd1b8d---4) 2022-12-16T09:21:05Z **Using Threat Intelligence data to generate MISP alerts**
[![](https://cdn-images-1.medium.com/max/1920/0*Nn0oVDS3uNp12bJS.jpg)](https://infosecwriteups.com/using-threat-intelligence-data-to-generate-misp-alerts-b8a275df5131?source=rss----7b722bfd1b8d---4)

There are various Threat Intelligence sources that shares threat information with each other to help identify those threats in their…

[Continue reading on InfoSec Write-ups »](https://infose ... ⌘ [Read more](https://infosecwriteups.com/using-threat-intelligence-data-to-generate-misp-alerts-b8a275df5131?source=rss----7b722bfd1b8d---4) 2022-12-16T09:20:31Z **Malware analysis** ⌘ [Read more](https://infosecwriteups.com/malware-analysis-fe47d6a5f3f?source=rss----7b722bfd1b8d---4) 2022-12-16T09:20:20Z **Advent of Cyber 2022 [Day 15] Secure Coding | Santa is looking for a Sidekick | Simple Write up** ⌘ [Read more](https://infosecwriteups.com/advent-of-cyber-2022-day-15-secure-coding-santa-is-looking-for-a-sidekick-simple-write-up-60fe902423ef?source=rss----7b722bfd1b8d---4) 2022-12-16T09:20:09Z **Param Hunting to Injections** ⌘ [Read more](https://infosecwriteups.com/param-hunting-to-injections-4365da5447cf?source=rss----7b722bfd1b8d---4) 2022-12-16T17:34:06Z **IWCON2022 Networking Rooms Are Now Open + New Speaker Announcement** ⌘ [Read more](https://infosecwriteups.com/iwcon2022-networking-rooms-are-now-open-new-speaker-announcement-de2394b4fd0e?source=rss----7b722bfd1b8d---4) 2022-12-19T12:21:12Z **‍IW Weekly #38: Cache Poisoning, XSS Payloads, Akamai and Amazon S3 buckets, Hybrid Fuzzing in…** ⌘ [Read more](https://infosecwriteups.com/iw-weekly-38-cache-poisoning-xss-payloads-akamai-and-amazon-s3-buckets-hybrid-fuzzing-in-860ce4225eee?source=rss----7b722bfd1b8d---4) 2022-12-20T09:04:41Z **Use nim compiled language to evade Windows Defender reverse shell detection** ⌘ [Read more](https://infosecwriteups.com/use-nim-compiled-language-to-evade-windows-defender-reverse-shell-detection-a9268b4a3b0e?source=rss----7b722bfd1b8d---4) 2022-12-20T09:04:21Z **Advent of Cyber 2022 [Day 16] Secure Coding | SQLi’s the king, the carolers sing | Simple Write up** ⌘ [Read more](https://infosecwriteups.com/advent-of-cyber-2022-day-16-secure-coding-sqlis-the-king-the-carolers-sing-simple-write-up-1de37365eb94?source=rss----7b722bfd1b8d---4) 2022-12-20T09:04:08Z **Burp Suite Extension Development** ⌘ [Read more](https://infosecwriteups.com/burp-suite-extension-development-b177bddaa940?source=rss----7b722bfd1b8d---4) 2022-12-20T09:03:16Z **Advent of Cyber 2022 [Day 17] Secure Coding | Filtering for Order Amidst Chaos-Simple Write up** ⌘ [Read more](https://infosecwriteups.com/advent-of-cyber-2022-day-17-secure-coding-filtering-for-order-amidst-chaos-simple-write-up-64b7e2d94ae5?source=rss----7b722bfd1b8d---4) 2022-12-20T09:03:05Z **CVE-2022-42710: A journey through XXE to Stored-XSS** ⌘ [Read more](https://infosecwriteups.com/cve-2022-42710-a-journey-through-xxe-to-stored-xss-851d74dfe917?source=rss----7b722bfd1b8d---4) 2022-12-20T09:02:40Z **Directory Traversal Vulnerability in Huawei HG255s Products** ⌘ [Read more](https://infosecwriteups.com/directory-ttraversal-vulnerability-in-huawei-hg255s-products-dce941a1d015?source=rss----7b722bfd1b8d---4) 2022-12-20T09:00:14Z **How Fuzzing helps me to get my first bounty?** ⌘ [Read more](https://infosecwriteups.com/how-fuzzing-helps-me-to-get-my-first-bounty-2c63eb864e08?source=rss----7b722bfd1b8d---4) 2022-12-20T08:59:05Z **Advent of Cyber 2022 [Day 18] Sigma | Lumberjack Lenny Learns New Rules-Simple Write up** ⌘ [Read more](https://infosecwriteups.com/advent-of-cyber-2022-day-18-sigma-lumberjack-lenny-learns-new-rules-simple-write-up-205a403d6c08?source=rss----7b722bfd1b8d---4) 2022-12-20T08:58:48Z **TCM Security “Academy” — Walkthrough** ⌘ [Read more](https://infosecwriteups.com/tcm-security-academy-walkthrough-51b292cf337b?source=rss----7b722bfd1b8d---4) 2022-12-20T08:58:25Z **Destroying the Scammers Portal — SBI Scam** ⌘ [Read more](https://infosecwriteups.com/destroying-the-scammers-portal-sbi-scam-2169e21adeeb?source=rss----7b722bfd1b8d---4) 2022-12-20T10:06:03Z **Everything about Cookie and Its Security**
[![](https://cdn-images-1.medium.com/max/600/1*Pchf3dI0XblEn172vq9D_A.jpeg)](https://infosecwriteups.com/everything-about-cookie-and-its-security-f5742381d6e7?source=rss----7b722bfd1b8d---4)

What is a cookie and why is it used?

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/everything-about-cookie-and-its-security-f5742381d6e7?source=rss----7b722bfd1b8d---4) ⌘ [Read more](https://infosecwriteups.com/everything-about-cookie-and-its-security-f5742381d6e7?source=rss----7b722bfd1b8d---4) 2022-12-20T10:06:01Z **TryHackMe writeup: Daily Bugle**
[![](https://cdn-images-1.medium.com/max/952/1*n1SOuc-CZgDIlpVqAcLQ7A.png)](https://infosecwriteups.com/tryhackme-writeup-daily-bugle-87a52f234a82?source=rss----7b722bfd1b8d---4)

The Daily Bugle is a fake news paper in the world of Spiderman. In this article, it’s gonna get r00ted and pwn’d hard!

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/tryhackme-writeup-daily-bugle-87a52f234a82?source=rss----7b722bfd1b8d- ... ⌘ [Read more](https://infosecwriteups.com/tryhackme-writeup-daily-bugle-87a52f234a82?source=rss----7b722bfd1b8d---4) 2022-12-20T10:01:56Z **Write-up: Authentication bypass via encryption oracle @ PortSwigger Academy** ⌘ [Read more](https://infosecwriteups.com/write-up-authentication-bypass-via-encryption-oracle-portswigger-academy-4b4e363347b9?source=rss----7b722bfd1b8d---4) 2022-12-20T10:01:56Z **Using ChatGPT to Create DarkWeb Monitoring Tool** ⌘ [Read more](https://infosecwriteups.com/using-chatgpt-to-create-darkweb-monitoring-tool-7b7eeaab351f?source=rss----7b722bfd1b8d---4) 2022-12-20T10:01:46Z **How I found my first RCE? A simple one…** ⌘ [Read more](https://infosecwriteups.com/how-i-found-my-first-rce-a-simple-one-4d7dc1444c4?source=rss----7b722bfd1b8d---4) 2022-12-21T13:58:03Z **Advent of Cyber 2022 [Day 20] Firmware | Binwalkin’ around the Christmas tree-Simple Write up** ⌘ [Read more](https://infosecwriteups.com/advent-of-cyber-2022-day-20-firmware-binwalkin-around-the-christmas-tree-simple-write-up-345f9525d20c?source=rss----7b722bfd1b8d---4) 2022-12-21T13:57:41Z **TryHackMe — Warzone 2 Write-up with Answers** ⌘ [Read more](https://infosecwriteups.com/tryhackme-warzone-2-write-up-with-answers-51030b8639d4?source=rss----7b722bfd1b8d---4) 2022-12-21T13:57:06Z **How to spy on people on iOS** ⌘ [Read more](https://infosecwriteups.com/how-to-spy-on-people-on-ios-516651069844?source=rss----7b722bfd1b8d---4) 2022-12-22T07:34:59Z **Upgrading Kali Linux to the latest version** ⌘ [Read more](https://infosecwriteups.com/upgrade-update-kali-linux-c72dee1d1f4c?source=rss----7b722bfd1b8d---4) 2022-12-22T07:34:41Z **Advent of Cyber 2022 [Day 21] MQTT | Have yourself a merry little webcam-Simple Write up** ⌘ [Read more](https://infosecwriteups.com/advent-of-cyber-2022-day-21-mqtt-have-yourself-a-merry-little-webcam-simple-write-up-553be880db73?source=rss----7b722bfd1b8d---4) 2022-12-22T17:09:48Z **HTTP Header Injection**
[![](https://cdn-images-1.medium.com/max/2600/0*zBEp7WGG6xrjSl6l)](https://infosecwriteups.com/http-header-injection-4ba857fb9a16?source=rss----7b722bfd1b8d---4)

What is HTTP Header Injection?

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/http-header-injection-4ba857fb9a16?source=rss----7b722bfd1b8d---4) ⌘ [Read more](https://infosecwriteups.com/http-header-injection-4ba857fb9a16?source=rss----7b722bfd1b8d---4) 2022-12-23T15:36:52Z **Advent of Cyber 2022 [Day 22] Attack Surface | Reduction Threats are failing all around me-Simple…** ⌘ [Read more](https://infosecwriteups.com/advent-of-cyber-2022-day-22-attack-surface-reduction-threats-are-failing-all-around-me-simple-d23543635152?source=rss----7b722bfd1b8d---4) 2022-12-23T15:36:22Z **Everything about Docker Security**
[![](https://cdn-images-1.medium.com/max/640/0*QoBhTFOsuvioey3d.jpeg)](https://infosecwriteups.com/everything-about-docker-security-ceaef9612ebe?source=rss----7b722bfd1b8d---4)

Photo by Hacker Noon on Unsplash

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/everything-about-docker-security-ceaef9612ebe?source=rss----7b722bfd1b8d---4) ⌘ [Read more](https://infosecwriteups.com/everything-about-docker-security-ceaef9612ebe?source=rss----7b722bfd1b8d---4) 2022-12-23T15:36:07Z **❗️Capture The Ether ❗️— Token Sale [Difficulty = Low-Medium]** ⌘ [Read more](https://infosecwriteups.com/%EF%B8%8Fcapture-the-ether-%EF%B8%8F-token-sale-difficulty-low-medium-adc2928bbcc9?source=rss----7b722bfd1b8d---4) 2022-12-23T15:35:23Z **Advent of Cyber 2022 [Day 23] Defence in Depth | Mission ELFPossible: Abominable for a Day-Simple…** ⌘ [Read more](https://infosecwriteups.com/advent-of-cyber-2022-day-23-defence-in-depth-mission-elfpossible-abominable-for-a-day-simple-af55abcf3d23?source=rss----7b722bfd1b8d---4) 2022-12-23T16:36:22Z **How these IDOR vulnerability earned 5000$ | Hackerone Reddit Bug Bounty** ⌘ [Read more](https://infosecwriteups.com/how-these-idor-vulnerability-earned-5000-hackerone-reddit-bug-bounty-c685fcfbd8bc?source=rss----7b722bfd1b8d---4) 2022-12-24T17:15:17Z **Pythonic Malware Part-3: In-Memory Execution and Modern Evasion**
[![](https://cdn-images-1.medium.com/max/2334/0*r3MA6RYCIzXs4r4E)](https://infosecwriteups.com/pythonic-malware-part-3-in-memory-execution-and-modern-evasion-ec3cc1084628?source=rss----7b722bfd1b8d---4)

Forget compiling payloads and operating on disk — this post demonstrates the use of Python’s portable interpreter for in-memory malware…

[Continue reading on InfoSec Wri ... ⌘ [Read more](https://infosecwriteups.com/pythonic-malware-part-3-in-memory-execution-and-modern-evasion-ec3cc1084628?source=rss----7b722bfd1b8d---4) 2022-12-24T17:14:46Z **CRLF Injection — xxx$ — How was it possible for me to earn a bounty with the Cloudflare WAF?**
[![](https://cdn-images-1.medium.com/max/2600/1*ik45QVIqERYZJzW7qF6CWA.png)](https://infosecwriteups.com/crlf-injection-xxx-how-was-it-possible-for-me-to-earn-a-bounty-with-the-cloudflare-waf-f581506f97f5?source=rss----7b722bfd1b8d---4)

I recently discovered a CRLF injection vulnerability on a popular website. In this ... ⌘ [Read more](https://infosecwriteups.com/crlf-injection-xxx-how-was-it-possible-for-me-to-earn-a-bounty-with-the-cloudflare-waf-f581506f97f5?source=rss----7b722bfd1b8d---4) 2022-12-24T17:14:19Z **Know Your Adversary: Cuba Ransomware** ⌘ [Read more](https://infosecwriteups.com/know-your-adversary-cuba-ransomware-7b899be0410d?source=rss----7b722bfd1b8d---4) 2022-12-24T17:12:50Z **Bypass Apple’s redirection process with the dot (“.”) character** ⌘ [Read more](https://infosecwriteups.com/bypass-apples-redirection-process-with-the-dot-character-c47d40537202?source=rss----7b722bfd1b8d---4) 2022-12-26T12:16:59Z **Performing Security Gap Analysis using Breach & Attack Simulation (BAS) Tools**
[![](https://cdn-images-1.medium.com/max/1080/1*SV1x8J-7odUt7A3ivO6xsQ.png)](https://infosecwriteups.com/performing-security-gap-analysis-using-breach-attack-simulation-bas-tools-3717f482cec6?source=rss----7b722bfd1b8d---4)

Continuous Testing and Auditing - Purple Teaming Activity

[Continue reading on InfoSec Write-ups »](https://infosecwriteups ... ⌘ [Read more](https://infosecwriteups.com/performing-security-gap-analysis-using-breach-attack-simulation-bas-tools-3717f482cec6?source=rss----7b722bfd1b8d---4) 2022-12-26T12:16:20Z **Advent of Cyber 2022 [Day 1 — Day 24] All Challenges Walkthrough and Writeups with Answers by…** ⌘ [Read more](https://infosecwriteups.com/advent-of-cyber-2022-day-1-day-24-all-challenges-walkthrough-and-writeups-with-answers-by-c818cda6dc6e?source=rss----7b722bfd1b8d---4) 2022-12-26T12:12:38Z **Understanding the Scapy Module: Its Use in Cyber Security** ⌘ [Read more](https://infosecwriteups.com/understanding-the-scapy-module-its-use-in-cyber-security-434ff8b38dbf?source=rss----7b722bfd1b8d---4) 2022-12-26T12:12:27Z **Endpoint Security: The Protection Mechanism of Web Application and Networks**
[![](https://cdn-images-1.medium.com/max/640/1*dQpUq9djnDQXUl3zzL6nIg.jpeg)](https://infosecwriteups.com/endpoint-security-the-protection-mechanism-of-web-application-and-networks-5ac965935446?source=rss----7b722bfd1b8d---4)

Introduction

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/endpoint-security-the-protection-mechani ... ⌘ [Read more](https://infosecwriteups.com/endpoint-security-the-protection-mechanism-of-web-application-and-networks-5ac965935446?source=rss----7b722bfd1b8d---4) 2022-12-26T12:12:13Z **Securing your Linux server with these best practices**
[![](https://cdn-images-1.medium.com/max/2600/0*FZyLVbnGCCLl6mNf)](https://infosecwriteups.com/securing-your-linux-server-with-these-best-practices-50b30e026bd?source=rss----7b722bfd1b8d---4)

Introduction

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/securing-your-linux-server-with-these-best-practices-50b30e026bd?source=rss----7b722bfd1b8d---4) ⌘ [Read more](https://infosecwriteups.com/securing-your-linux-server-with-these-best-practices-50b30e026bd?source=rss----7b722bfd1b8d---4) 2022-12-26T12:46:36Z **‍IW Weekly #39: $10,000 Bounty, Zero-click Account Takeover, Stored XSS, Open Redirection…** ⌘ [Read more](https://infosecwriteups.com/iw-weekly-39-10-000-bounty-zero-click-account-takeover-stored-xss-open-redirection-2e6bf480bc26?source=rss----7b722bfd1b8d---4) 2022-12-26T13:17:00Z **Advent of Cyber 4 writeup: A case study in digital forensics and incident response**
[![](https://cdn-images-1.medium.com/max/1638/1*L5lJkpAD485TS62RNCTWSw.png)](https://infosecwriteups.com/advent-of-cyber-4-writeup-a-case-study-in-digital-forensics-and-incident-response-4988aae9f48b?source=rss----7b722bfd1b8d---4)

Digital forensics and incident response is a necessary process for any organisation that is serious abo ... ⌘ [Read more](https://infosecwriteups.com/advent-of-cyber-4-writeup-a-case-study-in-digital-forensics-and-incident-response-4988aae9f48b?source=rss----7b722bfd1b8d---4) 2022-12-26T13:22:21Z **You won’t believe how this AI tool can build a website in minutes!** ⌘ [Read more](https://infosecwriteups.com/you-wont-believe-how-this-ai-tool-can-build-a-website-in-minutes-ea0ad7870bf1?source=rss----7b722bfd1b8d---4) 2022-12-26T19:57:29Z **DOM XSS Using Web Messages (Practioner) — Portswigger Lab 1 | Solution and Approach** ⌘ [Read more](https://infosecwriteups.com/dom-xss-using-web-messages-practioner-portswigger-lab-1-solution-and-approach-a9153ec6ac64?source=rss----7b722bfd1b8d---4) 2022-12-27T03:28:18Z **Tautulli 2.1.9 version; Cross-Site Request Forgery (ShutDown) and Denial of Service (Metasploit)** ⌘ [Read more](https://infosecwriteups.com/tautulli-2-1-9-version-cross-site-request-forgery-shutdown-and-denial-of-service-metasploit-f23d6b1fc464?source=rss----7b722bfd1b8d---4) 2022-12-27T08:44:57Z **JNDI Injection Series: RMI Vector — 1** ⌘ [Read more](https://infosecwriteups.com/jndi-injection-series-rmi-vector-1-31044f782daa?source=rss----7b722bfd1b8d---4) 2022-12-27T08:44:42Z **Safe Opener — Reverse Engineering | PicoCTF 2022 Writeup** ⌘ [Read more](https://infosecwriteups.com/safe-opener-reverse-engineering-picoctf-2022-writeup-21b22937b6ae?source=rss----7b722bfd1b8d---4) 2022-12-27T08:44:28Z **Efficient methodology to get P2 level - subdomain takeover vulnerability** ⌘ [Read more](https://infosecwriteups.com/efficient-methodology-to-get-p2-level-subdomain-takeover-vulnerability-3a68b883b150?source=rss----7b722bfd1b8d---4) 2022-12-28T10:57:17Z **The Big Danger With Laravel ( .env file )** ⌘ [Read more](https://infosecwriteups.com/the-big-danger-with-laravel-env-file-403ca60aaf14?source=rss----7b722bfd1b8d---4) 2022-12-28T10:56:52Z **Wireshark twoo — Forensics| PicoCTF Write-up | 100 Points** ⌘ [Read more](https://infosecwriteups.com/wireshark-twoo-forensics-picoctf-write-up-100-points-bb3dbc9e14ec?source=rss----7b722bfd1b8d---4) 2022-12-28T10:56:34Z **Compromising a vulnerable GCP, INE-Labs GCPGoat walkthrough. Part-1** ⌘ [Read more](https://infosecwriteups.com/compromising-a-vulnerable-gcp-ine-labs-gcpgoat-walkthrough-part-1-90090ed0448b?source=rss----7b722bfd1b8d---4) 2022-12-28T12:01:32Z **How I Earned My First Bug Bounty Reward of $1000** ⌘ [Read more](https://infosecwriteups.com/how-i-earned-my-first-bug-bounty-reward-of-1000-9dc6643977e4?source=rss----7b722bfd1b8d---4) 2022-12-28T13:01:29Z **Unauthorized Sign-up on Subdomain of Subdomain leading to Organization takeover worth $2000** ⌘ [Read more](https://infosecwriteups.com/unauthorized-sign-up-on-subdomain-of-subdomain-leading-to-organization-takeover-worth-2000-a7199952d80b?source=rss----7b722bfd1b8d---4) 2022-12-29T12:27:34Z **How Capabilities actually Work ? | Exploitation | Privilege Escalation** ⌘ [Read more](https://infosecwriteups.com/how-capabilities-actually-work-exploitation-privilege-escalation-536afee917ad?source=rss----7b722bfd1b8d---4) 2022-12-29T12:27:11Z **Exploiting XSS with Javascript/JPEG Polyglot** ⌘ [Read more](https://infosecwriteups.com/exploiting-xss-with-javascript-jpeg-polyglot-4cff06f8201a?source=rss----7b722bfd1b8d---4) 2022-12-29T12:30:00Z **Compromising a vulnerable GCP, INE-Labs GCPGoat walkthrough. Part-2** ⌘ [Read more](https://infosecwriteups.com/compromising-a-vulnerable-gcp-ine-labs-gcpgoat-walkthrough-part-2-1674abd16a40?source=rss----7b722bfd1b8d---4) 2022-12-30T09:06:20Z **Infiltration in local network with Raspberry Pi (creating tunnel)** ⌘ [Read more](https://infosecwriteups.com/infiltration-in-local-network-with-raspberry-pi-creating-tunnel-c72b0880146d?source=rss----7b722bfd1b8d---4) 2022-12-30T09:05:44Z **Setting up your bug bounty scripts with Python and Bash** ⌘ [Read more](https://infosecwriteups.com/setting-up-your-bug-bounty-scripts-with-python-and-bash-327baa414c99?source=rss----7b722bfd1b8d---4) 2022-12-30T09:05:03Z **RPS — Binary Exploitation Challenge Writeup | PicoCTF 2022** ⌘ [Read more](https://infosecwriteups.com/rps-binary-exploitation-challenge-writeup-picoctf-2022-5e856321a644?source=rss----7b722bfd1b8d---4) 2022-12-30T10:03:19Z **OSINT Case Study: Validating a website if its fraud or legit** ⌘ [Read more](https://infosecwriteups.com/osint-case-study-validating-a-website-if-its-fraud-or-legit-9c316223e11?source=rss----7b722bfd1b8d---4) 2023-01-02T09:38:46Z **CVE-2022-38627: A journey through SQLite Injection to compromise the whole enterprise building** ⌘ [Read more](https://infosecwriteups.com/cve-2022-38627-a-journey-through-sqlite-injection-to-compromise-the-whole-enterprise-building-15cebd072ed6?source=rss----7b722bfd1b8d---4) 2023-01-02T13:09:53Z **‍IW Weekly #40: Open Redirection Vulnerability, Misconfigured Jira, Bugs in Red Bull, ChatGPT…** ⌘ [Read more](https://infosecwriteups.com/iw-weekly-40-open-redirection-vulnerability-misconfigured-jira-bugs-in-red-bull-chatgpt-ea5ac454d0cf?source=rss----7b722bfd1b8d---4) 2023-01-03T09:31:47Z **Creating Darkweb Crawler using Python and Tor**
[![](https://cdn-images-1.medium.com/max/2600/0*CGUQnNnFQ9OmOoFR)](https://infosecwriteups.com/creating-darkweb-crawler-using-python-and-tor-53169d146301?source=rss----7b722bfd1b8d---4)

In this blog, we will look at a Python script that can be used to crawl the darkweb, and we will discuss the advantages and benefits of…

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/creating-darkw ... ⌘ [Read more](https://infosecwriteups.com/creating-darkweb-crawler-using-python-and-tor-53169d146301?source=rss----7b722bfd1b8d---4) 2023-01-03T09:28:37Z **Golang Programming and Security Vulnerabilities** ⌘ [Read more](https://infosecwriteups.com/golang-programming-and-security-vulnerabilities-fa44811ef028?source=rss----7b722bfd1b8d---4) 2023-01-03T09:25:58Z **Exploring the World of ESI Injection** ⌘ [Read more](https://infosecwriteups.com/exploring-the-world-of-esi-injection-b86234e66f91?source=rss----7b722bfd1b8d---4) 2023-01-06T04:44:49Z **Analysing Command Detected in Request Body** ⌘ [Read more](https://infosecwriteups.com/analysing-command-detected-in-request-body-1524b2744449?source=rss----7b722bfd1b8d---4) 2023-01-08T10:15:01Z **JNDI Injection Series RMI Vector- Insecure Deserialization** ⌘ [Read more](https://infosecwriteups.com/jndi-injection-series-rmi-vector-insecure-deserialization-9b7a4b524d1d?source=rss----7b722bfd1b8d---4) 2023-01-09T18:06:37Z **Beginners Guide to Container Security** ⌘ [Read more](https://infosecwriteups.com/beginners-guide-to-container-security-f7e671522ae3?source=rss----7b722bfd1b8d---4) 2023-01-12T17:29:17Z **TryHackMe writeup: Dunkle Materie**
[![](https://cdn-images-1.medium.com/max/904/1*dZzqgr2SDfcrIPQQqFKQeg.png)](https://infosecwriteups.com/tryhackme-writeup-dunkle-materie-d87df3c02bea?source=rss----7b722bfd1b8d---4)

A case study in using ProcDOT to investigate a ransomware attack

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/tryhackme-writeup-dunkle-materie-d87df3c02bea?source=rss----7b722bfd1b8d---4) ⌘ [Read more](https://infosecwriteups.com/tryhackme-writeup-dunkle-materie-d87df3c02bea?source=rss----7b722bfd1b8d---4) 2023-01-12T17:26:55Z **Illumination — HackTheBox Forensics Writeup | 2023** ⌘ [Read more](https://infosecwriteups.com/illumination-hackthebox-forensics-writeup-2023-57c33008ba4?source=rss----7b722bfd1b8d---4) 2023-01-12T17:40:43Z **Introduction to Digital Forensics** ⌘ [Read more](https://infosecwriteups.com/introduction-to-digital-forensics-12449aa7e399?source=rss----7b722bfd1b8d---4) 2023-01-13T02:13:14Z **JNDI Injection Series: RMI Vector — The Final Piece of The Puzzle** ⌘ [Read more](https://infosecwriteups.com/jndi-injection-series-rmi-vector-the-final-piece-of-the-puzzle-b6a65c4ab330?source=rss----7b722bfd1b8d---4) 2023-01-13T02:12:41Z **6 Tips for a More Secure Supply Chain**
[![](https://cdn-images-1.medium.com/max/1280/1*b6jkZ2d7fsJx22riYJBETw.png)](https://infosecwriteups.com/6-tips-for-a-more-secure-supply-chain-5aeb43d18f0e?source=rss----7b722bfd1b8d---4)

Software supply chain security is a critical concern for organizations, find out how to make yours more secure using industry best…

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/6-tips-for-a-more-secure-supply-c ... ⌘ [Read more](https://infosecwriteups.com/6-tips-for-a-more-secure-supply-chain-5aeb43d18f0e?source=rss----7b722bfd1b8d---4) 2023-01-13T02:11:18Z **Soccer — Hack The Box | Writeup with Flag | 2023** ⌘ [Read more](https://infosecwriteups.com/soccer-hack-the-box-writeup-with-flag-2023-de695a0e54ec?source=rss----7b722bfd1b8d---4) 2023-01-13T10:08:59Z **Juicy Details — TryHackMe Writeup** ⌘ [Read more](https://infosecwriteups.com/juicy-details-tryhackme-writeup-df4a5b2790a9?source=rss----7b722bfd1b8d---4) 2023-01-13T10:06:50Z **Lost Modulus — HackTheBox Crypto Challenge(RSA) Simple Writeup | 2023** ⌘ [Read more](https://infosecwriteups.com/lost-modulus-hackthebox-crypto-challenge-rsa-simple-writeup-2023-67702fd4955e?source=rss----7b722bfd1b8d---4) 2023-01-13T10:02:08Z **Strange 2FA Misconfiguration** ⌘ [Read more](https://infosecwriteups.com/strange-2fa-misconfiguration-ff1d375c447e?source=rss----7b722bfd1b8d---4) 2023-01-13T10:01:08Z **Clear communication is crucial: why writing effective vulnerability reports matters** ⌘ [Read more](https://infosecwriteups.com/clear-communication-is-crucial-why-writing-effective-vulnerability-reports-matters-5f989ee2e401?source=rss----7b722bfd1b8d---4) 2023-01-14T04:32:41Z **OpenAI ChatGPT for Cyber Security** ⌘ [Read more](https://infosecwriteups.com/openai-chatgpt-for-cyber-security-4bc602069f9c?source=rss----7b722bfd1b8d---4) 2023-01-14T04:31:51Z **Kerberos Authentication (again… but better)** ⌘ [Read more](https://infosecwriteups.com/kerberos-authentication-again-but-better-badb5dc88b2d?source=rss----7b722bfd1b8d---4) 2023-01-14T04:31:24Z **HTML injection in an email template** ⌘ [Read more](https://infosecwriteups.com/html-injection-in-an-email-template-f1a3fe77012c?source=rss----7b722bfd1b8d---4) 2023-01-14T04:30:54Z **Discovering vulnerabilities quickly with targeted scanning — Portswigger** ⌘ [Read more](https://infosecwriteups.com/discovering-vulnerabilities-quickly-with-targeted-scanning-portswigger-b8c102f5c3ba?source=rss----7b722bfd1b8d---4) 2023-01-14T04:29:36Z **AWS EC2 Auto Scaling Privilege Escalation** ⌘ [Read more](https://infosecwriteups.com/aws-ec2-auto-scaling-privilege-escalation-d518f8e7f91b?source=rss----7b722bfd1b8d---4) 2023-01-14T04:29:08Z **Shoppy — HackTheBox Machine Simple Writeup | 2023** ⌘ [Read more](https://infosecwriteups.com/shoppy-hackthebox-machine-simple-writeup-2023-8e699d953d65?source=rss----7b722bfd1b8d---4) 2023-01-14T04:36:13Z **Photobomb — HackTheBox Machine Simple Writeup | 2023** ⌘ [Read more](https://infosecwriteups.com/photobomb-hackthebox-machine-simple-writeup-2023-35fad59f02a6?source=rss----7b722bfd1b8d---4) 2023-01-15T03:06:11Z **bWAPP: A Vulnerable Web Application for Practicing Vulnerabilities - Installation Guide** ⌘ [Read more](https://infosecwriteups.com/bwapp-a-vulnerable-web-application-for-practicing-vulnerabilities-installation-guide-146637e2da92?source=rss----7b722bfd1b8d---4) 2023-01-15T03:05:43Z **India’s Aadhar card source code disclosure via exposed .svn/wc.db** ⌘ [Read more](https://infosecwriteups.com/indias-aadhar-card-source-code-disclosure-via-exposed-svn-wc-db-c05519ea7761?source=rss----7b722bfd1b8d---4) 2023-01-15T03:05:24Z **How I was able to hack anonymous texting services?** ⌘ [Read more](https://infosecwriteups.com/how-i-was-able-to-hack-anonymous-texting-services-a6ceab46aa40?source=rss----7b722bfd1b8d---4) 2023-01-15T03:04:39Z **CSRF leads to account takeover in Yahoo!** ⌘ [Read more](https://infosecwriteups.com/csrf-leads-to-account-takeover-in-yahoo-aa96c678d2aa?source=rss----7b722bfd1b8d---4) 2023-01-15T03:04:24Z **How Browser’s Save As Feature might lead to Code Execution (CVE-2022–45415)** ⌘ [Read more](https://infosecwriteups.com/how-browsers-save-as-feature-might-lead-to-code-execution-cve-2022-45415-ebaa8711692?source=rss----7b722bfd1b8d---4) 2023-01-15T03:04:04Z **Exploiting API with AuthToken** ⌘ [Read more](https://infosecwriteups.com/exploiting-api-with-authtoken-3bea7b1fb6a9?source=rss----7b722bfd1b8d---4) 2023-01-15T03:03:46Z **Bypass mysql_real_escape_string and addslashes from Injection Attacks** ⌘ [Read more](https://infosecwriteups.com/bypass-mysql-real-escape-string-and-addslashes-from-injection-attacks-6e64508e011b?source=rss----7b722bfd1b8d---4) 2023-01-15T03:03:16Z **API based IDOR to leaking Private IP address of 6000 businesses** ⌘ [Read more](https://infosecwriteups.com/api-based-idor-to-leaking-private-ip-address-of-6000-businesses-6bc085ac6a6f?source=rss----7b722bfd1b8d---4) 2023-01-15T15:52:55Z **How to spoof e-mails. (DMARC, SPF, and Phishing)** ⌘ [Read more](https://infosecwriteups.com/how-to-spoof-e-mails-dmarc-spf-and-phishing-5184c10679a0?source=rss----7b722bfd1b8d---4) 2023-01-15T15:52:44Z **How to Create Incident Response Plan?** ⌘ [Read more](https://infosecwriteups.com/how-to-create-incident-response-plan-e336244bb491?source=rss----7b722bfd1b8d---4) 2023-01-15T15:52:06Z **Domain Name System 0x1 | DNS 101** ⌘ [Read more](https://infosecwriteups.com/domain-name-system-0x1-dns-101-cb0aba088abb?source=rss----7b722bfd1b8d---4) 2023-01-15T15:51:02Z **How I Found AWS API Keys using “Trufflehog” and Validated them using “enumerate-iam” tool** ⌘ [Read more](https://infosecwriteups.com/how-i-found-aws-api-keys-using-trufflehog-and-validated-them-using-enumerate-iam-tool-cd6ba7c86d09?source=rss----7b722bfd1b8d---4) 2023-01-15T15:50:11Z **Free Cloud (Browser-based) Labs of DVWA and bWAPP** ⌘ [Read more](https://infosecwriteups.com/free-cloud-browser-based-labs-of-dvwa-and-bwapp-bc1dd42a8de?source=rss----7b722bfd1b8d---4) 2023-01-15T15:50:00Z **QuillAudit CTF challenges — Writeups**
[![](https://cdn-images-1.medium.com/max/1584/0*m2kFaDmeO2yrSDdY)](https://infosecwriteups.com/quillaudit-ctf-challenges-writeups-fd5d38f010a4?source=rss----7b722bfd1b8d---4)

Solutions of all retired challenges can be found here.

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/quillaudit-ctf-challenges-writeups-fd5d38f010a4?source=rss----7b722bfd1b8d---4) ⌘ [Read more](https://infosecwriteups.com/quillaudit-ctf-challenges-writeups-fd5d38f010a4?source=rss----7b722bfd1b8d---4) 2023-01-15T15:49:46Z **OWASP TOP 10** ⌘ [Read more](https://infosecwriteups.com/owasp-top-10-93438cd76d14?source=rss----7b722bfd1b8d---4) 2023-01-15T15:49:29Z **Identifying Coin Scammers with Wallet-Tracker** ⌘ [Read more](https://infosecwriteups.com/identifying-coin-scammers-with-wallet-tracker-8925d28d303d?source=rss----7b722bfd1b8d---4) 2023-01-15T15:49:02Z **What You Need to Know About The CISSP Exam?**
[![](https://cdn-images-1.medium.com/max/600/1*9Qn0NRo1qTeAKoZZCo4nOg.jpeg)](https://infosecwriteups.com/what-you-need-to-know-about-the-cissp-exam-a1aefb1cf0e6?source=rss----7b722bfd1b8d---4)

To prepare for the Certified Information Systems Security Professional (CISSP) exam, you should first familiarize yourself with the exam…

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/what-you-ne ... ⌘ [Read more](https://infosecwriteups.com/what-you-need-to-know-about-the-cissp-exam-a1aefb1cf0e6?source=rss----7b722bfd1b8d---4) 2023-01-16T04:58:48Z **The toddler’s introduction to Heap exploitation (Part 2)** ⌘ [Read more](https://infosecwriteups.com/the-toddlers-introduction-to-heap-exploitation-part-2-d1f325b74286?source=rss----7b722bfd1b8d---4) 2023-01-16T04:58:24Z **The toddler’s introduction to Heap exploitation (Part 1)** ⌘ [Read more](https://infosecwriteups.com/the-toddlers-introduction-to-heap-exploitation-part-1-515b3621e0e8?source=rss----7b722bfd1b8d---4) 2023-01-16T04:57:47Z **The toddler’s introduction to Dynamic Memory Allocation** ⌘ [Read more](https://infosecwriteups.com/the-toddlers-introduction-to-dynamic-memory-allocation-300f312cd2db?source=rss----7b722bfd1b8d---4) 2023-01-16T05:00:31Z **The toddler’s introduction to Heap Exploitation, House of Spirit(Part 4.4)** ⌘ [Read more](https://infosecwriteups.com/the-toddlers-introduction-to-heap-exploitation-house-of-spirit-part-4-4-252cd8928f84?source=rss----7b722bfd1b8d---4) 2023-01-16T05:00:19Z **The toddler’s introduction to Heap Exploitation, Unsafe Unlink(Part 4.3)** ⌘ [Read more](https://infosecwriteups.com/the-toddlers-introduction-to-heap-exploitation-unsafe-unlink-part-4-3-75e00e1b0c68?source=rss----7b722bfd1b8d---4) 2023-01-16T05:00:16Z **The toddler’s introduction to Heap Exploitation, FastBin Dup Consolidate (Part 4.2)** ⌘ [Read more](https://infosecwriteups.com/the-toddlers-introduction-to-heap-exploitation-fastbin-dup-consolidate-part-4-2-ce6d68136aa8?source=rss----7b722bfd1b8d---4) 2023-01-16T05:00:11Z **The toddler’s introduction to Heap exploitation, Use After Free & Double free (Part 4)** ⌘ [Read more](https://infosecwriteups.com/use-after-free-13544be5a921?source=rss----7b722bfd1b8d---4) 2023-01-17T09:38:08Z **eLFI already solved it, better get going #BUGCROWD Challenge Walkthrough** ⌘ [Read more](https://infosecwriteups.com/elfi-already-solved-it-better-get-going-bugcrowd-challenge-walkthrough-b83f6921056b?source=rss----7b722bfd1b8d---4) 2023-01-17T09:37:03Z **DOMAIN ADMIN Compromise in 3 HOURS**
[![](https://cdn-images-1.medium.com/max/2394/1*I_AAihoNqZvIyFpyKILiMg.png)](https://infosecwriteups.com/domain-admin-compromise-in-3-hours-5778902604c9?source=rss----7b722bfd1b8d---4)

Hi everyone; I hope you enjoyed my previous blog post on “How I obtained Admin access in 30 minutes” — so today I am bringing you another…

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/domain-admin-compromise-in-3-hours- ... ⌘ [Read more](https://infosecwriteups.com/domain-admin-compromise-in-3-hours-5778902604c9?source=rss----7b722bfd1b8d---4) 2023-01-17T09:36:39Z **Another day, Another major flaw this time in the TransUnion that allows bypassing security** ⌘ [Read more](https://infosecwriteups.com/another-day-another-major-flaw-this-time-in-the-transunion-that-allows-bypassing-security-5c46ea82eae2?source=rss----7b722bfd1b8d---4) 2023-01-17T09:36:25Z **OTP Leaking Through Cookie Leads to Account Takeover** ⌘ [Read more](https://infosecwriteups.com/otp-leaking-through-cookie-leads-to-account-takeover-4fb96f255e2f?source=rss----7b722bfd1b8d---4) 2023-01-17T09:35:57Z **The toddler’s introduction to Heap Exploitation, House of Lore(Part 4.5)** ⌘ [Read more](https://infosecwriteups.com/the-toddlers-introduction-to-heap-exploitation-house-of-lore-part-4-5-1b5865297057?source=rss----7b722bfd1b8d---4) 2023-01-17T09:35:37Z **Phishing Email Analysis: A complete guide** ⌘ [Read more](https://infosecwriteups.com/phishing-email-analysis-a-complete-guide-6e53b057bf4a?source=rss----7b722bfd1b8d---4) 2023-01-17T09:34:47Z **How I found 130+ Sub-domain Takeover vulnerabilities using Nuclei** ⌘ [Read more](https://infosecwriteups.com/how-i-found-130-sub-domain-takeover-vulnerabilities-using-nuclei-39edf89d3c70?source=rss----7b722bfd1b8d---4) 2023-01-17T09:34:28Z **Microsoft bug reports lead to ranking on Microsoft MSRC Quarterly Leaderboard (Q3 2022)** ⌘ [Read more](https://infosecwriteups.com/microsoft-bug-reports-lead-to-ranking-on-microsoft-msrc-quarterly-leaderboard-q3-2022-c6c9f70e2ccd?source=rss----7b722bfd1b8d---4) 2023-01-17T09:33:42Z **Discock Stealer — Another Polymorphic Malware like WASP Stealer** ⌘ [Read more](https://infosecwriteups.com/discock-stealer-another-polymorphic-malware-like-wasp-stealer-3f032e809f?source=rss----7b722bfd1b8d---4) 2023-01-17T09:33:15Z **Tips for BAC and IDOR Vulnerabilities**
[![](https://cdn-images-1.medium.com/max/600/1*SARJqWcducz0fByqmQHq2g.png)](https://infosecwriteups.com/tips-for-bac-and-idor-vulnerabilities-8a3e58f79d95?source=rss----7b722bfd1b8d---4)

Step-by-step guide for uncovering Broken Access Control and Indirect Object Reference vulnerabilities for bug bounty hunters and…

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/tips-for-bac-and-idor-vulnerabilitie ... ⌘ [Read more](https://infosecwriteups.com/tips-for-bac-and-idor-vulnerabilities-8a3e58f79d95?source=rss----7b722bfd1b8d---4) 2023-01-18T17:41:11Z **How I passed the AWS security specialty certification in 2023**
[![](https://cdn-images-1.medium.com/max/2600/0*jqlqeuss528VlwwD)](https://infosecwriteups.com/how-i-passed-the-aws-security-specialty-certification-in-2023-5828b28cac62?source=rss----7b722bfd1b8d---4)

Another year and another cert !

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/how-i-passed-the-aws-security-specialty-certification-in-2023-5828b28ca ... ⌘ [Read more](https://infosecwriteups.com/how-i-passed-the-aws-security-specialty-certification-in-2023-5828b28cac62?source=rss----7b722bfd1b8d---4) 2023-01-18T17:40:21Z **JWT authentication bypass via unverified signature — Portswigger Simple Solution Writeup | 2023** ⌘ [Read more](https://infosecwriteups.com/jwt-authentication-bypass-via-unverified-signature-portswigger-simple-solution-writeup-2023-c306bdf7ce1b?source=rss----7b722bfd1b8d---4) 2023-01-18T17:39:55Z **Software Development Lifecycle (SDLC), DevSecOps, SAST, DAST And IAST Concepts** ⌘ [Read more](https://infosecwriteups.com/software-development-lifecycle-sdlc-devsecops-sast-dast-and-iast-concepts-373491398585?source=rss----7b722bfd1b8d---4) 2023-01-18T17:39:29Z **How to Find Compromised Credentials on Darkweb?**
[![](https://cdn-images-1.medium.com/max/2600/0*AikHmXf4O28uFg3-)](https://infosecwriteups.com/how-to-find-compromised-credentials-on-darkweb-6e2af2b3a0e8?source=rss----7b722bfd1b8d---4)

How many of you often see messages and alerts saying “Your credentials are compromised and found on darkweb”. In this article, let’s…

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/how-to-find-c ... ⌘ [Read more](https://infosecwriteups.com/how-to-find-compromised-credentials-on-darkweb-6e2af2b3a0e8?source=rss----7b722bfd1b8d---4) 2023-01-18T17:39:13Z **Explore Darkweb With These Surface Web Resources: A Large Collection of Darkweb Onion Links**
[![](https://cdn-images-1.medium.com/max/2600/0*wtWtXLaidxQHvkPa)](https://infosecwriteups.com/explore-darkweb-with-these-surface-web-resources-a-large-collection-of-darkweb-onion-links-92a426f9c0f9?source=rss----7b722bfd1b8d---4)

This article presents you with a list of surface web sites that contain a vast number ... ⌘ [Read more](https://infosecwriteups.com/explore-darkweb-with-these-surface-web-resources-a-large-collection-of-darkweb-onion-links-92a426f9c0f9?source=rss----7b722bfd1b8d---4) 2023-01-18T17:38:42Z **Full Team Takeover** ⌘ [Read more](https://infosecwriteups.com/full-team-takeover-678c79842065?source=rss----7b722bfd1b8d---4) 2023-01-18T17:38:08Z **Internet Down!? Here’s how to solve it…** ⌘ [Read more](https://infosecwriteups.com/internet-down-heres-how-to-solve-it-1ca1b485cec2?source=rss----7b722bfd1b8d---4) 2023-01-18T17:37:20Z **How I found 40+ Directory Listing Vulnerabilities of Source Code Disclosure via Exposed WordPress…** ⌘ [Read more](https://infosecwriteups.com/how-i-found-40-websites-source-code-disclosure-via-exposed-wordpress-folders-wp-admin-using-5273ff2ae53d?source=rss----7b722bfd1b8d---4) 2023-01-18T17:36:44Z **How I found Source Code Disclosure via Exposed .git Folder using Google Dorks** ⌘ [Read more](https://infosecwriteups.com/how-i-found-source-code-disclosure-via-exposed-git-folder-using-google-dorks-b6c02af6009a?source=rss----7b722bfd1b8d---4) 2023-01-19T09:51:54Z **Hack File Inclusion in DVWA: A Full Walkthrough — StackZero** ⌘ [Read more](https://infosecwriteups.com/hack-file-inclusion-in-dvwa-a-full-walkthrough-stackzero-ae0ed2670d23?source=rss----7b722bfd1b8d---4) 2023-01-19T09:51:38Z **Cross-site WebSocket hijacking** ⌘ [Read more](https://infosecwriteups.com/cross-site-websocket-hijacking-915f19edf515?source=rss----7b722bfd1b8d---4) 2023-01-19T09:51:09Z **MySQL LOAD_FILE() and INTO OUTFILE() Sql Injection** ⌘ [Read more](https://infosecwriteups.com/mysql-load-file-and-into-outfile-sql-injection-f98ac4774d32?source=rss----7b722bfd1b8d---4) 2023-01-22T18:21:15Z **Reflected XSS Leads to 3,000$ Bug Bounty Rewards from Microsoft Forms** ⌘ [Read more](https://infosecwriteups.com/reflected-xss-leads-to-3-000-bug-bounty-rewards-from-microsoft-forms-efe34fc6b261?source=rss----7b722bfd1b8d---4) 2023-01-22T18:20:22Z **HTTP Request Smuggling — Basic CL.TE vulnerability** ⌘ [Read more](https://infosecwriteups.com/http-request-smuggling-basic-cl-te-vulnerability-a2975c664c53?source=rss----7b722bfd1b8d---4) 2023-01-22T18:18:55Z **Blockchain Security Best Practices: How to Secure Your Transactions in a Decentralized World** ⌘ [Read more](https://infosecwriteups.com/blockchain-security-best-practices-how-to-secure-your-transactions-in-a-decentralized-world-51aa778f560e?source=rss----7b722bfd1b8d---4) 2023-01-23T19:05:45Z **From Failure to Success: My Experience with the HTB CBBH** ⌘ [Read more](https://infosecwriteups.com/from-failure-to-success-my-experience-with-the-htb-cbbh-49f2bfd41582?source=rss----7b722bfd1b8d---4) 2023-01-23T19:04:53Z **Breaking into Cybersecurity as a Developer**
[![](https://cdn-images-1.medium.com/max/2600/0*zQ3ybcNhlO-KcGOX)](https://infosecwriteups.com/breaking-into-cybersecurity-as-a-developer-e47b8ce56dc0?source=rss----7b722bfd1b8d---4)

I just finished my first year working as security engineer and wanted to give a recap of all the things I did to get into my current role…

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/breaking-into-cyberse ... ⌘ [Read more](https://infosecwriteups.com/breaking-into-cybersecurity-as-a-developer-e47b8ce56dc0?source=rss----7b722bfd1b8d---4) 2023-01-23T18:58:06Z **Decrypting HTTPS Traffic as A Hacker** ⌘ [Read more](https://infosecwriteups.com/decrypting-https-traffic-as-a-hacker-323cb7127441?source=rss----7b722bfd1b8d---4) 2023-01-24T06:39:17Z **Basic SSTI — Server-Side Template Injection | 2023** ⌘ [Read more](https://infosecwriteups.com/basic-ssti-server-side-template-injection-2023-da4995583554?source=rss----7b722bfd1b8d---4) 2023-01-24T06:38:37Z **Clipboard Hijacking **
[![](https://cdn-images-1.medium.com/max/2600/0*BLJH59G-r3GpxTNB)](https://infosecwriteups.com/clipboard-hijacking-50f16695ad4a?source=rss----7b722bfd1b8d---4)

What it is, how to do it, and how to prevent it

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/clipboard-hijacking-50f16695ad4a?source=rss----7b722bfd1b8d---4) ⌘ [Read more](https://infosecwriteups.com/clipboard-hijacking-50f16695ad4a?source=rss----7b722bfd1b8d---4) 2023-01-24T06:37:38Z **Malware Alert: Recognizing the Tell-Tale Signs of an Infection** ⌘ [Read more](https://infosecwriteups.com/malware-alert-recognizing-the-tell-tale-signs-of-an-infection-55d9cf23cf89?source=rss----7b722bfd1b8d---4) 2023-01-24T06:37:13Z **I tried to squiz the best from the most bizzar CVE I ever seen (CVE-2021–38759)** ⌘ [Read more](https://infosecwriteups.com/i-tried-to-squiz-the-best-from-the-most-bizzar-cve-i-ever-seen-cve-2021-38759-bf61efb04e2c?source=rss----7b722bfd1b8d---4) 2023-01-24T06:36:51Z **Signal Client v6.2 and earlier versions vulnerable to CVE-2023–24068 & CVE-2023–24069** ⌘ [Read more](https://infosecwriteups.com/signal-client-v6-2-and-earlier-versions-vulnerable-to-cve-2023-24068-cve-2023-24069-296991a9fa02?source=rss----7b722bfd1b8d---4) 2023-01-27T05:55:00Z **Easy XSSHunter Discord Alerts**
[![](https://cdn-images-1.medium.com/max/1920/1*aPB-JqhbH7-rwfrQSF_v5w.png)](https://infosecwriteups.com/easy-xsshunter-discord-alerts-33fcff24a8f7?source=rss----7b722bfd1b8d---4)

This will be a setup guide for XSSHunter and integrating it with Discord

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/easy-xsshunter-discord-alerts-33fcff24a8f7?source=rss----7b722bfd1b8d---4) ⌘ [Read more](https://infosecwriteups.com/easy-xsshunter-discord-alerts-33fcff24a8f7?source=rss----7b722bfd1b8d---4) 2023-01-27T05:54:40Z **MX Takeovers Automated | Subdomain Takeover**
[![](https://cdn-images-1.medium.com/max/2048/0*Ray9VuIww-_es-y3.png)](https://infosecwriteups.com/mx-takeovers-automated-subdomain-takeover-64e658fc4fb7?source=rss----7b722bfd1b8d---4)

Using MX-Takeover is a Go tool that automatically takes over email subdomains services when they become available

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/mx-takeovers-automated-subdomain-takeover-6 ... ⌘ [Read more](https://infosecwriteups.com/mx-takeovers-automated-subdomain-takeover-64e658fc4fb7?source=rss----7b722bfd1b8d---4) 2023-01-27T05:54:19Z **Biggest Cybersecurity Threats in 2023**
[![](https://cdn-images-1.medium.com/max/2600/1*kDRZmVrI-kZuR81L8BaplA.jpeg)](https://infosecwriteups.com/biggest-cybersecurity-threats-in-2023-353d77af8d11?source=rss----7b722bfd1b8d---4)

Stay informed and protect yourself and your organization against Ransomware, Phishing, Advanced persistent threats, IoT threats, Cloud…

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/biggest-cybersecurity-threat ... ⌘ [Read more](https://infosecwriteups.com/biggest-cybersecurity-threats-in-2023-353d77af8d11?source=rss----7b722bfd1b8d---4) 2023-01-27T05:53:52Z **Data Science meets Cyber Security** ⌘ [Read more](https://infosecwriteups.com/data-science-meets-cyber-security-41d5f567b163?source=rss----7b722bfd1b8d---4) 2023-01-27T05:52:51Z **You got Domain Admin, now what?** ⌘ [Read more](https://infosecwriteups.com/you-got-domain-admin-now-what-aab749c4200d?source=rss----7b722bfd1b8d---4) 2023-01-27T05:52:34Z **3 practical steps to learn AWS security in 2023**
[![](https://cdn-images-1.medium.com/max/2600/0*EB0RuwLCBrs6UoHc)](https://infosecwriteups.com/3-practical-steps-to-learn-aws-security-in-2023-3919624a7949?source=rss----7b722bfd1b8d---4)

Follow these steps to get from a beginner to a pro in AWS security

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/3-practical-steps-to-learn-aws-security-in-2023-3919624a7949?source=rss----7b7 ... ⌘ [Read more](https://infosecwriteups.com/3-practical-steps-to-learn-aws-security-in-2023-3919624a7949?source=rss----7b722bfd1b8d---4) 2023-01-27T05:52:09Z **Easy XSSHunter Express Setup Script**
[![](https://cdn-images-1.medium.com/max/2600/1*Wwgr1ooAlb_sV5_LCzRapQ.png)](https://infosecwriteups.com/easy-xsshunter-express-setup-script-d5a66039f7b6?source=rss----7b722bfd1b8d---4)

With xsshunter.com shutting down setting up your own xsshunter will be more important. This script will make it a lot easier

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/easy-xsshunter-express-setup-script-d5a66039f7 ... ⌘ [Read more](https://infosecwriteups.com/easy-xsshunter-express-setup-script-d5a66039f7b6?source=rss----7b722bfd1b8d---4) 2023-02-01T09:32:02Z **Online Income Generation: Balancing Opportunities and Risks in Cybersecurity**
[![](https://cdn-images-1.medium.com/max/2600/1*_QqT_d4Wsxt92LBhnUsbQA.jpeg)](https://infosecwriteups.com/online-income-generation-balancing-opportunities-and-risks-in-cybersecurity-14e1b50e6e93?source=rss----7b722bfd1b8d---4)

Maximizing Earnings While Protecting Your Online Safety: A Guide to Online Income Generation and Cybersecurity

[Continu ... ⌘ [Read more](https://infosecwriteups.com/online-income-generation-balancing-opportunities-and-risks-in-cybersecurity-14e1b50e6e93?source=rss----7b722bfd1b8d---4) 2023-02-01T09:30:11Z **“Zero-Day Exploits: The Dark Side of Technology to your business”** ⌘ [Read more](https://infosecwriteups.com/zero-day-exploits-the-dark-side-of-technology-to-your-business-c6211285148c?source=rss----7b722bfd1b8d---4) 2023-02-01T09:29:47Z **An IDOR vulnerability often hides many others** ⌘ [Read more](https://infosecwriteups.com/an-idor-vulnerability-often-hides-many-others-2893ddd0a0d7?source=rss----7b722bfd1b8d---4) 2023-02-01T09:28:26Z **My First Hall Of Fame with Web Cache Poisoning** ⌘ [Read more](https://infosecwriteups.com/my-first-hall-of-fame-with-web-cache-poisoning-c11749017cd8?source=rss----7b722bfd1b8d---4) 2023-02-01T09:25:55Z **5 Brain Hacks That Made me one among the Top 15 Security Researchers!** ⌘ [Read more](https://infosecwriteups.com/5-brain-hacks-that-made-me-one-among-the-top-15-security-researchers-779db47b3fc9?source=rss----7b722bfd1b8d---4) 2023-02-01T09:25:30Z **Unlocking the Secrets of LSA** ⌘ [Read more](https://infosecwriteups.com/unlocking-the-secrets-of-lsa-5bd29d5c6927?source=rss----7b722bfd1b8d---4) 2023-02-01T09:23:39Z **Network Fundamentals (OSI model, TCP/IP suite, IP addressing, subnetting)** ⌘ [Read more](https://infosecwriteups.com/network-fundamentals-osi-model-tcp-ip-suite-ip-addressing-subnetting-17615d5e97d6?source=rss----7b722bfd1b8d---4) 2023-02-01T09:47:20Z **Increasing your website’s security**
[![](https://cdn-images-1.medium.com/max/2600/0*aBwswgE_rrD6mx7C)](https://infosecwriteups.com/increasing-your-websites-security-a077eeed3226?source=rss----7b722bfd1b8d---4)

I will be going over things you can add to your company's code base to increase the security of your app.

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/increasing-your-websites-security-a077eeed3226?source=rss----7b722bfd1b8d---4) ⌘ [Read more](https://infosecwriteups.com/increasing-your-websites-security-a077eeed3226?source=rss----7b722bfd1b8d---4) 2023-02-01T09:37:45Z **Don’t Give Up On XSS! | Fun Firefox XSS** ⌘ [Read more](https://infosecwriteups.com/dont-give-up-on-xss-fun-firefox-xss-3fce0ee297a?source=rss----7b722bfd1b8d---4) 2023-02-01T09:59:43Z **Phishing Scams Exposed: The Tricks Hackers Use and How to Defend Yourself**
[![](https://cdn-images-1.medium.com/max/2440/1*CT-bqUrY2lpxsuxhfo7vZA.jpeg)](https://infosecwriteups.com/phishing-scams-exposed-the-tricks-hackers-use-and-how-to-defend-yourself-de51315a746e?source=rss----7b722bfd1b8d---4)

A Comprehensive Guide to Understanding and Defending Against Phishing Scams

[Continue reading on InfoSec Write-ups »](https://in ... ⌘ [Read more](https://infosecwriteups.com/phishing-scams-exposed-the-tricks-hackers-use-and-how-to-defend-yourself-de51315a746e?source=rss----7b722bfd1b8d---4) 2023-02-01T09:56:00Z **The Impact of Artificial Intelligence on Exploit Development** ⌘ [Read more](https://infosecwriteups.com/the-impact-of-artificial-intelligence-on-exploit-development-7522bd2dca2b?source=rss----7b722bfd1b8d---4) 2023-02-01T11:02:37Z **The Importance of Backing Up Your Data for ICS Security** ⌘ [Read more](https://infosecwriteups.com/the-importance-of-backing-up-your-data-for-ics-security-3f1f961d253d?source=rss----7b722bfd1b8d---4) 2023-02-02T14:25:06Z **My first Hall Of Fame with a chained Broken Access Control** ⌘ [Read more](https://infosecwriteups.com/my-first-hall-of-fame-with-a-chained-broken-access-control-76f9e2e0e467?source=rss----7b722bfd1b8d---4) 2023-02-02T18:27:11Z **Chocolate Factory TryHackMe Writeup | By Xploit Ayush** ⌘ [Read more](https://infosecwriteups.com/chocolate-factory-tryhackme-writeup-93f82aea19b9?source=rss----7b722bfd1b8d---4) 2023-02-02T18:26:35Z **Cyborg TryHackMe Writeup | By Xploit Ayush** ⌘ [Read more](https://infosecwriteups.com/cyborg-on-tryhackme-b95178e02eb7?source=rss----7b722bfd1b8d---4) 2023-02-02T18:26:00Z **Threat Detection** ⌘ [Read more](https://infosecwriteups.com/threat-detection-b54091f73b?source=rss----7b722bfd1b8d---4) 2023-02-02T18:25:33Z **High Level Analysis of Custom Browsers** ⌘ [Read more](https://infosecwriteups.com/high-level-analysis-of-custom-browsers-5e2eb4142a2?source=rss----7b722bfd1b8d---4) 2023-02-02T18:23:00Z **PhotoBomb Hack the box Walkthrough — [HTB]** ⌘ [Read more](https://infosecwriteups.com/photobomb-hack-the-box-walkthrough-htb-fe7af2f958a6?source=rss----7b722bfd1b8d---4) 2023-02-02T18:22:13Z **Enforce Zero Trust With East‑West Traffic Encryption in Kubernetes with Istio — Part 2** ⌘ [Read more](https://infosecwriteups.com/enforce-zero-trust-with-east-west-traffic-encryption-in-kubernetes-with-istio-part-2-5a3454560353?source=rss----7b722bfd1b8d---4) 2023-02-02T18:21:25Z **Enforce Zero Trust With East‑West Traffic Encryption in Kubernetes with Istio — Part 1** ⌘ [Read more](https://infosecwriteups.com/enforce-zero-trust-with-east-west-traffic-encryption-in-kubernetes-with-istio-e5e1718eee2?source=rss----7b722bfd1b8d---4) 2023-02-06T06:57:15Z **XorXorXor — Hack The Box Crypto Challenge — Writeup| 2023** ⌘ [Read more](https://infosecwriteups.com/xorxorxor-hack-the-box-crypto-challenge-writeup-2023-237bef94d92a?source=rss----7b722bfd1b8d---4) 2023-02-06T06:56:42Z **Risks of Social Media Use** ⌘ [Read more](https://infosecwriteups.com/risks-of-social-media-use-15aae2867116?source=rss----7b722bfd1b8d---4) 2023-02-06T06:54:20Z **Agent Sudo TryHackMe Writeup | By Xploit Ayush** ⌘ [Read more](https://infosecwriteups.com/agent-sudo-on-tryhackme-bff2ac506eb6?source=rss----7b722bfd1b8d---4) 2023-02-06T06:53:48Z **OhSINT TryHackMe Writeup | By Xploit Ayush** ⌘ [Read more](https://infosecwriteups.com/ohsint-on-tryhackme-db8465894688?source=rss----7b722bfd1b8d---4) 2023-02-06T06:53:13Z **Easy Peasy TryHackMe Writeup | By Xploit Ayush** ⌘ [Read more](https://infosecwriteups.com/easy-peasy-on-tryhackme-1d9c0f84983b?source=rss----7b722bfd1b8d---4) 2023-02-06T06:52:32Z **What is Computer Network? | By Xploit Ayush** ⌘ [Read more](https://infosecwriteups.com/what-is-computer-network-db3ce56b933f?source=rss----7b722bfd1b8d---4) 2023-02-06T06:51:52Z **Ambassador Hack the box Walkthrough — [HTB]** ⌘ [Read more](https://infosecwriteups.com/ambassador-hack-the-box-walkthrough-htb-2c9d81eeb293?source=rss----7b722bfd1b8d---4) 2023-02-06T06:51:17Z **Write-up: Information disclosure in version control history @ PortSwigger Academy** ⌘ [Read more](https://infosecwriteups.com/write-up-information-disclosure-in-version-control-history-portswigger-academy-7686d48dd878?source=rss----7b722bfd1b8d---4) 2023-02-06T07:09:50Z **Phoenix Challenges — Stack Four** ⌘ [Read more](https://infosecwriteups.com/phoenix-challenges-stack-four-6366b29a1223?source=rss----7b722bfd1b8d---4) 2023-02-06T06:59:16Z **GraphQL Security Flaws and Exploitation** ⌘ [Read more](https://infosecwriteups.com/graphql-security-flaws-and-exploitation-d3fac0831e7d?source=rss----7b722bfd1b8d---4) 2023-02-06T07:27:19Z **Get Into Cybersecurity in 2023: A Step-by-Step Guide**
[![](https://cdn-images-1.medium.com/max/600/1*n2pWi2gbGZhvaZ_XpIrQ5Q.png)](https://infosecwriteups.com/get-into-cybersecurity-in-2023-a-step-by-step-guide-c1693dc78666?source=rss----7b722bfd1b8d---4)

Unlocking the Secrets to a Successful Cybersecurity Career: A Step-by-Step Guide for Beginners

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/get-into-cybersecurity-in-20 ... ⌘ [Read more](https://infosecwriteups.com/get-into-cybersecurity-in-2023-a-step-by-step-guide-c1693dc78666?source=rss----7b722bfd1b8d---4) 2023-02-06T07:26:24Z **CSRF Where Token is duplicated in Cookie | 2023** ⌘ [Read more](https://infosecwriteups.com/csrf-where-token-is-duplicated-in-cookie-2023-387556f4adb2?source=rss----7b722bfd1b8d---4) 2023-02-06T07:26:08Z **What are the differences between ISO27001:2013 and ISO27001:2022?**
[![](https://cdn-images-1.medium.com/max/2600/1*AyGFQIVKpCaeqb5HERRYGw.jpeg)](https://infosecwriteups.com/what-are-the-differences-between-iso27001-2013-and-iso27001-2022-b3e3996bf8d8?source=rss----7b722bfd1b8d---4)

ISO/IEC 27001:2013 and ISO/IEC 27001:2022 are both international standards for information security management systems (ISMS). Both…

[Continue reading o ... ⌘ [Read more](https://infosecwriteups.com/what-are-the-differences-between-iso27001-2013-and-iso27001-2022-b3e3996bf8d8?source=rss----7b722bfd1b8d---4) 2023-02-06T07:25:38Z **From Freelance to Entrepreneur: Monetizing Your Skills in the Era of Cyber Threats**
[![](https://cdn-images-1.medium.com/max/2600/1*qjuZnAsQiGFIuE_-X-wGPQ.jpeg)](https://infosecwriteups.com/from-freelance-to-entrepreneur-monetizing-your-skills-in-the-era-of-cyber-threats-3fbd13cf3734?source=rss----7b722bfd1b8d---4)

Navigating the Digital Landscape: Strategies for Monetizing Your Skills in the Face of Cyber Threats

 ... ⌘ [Read more](https://infosecwriteups.com/from-freelance-to-entrepreneur-monetizing-your-skills-in-the-era-of-cyber-threats-3fbd13cf3734?source=rss----7b722bfd1b8d---4) 2023-02-06T07:15:11Z **Source Code Analysis Tool — SAST** ⌘ [Read more](https://infosecwriteups.com/source-code-analysis-tool-sast-74509564e316?source=rss----7b722bfd1b8d---4) 2023-02-06T07:36:15Z **Scheduling Recon Scripts with Docker**
[![](https://cdn-images-1.medium.com/max/2600/0*Q3d0MwVvj0MCwmw3)](https://infosecwriteups.com/scheduling-recon-scripts-with-docker-794c46794c28?source=rss----7b722bfd1b8d---4)

Cronjobs are useful for scheduling tasks to run automatically at a specified time or interval. In this tutorial, we’ll go over how to set…

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/scheduling-recon-scripts-with-docker-79 ... ⌘ [Read more](https://infosecwriteups.com/scheduling-recon-scripts-with-docker-794c46794c28?source=rss----7b722bfd1b8d---4) 2023-02-06T07:35:49Z **Exploiting CSRF chaining with IDOR** ⌘ [Read more](https://infosecwriteups.com/exploiting-csrf-chaining-with-idor-7617371ce6e3?source=rss----7b722bfd1b8d---4) 2023-02-06T07:35:35Z **Understanding and Preventing CSRF AttackAbout CSRF** ⌘ [Read more](https://infosecwriteups.com/understanding-and-preventing-csrf-attackabout-csrf-a107a5b5ddb5?source=rss----7b722bfd1b8d---4) 2023-02-06T07:32:04Z **Bypass SSL Pinning in Android Phones — Part 2** ⌘ [Read more](https://infosecwriteups.com/bypass-ssl-pinning-in-android-phones-part-2-cda0f6d3913f?source=rss----7b722bfd1b8d---4) 2023-02-06T07:31:47Z **Bypass SSL Pinning in Android Phones — Part 1** ⌘ [Read more](https://infosecwriteups.com/bypass-ssl-pinning-in-android-phones-part-1-296f9915b273?source=rss----7b722bfd1b8d---4) 2023-02-06T07:31:22Z **Exploring FTP Vulnerabilities through Hands-On Testing in a Virtual Lab Environment** ⌘ [Read more](https://infosecwriteups.com/exploring-ftp-vulnerabilities-through-hands-on-testing-in-a-virtual-lab-environment-48a44be3a73?source=rss----7b722bfd1b8d---4) 2023-02-06T07:30:40Z **SERIALIZATION VULNERABILITIES [JAVA][Explained & Exploited]** ⌘ [Read more](https://infosecwriteups.com/serialization-vulnerabilities-java-explained-exploited-4e2ccf45eba0?source=rss----7b722bfd1b8d---4) 2023-02-06T07:29:59Z **Password Reset Poisoning with Host Header Injection** ⌘ [Read more](https://infosecwriteups.com/password-reset-poisoning-with-host-header-injection-345b902a9ca5?source=rss----7b722bfd1b8d---4) 2023-02-06T10:06:52Z **‍IW Weekly #41: VueJS XSS, Critical Car-Vulnerabilities, $1000 IAP Proxy Misconfiguration in…** ⌘ [Read more](https://infosecwriteups.com/iw-weekly-41-vuejs-xss-critical-car-vulnerabilities-1000-iap-proxy-misconfiguration-in-1a5eb5b4ca9e?source=rss----7b722bfd1b8d---4) 2023-02-06T11:05:20Z **‍IW Weekly #42: $1M bounty explained, GCP takeover, iOS pentesting, Smart Contract…** ⌘ [Read more](https://infosecwriteups.com/iw-weekly-42-1m-bounty-explained-gcp-takeover-ios-pentesting-smart-contract-bdacf89016d0?source=rss----7b722bfd1b8d---4) 2023-02-06T15:38:36Z **‍IW Weekly #45: RCE in Avaya Aura Device Services, Bypass Sign-Up Pages, JWT Hacking, Broken…** ⌘ [Read more](https://infosecwriteups.com/iw-weekly-45-rce-in-avaya-aura-device-services-bypass-sign-up-pages-jwt-hacking-broken-80eb19b6cf34?source=rss----7b722bfd1b8d---4) 2023-02-07T03:18:05Z **Attacking and securing Docker containers** ⌘ [Read more](https://infosecwriteups.com/attacking-and-securing-docker-containers-cc8c80f05b5b?source=rss----7b722bfd1b8d---4) 2023-02-07T03:16:56Z **ROP chains on ARM64** ⌘ [Read more](https://infosecwriteups.com/rop-chains-on-arm64-6ff10368798f?source=rss----7b722bfd1b8d---4) 2023-02-07T03:16:23Z **Ransomware Negotiations: Do’s and Don’ts**
[![](https://cdn-images-1.medium.com/max/2600/0*88EUrbnopOsFhN9e)](https://infosecwriteups.com/ransomware-negotiations-dos-and-don-ts-5f89883be705?source=rss----7b722bfd1b8d---4)

Negotiating with the threat actors during a ransomware attack is always stressful and challenging. In this article let us see what to do…

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/ransomware-negotiations-dos-and- ... ⌘ [Read more](https://infosecwriteups.com/ransomware-negotiations-dos-and-don-ts-5f89883be705?source=rss----7b722bfd1b8d---4) 2023-02-07T03:15:58Z **BRO SCIENCE [HTB | MEDIUM]** ⌘ [Read more](https://infosecwriteups.com/bro-science-htb-medium-ac5ee09cbdda?source=rss----7b722bfd1b8d---4) 2023-02-07T03:14:57Z **Stocker — HackTheBox Machine Simple Writeup | 2023** ⌘ [Read more](https://infosecwriteups.com/stocker-hackthebox-machine-simple-writeup-2023-316497ed30f7?source=rss----7b722bfd1b8d---4) 2023-02-07T03:14:31Z **SANS 2022 Holiday Hack Challenge & KringleCon**
[![](https://cdn-images-1.medium.com/max/600/1*_Q4h4Kcjq7BvvxNLt6qtCw.png)](https://infosecwriteups.com/sans-2022-holiday-hack-challenge-kringlecon-f0c71e7c2169?source=rss----7b722bfd1b8d---4)

PCAP file & Windows event logs investigation

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/sans-2022-holiday-hack-challenge-kringlecon-f0c71e7c2169?source=rss----7b722bfd1b8d---4) ⌘ [Read more](https://infosecwriteups.com/sans-2022-holiday-hack-challenge-kringlecon-f0c71e7c2169?source=rss----7b722bfd1b8d---4) 2023-02-07T03:14:05Z **BabyEncryption — Hack The Box | Simple Write-up | 2023** ⌘ [Read more](https://infosecwriteups.com/babyencryption-hack-the-box-simple-write-up-2023-c2da8a041df7?source=rss----7b722bfd1b8d---4) 2023-02-07T03:11:44Z **CORS Vulnerability with Basic Origin Reflection | 2023** ⌘ [Read more](https://infosecwriteups.com/cors-vulnerability-with-basic-origin-reflection-2023-43ee788f54f1?source=rss----7b722bfd1b8d---4) 2023-02-07T03:11:24Z **CRLF-Carriage Return and Line Feed in Short | 2023** ⌘ [Read more](https://infosecwriteups.com/crlf-carriage-return-and-line-feed-in-short-2023-1647758900f0?source=rss----7b722bfd1b8d---4) 2023-02-07T03:11:04Z **Confidential — TryHackMe Writeup | Karthikeyan Nagaraj** ⌘ [Read more](https://infosecwriteups.com/confidential-tryhackme-writeup-karthikeyan-nagaraj-32dcf4a133d7?source=rss----7b722bfd1b8d---4) 2023-02-07T14:12:29Z **Penetrating firewalls: an in-depth analysis** ⌘ [Read more](https://infosecwriteups.com/penetrating-firewalls-an-in-depth-analysis-d87a2766a3f1?source=rss----7b722bfd1b8d---4) 2023-02-07T18:38:13Z **Creating your own tools to hunt bugs, a power often neglected** ⌘ [Read more](https://infosecwriteups.com/create-your-own-tools-for-hunting-bugs-a-power-often-neglected-186213e4d206?source=rss----7b722bfd1b8d---4) 2023-02-07T18:34:26Z **Reveal the Cloud with Google Dorks**
[![](https://cdn-images-1.medium.com/max/600/1*sNaLLv3pQOOf3IvA3lZLyQ.png)](https://infosecwriteups.com/uncover-hidden-gems-in-the-cloud-with-google-dorks-8621e56a329d?source=rss----7b722bfd1b8d---4)

Find sensitive data in Amazon AWS, Google Cloud, and more

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/uncover-hidden-gems-in-the-cloud-with-google-dorks-8621e56a329d?source=rss----7b722bf ... ⌘ [Read more](https://infosecwriteups.com/uncover-hidden-gems-in-the-cloud-with-google-dorks-8621e56a329d?source=rss----7b722bfd1b8d---4) 2023-02-07T18:33:07Z **Tryhackme Topic wise Rooms List** ⌘ [Read more](https://infosecwriteups.com/tryhackme-topic-wise-rooms-list-5bd4fe3eca55?source=rss----7b722bfd1b8d---4) 2023-02-07T18:55:09Z **GETTING STARTED IN CYBER SECURITY** ⌘ [Read more](https://infosecwriteups.com/getting-started-in-cyber-security-ba3638de1fa9?source=rss----7b722bfd1b8d---4) 2023-02-07T18:54:31Z **Burp Suite Android Emulator**
[![](https://cdn-images-1.medium.com/max/952/1*07ty2SLygAFCHGPYRZvzQA.png)](https://infosecwriteups.com/burp-suite-android-emulator-5c030d420394?source=rss----7b722bfd1b8d---4)

Guide to setup Burp Suite on your Android Emulator

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/burp-suite-android-emulator-5c030d420394?source=rss----7b722bfd1b8d---4) ⌘ [Read more](https://infosecwriteups.com/burp-suite-android-emulator-5c030d420394?source=rss----7b722bfd1b8d---4) 2023-02-07T18:52:27Z **Your own VPN with WireGuard (Raspberry Pi)**
This guide will walk you through the process of setting up a VPN with WireGuard. WireGuard is a modern and secure VPN that is very easy to…

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/your-own-vpn-with-wireguard-raspberry-pi-286d9902f6d2?source=rss----7b722bfd1b8d---4) ⌘ [Read more](https://infosecwriteups.com/your-own-vpn-with-wireguard-raspberry-pi-286d9902f6d2?source=rss----7b722bfd1b8d---4) 2023-02-07T18:52:07Z **Basic server-side template injection (code context) | 2023** ⌘ [Read more](https://infosecwriteups.com/basic-server-side-template-injection-code-context-2023-444f71b178bf?source=rss----7b722bfd1b8d---4) 2023-02-07T18:51:32Z **Web3 Security: Protecting Your Digital Assets in the Decentralized World** ⌘ [Read more](https://infosecwriteups.com/web3-security-protecting-your-digital-assets-in-the-decentralized-world-7272de827f1a?source=rss----7b722bfd1b8d---4) 2023-02-07T18:51:06Z **Does it really helps? Partially redacting account numbers contained in the credit report.** ⌘ [Read more](https://infosecwriteups.com/does-it-really-helps-partially-redacting-account-numbers-contained-in-the-credit-report-83b88290e2d4?source=rss----7b722bfd1b8d---4) 2023-02-07T18:50:29Z **SSRF in redacted.com: How I Found and Reported a Vulnerability** ⌘ [Read more](https://infosecwriteups.com/ssrf-in-redacted-com-how-i-found-and-reported-a-vulnerability-46df4202604f?source=rss----7b722bfd1b8d---4) 2023-02-07T18:45:28Z **Elliptic Curve Cryptography Basics | Cryptography | Blockchain** ⌘ [Read more](https://infosecwriteups.com/elliptic-curve-cryptography-basics-cryptography-blockchain-7797ba1021ed?source=rss----7b722bfd1b8d---4) 2023-02-07T19:09:23Z **CISSP Exam Prep: Why Training with Practice Questions is the Best Approach**
[![](https://cdn-images-1.medium.com/max/2600/1*Gt1BQvURX6Sx5-lhO7kUFA.jpeg)](https://infosecwriteups.com/cissp-exam-prep-why-training-with-practice-questions-is-the-best-approach-8ae76d6c5fbe?source=rss----7b722bfd1b8d---4)

Maximizing your study efforts and acing the exam: An in-depth look at the benefits of training with practice questions

[Conti ... ⌘ [Read more](https://infosecwriteups.com/cissp-exam-prep-why-training-with-practice-questions-is-the-best-approach-8ae76d6c5fbe?source=rss----7b722bfd1b8d---4) 2023-02-07T19:08:41Z **zxcvbn Password Strength Estimator**
[![](https://cdn-images-1.medium.com/max/1342/1*o7tV8tYwExCvNxTaY3-f4A.png)](https://infosecwriteups.com/implementing-zxcvbn-a-password-strength-estimator-96192af9800a?source=rss----7b722bfd1b8d---4)

Implementing zxcvbn for your web app is relatively straightforward, and can provide significant benefits in terms of password security.

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/implemen ... ⌘ [Read more](https://infosecwriteups.com/implementing-zxcvbn-a-password-strength-estimator-96192af9800a?source=rss----7b722bfd1b8d---4) 2023-02-07T19:08:19Z **The Benefits of Implementing a Bug Bounty Program for Your Web App**
[![](https://cdn-images-1.medium.com/max/1948/0*k22eviDynBcyJMKz.png)](https://infosecwriteups.com/the-benefits-of-implementing-a-bug-bounty-program-for-your-web-app-4047723b1a96?source=rss----7b722bfd1b8d---4)

A bug bounty program is a crowdsourced approach to identifying and addressing security vulnerabilities in a web application.

[Continue reading on InfoSec ... ⌘ [Read more](https://infosecwriteups.com/the-benefits-of-implementing-a-bug-bounty-program-for-your-web-app-4047723b1a96?source=rss----7b722bfd1b8d---4) 2023-02-07T19:08:01Z **The Right Time for a Bug Bounty and Security Team**
Starting a bug bounty program and hiring a security team are important steps for companies to take to ensure the security and…

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/the-right-time-for-a-bug-bounty-and-security-team-256d4f4db026?source=rss----7b722bfd1b8d---4) ⌘ [Read more](https://infosecwriteups.com/the-right-time-for-a-bug-bounty-and-security-team-256d4f4db026?source=rss----7b722bfd1b8d---4) 2023-02-07T19:07:44Z **Step into the World of Virtual Home Labs and Enhance Your Cybersecurity Skills** ⌘ [Read more](https://infosecwriteups.com/step-into-the-world-of-virtual-home-labs-and-enhance-your-cybersecurity-skills-55f190361bf7?source=rss----7b722bfd1b8d---4) 2023-02-07T19:07:21Z **Forcing for a bounty$$** ⌘ [Read more](https://infosecwriteups.com/forcing-for-a-bounty-b637c468d7bd?source=rss----7b722bfd1b8d---4) 2023-02-07T19:05:22Z **Wardrive without a GPS module and WiFi adapter that supports monitor mode, but a Raspberry Pi** ⌘ [Read more](https://infosecwriteups.com/wardrive-without-a-gps-module-and-wifi-adapter-that-supports-monitor-mode-but-a-raspberry-pi-b00d5d85cfa?source=rss----7b722bfd1b8d---4) 2023-02-07T19:05:03Z **TAKING OVER MALWARE USING MACHINE LEARNING.** ⌘ [Read more](https://infosecwriteups.com/taking-over-malware-using-machine-learning-979b5839adc3?source=rss----7b722bfd1b8d---4) 2023-02-07T19:04:42Z **ARE SMART CONTRACTS REALLY SMART?** ⌘ [Read more](https://infosecwriteups.com/are-smart-contracts-really-smart-8565afe2bd0c?source=rss----7b722bfd1b8d---4) 2023-02-07T19:04:18Z **SSRF — Server Side Request Forgery** ⌘ [Read more](https://infosecwriteups.com/ssrf-server-side-request-forgery-2865e87efc3?source=rss----7b722bfd1b8d---4) 2023-02-08T04:58:57Z **Cryptography for Blockchain Security** ⌘ [Read more](https://infosecwriteups.com/cryptography-for-blockchain-security-4d19e1ed7189?source=rss----7b722bfd1b8d---4) 2023-02-08T04:58:41Z **The Role of Hash Functions in Cryptography** ⌘ [Read more](https://infosecwriteups.com/the-role-of-hash-functions-in-cryptography-7c2d958d44a8?source=rss----7b722bfd1b8d---4) 2023-02-08T06:02:32Z **Chaining Bugs to get my First Bug Bounty** ⌘ [Read more](https://infosecwriteups.com/chaining-bugs-to-get-my-first-bug-bounty-7e94afb704e7?source=rss----7b722bfd1b8d---4) 2023-02-08T20:06:31Z **Impact of Ransomware Attacks on Businesses and Individuals**
[![](https://cdn-images-1.medium.com/max/2600/1*IMRutv0dsGPbG5r-3kRlXA.jpeg)](https://infosecwriteups.com/impact-of-ransomware-attacks-on-businesses-and-individuals-cc6b35620887?source=rss----7b722bfd1b8d---4)

Exploring the Devastating Effects and Importance of Implementing Preventative Measures

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/impact-of-rans ... ⌘ [Read more](https://infosecwriteups.com/impact-of-ransomware-attacks-on-businesses-and-individuals-cc6b35620887?source=rss----7b722bfd1b8d---4) 2023-02-10T19:47:46Z **Discovering the Power of ChatGPT: My Experiences and Insights** ⌘ [Read more](https://infosecwriteups.com/blog-discovering-the-power-of-chatgpt-my-experiences-and-insights-dce17501b420?source=rss----7b722bfd1b8d---4) 2023-02-10T19:47:19Z **How I Was Able to Takeover User Accounts via CSRF on an E-Commerce Website** ⌘ [Read more](https://infosecwriteups.com/how-i-was-able-to-takeover-user-accounts-via-csrf-on-an-e-commerce-website-1e2dcf740c3d?source=rss----7b722bfd1b8d---4) 2023-02-10T19:47:06Z **Disabling js for the win**
[![](https://cdn-images-1.medium.com/max/955/1*Wko_iRGw-bwXRs8SzzLBsQ.png)](https://infosecwriteups.com/disabling-js-for-the-win-9d13c606f910?source=rss----7b722bfd1b8d---4)

,or how reading the html code w/ care lead to rce through file upload

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/disabling-js-for-the-win-9d13c606f910?source=rss----7b722bfd1b8d---4) ⌘ [Read more](https://infosecwriteups.com/disabling-js-for-the-win-9d13c606f910?source=rss----7b722bfd1b8d---4) 2023-02-10T19:46:47Z **XSS vulnerability** ⌘ [Read more](https://infosecwriteups.com/xss-vulnerability-3c1fd09b58c1?source=rss----7b722bfd1b8d---4) 2023-02-10T19:46:26Z **Securing Azure: Hunting with AzureHound** ⌘ [Read more](https://infosecwriteups.com/securing-azure-hunting-with-azurehound-d7ebb58e0fde?source=rss----7b722bfd1b8d---4) 2023-02-10T19:44:20Z **Familiat Recon Tools for Pentesting and Bug Bounty** ⌘ [Read more](https://infosecwriteups.com/familiat-recon-tools-for-pentesting-and-bug-bounty-b13dff19b2fa?source=rss----7b722bfd1b8d---4) 2023-02-10T19:43:52Z **SameSite Lax Bypass through Method Override | 2023** ⌘ [Read more](https://infosecwriteups.com/samesite-lax-bypass-through-method-override-2023-46fa30535410?source=rss----7b722bfd1b8d---4) 2023-02-10T19:43:39Z **Making $500 by flipping a 0 to 1**
[![](https://cdn-images-1.medium.com/max/2600/0*64LstVWur0b0jNB9)](https://infosecwriteups.com/making-500-by-flipping-a-0-to-1-d2f5a36f3f84?source=rss----7b722bfd1b8d---4)

I recently found my first vulnerability in the wild. The vulnerability was a P1 and all I had to do was turn a 0 into a 1.

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/making-500-by-flipping-a-0-to-1-d2f5a36f3f84?source=rss----7b722bfd1b ... ⌘ [Read more](https://infosecwriteups.com/making-500-by-flipping-a-0-to-1-d2f5a36f3f84?source=rss----7b722bfd1b8d---4) 2023-02-10T19:42:37Z **Half a hundred linux binaries to read the secret flag (suid)** ⌘ [Read more](https://infosecwriteups.com/half-a-hundred-linux-binaries-to-read-the-secret-flag-suid-2e24e5833c1d?source=rss----7b722bfd1b8d---4) 2023-02-10T19:42:08Z **What is a Malware ?** ⌘ [Read more](https://infosecwriteups.com/what-is-a-malware-f600c51d209a?source=rss----7b722bfd1b8d---4) 2023-02-10T19:53:10Z **Brooklyn Nine Nine TryHackMe Writeup | By Xploit Ayush** ⌘ [Read more](https://infosecwriteups.com/brooklyn-nine-nine-on-tryhackme-447af65d153?source=rss----7b722bfd1b8d---4) 2023-02-10T19:52:59Z **Hydra TryHackMe Writeup | By Xploit Ayush** ⌘ [Read more](https://infosecwriteups.com/hydra-tryhackme-writeup-7669445aad78?source=rss----7b722bfd1b8d---4) 2023-02-10T19:52:37Z **STOCKER [HTB-EASY]** ⌘ [Read more](https://infosecwriteups.com/stocker-htb-easy-2a9e2551378b?source=rss----7b722bfd1b8d---4) 2023-02-10T19:52:25Z **ASSOCIATION RULE MINING** ⌘ [Read more](https://infosecwriteups.com/association-rule-mining-6443a0cffb55?source=rss----7b722bfd1b8d---4) 2023-02-10T19:52:00Z **WHEN CLUSTERING MEETS CYBER-SECURITY:** ⌘ [Read more](https://infosecwriteups.com/when-clustering-meets-cyber-security-24ed8d5392ad?source=rss----7b722bfd1b8d---4) 2023-02-10T19:50:19Z **How to test Exposed API Keys using Nuclei** ⌘ [Read more](https://infosecwriteups.com/how-to-test-exposed-api-keys-using-nuclei-8d496eeeaec2?source=rss----7b722bfd1b8d---4) 2023-02-11T17:59:29Z **what is an IP address ?** ⌘ [Read more](https://infosecwriteups.com/what-is-an-ip-address-62f99c6afd4d?source=rss----7b722bfd1b8d---4) 2023-02-11T17:59:07Z **CyberVerse — Introducing a Cyber Security Community** ⌘ [Read more](https://infosecwriteups.com/cyberverse-introducing-a-cyber-security-community-e35a63e69c72?source=rss----7b722bfd1b8d---4) 2023-02-11T17:57:55Z **ChatGPT can boost your Threat Modeling skills**
[![](https://cdn-images-1.medium.com/max/2600/0*mu1aZZi2hbEAlytS)](https://infosecwriteups.com/chatgpt-can-boost-your-threat-modeling-skills-ab82149d0140?source=rss----7b722bfd1b8d---4)

Use ChatGPT to turbo-charge your cybersecurity processes

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/chatgpt-can-boost-your-threat-modeling-skills-ab82149d0140?source=rss----7b722bfd1b8d---4) ⌘ [Read more](https://infosecwriteups.com/chatgpt-can-boost-your-threat-modeling-skills-ab82149d0140?source=rss----7b722bfd1b8d---4) 2023-02-12T10:32:40Z **SQL INJECTIONS** ⌘ [Read more](https://infosecwriteups.com/sql-injections-b1d1da3751e5?source=rss----7b722bfd1b8d---4) 2023-02-12T14:19:37Z **BROKEN FUNCTION LEVEL AUTHORIZATION [API SECURITY — 0x2]** ⌘ [Read more](https://infosecwriteups.com/broken-function-level-authorization-api-security-0x2-23a6d7c1aa46?source=rss----7b722bfd1b8d---4) 2023-02-13T15:28:16Z **OWASP Top 10: A Guide for Pen-Testers & Bug Bounty Hunters**
[![](https://cdn-images-1.medium.com/max/2600/0*dQCfae0xzla80MmA)](https://infosecwriteups.com/owasp-top-10-a-guide-for-pen-testers-bug-bounty-hunters-ac0a5e951a7c?source=rss----7b722bfd1b8d---4)

In this article, we will look at OWASP and the top 10 web application vulnerabilities from OWASP. This is a useful topic for both web app…

[Continue reading on InfoSec Write-ups »](https:/ ... ⌘ [Read more](https://infosecwriteups.com/owasp-top-10-a-guide-for-pen-testers-bug-bounty-hunters-ac0a5e951a7c?source=rss----7b722bfd1b8d---4) 2023-02-13T15:48:06Z **Step-1 in Cybersecurity “How to Spot Phishing Emails?”**
[![](https://cdn-images-1.medium.com/max/2600/1*aQNhkfSiuN7LKFS6JmoQDQ.jpeg)](https://infosecwriteups.com/step-1-in-cybersecurity-how-to-spot-phishing-emails-22f60dd22d35?source=rss----7b722bfd1b8d---4)

According to a report by Verizon, 32% of all data breaches involve phishing. In this article, we will see how to spot phishing emails and…

[Continue reading on InfoSec Write-ups »](https:// ... ⌘ [Read more](https://infosecwriteups.com/step-1-in-cybersecurity-how-to-spot-phishing-emails-22f60dd22d35?source=rss----7b722bfd1b8d---4) 2023-02-13T15:47:43Z **5G Security: Understanding the Risks and How to Mitigate Them** ⌘ [Read more](https://infosecwriteups.com/5g-security-understanding-the-risks-and-how-to-mitigate-them-9d355d5f6a91?source=rss----7b722bfd1b8d---4) 2023-02-16T12:31:30Z **HTB | Photobomb | Walkthrough** ⌘ [Read more](https://infosecwriteups.com/htb-photobomb-walkthrough-d007e9d6001e?source=rss----7b722bfd1b8d---4) 2023-02-16T12:31:22Z **Banking Trojan Analysis** ⌘ [Read more](https://infosecwriteups.com/banking-trojan-analysis-edb374bdb9d9?source=rss----7b722bfd1b8d---4) 2023-02-16T12:31:16Z **Have a safe flight (hacking the boarding pass)** ⌘ [Read more](https://infosecwriteups.com/have-a-safe-flight-hacking-the-boarding-pass-6016a2a6ff59?source=rss----7b722bfd1b8d---4) 2023-02-16T12:31:00Z **Top Paid Cybersecurity Affiliate Programs To Earn Passive Income**
[![](https://cdn-images-1.medium.com/max/2600/0*TuNBtGWRPbwFR84h)](https://infosecwriteups.com/top-paid-cybersecurity-affiliate-programs-to-earn-passive-income-d1293298ca49?source=rss----7b722bfd1b8d---4)

In this article, we will see what are the top paid cyber security affiliate programs from where you can earn easy passive income and…

[Continue reading on InfoSec W ... ⌘ [Read more](https://infosecwriteups.com/top-paid-cybersecurity-affiliate-programs-to-earn-passive-income-d1293298ca49?source=rss----7b722bfd1b8d---4) 2023-02-16T12:30:26Z **Bypass Jailbreak Detection in Flutter apps**
[![](https://cdn-images-1.medium.com/max/1024/1*6kWMpKjnmOD15BWTg9qjgg.png)](https://infosecwriteups.com/bypass-jailbreak-detection-in-flutter-apps-ce732afbdee8?source=rss----7b722bfd1b8d---4)

If you ever worked on a mobile Flutter application for a big company, or if you ever needed to treat your users’ personal data carefully…

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/bypass-jailb ... ⌘ [Read more](https://infosecwriteups.com/bypass-jailbreak-detection-in-flutter-apps-ce732afbdee8?source=rss----7b722bfd1b8d---4) 2023-02-16T12:29:43Z **TypoSquatting Malware Analysis** ⌘ [Read more](https://infosecwriteups.com/typosquatting-malware-analysis-6e4830268743?source=rss----7b722bfd1b8d---4) 2023-02-16T12:29:07Z **The Dark Side of Social Media: Understanding and Protecting Yourself from Social Engineering…** ⌘ [Read more](https://infosecwriteups.com/the-dark-side-of-social-media-understanding-and-protecting-yourself-from-social-engineering-70341f03ae68?source=rss----7b722bfd1b8d---4) 2023-02-16T12:28:25Z **Securing the Cloud: Best Practices for Protecting Your Data in the Cloud** ⌘ [Read more](https://infosecwriteups.com/securing-the-cloud-best-practices-for-protecting-your-data-in-the-cloud-ad9b63304533?source=rss----7b722bfd1b8d---4) 2023-02-16T12:27:59Z **A tale of a full Business Takeover — Red Team Diaries** ⌘ [Read more](https://infosecwriteups.com/a-tale-of-a-full-business-takeover-red-team-diaries-fe7a6a7acaef?source=rss----7b722bfd1b8d---4) 2023-02-16T12:27:38Z **Reverse Engineering — An Overview** ⌘ [Read more](https://infosecwriteups.com/reverse-engineering-an-overview-fb4bb1543982?source=rss----7b722bfd1b8d---4) 2023-02-22T07:19:14Z **USB Forensics 101**
[![](https://cdn-images-1.medium.com/max/639/0*rQX6gaEz_qbNmc4b)](https://infosecwriteups.com/usb-forensics-101-444faf737c4c?source=rss----7b722bfd1b8d---4)

Ever wondered what the digital footprint of using USB devices is? Let’s take a look into this in this introduction to USB forensics.

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/usb-forensics-101-444faf737c4c?source=rss----7b722bfd1b8d---4) ⌘ [Read more](https://infosecwriteups.com/usb-forensics-101-444faf737c4c?source=rss----7b722bfd1b8d---4) 2023-02-22T10:50:10Z **Exploiting Remote Command Execution Vulnerability in EasyNAS** ⌘ [Read more](https://infosecwriteups.com/exploiting-remote-command-execution-vulnerability-in-easynas-e1db70c93186?source=rss----7b722bfd1b8d---4) 2023-02-22T11:09:05Z **OT Security in the Age of Industrial Internet of Things (IIoT)** ⌘ [Read more](https://infosecwriteups.com/ot-security-in-the-age-of-industrial-internet-of-things-iiot-db3f8f7d5adb?source=rss----7b722bfd1b8d---4) 2023-02-22T11:08:46Z **HubSpot Full Account Takeover in Bug Bounty** ⌘ [Read more](https://infosecwriteups.com/hubspot-full-account-takeover-in-bug-bounty-4e2047914ab5?source=rss----7b722bfd1b8d---4) 2023-02-22T11:08:10Z **Securing OT Systems: A Practical Guide** ⌘ [Read more](https://infosecwriteups.com/securing-ot-systems-a-practical-guide-827d1a5d9515?source=rss----7b722bfd1b8d---4) 2023-02-22T11:07:51Z **API Security for Developers** ⌘ [Read more](https://infosecwriteups.com/api-security-for-developers-58f971bcc2c1?source=rss----7b722bfd1b8d---4) 2023-02-22T11:03:37Z **Business logic flaw, the enemy of scanners** ⌘ [Read more](https://infosecwriteups.com/business-logic-flaw-the-enemy-of-scanners-45e96304f55f?source=rss----7b722bfd1b8d---4) 2023-02-22T11:03:19Z **Tryhackme Sighunt Writeup/Walkthrough** ⌘ [Read more](https://infosecwriteups.com/sighunt-tryhackme-writeup-be7ae0d7d3a2?source=rss----7b722bfd1b8d---4) 2023-02-22T11:03:05Z **Valentine Special Challenge | Tryhackme Writeup/Walkthrough | by Md Amiruddin** ⌘ [Read more](https://infosecwriteups.com/valentine-special-challenge-tryhackme-writeup-walkthrough-by-md-amiruddin-3277be20cb8b?source=rss----7b722bfd1b8d---4) 2023-02-22T11:02:56Z **Vulnhub Writeup/Walkthrough SickOS 1.1 | By Md Amiruddin** ⌘ [Read more](https://infosecwriteups.com/sickos-1-1-capture-the-flag-walkthrough-27eb77acfc41?source=rss----7b722bfd1b8d---4) 2023-02-22T11:02:11Z **Vulnhub Machine-Toppo Writeup/Walkthrough | By Md Amiruddin** ⌘ [Read more](https://infosecwriteups.com/toppo-capture-the-flag-walkthrough-d7ace3aa811f?source=rss----7b722bfd1b8d---4) 2023-02-22T11:01:23Z **Solving CTF’s Cryptography using ChatGPT | 2023** ⌘ [Read more](https://infosecwriteups.com/solving-ctfs-cryptography-using-chatgpt-2023-7800e42ea3ff?source=rss----7b722bfd1b8d---4) 2023-02-26T13:10:43Z **Find Hidden WiFi SSIDs With Aircrack-ng** ⌘ [Read more](https://infosecwriteups.com/find-hidden-wifi-ssids-with-aircrack-ng-ee7301248280?source=rss----7b722bfd1b8d---4) 2023-02-26T13:10:26Z **How I was able to Turn a XSS into A Account Takeover** ⌘ [Read more](https://infosecwriteups.com/how-i-was-able-to-turn-a-xss-into-a-account-takeover-ae0c478640e7?source=rss----7b722bfd1b8d---4) 2023-02-26T13:09:59Z **Bypassing CORS configurations to produce an Account Takeover for Fun and Profit** ⌘ [Read more](https://infosecwriteups.com/bypassing-cors-configurations-to-produce-an-account-takeover-for-fun-and-profit-3e50c3f2a124?source=rss----7b722bfd1b8d---4) 2023-03-01T14:19:09Z **How to Speed up the WPA/WPA2 Password Cracking Process using Cowpatty** ⌘ [Read more](https://infosecwriteups.com/how-to-speed-up-the-wpa-wpa2-password-cracking-process-using-cowpatty-8ca3c77ee836?source=rss----7b722bfd1b8d---4) 2023-03-01T14:18:45Z **WordPress Plugins Security Analysis** ⌘ [Read more](https://infosecwriteups.com/wordpress-plugins-security-analysis-61184d783d0c?source=rss----7b722bfd1b8d---4) 2023-03-01T14:17:30Z **Exploring Web3 Security: A Step-by-Step Guide to Creating Proof of Concepts for Previous Findings** ⌘ [Read more](https://infosecwriteups.com/exploring-web3-security-a-step-by-step-guide-to-creating-proof-of-concepts-for-previous-findings-22db1135566?source=rss----7b722bfd1b8d---4) 2023-03-01T14:16:55Z **Intro to Cloud Security | Tryhackme Writeup/Walkthrough | By Md Amiruddin** ⌘ [Read more](https://infosecwriteups.com/intro-to-cloud-security-tryhackme-writeup-walkthrough-by-md-amiruddin-6952ad717974?source=rss----7b722bfd1b8d---4) 2023-03-01T14:15:18Z **SSRF That Allowed Us to Access Whole Infra Web Services and Many More** ⌘ [Read more](https://infosecwriteups.com/ssrf-that-allowed-us-to-access-whole-infra-web-services-and-many-more-3424f8efa0e4?source=rss----7b722bfd1b8d---4) 2023-03-01T14:12:00Z **Cybersecurity/Ethical hacking: A Beginners Guide to Getting Started** ⌘ [Read more](https://infosecwriteups.com/cybersecurity-ethical-hacking-a-beginners-guide-d9cfd463338f?source=rss----7b722bfd1b8d---4) 2023-03-01T14:10:24Z **OpenEMR 5.0.1.3 — (Authenticated) Arbitrary File Actions** ⌘ [Read more](https://infosecwriteups.com/openemr-5-0-1-3-authenticated-arbitrary-file-actions-f7006e636b8c?source=rss----7b722bfd1b8d---4) 2023-03-02T15:22:39Z **TryHackMe writeup: Basic Static Analysis**
[![](https://cdn-images-1.medium.com/max/1444/1*3Tq4sMr03o312ZhLdZwu4A.png)](https://infosecwriteups.com/tryhackme-writeup-basic-static-analysis-1cd423cb4880?source=rss----7b722bfd1b8d---4)

An application of static analysis in the reverse engineering of software to study the behaviour of malware

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/tryhackme-writeup-basic-static-analysis-1cd423cb488 ... ⌘ [Read more](https://infosecwriteups.com/tryhackme-writeup-basic-static-analysis-1cd423cb4880?source=rss----7b722bfd1b8d---4) 2023-03-05T07:31:51Z **Wi-Fi Marauder with ESP32 and Flipper Zero** ⌘ [Read more](https://infosecwriteups.com/wi-fi-marauder-with-esp32-and-flipper-zero-39fea6741c92?source=rss----7b722bfd1b8d---4) 2023-03-05T07:31:36Z **RCE Writeups** ⌘ [Read more](https://infosecwriteups.com/command-injection-by-changing-the-logo-2d730887ab6c?source=rss----7b722bfd1b8d---4) 2023-03-05T07:31:02Z **Forgot Hack The box Walkthrough — [HTB]** ⌘ [Read more](https://infosecwriteups.com/forgot-hack-the-box-walkthrough-htb-e571fd151f9a?source=rss----7b722bfd1b8d---4) 2023-03-05T07:30:03Z **Exploiting SQL Injection in Graphql | DVGA |** ⌘ [Read more](https://infosecwriteups.com/exploiting-sql-injection-in-graphql-dvga-907fb65c6a14?source=rss----7b722bfd1b8d---4) 2023-03-05T07:29:52Z **How to Improve Your Bug Bounty Performance Over Time?**
[![](https://cdn-images-1.medium.com/max/2600/0*8TzLl6OIvQZxkhYE)](https://infosecwriteups.com/how-to-improve-your-bug-bounty-performance-over-time-5f4ace641db0?source=rss----7b722bfd1b8d---4)

This is how you can track and improve your bug bounty performance over a time. It is a cyclic process of improvement.

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/how-to-impr ... ⌘ [Read more](https://infosecwriteups.com/how-to-improve-your-bug-bounty-performance-over-time-5f4ace641db0?source=rss----7b722bfd1b8d---4) 2023-03-05T07:29:13Z **TryHackMe writeup: Simple CTF**
[![](https://cdn-images-1.medium.com/max/1920/1*UdEHlPoN8DrqF3dfWDHEsQ.png)](https://infosecwriteups.com/tryhackme-writeup-simple-ctf-89e9c5a3bea1?source=rss----7b722bfd1b8d---4)

In this article, I’ll fix a Python SQL injection exploit, escalate privileges on a Linux system through vim and do more fun hacking stuff!

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/tryhackme-writeup-simple-ctf-89e9c5a3bea1?source=rss ... ⌘ [Read more](https://infosecwriteups.com/tryhackme-writeup-simple-ctf-89e9c5a3bea1?source=rss----7b722bfd1b8d---4) 2023-03-07T08:12:51Z **JWT [JSON WEB TOKENS] [EXPLANATION & EXPLOITATION] (0x01)** ⌘ [Read more](https://infosecwriteups.com/jwt-json-web-tokens-explanation-exploitation-0x01-babed5881b1e?source=rss----7b722bfd1b8d---4) 2023-03-07T08:12:21Z **Don’t Send a Message to anyone Before Reading This: Account Takeover Vulnerability [External Audit]** ⌘ [Read more](https://infosecwriteups.com/dont-send-a-message-to-anyone-before-reading-this-account-takeover-vulnerability-external-audit-cf584a0c983c?source=rss----7b722bfd1b8d---4) 2023-03-07T08:32:42Z **AI security — the new face of application security**
[![](https://cdn-images-1.medium.com/max/2600/0*mLCJBPVxZW7Kw025)](https://infosecwriteups.com/ai-security-the-new-face-of-application-security-84e4ba7a678b?source=rss----7b722bfd1b8d---4)

How AI based application risks are a new blind spot in cybersecurity

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/ai-security-the-new-face-of-application-security-84e4ba7a678b?source=rs ... ⌘ [Read more](https://infosecwriteups.com/ai-security-the-new-face-of-application-security-84e4ba7a678b?source=rss----7b722bfd1b8d---4) 2023-03-07T18:39:19Z **Understanding RSA Encryption: The Rivest-Shamir-Adleman Algorithm** ⌘ [Read more](https://infosecwriteups.com/understanding-rsa-encryption-the-rivest-shamir-adleman-algorithm-6c2b423468d1?source=rss----7b722bfd1b8d---4) 2023-03-07T18:39:10Z **Why WordPress should abandon Old PHP Password encryption algorithms.** ⌘ [Read more](https://infosecwriteups.com/why-wordpress-should-abandon-old-php-password-encryption-algorithms-ca3afa23e013?source=rss----7b722bfd1b8d---4) 2023-03-07T18:38:59Z **Account Pre-Takeover Bug Bounty** ⌘ [Read more](https://infosecwriteups.com/account-pre-takeover-bug-bounty-f4f739913ed0?source=rss----7b722bfd1b8d---4) 2023-03-07T18:34:30Z **Approaching Login,Signup Pages and Change Password Instances for Bug Bounty Hunting** ⌘ [Read more](https://infosecwriteups.com/approaching-login-signup-pages-and-change-password-instances-for-bug-bounty-hunting-99819b24e258?source=rss----7b722bfd1b8d---4) 2023-03-07T18:34:00Z **Intro to Containerisation | Tryhackme Writeup/Walkthrough | by Md Amiruddin** ⌘ [Read more](https://infosecwriteups.com/intro-to-containerisation-tryhackme-writeup-walkthrough-by-md-amiruddin-49a517d4d8d4?source=rss----7b722bfd1b8d---4) 2023-03-07T18:33:50Z **Dependency Management | Tryhackme Writeup/Walkthrough | By Md Amiruddin** ⌘ [Read more](https://infosecwriteups.com/dependency-management-tryhackme-writeup-walkthrough-by-md-amiruddin-842858d846db?source=rss----7b722bfd1b8d---4) 2023-03-07T18:30:23Z **Information Disclosure Vulnerability in Adobe Experience Manager affecting multiple companies…** ⌘ [Read more](https://infosecwriteups.com/information-disclosure-vulnerability-in-adobe-experience-manager-affecting-multiple-companies-2fb0558cd957?source=rss----7b722bfd1b8d---4) 2023-03-07T18:29:33Z **RainyDay Hack The Box Walkthrough — [HTB]** ⌘ [Read more](https://infosecwriteups.com/rainyday-hack-the-box-walkthrough-htb-53490f8fb09f?source=rss----7b722bfd1b8d---4) 2023-03-08T08:36:41Z **Shellcodes are dead, long live Fileless Shellcodes** ⌘ [Read more](https://infosecwriteups.com/shellcodes-are-dead-long-live-fileless-shellcodes-609cbacd5cb0?source=rss----7b722bfd1b8d---4) 2023-03-08T09:52:32Z **How to Find Your First Bug: Motivation and Tips for Bug Bounty Hunting**
[![](https://cdn-images-1.medium.com/max/1200/1*kBUIEXh_TB3g7844R8O3zw.png)](https://infosecwriteups.com/how-to-find-your-first-bug-motivation-and-tips-for-bug-bounty-hunting-5e7343066d0c?source=rss----7b722bfd1b8d---4)

Learn how to succeed in Bug Bounty hunting with these tips. Take your time, stay focused, and ask the right questions to find potential…

[ ... ⌘ [Read more](https://infosecwriteups.com/how-to-find-your-first-bug-motivation-and-tips-for-bug-bounty-hunting-5e7343066d0c?source=rss----7b722bfd1b8d---4) 2023-03-08T09:52:14Z **Putting it all together | Tryhackme Writeup/Walkthrough | By Md Amiruddin** ⌘ [Read more](https://infosecwriteups.com/putting-it-all-together-tryhackme-writeup-walkthrough-by-md-amiruddin-8a1bf4cfa455?source=rss----7b722bfd1b8d---4) 2023-03-08T09:51:52Z **Burp Suite: Extender | Tryhackme Writeup/Walkthrough | By Md Amiruddin** ⌘ [Read more](https://infosecwriteups.com/burp-suite-extender-tryhackme-writeup-walkthrough-by-md-amiruddin-75df263d2749?source=rss----7b722bfd1b8d---4) 2023-03-08T09:51:25Z **Cross-site Scripting | Tryhackme Room Writeup/Walkthrough | By Md Amiruddin** ⌘ [Read more](https://infosecwriteups.com/cross-site-scripting-tryhackme-room-writeup-walkthrough-by-md-amiruddin-5baf3a4d96e2?source=rss----7b722bfd1b8d---4) 2023-03-08T09:50:16Z **How To Start Bug Bounty Hunting**
[![](https://cdn-images-1.medium.com/max/1200/1*OWnD-GZ4PShEkhlYiMcolw.jpeg)](https://infosecwriteups.com/how-to-start-bug-bounty-hunting-94b1ff3dda27?source=rss----7b722bfd1b8d---4)

Short & Basic Intro to Bug Bounty World

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/how-to-start-bug-bounty-hunting-94b1ff3dda27?source=rss----7b722bfd1b8d---4) ⌘ [Read more](https://infosecwriteups.com/how-to-start-bug-bounty-hunting-94b1ff3dda27?source=rss----7b722bfd1b8d---4) 2023-03-08T09:46:07Z **Log4j Vulnerability Cheatsheet**
[![](https://cdn-images-1.medium.com/max/1200/1*1myKN69NDgLOP6WinRFe_g.png)](https://infosecwriteups.com/log4j-vulnerability-cheatsheet-66b7aeabc607?source=rss----7b722bfd1b8d---4)

How it works, where to practice, and how to identify

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/log4j-vulnerability-cheatsheet-66b7aeabc607?source=rss----7b722bfd1b8d---4) ⌘ [Read more](https://infosecwriteups.com/log4j-vulnerability-cheatsheet-66b7aeabc607?source=rss----7b722bfd1b8d---4) 2023-03-08T09:45:45Z **How to Create an Evil Twin or Fake Access Point** ⌘ [Read more](https://infosecwriteups.com/how-to-create-an-evil-twin-or-fake-access-point-82451b837415?source=rss----7b722bfd1b8d---4) 2023-03-08T09:45:03Z **5 ChatGPT Prompts for Bug Bounty**
[![](https://cdn-images-1.medium.com/max/600/1*WdrSCnXPejImEydT_R9iGg.png)](https://infosecwriteups.com/5-chatgpt-prompts-for-bug-bounty-6b7365d61b58?source=rss----7b722bfd1b8d---4)

JS, XSS, CSRF, and Decoding Made Easy with ChatGPT

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/5-chatgpt-prompts-for-bug-bounty-6b7365d61b58?source=rss----7b722bfd1b8d---4) ⌘ [Read more](https://infosecwriteups.com/5-chatgpt-prompts-for-bug-bounty-6b7365d61b58?source=rss----7b722bfd1b8d---4) 2023-03-08T09:44:43Z **Unconventional Threat Intelligence: Leveraging Discord for News Feed** ⌘ [Read more](https://infosecwriteups.com/unconventional-threat-intelligence-leveraging-discord-for-news-feed-5085004a830d?source=rss----7b722bfd1b8d---4) 2023-03-08T09:44:15Z **SOCCER [HTB-EASY]** ⌘ [Read more](https://infosecwriteups.com/soccer-htb-easy-d2062aff5fa9?source=rss----7b722bfd1b8d---4) 2023-03-08T19:31:32Z **Can you spot the vulnerability? #16022023 — Intigriti** ⌘ [Read more](https://infosecwriteups.com/can-you-spot-the-vulnerability-16022023-intigriti-a46068e557cc?source=rss----7b722bfd1b8d---4) 2023-03-09T01:41:26Z **Windows Forensic 101: How to Perform Forensic Investigation of Windows Machine?**
[![](https://cdn-images-1.medium.com/max/1200/0*GI5_y6xuQQzpRo1i.jpg)](https://infosecwriteups.com/windows-forensic-101-how-to-perform-forensic-investigation-of-windows-machine-d1dfbea20254?source=rss----7b722bfd1b8d---4)

In this article, we will discuss how to perform Windows Forensic Investigation to detect hidden threats along with a che ... ⌘ [Read more](https://infosecwriteups.com/windows-forensic-101-how-to-perform-forensic-investigation-of-windows-machine-d1dfbea20254?source=rss----7b722bfd1b8d---4) 2023-03-10T03:31:31Z **Leek NFT challenge#0223 — Intigriti** ⌘ [Read more](https://infosecwriteups.com/leek-nft-challenge-0223-intigriti-67fc49be4bb6?source=rss----7b722bfd1b8d---4) 2023-03-10T14:42:05Z **Fixing your AWS Cloud with Prowler** ⌘ [Read more](https://infosecwriteups.com/fixing-your-aws-cloud-with-prowler-399ddea45a79?source=rss----7b722bfd1b8d---4) 2023-03-10T19:09:32Z **How I Found My First Bug in Android App** ⌘ [Read more](https://infosecwriteups.com/how-i-found-my-first-bug-in-android-41153093ba57?source=rss----7b722bfd1b8d---4) 2023-03-10T19:08:06Z **AMSI Bypass New Way 2023** ⌘ [Read more](https://infosecwriteups.com/amsi-bypass-new-way-2023-d506345944e9?source=rss----7b722bfd1b8d---4) 2023-03-10T19:07:49Z **Rxss inside href attribute - Bypassing lots of weird checks to takeover accounts!** ⌘ [Read more](https://infosecwriteups.com/rxss-inside-href-attribute-bypassing-lots-of-weird-checks-to-takeover-accounts-b4c8b4e70877?source=rss----7b722bfd1b8d---4) 2023-03-10T19:21:57Z **How i was able to find Django Misconfiguration using Shodan.** ⌘ [Read more](https://infosecwriteups.com/how-i-was-able-to-find-django-misconfiguration-using-shodan-3929942a3940?source=rss----7b722bfd1b8d---4) 2023-03-10T19:20:55Z **hta Malware analysis** ⌘ [Read more](https://infosecwriteups.com/hta-malware-analysis-96bd9263208?source=rss----7b722bfd1b8d---4) 2023-03-10T19:20:22Z **Bug Bounty Manual Recon Guide** ⌘ [Read more](https://infosecwriteups.com/bug-bounty-manual-recon-guide-57e1e5a06dd7?source=rss----7b722bfd1b8d---4) 2023-03-10T19:17:22Z **Introducing Edge: A Recon Tool for Cloud Provider Attribution** ⌘ [Read more](https://infosecwriteups.com/introducing-edge-a-recon-tool-for-cloud-provider-attribution-2306cc88899a?source=rss----7b722bfd1b8d---4) 2023-03-10T19:16:01Z **Escape HTB Walkthrough** ⌘ [Read more](https://infosecwriteups.com/escape-htb-walkthrough-1c2f9042f0a9?source=rss----7b722bfd1b8d---4) 2023-03-10T19:15:46Z **Reverse Engineering a Native Desktop Application (Tauri App)** ⌘ [Read more](https://infosecwriteups.com/reverse-engineering-a-native-desktop-application-tauri-app-5a2d92772da5?source=rss----7b722bfd1b8d---4) 2023-03-10T19:32:30Z **Exploiting Android Vulnerabilities with Malicious Third-Party Apps (featuring Oversecured APK)** ⌘ [Read more](https://infosecwriteups.com/exploiting-android-vulnerabilities-with-malicious-third-party-apps-featuring-oversecured-apk-adea3241ce49?source=rss----7b722bfd1b8d---4) 2023-03-10T19:31:28Z **Click Me and I Shall Conquer!** ⌘ [Read more](https://infosecwriteups.com/click-me-and-i-shall-conquer-d2684dc25a41?source=rss----7b722bfd1b8d---4) 2023-03-10T19:30:48Z **Assess Maturity of Your Cyber Security Program With This Free Tool**
[![](https://cdn-images-1.medium.com/max/600/1*f5vE0LPJSIPI7JsRReLd3w.png)](https://infosecwriteups.com/assess-maturity-of-your-cyber-security-program-with-this-free-tool-371c69a624ec?source=rss----7b722bfd1b8d---4)

Assess your cyber security maturity level with this free tool. If you’re a Security Manager or CISO or a Cyber Security Consultant, this…

[Continue r ... ⌘ [Read more](https://infosecwriteups.com/assess-maturity-of-your-cyber-security-program-with-this-free-tool-371c69a624ec?source=rss----7b722bfd1b8d---4) 2023-03-10T19:29:55Z **ChatGPT for Bug Bounty: Faster Hunting and Reporting**
[![](https://cdn-images-1.medium.com/max/600/1*SwD7EaUqGx9q-gT9PFI3Sg.png)](https://infosecwriteups.com/chatgpt-for-bug-bounty-faster-hunting-and-reporting-ad8b556f79f3?source=rss----7b722bfd1b8d---4)

Save Time, Learn Technical Skills, and Write Effective Reports with AI-Powered ChatGPT

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/chatgpt-for-bug-bounty-faster-huntin ... ⌘ [Read more](https://infosecwriteups.com/chatgpt-for-bug-bounty-faster-hunting-and-reporting-ad8b556f79f3?source=rss----7b722bfd1b8d---4) 2023-03-10T19:29:30Z **Interesting Stored XSS in sandboxed environment to Full Account Takeover** ⌘ [Read more](https://infosecwriteups.com/interesting-stored-xss-in-sandboxed-environment-to-full-account-takeover-32e541062938?source=rss----7b722bfd1b8d---4) 2023-03-10T20:11:27Z **Bypassing Asymmetric Client Side Encryption Without Private Key** ⌘ [Read more](https://infosecwriteups.com/bypassing-asymmetric-client-side-encryption-without-private-key-822ed0d8aeb6?source=rss----7b722bfd1b8d---4) 2023-03-10T23:16:41Z **Simple Guide to do Brute Force Login Using Burp Suite** ⌘ [Read more](https://infosecwriteups.com/simple-guide-to-do-brute-force-login-using-burp-suite-94a34a51d44b?source=rss----7b722bfd1b8d---4) 2023-03-11T00:16:48Z **Account Takeover: An Epic Bug Bounty Story** ⌘ [Read more](https://infosecwriteups.com/account-takeover-an-epic-bug-bounty-story-dd5468d5773d?source=rss----7b722bfd1b8d---4) 2023-03-11T14:31:59Z **Hard-Coded credentials in Android app** ⌘ [Read more](https://infosecwriteups.com/what-is-in-the-strings-xml-b204b2e9bd67?source=rss----7b722bfd1b8d---4) 2023-03-11T14:28:17Z **Diamond Model | Tryhackme Writeup/Walkthrough | By Md Amiruddin** ⌘ [Read more](https://infosecwriteups.com/diamond-model-tryhackme-writeup-walkthrough-by-md-amiruddin-25eaa582c4?source=rss----7b722bfd1b8d---4) 2023-03-12T12:32:04Z **Risk vs Threat: The Fatal Mistake You’re Making in Your Security Strategies**
[![](https://cdn-images-1.medium.com/max/2600/0*2By-iP-p0v3kMLQp)](https://infosecwriteups.com/risk-vs-threat-the-fatal-mistake-youre-making-in-your-security-strategies-978b142006a?source=rss----7b722bfd1b8d---4)

Risk and Threat are two terms that are often used interchangeably. In this article, we will see why it’s a blunder mistake to do that.

[C ... ⌘ [Read more](https://infosecwriteups.com/risk-vs-threat-the-fatal-mistake-youre-making-in-your-security-strategies-978b142006a?source=rss----7b722bfd1b8d---4) 2023-03-12T15:32:08Z **8 Free Websites To Check If Your Email Address Is Compromised?**
[![](https://cdn-images-1.medium.com/max/1515/1*e7SjQ0E5fKYFhuD5i_gsnQ.png)](https://infosecwriteups.com/8-free-websites-to-check-if-your-email-address-is-compromised-7e8742e099c6?source=rss----7b722bfd1b8d---4)

You can use these 8 free open source tools to check if your email address, phone numbers, and passwords are breached in cyber attacks.

[Continue reading on InfoSe ... ⌘ [Read more](https://infosecwriteups.com/8-free-websites-to-check-if-your-email-address-is-compromised-7e8742e099c6?source=rss----7b722bfd1b8d---4) 2023-03-13T03:34:58Z **XXE with ChatGPT**
[![](https://cdn-images-1.medium.com/max/600/1*i8cWSZxOHK1r0p0EMXw7XA.png)](https://infosecwriteups.com/xxe-with-chatgpt-3e4aa7c4b9c9?source=rss----7b722bfd1b8d---4)

Generate Custom XXE Payloads with AI

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/xxe-with-chatgpt-3e4aa7c4b9c9?source=rss----7b722bfd1b8d---4) ⌘ [Read more](https://infosecwriteups.com/xxe-with-chatgpt-3e4aa7c4b9c9?source=rss----7b722bfd1b8d---4) 2023-03-13T03:34:45Z **How to Master in Real Cyber Threat Intelligence? Build Military-Grade Intelligence Skills!**
[![](https://cdn-images-1.medium.com/max/887/0*YrumDIaAMJNd3w4r)](https://infosecwriteups.com/how-to-master-in-real-cyber-threat-intelligence-build-military-grade-intelligence-skills-7df418b4b508?source=rss----7b722bfd1b8d---4)

Resharing news and deploying IOCs is not real cyber threat intelligence. See how to develop ... ⌘ [Read more](https://infosecwriteups.com/how-to-master-in-real-cyber-threat-intelligence-build-military-grade-intelligence-skills-7df418b4b508?source=rss----7b722bfd1b8d---4) 2023-03-13T03:34:13Z **Is the CEH exam difficult? Guide to pass it with a perfect score.** ⌘ [Read more](https://infosecwriteups.com/is-the-ceh-exam-difficult-guide-to-pass-it-with-a-perfect-score-27a5917e14b6?source=rss----7b722bfd1b8d---4) 2023-03-13T03:33:23Z **IoT Protocols(MQTT ve CoAP)** ⌘ [Read more](https://infosecwriteups.com/iot-protocols-mqtt-ve-coap-220cd187c245?source=rss----7b722bfd1b8d---4) 2023-03-13T08:08:48Z **Subdomain takeover on open.itu.edu via Shopify** ⌘ [Read more](https://infosecwriteups.com/subdomain-takeover-on-open-itu-edu-via-shopify-6b83ea970f3d?source=rss----7b722bfd1b8d---4) 2023-03-13T09:32:03Z **How I Leak Other’s Access Token by Exploiting Evil Deeplink Flaw** ⌘ [Read more](https://infosecwriteups.com/how-i-leak-others-access-token-by-exploiting-evil-deeplink-flaw-a0a566677639?source=rss----7b722bfd1b8d---4) 2023-03-14T09:31:35Z **TryHackMe Walthrough — Bugged** ⌘ [Read more](https://infosecwriteups.com/tryhackme-walthrough-bugged-d057cbc3ebf5?source=rss----7b722bfd1b8d---4) 2023-03-14T11:23:12Z **Zero to Hero: DOM XSS** ⌘ [Read more](https://infosecwriteups.com/zero-to-hero-dom-xss-d291d62432d8?source=rss----7b722bfd1b8d---4) 2023-03-14T12:26:43Z **TryHackMe writeup: Attacktive Directory**
[![](https://cdn-images-1.medium.com/max/1409/1*pkGgeXcrKXaHU2eki1bOHQ.png)](https://infosecwriteups.com/tryhackme-writeup-attacktive-directory-23d0705e46cb?source=rss----7b722bfd1b8d---4)

In this article, I will hack into an Active Directory system with Impacket and other tools

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/tryhackme-writeup-attacktive-directory-23d0705e46cb?source=rss----7b72 ... ⌘ [Read more](https://infosecwriteups.com/tryhackme-writeup-attacktive-directory-23d0705e46cb?source=rss----7b722bfd1b8d---4) 2023-03-14T14:55:30Z **Web Application Security | Tryhackme Writeup/Walkthrough | By Md Amiruddin** ⌘ [Read more](https://infosecwriteups.com/web-application-security-tryhackme-writeup-walkthrough-by-md-amiruddin-d7fdcb849494?source=rss----7b722bfd1b8d---4) 2023-03-15T19:21:00Z **What is SQL Injection and How Does it Work** ⌘ [Read more](https://infosecwriteups.com/what-is-sql-injection-6985c298ea20?source=rss----7b722bfd1b8d---4) 2023-03-15T19:20:52Z **Bypassing Character Limit — XSS Using Spanned Payload** ⌘ [Read more](https://infosecwriteups.com/bypassing-character-limit-xss-using-spanned-payload-7301ffac226e?source=rss----7b722bfd1b8d---4) 2023-03-17T09:33:30Z **Anatomy of a Reflected XSS: My Discovery on a Microsoft’s Subdomain** ⌘ [Read more](https://infosecwriteups.com/anatomy-of-a-reflected-xss-my-discovery-on-a-microsofts-subdomain-7a237aba4392?source=rss----7b722bfd1b8d---4) 2023-03-17T09:32:37Z **Red Team Fundamentals | Tryhackme Writeup/Walkthrough | By Md Amiruddin** ⌘ [Read more](https://infosecwriteups.com/red-team-fundamentals-tryhackme-writeup-walkthrough-by-md-amiruddin-efc57ac06f34?source=rss----7b722bfd1b8d---4) 2023-03-17T09:32:13Z **How I Got Free Travel on Namma Metro** ⌘ [Read more](https://infosecwriteups.com/how-i-got-free-travel-on-namma-metro-75066fabc5a0?source=rss----7b722bfd1b8d---4) 2023-03-18T06:56:54Z **Learning about Encryption, Encoding, and Hashing**
[![](https://cdn-images-1.medium.com/max/1400/0*XmaJd_fiPygI-klE)](https://infosecwriteups.com/learning-about-encryption-encoding-and-hashing-9e4032546b22?source=rss----7b722bfd1b8d---4)

BASIC INTRODUCTION

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/learning-about-encryption-encoding-and-hashing-9e4032546b22?source=rss----7b722bfd1b8d---4) ⌘ [Read more](https://infosecwriteups.com/learning-about-encryption-encoding-and-hashing-9e4032546b22?source=rss----7b722bfd1b8d---4) 2023-03-18T10:36:45Z **Flutter Hackers: Uncovering the Dev’s Myopia (Part 1)** ⌘ [Read more](https://infosecwriteups.com/flutter-hackers-uncovering-the-devs-myopia-part-1-6c316be56b13?source=rss----7b722bfd1b8d---4) 2023-03-18T11:36:46Z **Flutter Hackers: Uncovering the Dev’s Myopia (Part 2)** ⌘ [Read more](https://infosecwriteups.com/flutter-hackers-uncovering-the-devs-myopia-part-2-598a44942b5e?source=rss----7b722bfd1b8d---4) 2023-03-18T11:57:28Z **Red Team Engagements | Tryhackme Writeup/Walkthrough | By Md Amiruddin** ⌘ [Read more](https://infosecwriteups.com/red-team-engagements-tryhackme-writeup-walkthrough-by-md-amiruddin-8870be21f164?source=rss----7b722bfd1b8d---4) 2023-03-20T05:12:25Z **JWT [JSON WEB TOKENS] [EXPLANATION & EXPLOITATION] (0x02)** ⌘ [Read more](https://infosecwriteups.com/jwt-json-web-tokens-explanation-exploitation-0x02-cea23008314f?source=rss----7b722bfd1b8d---4) 2023-03-20T05:11:43Z **A Game-Changing Tool for Bug Bounty Hunters and Security Researchers** ⌘ [Read more](https://infosecwriteups.com/a-game-changing-tool-for-bug-bounty-hunters-and-security-researchers-96b8134fed3e?source=rss----7b722bfd1b8d---4) 2023-03-20T05:11:30Z **SecGPT transforms cybersecurity through AI-driven insights.** ⌘ [Read more](https://infosecwriteups.com/secgpt-transforms-cybersecurity-through-ai-driven-insights-c5074c90bee1?source=rss----7b722bfd1b8d---4) 2023-03-20T05:09:35Z **Stripe’s Two-Factor Authentication (2FA) Bypass** ⌘ [Read more](https://infosecwriteups.com/stripes-two-factor-authentication-2fa-bypass-3765344cc272?source=rss----7b722bfd1b8d---4) 2023-03-20T05:09:12Z **Alibaba Cloud WAF Command Injection Bypass via Wildcard Payload in All 1,462 Built-in Rule Set**
[![](https://cdn-images-1.medium.com/max/2390/1*zn2KtU-XEo-eejOm1sYlvA.png)](https://infosecwriteups.com/alibaba-cloud-waf-command-injection-bypass-via-wildcard-payload-in-all-1-462-built-in-rule-set-989b75db6e2f?source=rss----7b722bfd1b8d---4)

Alibaba WAF version 3.0 was tested and very common payload was fo ... ⌘ [Read more](https://infosecwriteups.com/alibaba-cloud-waf-command-injection-bypass-via-wildcard-payload-in-all-1-462-built-in-rule-set-989b75db6e2f?source=rss----7b722bfd1b8d---4) 2023-03-20T05:08:45Z **Vulnerable Websocket Server** ⌘ [Read more](https://infosecwriteups.com/vulnerable-websocket-server-e44bee5e0b5f?source=rss----7b722bfd1b8d---4) 2023-03-20T05:08:18Z **Adding Root Certificate to Android With Magisk Module** ⌘ [Read more](https://infosecwriteups.com/adding-root-certificate-to-android-with-magisk-module-92493a7e9e4f?source=rss----7b722bfd1b8d---4) 2023-03-20T05:04:32Z **REST API FUZZING** ⌘ [Read more](https://infosecwriteups.com/rest-api-fuzzing-4b82d2d7a67?source=rss----7b722bfd1b8d---4) 2023-03-21T15:53:47Z **Understanding CVE-2023–23397: The Microsoft Outlook Vulnerability You Need to Know About**
[![](https://cdn-images-1.medium.com/max/1282/1*pYfESwRgG_-knbHReVa7Nw.png)](https://infosecwriteups.com/understanding-cve-2023-23397-the-microsoft-outlook-vulnerability-you-need-to-know-about-d942003dc9b4?source=rss----7b722bfd1b8d---4)

Introduction:

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/ ... ⌘ [Read more](https://infosecwriteups.com/understanding-cve-2023-23397-the-microsoft-outlook-vulnerability-you-need-to-know-about-d942003dc9b4?source=rss----7b722bfd1b8d---4) 2023-03-21T15:53:29Z **MITRE | Tryhackme Room Writeup/Walkthrough | By Md Amiruddin** ⌘ [Read more](https://infosecwriteups.com/mitre-tryhackme-room-writeup-walkthrough-by-md-amiruddin-5dbafe52f594?source=rss----7b722bfd1b8d---4) 2023-03-21T15:52:59Z **Reflected XSS on Admin Login Page** ⌘ [Read more](https://infosecwriteups.com/reflected-xss-on-admin-login-page-94960596ec88?source=rss----7b722bfd1b8d---4) 2023-03-21T15:52:39Z **How to Hack Web Browsers with BeEF Framework** ⌘ [Read more](https://infosecwriteups.com/how-to-hack-web-browsers-with-beef-framework-729bd6735033?source=rss----7b722bfd1b8d---4) 2023-03-23T12:28:57Z **Default Credentials on Sony- Swag Time** ⌘ [Read more](https://infosecwriteups.com/default-credentials-on-sony-swag-time-8e35681ad39e?source=rss----7b722bfd1b8d---4) 2023-03-23T12:28:51Z **Unauthorized Access To Admin Panel via Swagger** ⌘ [Read more](https://infosecwriteups.com/unauthorized-access-to-admin-panel-via-swagger-c242e8341045?source=rss----7b722bfd1b8d---4) 2023-03-23T12:28:46Z **Zero Click To Account Takeover (IDOR + XSS)** ⌘ [Read more](https://infosecwriteups.com/zero-click-to-account-takeover-idor-xss-98dd6cce63c4?source=rss----7b722bfd1b8d---4) 2023-03-23T12:27:55Z **Security: Cross-Site Request Forgery**
[![](https://cdn-images-1.medium.com/max/781/1*0b9JIG5HdJ5xS_3WB-E0jA.png)](https://infosecwriteups.com/security-cross-site-request-forgery-8374b9af92a2?source=rss----7b722bfd1b8d---4)

Today we’re going to delve into the topic of Cross-Site Request Forgery (CSRF) attacks, which is another type of web application security…

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/security-cross-site-request-forg ... ⌘ [Read more](https://infosecwriteups.com/security-cross-site-request-forgery-8374b9af92a2?source=rss----7b722bfd1b8d---4) 2023-03-23T13:31:36Z **Account Takeover Via Poising Forget Password Port in ASDA**
[![](https://cdn-images-1.medium.com/max/2600/0*zgfDjHa5mu7zLRzv.png)](https://infosecwriteups.com/account-takeover-via-poising-forget-password-port-in-asda-60f1a5417a75?source=rss----7b722bfd1b8d---4)

Today I want to discuss Host Header Poising leading to a one-click-to-account takeover BUT that wasn’t a normal one. Be my guest…

[Continue reading on InfoSec Write-ups »](https://i ... ⌘ [Read more](https://infosecwriteups.com/account-takeover-via-poising-forget-password-port-in-asda-60f1a5417a75?source=rss----7b722bfd1b8d---4) 2023-03-24T08:57:56Z **Mastering XSS: A Comprehensive Guide for Bug Bounty Hunters**
[![](https://cdn-images-1.medium.com/max/1000/0*w5aCMMVPJR5RsGWE.png)](https://infosecwriteups.com/mastering-xss-a-comprehensive-guide-for-bug-bounty-hunters-fc4e2b4ad1f1?source=rss----7b722bfd1b8d---4)

Cross-site Scripting (XSS) is a type of security vulnerability that allows attackers to inject malicious code, usually in the form of…

[Continue reading on InfoSec Write-ups »]( ... ⌘ [Read more](https://infosecwriteups.com/mastering-xss-a-comprehensive-guide-for-bug-bounty-hunters-fc4e2b4ad1f1?source=rss----7b722bfd1b8d---4) 2023-03-24T15:45:43Z **CVE-2020–10965 : Unauthenticated Admin Password Reset** ⌘ [Read more](https://infosecwriteups.com/cve-2020-10965-unauthenticated-admin-password-reset-9be6a9731e25?source=rss----7b722bfd1b8d---4) 2023-03-26T10:35:18Z **CVE-2023–1410 : Stored XSS in the Graphite Function Description tooltip** ⌘ [Read more](https://infosecwriteups.com/cve-2023-1410-stored-xss-in-the-graphite-function-description-tooltip-165bdc32154c?source=rss----7b722bfd1b8d---4) 2023-03-26T10:35:08Z **Cyber Apocalypse 2023 — The Cursed Mission** ⌘ [Read more](https://infosecwriteups.com/cyber-apocalypse-2023-the-cursed-mission-f4f52a97e485?source=rss----7b722bfd1b8d---4) 2023-03-26T10:35:00Z **Outlook NTLM Leak | Tryhackme Writeup/Walkthrough | By Md Amiruddin** ⌘ [Read more](https://infosecwriteups.com/outlook-ntlm-leak-tryhackme-writeup-walkthrough-by-md-amiruddin-8d2c51193f3f?source=rss----7b722bfd1b8d---4) 2023-03-26T10:34:51Z **Single Sign-On: OAuth vs OIDC vs SAML— Part 1** ⌘ [Read more](https://infosecwriteups.com/single-sign-on-oauth-vs-oidc-vs-saml-part-1-bbbbbf010beb?source=rss----7b722bfd1b8d---4) 2023-03-26T10:34:38Z **How I got my 1st Swag from SIDN** ⌘ [Read more](https://infosecwriteups.com/how-i-got-my-1st-swag-from-sidn-5a392c845755?source=rss----7b722bfd1b8d---4) 2023-03-26T10:34:24Z **Linus Tech Tips’ YouTube Hijacking Highlights the Importance of Customizable Permissions and…**
[![](https://cdn-images-1.medium.com/max/1920/0*fYdI4DdL0Pc35QV3)](https://infosecwriteups.com/linus-tech-tips-youtube-hijacking-highlights-the-importance-of-customizable-permissions-and-bf554470173c?source=rss----7b722bfd1b8d---4)

The recent security breach experienced by Linus Tech Tips, a popular technology Yo ... ⌘ [Read more](https://infosecwriteups.com/linus-tech-tips-youtube-hijacking-highlights-the-importance-of-customizable-permissions-and-bf554470173c?source=rss----7b722bfd1b8d---4) 2023-03-26T10:34:13Z **Racing Against Time: The Hidden Dangers of Race Conditions in Modern Applications**
[![](https://cdn-images-1.medium.com/max/642/0*UKcQ1Ra2u8-hd4sU.png)](https://infosecwriteups.com/racing-against-time-the-hidden-dangers-of-race-conditions-in-modern-applications-2aedfb26e4fc?source=rss----7b722bfd1b8d---4)

Uncover the world of race conditions, a silent yet potent threat to application security and integrity.

[Continu ... ⌘ [Read more](https://infosecwriteups.com/racing-against-time-the-hidden-dangers-of-race-conditions-in-modern-applications-2aedfb26e4fc?source=rss----7b722bfd1b8d---4) 2023-03-26T10:33:55Z **The Ultimate XSS PoC with ChatGPT-4 **
[![](https://cdn-images-1.medium.com/max/600/1*ajayw6Q5h7LXUzaz0FNTdw.png)](https://infosecwriteups.com/the-ultimate-xss-poc-with-chatgpt-4-2be606a13a2e?source=rss----7b722bfd1b8d---4)

XSS to Demonstrate Stealing Cookies, Local Storage, and Page Content Generated with ChatGPT-4 🤖

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/the-ultimate-xss-poc-with-chatgpt-4-2be606a13a2e?source=rss----7b722bfd1b8d ... ⌘ [Read more](https://infosecwriteups.com/the-ultimate-xss-poc-with-chatgpt-4-2be606a13a2e?source=rss----7b722bfd1b8d---4) 2023-03-26T10:33:30Z **1 Mitre Att&ck Technique That You Cannot Ignore**
[![](https://cdn-images-1.medium.com/max/2600/0*LTD3QRhgYv9mLMFT)](https://infosecwriteups.com/1-mitre-att-ck-technique-that-you-cannot-ignore-536eb9b2b5e7?source=rss----7b722bfd1b8d---4)

Mitre Att&ck is Important for Improving The Overall Cyber Threat Detection But You May have To Pay Hefty Price If You Ignore This One…

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/1-mitre-at ... ⌘ [Read more](https://infosecwriteups.com/1-mitre-att-ck-technique-that-you-cannot-ignore-536eb9b2b5e7?source=rss----7b722bfd1b8d---4) 2023-03-26T10:33:11Z **How to become a successful bug bounty hunter**
[![](https://cdn-images-1.medium.com/max/2048/0*UTOEm4-yNO82_r4B)](https://infosecwriteups.com/how-to-become-a-successful-bug-bounty-hunter-adc05c90b174?source=rss----7b722bfd1b8d---4)

Do Your Research

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/how-to-become-a-successful-bug-bounty-hunter-adc05c90b174?source=rss----7b722bfd1b8d---4) ⌘ [Read more](https://infosecwriteups.com/how-to-become-a-successful-bug-bounty-hunter-adc05c90b174?source=rss----7b722bfd1b8d---4) 2023-03-28T13:36:32Z **Single Sign-On: OAUTH vs OIDC vs SAML — Part 2** ⌘ [Read more](https://infosecwriteups.com/single-sign-on-oauth-vs-oidc-vs-saml-part-2-ffd4d995ca01?source=rss----7b722bfd1b8d---4) 2023-03-28T13:35:13Z **CSRF Takedown: Defeating Web Exploits with Code** ⌘ [Read more](https://infosecwriteups.com/csrf-takedown-defeating-web-exploits-with-code-e13d2bfd9bc1?source=rss----7b722bfd1b8d---4) 2023-03-28T13:34:23Z **Deep dive into JS/Vjw0rm** ⌘ [Read more](https://infosecwriteups.com/deep-dive-into-js-vjw0rm-9983482c20ca?source=rss----7b722bfd1b8d---4) 2023-03-28T13:33:45Z **Socket HTB Writeup** ⌘ [Read more](https://infosecwriteups.com/socket-htb-writeup-5ee8af8a5c2c?source=rss----7b722bfd1b8d---4) 2023-03-28T13:33:36Z **Get Ahead in PicoCTF: How to Successfully Crack Cesar’s Cipher — StackZero** ⌘ [Read more](https://infosecwriteups.com/get-ahead-in-picoctf-how-to-successfully-crack-cesars-cipher-stackzero-c3985b0e2470?source=rss----7b722bfd1b8d---4) 2023-03-28T13:33:27Z **Python Penetration Testing: Being a Linux Control Freak!** ⌘ [Read more](https://infosecwriteups.com/python-penetration-testing-being-a-linux-control-freak-db75facc3fab?source=rss----7b722bfd1b8d---4) 2023-03-28T13:31:59Z **Broken Access Control: The Silent Killer of Web Application Security**
[![](https://cdn-images-1.medium.com/max/1000/0*CYp7NFi3hze3sv6z)](https://infosecwriteups.com/broken-access-control-the-silent-killer-of-web-application-security-e07164b503bc?source=rss----7b722bfd1b8d---4)

When it comes to web application security, broken access control vulnerabilities can be one of the most dangerous and difficult to detect…

[Continue readi ... ⌘ [Read more](https://infosecwriteups.com/broken-access-control-the-silent-killer-of-web-application-security-e07164b503bc?source=rss----7b722bfd1b8d---4) 2023-03-30T10:34:07Z **Socket | Hack The Box Writeup/Walkthrough | By Md Amiruddin** ⌘ [Read more](https://infosecwriteups.com/socket-hack-the-box-writeup-walkthrough-by-md-amiruddin-8b2a4ee35711?source=rss----7b722bfd1b8d---4) 2023-03-31T12:45:49Z **JWT Token Gatekeepers: Unleashing the Power of Secure Validation in Your Application** ⌘ [Read more](https://infosecwriteups.com/jwt-token-gatekeepers-unleashing-the-power-of-secure-validation-in-your-application-c58d2b467c57?source=rss----7b722bfd1b8d---4) 2023-03-31T12:44:27Z **Unveiling the Secrets: My Journey of Hacking Google’s OSS** ⌘ [Read more](https://infosecwriteups.com/unveiling-the-secrets-my-journey-of-hacking-googles-oss-cdd9ef3c7aa?source=rss----7b722bfd1b8d---4) 2023-03-31T12:42:53Z **How to Prevent Cross-Site Scripting (XSS) Attacks** ⌘ [Read more](https://infosecwriteups.com/how-to-prevent-cross-site-scripting-xss-attacks-75199b4bbf9d?source=rss----7b722bfd1b8d---4) 2023-03-31T12:56:47Z **MD2PDF — TryHackMe Walkthrough Writeup** ⌘ [Read more](https://infosecwriteups.com/md2pdf-tryhackme-walkthrough-writeup-242c4767de7e?source=rss----7b722bfd1b8d---4) 2023-04-03T02:54:54Z **How I escalated default credentials to Remote Code Execution** ⌘ [Read more](https://infosecwriteups.com/how-i-escalated-default-credentials-to-remote-code-execution-1c34504be7a5?source=rss----7b722bfd1b8d---4) 2023-04-03T03:18:08Z **Python Penetration Testing: Escaping the Matrix** ⌘ [Read more](https://infosecwriteups.com/python-penetration-testing-escaping-the-matrix-4180874da1b5?source=rss----7b722bfd1b8d---4) 2023-04-03T03:12:40Z **How I hacked into a “Hacking Company” — Rare Scenario** ⌘ [Read more](https://infosecwriteups.com/how-i-hacked-into-a-hacking-company-rare-scenario-7536b68fd78b?source=rss----7b722bfd1b8d---4) 2023-04-03T03:09:09Z **picoCTF writeup: Introductory OSINT and web hacking**
[![](https://cdn-images-1.medium.com/max/744/1*KjR6wdkuC0Ep_sPiYenD2w.png)](https://infosecwriteups.com/picoctf-writeup-introductory-osint-and-web-hacking-e1b90cf4b64?source=rss----7b722bfd1b8d---4)

Email forensics, Bitcoin tracking and more web hacking from the picoCTF 2023 tournament

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/picoctf-writeup-introductory-osint-and-w ... ⌘ [Read more](https://infosecwriteups.com/picoctf-writeup-introductory-osint-and-web-hacking-e1b90cf4b64?source=rss----7b722bfd1b8d---4) 2023-04-03T03:08:53Z **Android Pentesting Methodology (Pt. 2)** ⌘ [Read more](https://infosecwriteups.com/android-pentesting-methodology-pt-2-7905a24a7939?source=rss----7b722bfd1b8d---4) 2023-04-03T05:11:45Z **Let’s Hacking Citizens Bank**
[![](https://cdn-images-1.medium.com/max/600/0*JFqnHy4P0pdQVPZs.jpg)](https://infosecwriteups.com/lets-hacking-citizens-bank-9520e9c05cf9?source=rss----7b722bfd1b8d---4)

Hi Guys, Here is another write-up about how I hacked the Citizens Bank and how chrome extensions helped me in this way, be my guest…

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/lets-hacking-citizens-bank-9520e9c05cf9?source=rss----7b722bfd1b8d---4) ⌘ [Read more](https://infosecwriteups.com/lets-hacking-citizens-bank-9520e9c05cf9?source=rss----7b722bfd1b8d---4) 2023-04-03T12:21:44Z **How to hide messages with Steganography**
[![](https://cdn-images-1.medium.com/max/873/0*Fqqa5rZW5MxeKNgA.jpg)](https://infosecwriteups.com/how-to-hide-messages-with-steganography-8b91c74b3594?source=rss----7b722bfd1b8d---4)

Quick study of this wonderful technique

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/how-to-hide-messages-with-steganography-8b91c74b3594?source=rss----7b722bfd1b8d---4) ⌘ [Read more](https://infosecwriteups.com/how-to-hide-messages-with-steganography-8b91c74b3594?source=rss----7b722bfd1b8d---4) 2023-04-04T04:12:09Z **picoCTF writeup: Introductory cryptanalysis and stenography**
[![](https://cdn-images-1.medium.com/max/1900/1*2cXt6W7ewFCz_9XvSDfxyw.png)](https://infosecwriteups.com/picoctf-writeup-introductory-cryptanalysis-and-stenography-90e610cff785?source=rss----7b722bfd1b8d---4)

picoCTF (n.d.) recently launched its 2023 edition of their capture the flag competition, which featured a variety of challenges to assess…

[Continue reading on InfoSec Wri ... ⌘ [Read more](https://infosecwriteups.com/picoctf-writeup-introductory-cryptanalysis-and-stenography-90e610cff785?source=rss----7b722bfd1b8d---4) 2023-04-04T13:12:19Z **Become an Infosec Writeups Ambassador** ⌘ [Read more](https://infosecwriteups.com/become-an-infosec-writeups-ambassador-ec7bd9026f1b?source=rss----7b722bfd1b8d---4) 2023-04-06T04:44:47Z **Conquering CSRF: An In-Depth Guide For Bug Bounty Hunters — Thought Tide**
[![](https://cdn-images-1.medium.com/max/1023/0*Kn8QdggLeu9r9OeC)](https://infosecwriteups.com/conquering-csrf-an-in-depth-guide-for-bug-bounty-hunters-thought-tide-4a615efadd5a?source=rss----7b722bfd1b8d---4)

Cross-site request forgery (CSRF) is a type of security vulnerability that allows an attacker to trick a user into performing an action on…

[Conti ... ⌘ [Read more](https://infosecwriteups.com/conquering-csrf-an-in-depth-guide-for-bug-bounty-hunters-thought-tide-4a615efadd5a?source=rss----7b722bfd1b8d---4) 2023-04-06T04:43:30Z **6 Burp Suite Tips & Tricks**
[![](https://cdn-images-1.medium.com/max/600/1*SzK-q1i0u-Nqs-8DMhicYQ.png)](https://infosecwriteups.com/6-burp-suite-tips-tricks-60592cf843ba?source=rss----7b722bfd1b8d---4)

Turbocharge your web application security testing, bug bounty hunting, and pentesting with these essential Burp Suite configuration hacks

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/6-burp-suite-tips-tricks-60592cf843ba?source=rss----7b722bfd1b8d- ... ⌘ [Read more](https://infosecwriteups.com/6-burp-suite-tips-tricks-60592cf843ba?source=rss----7b722bfd1b8d---4) 2023-04-06T04:42:50Z **How to Generate a PHP Backdoor using Weevely** ⌘ [Read more](https://infosecwriteups.com/how-to-generate-a-php-backdoor-using-weevely-5c1dda909b79?source=rss----7b722bfd1b8d---4) 2023-04-06T04:42:23Z **How to use Gobuster to find Interesting Directories & Files on Website.** ⌘ [Read more](https://infosecwriteups.com/how-to-use-gobuster-to-find-interesting-directories-files-on-website-a1aaf8fc771e?source=rss----7b722bfd1b8d---4) 2023-04-06T04:41:46Z **Hacking the Like Functionality of Twitter!** ⌘ [Read more](https://infosecwriteups.com/hacking-the-like-functionality-of-twitter-3a5730687097?source=rss----7b722bfd1b8d---4) 2023-04-06T04:39:31Z **Upgrade the WiFi Marauder with SD Card Module to Capture PCAP Files** ⌘ [Read more](https://infosecwriteups.com/upgrade-the-wifi-marauder-with-sd-card-module-to-capture-pcap-files-9c1584773b6f?source=rss----7b722bfd1b8d---4) 2023-04-06T04:38:43Z **Python Penetration Testing: Teams Work Makes the Dreams Work** ⌘ [Read more](https://infosecwriteups.com/python-penetration-testing-teams-work-makes-the-dreams-work-143e9c1d2c3b?source=rss----7b722bfd1b8d---4) 2023-04-10T09:33:07Z **Introduction to OSINT** ⌘ [Read more](https://infosecwriteups.com/introduction-to-osint-2c92597988d1?source=rss----7b722bfd1b8d---4) 2023-04-10T09:31:12Z **Attacking Kubernetes — Part 1** ⌘ [Read more](https://infosecwriteups.com/attacking-kubernetes-part-1-9192886b09c5?source=rss----7b722bfd1b8d---4) 2023-04-10T09:29:39Z **JWT [JSON WEB TOKENS] [ ALGORITHM CONFUSION ATTACK] (0x03)** ⌘ [Read more](https://infosecwriteups.com/jwt-json-web-tokens-algorithm-confusion-attack-0x03-3b1e3ab6030e?source=rss----7b722bfd1b8d---4) 2023-04-10T09:27:48Z **Evading Attribution & Moving Laterally on AWS** ⌘ [Read more](https://infosecwriteups.com/evading-attribution-moving-laterally-on-aws-f7efcec60bf2?source=rss----7b722bfd1b8d---4) 2023-04-10T09:24:55Z **Search HTB Walkthrough** ⌘ [Read more](https://infosecwriteups.com/search-htb-walkthrough-34d7d65afcbc?source=rss----7b722bfd1b8d---4) 2023-04-10T09:22:46Z **Advanced Web Application Security: Exploiting SSTI Vulnerabilities**
[![](https://cdn-images-1.medium.com/max/2600/1*6bQZ3iKwtpzzLqFtxB4AqA.jpeg)](https://infosecwriteups.com/advanced-web-application-security-exploiting-ssti-vulnerabilities-934009db7d56?source=rss----7b722bfd1b8d---4)

Server-Side Template Injection (SSTI) vulnerabilities are often overlooked, but they can have severe consequences if exploited by an…

[Continue readi ... ⌘ [Read more](https://infosecwriteups.com/advanced-web-application-security-exploiting-ssti-vulnerabilities-934009db7d56?source=rss----7b722bfd1b8d---4) 2023-04-10T09:22:33Z **Exploit Privilege Escalation Like a Pro** ⌘ [Read more](https://infosecwriteups.com/exploit-privilege-escalation-like-a-pro-a5ec6493afa6?source=rss----7b722bfd1b8d---4) 2023-04-10T09:22:03Z **WalkThrough of Wanna Cry Ransomware** ⌘ [Read more](https://infosecwriteups.com/walkthrough-of-wanna-cry-ransomware-f878d9c427f5?source=rss----7b722bfd1b8d---4) 2023-04-11T10:31:48Z **Secure Your Secrets: Say No to Google Managing Your Passwords**
[![](https://cdn-images-1.medium.com/max/2600/0*2PU2QqsKbGLbjoMK)](https://infosecwriteups.com/secure-your-secrets-say-no-to-google-managing-your-passwords-2e2518365c0f?source=rss----7b722bfd1b8d---4)

Since the 1990s, password management programs have existed, and major browsers have included password management as a built-in feature…

[Continue reading on InfoSec Write-ups ... ⌘ [Read more](https://infosecwriteups.com/secure-your-secrets-say-no-to-google-managing-your-passwords-2e2518365c0f?source=rss----7b722bfd1b8d---4) 2023-04-11T10:31:48Z **Python Penetration Testing: I can’t CONTAIN myself.** ⌘ [Read more](https://infosecwriteups.com/python-penetration-testing-i-cant-contain-myself-409a9d1e20e9?source=rss----7b722bfd1b8d---4) 2023-04-17T19:17:05Z **Smart contract security best practices: PART 2** ⌘ [Read more](https://infosecwriteups.com/smart-contract-security-best-practices-part-2-9253edb6b41f?source=rss----7b722bfd1b8d---4) 2023-04-17T19:16:02Z **Firewall Evasion Techniques for Bug Hunters**
[![](https://cdn-images-1.medium.com/max/1024/1*OqrhFiz2n6-7hZy8B7JxmA.jpeg)](https://infosecwriteups.com/firewall-evasion-techniques-for-bug-hunters-d0dd85049ec8?source=rss----7b722bfd1b8d---4)

Firewall evasion techniques are methods that attackers use to bypass firewalls and gain unauthorized access to networks and systems…

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/firewall-evas ... ⌘ [Read more](https://infosecwriteups.com/firewall-evasion-techniques-for-bug-hunters-d0dd85049ec8?source=rss----7b722bfd1b8d---4) 2023-04-18T15:31:17Z **From payload to 300$ bounty: A story of CRLF injection and responsible disclosure on HackerOne** ⌘ [Read more](https://infosecwriteups.com/from-payload-to-300-bounty-a-story-of-crlf-injection-and-responsible-disclosure-on-hackerone-eeff74aff422?source=rss----7b722bfd1b8d---4) 2023-04-18T15:36:13Z **My First Pre-Auth Account Takeover in 20 secs** ⌘ [Read more](https://infosecwriteups.com/my-first-pre-auth-account-takeover-in-20-secs-7c90fd273ffa?source=rss----7b722bfd1b8d---4) 2023-04-18T17:44:27Z **OSINT with Maltego** ⌘ [Read more](https://infosecwriteups.com/osint-with-maltego-202666e32d1e?source=rss----7b722bfd1b8d---4) 2023-04-18T17:44:19Z **Docker Hardening Best Practices** ⌘ [Read more](https://infosecwriteups.com/docker-hardening-best-practices-efcc724219f6?source=rss----7b722bfd1b8d---4) 2023-04-18T17:35:41Z **Buffer Overflow Basics** ⌘ [Read more](https://infosecwriteups.com/buffer-overflow-basics-687f61216ebc?source=rss----7b722bfd1b8d---4) 2023-04-18T17:34:47Z **Securing AWS Step Functions** ⌘ [Read more](https://infosecwriteups.com/securing-aws-step-functions-3bc74845906?source=rss----7b722bfd1b8d---4) 2023-04-20T14:16:52Z **Analyzing Malware using FREE Online Tools** ⌘ [Read more](https://infosecwriteups.com/analyzing-malware-using-free-online-tools-e37b56bc3868?source=rss----7b722bfd1b8d---4) 2023-04-21T18:32:56Z **OSCP Preparation — Hack The Box #7 FriendZone** ⌘ [Read more](https://infosecwriteups.com/oscp-preparation-hack-the-box-7-friendzone-208d444a97cc?source=rss----7b722bfd1b8d---4) 2023-04-21T18:30:38Z **10 Common XSS Payloads and How to Use Them for Bug Bounty Hunting**
[![](https://cdn-images-1.medium.com/max/2600/1*5GD1COEU3uf_ljc0vdhTHw.jpeg)](https://infosecwriteups.com/10-common-xss-payloads-and-how-to-use-them-for-bug-bounty-hunting-9c49cb54297a?source=rss----7b722bfd1b8d---4)

As technology advances, the techniques of exploiting vulnerabilities in web applications also become more sophisticated. One such…

[Continue reading o ... ⌘ [Read more](https://infosecwriteups.com/10-common-xss-payloads-and-how-to-use-them-for-bug-bounty-hunting-9c49cb54297a?source=rss----7b722bfd1b8d---4) 2023-04-21T18:30:29Z **A successful prototype pollution chained to a DOM XSS** ⌘ [Read more](https://infosecwriteups.com/a-successful-prototype-pollution-chained-to-a-dom-xss-9887087b56a4?source=rss----7b722bfd1b8d---4) 2023-04-21T18:30:18Z **PMAT — Bonus Malware Lab Writeup** ⌘ [Read more](https://infosecwriteups.com/pmat-bonus-malware-lab-writeup-82cddc81c9c?source=rss----7b722bfd1b8d---4) 2023-04-21T18:30:08Z **Hundreds of companies’ internal data exposed: The Confluence Cloud misconfiguration** ⌘ [Read more](https://infosecwriteups.com/hundreds-of-companies-internal-data-exposed-the-confluence-cloud-misconfiguration-63cbc143caea?source=rss----7b722bfd1b8d---4) 2023-04-21T18:29:52Z **SDLC (Software Development Lifecycle) | Tryhackme Writeup/Walkthropugh By | Md Amiruddin** ⌘ [Read more](https://infosecwriteups.com/sdlc-software-development-lifecycle-tryhackme-writeup-walkthropugh-by-md-amiruddin-125b0f8fda2d?source=rss----7b722bfd1b8d---4) 2023-04-21T18:29:41Z **What Cyber Attacks Actually Look Like: Honeypot Series Part 1** ⌘ [Read more](https://infosecwriteups.com/honeypot-series-part-1-f91f2cc9c018?source=rss----7b722bfd1b8d---4) 2023-04-23T06:09:01Z **Data Exfiltration from Air-Gapped Systems: Exploring Covert Channels Using Camera LED Status Light…** ⌘ [Read more](https://infosecwriteups.com/data-exfiltration-from-air-gapped-systems-exploring-covert-channels-using-camera-led-status-light-aba69efe433c?source=rss----7b722bfd1b8d---4) 2023-04-23T06:08:16Z **Mastering Payloads for Web Application Security: XSS, LFI, RCE, and SQL Injection**
[![](https://cdn-images-1.medium.com/max/2600/1*2NBpztC_BMtuDajIx8nrzg.jpeg)](https://infosecwriteups.com/mastering-payloads-for-web-application-security-xss-lfi-rce-and-sql-injection-20c1eb970426?source=rss----7b722bfd1b8d---4)

As a bug bounty hunter, you must be aware of different types of payloads that you can use to test the vulnerabi ... ⌘ [Read more](https://infosecwriteups.com/mastering-payloads-for-web-application-security-xss-lfi-rce-and-sql-injection-20c1eb970426?source=rss----7b722bfd1b8d---4) 2023-04-23T06:04:14Z **Privilege Escalation via Broken Authentication: A Story of $$$** ⌘ [Read more](https://infosecwriteups.com/privilege-escalation-via-broken-authentication-a-story-of-220588d53d93?source=rss----7b722bfd1b8d---4) 2023-04-23T05:59:25Z **What is Prototype Pollution Vulnerability** ⌘ [Read more](https://infosecwriteups.com/what-is-prototype-pollution-and-its-vulnerability-4a43b987e8eb?source=rss----7b722bfd1b8d---4) 2023-04-23T06:24:59Z **Playing Hide and Seek with PDF Files** ⌘ [Read more](https://infosecwriteups.com/playing-hide-and-seek-with-pdf-files-f6dc844086c3?source=rss----7b722bfd1b8d---4) 2023-04-23T06:24:04Z **Turning Vulnerability into Bounty: How CVE-2020–17453 XSS Earned Me a $500 Bounty** ⌘ [Read more](https://infosecwriteups.com/turning-vulnerability-into-bounty-how-cve-2020-17453-xss-earned-me-a-500-bounty-dcabc737fded?source=rss----7b722bfd1b8d---4) 2023-04-23T06:21:42Z **10 Google Dorks for Sensitive Data**
[![](https://cdn-images-1.medium.com/max/600/1*1RbSTC0UxzZcpJtFzycKsg.png)](https://infosecwriteups.com/10-google-dorks-for-sensitive-data-9454b09edc12?source=rss----7b722bfd1b8d---4)

Discover Exposed Documents on Cloud Platforms with Google Dorks for Cybersecurity

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/10-google-dorks-for-sensitive-data-9454b09edc12?source=rss----7b722bfd1b8d---4) ⌘ [Read more](https://infosecwriteups.com/10-google-dorks-for-sensitive-data-9454b09edc12?source=rss----7b722bfd1b8d---4) 2023-04-23T06:21:02Z **How I detected Open Redirect on a WhatsApp Message** ⌘ [Read more](https://infosecwriteups.com/how-i-detected-open-redirect-on-a-whatsapp-message-6c50f6ce5ebd?source=rss----7b722bfd1b8d---4) 2023-04-23T06:19:57Z **Uncovering a Critical Vulnerability: My Journey of Discovering CVE-2021–31589, a Reflected XSS in…** ⌘ [Read more](https://infosecwriteups.com/uncovering-a-critical-vulnerability-my-journey-of-discovering-cve-2021-31589-a-reflected-xss-in-1e13c0aa41b0?source=rss----7b722bfd1b8d---4) 2023-04-23T06:14:46Z **Beginner’s Guide To OSCP 2023** ⌘ [Read more](https://infosecwriteups.com/guide-to-oscp-2023-37c0aea0dec0?source=rss----7b722bfd1b8d---4) 2023-04-23T06:39:55Z **Hunt The Hacker** ⌘ [Read more](https://infosecwriteups.com/hunt-the-hacker-d270c1a44c07?source=rss----7b722bfd1b8d---4) 2023-04-23T06:39:22Z **XS-Leak: Deanonymize Microsoft Skype Users by any 3rd-party website** ⌘ [Read more](https://infosecwriteups.com/xs-leak-deanonymize-microsoft-skype-users-by-any-3rd-party-website-69849e4501a8?source=rss----7b722bfd1b8d---4) 2023-04-23T06:36:13Z **NTLM vs Kerberos: Understanding Authentication in Windows/Active Directory** ⌘ [Read more](https://infosecwriteups.com/ntlm-vs-kerberos-understanding-authentication-in-windows-active-directory-143925d04c75?source=rss----7b722bfd1b8d---4) 2023-04-23T06:36:03Z **Phishing 101: Bypassing 2FA like a pro** ⌘ [Read more](https://infosecwriteups.com/phishing-101-bypassing-2fa-like-a-pro-8936b43d988?source=rss----7b722bfd1b8d---4) 2023-04-23T06:35:44Z **Web Scraping — The Art of Extracting Information** ⌘ [Read more](https://infosecwriteups.com/web-scraping-the-art-of-extracting-information-8874d375a4be?source=rss----7b722bfd1b8d---4) 2023-04-23T06:35:33Z **“Ghost Malware”: Infecting a machine with an empty archive file.** ⌘ [Read more](https://infosecwriteups.com/ghost-malware-infecting-a-machine-with-an-empty-archive-file-8749c283f223?source=rss----7b722bfd1b8d---4) 2023-04-23T06:34:50Z **Proving Grounds Practice: “Squid” Walkthrough** ⌘ [Read more](https://infosecwriteups.com/proving-grounds-practice-squid-walkthrough-f761d2da973f?source=rss----7b722bfd1b8d---4) 2023-04-23T06:42:32Z **PicoCTF Unlocked: Mastering Cybersecurity One Step at a Time — StackZero** ⌘ [Read more](https://infosecwriteups.com/picoctf-unlocked-mastering-cybersecurity-one-step-at-a-time-stackzero-cfbc0fe4de8e?source=rss----7b722bfd1b8d---4) 2023-04-23T06:42:19Z **Hackers Hate Him, Find Out Why! Honeypot Series Part 2** ⌘ [Read more](https://infosecwriteups.com/hackers-hate-him-find-out-why-honeypot-series-part-2-bbafbc83dd14?source=rss----7b722bfd1b8d---4) 2023-04-24T07:16:40Z **Python Penetration Testing: Connecting multiple SQL Databases to gather Juicy data** ⌘ [Read more](https://infosecwriteups.com/python-penetration-testing-connecting-multiple-sql-databases-to-gather-juicy-data-cde9c33853d5?source=rss----7b722bfd1b8d---4) 2023-04-24T14:11:14Z **Azure Privilege Escalation Via Service Principal** ⌘ [Read more](https://infosecwriteups.com/azure-privilege-escalation-via-service-principal-ae12fd79374c?source=rss----7b722bfd1b8d---4) 2023-04-24T14:11:00Z **Write-up of the Blocky machine from HTB** ⌘ [Read more](https://infosecwriteups.com/write-up-of-the-blocky-machine-from-htb-8034801b5870?source=rss----7b722bfd1b8d---4) 2023-04-24T14:10:44Z **Break the Logic: Playing with product ratings on a shopping site(600$)** ⌘ [Read more](https://infosecwriteups.com/break-the-logic-playing-with-product-ratings-on-a-shopping-site-600-c9a87fb66a73?source=rss----7b722bfd1b8d---4) 2023-04-24T14:10:27Z **File Inclusion — TryHackMe Simple Write up | 2023** ⌘ [Read more](https://infosecwriteups.com/file-inclusion-tryhackme-simple-write-up-2023-b839772fd432?source=rss----7b722bfd1b8d---4) 2023-04-25T07:17:45Z **(Reverse) shell to your Azure VM as ‘Local System’ user or ‘root’ user** ⌘ [Read more](https://infosecwriteups.com/reverse-shell-to-your-azure-vm-as-local-system-user-or-root-user-b99569790091?source=rss----7b722bfd1b8d---4) 2023-05-01T08:07:49Z **JAVASCRIPT PROTOTYPE POLLUTION VULNERABILITIES PART 1 [ WHAT IS PROTOTYPE]** ⌘ [Read more](https://infosecwriteups.com/javascript-prototype-pollution-vulnerabilities-part-1-what-is-prototype-61e396ecafbd?source=rss----7b722bfd1b8d---4) 2023-05-01T08:07:18Z **Write-up of Lame — An easy-rated HTB machine.** ⌘ [Read more](https://infosecwriteups.com/write-up-of-lame-an-easy-rated-htb-machine-fa695ea2d3ca?source=rss----7b722bfd1b8d---4) 2023-05-01T08:06:21Z **Top 5 Cybersecurity Certifications for Immediate Job Placement in 2023!**
[![](https://cdn-images-1.medium.com/max/2600/0*GcxdPlKP4Q2ErVxZ)](https://infosecwriteups.com/top-5-cybersecurity-certifications-for-immediate-job-placement-in-2023-4a25961f1df?source=rss----7b722bfd1b8d---4)

Getting a job in cybersecurity is a dream to many. Best cyber security jobs in the market demand best skills in cybersecurity. These top 5…

[Contin ... ⌘ [Read more](https://infosecwriteups.com/top-5-cybersecurity-certifications-for-immediate-job-placement-in-2023-4a25961f1df?source=rss----7b722bfd1b8d---4) 2023-05-01T08:05:49Z **Unauthorized access to the admin panel via leaked credentials on the WayBackMachine**
[![](https://cdn-images-1.medium.com/max/1280/0*AyYXSV-am9c9oM-Y.jpg)](https://infosecwriteups.com/unauthorized-access-to-the-admin-panel-via-leaked-credentials-on-the-waybackmachine-55c3307141c6?source=rss----7b722bfd1b8d---4)

Hello my friends, Today I want to talk about one of my admin panel bypass methods which leads me to easi ... ⌘ [Read more](https://infosecwriteups.com/unauthorized-access-to-the-admin-panel-via-leaked-credentials-on-the-waybackmachine-55c3307141c6?source=rss----7b722bfd1b8d---4) 2023-05-01T08:04:18Z **The Impact of Artificial Intelligence on ICS Security** ⌘ [Read more](https://infosecwriteups.com/the-impact-of-artificial-intelligence-on-ics-security-bc56bbca0f41?source=rss----7b722bfd1b8d---4) 2023-05-01T08:03:59Z **Achieve Maximum Protection With Minimal Effort: Beginning Your Zero Trust Journey** ⌘ [Read more](https://infosecwriteups.com/achieve-maximum-protection-with-minimal-effort-beginning-your-zero-trust-journey-210db329a91a?source=rss----7b722bfd1b8d---4) 2023-05-01T08:03:43Z **Top 5 Penetration Testing Tools for Bug Bounty**
[![](https://cdn-images-1.medium.com/max/1024/1*wYnC8gFJYzpxvcgNoRbjqw.jpeg)](https://infosecwriteups.com/top-5-penetration-testing-tools-for-bug-bounty-97225d31f6fd?source=rss----7b722bfd1b8d---4)

Penetration testing (pentesting) is a type of security assessment that involves simulating an attack on a computer system, network, or web…

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.c ... ⌘ [Read more](https://infosecwriteups.com/top-5-penetration-testing-tools-for-bug-bounty-97225d31f6fd?source=rss----7b722bfd1b8d---4) 2023-05-01T08:03:09Z **Pwning an Ubuntu Machine — Cyber Secured India | 2023** ⌘ [Read more](https://infosecwriteups.com/pwning-an-ubuntu-machine-cyber-secured-india-2023-b8b87d9f9296?source=rss----7b722bfd1b8d---4) 2023-05-02T18:34:54Z **Strategic Cyber Security Report — April 2023 Edition** ⌘ [Read more](https://infosecwriteups.com/strategic-cyber-security-report-april-2023-edition-fea36224e400?source=rss----7b722bfd1b8d---4) 2023-05-02T18:34:38Z **TryHackme — ToolRus Simple Writeup | 2023** ⌘ [Read more](https://infosecwriteups.com/tryhackme-toolrus-simple-writeup-2023-866f36c5d097?source=rss----7b722bfd1b8d---4) 2023-05-02T18:34:27Z **Vulnerability Capstone — TryHackme Room Simple Writeup | 2023** ⌘ [Read more](https://infosecwriteups.com/vulnerability-capstone-tryhackme-room-simple-writeup-2023-bfe5f0cd12b0?source=rss----7b722bfd1b8d---4) 2023-05-02T18:32:03Z **A Beginner’s Guide to PicoCTF’s Reverse Engineering: Simple Writeups — StackZero** ⌘ [Read more](https://infosecwriteups.com/a-beginners-guide-to-picoctf-s-reverse-engineering-simple-writeups-stackzero-b2aaeaf2d9bd?source=rss----7b722bfd1b8d---4) 2023-05-02T18:31:27Z **How to start Bug Hunting in 2023** ⌘ [Read more](https://infosecwriteups.com/how-to-start-bug-hunting-in-2023-696db1986e44?source=rss----7b722bfd1b8d---4) 2023-05-02T18:31:02Z **Metasploit: Meterpreter — TryHackme Simple Writeup | 2023** ⌘ [Read more](https://infosecwriteups.com/metasploit-meterpreter-tryhackme-simple-writeup-2023-1f8a787ba0a4?source=rss----7b722bfd1b8d---4) 2023-05-02T18:30:46Z **BlackEnergy Memory Forensic Ananlysis** ⌘ [Read more](https://infosecwriteups.com/blackenergy-memory-forensic-ananlysis-a16c31a14842?source=rss----7b722bfd1b8d---4) 2023-05-02T18:30:19Z **Cybersecurity Fundamentals: Threats, Vulnerabilities, Weaknesses, and Flaws**
[![](https://cdn-images-1.medium.com/max/1024/1*NNWuRsruQBA2PxRL2_PBBw.jpeg)](https://infosecwriteups.com/cybersecurity-fundamentals-threats-vulnerabilities-weaknesses-and-flaws-a940f3503c0?source=rss----7b722bfd1b8d---4)

As a bug bounty hunter, one can start learning penetration testing through observation, which is a largely unstructured way of lear ... ⌘ [Read more](https://infosecwriteups.com/cybersecurity-fundamentals-threats-vulnerabilities-weaknesses-and-flaws-a940f3503c0?source=rss----7b722bfd1b8d---4) 2023-05-02T18:45:58Z **LDAP Injection** ⌘ [Read more](https://infosecwriteups.com/ldap-injection-653d7225dd8?source=rss----7b722bfd1b8d---4) 2023-05-02T18:45:50Z **Python Penetration Testing: File Transfers Using Google API** ⌘ [Read more](https://infosecwriteups.com/python-penetration-testing-file-transfers-using-google-api-c4abf43fbcf1?source=rss----7b722bfd1b8d---4) 2023-05-02T18:45:35Z **Red Teaming: Exfiltrating Data & Command Network Nodes (Like a Ghost!)** ⌘ [Read more](https://infosecwriteups.com/red-teaming-exfiltrating-data-command-network-nodes-like-a-ghost-f34c878e70f6?source=rss----7b722bfd1b8d---4) 2023-05-02T18:45:25Z **PHP Backdoor Obfuscation** ⌘ [Read more](https://infosecwriteups.com/php-backdoor-obfuscation-a0fee97f00e2?source=rss----7b722bfd1b8d---4) 2023-05-02T18:45:10Z **Bypassing MPX Node Authentication — Firmware analysis** ⌘ [Read more](https://infosecwriteups.com/bypassing-mpx-node-authentication-firmware-analysis-8ecbac012bf3?source=rss----7b722bfd1b8d---4) 2023-05-02T18:44:49Z **Red Teaming: 0x01 Click RCE via VoIP USB** ⌘ [Read more](https://infosecwriteups.com/red-teaming-0x01-click-rce-via-voip-usb-37cf32db1af2?source=rss----7b722bfd1b8d---4) 2023-05-03T19:31:52Z **RSA Conference 2023 — What You Need to Know About Cybersecurity**
[![](https://cdn-images-1.medium.com/max/2600/0*JSN59CMr4SQN6BtJ)](https://infosecwriteups.com/rsa-conference-2023-what-you-need-to-know-about-cybersecurity-56e54e1b5dab?source=rss----7b722bfd1b8d---4)

Recently, the RSA conference took place in San Francisco, where experts in information security gathered to discuss the latest…

[Continue reading on InfoSec Write-ups »](h ... ⌘ [Read more](https://infosecwriteups.com/rsa-conference-2023-what-you-need-to-know-about-cybersecurity-56e54e1b5dab?source=rss----7b722bfd1b8d---4) 2023-05-04T12:37:15Z **Mass Assignment leads to the victim’s account being inaccessible forever**
[![](https://cdn-images-1.medium.com/max/1200/1*fwDpPTc8iB8ncRjqRVU-CQ.png)](https://infosecwriteups.com/mass-assignment-leads-to-the-victims-account-being-inaccessible-forever-52e48c6a8a4d?source=rss----7b722bfd1b8d---4)

Hi Guys, My name is m7arm4n and today I wanna talk about one of my findings on a private program that was vulnerable to Mass Assignme ... ⌘ [Read more](https://infosecwriteups.com/mass-assignment-leads-to-the-victims-account-being-inaccessible-forever-52e48c6a8a4d?source=rss----7b722bfd1b8d---4) 2023-05-07T17:24:05Z **Binex (970 Points) — TryHackMe Room Simple Writeup | Karthikeyan Nagaraj** ⌘ [Read more](https://infosecwriteups.com/binex-970-points-tryhackme-room-simple-writeup-karthikeyan-nagaraj-33a5e71a31bd?source=rss----7b722bfd1b8d---4) 2023-05-07T17:21:46Z **A Guide to Identifying and Mitigating Email Header Injection Vulnerabilities for Bug Bounty Hunters**
[![](https://cdn-images-1.medium.com/max/1024/1*ydPmWkOh-MCCyKoNuMDhhg.jpeg)](https://infosecwriteups.com/a-guide-to-identifying-and-mitigating-email-header-injection-vulnerabilities-for-bug-bounty-hunters-32bd228d15b5?source=rss----7b722bfd1b8d---4)

As a bug bounty hunter, one of the vulnerabilitie ... ⌘ [Read more](https://infosecwriteups.com/a-guide-to-identifying-and-mitigating-email-header-injection-vulnerabilities-for-bug-bounty-hunters-32bd228d15b5?source=rss----7b722bfd1b8d---4) 2023-05-07T17:20:55Z **HeartBleed Vulnerability Exploit Using Metasploit — TryHackMe Room Simple Writeup | Karthikeyan…** ⌘ [Read more](https://infosecwriteups.com/heartbleed-vulnerability-exploit-using-metasploit-tryhackme-room-simple-writeup-karthikeyan-a338debda13b?source=rss----7b722bfd1b8d---4) 2023-05-07T17:20:43Z **Using Python for Malware Analysis — A Beginners Guide** ⌘ [Read more](https://infosecwriteups.com/using-python-for-malware-analysis-a-beginners-guide-8432377df2c4?source=rss----7b722bfd1b8d---4) 2023-05-07T17:20:24Z **AllSafe (Intentionally Vulnerable Android Application)- Part 1** ⌘ [Read more](https://infosecwriteups.com/allsafe-intentionally-vulnerable-android-application-part-1-5603d75b78c9?source=rss----7b722bfd1b8d---4) 2023-05-07T17:19:08Z **GO Code Review #1 : Hard-coded credentials are security-sensitive** ⌘ [Read more](https://infosecwriteups.com/go-code-review-1-hard-coded-credentials-are-security-sensitive-4317a8431eaa?source=rss----7b722bfd1b8d---4) 2023-05-07T17:31:36Z **Net Sec Challenge — TryHackme Room Simple Writeup | 2023** ⌘ [Read more](https://infosecwriteups.com/net-sec-challenge-tryhackme-room-simple-writeup-2023-f0595157594d?source=rss----7b722bfd1b8d---4) 2023-05-07T17:31:26Z **Exploiting Local Admin Access** ⌘ [Read more](https://infosecwriteups.com/exploiting-local-admin-access-dfb42eddf5d2?source=rss----7b722bfd1b8d---4) 2023-05-07T17:28:53Z **Understanding Server Misconfiguration: A Comprehensive Guide | 2023** ⌘ [Read more](https://infosecwriteups.com/understanding-server-misconfiguration-a-comprehensive-guide-2023-4f877fa66909?source=rss----7b722bfd1b8d---4) 2023-05-07T17:27:13Z **VISUALIZING DATA AND ITS APPLICATION IN CYBERSECURITY** ⌘ [Read more](https://infosecwriteups.com/visualizing-data-and-its-application-in-cybersecurity-221652ab13a3?source=rss----7b722bfd1b8d---4) 2023-05-07T17:26:56Z **TryHackMe’s WebOSINT Simple Writeup— Conducting Basic Open-source Intelligence Research on a…** ⌘ [Read more](https://infosecwriteups.com/tryhackmes-webosint-simple-writeup-conducting-basic-open-source-intelligence-research-on-a-f1c1da2e8089?source=rss----7b722bfd1b8d---4) 2023-05-09T18:40:27Z **Criminal-IP — The Best Cyber Threat Intelligence Based Search Engine** ⌘ [Read more](https://infosecwriteups.com/criminal-ip-the-best-cyber-threat-intelligence-based-search-engine-61815d89b748?source=rss----7b722bfd1b8d---4) 2023-05-09T18:40:01Z **TryHackme’s — Scripting Room Simple Writeup | 2023** ⌘ [Read more](https://infosecwriteups.com/tryhackmes-scripting-room-simple-writeup-2023-679e26dec473?source=rss----7b722bfd1b8d---4) 2023-05-09T18:39:48Z **Understanding LDAP Injection: Crafting Payloads and Mitigation Strategies**
[![](https://cdn-images-1.medium.com/max/1024/1*ggc2UWUEz0ud6QXdtbP-8Q.jpeg)](https://infosecwriteups.com/understanding-ldap-injection-crafting-payloads-and-mitigation-strategies-be90991b7ac8?source=rss----7b722bfd1b8d---4)

LDAP (Lightweight Directory Access Protocol) is a widely used protocol for accessing and managing directory services. It is often ... ⌘ [Read more](https://infosecwriteups.com/understanding-ldap-injection-crafting-payloads-and-mitigation-strategies-be90991b7ac8?source=rss----7b722bfd1b8d---4) 2023-05-09T18:39:39Z **Discovery of an XSS on Opera** ⌘ [Read more](https://infosecwriteups.com/discovery-of-an-xss-on-opera-f029f6522ec5?source=rss----7b722bfd1b8d---4) 2023-05-09T18:38:25Z **Skynet — TryHackMe Room Simple Writeup | 2023** ⌘ [Read more](https://infosecwriteups.com/skynet-tryhackme-room-simple-writeup-2023-4dbda93fe756?source=rss----7b722bfd1b8d---4) 2023-05-09T18:38:16Z **How I bypassed the registration validation and logged-in with the company email** ⌘ [Read more](https://infosecwriteups.com/how-i-bypassed-the-registration-validation-and-logged-in-with-the-company-email-14eb12c45fb5?source=rss----7b722bfd1b8d---4) 2023-05-09T18:38:01Z **PicoCTF asm3 challenge: Master the Art of Reverse Engineering — StackZero** ⌘ [Read more](https://infosecwriteups.com/picoctf-asm3-challenge-master-the-art-of-reverse-engineering-stackzero-f599745f81c4?source=rss----7b722bfd1b8d---4) 2023-05-11T04:11:21Z **TryHackMe — Res Room Simple Writeup By Karthikeyan Nagaraj** ⌘ [Read more](https://infosecwriteups.com/tryhackme-res-room-simple-writeup-by-karthikeyan-nagaraj-8320a012b7c7?source=rss----7b722bfd1b8d---4) 2023-05-11T04:11:11Z **Breaking Down Barriers : CVE-2023–2227** ⌘ [Read more](https://infosecwriteups.com/breaking-down-barriers-cve-2023-2227-9ef64c4f4182?source=rss----7b722bfd1b8d---4) 2023-05-11T04:11:01Z **CVE-2022–26180:qdPM 9.2 CSRF Vulnerability in index.php/myAccount/update URI** ⌘ [Read more](https://infosecwriteups.com/cve-2022-26180-qdpm-9-2-csrf-vulnerability-in-index-php-myaccount-update-uri-8f84a4dfc140?source=rss----7b722bfd1b8d---4) 2023-05-14T18:06:42Z **Bypass Rate Limit Request (fuzzing/etc…) With TOR** ⌘ [Read more](https://infosecwriteups.com/bypass-rate-limit-request-fuzzing-etc-with-tor-3a285f3980d2?source=rss----7b722bfd1b8d---4) 2023-05-14T18:06:08Z **Bypass JWT Authentication | Access Admin Panel** ⌘ [Read more](https://infosecwriteups.com/bypass-jwt-authentication-access-admin-panel-73b8d73a0f1?source=rss----7b722bfd1b8d---4) 2023-05-15T08:27:59Z **How to Learn Manual SQL Injection for OSCP(Step by Step)** ⌘ [Read more](https://infosecwriteups.com/how-to-learn-manual-sql-injection-for-oscp-step-by-step-f447d3f72ad5?source=rss----7b722bfd1b8d---4) 2023-05-15T08:27:17Z **SQL Injection Vulnerability in GoLang Code #2** ⌘ [Read more](https://infosecwriteups.com/sql-injection-vulnerability-in-golang-code-2-3536f027516d?source=rss----7b722bfd1b8d---4) 2023-05-15T08:26:47Z **Intro to IOT Hardware Hacking** ⌘ [Read more](https://infosecwriteups.com/intro-to-iot-hardware-hacking-abd5f591e86e?source=rss----7b722bfd1b8d---4) 2023-05-15T08:26:36Z **Network Services — Enumerating and Exploiting variety of network services and misconfiguration |…** ⌘ [Read more](https://infosecwriteups.com/network-services-enumerating-and-exploiting-variety-of-network-services-and-misconfiguration-f9581b5a1005?source=rss----7b722bfd1b8d---4) 2023-05-15T08:26:01Z **Have you heard about MITRE ATT&CK Enginuity Evaluation?**
[![](https://cdn-images-1.medium.com/max/1956/0*qEXMatbIDE8w95l2.jpg)](https://infosecwriteups.com/have-you-heard-about-mitre-att-ck-enginuity-evaluation-e246841a89ec?source=rss----7b722bfd1b8d---4)

Enginuity — A framework designed to test Endpoint Security products to their limits.

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/have-you-heard-about-mitre-att-ck- ... ⌘ [Read more](https://infosecwriteups.com/have-you-heard-about-mitre-att-ck-enginuity-evaluation-e246841a89ec?source=rss----7b722bfd1b8d---4) 2023-05-15T08:25:22Z **The Bind, Escalate and Impersonate Verbs For Privilege Escalation In The Kubernetes Cluster** ⌘ [Read more](https://infosecwriteups.com/the-bind-escalate-and-impersonate-verbs-in-the-kubernetes-cluster-e9635b4fbfc6?source=rss----7b722bfd1b8d---4) 2023-05-15T08:25:00Z **HackTheBox WriteUp — Ghoul** ⌘ [Read more](https://infosecwriteups.com/hackthebox-writeup-ghoul-ca5913f3df43?source=rss----7b722bfd1b8d---4) 2023-05-15T08:24:14Z **Understanding Risk, Risk Severity, and Risk Score of a Vulnerability: A Comprehensive Guide**
[![](https://cdn-images-1.medium.com/max/1024/1*qcAQcD_83OeaHDgh3TXoXQ.jpeg)](https://infosecwriteups.com/understanding-risk-risk-severity-and-risk-score-of-a-vulnerability-a-comprehensive-guide-15824e0b1a8?source=rss----7b722bfd1b8d---4)

In the realm of cybersecurity, understanding and evaluating the risks associated ... ⌘ [Read more](https://infosecwriteups.com/understanding-risk-risk-severity-and-risk-score-of-a-vulnerability-a-comprehensive-guide-15824e0b1a8?source=rss----7b722bfd1b8d---4) 2023-05-15T08:23:31Z **TryHackMe — Steel Mountain Simple Writeup by Karthikeyan Nagaraj | Mr. Robot | 2023** ⌘ [Read more](https://infosecwriteups.com/tryhackme-steel-mountain-simple-writeup-by-karthikeyan-nagaraj-mr-robot-2023-d386a721bd3a?source=rss----7b722bfd1b8d---4) 2023-05-15T10:26:16Z **Crack the Code: A Guide to Defend the Web CTF Crypt Challenges 1–5** ⌘ [Read more](https://infosecwriteups.com/crack-the-code-a-guide-to-defend-the-web-ctf-crypt-challenges-1-5-8a7aaddb29a3?source=rss----7b722bfd1b8d---4) 2023-05-16T09:31:39Z **Beginner’s Guide: Defending Web SQLi 1–2 CTF Challenges** ⌘ [Read more](https://infosecwriteups.com/beginners-guide-defending-web-sqli-1-2-ctf-challenges-7dfe4dd2acab?source=rss----7b722bfd1b8d---4) 2023-05-17T09:31:56Z **Easy CSRF bypass** ⌘ [Read more](https://infosecwriteups.com/easy-csrf-bypass-7226b4e3593e?source=rss----7b722bfd1b8d---4) 2023-05-21T12:32:40Z **Hacking Into My Own Twitter Account Cause Why Not?** ⌘ [Read more](https://infosecwriteups.com/hacking-into-my-own-twitter-account-cause-why-not-a8eae48a27e3?source=rss----7b722bfd1b8d---4) 2023-05-21T12:32:03Z **The Art of Tracking a Hacker || Data Breaches** ⌘ [Read more](https://infosecwriteups.com/the-art-of-tracking-a-hacker-data-breaches-412aa3a4f3d8?source=rss----7b722bfd1b8d---4) 2023-05-21T12:30:02Z **Detecting & Bypassing Defensive Measures (Canary Token)** ⌘ [Read more](https://infosecwriteups.com/detecting-bypassing-defensive-measures-canary-token-2b4357f3a7ca?source=rss----7b722bfd1b8d---4) 2023-05-21T12:28:59Z **MITRE ATT&CK Enterprise - Framework | Tactics | Techniques (P1)** ⌘ [Read more](https://infosecwriteups.com/mitre-att-ck-enterprise-framework-tactics-techniques-p1-ccc28a35f282?source=rss----7b722bfd1b8d---4) 2023-05-21T12:28:47Z **Write-up of Devel — An easy-rated Windows machine on HTB** ⌘ [Read more](https://infosecwriteups.com/write-up-of-devel-an-easy-rated-windows-machine-on-htb-527f37decf99?source=rss----7b722bfd1b8d---4) 2023-05-21T12:28:34Z **Intro to Docker | Tryhackme Writeup/Walkthrough | By Md Amiruddin** ⌘ [Read more](https://infosecwriteups.com/intro-to-docker-tryhackme-writeup-walkthrough-by-md-amiruddin-ae824e82535b?source=rss----7b722bfd1b8d---4) 2023-05-21T12:44:33Z **Ghidra — A powerful Reverse Engineering Tool** ⌘ [Read more](https://infosecwriteups.com/ghidra-a-powerful-reverse-engineering-tool-f8ea52a2bfd3?source=rss----7b722bfd1b8d---4) 2023-05-21T12:43:52Z **Exposing iCloud user’s Name, phone numbers, and email addresses.** ⌘ [Read more](https://infosecwriteups.com/exposing-icloud-users-name-phone-numbers-and-email-addresses-d1f4a3786092?source=rss----7b722bfd1b8d---4) 2023-05-21T12:42:18Z **5 Best Cybersecurity Books of All Time (Must Read!)-Part-1** ⌘ [Read more](https://infosecwriteups.com/5-best-cybersecurity-books-of-all-time-must-read-part-1-aaaff7730c63?source=rss----7b722bfd1b8d---4) 2023-05-21T12:42:03Z **Reverse Engineering a binary with IDA Free** ⌘ [Read more](https://infosecwriteups.com/reverse-engineering-a-binary-with-ida-free-346cab16be9f?source=rss----7b722bfd1b8d---4) 2023-05-21T12:41:58Z **Threat Hunting in Security Operations**
[![](https://cdn-images-1.medium.com/max/2600/0*4fSM_FnjSSDBC1hW)](https://infosecwriteups.com/threat-hunting-in-security-operations-5ee1d84b6028?source=rss----7b722bfd1b8d---4)

Let’s hunt!

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/threat-hunting-in-security-operations-5ee1d84b6028?source=rss----7b722bfd1b8d---4) ⌘ [Read more](https://infosecwriteups.com/threat-hunting-in-security-operations-5ee1d84b6028?source=rss----7b722bfd1b8d---4) 2023-05-21T12:39:36Z **How to Pass the Microsoft Certified: Cybersecurity Architect Expert SC-100** ⌘ [Read more](https://infosecwriteups.com/how-to-pass-the-microsoft-certified-cybersecurity-architect-expert-sc-100-d0c2e8ae7345?source=rss----7b722bfd1b8d---4) 2023-05-21T12:52:29Z **Account Takeover + IDOR** ⌘ [Read more](https://infosecwriteups.com/account-takeover-idor-e2f61a698785?source=rss----7b722bfd1b8d---4) 2023-05-21T12:52:11Z **Uploading the Webshell using filename of Content-Disposition Header Story!** ⌘ [Read more](https://infosecwriteups.com/uploading-the-webshell-using-filename-of-content-disposition-header-story-59ba87752311?source=rss----7b722bfd1b8d---4) 2023-05-21T12:50:43Z **My Second VDP Bug Went Critical: Grafana Admin Panel Bypass** ⌘ [Read more](https://infosecwriteups.com/my-second-vdp-bug-went-critical-grafana-admin-panel-bypass-a09e4faf1c82?source=rss----7b722bfd1b8d---4) 2023-05-21T12:50:09Z **Phoenix Challenges — Stack Five (Custom Shellcode)** ⌘ [Read more](https://infosecwriteups.com/phoenix-challenges-stack-five-custom-shellcode-87a1ff5c1f6c?source=rss----7b722bfd1b8d---4) 2023-05-22T13:47:47Z **Secure the Web: Exploring Defense Strategies for Web Realistic Levels 1–4 CTF Challenges** ⌘ [Read more](https://infosecwriteups.com/secure-the-web-exploring-defense-strategies-for-web-realistic-levels-1-4-ctf-challenges-993189e6600?source=rss----7b722bfd1b8d---4) 2023-05-30T03:40:08Z **Detecting DLL Injection in Windows** ⌘ [Read more](https://infosecwriteups.com/detecting-dll-injection-in-windows-804e065f5eb7?source=rss----7b722bfd1b8d---4) 2023-05-30T03:37:53Z **Linking the Pieces: A Journey into ROP Chains for Beginner Explorers** ⌘ [Read more](https://infosecwriteups.com/linking-the-pieces-a-journey-into-rop-chains-for-beginner-explorers-a9767d4c5149?source=rss----7b722bfd1b8d---4) 2023-05-30T03:37:34Z **The Real Impact of AI on Cybersecurity!** ⌘ [Read more](https://infosecwriteups.com/the-real-impact-of-ai-on-cybersecurity-dbc24e521a6e?source=rss----7b722bfd1b8d---4) 2023-05-30T03:37:11Z **Privileges Escalation Techniques (Basic to Advanced) in Linux** ⌘ [Read more](https://infosecwriteups.com/privileges-escalation-techniques-basic-to-advanced-in-linux-3220bc8b6914?source=rss----7b722bfd1b8d---4) 2023-05-30T03:36:56Z **Easy Peasy (writeup)** ⌘ [Read more](https://infosecwriteups.com/tryhackme-easy-peasy-writeup-12cb1065a849?source=rss----7b722bfd1b8d---4) 2023-05-30T03:36:48Z **TRYHACKME: STARTUP ROOM (writeup)** ⌘ [Read more](https://infosecwriteups.com/tryhackme-startup-room-writeup-e6d6f6584df5?source=rss----7b722bfd1b8d---4) 2023-05-30T03:36:31Z **SIMPLE CTF ROOM (writeup)** ⌘ [Read more](https://infosecwriteups.com/tryhackme-simple-ctf-room-writeup-35e4bacb8cd3?source=rss----7b722bfd1b8d---4) 2023-05-30T03:36:03Z **Gain Full Control Over The Target Machine Using BeEF & Shellter** ⌘ [Read more](https://infosecwriteups.com/gain-full-control-over-the-target-machine-using-beef-shellter-5fce5db78823?source=rss----7b722bfd1b8d---4) 2023-05-30T03:32:46Z **Let’s know these basic server types!** ⌘ [Read more](https://infosecwriteups.com/lets-know-these-basic-server-types-cba2acc33f59?source=rss----7b722bfd1b8d---4) 2023-05-30T03:30:53Z **FOSS BUFF3R CTF WRITEUP** ⌘ [Read more](https://infosecwriteups.com/foss-buff3r-ctf-writeup-dc6ce5dcf554?source=rss----7b722bfd1b8d---4) 2023-05-30T03:59:41Z **Enhancing API Gateway Security: Integrating AWS Cognito User Pools with Authorization Code Grant** ⌘ [Read more](https://infosecwriteups.com/enhancing-api-gateway-security-integrating-aws-cognito-user-pools-with-authorization-code-grant-9b7befdd3cc6?source=rss----7b722bfd1b8d---4) 2023-05-30T03:56:11Z **I Earned $3500 and 40 Points for A GraphQL Blind SQL Injection Vulnerability.** ⌘ [Read more](https://infosecwriteups.com/i-earned-3500-and-40-points-for-a-graphql-blind-sql-injection-vulnerability-5b7e428c477d?source=rss----7b722bfd1b8d---4) 2023-05-30T04:05:37Z **Discovering C2 IPs Through Shodan?** ⌘ [Read more](https://infosecwriteups.com/discovering-c2-ips-through-shodan-5e512b0a99cb?source=rss----7b722bfd1b8d---4) 2023-05-31T04:51:41Z **RootMe CTF [Writeup] TryHackMe** ⌘ [Read more](https://infosecwriteups.com/rootme-ctf-writeup-tryhackme-e0d48305b296?source=rss----7b722bfd1b8d---4) 2023-05-31T04:51:40Z **Automated Monitoring + Time = Bug, the bug on HackerOne Target (8x8)** ⌘ [Read more](https://infosecwriteups.com/automated-monitoring-time-bug-the-bug-on-hackerone-target-8x8-ed74b7f5390e?source=rss----7b722bfd1b8d---4) 2023-06-01T06:01:42Z **A Comprehensive Guide to OverTheWire Bandit Levels 0–5** ⌘ [Read more](https://infosecwriteups.com/a-comprehensive-guide-to-overthewire-bandit-levels-0-5-e774efdf0fdd?source=rss----7b722bfd1b8d---4) 2023-06-03T04:57:17Z **How does Artificial Intelligence change bug bounty?** ⌘ [Read more](https://infosecwriteups.com/how-does-artificial-intelligence-change-bug-bounty-6fd52dc2fecd?source=rss----7b722bfd1b8d---4) 2023-06-05T02:47:08Z **On the Fly ARP Spoofing Windows and Linux**
[![](https://cdn-images-1.medium.com/max/704/1*c8D001lsLxxOcx_sy9cRjw.png)](https://infosecwriteups.com/on-the-fly-arp-spoofing-windows-and-linux-2bc39a308e9f?source=rss----7b722bfd1b8d---4)

In this project, I use a Kali Linux tool called On the Fly to explore how ARP spoofing works on a Windows and Linux machine.

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/on-the-fly-arp-spoofing-windo ... ⌘ [Read more](https://infosecwriteups.com/on-the-fly-arp-spoofing-windows-and-linux-2bc39a308e9f?source=rss----7b722bfd1b8d---4) 2023-06-05T02:45:36Z **Python Penetration Testing: This Team Must be Token** ⌘ [Read more](https://infosecwriteups.com/python-penetration-testing-this-team-must-be-token-851fb8af92b8?source=rss----7b722bfd1b8d---4) 2023-06-05T02:43:54Z **XSS Intigriti challenge** ⌘ [Read more](https://infosecwriteups.com/xss-intigriti-challenge-dae2dba1cb4c?source=rss----7b722bfd1b8d---4) 2023-06-05T02:42:06Z **BUG BOUNTY HUNTING (METHODOLOGY , TOOLS , TIPS & TRICKS , Blogs, Books)** ⌘ [Read more](https://infosecwriteups.com/bug-bounty-hunting-methodology-tools-tips-tricks-blogs-books-6f84cda7ce34?source=rss----7b722bfd1b8d---4) 2023-06-05T02:41:34Z **Multiple CVEs affecting Pydio Cells 4.2.0**
[![](https://cdn-images-1.medium.com/max/818/1*g-meM-gqtLFmMvxMZp_GhA.png)](https://infosecwriteups.com/multiple-cves-affecting-pydio-cells-4-2-0-321e7e4712be?source=rss----7b722bfd1b8d---4)

Greetings hackers; just quickly wanted to share an advisory write-up that my team discovered in Pydio Cells 4.2.0. These have been…

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/multiple-cves-affectin ... ⌘ [Read more](https://infosecwriteups.com/multiple-cves-affecting-pydio-cells-4-2-0-321e7e4712be?source=rss----7b722bfd1b8d---4) 2023-06-05T02:40:36Z **Unmasking Basic CSRF Bugs: Hunter Guide for Beginners** ⌘ [Read more](https://infosecwriteups.com/unmasking-basic-csrf-bug-hunter-5003dbe44466?source=rss----7b722bfd1b8d---4) 2023-06-05T03:14:31Z **Weird Improper Access Control Bug of $$$** ⌘ [Read more](https://infosecwriteups.com/weird-improper-access-control-bug-of-9cbceb8e039f?source=rss----7b722bfd1b8d---4) 2023-06-05T03:11:59Z **Simple Bugs — Buying Everything for Free!!!** ⌘ [Read more](https://infosecwriteups.com/simple-bugs-buying-everything-for-free-7d1129e083c8?source=rss----7b722bfd1b8d---4) 2023-06-05T03:11:46Z **Build Centralized Security Workflows in Github: A tale of Reusable Workflows** ⌘ [Read more](https://infosecwriteups.com/build-centralized-security-workflows-in-github-a-tale-of-reusable-workflows-757963c3f1ec?source=rss----7b722bfd1b8d---4) 2023-06-05T03:11:32Z **Hacking Web Apps: Understanding Cross-Site Request Forgery (CSRF) Vulnerabilities**
[![](https://cdn-images-1.medium.com/max/2600/0*qcJUyyei-YN_kwS8)](https://infosecwriteups.com/hacking-web-apps-understanding-cross-site-request-forgery-csrf-vulnerabilities-85c8d6113499?source=rss----7b722bfd1b8d---4)

The demonstration in this article showcases a low-security level scenario where a GET request is used to change the admi ... ⌘ [Read more](https://infosecwriteups.com/hacking-web-apps-understanding-cross-site-request-forgery-csrf-vulnerabilities-85c8d6113499?source=rss----7b722bfd1b8d---4) 2023-06-05T03:11:21Z **Evading Detection with Hoaxshell Obfuscation — A Tool to Bypass Windows Defender**
[![](https://cdn-images-1.medium.com/max/670/1*KLxzI_rSDP6pfm7Flv6NuQ.png)](https://infosecwriteups.com/evading-detection-with-hoaxshell-obfuscation-a-tool-to-bypass-windows-defender-a6fd56ad27b4?source=rss----7b722bfd1b8d---4)

I demonstrate how to generate and obfuscate a PowerShell payload to bypass Windows Defender Antivirus undetected ... ⌘ [Read more](https://infosecwriteups.com/evading-detection-with-hoaxshell-obfuscation-a-tool-to-bypass-windows-defender-a6fd56ad27b4?source=rss----7b722bfd1b8d---4) 2023-06-05T03:08:28Z **AllSafe (Intentionally Vulnerable Android Application)- Part 2** ⌘ [Read more](https://infosecwriteups.com/allsafe-intentionally-vulnerable-android-application-part-2-8031f015f846?source=rss----7b722bfd1b8d---4) 2023-06-05T03:32:52Z **Send email from anyone to any(user outlook Microsoft)** ⌘ [Read more](https://infosecwriteups.com/send-email-from-anyone-to-any-user-outlook-microsoft-69fce333066d?source=rss----7b722bfd1b8d---4) 2023-06-05T03:32:15Z **TryHackMe | Valley Writeup** ⌘ [Read more](https://infosecwriteups.com/tryhackme-valley-writeup-e67b505f35c9?source=rss----7b722bfd1b8d---4) 2023-06-05T03:32:04Z **LOTL — Why it’s a Hacker Favorite** ⌘ [Read more](https://infosecwriteups.com/lotl-why-its-a-hacker-favorite-e6369ca39076?source=rss----7b722bfd1b8d---4) 2023-06-05T03:31:21Z **Did you know you can earn bounties using Discord?** ⌘ [Read more](https://infosecwriteups.com/did-you-know-you-can-earn-bounty-using-discord-1e8eb79aa260?source=rss----7b722bfd1b8d---4) 2023-06-05T03:30:16Z **How Hackers can exploit Caching x Race-Conditions for followers count manipulation on Twitter** ⌘ [Read more](https://infosecwriteups.com/how-hackers-can-exploit-caching-x-race-conditions-for-followers-count-manipulation-on-twitter-a412ec109041?source=rss----7b722bfd1b8d---4) 2023-06-05T03:29:32Z **Building a 30,000$ password cracking rig in the cloud for pennies.** ⌘ [Read more](https://infosecwriteups.com/building-a-30-000-password-cracking-rig-in-the-cloud-for-pennies-82dc7d66686a?source=rss----7b722bfd1b8d---4) 2023-06-05T03:28:39Z **Blog Series: Themes You’ll Run Into a Lot in Cyber Security — Validation** ⌘ [Read more](https://infosecwriteups.com/blog-series-themes-youll-run-into-a-lot-in-cyber-security-validation-b17482b17c90?source=rss----7b722bfd1b8d---4) 2023-06-11T12:57:32Z **Hacking CSRF: Bypassing of CSRF token** ⌘ [Read more](https://infosecwriteups.com/hacking-csrf-bypassing-of-csrf-token-f03b51c36d31?source=rss----7b722bfd1b8d---4) 2023-06-11T12:56:51Z **Learn How Hackers hack Databases (PART 2)** ⌘ [Read more](https://infosecwriteups.com/sql-injection-for-beginners-using-sqlmap-part-2-53e9775b67f5?source=rss----7b722bfd1b8d---4) 2023-06-11T12:56:42Z **Learn How hackers hack Databases (PART 1)** ⌘ [Read more](https://infosecwriteups.com/sql-injection-for-beginners-using-sqlmap-36e091e8a070?source=rss----7b722bfd1b8d---4) 2023-06-11T12:56:29Z **Hack Someone’s Camera just with a Youtube link** ⌘ [Read more](https://infosecwriteups.com/hack-someones-camera-just-with-a-youtube-link-a580d397192c?source=rss----7b722bfd1b8d---4) 2023-06-11T12:52:50Z **LetsDefend Dynamic Malware Analysis Part 2** ⌘ [Read more](https://infosecwriteups.com/letsdefend-dynamic-malware-analysis-part-2-92e0a1e73f0f?source=rss----7b722bfd1b8d---4) 2023-06-11T12:52:40Z **LetsDefend: Dynamic Malware Analysis Part 1** ⌘ [Read more](https://infosecwriteups.com/letsdefend-dynamic-malware-analysis-part-1-1ce35ff5b59f?source=rss----7b722bfd1b8d---4) 2023-06-12T08:39:42Z **Lock & Load: Arming Yourself with Custom Sigma Rules**
[![](https://cdn-images-1.medium.com/max/1920/1*dxrGf-Ajr2i6y5tiMMNaQw.jpeg)](https://infosecwriteups.com/lock-load-arming-yourself-with-custom-sigma-rules-87734c22db78?source=rss----7b722bfd1b8d---4)

Learn how to use Sigma rules to translate threat intelligence into threat hunting!

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/lock-load-arming-yourself-with-custom-sigm ... ⌘ [Read more](https://infosecwriteups.com/lock-load-arming-yourself-with-custom-sigma-rules-87734c22db78?source=rss----7b722bfd1b8d---4) 2023-06-12T08:38:41Z **Malware Analysis Lab Environment**
[![](https://cdn-images-1.medium.com/max/716/1*EiWwxj-gpndSGkaY27f51Q.png)](https://infosecwriteups.com/malware-analysis-lab-environment-833c344ff13e?source=rss----7b722bfd1b8d---4)

Setting up a malware analysis lab environment using Proxmox, REMnux, and Flare-VM

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/malware-analysis-lab-environment-833c344ff13e?source=rss----7b722bfd1b8d---4) ⌘ [Read more](https://infosecwriteups.com/malware-analysis-lab-environment-833c344ff13e?source=rss----7b722bfd1b8d---4) 2023-06-12T08:37:55Z **Threat Hunting II: Environment Setup**
[![](https://cdn-images-1.medium.com/max/600/1*vyuEVZ8_mom5nMr8MKgu6g.png)](https://infosecwriteups.com/threat-hunting-ii-environment-setup-621ec6ab222d?source=rss----7b722bfd1b8d---4)

Welcome back to part II of this series on threat hunting! (apologies for the delay).

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/threat-hunting-ii-environment-setup-621ec6ab222d?source=rss----7b722bfd1b8d---4) ⌘ [Read more](https://infosecwriteups.com/threat-hunting-ii-environment-setup-621ec6ab222d?source=rss----7b722bfd1b8d---4) 2023-06-12T08:37:46Z **Cyber Security Assessments — The value for the Business and the Techies**
[![](https://cdn-images-1.medium.com/max/1024/0*Z5vvI_gGHmPLC5w_)](https://infosecwriteups.com/cyber-security-assessments-the-value-for-the-business-and-the-techies-cd480bbaad0d?source=rss----7b722bfd1b8d---4)

Part of the improvement process — regardless of if it’s personal or an organizational process — requires retrospection and inspection of…

[Continue ... ⌘ [Read more](https://infosecwriteups.com/cyber-security-assessments-the-value-for-the-business-and-the-techies-cd480bbaad0d?source=rss----7b722bfd1b8d---4) 2023-06-12T08:37:32Z **Decoding Log4j : What You Need to Know** ⌘ [Read more](https://infosecwriteups.com/decoding-log4j-what-you-need-to-know-8bf2b9c86160?source=rss----7b722bfd1b8d---4) 2023-06-12T08:33:59Z **Critical Finding on TP-Link service or how I got 0$** ⌘ [Read more](https://infosecwriteups.com/critical-finding-on-tp-link-service-or-how-i-got-0-fc86a0e52eaf?source=rss----7b722bfd1b8d---4) 2023-06-12T08:33:35Z **SQL injection with INSERT statement** ⌘ [Read more](https://infosecwriteups.com/sql-injection-with-insert-statement-bdcf4d47d178?source=rss----7b722bfd1b8d---4) 2023-06-12T08:33:24Z **Turning My Manual Methodology to a Cloud-Based GUI Tool for Web Recon | Ghost Recon Your Ultimate…** ⌘ [Read more](https://infosecwriteups.com/turning-my-manual-methodology-to-a-cloud-based-gui-tool-for-web-recon-ghost-recon-your-ultimate-39f19b78d105?source=rss----7b722bfd1b8d---4) 2023-06-12T08:32:49Z **TryHackMe: CC ~ Pen Testing** ⌘ [Read more](https://infosecwriteups.com/tryhackme-cc-pen-testing-a5b434b63be0?source=rss----7b722bfd1b8d---4) 2023-06-12T08:32:37Z **Linux Strength Training ~ THM Write Up** ⌘ [Read more](https://infosecwriteups.com/linux-strength-training-thm-write-up-d1f86d88d7bc?source=rss----7b722bfd1b8d---4) 2023-06-12T08:53:22Z **A Day of Bounty Bonanza: Discovering Two Bugs Back-to-Back!** ⌘ [Read more](https://infosecwriteups.com/a-day-of-bounty-bonanza-discovering-two-bugs-back-to-back-4d9b8b25bb70?source=rss----7b722bfd1b8d---4) 2023-06-12T08:52:57Z **How To Get Your First Job as a Hacker (Important Tips!)** ⌘ [Read more](https://infosecwriteups.com/how-to-get-your-first-job-as-a-hacker-important-tips-4b1cfb447a08?source=rss----7b722bfd1b8d---4) 2023-06-12T08:51:19Z **Linux Forensic: A Practical Approach for Uncovering Digital Evidence** ⌘ [Read more](https://infosecwriteups.com/blue-team-bootcamp-series-p1-linux-forensic-a-practical-approach-for-uncovering-digital-bb794686004d?source=rss----7b722bfd1b8d---4) 2023-06-12T08:49:03Z **Unlocking Threat Visibility: IOC Management for Enhanced Cybersecurity** ⌘ [Read more](https://infosecwriteups.com/unlocking-threat-visibility-ioc-management-for-enhanced-cybersecurity-884c4c1b97a5?source=rss----7b722bfd1b8d---4) 2023-06-12T08:48:50Z **PowerShell: Ignite Your Digital Domain with Command-Line Brilliance !** ⌘ [Read more](https://infosecwriteups.com/powershell-ignite-your-digital-domain-with-command-line-brilliance-8eaada811d57?source=rss----7b722bfd1b8d---4) 2023-06-12T08:46:53Z **Hacking WhatsApp with tiny little hardware | Unveiling the Mac OS Security Myth: Exploiting…** ⌘ [Read more](https://infosecwriteups.com/hacking-whatsapp-with-tiny-little-hardware-unveiling-the-mac-os-security-myth-exploiting-6c06e743164f?source=rss----7b722bfd1b8d---4) 2023-06-12T08:46:45Z **Hacking Top Website accounts | Poseidon: Empowering Phishing with a Cloud-Based Social Engineering…** ⌘ [Read more](https://infosecwriteups.com/hacking-top-website-accounts-poseidon-empowering-phishing-with-a-cloud-based-social-engineering-88c605b69692?source=rss----7b722bfd1b8d---4) 2023-06-12T08:46:30Z **The Art of G-mail Hacking! → Secrets of Impersonation!** ⌘ [Read more](https://infosecwriteups.com/the-art-of-g-mail-hacking-secrets-of-impersonation-b65c2dc72f25?source=rss----7b722bfd1b8d---4) 2023-06-13T09:47:16Z **Capture Login Information from the Captive Portal with SEToolkit** ⌘ [Read more](https://infosecwriteups.com/capture-login-information-from-the-captive-portal-with-setoolkit-d72afbc69b61?source=rss----7b722bfd1b8d---4) 2023-06-13T11:01:48Z **Process Injection Series Part I: PE Injection** ⌘ [Read more](https://infosecwriteups.com/process-injection-series-part-i-pe-injection-615b761513fe?source=rss----7b722bfd1b8d---4) 2023-06-13T10:57:32Z **TryHackMe: Digital Forensics Case B4DM755** ⌘ [Read more](https://infosecwriteups.com/tryhackme-digital-forensics-case-b4dm755-78bc02f9091e?source=rss----7b722bfd1b8d---4) 2023-06-14T09:47:17Z **Soccer — HTB Walkthrough** ⌘ [Read more](https://infosecwriteups.com/soccer-htb-walkthrough-13f4dc0ba0aa?source=rss----7b722bfd1b8d---4) 2023-06-14T18:02:51Z **Managing Identity and Access in the Cloud: Best Practices for Security** ⌘ [Read more](https://infosecwriteups.com/managing-identity-and-access-in-the-cloud-best-practices-for-security-1321c5328e27?source=rss----7b722bfd1b8d---4) 2023-06-20T04:57:39Z **Exploiting SQL Error SQLSTATE[42000] To Own MariaDB of A Large EU based Online Media and…** ⌘ [Read more](https://infosecwriteups.com/exploiting-sql-error-sqlstate-42000-to-own-mariadb-of-a-large-eu-based-online-media-and-cf7396c43bbf?source=rss----7b722bfd1b8d---4) 2023-06-20T04:55:20Z **Attacking AWS | Common Cognito Misconfigurations** ⌘ [Read more](https://infosecwriteups.com/attacking-aws-common-cognito-misconfigurations-a898bf092218?source=rss----7b722bfd1b8d---4) 2023-06-20T04:55:04Z **Python Threat Hunting Tools: Part 7 — Parsing CSV**
[![](https://cdn-images-1.medium.com/max/1920/1*RA_A8nfPRgkrLFcwlE72xg.jpeg)](https://infosecwriteups.com/python-threat-hunting-tools-part-7-parsing-csv-352690f3b6bf?source=rss----7b722bfd1b8d---4)

Let’s take a look at how we can parse CSV files to extract useful threat intelligence, then turn this into a threat hunting tool!

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/pyth ... ⌘ [Read more](https://infosecwriteups.com/python-threat-hunting-tools-part-7-parsing-csv-352690f3b6bf?source=rss----7b722bfd1b8d---4) 2023-06-20T05:18:55Z **Simple CORS misconfig leads to disclose the sensitive token worth of $$$** ⌘ [Read more](https://infosecwriteups.com/simple-cors-misconfig-leads-to-disclose-the-sensitive-token-worth-of-91433763f4d6?source=rss----7b722bfd1b8d---4) 2023-06-20T05:18:23Z **How I chained Host header Injection to Password Reset Link Poisoning to XSS and Account Takeover.** ⌘ [Read more](https://infosecwriteups.com/how-i-chained-host-header-injection-to-password-reset-link-poisoning-to-xss-and-account-takeover-c5acad3acbb7?source=rss----7b722bfd1b8d---4) 2023-06-20T05:15:28Z **Ready to Dive Into Bug Bounty? Follow the Roadmap I Crafted! ** ⌘ [Read more](https://infosecwriteups.com/ready-to-dive-into-bug-bounty-follow-the-roadmap-i-crafted-79a49ac5b51c?source=rss----7b722bfd1b8d---4) 2023-06-20T05:53:07Z **Securing Your Infra: Exploring Nuclei’s Defense Arsenal** ⌘ [Read more](https://infosecwriteups.com/securing-your-infra-exploring-nucleis-defense-arsenal-783c193a84c1?source=rss----7b722bfd1b8d---4) 2023-06-20T05:52:41Z **TryHackMe - SmagGrotto** ⌘ [Read more](https://infosecwriteups.com/tryhackme-smaggrotto-a49dcde761a6?source=rss----7b722bfd1b8d---4) 2023-06-20T05:52:40Z **Hack The Box: Angler (Mobile Challenge) Walkthrough** ⌘ [Read more](https://infosecwriteups.com/hack-the-box-angler-mobile-challenge-walkthrough-d7c556437f2d?source=rss----7b722bfd1b8d---4) 2023-06-20T11:01:25Z **Smart Contract Security Overview 2023** ⌘ [Read more](https://infosecwriteups.com/smart-contract-security-overview-2023-559ffc10ece4?source=rss----7b722bfd1b8d---4) 2023-06-20T11:21:43Z **Unleashing the Power of Recon: How I Earned $2500 in 5 Minutes | CVE-2017–5638 | OGNL injection** ⌘ [Read more](https://infosecwriteups.com/unleashing-the-power-of-recon-how-i-earned-2500-in-5-minutes-cve-2017-5638-ognl-injection-23ece4811f14?source=rss----7b722bfd1b8d---4) 2023-06-20T11:20:10Z **“AD Security: The Shield Your Network Needs to Keep the Hackers Out!”** ⌘ [Read more](https://infosecwriteups.com/ad-security-the-shield-your-network-needs-to-keep-the-hackers-out-ac48a681f060?source=rss----7b722bfd1b8d---4) 2023-06-20T11:19:57Z **DarkBERT: A Language Model for the Dark Side of the Internet** ⌘ [Read more](https://infosecwriteups.com/darkbert-a-language-model-for-the-dark-side-of-the-internet-2c9c50afd8f2?source=rss----7b722bfd1b8d---4) 2023-06-20T11:19:43Z **Security — Brute-Forcing with Burp Suite**
[![](https://cdn-images-1.medium.com/max/1024/1*k6rBPwDXWmKFedeSQ8K4XA.jpeg)](https://infosecwriteups.com/security-brute-forcing-with-burp-suite-a7944658a4ce?source=rss----7b722bfd1b8d---4)

A Powerful Approach to Web Application Security

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/security-brute-forcing-with-burp-suite-a7944658a4ce?source=rss----7b722bfd1b8d---4) ⌘ [Read more](https://infosecwriteups.com/security-brute-forcing-with-burp-suite-a7944658a4ce?source=rss----7b722bfd1b8d---4) 2023-06-20T11:19:21Z **VulnHub — Kioptrix Level 1 (#1)** ⌘ [Read more](https://infosecwriteups.com/vulnhub-kioptrix-level-1-1-cdbbeb61a6b?source=rss----7b722bfd1b8d---4) 2023-06-20T11:35:14Z **Privileges Escalation Techniques (Basic to Advanced) in Linux** ⌘ [Read more](https://infosecwriteups.com/privileges-escalation-techniques-basic-to-advanced-in-linux-ccbad8c6d0b2?source=rss----7b722bfd1b8d---4) 2023-06-20T11:33:16Z **Know how the Tor network hides any traffic.**
[![](https://cdn-images-1.medium.com/max/600/1*3H21AKInTVMqe-qKSJXlXQ.png)](https://infosecwriteups.com/know-how-the-tor-network-hides-any-traffic-172864352559?source=rss----7b722bfd1b8d---4)

I recently became interested in the Tor network and did some research on it. I understand the purpose and usage of Tor on a high level but…

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/know-how-t ... ⌘ [Read more](https://infosecwriteups.com/know-how-the-tor-network-hides-any-traffic-172864352559?source=rss----7b722bfd1b8d---4) 2023-06-20T11:25:18Z **Understanding Prototype Pollution and its Exploitation — Part 2**
[![](https://cdn-images-1.medium.com/max/739/1*v40O0Yd9bB_c660J-JkDSQ.png)](https://infosecwriteups.com/understanding-prototype-pollution-and-its-exploitation-part-2-bad3c822db22?source=rss----7b722bfd1b8d---4)

Understanding what are JavaScript Prototype Pollution (Part 2)

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/understanding-prototype-pollu ... ⌘ [Read more](https://infosecwriteups.com/understanding-prototype-pollution-and-its-exploitation-part-2-bad3c822db22?source=rss----7b722bfd1b8d---4) 2023-06-20T11:25:03Z **Understanding Prototype Pollution and its Exploitation — Part 1**
[![](https://cdn-images-1.medium.com/max/994/1*TiU8Xdr9TawqyFIves8a2g.png)](https://infosecwriteups.com/understanding-prototype-pollution-and-its-exploitation-part-1-eb70802b02a5?source=rss----7b722bfd1b8d---4)

Understanding what are JavaScript Prototypes (Part 1)

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/understanding-prototype-pollution-and- ... ⌘ [Read more](https://infosecwriteups.com/understanding-prototype-pollution-and-its-exploitation-part-1-eb70802b02a5?source=rss----7b722bfd1b8d---4) 2023-06-20T11:41:13Z **Python Threat Hunting Tools: Part 8 — Parsing JSON**
[![](https://cdn-images-1.medium.com/max/1920/1*Uhje2Hagv6CGHwCki1rwxw.jpeg)](https://infosecwriteups.com/python-threat-hunting-tools-part-8-parsing-json-835241c46207?source=rss----7b722bfd1b8d---4)

Let’s learn how to extract valuable threat intelligence from JSON using Python! A handy skill for when interacting with web APIs.

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/p ... ⌘ [Read more](https://infosecwriteups.com/python-threat-hunting-tools-part-8-parsing-json-835241c46207?source=rss----7b722bfd1b8d---4) 2023-06-20T11:41:08Z **Volume Shadow Files: Guardians of Lost Data** ⌘ [Read more](https://infosecwriteups.com/volume-shadow-files-guardians-of-lost-data-7e6aa6f66cf3?source=rss----7b722bfd1b8d---4) 2023-06-20T11:41:00Z **How Phishing Attacks are Created on the Fly with an Evil Twin**
[![](https://cdn-images-1.medium.com/max/704/1*c8D001lsLxxOcx_sy9cRjw.png)](https://infosecwriteups.com/how-phishing-attacks-are-created-on-the-fly-with-an-evil-twin-b3abb1557251?source=rss----7b722bfd1b8d---4)

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/how-phishing-attacks-are-created-on-the-fly-with-an-evil-twin-b3abb1557251?source=rss----7b722 ... ⌘ [Read more](https://infosecwriteups.com/how-phishing-attacks-are-created-on-the-fly-with-an-evil-twin-b3abb1557251?source=rss----7b722bfd1b8d---4) 2023-06-20T11:40:41Z **Hacking CSRF: Referer-Based CSRF Defense** ⌘ [Read more](https://infosecwriteups.com/hacking-csrf-referer-based-csrf-defense-539f81bba8ec?source=rss----7b722bfd1b8d---4) 2023-06-20T11:40:17Z **Recreating Cordova Mobile Apps to Bypass Security Implementations** ⌘ [Read more](https://infosecwriteups.com/recreating-cordova-mobile-apps-to-bypass-security-implementations-8845ff7bdc58?source=rss----7b722bfd1b8d---4) 2023-06-20T11:39:35Z **Exploring Kubernetes runtime security with Falco and Datadog** ⌘ [Read more](https://infosecwriteups.com/exploring-kubernetes-runtime-security-with-falco-and-datadog-61fbb2b7d1ac?source=rss----7b722bfd1b8d---4) 2023-06-20T11:39:18Z **“Registry Run Keys: The Secret Sauce of Persistent Malware!”** ⌘ [Read more](https://infosecwriteups.com/registry-run-keys-the-secret-sauce-of-persistent-malware-e761b6ed3c56?source=rss----7b722bfd1b8d---4) 2023-06-20T12:11:51Z **Enhancing WordPress Website Security: Automate Wpscan and Receive Instant Alerts for New…** ⌘ [Read more](https://infosecwriteups.com/enhancing-wordpress-website-security-automate-wpscan-and-receive-instant-alerts-for-new-6ef94ab4714a?source=rss----7b722bfd1b8d---4) 2023-06-20T12:41:31Z **NahamCon CTF 2023 — OSINT Challenges Walkthrough** ⌘ [Read more](https://infosecwriteups.com/nahamcon-ctf-2023-osint-challenges-walkthrough-1b9fb3a3176c?source=rss----7b722bfd1b8d---4) 2023-06-21T12:06:47Z **How to Perform an Evil Twin Attack & Steal Wi-Fi Passwords** ⌘ [Read more](https://infosecwriteups.com/how-to-perform-an-evil-twin-attack-steal-wi-fi-passwords-4efa60d92f39?source=rss----7b722bfd1b8d---4) 2023-06-26T06:43:04Z **‍IW Weekly #65: FotiNAC RCE, Supply chain Attackers Hijacks S3 Buckets, Exposed PII, Power of…** ⌘ [Read more](https://infosecwriteups.com/iw-weekly-65-fotinac-rce-supply-chain-attackers-hijacks-s3-buckets-exposed-pii-power-of-d70e7a59b485?source=rss----7b722bfd1b8d---4) 2023-07-03T14:32:01Z **Ransomware’s Sinister Dance with Volume Shadow Files** ⌘ [Read more](https://infosecwriteups.com/ransomwares-sinister-dance-with-volume-shadow-files-8d436cbf3534?source=rss----7b722bfd1b8d---4) 2023-07-03T14:31:53Z **VulnHub: Kioptrix Level 2 (1.1) (#2)** ⌘ [Read more](https://infosecwriteups.com/vulnhub-kioptrix-level-2-1-1-2-4238dd8650f0?source=rss----7b722bfd1b8d---4) 2023-07-03T14:31:46Z **AI vs. Penetration Testers: The Future of the Industry** ⌘ [Read more](https://infosecwriteups.com/ai-vs-penetration-testers-the-future-of-the-industry-84cdcc5ba331?source=rss----7b722bfd1b8d---4) 2023-07-03T14:31:21Z **Best resources to learn SIEM: Master Security Information and Event Management** ⌘ [Read more](https://infosecwriteups.com/best-resources-to-learn-siem-master-security-information-and-event-management-ec45bfb9547e?source=rss----7b722bfd1b8d---4) 2023-07-03T14:42:59Z **The Unexpected “0” Master ID for Account Data Manipulation** ⌘ [Read more](https://infosecwriteups.com/the-unexpected-0-master-id-for-account-data-manipulation-1cb69112de38?source=rss----7b722bfd1b8d---4) 2023-07-03T14:42:06Z **Hacking CSRF: Bypass Same Site Cookie Restriction** ⌘ [Read more](https://infosecwriteups.com/hacking-csrf-bypass-same-site-cookie-restriction-14f01342dd30?source=rss----7b722bfd1b8d---4) 2023-07-03T14:41:56Z **Key Factors to Investigate in Ransomware Attacks** ⌘ [Read more](https://infosecwriteups.com/key-factors-to-investigate-in-ransomware-attacks-4cf9e6358a3?source=rss----7b722bfd1b8d---4) 2023-07-03T14:41:50Z **Knowbe4 to Splunk** ⌘ [Read more](https://infosecwriteups.com/knowbe4-to-splunk-33c5bdd53e29?source=rss----7b722bfd1b8d---4) 2023-07-03T14:41:41Z **Preventing Bugs and Vulnerabilities: Leveraging Static Code Analysis in Android Development** ⌘ [Read more](https://infosecwriteups.com/preventing-bugs-and-vulnerabilities-leveraging-static-code-analysis-in-android-development-45867f0f938d?source=rss----7b722bfd1b8d---4) 2023-07-03T14:41:33Z **My Collection for AWS Assessment and Security | Part 1** ⌘ [Read more](https://infosecwriteups.com/my-collection-for-aws-assessment-and-security-part-1-d6618953520f?source=rss----7b722bfd1b8d---4) 2023-07-03T14:37:02Z **Ultimate Roadmap to Get Started in Web-Penetration Testing!** ⌘ [Read more](https://infosecwriteups.com/ultimate-roadmap-to-get-started-into-web-penetration-testing-438496114d8?source=rss----7b722bfd1b8d---4) 2023-07-03T15:14:53Z **Testing and Bypassing Technique for IDOR** ⌘ [Read more](https://infosecwriteups.com/testing-and-bypassing-technique-for-idor-9ee03f28f4e1?source=rss----7b722bfd1b8d---4) 2023-07-03T15:12:52Z **Smart Contract Best Practice** ⌘ [Read more](https://infosecwriteups.com/smart-contract-best-practice-dc1e4a8ca788?source=rss----7b722bfd1b8d---4) 2023-07-03T15:12:43Z **Top Tools for Android Static Code Analysis: Streamline Your Development Process** ⌘ [Read more](https://infosecwriteups.com/top-tools-for-android-static-code-analysis-streamline-your-development-process-2aa8179a8fe1?source=rss----7b722bfd1b8d---4) 2023-07-03T15:12:37Z **Hackthebox Fawn Writeup, Traffic and Log Analysis, Python Automatic Exploit, Hardening and…** ⌘ [Read more](https://infosecwriteups.com/hackthebox-fawn-writeup-traffic-and-log-analysis-python-automatic-exploit-hardening-and-1e4eeec595fb?source=rss----7b722bfd1b8d---4) 2023-07-03T15:12:17Z **“The Sneaky Way Hackers Get into Your Network: Golden Ticket Attacks Explained in Layman’s Terms”** ⌘ [Read more](https://infosecwriteups.com/the-sneaky-way-hackers-get-into-your-network-golden-ticket-attacks-explained-in-laymans-terms-b76f5c4cea2e?source=rss----7b722bfd1b8d---4) 2023-07-03T15:12:05Z **Unlocking the Power of Android Static Code Analysis: Boosting Security and Performance** ⌘ [Read more](https://infosecwriteups.com/unlocking-the-power-of-android-static-code-analysis-boosting-security-and-performance-1c13c1b0d422?source=rss----7b722bfd1b8d---4) 2023-07-04T06:48:28Z **Recon like a Pro!**
[![](https://cdn-images-1.medium.com/max/750/0*vbRjRD10ilG84jee.jpg)](https://infosecwriteups.com/recon-like-a-pro-594845934fd0?source=rss----7b722bfd1b8d---4)

Hey there, fellow bug hunters and curious minds! Are you ready to dive into the fascinating world of reconnaissance?

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/recon-like-a-pro-594845934fd0?source=rss----7b722bfd1b8d---4) ⌘ [Read more](https://infosecwriteups.com/recon-like-a-pro-594845934fd0?source=rss----7b722bfd1b8d---4) 2023-07-04T10:16:00Z **How I Tried Harder: My Story of Passing the OSCP** ⌘ [Read more](https://infosecwriteups.com/how-i-tried-harder-my-story-of-passing-the-oscp-866e18144bea?source=rss----7b722bfd1b8d---4) 2023-07-04T10:13:58Z **Privileges Escalation Techniques (Basic to Advanced) in Linux** ⌘ [Read more](https://infosecwriteups.com/privileges-escalation-techniques-basic-to-advanced-in-linux-46ee0d67118d?source=rss----7b722bfd1b8d---4) 2023-07-04T10:13:53Z **Backdooring ClickOnce .NET for Initial Access: A Practical Example** ⌘ [Read more](https://infosecwriteups.com/backdooring-clickonce-net-for-initial-access-a-practical-example-1eb6863c0579?source=rss----7b722bfd1b8d---4) 2023-07-04T10:13:40Z **How To Crack PicoCTF ASCII FTW With Ghidra — StackZero** ⌘ [Read more](https://infosecwriteups.com/how-to-crack-picoctf-ascii-ftw-with-ghidra-stackzero-5bc0a0808e02?source=rss----7b722bfd1b8d---4) 2023-07-04T10:13:21Z **Getting Started with Azure DevOps CI/CD for Microsoft Sentinel** ⌘ [Read more](https://infosecwriteups.com/getting-started-with-azure-devops-ci-cd-for-microsoft-sentinel-4a9a2a0944df?source=rss----7b722bfd1b8d---4) 2023-07-04T10:12:02Z **Testing for SSRF Vulnerabilities** ⌘ [Read more](https://infosecwriteups.com/exposing-ssrf-vvulnerability-309ec90b976f?source=rss----7b722bfd1b8d---4) 2023-07-04T10:10:01Z **Taking Entire server control Part 2 of How I Earned $2500 in 5 Minutes | CVE-2017–5638 | OGNL…** ⌘ [Read more](https://infosecwriteups.com/taking-entire-server-control-part-2-of-how-i-earned-2500-in-5-minutes-cve-2017-5638-ognl-92f4213ca219?source=rss----7b722bfd1b8d---4) 2023-07-04T10:09:36Z **Beware of fake npm packages**
[![](https://cdn-images-1.medium.com/max/728/0*0Pie9ckZUU0tVvo2)](https://infosecwriteups.com/beware-of-fake-npm-packages-2fbb9932322d?source=rss----7b722bfd1b8d---4)

Hey there, fellow security enthusiasts and developers!

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/beware-of-fake-npm-packages-2fbb9932322d?source=rss----7b722bfd1b8d---4) ⌘ [Read more](https://infosecwriteups.com/beware-of-fake-npm-packages-2fbb9932322d?source=rss----7b722bfd1b8d---4) 2023-07-04T10:09:30Z **Securing Private APIs in API Gateway Using VPC Endpoints** ⌘ [Read more](https://infosecwriteups.com/securing-private-apis-in-api-gateway-using-vpc-endpoints-f6c9ac5bf05d?source=rss----7b722bfd1b8d---4) 2023-07-04T10:06:57Z **Introducing httpXplorer: Simplifying httpX URL Management and Analysis** ⌘ [Read more](https://infosecwriteups.com/introducing-httpxplorer-simplifying-httpx-url-management-and-analysis-56cfd7527bff?source=rss----7b722bfd1b8d---4) 2023-07-05T11:12:14Z **How to Steal Social Media Accounts Using a Captive Portal** ⌘ [Read more](https://infosecwriteups.com/how-to-steal-social-media-accounts-using-a-captive-portal-8f87123f8fba?source=rss----7b722bfd1b8d---4) 2023-07-05T15:41:49Z **Exploiting Active Directory — (TryHackMe) THM Attacktive Directory Lab** ⌘ [Read more](https://infosecwriteups.com/exploiting-active-directory-tryhackme-thm-attacktive-directory-lab-85872027e333?source=rss----7b722bfd1b8d---4) 2023-07-05T15:41:39Z **Malware Hunting 101: A Beginner’s Guide to Analysis and Reverse Engineering** ⌘ [Read more](https://infosecwriteups.com/malware-hunting-101-a-beginners-guide-to-analysis-and-reverse-engineering-d3592cf77fe8?source=rss----7b722bfd1b8d---4) 2023-07-05T15:41:31Z **Decoding the Airwaves: Tracking Device Movements With WiFi**
[![](https://cdn-images-1.medium.com/max/719/1*AoMTKnJuQHtGBivw40D2kQ.jpeg)](https://infosecwriteups.com/decoding-the-airwaves-tracking-device-movements-with-wifi-4fd66f37417b?source=rss----7b722bfd1b8d---4)

One of the many rabbit holes I’ve gone down recently was the use of WiFi to track client devices. While this technique is not new by any…

[Continue reading on InfoSec Write-u ... ⌘ [Read more](https://infosecwriteups.com/decoding-the-airwaves-tracking-device-movements-with-wifi-4fd66f37417b?source=rss----7b722bfd1b8d---4) 2023-07-05T15:41:25Z **VulnHub - Kioptrix: Level 3 (1.2) (#3)** ⌘ [Read more](https://infosecwriteups.com/vulnhub-kioptrix-level-3-1-2-3-a7ff58cbfb8f?source=rss----7b722bfd1b8d---4) 2023-07-05T15:40:01Z **How BAC(Broken Access Control) got me a Pre Account Takeover** ⌘ [Read more](https://infosecwriteups.com/how-bac-broken-access-control-got-me-a-pre-account-takeover-2481931b7b3a?source=rss----7b722bfd1b8d---4) 2023-07-05T15:37:36Z **Unveiling a Bug: Paying $1 and Receiving $100 (or Any Amount) in Return** ⌘ [Read more](https://infosecwriteups.com/unveiling-a-bug-paying-1-and-receiving-100-or-any-amount-in-return-33c5d8321b2d?source=rss----7b722bfd1b8d---4) 2023-07-05T15:35:13Z **Cracking PicoCTF Challenge: GDB Baby Step 1 — StackZero** ⌘ [Read more](https://infosecwriteups.com/cracking-picoctf-challenge-gdb-baby-step-1-stackzero-ac1dd02e48f8?source=rss----7b722bfd1b8d---4) 2023-07-05T15:34:59Z **CyberTalents — Malware Reverse Engineering (RE): Find the Pass for Beginners** ⌘ [Read more](https://infosecwriteups.com/cybertalents-malware-reverse-engineering-re-find-the-pass-for-beginners-7e70d1bf5e3e?source=rss----7b722bfd1b8d---4) 2023-07-05T15:34:45Z **Exploiting SMB using CVE2017–0144/MS17–010 (Manually & Automated Method)** ⌘ [Read more](https://infosecwriteups.com/exploiting-smb-using-cve2017-0144-ms17-010-manually-automated-method-a4da8043474f?source=rss----7b722bfd1b8d---4) 2023-07-06T11:17:08Z **HTB Network Enumeration with Nmap Walkthrough** ⌘ [Read more](https://infosecwriteups.com/htb-network-enumeration-with-nmap-walkthrough-edf7da57d275?source=rss----7b722bfd1b8d---4) 2023-07-09T06:31:23Z **Exploring 10 Notorious Types of Malware**
[![](https://cdn-images-1.medium.com/max/768/1*GGCiUIaJtCF30wjNk_IJXg.png)](https://infosecwriteups.com/exploring-10-notorious-types-of-malware-6d94c78595c7?source=rss----7b722bfd1b8d---4)

This article explores ten common types of malware.

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/exploring-10-notorious-types-of-malware-6d94c78595c7?source=rss----7b722bfd1b8d---4) ⌘ [Read more](https://infosecwriteups.com/exploring-10-notorious-types-of-malware-6d94c78595c7?source=rss----7b722bfd1b8d---4) 2023-07-09T07:00:05Z **Python Threat Hunting Tools: Part 9 — Creating Python Packages with Poetry**
[![](https://cdn-images-1.medium.com/max/1920/1*pNUZV2RiVQS-881A9t8Jgw.jpeg)](https://infosecwriteups.com/python-threat-hunting-tools-part-9-creating-python-packages-with-poetry-602e3d01a70e?source=rss----7b722bfd1b8d---4)

Discover how to create Python packages with Poetry so others can easily integrate your hunting tools into their projects!

[Contin ... ⌘ [Read more](https://infosecwriteups.com/python-threat-hunting-tools-part-9-creating-python-packages-with-poetry-602e3d01a70e?source=rss----7b722bfd1b8d---4) 2023-07-09T07:00:01Z **Demystifying PyInstaller — A Journey into Decompiling Python Executables** ⌘ [Read more](https://infosecwriteups.com/demystifying-pyinstaller-a-journey-into-decompiling-python-executables-abb84ef5a7bb?source=rss----7b722bfd1b8d---4) 2023-07-09T17:05:40Z **Game Hacking 101: Unleashing the Power of Memory Manipulation** ⌘ [Read more](https://infosecwriteups.com/game-hacking-101-unleashing-the-power-of-memory-manipulation-2f8b9411674e?source=rss----7b722bfd1b8d---4) 2023-07-09T17:05:32Z **Cloud Security: The Key to Unlocking the Full Potential of the Cloud** ⌘ [Read more](https://infosecwriteups.com/cloud-security-the-key-to-unlocking-the-full-potential-of-the-cloud-846b68eb8acb?source=rss----7b722bfd1b8d---4) 2023-07-09T17:04:54Z **Python Threat Hunting Tools: Part 10 — The Power of Jupyter Notebooks**
[![](https://cdn-images-1.medium.com/max/1920/1*QUk-WhFniE_wqjcYal_1YQ.jpeg)](https://infosecwriteups.com/python-threat-hunting-tools-part-10-the-power-of-jupyter-notebooks-dd8846d2a326?source=rss----7b722bfd1b8d---4)

Learn about the power of Jupyter Noteboks and how to integrate your Python threat hunting tools!

[Continue reading on InfoSec Write-ups »](https ... ⌘ [Read more](https://infosecwriteups.com/python-threat-hunting-tools-part-10-the-power-of-jupyter-notebooks-dd8846d2a326?source=rss----7b722bfd1b8d---4) 2023-07-09T17:04:49Z **GDB Baby Step 3: Unraveling Debugging Secrets — StackZero** ⌘ [Read more](https://infosecwriteups.com/gdb-baby-step-3-unraveling-debugging-secrets-stackzero-86b8c0b46355?source=rss----7b722bfd1b8d---4) 2023-07-09T17:04:27Z **What is IDOR and Why Should You Care About It?** ⌘ [Read more](https://infosecwriteups.com/what-is-idor-and-why-should-you-care-about-it-4b2bd81ae639?source=rss----7b722bfd1b8d---4) 2023-07-09T17:04:04Z **Preserving Digital Sanctity: The Urgent Need for Data Privacy Protection** ⌘ [Read more](https://infosecwriteups.com/preserving-digital-sanctity-the-urgent-need-for-data-privacy-protection-1b4679ba5bc6?source=rss----7b722bfd1b8d---4) 2023-07-09T17:03:54Z **How to Install OpenVAS** ⌘ [Read more](https://infosecwriteups.com/how-to-install-openvas-52b6337ba29a?source=rss----7b722bfd1b8d---4) 2023-07-09T17:03:45Z **Unravelling PicoCTF: The GDB Baby Step 2 Challenge — StackZero** ⌘ [Read more](https://infosecwriteups.com/unravelling-picoctf-the-gdb-baby-step-2-challenge-stackzero-103836e2b3e5?source=rss----7b722bfd1b8d---4) 2023-07-09T17:03:24Z **An In-Depth Look at PEN-300 and OSEP: Succeeding in the Offensive Security Path** ⌘ [Read more](https://infosecwriteups.com/an-in-depth-look-at-pen-300-and-osep-succeeding-in-the-offensive-security-path-85c286b64467?source=rss----7b722bfd1b8d---4) 2023-07-09T17:03:08Z **I received a bounty of $60 for finding a critical bug in the patient management system.** ⌘ [Read more](https://infosecwriteups.com/i-received-a-bounty-of-60-for-finding-a-critical-bug-in-the-patient-management-system-560446c534e?source=rss----7b722bfd1b8d---4) 2023-07-10T08:02:21Z **The Dark Web: Unveiling the Underbelly of Cybercrime** ⌘ [Read more](https://infosecwriteups.com/the-dark-web-unveiling-the-underbelly-of-cybercrime-929bee129ed6?source=rss----7b722bfd1b8d---4) 2023-07-11T08:02:22Z **Python Blue Team: Backing up the Linux OS with rsync** ⌘ [Read more](https://infosecwriteups.com/python-blue-team-backing-up-the-linux-os-with-rsync-831af73eb61?source=rss----7b722bfd1b8d---4) 2023-07-11T13:50:30Z **MOVEit Hacks: Stories and lessons learned** ⌘ [Read more](https://infosecwriteups.com/moveit-hacks-stories-and-lessons-learned-7daa14b11c32?source=rss----7b722bfd1b8d---4) 2023-07-11T18:01:49Z **Solving Kioptrix Level 1 Capture the Flag (CTF)** ⌘ [Read more](https://infosecwriteups.com/solving-kioptrix-level-1-capture-the-flag-ctf-5d8da2fb2ea5?source=rss----7b722bfd1b8d---4) 2023-07-12T06:06:18Z **MITRE Discovery — CMD Commands for Endpoint Reconnaissance — Part 1 (Net, Tasklist, Route)** ⌘ [Read more](https://infosecwriteups.com/mitre-discovery-cmd-commands-for-endpoint-reconnaissance-part-1-net-tasklist-route-73d62b631388?source=rss----7b722bfd1b8d---4) 2023-07-12T18:07:16Z **Reverse shell to your Amazon AWS EC2 instance as ‘root’ or ‘Administrator’ by injecting user-data** ⌘ [Read more](https://infosecwriteups.com/reverse-shell-to-your-amazon-aws-ec2-instance-as-root-or-administrator-by-injecting-user-data-2a6b2d649deb?source=rss----7b722bfd1b8d---4) 2023-07-13T05:07:13Z **Exploiting Incorrectly Configured Load Balancer with XSS to Steal Cookies** ⌘ [Read more](https://infosecwriteups.com/exploiting-incorrectly-configured-load-balancer-with-xss-to-steal-cookies-99d7cb6129d7?source=rss----7b722bfd1b8d---4) 2023-07-13T18:07:11Z **Let’s Go For Whole Company** ⌘ [Read more](https://infosecwriteups.com/lets-go-for-whole-company-d2e24bcfb5ef?source=rss----7b722bfd1b8d---4) 2023-07-14T18:07:15Z **Deobfuscation for Beginners** ⌘ [Read more](https://infosecwriteups.com/deobfuscation-for-beginners-944947ee2b9f?source=rss----7b722bfd1b8d---4) 2023-07-16T18:17:29Z **5 Ways to Use ChatGPT to Create Cyber Security Tools**
[![](https://cdn-images-1.medium.com/max/1920/1*2DCguXu_DGWpJsQxiiDFRQ.jpeg)](https://infosecwriteups.com/5-ways-to-use-chatgpt-to-create-cyber-security-tools-1ce54e213451?source=rss----7b722bfd1b8d---4)

The AI takeover is in full force. Let’s jump in and learn how to harness the power of AI to create our own cyber security tools!

[Continue reading on InfoSec Write-ups »](https://infosecwri ... ⌘ [Read more](https://infosecwriteups.com/5-ways-to-use-chatgpt-to-create-cyber-security-tools-1ce54e213451?source=rss----7b722bfd1b8d---4) 2023-07-16T18:28:08Z **TryHackMe - Snapped Phish-ing Line** ⌘ [Read more](https://infosecwriteups.com/tryhackme-snapped-phish-ing-line-93e98935a671?source=rss----7b722bfd1b8d---4) 2023-07-16T18:28:01Z **FalconEye: Splunk Threat Hunting** ⌘ [Read more](https://infosecwriteups.com/falconeye-splunk-threat-hunting-79309a47fbb0?source=rss----7b722bfd1b8d---4) 2023-07-16T18:27:55Z **Unlocking the Mind of a Bug Hunter: A Deep Dive into the Bug Bounty Ecosystem**
[![](https://cdn-images-1.medium.com/max/1200/1*ob7QYJpMTEIcDTq1-OsjCg.png)](https://infosecwriteups.com/unlocking-the-mind-of-a-bug-hunter-a-deep-dive-into-the-bug-bounty-ecosystem-50084413ec9c?source=rss----7b722bfd1b8d---4)

Introducing the Bug Bounty Ecosystem

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/unlocking- ... ⌘ [Read more](https://infosecwriteups.com/unlocking-the-mind-of-a-bug-hunter-a-deep-dive-into-the-bug-bounty-ecosystem-50084413ec9c?source=rss----7b722bfd1b8d---4) 2023-07-16T18:27:36Z **How to Add or Create User in Ubuntu** ⌘ [Read more](https://infosecwriteups.com/how-to-add-or-create-user-in-ubuntu-8ac8db651670?source=rss----7b722bfd1b8d---4) 2023-07-16T18:27:19Z **Decoding Threat Actors:Exposing Architecture Secrets with Open Source Tools** ⌘ [Read more](https://infosecwriteups.com/decoding-threat-actors-exposing-architecture-secrets-with-open-source-tools-d25c408d0931?source=rss----7b722bfd1b8d---4) 2023-07-16T18:27:09Z **Flagging Flaws: Micro-CMS v1** ⌘ [Read more](https://infosecwriteups.com/flagging-flaws-micro-cms-v1-26b4ac14f622?source=rss----7b722bfd1b8d---4) 2023-07-16T18:26:34Z **How FBI hackers or Forensics Team identify fake Images** ⌘ [Read more](https://infosecwriteups.com/how-fbi-hackers-or-forensics-team-identify-fake-images-5574109ba959?source=rss----7b722bfd1b8d---4) 2023-07-16T18:25:06Z **OWASP API Top 10 — API Security** ⌘ [Read more](https://infosecwriteups.com/owasp-api-top-10-api-security-bdce5284d8a9?source=rss----7b722bfd1b8d---4) 2023-07-16T18:24:50Z **Using an AI to perform OSINT? Google BARD’s image recognition feature for cybersecurity**
[![](https://cdn-images-1.medium.com/max/1891/1*4VZlym7Q6bNrzjxYUamyTw.png)](https://infosecwriteups.com/using-an-ai-to-perform-osint-google-bards-image-recognition-feature-for-cybersecurity-9d23518a1fdc?source=rss----7b722bfd1b8d---4)

We all know AI-enabled Chatbots are all the hype — and pottentially the future for consume ... ⌘ [Read more](https://infosecwriteups.com/using-an-ai-to-perform-osint-google-bards-image-recognition-feature-for-cybersecurity-9d23518a1fdc?source=rss----7b722bfd1b8d---4) 2023-07-16T18:24:39Z **Periculus—Leading Cyber Security Provider & Importance of Cybersecurity for Small Businesses** ⌘ [Read more](https://infosecwriteups.com/periculus-leading-cyber-security-provider-importance-of-cybersecurity-for-small-businesses-3d94dac50400?source=rss----7b722bfd1b8d---4) 2023-07-17T19:22:21Z **Solving the HTB Web Requests CTF Challenge** ⌘ [Read more](https://infosecwriteups.com/solving-the-htb-web-requests-ctf-challenge-ae22e898c77c?source=rss----7b722bfd1b8d---4) 2023-07-18T14:21:45Z **Introduction to Web Applications HTB CTF** ⌘ [Read more](https://infosecwriteups.com/introduction-to-web-applications-htb-ctf-826f9d9cc978?source=rss----7b722bfd1b8d---4) 2023-07-20T05:16:58Z **Attacking Web Applications with Ffuf: Solving the CTF Challenge** ⌘ [Read more](https://infosecwriteups.com/attacking-web-applications-with-ffuf-solving-the-ctf-challenge-c22263cf67e1?source=rss----7b722bfd1b8d---4) 2023-07-20T07:09:10Z **Hacking Google Bard!** ⌘ [Read more](https://infosecwriteups.com/hacking-google-bard-24f9dfa7b455?source=rss----7b722bfd1b8d---4) 2023-07-20T07:05:53Z **My First Grafana Admin Bug Bounty — with Google Dork — $xxx**
[![](https://cdn-images-1.medium.com/max/2000/1*PC4vKkHggalY46mD51OpGg.png)](https://infosecwriteups.com/my-first-grafana-admin-bug-bounty-with-google-dork-xxx-31cced6a6663?source=rss----7b722bfd1b8d---4)

Discover how I found a significant Grafana login bug using Google Dorks and earned a bug bounty! Don’t underestimate minor vulnerabilities.

[Continue reading on InfoSec Write-ups ... ⌘ [Read more](https://infosecwriteups.com/my-first-grafana-admin-bug-bounty-with-google-dork-xxx-31cced6a6663?source=rss----7b722bfd1b8d---4) 2023-07-20T07:05:11Z **Solving SQL Injection Fundamentals HTB CTF** ⌘ [Read more](https://infosecwriteups.com/solving-sql-injection-fundamentals-htb-ctf-cabb0168f61e?source=rss----7b722bfd1b8d---4) 2023-07-20T07:04:58Z **Solving the JavaScript Deobfuscation HTB CTF Challenge** ⌘ [Read more](https://infosecwriteups.com/solving-the-javascript-deobfuscation-htb-ctf-challenge-b7054e9d6ce9?source=rss----7b722bfd1b8d---4) 2023-07-20T07:04:26Z **Persistence Techniques (Beginner to Advanced) For Windows** ⌘ [Read more](https://infosecwriteups.com/persistence-techniques-beginner-to-advanced-for-windows-50aca469336?source=rss----7b722bfd1b8d---4) 2023-07-21T11:07:00Z **GitHub Actions Goat — a Deliberately Vulnerable GitHub Actions CI/CD Environment** ⌘ [Read more](https://infosecwriteups.com/github-actions-goat-a-deliberately-vulnerable-github-actions-ci-cd-environment-7d8f43fd22d5?source=rss----7b722bfd1b8d---4) 2023-07-24T05:40:38Z **Exploring the Capabilities of Flipper Zero and Ubertooth One: Essential Tools for Wireless Security…** ⌘ [Read more](https://infosecwriteups.com/exploring-the-capabilities-of-flipper-zero-and-ubertooth-one-essential-tools-for-wireless-security-dedc90323773?source=rss----7b722bfd1b8d---4) 2023-07-24T05:31:34Z **Decoding Puzzled XSS: Unveiling the Hidden Vulnerability** ⌘ [Read more](https://infosecwriteups.com/decoding-puzzled-xss-unveiling-the-hidden-vulnerability-5980b4c8fc30?source=rss----7b722bfd1b8d---4) 2023-07-24T05:31:12Z **Memory Dump Analysis by using Volatility Framework** ⌘ [Read more](https://infosecwriteups.com/memory-dump-analysis-by-using-volatility-framework-742d70663d41?source=rss----7b722bfd1b8d---4) 2023-07-24T05:31:03Z **Some common Steganography tools for CTFs** ⌘ [Read more](https://infosecwriteups.com/some-common-steganography-tools-for-ctfs-92e3de93f141?source=rss----7b722bfd1b8d---4) 2023-07-24T05:30:54Z **Does Cybersecurity Needs a Digital Age Chakravyuh?** ⌘ [Read more](https://infosecwriteups.com/does-cybersecurity-needs-a-digital-age-chakravyuh-2e60fc29ec3e?source=rss----7b722bfd1b8d---4) 2023-07-24T05:28:34Z **The State of AI Security in mid 2023**
[![](https://cdn-images-1.medium.com/max/1228/1*S7NSHwNy7e1PgYHWxo_GIA.png)](https://infosecwriteups.com/the-state-of-ai-security-in-mid-2023-56ad6e8e209c?source=rss----7b722bfd1b8d---4)

The human race has gone far beyond what other known life forms have achieved so far — our ability to retain information, iterate and…

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/the-state-of-ai-security-in-mid-20 ... ⌘ [Read more](https://infosecwriteups.com/the-state-of-ai-security-in-mid-2023-56ad6e8e209c?source=rss----7b722bfd1b8d---4) 2023-07-24T05:28:23Z **Cheat Sheet for Path Traversal Payloads**
[![](https://cdn-images-1.medium.com/max/768/0*c9z5Rk_R0son6vkn.png)](https://infosecwriteups.com/cheat-sheet-for-path-traversal-payloads-579f1e71eae9?source=rss----7b722bfd1b8d---4)

Alright, fellow bug hunters! Today, we’re diving into the intriguing world of Path Traversal Vulnerability. Path Traversal is a sneaky…

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/cheat-sheet-for-path-traversal ... ⌘ [Read more](https://infosecwriteups.com/cheat-sheet-for-path-traversal-payloads-579f1e71eae9?source=rss----7b722bfd1b8d---4) 2023-07-24T05:27:10Z **ChatGPT Code Interpreter just changed everything for Cyber Security**
[![](https://cdn-images-1.medium.com/max/1842/1*V8T31ZGiTzaz-jXYo3zJZQ.png)](https://infosecwriteups.com/chatgpt-code-interpreter-will-be-a-game-changer-for-cyber-security-403c726f11db?source=rss----7b722bfd1b8d---4)

Do not ignore what Code Interpreter means if you are in the Cybersecurity Industry

[Continue reading on InfoSec Write-ups »](https://infosecwriteup ... ⌘ [Read more](https://infosecwriteups.com/chatgpt-code-interpreter-will-be-a-game-changer-for-cyber-security-403c726f11db?source=rss----7b722bfd1b8d---4) 2023-07-24T05:26:51Z **WormGPT: A ChatGPT Alternative without Ethical Boundaries** ⌘ [Read more](https://infosecwriteups.com/wormgpt-a-chatgpt-alternative-without-ethical-boundaries-f90b87a9324a?source=rss----7b722bfd1b8d---4) 2023-07-24T05:26:41Z **Mystery of Zero-Day: The Invisible Cyber Threat** ⌘ [Read more](https://infosecwriteups.com/mystery-of-zero-day-the-invisible-cyber-threat-56b564e0b478?source=rss----7b722bfd1b8d---4) 2023-07-24T05:55:48Z **lets see…How Honeypots Reveal the Dark Secrets of Attackers !!** ⌘ [Read more](https://infosecwriteups.com/lets-see-how-honeypots-reveal-the-dark-secrets-of-attackers-e226cd2c207a?source=rss----7b722bfd1b8d---4) 2023-07-24T05:55:34Z **Persistence Techniques (Beginner to Advanced) For Windows** ⌘ [Read more](https://infosecwriteups.com/persistence-techniques-beginner-to-advanced-for-windows-83addf31b8c1?source=rss----7b722bfd1b8d---4) 2023-07-24T05:44:49Z **Breaking Down SSRF on PDF Generation: A Pentesting Guide** ⌘ [Read more](https://infosecwriteups.com/breaking-down-ssrf-on-pdf-generation-a-pentesting-guide-66f8a309bf3c?source=rss----7b722bfd1b8d---4) 2023-07-24T05:44:34Z **FotaProvider.apk — Arbitrary Command Execution** ⌘ [Read more](https://infosecwriteups.com/fotaprovider-apk-arbitrary-command-execution-c1f270cb6d59?source=rss----7b722bfd1b8d---4) 2023-07-24T05:44:31Z **Automated Incident Response to Initial Access: Valid Accounts** ⌘ [Read more](https://infosecwriteups.com/initial-access-valid-accounts-195dca79c90a?source=rss----7b722bfd1b8d---4) 2023-07-26T08:37:07Z **Hak5 WiFi Pineapple Mark VII: A Comprehensive Toolset for Wireless Network Security Testing and…** ⌘ [Read more](https://infosecwriteups.com/hak5-wifi-pineapple-mark-vii-a-comprehensive-toolset-for-wireless-network-security-testing-and-9161607245c?source=rss----7b722bfd1b8d---4) 2023-07-26T16:32:12Z **Secure your Actions Runner Controller (ARC) Environment using StepSecurity** ⌘ [Read more](https://infosecwriteups.com/secure-your-actions-runner-controller-arc-environment-using-stepsecurity-6d3d2ee641ac?source=rss----7b722bfd1b8d---4) 2023-07-27T06:41:51Z **Hak5 WiFi Pineapple Mark VII: A Comprehensive Toolset for Wireless Network Security Testing and…** ⌘ [Read more](https://infosecwriteups.com/hak5-wifi-pineapple-mark-vii-a-comprehensive-toolset-for-wireless-network-security-testing-and-ebe2e086660f?source=rss----7b722bfd1b8d---4) 2023-07-31T03:20:10Z **Implementing MITRE D3FEND for ATT&CK Technique T1059: Command and Scripting Interpreter** ⌘ [Read more](https://infosecwriteups.com/implementing-mitre-d3fend-for-att-ck-technique-t1059-command-and-scripting-interpreter-35e3570a1c2d?source=rss----7b722bfd1b8d---4) 2023-07-31T03:19:54Z **Jail breaking ChatGPT to write malware** ⌘ [Read more](https://infosecwriteups.com/jail-breaking-chatgpt-to-write-malware-9b3ae111f30c?source=rss----7b722bfd1b8d---4) 2023-07-31T03:19:47Z **Expose a Local Web Server to the Internet Using Ngrok** ⌘ [Read more](https://infosecwriteups.com/expose-a-local-web-server-to-the-internet-using-ngrok-a0578e05f865?source=rss----7b722bfd1b8d---4) 2023-07-31T03:19:34Z **Bug Bounty Writeup: $2500 Reward for Session Hijack via Chained Attack** ⌘ [Read more](https://infosecwriteups.com/bug-bounty-writeup-2500-reward-for-session-hijack-via-chained-attack-2a4462e01d4d?source=rss----7b722bfd1b8d---4) 2023-07-31T03:19:25Z **Solving the HTB CTF — Broken Authentication** ⌘ [Read more](https://infosecwriteups.com/solving-the-htb-ctf-broken-authentication-7e8333d618d?source=rss----7b722bfd1b8d---4) 2023-07-31T03:19:07Z **Unraveling the Complexity of Second-Order SQL Injection Attacks: A Comprehensive Guide**
[![](https://cdn-images-1.medium.com/max/1024/1*e-kKkUsJzUaw5GE0ajfEew.jpeg)](https://infosecwriteups.com/unraveling-the-complexity-of-second-order-sql-injection-attacks-a-comprehensive-guide-5b29ce10a78a?source=rss----7b722bfd1b8d---4)

SQL injection attacks have been a persistent threat in the realm of web application securi ... ⌘ [Read more](https://infosecwriteups.com/unraveling-the-complexity-of-second-order-sql-injection-attacks-a-comprehensive-guide-5b29ce10a78a?source=rss----7b722bfd1b8d---4) 2023-07-31T03:10:50Z **Exploiting Non-Cloud SSRF for More Fun & Profit** ⌘ [Read more](https://infosecwriteups.com/exploiting-non-cloud-ssrf-for-more-fun-profit-3597934518c8?source=rss----7b722bfd1b8d---4) 2023-07-31T03:10:35Z **Beginners Guide on Ethical Hacking** ⌘ [Read more](https://infosecwriteups.com/beginners-guide-on-how-to-ethical-hacking-be2b2e59d76c?source=rss----7b722bfd1b8d---4) 2023-07-31T03:10:30Z **DriftingBlues: 1 Vulnhub Write-up | Walkthrough** ⌘ [Read more](https://infosecwriteups.com/driftingblues-1-vulnhub-write-up-walkthrough-cafcbd6358d?source=rss----7b722bfd1b8d---4) 2023-07-31T03:10:23Z **How to Hack Login Services using Brute Force Attacks with Hydra**
[![](https://cdn-images-1.medium.com/max/600/1*3cMtGmIUAp6BtDD6VVcNBQ.gif)](https://infosecwriteups.com/how-to-hack-login-services-using-brute-force-attacks-with-hydra-d25129cc273?source=rss----7b722bfd1b8d---4)

My comprehensive walkthrough exploring the process of hacking login services utilizing Metasploitable 2 FTP Services and Hydra.

[Continue reading on InfoSec Wri ... ⌘ [Read more](https://infosecwriteups.com/how-to-hack-login-services-using-brute-force-attacks-with-hydra-d25129cc273?source=rss----7b722bfd1b8d---4) 2023-07-31T03:46:47Z **Navigating the Quantum Future: AI, Cybersecurity, and the New Frontier of Threats and Opportunities**
[![](https://cdn-images-1.medium.com/max/1024/1*1rLpGgWYtAaYtnDkRkQHnw.jpeg)](https://infosecwriteups.com/navigating-the-quantum-future-ai-cybersecurity-and-the-new-frontier-of-threats-and-opportunities-7f6ec65e5c26?source=rss----7b722bfd1b8d---4)

Introduction

[Continue reading on InfoSec Write-ups »] ... ⌘ [Read more](https://infosecwriteups.com/navigating-the-quantum-future-ai-cybersecurity-and-the-new-frontier-of-threats-and-opportunities-7f6ec65e5c26?source=rss----7b722bfd1b8d---4) 2023-07-31T03:46:38Z **Azure Monitoring Tools You Must Know About**
[![](https://cdn-images-1.medium.com/max/1590/0*e9SanCk6Wk-TO2Wm)](https://infosecwriteups.com/azure-monitoring-tools-you-must-know-about-9c2e28cfa77?source=rss----7b722bfd1b8d---4)

Azure Monitor \| Application Insights \| Log Analytics \| Microsoft Sentinel

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/azure-monitoring-tools-you-must-know-about-9c2e28cfa77?source=rss----7b722bfd1b8d---4 ... ⌘ [Read more](https://infosecwriteups.com/azure-monitoring-tools-you-must-know-about-9c2e28cfa77?source=rss----7b722bfd1b8d---4) 2023-07-31T03:44:34Z **One of the most devastating ransomware is a good point to start learning malware analysis** ⌘ [Read more](https://infosecwriteups.com/one-of-the-most-devastating-ransomware-is-a-good-point-to-start-learning-malware-analysis-a80007093de3?source=rss----7b722bfd1b8d---4) 2023-07-31T03:44:00Z **How to install Splunk on Ubuntu**
[![](https://cdn-images-1.medium.com/max/1846/1*kuBx0b597F_uQmgw1m30yA.png)](https://infosecwriteups.com/how-to-install-splunk-on-ubuntu-5e59d00bfd49?source=rss----7b722bfd1b8d---4)

Introduction

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/how-to-install-splunk-on-ubuntu-5e59d00bfd49?source=rss----7b722bfd1b8d---4) ⌘ [Read more](https://infosecwriteups.com/how-to-install-splunk-on-ubuntu-5e59d00bfd49?source=rss----7b722bfd1b8d---4) 2023-07-31T03:43:51Z **Cerberus HTB Walkthrough** ⌘ [Read more](https://infosecwriteups.com/cerberus-htb-walkthrough-30156d290aa0?source=rss----7b722bfd1b8d---4) 2023-07-31T03:43:38Z **Swagger XSS Mass Hunting** ⌘ [Read more](https://infosecwriteups.com/swagger-xss-mass-hunting-b7a19e23cfd9?source=rss----7b722bfd1b8d---4) 2023-07-31T03:42:06Z **Bypassing email verification of high-profile tech company ($$$)** ⌘ [Read more](https://infosecwriteups.com/bypassing-email-verification-of-high-profile-tech-company-e592cc4a89ce?source=rss----7b722bfd1b8d---4) 2023-07-31T03:41:10Z **Who are Cyber Idiots? How to Mitigate Risk in Enterprise and Personal Cybersecurity?**
[![](https://cdn-images-1.medium.com/max/2600/0*IQEjeKRbHHthyI0F)](https://infosecwriteups.com/who-are-cyber-idiots-how-to-mitigate-risk-in-enterprise-and-personal-cybersecurity-603b718448d1?source=rss----7b722bfd1b8d---4)

Cyber security thrives and flourishes due to the presence of cyber idiots. But who are cyber idiots? Let’s ta ... ⌘ [Read more](https://infosecwriteups.com/who-are-cyber-idiots-how-to-mitigate-risk-in-enterprise-and-personal-cybersecurity-603b718448d1?source=rss----7b722bfd1b8d---4) 2023-08-13T11:56:53Z **Web Application Exploits: How Hackers Exploit Buffer Overflow Vulnerabilities** ⌘ [Read more](https://infosecwriteups.com/web-application-exploits-how-hackers-exploit-buffer-overflow-vulnerabilities-580052d21784?source=rss----7b722bfd1b8d---4) 2023-08-13T11:56:52Z **Identifying and Exploiting Unsafe Deserialization in Ruby** ⌘ [Read more](https://infosecwriteups.com/identifying-and-exploiting-unsafe-deserialization-in-ruby-97c7cbd6c05d?source=rss----7b722bfd1b8d---4) 2023-08-13T11:56:51Z **Exploring How Zero Trust and Threat Intelligence Work Hand in Hand** ⌘ [Read more](https://infosecwriteups.com/exploring-how-zero-trust-and-threat-intelligence-work-hand-in-hand-ce4b1ee29e56?source=rss----7b722bfd1b8d---4) 2023-08-13T11:54:22Z **Inside the XSS Vulnerability: How to Understand and Protect Yourself**
[![](https://cdn-images-1.medium.com/max/1024/1*ReFz0i5vXFUgIoiuwbLKag.jpeg)](https://infosecwriteups.com/inside-the-xss-vulnerability-how-to-understand-and-protect-yourself-627ae6d39121?source=rss----7b722bfd1b8d---4)

Cross-Site Scripting (XSS) is one of the most prevalent and dangerous vulnerabilities in web applications. It allows attackers to inject…

[Cont ... ⌘ [Read more](https://infosecwriteups.com/inside-the-xss-vulnerability-how-to-understand-and-protect-yourself-627ae6d39121?source=rss----7b722bfd1b8d---4) 2023-08-13T11:54:02Z **Code Injection Series — #7 — Atom Bombing** ⌘ [Read more](https://infosecwriteups.com/code-injection-series-7-atom-bombing-723b309043e4?source=rss----7b722bfd1b8d---4) 2023-08-13T11:54:01Z **Code Injection Series — #1 — Process Herpaderping (T1055)** ⌘ [Read more](https://infosecwriteups.com/code-injection-series-1-process-herpaderping-t1055-9a300e220ed1?source=rss----7b722bfd1b8d---4) 2023-08-13T11:54:00Z **A resposta é simples: documentos OneNote não utilizam macros para rodar o malware e poucas…** ⌘ [Read more](https://infosecwriteups.com/por-que-documentos-onenote-s%C3%A3o-t%C3%A3o-perigosos-c69dd1dd1b14?source=rss----7b722bfd1b8d---4) 2023-08-13T11:53:59Z **Code injection Series — #2 — DLL Injection (T1055.001)** ⌘ [Read more](https://infosecwriteups.com/code-injection-series-2-dll-injection-t1055-001-9e8cae4363e6?source=rss----7b722bfd1b8d---4) 2023-08-13T11:53:58Z **Code Injection Series — #3 — Process Hollowing (T1055.012)** ⌘ [Read more](https://infosecwriteups.com/code-injection-series-3-process-hollowing-t1055-012-45a08bc5aaa7?source=rss----7b722bfd1b8d---4) 2023-08-13T11:53:56Z **Code Injection Series — #4 — Process Doppelgänging (T1055.013)** ⌘ [Read more](https://infosecwriteups.com/code-injection-series-4-process-doppelg%C3%A4nging-t1055-013-a6e5577b8f06?source=rss----7b722bfd1b8d---4) 2023-08-13T12:07:44Z **Burp Suite in Action: Real-Life Examples of Web Application Security Testing** ⌘ [Read more](https://infosecwriteups.com/burp-suite-in-action-real-life-examples-of-web-application-security-testing-fe245b780b87?source=rss----7b722bfd1b8d---4) 2023-08-13T12:05:57Z **Taking your web application pentesting to another level** ⌘ [Read more](https://infosecwriteups.com/taking-your-web-application-pentesting-to-another-level-8ca39238a1e4?source=rss----7b722bfd1b8d---4) 2023-08-13T12:04:20Z **Burp Suite’s Hidden Gems: Lesser-Known Features You Should Know** ⌘ [Read more](https://infosecwriteups.com/burp-suites-hidden-gems-lesser-known-features-you-should-know-1ece99e9c785?source=rss----7b722bfd1b8d---4) 2023-08-13T12:04:03Z **Lidando com Named Pipes em Malwares** ⌘ [Read more](https://infosecwriteups.com/lidando-com-named-pipes-em-malwares-2d5dece4cd7f?source=rss----7b722bfd1b8d---4) 2023-08-18T19:29:30Z **An IDOR leads join any group makes me $2,500** ⌘ [Read more](https://infosecwriteups.com/an-idor-leads-join-any-group-makes-me-2-500-406eb9e463a3?source=rss----7b722bfd1b8d---4) 2023-08-18T19:28:45Z **Starlink: Keeping Ukraine Connected During The War** ⌘ [Read more](https://infosecwriteups.com/starlink-keeping-ukraine-connected-during-the-war-f6319df49a06?source=rss----7b722bfd1b8d---4) 2023-08-18T19:28:34Z **Findings in Swiggy’s Codebase: Memory Leak and Google Maps API Key Exposure.** ⌘ [Read more](https://infosecwriteups.com/findings-in-swiggys-codebase-memory-leak-and-google-maps-api-key-exposure-bf3569ccedca?source=rss----7b722bfd1b8d---4) 2023-08-18T19:28:12Z **Epic Bug Hunting Failures** ⌘ [Read more](https://infosecwriteups.com/epic-bug-hunting-failures-7d95bb61cb12?source=rss----7b722bfd1b8d---4) 2023-08-20T16:47:06Z **Make Money By Hacking?? Bug Bounty Guide (Resources)** ⌘ [Read more](https://infosecwriteups.com/how-to-bug-bounty-in-2023-resources-2a192de26097?source=rss----7b722bfd1b8d---4) 2023-08-20T16:46:53Z **How I Found My First 3 Bugs Within An Hour** ⌘ [Read more](https://infosecwriteups.com/how-i-found-my-first-3-bugs-within-an-hour-5421c0aab8b8?source=rss----7b722bfd1b8d---4) 2023-08-20T16:45:10Z **Bypassing XSS Filters: Techniques and Solutions**
[![](https://cdn-images-1.medium.com/max/1024/0*obyNm94cbzyG-0p-)](https://infosecwriteups.com/bypassing-xss-filters-techniques-and-solutions-d6674029f1e9?source=rss----7b722bfd1b8d---4)

In the ever-evolving landscape of web security, Cross-Site Scripting (XSS) stands as one of the most pernicious vulnerabilities.

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/bypassing-xss-filt ... ⌘ [Read more](https://infosecwriteups.com/bypassing-xss-filters-techniques-and-solutions-d6674029f1e9?source=rss----7b722bfd1b8d---4) 2023-08-20T16:45:05Z **Burp Suite: The Ultimate Web Application Penetration Testing Tool** ⌘ [Read more](https://infosecwriteups.com/burp-suite-the-ultimate-web-application-penetration-testing-tool-222f6d825060?source=rss----7b722bfd1b8d---4) 2023-08-20T16:44:53Z **Security Automation 101**
[![](https://cdn-images-1.medium.com/max/2600/1*NOm3ZAxpwXd5Tdu3V6iWiQ.jpeg)](https://infosecwriteups.com/security-automation-101-673d078e6f00?source=rss----7b722bfd1b8d---4)

Who doesn’t love automation?

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/security-automation-101-673d078e6f00?source=rss----7b722bfd1b8d---4) ⌘ [Read more](https://infosecwriteups.com/security-automation-101-673d078e6f00?source=rss----7b722bfd1b8d---4) 2023-08-20T16:44:47Z **Burp Suite vs. Other Web Application Security Tools: A Comparative Analysis** ⌘ [Read more](https://infosecwriteups.com/burp-suite-vs-other-web-application-security-tools-a-comparative-analysis-6d70f3a443d4?source=rss----7b722bfd1b8d---4) 2023-08-20T16:38:53Z **Reversing WordPress CVEs: Baby Steps** ⌘ [Read more](https://infosecwriteups.com/reversing-wordpress-cves-baby-steps-1069feb50dd4?source=rss----7b722bfd1b8d---4) 2023-08-20T16:37:02Z **Injecting backdoor into ML model** ⌘ [Read more](https://infosecwriteups.com/injecting-backdoor-into-ml-model-fbd1bce4daeb?source=rss----7b722bfd1b8d---4) 2023-08-20T16:52:06Z **How to Check the Integrity of a Downloaded File on Windows Using a SHA/MD5 Hash**
[![](https://cdn-images-1.medium.com/max/800/1*r99C1uP5528EVm70DQyTig.jpeg)](https://infosecwriteups.com/how-to-check-the-integrity-of-a-downloaded-file-on-windows-using-a-sha-md5-hash-e3c04a6362a8?source=rss----7b722bfd1b8d---4)

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/how-to-check-the-integrity-of-a-download ... ⌘ [Read more](https://infosecwriteups.com/how-to-check-the-integrity-of-a-downloaded-file-on-windows-using-a-sha-md5-hash-e3c04a6362a8?source=rss----7b722bfd1b8d---4) 2023-08-20T16:51:51Z **Exploring Burp Suite’s Features: A Detailed Overview** ⌘ [Read more](https://infosecwriteups.com/exploring-burp-suites-features-a-detailed-overview-2bacf809c6f8?source=rss----7b722bfd1b8d---4) 2023-08-20T16:51:01Z **How to use ChatGPT for Ethical Hacking ?**
[![](https://cdn-images-1.medium.com/max/1280/1*-MV2996Z3ZMr7Z5nX5I_8A.jpeg)](https://infosecwriteups.com/how-to-use-chatgpt-for-ethical-hacking-68dcdb2729e1?source=rss----7b722bfd1b8d---4)

I would like to discover several ways to use ChatGPT for Ethical Hacking and Information Security purposes by asking for input from ChatGPT

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/how-to-use-chatgpt- ... ⌘ [Read more](https://infosecwriteups.com/how-to-use-chatgpt-for-ethical-hacking-68dcdb2729e1?source=rss----7b722bfd1b8d---4) 2023-08-22T14:52:47Z **Rewriting IP for filter bypass** ⌘ [Read more](https://infosecwriteups.com/rewriting-ip-for-filter-bypass-823b958b9bad?source=rss----7b722bfd1b8d---4) 2023-08-22T14:50:35Z **Gone in a Click: IDOR Vulnerabilities in Image Upload Function** ⌘ [Read more](https://infosecwriteups.com/gone-in-a-click-idor-vulnerabilities-in-image-upload-function-6c4817b44d8c?source=rss----7b722bfd1b8d---4) 2023-08-28T06:11:16Z **Unlocking Potential: Exploring Frida & Objection on Non-Jailbroken Devices without Application…** ⌘ [Read more](https://infosecwriteups.com/unlocking-potential-exploring-frida-objection-on-non-jailbroken-devices-without-application-ed0367a84f07?source=rss----7b722bfd1b8d---4) 2023-08-28T06:11:03Z **Assessing Security Risks of Local Storage on Non-Jailbroken iOS Devices** ⌘ [Read more](https://infosecwriteups.com/assessing-security-risks-of-local-storage-on-non-jailbroken-ios-devices-8d303ebe0e77?source=rss----7b722bfd1b8d---4) 2023-08-28T05:58:29Z **Game Hacking: Hex Editing Save Files for Unlimited Cash** ⌘ [Read more](https://infosecwriteups.com/game-hacking-hex-editing-save-files-for-unlimited-cash-a3d52bc65789?source=rss----7b722bfd1b8d---4) 2023-08-28T06:21:11Z **OSINT Series Part 1 — European Cyber Security Challenge**
[![](https://cdn-images-1.medium.com/max/656/1*rEzhgRf3i1MAtrLB40--Lg.png)](https://infosecwriteups.com/osint-series-part-1-european-cyber-security-challenge-ad8e25bbc334?source=rss----7b722bfd1b8d---4)

While I was scavenging through the internet I came across with The European Cyber Security Challenge (ECSC) and decided to solve some of…

[Continue reading on InfoSec Write-ups »](https: ... ⌘ [Read more](https://infosecwriteups.com/osint-series-part-1-european-cyber-security-challenge-ad8e25bbc334?source=rss----7b722bfd1b8d---4) 2023-08-28T06:20:52Z **5 Skills To Learn Before Ethical Hacking!**
[![](https://cdn-images-1.medium.com/max/1080/1*jb_gUNVanWfQfMZORWy8Eg.png)](https://infosecwriteups.com/5-skills-to-learn-before-ethical-hacking-e3de68559c04?source=rss----7b722bfd1b8d---4)

How You’ll Start To Be an “Ethical Hacking”?

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/5-skills-to-learn-before-ethical-hacking-e3de68559c04?source=rss----7b722bfd1b8d---4) ⌘ [Read more](https://infosecwriteups.com/5-skills-to-learn-before-ethical-hacking-e3de68559c04?source=rss----7b722bfd1b8d---4) 2023-08-28T07:01:55Z **Announcing IWCON 2023 Call for Papers** ⌘ [Read more](https://infosecwriteups.com/announcing-iwcon-2023-call-for-papers-e11d0fe74754?source=rss----7b722bfd1b8d---4) 2023-08-28T07:23:09Z **Decoding the Enigma: A Journey into Minesweeper’s Reverse Engineering** ⌘ [Read more](https://infosecwriteups.com/decoding-the-enigma-a-journey-into-minesweepers-reverse-engineering-3a253698eb45?source=rss----7b722bfd1b8d---4) 2023-08-28T07:23:04Z **Mailroom HTB | Gitea | XSS | NoSqli | RCE | Exploit Development | Strace** ⌘ [Read more](https://infosecwriteups.com/mailroom-htb-gitea-xss-nosqli-rce-exploit-development-strace-88152d53d850?source=rss----7b722bfd1b8d---4) 2023-08-28T07:22:48Z **Bug Hunting on Autopilot, Free VPS Setup** ⌘ [Read more](https://infosecwriteups.com/bug-hunting-on-autopilot-free-vps-setup-1036bb1113a?source=rss----7b722bfd1b8d---4) 2023-08-28T07:22:06Z **Devel writeup | Hack the box** ⌘ [Read more](https://infosecwriteups.com/devel-writeup-hack-the-box-b82fa92b3094?source=rss----7b722bfd1b8d---4) 2023-08-28T07:19:10Z **Defending AWS Assets through Email alerts.** ⌘ [Read more](https://infosecwriteups.com/defending-aws-assets-through-email-alerts-991b6fb3c8ce?source=rss----7b722bfd1b8d---4) 2023-08-28T07:18:55Z **Stay Ahead of the Game: The Importance of Threat Modeling in Cybersecurity**
[![](https://cdn-images-1.medium.com/max/2600/0*2faZr5HIpqDP__wZ)](https://infosecwriteups.com/stay-ahead-of-the-game-the-importance-of-threat-modeling-in-cybersecurity-79bf38d2a29f?source=rss----7b722bfd1b8d---4)

Threat modelling is a systematic process of identifying and analyzing potential threats and vulnerabilities in a system or application to ... ⌘ [Read more](https://infosecwriteups.com/stay-ahead-of-the-game-the-importance-of-threat-modeling-in-cybersecurity-79bf38d2a29f?source=rss----7b722bfd1b8d---4) 2023-08-28T07:13:19Z **GDB Baby Step 4: Decoding Multiplication in Assembly with GDB — StackZero** ⌘ [Read more](https://infosecwriteups.com/gdb-baby-step-4-decoding-multiplication-in-assembly-with-gdb-stackzero-3d0dbae815a9?source=rss----7b722bfd1b8d---4) 2023-08-28T07:13:11Z **Unmasking Vulnerabilities: Exploring the Convergence of Robotics and Cybersecurity** ⌘ [Read more](https://infosecwriteups.com/unmasking-vulnerabilities-exploring-the-convergence-of-robotics-and-cybersecurity-3e1b7a71a3c6?source=rss----7b722bfd1b8d---4) 2023-08-28T07:13:03Z **Navigating Uncharted Waters: The Cybersecurity Implications of Maritime Vessel Hacking** ⌘ [Read more](https://infosecwriteups.com/navigating-uncharted-waters-the-cybersecurity-implications-of-maritime-vessel-hacking-4a3600c90715?source=rss----7b722bfd1b8d---4) 2023-08-28T07:12:55Z **Reverse Engineering: Injection Series Part 4 — Blue Team Labs** ⌘ [Read more](https://infosecwriteups.com/reverse-engineering-injection-series-part-4-blue-team-labs-8efe326049dc?source=rss----7b722bfd1b8d---4) 2023-09-06T03:48:14Z **Securing Microservices: Application Architecture for Distributed Systems** ⌘ [Read more](https://infosecwriteups.com/securing-microservices-application-architecture-for-distributed-systems-534f61678ae8?source=rss----7b722bfd1b8d---4) 2023-09-06T03:48:08Z **Implementing MITRE D3FEND for ATT&CK Technique T1110: Brute Force** ⌘ [Read more](https://infosecwriteups.com/implementing-mitre-d3fend-for-att-ck-technique-t1110-brute-force-194ff81e10d3?source=rss----7b722bfd1b8d---4) 2023-09-06T03:46:01Z **Exploiting CORS misconfigurations** ⌘ [Read more](https://infosecwriteups.com/exploiting-cors-misconfigurations-ffb538698600?source=rss----7b722bfd1b8d---4) 2023-09-06T03:45:32Z **“Email Domain Extractor: Discovering Domains from the Data Mine”** ⌘ [Read more](https://infosecwriteups.com/email-domain-extractor-discovering-domains-from-the-data-mine-c43eabfa104d?source=rss----7b722bfd1b8d---4) 2023-09-06T03:43:56Z ** ** ⌘ [Read more](https://infosecwriteups.com/-e91b4e65a4b2?source=rss----7b722bfd1b8d---4) 2023-09-06T03:43:28Z **LetsDefend ==> Phishing Email Challenge** ⌘ [Read more](https://infosecwriteups.com/letsdefend-phishing-email-challenge-e470c06e6d2b?source=rss----7b722bfd1b8d---4) 2023-09-06T03:43:18Z **Securing Applications through Understanding: Why Every InfoSec Professional Should Learn SLAE64** ⌘ [Read more](https://infosecwriteups.com/securing-applications-through-understanding-why-every-infosec-professional-should-learn-slae64-56c78670f790?source=rss----7b722bfd1b8d---4) 2023-09-06T03:43:13Z **Blaster writup ~ TryHackMe** ⌘ [Read more](https://infosecwriteups.com/blaster-writup-tryhackme-ecfd19ea571e?source=rss----7b722bfd1b8d---4) 2023-09-06T03:42:57Z **SAST & DevSecOps for Java** ⌘ [Read more](https://infosecwriteups.com/sast-devsecops-for-java-9fd47ab7d174?source=rss----7b722bfd1b8d---4) 2023-09-06T03:59:59Z **A Comprehensive approach for testing for SQL Injection Vulnerabilities** ⌘ [Read more](https://infosecwriteups.com/a-comprehensive-approach-for-testing-for-sql-injection-vulnerabilities-23c8772ffba9?source=rss----7b722bfd1b8d---4) 2023-09-06T03:59:33Z **STIX — Criminal IP Integration Newly Launched!** ⌘ [Read more](https://infosecwriteups.com/stix-criminal-ip-integration-newly-launched-d7712a674f85?source=rss----7b722bfd1b8d---4) 2023-09-06T03:59:09Z **The Ultimate Guide to Bug Bounty Hunting: Learn How to Find and Report Vulnerabilities** ⌘ [Read more](https://infosecwriteups.com/the-ultimate-guide-to-bug-bounty-hunting-learn-how-to-find-and-report-vulnerabilities-8c0f0de83cf5?source=rss----7b722bfd1b8d---4) 2023-09-06T03:58:52Z **Lesson Learned writup || TryHackMe** ⌘ [Read more](https://infosecwriteups.com/lesson-learned-writup-tryhackme-78e31a49be08?source=rss----7b722bfd1b8d---4) 2023-09-06T03:58:50Z **Grep writeup | TryHackme** ⌘ [Read more](https://infosecwriteups.com/grep-v-1-7-writeup-tryhackme-7589bcb72922?source=rss----7b722bfd1b8d---4) 2023-09-06T03:58:33Z **Exploring Narrowlink: Your Swiss Army Knife for Secure Networking**
[![](https://cdn-images-1.medium.com/max/1056/1*sKWCbrq8CzZ0JactHjLlfA.png)](https://infosecwriteups.com/exploring-narrowlink-your-swiss-army-knife-for-secure-networking-71c37ec5b7cd?source=rss----7b722bfd1b8d---4)

Hey there, tech enthusiasts! Today, we’re diving into the fascinating world of Narrowlink — a nifty tool that’s like a multi-purpose tool…

[Continue read ... ⌘ [Read more](https://infosecwriteups.com/exploring-narrowlink-your-swiss-army-knife-for-secure-networking-71c37ec5b7cd?source=rss----7b722bfd1b8d---4) 2023-09-06T03:58:23Z **Enhancing Bug Bounty Workflow with Advanced Google Dorks**
[![](https://cdn-images-1.medium.com/max/2600/0*o4TfYr-0vpg5s1EQ)](https://infosecwriteups.com/enhancing-bug-bounty-workflow-with-advanced-google-dorks-4e8af7e8102d?source=rss----7b722bfd1b8d---4)

Bug bounty hunting has become an essential part of cybersecurity, allowing skilled individuals to identify vulnerabilities in web…

[Continue reading on InfoSec Write-ups »](https://infosec ... ⌘ [Read more](https://infosecwriteups.com/enhancing-bug-bounty-workflow-with-advanced-google-dorks-4e8af7e8102d?source=rss----7b722bfd1b8d---4) 2023-09-06T03:56:14Z **For Newbies: Simple Examples of LDAP Injection Vulnerabilities** ⌘ [Read more](https://infosecwriteups.com/for-newbies-simple-examples-of-ldap-injection-vulnerabilities-cbf231431923?source=rss----7b722bfd1b8d---4) 2023-09-06T03:56:07Z **Hacking a Windows Machine by Hiding a RAT Inside the File** ⌘ [Read more](https://infosecwriteups.com/hacking-a-windows-machine-by-hiding-a-rat-inside-the-file-68b8748e4e71?source=rss----7b722bfd1b8d---4) 2023-09-06T03:55:51Z **Introduction to OpenVAS — A Vulnerability Scanner** ⌘ [Read more](https://infosecwriteups.com/introduction-to-openvas-a-vulnerability-scanner-cd5bf830e2fe?source=rss----7b722bfd1b8d---4) 2023-09-12T15:11:30Z **How I could view any Facebook Groups Notes media, and they paid me a $10,000** ⌘ [Read more](https://infosecwriteups.com/how-i-could-view-any-facebook-groups-notes-media-and-they-paid-me-a-10-000-fe22f8949d7c?source=rss----7b722bfd1b8d---4) 2023-09-12T15:11:03Z **Cracking the Code: The Art of White Box Pentesting** ⌘ [Read more](https://infosecwriteups.com/cracking-the-code-the-art-of-white-box-pentesting-de296bc22c67?source=rss----7b722bfd1b8d---4) 2023-09-12T15:10:53Z **Regional Internet Registries(RIR)** ⌘ [Read more](https://infosecwriteups.com/regional-internet-registries-rir-80589b085226?source=rss----7b722bfd1b8d---4) 2023-09-12T15:10:45Z **Securing Large Language Models (LLMs) in Your Organization: Mitigating Security and Privacy Risks** ⌘ [Read more](https://infosecwriteups.com/securing-large-language-models-llms-in-your-organization-mitigating-security-and-privacy-risks-9a70b5936906?source=rss----7b722bfd1b8d---4) 2023-09-12T15:06:44Z **Hacking into facial recognition system using generative AI** ⌘ [Read more](https://infosecwriteups.com/hacking-into-facial-recognition-system-using-generative-ai-69a741077f0e?source=rss----7b722bfd1b8d---4) 2023-09-12T15:06:40Z **Android Penetration Tryz — Part 2**
[![](https://cdn-images-1.medium.com/max/1366/1*GdF4ZVm_FOrSFN1iJu6YFQ.jpeg)](https://infosecwriteups.com/android-penetration-tryz-part-2-71cb33c4aee?source=rss----7b722bfd1b8d---4)

Android Penetration Tryz Part 2

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/android-penetration-tryz-part-2-71cb33c4aee?source=rss----7b722bfd1b8d---4) ⌘ [Read more](https://infosecwriteups.com/android-penetration-tryz-part-2-71cb33c4aee?source=rss----7b722bfd1b8d---4) 2023-09-12T15:06:12Z **Leveraging Search Queries for Bug Bounty: A Guide to Finding Vulnerabilities**
[![](https://cdn-images-1.medium.com/max/2600/0*oM15fy7JTyie1CvZ)](https://infosecwriteups.com/leveraging-search-queries-for-bug-bounty-a-guide-to-finding-vulnerabilities-3782788f603?source=rss----7b722bfd1b8d---4)

In the realm of cybersecurity, bug bounty programs have become a popular way for companies to identify vulnerabilities in their syste ... ⌘ [Read more](https://infosecwriteups.com/leveraging-search-queries-for-bug-bounty-a-guide-to-finding-vulnerabilities-3782788f603?source=rss----7b722bfd1b8d---4) 2023-09-18T03:42:38Z **Blue Team Operations : Educational Series** ⌘ [Read more](https://infosecwriteups.com/blue-team-operations-educational-series-ac3c01e3b295?source=rss----7b722bfd1b8d---4) 2023-09-18T03:42:17Z **OnlyForYou HTB | LFR | RCE | Cypher Injection (Neo4j) graph database | pip3 download code execution** ⌘ [Read more](https://infosecwriteups.com/onlyforyou-htb-lfr-rce-cypher-injection-neo4j-graph-database-pip3-download-code-execution-7855193b3d5c?source=rss----7b722bfd1b8d---4) 2023-09-18T03:42:13Z **DriftingBlues: 2 Vulnhub Write-up | Walkthrough** ⌘ [Read more](https://infosecwriteups.com/driftingblues-2-vulnhub-write-up-walkthrough-e694b2cffab3?source=rss----7b722bfd1b8d---4) 2023-09-18T03:40:29Z **Hacking into gRPC-Web** ⌘ [Read more](https://infosecwriteups.com/hacking-into-grpc-web-a54053757a45?source=rss----7b722bfd1b8d---4) 2023-09-18T03:40:12Z **Secure FastAPI with eBPF** ⌘ [Read more](https://infosecwriteups.com/secure-fastapi-with-ebpf-724d4aef8d9e?source=rss----7b722bfd1b8d---4) 2023-09-18T03:39:55Z **Strategic Cyber Security Report — August 2023 Edition** ⌘ [Read more](https://infosecwriteups.com/strategic-cyber-security-report-august-2023-edition-1edb1db1be68?source=rss----7b722bfd1b8d---4) 2023-09-18T03:39:39Z **How I Hacked An Account [Unplanned]** ⌘ [Read more](https://infosecwriteups.com/how-i-hacked-an-account-unplanned-86e1e2a8b2ac?source=rss----7b722bfd1b8d---4) 2023-09-18T03:37:46Z **My experience with BugBase copilot** ⌘ [Read more](https://infosecwriteups.com/my-experience-with-bugbase-copilot-5b83e3b41a84?source=rss----7b722bfd1b8d---4) 2023-09-18T04:35:14Z **Hunting for Rootkits in memory** ⌘ [Read more](https://infosecwriteups.com/hunting-for-diamorphine-and-reptile-in-memory-3022320e1fbb?source=rss----7b722bfd1b8d---4) 2023-09-18T04:34:59Z **Unlock the Secret Formula: Mastering Vulnerability Management for Iron-Clad Cybersecurity!** ⌘ [Read more](https://infosecwriteups.com/unlock-the-secret-formula-mastering-vulnerability-management-for-iron-clad-cybersecurity-f3f0b68ce6ae?source=rss----7b722bfd1b8d---4) 2023-09-18T04:32:43Z **Understanding CVE-2023–24329 -Python urlparse Function** ⌘ [Read more](https://infosecwriteups.com/understanding-cve-2023-24329-python-urlparse-function-7c064dee5639?source=rss----7b722bfd1b8d---4) 2023-09-18T04:32:36Z **How Red Team vs. Blue Team : Exercises Boost Cybersecurity** ⌘ [Read more](https://infosecwriteups.com/how-red-team-vs-blue-team-exercises-boost-cybersecurity-ac799b0bbc0d?source=rss----7b722bfd1b8d---4) 2023-09-18T04:29:50Z **Webinar Pro or Not: The $500 Access Control Bug** ⌘ [Read more](https://infosecwriteups.com/webinar-pro-or-not-the-500-access-control-bug-5cf28cd80543?source=rss----7b722bfd1b8d---4) 2023-09-18T04:50:43Z **My $1000 Bounty Bug: How I Stopped Companies from Losing Money with an IDOR Flaw** ⌘ [Read more](https://infosecwriteups.com/my-1000-bounty-bug-how-i-stopped-companies-from-losing-money-with-an-idor-flaw-2366984a6c40?source=rss----7b722bfd1b8d---4) 2023-09-18T04:49:23Z **Privilege Escalation: How I Earned $500 by Discovering the Ability to Delete Documents as a Student** ⌘ [Read more](https://infosecwriteups.com/privilege-escalation-how-i-earned-500-by-discovering-the-ability-to-delete-documents-as-a-student-8cdf9eab1375?source=rss----7b722bfd1b8d---4) 2023-09-18T04:45:01Z **Lets talk about Advancements in Intrusion Detection and Prevention Systems (IDPS)** ⌘ [Read more](https://infosecwriteups.com/lets-talk-about-advancements-in-intrusion-detection-and-prevention-systems-idps-f8f727f0cced?source=rss----7b722bfd1b8d---4) 2023-09-18T04:44:53Z **Introduction to Blue Teaming Operations** ⌘ [Read more](https://infosecwriteups.com/introduction-to-blue-teaming-operations-1c83a2bfa428?source=rss----7b722bfd1b8d---4) 2023-09-18T04:44:51Z **Compliance as Code: Revolutionizing Regulatory Compliance with Automation** ⌘ [Read more](https://infosecwriteups.com/compliance-as-code-revolutionizing-regulatory-compliance-with-automation-dda2a5b30761?source=rss----7b722bfd1b8d---4) 2023-09-18T04:44:33Z **Bypassing ML based phishing and spam detection using evasion** ⌘ [Read more](https://infosecwriteups.com/bypassing-ml-based-phishing-and-spam-detection-using-evasion-2e0f1356dd9a?source=rss----7b722bfd1b8d---4) 2023-09-18T04:44:24Z **Learn how to perform threat modeling to proactively identify potential vulnerabilities and security…** ⌘ [Read more](https://infosecwriteups.com/learn-how-to-perform-threat-modeling-to-proactively-identify-potential-vulnerabilities-and-security-ccac676ac1da?source=rss----7b722bfd1b8d---4) 2023-09-18T04:41:19Z **OAuth 2.0 Hacking ** ⌘ [Read more](https://infosecwriteups.com/oauth-2-0-hacking-67e5d2b9b495?source=rss----7b722bfd1b8d---4) 2023-09-18T04:40:54Z **Practical iOS Penetration Testing Lab - Part 1** ⌘ [Read more](https://infosecwriteups.com/practical-ios-penetration-testing-lab-part-1-a06e102fca63?source=rss----7b722bfd1b8d---4) 2023-09-18T04:59:21Z **Find Bugs While Sleeping ? Get Phone Notifications When A Bug Is Found** ⌘ [Read more](https://infosecwriteups.com/find-bugs-while-sleeping-get-phone-notifications-when-a-bug-is-found-b06ef95a6df7?source=rss----7b722bfd1b8d---4) 2023-09-18T04:59:20Z **Navigating the Complex Seas of Security Compliance and Regulations** ⌘ [Read more](https://infosecwriteups.com/navigating-the-complex-seas-of-security-compliance-and-regulations-a258b585f30f?source=rss----7b722bfd1b8d---4) 2023-09-18T04:59:17Z **Mobile Device Security: Safeguarding Your Digital World in the Age of BYOD** ⌘ [Read more](https://infosecwriteups.com/mobile-device-security-safeguarding-your-digital-world-in-the-age-of-byod-e7dfdc5ff0f3?source=rss----7b722bfd1b8d---4) 2023-09-18T04:59:15Z **Developing and Refining Security Incident Playbooks** ⌘ [Read more](https://infosecwriteups.com/developing-and-refining-security-incident-playbooks-ef44732748f8?source=rss----7b722bfd1b8d---4) 2023-09-18T04:58:54Z **Race Condition Vulnerabilities: A Hands-On Primer — Part 1** ⌘ [Read more](https://infosecwriteups.com/race-condition-vulnerabilities-a-hands-on-primer-part-1-397686cceafd?source=rss----7b722bfd1b8d---4) 2023-09-18T05:13:18Z **22.6k+ GitHub Stars Note-Taking App Hit by XSS Vulnerability** ⌘ [Read more](https://infosecwriteups.com/22-6k-github-stars-note-taking-app-hit-by-critical-xss-vulnerability-842da56ae265?source=rss----7b722bfd1b8d---4) 2023-09-18T05:13:02Z **Basic Pentesting Writeup | TryHackMe** ⌘ [Read more](https://infosecwriteups.com/basic-pentesting-writeup-tryhackme-e4b42d93ec51?source=rss----7b722bfd1b8d---4) 2023-09-18T05:12:58Z **Build It Before Breaking It !!** ⌘ [Read more](https://infosecwriteups.com/build-it-before-breaking-it-5d8c5b8171fc?source=rss----7b722bfd1b8d---4) 2023-09-18T05:12:51Z **Cloud Security: Protecting Your Digital Oasis in the Cloud** ⌘ [Read more](https://infosecwriteups.com/cloud-security-protecting-your-digital-oasis-in-the-cloud-805d4b29c51d?source=rss----7b722bfd1b8d---4) 2023-09-18T05:12:28Z **Behind the Hack: The Mechanics of SQL Injection Attacks** ⌘ [Read more](https://infosecwriteups.com/behind-the-hack-the-mechanics-of-sql-injection-attacks-9d35a34e8371?source=rss----7b722bfd1b8d---4) 2023-09-19T05:41:28Z **Corporate Reconnaissance and Data Analysis: A Guide to Ethical Hacking** ⌘ [Read more](https://infosecwriteups.com/corporate-reconnaissance-and-data-analysis-a-guide-to-ethical-hacking-ef0a341fa87a?source=rss----7b722bfd1b8d---4) 2023-09-20T05:42:22Z **Ethical Hacker’s Passive Reconnaissance Toolkit** ⌘ [Read more](https://infosecwriteups.com/ethical-hackers-passive-reconnaissance-toolkit-e2ea6f2957a3?source=rss----7b722bfd1b8d---4) 2023-09-21T08:47:31Z **XSS exploitation that goes beyond ** ⌘ [Read more](https://infosecwriteups.com/xss-exploitation-that-goes-beyond-script-alert-test-script-4b200fd52cea?source=rss----7b722bfd1b8d---4) 2023-09-22T05:46:43Z **How Enterprises Use SOAR to Track MSSP SLAs**
[![](https://cdn-images-1.medium.com/max/1200/1*tXDcegIRiOFRovBoSoZw5g.jpeg)](https://infosecwriteups.com/how-enterprises-use-soar-to-track-mssp-slas-4038aa629ee4?source=rss----7b722bfd1b8d---4)

Large enterprises often outsource some of their security needs to Managed Security Service Providers (MSSPs). When alert volumes are high…

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/how-ent ... ⌘ [Read more](https://infosecwriteups.com/how-enterprises-use-soar-to-track-mssp-slas-4038aa629ee4?source=rss----7b722bfd1b8d---4) 2023-09-24T17:42:50Z **Managing AXIOM instances** ⌘ [Read more](https://infosecwriteups.com/the-power-of-axiom-part-3-b68acdf085be?source=rss----7b722bfd1b8d---4) 2023-09-24T17:42:49Z **Core Functionality of AXIOM** ⌘ [Read more](https://infosecwriteups.com/the-power-of-axiom-part-2-8d0272617b92?source=rss----7b722bfd1b8d---4) 2023-09-24T17:42:45Z **The Introduction to AXIOM** ⌘ [Read more](https://infosecwriteups.com/the-power-of-axiom-part-1-185200680bd9?source=rss----7b722bfd1b8d---4) 2023-09-24T17:41:00Z **Reverse Search IDOR approach to Exposure of all Organizational Sensitive Information.** ⌘ [Read more](https://infosecwriteups.com/reverse-search-idor-approach-to-exposure-of-all-organizational-sensitive-information-954220b96a59?source=rss----7b722bfd1b8d---4) 2023-09-24T17:39:42Z **Threat Intelligence with MISP: Part 2 — Setting up MISP**
[![](https://cdn-images-1.medium.com/max/1600/0*TaP1kzOXMdFBMpLT)](https://infosecwriteups.com/threat-intelligence-with-misp-part-2-setting-up-misp-be857bba8e7?source=rss----7b722bfd1b8d---4)

Learn how create your own cyber threat intelligence database and information sharing platform by installing and setting up MISP!

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/ ... ⌘ [Read more](https://infosecwriteups.com/threat-intelligence-with-misp-part-2-setting-up-misp-be857bba8e7?source=rss----7b722bfd1b8d---4) 2023-09-24T17:39:36Z **PatriotCTF 2023-My phone! (Crypto+OSINT)** ⌘ [Read more](https://infosecwriteups.com/patriotctf-2023-my-phone-crypto-osint-9c04ad0ffa99?source=rss----7b722bfd1b8d---4) 2023-09-24T17:39:35Z **PatriotCTF 2023-Capybara (Forensics) & what is Morse Code?** ⌘ [Read more](https://infosecwriteups.com/patriotctf-2023-capybara-forensics-what-is-morse-code-a7aaef748340?source=rss----7b722bfd1b8d---4) 2023-09-24T17:39:19Z **Learn SQL Querying Techniques with this Comprehensive Tutorial!** ⌘ [Read more](https://infosecwriteups.com/learn-sql-querying-techniques-with-this-comprehensive-tutorial-37320f8043e5?source=rss----7b722bfd1b8d---4) 2023-09-24T17:56:38Z **Mastering BTL1: Journey, Tips, and Insights for Cyber Defenders** ⌘ [Read more](https://infosecwriteups.com/blue-team-level-1-btl1-training-course-exam-review-and-tips-march-2023-7bb00597b5ad?source=rss----7b722bfd1b8d---4) 2023-09-24T17:55:14Z **eJPT v2 Review: Decoding the eLearn Security’s Junior Penetration Tester Certification** ⌘ [Read more](https://infosecwriteups.com/ejpt-v2-review-elearn-jpt-certification-423d7c940d9a?source=rss----7b722bfd1b8d---4) 2023-09-24T17:52:59Z **10 Beginner-Friendly Cybersecurity Projects to Kickstart Your Journey** ⌘ [Read more](https://infosecwriteups.com/10-beginner-friendly-cybersecurity-projects-to-kickstart-your-journey-2acc7250a744?source=rss----7b722bfd1b8d---4) 2023-09-24T17:52:23Z **Unmasking Directory Traversal: Navigating Vulnerabilities in Web Applications (Techniques +…** ⌘ [Read more](https://infosecwriteups.com/unmasking-directory-traversal-navigating-vulnerabilities-in-web-applications-techniques-e5a75c1f6753?source=rss----7b722bfd1b8d---4) 2023-09-24T17:51:03Z **Injecting Danger: Understanding Server-Side Template Exploits** ⌘ [Read more](https://infosecwriteups.com/injecting-danger-understanding-server-side-template-exploits-710f48811715?source=rss----7b722bfd1b8d---4) 2023-09-24T17:50:46Z **The Evolution of Cybersecurity: From Enigma to Quantum Cryptography** ⌘ [Read more](https://infosecwriteups.com/the-evolution-of-cybersecurity-from-enigma-to-quantum-cryptography-653134464af3?source=rss----7b722bfd1b8d---4) 2023-09-24T17:50:27Z **Revolutionizing Bug Bounty Hunting: Unleashing the AI Advantage with Chat GPT** ⌘ [Read more](https://infosecwriteups.com/revolutionizing-bug-bounty-hunting-unleashing-the-ai-advantage-with-chat-gpt-7949c45386b1?source=rss----7b722bfd1b8d---4) 2023-09-24T17:50:09Z **Exploit Analysis: Request-Baskets v1.2.1 Server-side Request Forgery (SSRF)**
[![](https://cdn-images-1.medium.com/max/2600/0*t5odsTa4kGdcVeya)](https://infosecwriteups.com/exploit-analysis-request-baskets-v1-2-1-server-side-request-forgery-ssrf-688fffd1f424?source=rss----7b722bfd1b8d---4)

In the world of cybersecurity, vulnerabilities and exploits are constantly evolving. One such vulnerability is the Server-side Request…

[ ... ⌘ [Read more](https://infosecwriteups.com/exploit-analysis-request-baskets-v1-2-1-server-side-request-forgery-ssrf-688fffd1f424?source=rss----7b722bfd1b8d---4) 2023-09-24T17:50:01Z **Introduction to External Penetration Testing Assessments** ⌘ [Read more](https://infosecwriteups.com/introduction-to-external-penetration-testing-assessments-d289b1721319?source=rss----7b722bfd1b8d---4) 2023-09-24T17:49:14Z **How to Create a Free Kali Linux Machine in the Cloud** ⌘ [Read more](https://infosecwriteups.com/how-to-create-a-free-kali-linux-machine-in-the-cloud-450707d32a79?source=rss----7b722bfd1b8d---4) 2023-09-25T18:56:23Z **A List of No-Brainers for Windows Server Security** ⌘ [Read more](https://infosecwriteups.com/a-list-of-no-brainers-for-windows-server-security-bcaf80b2f022?source=rss----7b722bfd1b8d---4) 2023-10-01T17:55:02Z **HTB Machine Stocker** ⌘ [Read more](https://infosecwriteups.com/htb-machine-stocker-b9ef41da3417?source=rss----7b722bfd1b8d---4) 2023-10-01T17:54:59Z **Teknik Bypass Filter XSS** ⌘ [Read more](https://infosecwriteups.com/teknik-bypass-filter-xss-b930dc52c1fe?source=rss----7b722bfd1b8d---4) 2023-10-01T17:52:29Z **How I passed my Certified Ethical Hacker (C|EH) Practical V12 exam! FIRST ATTEMPT !!** ⌘ [Read more](https://infosecwriteups.com/how-i-passed-my-certified-ethical-hacker-c-eh-practical-v12-exam-first-attempt-e08922b4fd79?source=rss----7b722bfd1b8d---4) 2023-10-01T17:51:45Z **Creating custom AXIOM modules** ⌘ [Read more](https://infosecwriteups.com/the-power-of-axiom-part-4-b52c122b321e?source=rss----7b722bfd1b8d---4) 2023-10-01T17:51:30Z **Mastering the Mechanics of Command Injection: Unraveling the Web’s Silent Threat** ⌘ [Read more](https://infosecwriteups.com/mastering-the-mechanics-of-command-injection-unraveling-the-webs-silent-threat-890055b5954a?source=rss----7b722bfd1b8d---4) 2023-10-01T18:08:22Z **The Art of Monitoring Bug Bounty Programs** ⌘ [Read more](https://infosecwriteups.com/the-art-of-monitoring-bug-bounty-programs-4a229085ae74?source=rss----7b722bfd1b8d---4) 2023-10-01T18:08:00Z **How I Kickstarted My Cybersecurity Journey: A Tale of Growth with ISC² CC’s Initiative** ⌘ [Read more](https://infosecwriteups.com/how-i-kickstarted-my-cybersecurity-journey-a-tale-of-growth-with-isc%C2%B2-ccs-initiative-ba6caee91d63?source=rss----7b722bfd1b8d---4) 2023-10-01T18:07:58Z **How To Hack 2FA/MFA — An Important Cybersecurity Topic** ⌘ [Read more](https://infosecwriteups.com/how-to-hack-2fa-mfa-an-important-cybersecurity-topic-89b5bd30eb7?source=rss----7b722bfd1b8d---4) 2023-10-01T18:07:57Z **Timeline Creation for Forensics Analysis** ⌘ [Read more](https://infosecwriteups.com/timeline-creation-for-forensics-analysis-2fed1c7508ef?source=rss----7b722bfd1b8d---4) 2023-10-01T18:03:53Z **DevSecOps — Docker Security (with Syft and Grype)** ⌘ [Read more](https://infosecwriteups.com/devsecops-docker-security-with-syft-and-grype-4b6140fd551d?source=rss----7b722bfd1b8d---4) 2023-10-01T18:03:06Z **Running Discord Bots 24/7 for Free with Replit and Uptime Robot ** ⌘ [Read more](https://infosecwriteups.com/running-discord-bots-24-7-for-free-with-replit-and-uptime-robot-43caebb0cb60?source=rss----7b722bfd1b8d---4) 2023-10-01T18:01:17Z **Hacking htmx applications** ⌘ [Read more](https://infosecwriteups.com/hacking-htmx-applications-f8d29665faf?source=rss----7b722bfd1b8d---4) 2023-10-01T18:01:02Z **Detonating Malware in a Virtual Environment** ⌘ [Read more](https://infosecwriteups.com/detonating-malware-in-a-virtual-environment-b78b0684eaa8?source=rss----7b722bfd1b8d---4) 2023-10-01T17:59:40Z **A Beginner’s Guide to Steganography** ⌘ [Read more](https://infosecwriteups.com/a-beginners-guide-to-stenography-8c8f5951d31b?source=rss----7b722bfd1b8d---4) 2023-10-01T17:59:36Z **How to Open a USB Device in a Sandbox Environment** ⌘ [Read more](https://infosecwriteups.com/how-to-open-a-usb-device-in-a-sandbox-environment-10261e5ab177?source=rss----7b722bfd1b8d---4) 2023-10-01T18:21:13Z **Frontend Fumbles: The 250$ Curious Case of API Key Permissions.** ⌘ [Read more](https://infosecwriteups.com/frontend-fumbles-the-250-curious-case-of-api-key-permissions-f2736d1d541c?source=rss----7b722bfd1b8d---4) 2023-10-01T18:20:59Z **Hack Your Way to Cybersecurity Mastery with TryHackMe — No Experience Required!**
[![](https://cdn-images-1.medium.com/max/824/1*1xQIcXZHHUFPXCi2sCkjfA.png)](https://infosecwriteups.com/hack-your-way-to-cybersecurity-mastery-with-tryhackme-no-experience-required-592b36fe5197?source=rss----7b722bfd1b8d---4)

Are you tired of just reading about cybersecurity and want actually to get your hands dirty? Then you need to check o ... ⌘ [Read more](https://infosecwriteups.com/hack-your-way-to-cybersecurity-mastery-with-tryhackme-no-experience-required-592b36fe5197?source=rss----7b722bfd1b8d---4) 2023-10-01T18:19:19Z **From Cybersecurity Newbie to Pro: A 5-Step Guide (No Hackers Were Harmed in the Making of this…**
[![](https://cdn-images-1.medium.com/max/600/1*nymMbFfB_i5wDeZ_DXMevg.png)](https://infosecwriteups.com/from-cybersecurity-newbie-to-pro-a-5-step-guide-no-hackers-were-harmed-in-the-making-of-this-17ea5aa9fa32?source=rss----7b722bfd1b8d---4)

Introduction: Starting a career in cybersecurity may seem daunting, b ... ⌘ [Read more](https://infosecwriteups.com/from-cybersecurity-newbie-to-pro-a-5-step-guide-no-hackers-were-harmed-in-the-making-of-this-17ea5aa9fa32?source=rss----7b722bfd1b8d---4) 2023-10-01T18:16:11Z **How to Discover API Subdomains? | API Hacking |** ⌘ [Read more](https://infosecwriteups.com/how-to-discover-api-subdomains-api-hacking-41ef91d00846?source=rss----7b722bfd1b8d---4) 2023-10-01T18:14:07Z **Bounty of an Insecure WebView (Part 1): XSS, but with Steroids** ⌘ [Read more](https://infosecwriteups.com/bounty-of-an-insecure-webview-part-1-xss-but-with-steroids-1a41cf654048?source=rss----7b722bfd1b8d---4) 2023-10-01T18:10:38Z **A Tale of Weird XSS into $100** ⌘ [Read more](https://infosecwriteups.com/a-tale-of-weird-xss-into-100-4cd451fe79d4?source=rss----7b722bfd1b8d---4) 2023-10-02T19:31:22Z **How to Hack WiFi Passwords using Hashcat** ⌘ [Read more](https://infosecwriteups.com/how-to-hack-wifi-passwords-using-hashcat-561b18e486e8?source=rss----7b722bfd1b8d---4) 2023-10-02T16:18:00Z **‍IW Weekly #79: RCE in Google Chrome, CVE-2023–40044, OIDC misconfiguration to ATO, accessing…** ⌘ [Read more](https://infosecwriteups.com/iw-weekly-79-rce-in-google-chrome-cve-2023-40044-oidc-misconfiguration-to-ato-accessing-56069aa4de99?source=rss----7b722bfd1b8d---4) 2023-10-01T18:31:02Z **Screen Leakage** ⌘ [Read more](https://infosecwriteups.com/screen-leakage-a7ddc08caed7?source=rss----7b722bfd1b8d---4) 2023-10-01T18:30:52Z **Leaked Database and SMTP credentials through .env file** ⌘ [Read more](https://infosecwriteups.com/leaked-database-and-smtp-credentials-through-env-file-d003df418313?source=rss----7b722bfd1b8d---4) 2023-10-01T18:30:40Z **RCE on Application’s Tracking Admin Panel** ⌘ [Read more](https://infosecwriteups.com/rce-on-applications-tracking-admin-panel-fdc7e8320366?source=rss----7b722bfd1b8d---4) 2023-10-01T18:30:26Z **Write-up: Oracle SQL injection (PortSwigger Academy).** ⌘ [Read more](https://infosecwriteups.com/100-black-box-sql-injection-on-oracle-portswigger-academy-f020ea3ad145?source=rss----7b722bfd1b8d---4) 2023-10-01T18:29:59Z **Writeups for Damn Vulnerable Web Application (DVWA)** ⌘ [Read more](https://infosecwriteups.com/writeups-for-damn-vulnerable-web-application-dvwa-ba42a43afca1?source=rss----7b722bfd1b8d---4) 2023-10-01T18:29:53Z **THM — Overpass
What happens when some broke CompSci students make a password manager?**
[![](https://cdn-images-1.medium.com/max/2600/0*fpcL5IjvQTm-gW32)](https://infosecwriteups.com/thm-overpass-what-happens-when-some-broke-compsci-students-make-a-password-manager-fe0b811e0a6a?source=rss----7b722bfd1b8d---4)

You can find this room at https://tryhackme.com/room/overpass

[Continue reading on InfoSec Write-ups »](htt ... ⌘ [Read more](https://infosecwriteups.com/thm-overpass-what-happens-when-some-broke-compsci-students-make-a-password-manager-fe0b811e0a6a?source=rss----7b722bfd1b8d---4) 2023-10-01T18:29:31Z **Exploring Cloud Security: Safeguarding Your Digital Assets in Cloud** ⌘ [Read more](https://infosecwriteups.com/exploring-cloud-security-safeguarding-your-digital-assets-in-cloud-86d0610c5a59?source=rss----7b722bfd1b8d---4) 2023-10-01T18:27:15Z **Ways I followed to Bypass ‘403’ — Your checklist**
[![](https://cdn-images-1.medium.com/max/920/0*wy2CoZ7d0Zk9lxI5.png)](https://infosecwriteups.com/ways-i-followed-to-bypass-403-your-checklist-fa3fc1256d2a?source=rss----7b722bfd1b8d---4)

Hello people! Hope you all are doing well.

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/ways-i-followed-to-bypass-403-your-checklist-fa3fc1256d2a?source=rss----7b722bfd1b8d---4) ⌘ [Read more](https://infosecwriteups.com/ways-i-followed-to-bypass-403-your-checklist-fa3fc1256d2a?source=rss----7b722bfd1b8d---4) 2023-10-15T16:34:10Z **SSTI -Bypassing Single Quotes Filter** ⌘ [Read more](https://infosecwriteups.com/ssti-bypassing-single-quotes-filter-dc0ee4e4f011?source=rss----7b722bfd1b8d---4) 2023-10-15T16:23:01Z **Empowering Cybersecurity with Active Directory PowerShell Commands**
[![](https://cdn-images-1.medium.com/max/1023/1*Og3uzdj1occWJR4EaCj94w.png)](https://infosecwriteups.com/empowering-cybersecurity-with-active-directory-powershell-commands-d61e881933e1?source=rss----7b722bfd1b8d---4)

Investigate User Activity with Powershell

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/empowering-cybersecurity-with-active ... ⌘ [Read more](https://infosecwriteups.com/empowering-cybersecurity-with-active-directory-powershell-commands-d61e881933e1?source=rss----7b722bfd1b8d---4) 2023-10-15T16:22:30Z **My Cybersecurity Blueprint: A Detailed Timeline with Resources (Live)** ⌘ [Read more](https://infosecwriteups.com/cybersecurity-blueprint-guide-559c0824cae3?source=rss----7b722bfd1b8d---4) 2023-10-15T16:22:09Z **Behind the Screens: Exploring a Fresh Phishing Campaign in Indonesia Stealing Facebook Credentials** ⌘ [Read more](https://infosecwriteups.com/behind-the-screens-exploring-a-fresh-phishing-campaign-in-indonesia-stealing-facebook-credentials-9240016c5989?source=rss----7b722bfd1b8d---4) 2023-10-15T16:22:04Z **Threat Intelligence with MISP: Part 3 — Creating Events**
[![](https://cdn-images-1.medium.com/max/1600/0*z2X-j_-wQTcaTy3I)](https://infosecwriteups.com/threat-intelligence-with-misp-part-3-creating-events-fccc25ac2017?source=rss----7b722bfd1b8d---4)

Learn to start using MISP by creating events, adding context with galaxies and taxonomies, and adding filling them with attributes.

[Continue reading on InfoSec Write-ups »](https://infosecwriteups ... ⌘ [Read more](https://infosecwriteups.com/threat-intelligence-with-misp-part-3-creating-events-fccc25ac2017?source=rss----7b722bfd1b8d---4) 2023-10-15T16:21:14Z **CVE-2023–39308: User Feedback <= 1.0.7 — Unauthenticated Stored XSS** ⌘ [Read more](https://infosecwriteups.com/cve-2023-39308-wordpress-plugin-user-feedback-1-0-7-unauthenticated-stored-xss-db992a01686a?source=rss----7b722bfd1b8d---4) 2023-10-15T16:38:27Z **NahamCon CTF23** ⌘ [Read more](https://infosecwriteups.com/nahamcon-ctf23-71d85011643a?source=rss----7b722bfd1b8d---4) 2023-10-23T15:14:10Z **HUNTING BUGS ON OTT OR MEDIA STREAMING PLATFORMS CHECK THIS OUT? [HACKING HLS STREAMS]** ⌘ [Read more](https://infosecwriteups.com/hunting-bugs-on-ott-or-media-streaming-platforms-check-this-out-hacking-hls-streams-cd183d5892b6?source=rss----7b722bfd1b8d---4) 2023-10-23T15:12:18Z **Secure Code Review #1: Basics (Getting Started)** ⌘ [Read more](https://infosecwriteups.com/secure-code-review-1-basics-getting-started-04e1e83e0050?source=rss----7b722bfd1b8d---4) 2023-10-26T10:53:25Z **Implementing IoT Solutions for Real-World Challenges** ⌘ [Read more](https://infosecwriteups.com/implementing-iot-solutions-for-real-world-challenges-87a9b1463961?source=rss----7b722bfd1b8d---4) 2023-10-29T18:35:56Z **HOW I FOUND AN RCE VULNERABILITY IN A HOSTING PLATFORM!** ⌘ [Read more](https://infosecwriteups.com/how-i-found-an-rce-vulnerability-in-a-hosting-platform-9d5604a1d9b9?source=rss----7b722bfd1b8d---4) 2023-10-29T18:35:48Z **What Enterprise Cybersecurity Teams Expect from Case Management Solutions** ⌘ [Read more](https://infosecwriteups.com/what-enterprise-cybersecurity-teams-expect-from-case-management-solutions-6e166ddc0c61?source=rss----7b722bfd1b8d---4) 2023-10-29T18:35:33Z **Unexpected Zero in MySQL Injection** ⌘ [Read more](https://infosecwriteups.com/unexpected-zero-in-mysql-injection-511f632714b0?source=rss----7b722bfd1b8d---4) 2023-10-29T18:51:09Z **BBP#1 (BugBountyProgram Story) Zolo** ⌘ [Read more](https://infosecwriteups.com/bbp-1-bugbountyprogram-story-zolo-913eb508a007?source=rss----7b722bfd1b8d---4) 2023-10-29T18:51:07Z **iOS Penetration Testing: Device Configuration (Experimenting with iPhone X and MacOS)** ⌘ [Read more](https://infosecwriteups.com/ios-penetration-testing-device-configuration-experimenting-with-iphone-x-and-macos-c26148e2633f?source=rss----7b722bfd1b8d---4) 2023-10-29T18:51:05Z **GDB BRUTEFORCER** ⌘ [Read more](https://infosecwriteups.com/gdb-bruteforcer-cdc4b9f5b277?source=rss----7b722bfd1b8d---4) 2023-10-29T18:51:03Z **On Path Attacks: File Transfer Capture with Ettercap and Wireshark**
[![](https://cdn-images-1.medium.com/max/1029/1*CJS4x3007aSdRfntnjdW9g.png)](https://infosecwriteups.com/on-path-attacks-file-transfer-capture-with-ettercap-and-wireshark-60007cc03216?source=rss----7b722bfd1b8d---4)

We can intercept SMB file transfers by assuming an on-path position between targets.

[Continue reading on InfoSec Write-ups »](https://infosecwriteups ... ⌘ [Read more](https://infosecwriteups.com/on-path-attacks-file-transfer-capture-with-ettercap-and-wireshark-60007cc03216?source=rss----7b722bfd1b8d---4) 2023-10-29T18:50:46Z **Privileges Escalation Techniques (Basic to Advanced) for Windows** ⌘ [Read more](https://infosecwriteups.com/privileges-escalation-techniques-basic-to-advanced-for-windows-a83722c80530?source=rss----7b722bfd1b8d---4) 2023-10-29T18:49:05Z **Broken Object Level Authorization Vs. Broken Functionality Level Authorization | API Hacking |** ⌘ [Read more](https://infosecwriteups.com/broken-object-level-authorization-vs-broken-functionality-level-authorization-api-hacking-aa360dcb0986?source=rss----7b722bfd1b8d---4) 2023-10-29T18:48:55Z **Overpass 3 Write-up** ⌘ [Read more](https://infosecwriteups.com/overpass-3-write-up-60564c10a635?source=rss----7b722bfd1b8d---4) 2023-10-29T18:48:51Z **Code Deobfuscation in the age of AI** ⌘ [Read more](https://infosecwriteups.com/the-cybersecurity-revolution-at-the-age-of-ai-openai-and-code-deobfuscation-3f9dd278b900?source=rss----7b722bfd1b8d---4) 2023-10-29T18:48:44Z **How to Crack Windows Passwords with John the Ripper** ⌘ [Read more](https://infosecwriteups.com/how-to-crack-windows-passwords-with-john-the-ripper-685dc1f6f09b?source=rss----7b722bfd1b8d---4) 2023-10-29T18:47:36Z **Threat Intelligence with MISP: Part 5 — Searching and Filtering**
[![](https://cdn-images-1.medium.com/max/1600/0*UvBTO0zNf3rITjbU)](https://infosecwriteups.com/threat-intelligence-with-misp-part-5-searching-and-filtering-4275c77272be?source=rss----7b722bfd1b8d---4)

Learn to efficiently search and filter your events and attributes in your MISP instance to find threat intelligence important to you.

[Continue reading on InfoSec Write-ups ... ⌘ [Read more](https://infosecwriteups.com/threat-intelligence-with-misp-part-5-searching-and-filtering-4275c77272be?source=rss----7b722bfd1b8d---4) 2023-10-29T19:03:54Z **How I Hacked 1000 + Tesla Cars using OSINT** ⌘ [Read more](https://infosecwriteups.com/how-i-hacked-1000-tesla-cars-using-osint-4cd837b8c530?source=rss----7b722bfd1b8d---4) 2023-10-29T19:01:35Z **How I got Access to Auth0 Management API !!** ⌘ [Read more](https://infosecwriteups.com/how-i-got-access-to-auth0-management-api-44d32fa6c477?source=rss----7b722bfd1b8d---4) 2023-10-29T19:01:13Z **Bug Bounty Hunting — Essential Tools and Techniques**
[![](https://cdn-images-1.medium.com/max/1024/1*yuCuK5HtofN8-vcbYWCA0Q.png)](https://infosecwriteups.com/bug-bounty-hunting-essential-tools-and-techniques-e01e8c68352e?source=rss----7b722bfd1b8d---4)

Welcome to the Bug Bounty series where we explore the exciting world of ethical hacking. In this blog post, we will dive into the…

[Continue reading on InfoSec Write-ups »](https://infosecwriteups. ... ⌘ [Read more](https://infosecwriteups.com/bug-bounty-hunting-essential-tools-and-techniques-e01e8c68352e?source=rss----7b722bfd1b8d---4) 2023-10-29T19:01:12Z **Top 5 OSINT Tools for Finding Anyone on the Internet**
[![](https://cdn-images-1.medium.com/max/1024/1*_-rXPsrpUhjbTWS_aLH8ew.png)](https://infosecwriteups.com/top-5-osint-tools-for-finding-anyone-on-the-internet-5d93dab8146f?source=rss----7b722bfd1b8d---4)

Introduction:

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/top-5-osint-tools-for-finding-anyone-on-the-internet-5d93dab8146f?source=rss----7b722bfd1b8d---4) ⌘ [Read more](https://infosecwriteups.com/top-5-osint-tools-for-finding-anyone-on-the-internet-5d93dab8146f?source=rss----7b722bfd1b8d---4) 2023-10-29T19:01:12Z **Exploring the Dark Web: A Guide to Accessing the Hidden Online World**
[![](https://cdn-images-1.medium.com/max/1024/1*gL1fluQ5PkCx8eopuUxLXA.png)](https://infosecwriteups.com/exploring-the-dark-web-a-guide-to-accessing-the-hidden-online-world-484bbc192ad8?source=rss----7b722bfd1b8d---4)

Introduction:

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/exploring-the-dark-web-a-guide-to-accessing-the-hidden-onlin ... ⌘ [Read more](https://infosecwriteups.com/exploring-the-dark-web-a-guide-to-accessing-the-hidden-online-world-484bbc192ad8?source=rss----7b722bfd1b8d---4) 2023-10-29T19:00:34Z **$1120: ATO Bug in Twitter’s** ⌘ [Read more](https://infosecwriteups.com/1120-ato-bug-in-twitters-e6d30aa4e0e8?source=rss----7b722bfd1b8d---4) 2023-10-29T18:59:04Z **Exploring Antivirus and EDR evasion techniques step-by-step. Part 1**
[![](https://cdn-images-1.medium.com/max/600/0*M8eJNWi69GB4yOBn.png)](https://infosecwriteups.com/exploring-antivirus-and-edr-evasion-techniques-step-by-step-part-1-6459563b12ea?source=rss----7b722bfd1b8d---4)

My learnings on how the different steps in EDR and Antivirus techniques are used in the field.

[Continue reading on InfoSec Write-ups »](https://infosecwr ... ⌘ [Read more](https://infosecwriteups.com/exploring-antivirus-and-edr-evasion-techniques-step-by-step-part-1-6459563b12ea?source=rss----7b722bfd1b8d---4) 2023-10-29T18:58:41Z **How I Could Get Anyone Arrested Knowing Their IP Address** ⌘ [Read more](https://infosecwriteups.com/how-i-could-get-anyone-arrested-knowing-their-ip-address-c2d7474b5d8c?source=rss----7b722bfd1b8d---4) 2023-10-29T18:58:39Z **SQL Injection by Default in Grafana (HTB — Jupiter)** ⌘ [Read more](https://infosecwriteups.com/sql-injection-by-default-in-grafana-htb-jupiter-6b7b8825fdaa?source=rss----7b722bfd1b8d---4) 2023-10-29T18:58:38Z **Kubernetes: An Introduction to its components**
[![](https://cdn-images-1.medium.com/max/850/1*ryEOFcraP5CwXPerhqQNXQ.png)](https://infosecwriteups.com/kubernetes-an-introduction-aaa7c6304e97?source=rss----7b722bfd1b8d---4)

Introduction

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/kubernetes-an-introduction-aaa7c6304e97?source=rss----7b722bfd1b8d---4) ⌘ [Read more](https://infosecwriteups.com/kubernetes-an-introduction-aaa7c6304e97?source=rss----7b722bfd1b8d---4) 2023-10-29T20:46:52Z **Top 5 Red Flags of Bug Bounty Program** ⌘ [Read more](https://infosecwriteups.com/top-5-red-flags-of-bug-bounty-program-09df79730123?source=rss----7b722bfd1b8d---4) 2023-10-29T23:46:52Z **A Quick Price Manipulation** ⌘ [Read more](https://infosecwriteups.com/a-quick-price-manipulation-14c9244d7dca?source=rss----7b722bfd1b8d---4) 2023-10-30T09:13:04Z **IWCON 3.0 Happening In Less Than 2 Months** ⌘ [Read more](https://infosecwriteups.com/iwcon-3-0-happening-in-less-than-2-months-ee5d3c61ee7a?source=rss----7b722bfd1b8d---4) 2023-11-06T11:39:14Z **Announcing IWCON 2023 Speakers First Batch** ⌘ [Read more](https://infosecwriteups.com/announcing-iwcon-2023-speakers-first-batch-5f602aa67ca2?source=rss----7b722bfd1b8d---4) 2023-11-07T13:39:43Z **Rising Importance of Geolocation Security in a Hyper-Connected World** ⌘ [Read more](https://infosecwriteups.com/rising-importance-of-geolocation-security-in-a-hyper-connected-world-f642c7bd6190?source=rss----7b722bfd1b8d---4) 2023-11-07T14:06:32Z **[Video] IWCON 2023 is only 39 days away, and we can’t keep calm** ⌘ [Read more](https://infosecwriteups.com/video-iwcon-2023-is-only-39-days-away-and-we-cant-keep-calm-95eebd6d5b3c?source=rss----7b722bfd1b8d---4) 2023-11-09T09:56:21Z **[Video] How Does A Virtual Cybersecurity Conference Look Like?** ⌘ [Read more](https://infosecwriteups.com/video-how-does-a-virtual-cybersecurity-conference-look-like-1ee52256eced?source=rss----7b722bfd1b8d---4) 2023-11-10T11:16:47Z **IWCON2023 Happening on 16–17 December 2023** ⌘ [Read more](https://infosecwriteups.com/iwcon2023-happening-on-16-17-december-2023-937b7d40b64e?source=rss----7b722bfd1b8d---4) 2023-11-11T07:31:02Z **CRITICAL BUG Alert: How I HACKED into a company’s DATABASE** ⌘ [Read more](https://infosecwriteups.com/critical-bug-alert-how-i-hacked-into-a-companys-database-287fa27c8339?source=rss----7b722bfd1b8d---4) 2023-11-11T07:30:37Z **Just-In-Time Access in Google Cloud: Enhancing Security with Real-time Alerts** ⌘ [Read more](https://infosecwriteups.com/just-in-time-access-in-google-cloud-enhancing-security-with-real-time-alerts-935de53cb8d3?source=rss----7b722bfd1b8d---4) 2023-11-11T07:30:29Z **Is Your Computer Safe? How Drones Can Hack Your System in Seconds**
[![](https://cdn-images-1.medium.com/max/1024/1*QEeA_-LM08Yjbfi5naNosg.jpeg)](https://infosecwriteups.com/is-your-computer-safe-how-drones-can-hack-your-system-in-seconds-c32919fbb5e8?source=rss----7b722bfd1b8d---4)

Introduction:

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/is-your-computer-safe-how-drones-can-hack-your-system-in-seconds-c32 ... ⌘ [Read more](https://infosecwriteups.com/is-your-computer-safe-how-drones-can-hack-your-system-in-seconds-c32919fbb5e8?source=rss----7b722bfd1b8d---4) 2023-11-11T07:30:14Z **Jupiter | HTB | Grafana | raw SQL Query | Shadow Simulator RCE | Sattrack** ⌘ [Read more](https://infosecwriteups.com/jupiter-htb-grafana-raw-sql-query-shadow-simulator-rce-1ee210ed05f0?source=rss----7b722bfd1b8d---4) 2023-11-11T07:30:06Z **Creating a Highly Available AD Pair with On-Prem AD Servers and Load Balancer**
[![](https://cdn-images-1.medium.com/max/1024/1*2ZovuIsAk3dLeAUPRvu-cg.jpeg)](https://infosecwriteups.com/creating-a-highly-available-ad-pair-with-on-prem-ad-servers-and-load-balancer-a619cba81c38?source=rss----7b722bfd1b8d---4)

Active Directory (AD) serves as the backbone of many organizations’ identity and access management systems. Ensurin ... ⌘ [Read more](https://infosecwriteups.com/creating-a-highly-available-ad-pair-with-on-prem-ad-servers-and-load-balancer-a619cba81c38?source=rss----7b722bfd1b8d---4) 2023-11-11T07:50:58Z **Bypassing 2FA for Password Reset : By Request Manipulation 500$ Bug** ⌘ [Read more](https://infosecwriteups.com/bypassing-2fa-for-password-reset-by-request-manipulation-500-bug-3c6ed909322f?source=rss----7b722bfd1b8d---4) 2023-11-11T07:49:33Z **CVSS 4.0: Unveiling the Cybersecurity Scoring System**
[![](https://cdn-images-1.medium.com/max/1881/1*bLXAMct23-AFKEjl6wiL9A.png)](https://infosecwriteups.com/cvss-4-0-unveiling-the-cybersecurity-scoring-system-1fea1cdeff1c?source=rss----7b722bfd1b8d---4)

In the world of cybersecurity, understanding the severity of vulnerabilities is crucial. This is where CVSS (Common Vulnerability Scoring…

[Continue reading on InfoSec Write-ups »](https://inf ... ⌘ [Read more](https://infosecwriteups.com/cvss-4-0-unveiling-the-cybersecurity-scoring-system-1fea1cdeff1c?source=rss----7b722bfd1b8d---4) 2023-11-11T07:49:20Z **Top 5 Free Online Labs to Hone Your Bug Bounty Skills**
[![](https://cdn-images-1.medium.com/max/1024/1*trIl--jq6xkiMNKnHzFDAg.png)](https://infosecwriteups.com/top-5-free-online-labs-to-hone-your-bug-bounty-skills-1b50098c85b6?source=rss----7b722bfd1b8d---4)

Diving into the realm of bug bounty hunting requires not just theoretical knowledge but practical experience too. While reading about…

[Continue reading on InfoSec Write-ups »](https://in ... ⌘ [Read more](https://infosecwriteups.com/top-5-free-online-labs-to-hone-your-bug-bounty-skills-1b50098c85b6?source=rss----7b722bfd1b8d---4) 2023-11-11T07:49:18Z **How to Stay Invisible Online: The Hard Truth and Practical Tips**
[![](https://cdn-images-1.medium.com/max/1024/1*dj0lSVlGHRkheMi61T-DVQ.png)](https://infosecwriteups.com/how-to-stay-invisible-online-the-hard-truth-and-practical-tips-0cf8062b2165?source=rss----7b722bfd1b8d---4)

Remaining anonymous on the internet is a challenge, especially with the pervasive surveillance by intelligence agencies like the NSA. In…

[Continue reading on ... ⌘ [Read more](https://infosecwriteups.com/how-to-stay-invisible-online-the-hard-truth-and-practical-tips-0cf8062b2165?source=rss----7b722bfd1b8d---4) 2023-11-11T07:49:17Z **Threat Intelligence with MISP Part 6 — Using the API**
[![](https://cdn-images-1.medium.com/max/1600/0*UuDRagsUOXsoaBV4)](https://infosecwriteups.com/threat-intelligence-with-misp-part-6-using-the-api-3cdd17f6f477?source=rss----7b722bfd1b8d---4)

Learn how to use the MISP API to get statistics, search for attributes and events, and visualize your data through the power of code!

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/ ... ⌘ [Read more](https://infosecwriteups.com/threat-intelligence-with-misp-part-6-using-the-api-3cdd17f6f477?source=rss----7b722bfd1b8d---4) 2023-11-11T07:48:56Z **Race Conditions with pipelining** ⌘ [Read more](https://infosecwriteups.com/race-conditions-with-pipelining-9034358a2781?source=rss----7b722bfd1b8d---4) 2023-11-11T07:48:52Z **The Art of Google Dorking for Recon**
[![](https://cdn-images-1.medium.com/max/1642/1*EoTbOhUrJxyyRLA9ofgEUA.png)](https://infosecwriteups.com/the-art-of-google-dorking-for-recon-90af5b8f8214?source=rss----7b722bfd1b8d---4)

Hey there, fellow bug hunters and curious minds!

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/the-art-of-google-dorking-for-recon-90af5b8f8214?source=rss----7b722bfd1b8d---4) ⌘ [Read more](https://infosecwriteups.com/the-art-of-google-dorking-for-recon-90af5b8f8214?source=rss----7b722bfd1b8d---4) 2023-11-11T07:46:50Z **Breaking Barriers: Unmasking the Easy Password Validation Bypass in Security Key Registration |…** ⌘ [Read more](https://infosecwriteups.com/breaking-barriers-unmasking-the-easy-password-validation-bypass-in-security-key-registration-4cb0d8103a93?source=rss----7b722bfd1b8d---4) 2023-11-11T07:44:17Z **$1800 Bounty: Exploiting Unpredictable Data that Leads to All Users PII Exposure in an IDOR…** ⌘ [Read more](https://infosecwriteups.com/1800-bounty-exploiting-unpredictable-data-that-leads-to-all-users-pii-exposure-in-an-idor-5c2da7855a5a?source=rss----7b722bfd1b8d---4) 2023-11-11T08:06:24Z **Unlocking Cash: Easy P1 Bug in Grafana Dashboard with Default Credentials = €€€€** ⌘ [Read more](https://infosecwriteups.com/unlocking-cash-easy-p1-bug-in-grafana-dashboard-with-default-credentials-fa36ddf271da?source=rss----7b722bfd1b8d---4) 2023-11-11T08:06:08Z **Secure Your Future: Explore 5 Free Cybersecurity Courses Online**
[![](https://cdn-images-1.medium.com/max/1024/1*kp8QdtyETz03itPXnXiGjg.png)](https://infosecwriteups.com/secure-your-future-explore-5-free-cybersecurity-courses-online-085a335ecc19?source=rss----7b722bfd1b8d---4)

1\. Certified in Cybersecurity (CC) Online Self-Paced Training by ISC2

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/secure-your-future ... ⌘ [Read more](https://infosecwriteups.com/secure-your-future-explore-5-free-cybersecurity-courses-online-085a335ecc19?source=rss----7b722bfd1b8d---4) 2023-11-11T08:03:53Z **Akamai Bypass! Advanced XSS.** ⌘ [Read more](https://infosecwriteups.com/akamai-bypass-advanced-xss-68634f082859?source=rss----7b722bfd1b8d---4) 2023-11-11T08:03:36Z **Announcing IWCON 2023 Keynote Speaker** ⌘ [Read more](https://infosecwriteups.com/announcing-iwcon-2023-keynote-speaker-6b6be2a2f6f3?source=rss----7b722bfd1b8d---4) 2023-11-11T08:03:10Z **Part 02 What To Do After Choosing a Target? | Bug Bounty** ⌘ [Read more](https://infosecwriteups.com/part-02-what-to-do-after-choosing-a-target-bug-bounty-eb8d73ee73ee?source=rss----7b722bfd1b8d---4) 2023-11-11T08:03:06Z **Broken Access Control and Privilege Escalation: What You Need to Know**
[![](https://cdn-images-1.medium.com/max/2600/0*VfTlo8XwwBBcdZIx)](https://infosecwriteups.com/broken-access-control-and-privilege-escalation-what-you-need-to-know-fd19f32044b9?source=rss----7b722bfd1b8d---4)

In today’s world, data breaches and cyber-attacks are becoming increasingly common. As businesses and individuals continue to rely more on…

[Continue r ... ⌘ [Read more](https://infosecwriteups.com/broken-access-control-and-privilege-escalation-what-you-need-to-know-fd19f32044b9?source=rss----7b722bfd1b8d---4) 2023-11-11T08:01:45Z **Zero to Hero Burp Suite Extension** ⌘ [Read more](https://infosecwriteups.com/zero-to-hero-burp-suite-extension-294d78765625?source=rss----7b722bfd1b8d---4) 2023-11-11T08:01:23Z **Android penetration testing-101** ⌘ [Read more](https://infosecwriteups.com/android-penetration-testing-101-c13fb92ad317?source=rss----7b722bfd1b8d---4) 2023-11-11T08:01:19Z **Four Simple Steps to Scan WordPress for Malware** ⌘ [Read more](https://infosecwriteups.com/four-simple-steps-to-scan-wordpress-for-malware-020293326ba1?source=rss----7b722bfd1b8d---4) 2023-11-11T08:01:09Z **Decoding Advanced XSS Payload Chaining Tactics**
[![](https://cdn-images-1.medium.com/max/1099/1*VN5PRXhKTiqtmNVpU81mSQ.png)](https://infosecwriteups.com/decoding-advanced-xss-payload-chaining-tactics-c72cd17da2fe?source=rss----7b722bfd1b8d---4)

The digital landscape is an ever-evolving battlefield, with cybersecurity experts and malicious hackers continually adapting to each…

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/deco ... ⌘ [Read more](https://infosecwriteups.com/decoding-advanced-xss-payload-chaining-tactics-c72cd17da2fe?source=rss----7b722bfd1b8d---4) 2023-11-12T09:06:01Z **Automating Cost Optimization: Empowering Cloud Storage Efficiency with Autoclass**
[![](https://cdn-images-1.medium.com/max/2600/0*8Y6pPPlZCKQ3I_lP)](https://infosecwriteups.com/automating-cost-optimization-empowering-cloud-storage-efficiency-with-autoclass-136cfa8709c1?source=rss----7b722bfd1b8d---4)

Leveraging Autoclass for Automated Cloud Storage Cost Management

[Continue reading on InfoSec Write-ups »](https://inf ... ⌘ [Read more](https://infosecwriteups.com/automating-cost-optimization-empowering-cloud-storage-efficiency-with-autoclass-136cfa8709c1?source=rss----7b722bfd1b8d---4) 2023-11-13T09:06:01Z **Elevating Multi-Tenant Cloud Security: Leveraging HITRUST and IAM** ⌘ [Read more](https://infosecwriteups.com/elevating-multi-tenant-cloud-security-leveraging-hitrust-and-iam-61b12f241d74?source=rss----7b722bfd1b8d---4) 2023-11-13T14:32:01Z **Announcing IWCON 2023 Speakers Second Batch** ⌘ [Read more](https://infosecwriteups.com/announcing-iwcon-2023-speakers-second-batch-26762dc93491?source=rss----7b722bfd1b8d---4) 2023-11-14T09:06:01Z **Hosting Tor website on dark-web the safe way** ⌘ [Read more](https://infosecwriteups.com/hosting-tor-website-on-dark-web-the-safe-way-9890d1947b6a?source=rss----7b722bfd1b8d---4) 2023-11-14T13:31:57Z **Virtual Networking Rooms @ IWCON 2023 Now Open** ⌘ [Read more](https://infosecwriteups.com/virtual-networking-rooms-iwcon-2023-now-open-f6db2dafca3f?source=rss----7b722bfd1b8d---4) 2023-11-14T18:10:26Z **Opening HTML Files : A gateway to Malware** ⌘ [Read more](https://infosecwriteups.com/opening-html-files-a-gateway-to-malware-5ae4cab864f8?source=rss----7b722bfd1b8d---4) 2023-11-14T18:09:26Z **Whoami: Stay anonymous on Kali Linux** ⌘ [Read more](https://infosecwriteups.com/whoami-stay-anonymous-on-kali-linux-01c9dd1f25d1?source=rss----7b722bfd1b8d---4) 2023-11-14T18:06:28Z **Use these cheatsheets to increase your CTF speed.** ⌘ [Read more](https://infosecwriteups.com/use-these-cheatsheets-to-increase-your-ctf-speed-ca12a01d396a?source=rss----7b722bfd1b8d---4) 2023-11-14T18:05:58Z **Understanding xmlrpc.php and Disabling in WordPress** ⌘ [Read more](https://infosecwriteups.com/understanding-xmlrpc-php-and-disabling-in-wordpress-73c2cff8e3e4?source=rss----7b722bfd1b8d---4) 2023-11-14T18:05:48Z **Threat Intelligence with MISP Part 7 — Exporting IOCs**
[![](https://cdn-images-1.medium.com/max/1600/0*9_byE-j7FsO0_uH6)](https://infosecwriteups.com/threat-intelligence-with-misp-part-7-exporting-iocs-71cc07b4aeff?source=rss----7b722bfd1b8d---4)

Discover how to use the MISP API to export attributes as IOCs that you can upload to security tools for detection/blocking automatically.

[Continue reading on InfoSec Write-ups »](https://infosecwriteu ... ⌘ [Read more](https://infosecwriteups.com/threat-intelligence-with-misp-part-7-exporting-iocs-71cc07b4aeff?source=rss----7b722bfd1b8d---4) 2023-11-14T18:04:41Z **Janus Vulnerability (CVE-2017–13156)** ⌘ [Read more](https://infosecwriteups.com/janus-vulnerability-cve-2017-13156-9fa0397cb931?source=rss----7b722bfd1b8d---4) 2023-11-14T18:04:35Z **Mastering the Art of Digital Stealth: Essential Tips for Online Anonymity**
[![](https://cdn-images-1.medium.com/max/1024/1*Vo0AiuMp41SGf36uPFMp5Q.png)](https://infosecwriteups.com/mastering-the-art-of-digital-stealth-essential-tips-for-online-anonymity-2684762922f2?source=rss----7b722bfd1b8d---4)

In our hyper-connected era, the internet is a double-edged sword that boasts infinite access to information while posing significa ... ⌘ [Read more](https://infosecwriteups.com/mastering-the-art-of-digital-stealth-essential-tips-for-online-anonymity-2684762922f2?source=rss----7b722bfd1b8d---4) 2023-11-14T18:04:25Z **Creating a Botnet Over SSH Protocol: A Proof of Concept (PoC)**
[![](https://cdn-images-1.medium.com/max/768/1*SYeoBTHxlL4hAyiFOxjakA.jpeg)](https://infosecwriteups.com/creating-a-botnet-over-ssh-protocol-a-proof-of-concept-poc-8db6740fe07c?source=rss----7b722bfd1b8d---4)

Exploring SSH-Based Botnets: A Responsible Proof of Concept for Educational Purposes

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/creating-a-bot ... ⌘ [Read more](https://infosecwriteups.com/creating-a-botnet-over-ssh-protocol-a-proof-of-concept-poc-8db6740fe07c?source=rss----7b722bfd1b8d---4) 2023-11-14T18:04:15Z **Android Debug Bridge (ADB) Cheat Sheet** ⌘ [Read more](https://infosecwriteups.com/android-debug-bridge-adb-cheat-sheet-fe17e61a30a5?source=rss----7b722bfd1b8d---4) 2023-11-14T18:04:02Z **Decoding Security: Leveraging Generative AI to Transform SAST Results into Actionable Insights** ⌘ [Read more](https://infosecwriteups.com/decoding-security-leveraging-generative-ai-to-transform-sast-results-into-actionable-insights-d3669efa4858?source=rss----7b722bfd1b8d---4) 2023-11-15T06:49:52Z **Frequently Asked Questions for IWCON 2023** ⌘ [Read more](https://infosecwriteups.com/frequently-asked-questions-for-iwcon-2023-303888db4a9a?source=rss----7b722bfd1b8d---4) 2023-11-15T19:12:11Z **How to Disable Directory Listing in WordPress** ⌘ [Read more](https://infosecwriteups.com/how-to-disable-directory-listing-in-wordpress-2604315225bb?source=rss----7b722bfd1b8d---4) 2023-11-16T06:12:12Z **Understanding the game of phone numbers for OSINT | Day14 of 30DaysOfOSINT** ⌘ [Read more](https://infosecwriteups.com/understanding-the-game-of-phone-numbers-for-osint-day14-of-30daysofosint-27beee00c228?source=rss----7b722bfd1b8d---4) 2023-11-16T07:07:30Z **How to Remove WordPress Version Number?** ⌘ [Read more](https://infosecwriteups.com/how-to-remove-wordpress-version-number-bcd3a3be8bc1?source=rss----7b722bfd1b8d---4) 2023-11-16T07:07:24Z **Easy Admin Access — RVDP** ⌘ [Read more](https://infosecwriteups.com/easy-admin-access-rvdp-d1eb2c97cb3e?source=rss----7b722bfd1b8d---4) 2023-11-16T07:06:48Z **Hack WiFi using Aircrack-ng and Hashcat(Crack WPA/WPA2-PSK).** ⌘ [Read more](https://infosecwriteups.com/hack-wifi-using-aircrack-ng-and-hashcat-crack-wpa-wpa2-psk-9a5d8e17c636?source=rss----7b722bfd1b8d---4) 2023-11-16T19:12:12Z **A Note From Our Founder** ⌘ [Read more](https://infosecwriteups.com/a-note-from-our-founder-e99488ccc4d4?source=rss----7b722bfd1b8d---4) 2023-11-17T08:12:14Z **Evading Detection while using nmap** ⌘ [Read more](https://infosecwriteups.com/evading-detection-while-using-nmap-69633df091f3?source=rss----7b722bfd1b8d---4) 2023-11-17T08:06:01Z **THM — Agent Sudo**
[![](https://cdn-images-1.medium.com/max/2600/0*tMD7I7vRD_CWT9QP)](https://infosecwriteups.com/thm-agent-sudo-1181cbac0c2a?source=rss----7b722bfd1b8d---4)

You found a secret server located under the deep sea. Your task is to hack inside the server and reveal the truth.

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/thm-agent-sudo-1181cbac0c2a?source=rss----7b722bfd1b8d---4) ⌘ [Read more](https://infosecwriteups.com/thm-agent-sudo-1181cbac0c2a?source=rss----7b722bfd1b8d---4) 2023-11-20T08:02:20Z **Announcing IWCON 2023 Keynote Speaker** ⌘ [Read more](https://infosecwriteups.com/announcing-iwcon-2023-keynote-speaker-fcb2ed0b73c7?source=rss----7b722bfd1b8d---4) 2023-11-21T04:08:07Z **Part1 static/code analysis of the RAT : NjRAT** ⌘ [Read more](https://infosecwriteups.com/part1-static-code-analysis-of-the-rat-njrat-2f273408df43?source=rss----7b722bfd1b8d---4) 2023-11-21T04:08:05Z **What are Props and Transforms in Splunk?**
[![](https://cdn-images-1.medium.com/max/1024/1*b7WoC_F6lgPWwS51lhqgpw.jpeg)](https://infosecwriteups.com/what-are-props-and-transforms-in-splunk-49413b6b9e08?source=rss----7b722bfd1b8d---4)

Splunk is a powerful tool for analyzing and visualizing machine-generated data. It uses various configurations to process and enrich data…

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/what-are-props-and ... ⌘ [Read more](https://infosecwriteups.com/what-are-props-and-transforms-in-splunk-49413b6b9e08?source=rss----7b722bfd1b8d---4) 2023-11-21T04:07:57Z **Python Threat Hunting Tools: Part 12 — MISP and CrowdStrike Falcon Integration**
[![](https://cdn-images-1.medium.com/max/1600/0*Q8BqE90zsm7aCJ6j)](https://infosecwriteups.com/python-threat-hunting-tools-part-12-misp-and-crowdstrike-falcon-integration-cdedbc9d885b?source=rss----7b722bfd1b8d---4)

Discover how to automatically export IOCs from your MISP instance and upload them into the EDR solution CrowdStrike Falcon.

[Con ... ⌘ [Read more](https://infosecwriteups.com/python-threat-hunting-tools-part-12-misp-and-crowdstrike-falcon-integration-cdedbc9d885b?source=rss----7b722bfd1b8d---4) 2023-11-21T04:07:44Z **Vulnerability Exploiting Privilege Escalation Discovered in WordPress [CVE-2023–32243]** ⌘ [Read more](https://infosecwriteups.com/vulnerability-exploiting-privilege-escalation-discovered-in-wordpress-cve-2023-32243-a672a3335cc0?source=rss----7b722bfd1b8d---4) 2023-11-21T04:07:34Z **Announcing IWCON 2023 Speakers Fourth Batch** ⌘ [Read more](https://infosecwriteups.com/announcing-iwcon-2023-speakers-fourth-batch-1a83d53fb96d?source=rss----7b722bfd1b8d---4) 2023-11-21T04:07:27Z **A Step-by-Step Guide to Setting Up WordPress on XAMPP Server** ⌘ [Read more](https://infosecwriteups.com/a-step-by-step-guide-to-setting-up-wordpress-on-xampp-server-37002592676a?source=rss----7b722bfd1b8d---4) 2023-11-21T04:07:17Z **Vulnerabilities in Python Serialization: Pickle** ⌘ [Read more](https://infosecwriteups.com/vulnerabilities-in-python-serialization-pickle-d2385de642f6?source=rss----7b722bfd1b8d---4) 2023-11-21T04:07:05Z **Use Fail2ban to Protect Against Brute Force Attacks** ⌘ [Read more](https://infosecwriteups.com/use-fail2ban-to-protect-against-brute-force-attacks-7dad0b0b1042?source=rss----7b722bfd1b8d---4) 2023-11-21T04:07:05Z **Exploring Antivirus and EDR evasion techniques step-by-step. Part 3**
[![](https://cdn-images-1.medium.com/max/851/1*FrHi3hhHlqvjYrhr0kMaOg.png)](https://infosecwriteups.com/exploring-antivirus-and-edr-evasion-techniques-step-by-step-part-3-cad002f19e71?source=rss----7b722bfd1b8d---4)

Reading into Direct Syscalls with Syswhispers.

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/exploring-antivirus-and-edr-eva ... ⌘ [Read more](https://infosecwriteups.com/exploring-antivirus-and-edr-evasion-techniques-step-by-step-part-3-cad002f19e71?source=rss----7b722bfd1b8d---4) 2023-11-21T04:05:30Z **Budget Change: IDOR 1000$ Bug** ⌘ [Read more](https://infosecwriteups.com/budget-change-idor-1000-bug-94505c6b38e3?source=rss----7b722bfd1b8d---4) 2023-11-22T05:01:46Z **How I found a vulnerability in a Trillion Dollar Company, Amazon!** ⌘ [Read more](https://infosecwriteups.com/how-i-found-a-vulnerability-in-a-trillion-dollar-company-amazon-c65e2be0c227?source=rss----7b722bfd1b8d---4) 2023-11-23T05:06:33Z **Phoneinfoga: A phone number OSINT framework | Day1 of 30DaysOfOSINT** ⌘ [Read more](https://infosecwriteups.com/phoneinfoga-a-phone-number-osint-framework-day1-of-30daysofosint-6d7179115d0c?source=rss----7b722bfd1b8d---4) 2023-11-24T15:56:32Z **Announcing IWCON 2023 Speakers Third Batch** ⌘ [Read more](https://infosecwriteups.com/announcing-iwcon-2023-speakers-third-batch-e939a2cd2004?source=rss----7b722bfd1b8d---4) 2023-11-26T18:34:42Z **IDOR “Insecure direct object references”, my first P1 in Bugbounty** ⌘ [Read more](https://infosecwriteups.com/idor-insecure-direct-object-references-my-first-p1-in-bugbounty-fb01f50e25df?source=rss----7b722bfd1b8d---4) 2023-11-26T18:34:31Z **Epic Bug Hunting Failures-2** ⌘ [Read more](https://infosecwriteups.com/epic-bug-hunting-failures-2-fafb2af9b844?source=rss----7b722bfd1b8d---4) 2023-11-26T18:44:47Z **Unfolding Remcos RAT- 4.9.2 Pro** ⌘ [Read more](https://infosecwriteups.com/unfolding-remcos-rat-4-9-2-pro-dfb3cb25bbd1?source=rss----7b722bfd1b8d---4) 2023-11-26T18:44:45Z **Implementation of Security headers in Microsoft IIS Server** ⌘ [Read more](https://infosecwriteups.com/implementation-of-security-headers-in-microsoft-iis-server-dd3f1f1f36a0?source=rss----7b722bfd1b8d---4) 2023-11-26T18:44:43Z **Dive into Single Packet Attack** ⌘ [Read more](https://infosecwriteups.com/dive-into-single-packet-attack-3d3849ffe1d2?source=rss----7b722bfd1b8d---4) 2023-11-26T18:44:23Z **How to Hide Secret Data Inside an Image** ⌘ [Read more](https://infosecwriteups.com/how-to-hide-secret-data-inside-an-image-adbbccc77c87?source=rss----7b722bfd1b8d---4) 2023-11-26T18:44:19Z **What is Banner Grabbing??Several Approaches for Banner Grabs.** ⌘ [Read more](https://infosecwriteups.com/what-is-banner-grabbing-several-approaches-for-banner-grabs-6fc2cce7b2a0?source=rss----7b722bfd1b8d---4) 2023-11-26T18:43:49Z **PCI DSS 4.0 is just a few months away .. Are you Ready ??**
[![](https://cdn-images-1.medium.com/max/1024/1*f8DDTMy15qXLI1ALpt89CQ.jpeg)](https://infosecwriteups.com/pci-dss-4-0-is-just-a-few-months-away-are-you-ready-b3b4962c56b7?source=rss----7b722bfd1b8d---4)

Read this to get ready for the upcoming changes in 2024 !

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/pci-dss-4-0-is-just-a-few-months-away-are-you-ready-b3b496 ... ⌘ [Read more](https://infosecwriteups.com/pci-dss-4-0-is-just-a-few-months-away-are-you-ready-b3b4962c56b7?source=rss----7b722bfd1b8d---4) 2023-11-26T18:43:48Z **Unmasking NJRAT: A Deep Dive into a Notorious Remote Access Trojan Part2** ⌘ [Read more](https://infosecwriteups.com/unmasking-njrat-a-deep-dive-into-a-notorious-remote-access-trojan-part2-7b41a3669d9a?source=rss----7b722bfd1b8d---4) 2023-11-26T18:43:47Z **Implementation of Security headers in Apache Server** ⌘ [Read more](https://infosecwriteups.com/implementation-of-security-headers-in-apache-server-517a5df0a132?source=rss----7b722bfd1b8d---4) 2023-11-26T18:41:45Z **Mass Hunting XSS vulnerabilities** ⌘ [Read more](https://infosecwriteups.com/mass-hunting-xss-vulnerabilities-5b53363dd3db?source=rss----7b722bfd1b8d---4) 2023-11-26T18:38:41Z **CompTIA Pentest+: Your Go-To Exam Guide** ⌘ [Read more](https://infosecwriteups.com/comptia-pentest-your-go-to-exam-guide-4565471d8494?source=rss----7b722bfd1b8d---4) 2023-11-27T03:01:47Z **Introducing IW’s Video Interview Series with Founders** ⌘ [Read more](https://infosecwriteups.com/introducing-iws-video-interview-series-with-founders-2005265d7753?source=rss----7b722bfd1b8d---4) 2023-11-29T01:46:52Z **Windows Login Bypass**
[![](https://cdn-images-1.medium.com/max/2600/0*EFdoeFkVz6pBPUoi)](https://infosecwriteups.com/windows-login-bypass-eab148bc9dd5?source=rss----7b722bfd1b8d---4)

How to use a USB to Unlock your Box

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/windows-login-bypass-eab148bc9dd5?source=rss----7b722bfd1b8d---4) ⌘ [Read more](https://infosecwriteups.com/windows-login-bypass-eab148bc9dd5?source=rss----7b722bfd1b8d---4) 2023-11-29T15:31:47Z **IWCON 2023 CTF Registrations Now Open** ⌘ [Read more](https://infosecwriteups.com/iwcon-2023-ctf-registrations-now-open-46c2611714f0?source=rss----7b722bfd1b8d---4) 2023-11-29T19:47:15Z **Evading Detection With Nmap Part 2** ⌘ [Read more](https://infosecwriteups.com/evading-detection-with-nmap-part-2-7b4861f1377a?source=rss----7b722bfd1b8d---4) 2023-11-30T14:46:55Z **Top Free Resources for Ethical Hacking and Bug Bounty Beginners & Experts** ⌘ [Read more](https://infosecwriteups.com/top-free-resources-for-ethical-hacking-and-bug-bounty-beginners-experts-9556ef045db4?source=rss----7b722bfd1b8d---4) 2023-12-01T09:21:49Z **Announcing IWCON 2023 Speakers Final Batch** ⌘ [Read more](https://infosecwriteups.com/announcing-iwcon-2023-speakers-final-batch-9ad477d30dcb?source=rss----7b722bfd1b8d---4)