# Twtxt is an open, distributed microblogging platform that
# uses human-readable text files, common transport protocols,
# and free software.
#
# Learn more about twtxt at  https://github.com/buckket/twtxt
#
# This is an automated Yarn.social feed running feeds v0.1.0@2b75e86
# Learn more about Yarn.social at https://yarn.social
#
# nick        = infosec-write-ups-medium
# url         = https://feeds.twtxt.net/infosec-write-ups-medium/twtxt.txt
# source      = https://infosecwriteups.com/feed
# avatar      = https://feeds.twtxt.net/infosec-write-ups-medium/avatar.png#g7lgdrxj7kzxpnt5cnipgwwla267fo37sbahua7sc7vx6z6d6bdq
# description = 
# updated_at  = 2022-09-28T17:33:31Z
#
2022-04-13T12:54:52Z	**Heap Exploitation for Homo sapiens.** ⌘ [Read more](https://infosecwriteups.com/heap-exploitation-for-homo-sapiens-f166cd6a59fe?source=rss----7b722bfd1b8d---4)
2022-04-13T12:54:25Z	**Arming the Use-After-Free()** ⌘ [Read more](https://infosecwriteups.com/arming-the-use-after-free-bc174a26c5f4?source=rss----7b722bfd1b8d---4)
2022-04-13T12:53:18Z	**ROP Chains on ARM** ⌘ [Read more](https://infosecwriteups.com/rop-chains-on-arm-3f087a95381e?source=rss----7b722bfd1b8d---4)
2022-04-13T12:52:42Z	**Integer Overflows in ARM** ⌘ [Read more](https://infosecwriteups.com/integer-overflows-in-arm-b4e650d072d4?source=rss----7b722bfd1b8d---4)
2022-04-13T12:51:32Z	**Invoking mprotect() using ROP Chains in ARM** ⌘ [Read more](https://infosecwriteups.com/invoking-mprotect-using-rop-chains-in-arm-d737bea2a9bb?source=rss----7b722bfd1b8d---4)
2022-04-13T12:47:30Z	**500$ Bug: Sensitive Data Exposure to Broken Access Control leads, How I able to take over any…** ⌘ [Read more](https://infosecwriteups.com/500-bug-sensitive-data-exposure-to-broken-access-control-leads-how-i-able-to-take-over-any-33658f16e265?source=rss----7b722bfd1b8d---4)
2022-04-13T12:47:04Z	**P1 Vulnerability: How I chained Logical-Error to Account-Takeover Vulnerability ‍that No-One…** ⌘ [Read more](https://infosecwriteups.com/p1-vulnerability-how-i-chained-logical-error-to-account-takeover-vulnerability-that-no-one-59aa88a9cae8?source=rss----7b722bfd1b8d---4)
2022-04-13T08:21:05Z	**How hackers impersonate email-id’s : Email Spoofing and Phishing Attacks** ⌘ [Read more](https://infosecwriteups.com/how-hackers-impersonate-email-ids-email-spoofing-and-phishing-attacks-a215fcf9341b?source=rss----7b722bfd1b8d---4)
2022-04-13T07:20:01Z	**How a YouTube Video lead to pwning a web application via SQL Injection worth $4324 bounty** ⌘ [Read more](https://infosecwriteups.com/how-a-youtube-video-lead-to-pwning-a-web-application-via-sql-injection-worth-4324-bounty-285f0a9b9f6c?source=rss----7b722bfd1b8d---4)
2022-04-13T07:19:50Z	**Android Pentesting Setup On Macbook M1** ⌘ [Read more](https://infosecwriteups.com/android-pentesting-setup-on-macbook-m1-d2f1f0a8db4b?source=rss----7b722bfd1b8d---4)
2022-04-14T09:47:09Z	**BITB (browser in the browser)Attack** ⌘ [Read more](https://infosecwriteups.com/bitb-browser-in-the-browser-attack-e2008c405701?source=rss----7b722bfd1b8d---4)
2022-04-14T09:46:47Z	**Develop Bluetooth Apps | Fundamentals, Tools & Coding** ⌘ [Read more](https://infosecwriteups.com/develop-bluetooth-apps-fundamentals-tools-coding-4a08922a7cd6?source=rss----7b722bfd1b8d---4)
2022-04-14T10:48:46Z	**Bypass Rate Limit — A blank space leads to this random encounter!** ⌘ [Read more](https://infosecwriteups.com/bypass-rate-limit-a-blank-space-leads-to-this-random-encounter-e18e72fbf228?source=rss----7b722bfd1b8d---4)
2022-04-14T12:50:58Z	**Serialization&Deserialization Attacks** ⌘ [Read more](https://infosecwriteups.com/serialization-deserialization-attacks-on-php-d5fb02e29248?source=rss----7b722bfd1b8d---4)
2022-04-17T20:37:21Z	**THM Writeup: VulnNet Roasted** ⌘ [Read more](https://infosecwriteups.com/thm-writeup-vulnnet-roasted-8f4e18314ca7?source=rss----7b722bfd1b8d---4)
2022-04-17T20:37:15Z	**Devzat from HackTheBox — Detailed Walkthrough** ⌘ [Read more](https://infosecwriteups.com/devzat-from-hackthebox-detailed-walkthrough-46f39b25fa82?source=rss----7b722bfd1b8d---4)
2022-04-17T20:35:55Z	**Tech_Supp0rt: 1 (Tryhackme)** ⌘ [Read more](https://infosecwriteups.com/tech-supp0rt-1-tryhackme-59896cbb9957?source=rss----7b722bfd1b8d---4)
2022-04-17T21:37:17Z	**TryHackMe writeup: Bebop** ⌘ [Read more](https://infosecwriteups.com/tryhackme-writeup-bebop-ed290135d7e2?source=rss----7b722bfd1b8d---4)
2022-04-18T12:47:57Z	**How Mobile Operators should Thousands of Dollars because of SMS Malware.** ⌘ [Read more](https://infosecwriteups.com/how-mobile-operators-should-thousands-of-dollars-because-of-sms-malware-2a4d7ac1e3a2?source=rss----7b722bfd1b8d---4)
2022-04-20T10:23:00Z	**$1000: How I could have Hack any account and become a billionaire overnightTop Crypto-Trading….** ⌘ [Read more](https://infosecwriteups.com/1000-how-i-could-have-hack-any-account-and-become-a-billionaire-overnight-top-crypto-trading-ff0e25b6013c?source=rss----7b722bfd1b8d---4)
2022-04-20T10:22:53Z	**Create Bind and Reverse Shells using Netcat** ⌘ [Read more](https://infosecwriteups.com/create-bind-and-reverse-shells-using-netcat-c53b23df8059?source=rss----7b722bfd1b8d---4)
2022-04-20T11:27:00Z	**Burp Suite Extensions for Web Hunting**
[![](https://cdn-images-1.medium.com/max/600/1*FhcCd_K_IiFpaoQIy6C66w.png)](https://infosecwriteups.com/burp-suite-extensions-for-web-hunting-44ffc3b655aa?source=rss----7b722bfd1b8d---4)

Introduction

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/burp-suite-extensions-for-web-hunting-44ffc3b655aa?source=rss----7b722bfd1b8d---4) ⌘ [Read more](https://infosecwriteups.com/burp-suite-extensions-for-web-hunting-44ffc3b655aa?source=rss----7b722bfd1b8d---4)
2022-04-22T11:06:35Z	**A Facebook Bug that Disclosed Unused Custom Thumbnails of Any Facebook Page’s Public Videos** ⌘ [Read more](https://infosecwriteups.com/a-facebook-bug-that-disclosed-unused-custom-thumbnails-of-any-facebook-pages-public-videos-6414dc1f7adb?source=rss----7b722bfd1b8d---4)
2022-04-22T12:06:09Z	**Pythonic Malware Part-2: Reversing Python Executables**
[![](https://cdn-images-1.medium.com/max/2600/0*RqfyqDbuA5dzxWp-)](https://infosecwriteups.com/pythonic-malware-part-2-reversing-python-executables-1b197bd023ca?source=rss----7b722bfd1b8d---4)

In Pythonic Malware Part-1, I demonstrated how Python executables can be used to bypass Windows Defender and successfully launch…

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com ... ⌘ [Read more](https://infosecwriteups.com/pythonic-malware-part-2-reversing-python-executables-1b197bd023ca?source=rss----7b722bfd1b8d---4)
2022-04-22T13:06:06Z	**How I Bypass 2FA while Resetting Password**
[![](https://cdn-images-1.medium.com/max/725/1*tb1iUKE5DjTJiAz1L8sdkA.png)](https://infosecwriteups.com/how-i-bypass-2fa-while-resetting-password-3f73bf665728?source=rss----7b722bfd1b8d---4)

It was a private program on “Hackerone” , I had set target in my mind that I have to bypass 2fa, so I checked every method to bypass “Two…

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/how-i-bypass-2f ... ⌘ [Read more](https://infosecwriteups.com/how-i-bypass-2fa-while-resetting-password-3f73bf665728?source=rss----7b722bfd1b8d---4)
2022-04-24T08:09:13Z	**How to perform a basic SQL Injection Attack? — Ethical Hacking** ⌘ [Read more](https://infosecwriteups.com/how-to-perform-a-basic-sql-injection-attack-ethical-hacking-f59e5ccbe51f?source=rss----7b722bfd1b8d---4)
2022-04-24T21:53:58Z	**THM: Raz0rBlack** ⌘ [Read more](https://infosecwriteups.com/thm-raz0rblack-b368631c38a5?source=rss----7b722bfd1b8d---4)
2022-04-24T22:57:33Z	**Secret from HackTheBox — Detailed Walkthrough** ⌘ [Read more](https://infosecwriteups.com/secret-from-hackthebox-detailed-walkthrough-d256fb39a910?source=rss----7b722bfd1b8d---4)
2022-04-26T15:58:35Z	**Tryhackme: Anonymous** ⌘ [Read more](https://infosecwriteups.com/tryhackme-anonymous-d7d5b6d14478?source=rss----7b722bfd1b8d---4)
2022-04-26T15:57:31Z	**Tryhackme: AgentSudo** ⌘ [Read more](https://infosecwriteups.com/tryhackme-agentsudo-fcc701caeae3?source=rss----7b722bfd1b8d---4)
2022-04-26T17:03:25Z	**Advanced Docker Security Part II**
[![](https://cdn-images-1.medium.com/max/750/1*yRcI2Y7WBKbSTsEuqVLPyg.jpeg)](https://infosecwriteups.com/advanced-docker-security-part-ii-4a6994f0c328?source=rss----7b722bfd1b8d---4)

Introduction

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/advanced-docker-security-part-ii-4a6994f0c328?source=rss----7b722bfd1b8d---4) ⌘ [Read more](https://infosecwriteups.com/advanced-docker-security-part-ii-4a6994f0c328?source=rss----7b722bfd1b8d---4)
2022-04-27T09:27:33Z	**Using PGP to enhance security and non-repudiation of terraform ops** ⌘ [Read more](https://infosecwriteups.com/using-pgp-to-enhance-security-and-non-repudiation-of-terraform-ops-93c0b4bb209f?source=rss----7b722bfd1b8d---4)
2022-04-28T12:24:13Z	**Hacking IPMI and Zabbix in HackTheBox — Shibboleth** ⌘ [Read more](https://infosecwriteups.com/hacking-ipmi-and-zabbix-in-hackthebox-shibboleth-e48c4f235faf?source=rss----7b722bfd1b8d---4)
2022-04-28T13:27:35Z	**PicoCTF 2022 Web Exploitation** ⌘ [Read more](https://infosecwriteups.com/picoctf-2022-web-exploitation-558673a65f79?source=rss----7b722bfd1b8d---4)
2022-05-01T14:31:52Z	**NahamCon CTF 2022 Write-up: Click Me! Android challenge** ⌘ [Read more](https://infosecwriteups.com/nahamcon-ctf-2022-write-up-click-me-android-challenge-63ccba7cb663?source=rss----7b722bfd1b8d---4)
2022-05-01T14:31:40Z	**TryHackMe — Content Discovery** ⌘ [Read more](https://infosecwriteups.com/tryhackme-content-discovery-ade077cf7437?source=rss----7b722bfd1b8d---4)
2022-05-01T15:38:25Z	**Vulnerabilities that shook the internet**
[![](https://cdn-images-1.medium.com/max/1920/1*V6k1ntnSRUjmG6aWTL8EFA.jpeg)](https://infosecwriteups.com/vulnerabilities-that-shook-the-internet-4cb82a22d3ff?source=rss----7b722bfd1b8d---4)

Introduction

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/vulnerabilities-that-shook-the-internet-4cb82a22d3ff?source=rss----7b722bfd1b8d---4) ⌘ [Read more](https://infosecwriteups.com/vulnerabilities-that-shook-the-internet-4cb82a22d3ff?source=rss----7b722bfd1b8d---4)
2022-05-03T13:51:52Z	**THM Writeup: Ra** ⌘ [Read more](https://infosecwriteups.com/thm-writeup-ra-7e276f05700?source=rss----7b722bfd1b8d---4)
2022-05-03T14:57:41Z	**Shibboleth from HackTheBox — Detailed Walkthrough** ⌘ [Read more](https://infosecwriteups.com/shibboleth-from-hackthebox-detailed-walkthrough-97c7055cb94d?source=rss----7b722bfd1b8d---4)
2022-05-03T15:57:42Z	**The ABCs of Kerberoasting**
[![](https://cdn-images-1.medium.com/max/2600/0*qnhxgfd5CAtfeUpS)](https://infosecwriteups.com/the-abcs-of-kerberoasting-4b192e6a9fb4?source=rss----7b722bfd1b8d---4)

Introduction

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/the-abcs-of-kerberoasting-4b192e6a9fb4?source=rss----7b722bfd1b8d---4) ⌘ [Read more](https://infosecwriteups.com/the-abcs-of-kerberoasting-4b192e6a9fb4?source=rss----7b722bfd1b8d---4)
2022-05-04T13:01:27Z	**Rate Limiting attack bypassing invisible captcha** ⌘ [Read more](https://infosecwriteups.com/rate-limiting-attack-bypassing-invisible-captcha-a6e800903c5f?source=rss----7b722bfd1b8d---4)
2022-05-04T14:03:33Z	**NahamCon 2022 CTF Write-up: “No Space Between Us” Challenge** ⌘ [Read more](https://infosecwriteups.com/nahamcon-2022-ctf-write-up-no-space-between-us-challenge-887965280f77?source=rss----7b722bfd1b8d---4)
2022-05-06T05:31:48Z	**Clique Writeup — ångstromCTF 2022** ⌘ [Read more](https://infosecwriteups.com/clique-writeup-%C3%A5ngstromctf-2022-e7ae871eaa0e?source=rss----7b722bfd1b8d---4)
2022-05-06T06:37:15Z	**TryHackMe writeup: Atlas** ⌘ [Read more](https://infosecwriteups.com/tryhackme-writeup-atlas-c3dff235d109?source=rss----7b722bfd1b8d---4)
2022-05-06T07:38:39Z	**Backdoor from HackTheBox — Detailed Walkthrough** ⌘ [Read more](https://infosecwriteups.com/backdoor-from-hackthebox-detailed-walkthrough-93d238979397?source=rss----7b722bfd1b8d---4)
2022-05-07T20:49:40Z	**Shellcode Analysis** ⌘ [Read more](https://infosecwriteups.com/shellcode-analysis-313bf4ca4dec?source=rss----7b722bfd1b8d---4)
2022-05-07T20:49:29Z	**I Secured More Than 10 Million User's Data on the Kerala Government Website Maintained by NIC.** ⌘ [Read more](https://infosecwriteups.com/i-secured-more-than-10-million-users-data-on-the-kerala-government-website-maintained-by-nic-fb7d5a9f156b?source=rss----7b722bfd1b8d---4)
2022-05-07T20:49:04Z	**C Language for Hackers & Beyond! 0x01** ⌘ [Read more](https://infosecwriteups.com/c-language-for-hackers-beyond-0x01-23bdb00e53f2?source=rss----7b722bfd1b8d---4)
2022-05-07T20:48:32Z	**India’s Biggest Hack — 1100+ Security bugs in Indian Government Websites and Servers compromised** ⌘ [Read more](https://infosecwriteups.com/indias-biggest-hack-1100-security-bugs-in-indian-government-websites-and-servers-compromised-1f10a4c0a631?source=rss----7b722bfd1b8d---4)
2022-05-07T21:52:39Z	**TryHackMe — Nessus** ⌘ [Read more](https://infosecwriteups.com/tryhackme-nessus-3bcd7a04e484?source=rss----7b722bfd1b8d---4)
2022-05-07T22:52:59Z	**What caused Psychic Signatures Vulnerability (CVE-2022–21449)?**
[![](https://cdn-images-1.medium.com/max/2600/0*FgNC8xUGciscl1Zp)](https://infosecwriteups.com/what-caused-psychic-signatures-vulnerability-cve-2022-21449-60542811eac2?source=rss----7b722bfd1b8d---4)

Introduction

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/what-caused-psychic-signatures-vulnerability-cve-2022-21449-60542811eac2?source=rss----7b722b ... ⌘ [Read more](https://infosecwriteups.com/what-caused-psychic-signatures-vulnerability-cve-2022-21449-60542811eac2?source=rss----7b722bfd1b8d---4)
2022-05-09T13:56:05Z	**THM Writeup: Ra 2** ⌘ [Read more](https://infosecwriteups.com/thm-writeup-ra-2-ed3de7c719a8?source=rss----7b722bfd1b8d---4)
2022-05-10T16:14:13Z	**Common C Vulnerabilities**
[![](https://cdn-images-1.medium.com/max/2600/0*0KiOvYYHbaIQAxdX)](https://infosecwriteups.com/common-c-vulnerabilities-b84777e071b9?source=rss----7b722bfd1b8d---4)

Introduction

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/common-c-vulnerabilities-b84777e071b9?source=rss----7b722bfd1b8d---4) ⌘ [Read more](https://infosecwriteups.com/common-c-vulnerabilities-b84777e071b9?source=rss----7b722bfd1b8d---4)
2022-05-11T10:45:37Z	**PWN101 Walkthrough | TryHackMe** ⌘ [Read more](https://infosecwriteups.com/pwn101-walkthrough-tryhackme-d34b4236b2a0?source=rss----7b722bfd1b8d---4)
2022-05-11T10:45:30Z	**Cryptography essential for H4CK3R and CTF player 0x1(encoding).** ⌘ [Read more](https://infosecwriteups.com/cryptography-essential-for-h4ck3r-and-ctf-player-0x1-encoding-b638ab5821a9?source=rss----7b722bfd1b8d---4)
2022-05-11T11:47:36Z	**11 Essential Tools for Java Developers** ⌘ [Read more](https://infosecwriteups.com/11-essential-tools-for-java-developers-725228f41234?source=rss----7b722bfd1b8d---4)
2022-05-12T10:47:44Z	**Api endpoint- Revealed Transaction Details of about Millions of users** ⌘ [Read more](https://infosecwriteups.com/api-endpoint-revealed-transaction-details-of-about-millions-of-users-9d5a5324547f?source=rss----7b722bfd1b8d---4)
2022-05-16T09:47:02Z	**Module-1 | Introduction -Pentesting & Bypassing AWS/Azure/GCP Cloud WAF Fun & Profit** ⌘ [Read more](https://infosecwriteups.com/module-1-introduction-pentesting-bypassing-cloud-waf-fun-profit-75f315951aa8?source=rss----7b722bfd1b8d---4)
2022-05-17T07:35:47Z	**Create Your Ultimate Bug Bounty Automation Without Nerdy Bash Skills (Part 3)** ⌘ [Read more](https://infosecwriteups.com/create-your-ultimate-bug-bounty-automation-without-nerdy-bash-skills-part-3-7ee2b353a781?source=rss----7b722bfd1b8d---4)
2022-05-17T07:35:40Z	**Create Your Ultimate Bug Bounty Automation Without Nerdy Bash Skills (Part 2)** ⌘ [Read more](https://infosecwriteups.com/create-your-ultimate-bug-bounty-automation-without-nerdy-bash-skills-part-2-c8cd72018922?source=rss----7b722bfd1b8d---4)
2022-05-17T07:35:28Z	**What is SSH and How to use it? | With Examples** ⌘ [Read more](https://infosecwriteups.com/what-is-ssh-and-how-to-use-it-with-examples-578c72ff32b0?source=rss----7b722bfd1b8d---4)
2022-05-17T07:35:19Z	**Module-2 | Introduction -Pentesting & Bypassing AWS/Azure/GCP Cloud WAF Fun & Profit** ⌘ [Read more](https://infosecwriteups.com/module-2-introduction-pentesting-bypassing-aws-azure-gcp-cloud-waf-fun-profit-cfcfd55454f6?source=rss----7b722bfd1b8d---4)
2022-05-17T07:35:12Z	**This is how my Windows 10 Hacked! and how i overcome it (Remove a Trojan-Horse from affected PC).** ⌘ [Read more](https://infosecwriteups.com/this-is-how-my-windows-10-hacked-and-how-i-overcome-it-remove-a-trojan-horse-from-affected-pc-9cb5c90df26d?source=rss----7b722bfd1b8d---4)
2022-05-17T07:34:40Z	**Create Your Ultimate Bug Bounty Automation Without Nerdy Bash Skills (Part 1)** ⌘ [Read more](https://infosecwriteups.com/create-your-ultimate-bug-bounty-automation-without-nerdy-bash-skills-part-1-a78c2b109731?source=rss----7b722bfd1b8d---4)
2022-05-17T08:37:06Z	**Bypassing WAF to Weaponize a Stored XSS** ⌘ [Read more](https://infosecwriteups.com/bypassing-waf-to-weaponize-a-stored-xss-ff9963c421ee?source=rss----7b722bfd1b8d---4)
2022-05-18T08:00:02Z	**The Basics of Subdomain Takeovers** ⌘ [Read more](https://infosecwriteups.com/the-basics-of-subdomain-takeovers-a0bbd4c84a4?source=rss----7b722bfd1b8d---4)
2022-05-19T08:42:44Z	**Active Directory Overview** ⌘ [Read more](https://infosecwriteups.com/active-directory-overview-98692e1b0233?source=rss----7b722bfd1b8d---4)
2022-05-19T08:42:25Z	**Unicode from HackTheBox — Detailed Walkthrough** ⌘ [Read more](https://infosecwriteups.com/unicode-from-hackthebox-detailed-walkthrough-5da3481816de?source=rss----7b722bfd1b8d---4)
2022-05-20T07:30:09Z	**Cyber Apocalypse CTF 2022 — Web — Intergalactic Post Write-up** ⌘ [Read more](https://infosecwriteups.com/cyber-apocalypse-ctf-2022-web-intergalactic-post-write-up-9f2b1acc5386?source=rss----7b722bfd1b8d---4)
2022-05-20T07:30:04Z	**Cyber Apocalypse CTF 2022 — Web — Amidst Us Write-up** ⌘ [Read more](https://infosecwriteups.com/cyber-apocalypse-ctf-2022-web-amidst-us-write-up-a6864e23c3b9?source=rss----7b722bfd1b8d---4)
2022-05-20T07:29:59Z	**Cyber Apocalypse CTF 2022 — Misc — Compressor Write-up (easy way)** ⌘ [Read more](https://infosecwriteups.com/cyber-apocalypse-ctf-2022-misc-compressor-write-up-easy-way-de9efcccd6af?source=rss----7b722bfd1b8d---4)
2022-05-20T07:29:55Z	**Cyber Apocalypse CTF 2022 — Web — Kryptos Support Write-up** ⌘ [Read more](https://infosecwriteups.com/cyber-apocalypse-ctf-2022-web-kryptos-support-write-up-2cf5057c4161?source=rss----7b722bfd1b8d---4)
2022-05-20T07:29:36Z	**Cyber Apocalypse CTF 2022 — Intergalactic Chase Write up** ⌘ [Read more](https://infosecwriteups.com/cyber-apocalypse-ctf-2022-intergalactic-chase-write-up-6d2e89b1633e?source=rss----7b722bfd1b8d---4)
2022-05-20T08:31:16Z	**Implementing Security in SDLC**
[![](https://cdn-images-1.medium.com/max/1400/0*WgbwcIcQFGpwkF8j)](https://infosecwriteups.com/implementing-security-in-sdlc-631ff4fd5451?source=rss----7b722bfd1b8d---4)

Introduction

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/implementing-security-in-sdlc-631ff4fd5451?source=rss----7b722bfd1b8d---4) ⌘ [Read more](https://infosecwriteups.com/implementing-security-in-sdlc-631ff4fd5451?source=rss----7b722bfd1b8d---4)
2022-05-20T08:28:56Z	**Wireless Penetration Testing (WPA-2 Cracking)** ⌘ [Read more](https://infosecwriteups.com/wireless-penetration-testing-wpa-2-cracking-9c925e51a873?source=rss----7b722bfd1b8d---4)
2022-05-22T09:05:45Z	**OTP Bypass on Vahak.in** ⌘ [Read more](https://infosecwriteups.com/otp-bypass-on-vahak-in-f4931e195697?source=rss----7b722bfd1b8d---4)
2022-05-22T09:05:07Z	**TryHackMe: Biblioteca** ⌘ [Read more](https://infosecwriteups.com/tryhackme-biblioteca-c56be949564c?source=rss----7b722bfd1b8d---4)
2022-05-24T07:51:18Z	**Cybersecurity & Application Attacks**
[![](https://cdn-images-1.medium.com/max/2600/1*jVeAyZy_4ryg0MG8XjPilw.jpeg)](https://infosecwriteups.com/objective-1-3-application-attacks-3f36896715fd?source=rss----7b722bfd1b8d---4)

Buffer Overflow and XSS Cross-site Scripting attacks for SY0–601

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/objective-1-3-application-attacks-3f36896715fd?source=rss----7b722bfd1b8d---4) ⌘ [Read more](https://infosecwriteups.com/objective-1-3-application-attacks-3f36896715fd?source=rss----7b722bfd1b8d---4)
2022-05-24T08:57:21Z	**How I Found a company’s internal S3 Bucket with 41k Files** ⌘ [Read more](https://infosecwriteups.com/how-i-found-a-companys-internal-s3-bucket-with-41k-files-94b453e588b5?source=rss----7b722bfd1b8d---4)
2022-05-25T06:54:10Z	**Antivirus Evasion — Part 1** ⌘ [Read more](https://infosecwriteups.com/antivirus-evasion-26a30f072f76?source=rss----7b722bfd1b8d---4)
2022-05-25T06:51:50Z	**Hacking Web3: Introduction and How to Start** ⌘ [Read more](https://infosecwriteups.com/hacking-web3-introduction-and-how-to-start-88ae2c51f3ec?source=rss----7b722bfd1b8d---4)
2022-05-25T06:51:34Z	**Kerberos Authentication in Active Directory** ⌘ [Read more](https://infosecwriteups.com/kerberos-authentication-in-active-directory-2dc4af232f65?source=rss----7b722bfd1b8d---4)
2022-05-25T07:52:39Z	**Nunchucks from HackTheBox — Detailed Walkthrough** ⌘ [Read more](https://infosecwriteups.com/nunchucks-from-hackthebox-detailed-walkthrough-c09ba0f276fa?source=rss----7b722bfd1b8d---4)
2022-05-25T08:53:58Z	**TryHackMe writeup: HackPark** ⌘ [Read more](https://infosecwriteups.com/tryhackme-writeup-hackpark-bd9c075c5262?source=rss----7b722bfd1b8d---4)
2022-05-25T09:53:21Z	**Approaching CTF OSINT Challenges — Learn by Example** ⌘ [Read more](https://infosecwriteups.com/approaching-ctf-osint-challenges-learn-by-example-b92be1dddc8d?source=rss----7b722bfd1b8d---4)
2022-05-25T10:52:35Z	**Learning Linux & InfoSec Principles Using OverTheWire’s Bandit — Part 4** ⌘ [Read more](https://infosecwriteups.com/learning-linux-infosec-principles-using-overthewires-bandit-part-4-a202c2e44843?source=rss----7b722bfd1b8d---4)
2022-05-26T05:54:22Z	**Secure Code Review -1 | Cheat sheet For Security Vulnerability In Python — Injection Flaws**
Based on OWASP Top-10 Vulnerabilities. This time we are looking for secure coding bugs related to Injection Flaws

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/secure-code-review-1-cheat-sheet-for-security-vulnerability-in-python-injection-flaws-15c93b9d754f?source=rss----7b722bfd1b8d---4) ⌘ [Read more](https://infosecwriteups.com/secure-code-review-1-cheat-sheet-for-security-vulnerability-in-python-injection-flaws-15c93b9d754f?source=rss----7b722bfd1b8d---4)
2022-05-26T05:54:16Z	**Module-2 | Introduction -Pentesting & Bypassing AWS/Azure/GCP Cloud WAF Fun & Profit**
[![](https://cdn-images-1.medium.com/max/1290/1*-rZYQ4hufBSXDednAQ3XqQ.png)](https://infosecwriteups.com/module-2-introduction-pentesting-bypassing-aws-azure-gcp-cloud-waf-fun-profit-9c87b6276fe7?source=rss----7b722bfd1b8d---4)

Q. What is Core Rule Set & why it is utilized by all the cloud WAFs?
A. We will try to understand more about  ... ⌘ [Read more](https://infosecwriteups.com/module-2-introduction-pentesting-bypassing-aws-azure-gcp-cloud-waf-fun-profit-9c87b6276fe7?source=rss----7b722bfd1b8d---4)
2022-05-26T05:54:07Z	**Module-3 | Introduction -Pentesting & Bypassing AWS/Azure/GCP Cloud WAF Fun & Profit**
[![](https://cdn-images-1.medium.com/max/1290/1*eulqyvUY36J18tEwCHskFA.png)](https://infosecwriteups.com/module-3-introduction-pentesting-bypassing-aws-azure-gcp-cloud-waf-fun-profit-6b38a836d78f?source=rss----7b722bfd1b8d---4)

1\. Setting up Vulnerable Application For AWS WAF

[Continue reading on InfoSec Write-ups »](https://infosecw ... ⌘ [Read more](https://infosecwriteups.com/module-3-introduction-pentesting-bypassing-aws-azure-gcp-cloud-waf-fun-profit-6b38a836d78f?source=rss----7b722bfd1b8d---4)
2022-05-26T20:38:18Z	**Operational Methodologies of Cyber Terrorist Organization “Transparent Tribe”** ⌘ [Read more](https://infosecwriteups.com/operational-methodologies-of-cyber-terrorist-organization-transparent-tribe-3389bdc1db3e?source=rss----7b722bfd1b8d---4)
2022-05-26T20:38:07Z	**Penetration Testing Benefits** ⌘ [Read more](https://infosecwriteups.com/penetration-testing-benefits-348aa3a168a3?source=rss----7b722bfd1b8d---4)
2022-05-26T20:37:54Z	**How an Open Redirection Leads to an Account Takeover?** ⌘ [Read more](https://infosecwriteups.com/how-an-open-redirection-leads-to-an-account-takeover-73ea883055d1?source=rss----7b722bfd1b8d---4)
2022-05-27T09:02:36Z	**Firewall Evasion Techniques using Nmap**
[![](https://cdn-images-1.medium.com/max/1400/0*nR0pYXwZKKMcsmR6)](https://infosecwriteups.com/firewall-evasion-techniques-using-nmap-523dd18b1b1c?source=rss----7b722bfd1b8d---4)

Introduction

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/firewall-evasion-techniques-using-nmap-523dd18b1b1c?source=rss----7b722bfd1b8d---4) ⌘ [Read more](https://infosecwriteups.com/firewall-evasion-techniques-using-nmap-523dd18b1b1c?source=rss----7b722bfd1b8d---4)
2022-05-29T04:33:24Z	**Hacking GraphQL — Part 1** ⌘ [Read more](https://infosecwriteups.com/hacking-graphql-part-1-61d7a31b30c3?source=rss----7b722bfd1b8d---4)
2022-05-29T04:33:07Z	**Bypass the Firewall with SSH Tunnelling** ⌘ [Read more](https://infosecwriteups.com/bypass-the-firewall-with-ssh-tunnelling-711fa78ea97f?source=rss----7b722bfd1b8d---4)
2022-05-29T04:31:40Z	**CyberStarters CTF — Gunship** ⌘ [Read more](https://infosecwriteups.com/cyberstarters-ctf-gunship-93c23b3d5f1d?source=rss----7b722bfd1b8d---4)
2022-05-29T13:19:57Z	**Learning Linux & InfoSec Principles Using OverTheWire’s Bandit — Part 4** ⌘ [Read more](https://infosecwriteups.com/learning-linux-infosec-principles-using-overthewires-bandit-part-4-69803b6f43ed?source=rss----7b722bfd1b8d---4)
2022-05-30T06:17:04Z	**Pen #004: Linux Basics (Part 1)** ⌘ [Read more](https://infosecwriteups.com/pen-4-linux-basics-part-1-8559551db747?source=rss----7b722bfd1b8d---4)
2022-05-30T06:16:54Z	**AWS IAM Exploitation Techniques** ⌘ [Read more](https://infosecwriteups.com/aws-iam-exploitation-techniques-565830bf704b?source=rss----7b722bfd1b8d---4)
2022-05-30T06:16:47Z	**Anatomy Of Spring4Shell CVE-2022–22965** ⌘ [Read more](https://infosecwriteups.com/anatomy-of-spring4shell-cve-2022-22965-e0df259cef9d?source=rss----7b722bfd1b8d---4)
2022-05-31T13:39:32Z	**HackThebox: Lame** ⌘ [Read more](https://infosecwriteups.com/hackthebox-lame-649ae6d39ac6?source=rss----7b722bfd1b8d---4)
2022-05-31T13:39:21Z	**Erlik Machine Writeup** ⌘ [Read more](https://infosecwriteups.com/erlik-machine-writeup-4565f27a5695?source=rss----7b722bfd1b8d---4)
2022-05-31T13:39:11Z	**Serial Communication with Raspberry Pi Pico in Windows 10/11 via WSL** ⌘ [Read more](https://infosecwriteups.com/serial-communication-with-raspberry-pi-pico-in-windows-10-11-via-wsl-50f93e29e2cb?source=rss----7b722bfd1b8d---4)
2022-05-31T13:38:27Z	**Top 5 Hacking   Book , Must Read !!** ⌘ [Read more](https://infosecwriteups.com/top-5-hacking-book-must-read-72b37d7f885a?source=rss----7b722bfd1b8d---4)
2022-05-31T13:38:20Z	**Persistent Windows 10 and 11 keylogger (keylogiq)** ⌘ [Read more](https://infosecwriteups.com/persistent-windows-10-and-11-keylogger-keylogiq-eada8f2dbf9c?source=rss----7b722bfd1b8d---4)
2022-05-31T13:38:11Z	**Zero Day Vulnerability: Chromium v8 js engine issue 1303458 — Use After Free in x64 Instruction…** ⌘ [Read more](https://infosecwriteups.com/zero-day-vulnerability-chromium-v8-js-engine-issue-1303458-use-after-free-in-x64-instruction-e874419436a6?source=rss----7b722bfd1b8d---4)
2022-05-31T14:43:56Z	**Tryhackme Pcap Analysis Room Official Writeup** ⌘ [Read more](https://infosecwriteups.com/tryhackme-pcap-analysis-room-official-writeup-5788e5853acf?source=rss----7b722bfd1b8d---4)
2022-05-31T15:41:06Z	**SSO: A Secure way for authentication and authorization ?**
[![](https://cdn-images-1.medium.com/max/2600/0*Mp4aBiuz1aTEoDeV)](https://infosecwriteups.com/sso-a-secure-way-for-authentication-and-authorization-6a4fb8794dd6?source=rss----7b722bfd1b8d---4)

Introduction

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/sso-a-secure-way-for-authentication-and-authorization-6a4fb8794dd6?source=rss----7b722bfd1b8d---4) ⌘ [Read more](https://infosecwriteups.com/sso-a-secure-way-for-authentication-and-authorization-6a4fb8794dd6?source=rss----7b722bfd1b8d---4)
2022-05-31T22:35:40Z	**Tryhackme linuxloganalysis Writeup** ⌘ [Read more](https://infosecwriteups.com/tryhackme-linuxloganalysis-writeup-8a28fca4ac02?source=rss----7b722bfd1b8d---4)
2022-05-31T22:35:32Z	**Tryhackme ramanalysis Writeup** ⌘ [Read more](https://infosecwriteups.com/tryhackme-ramanalysis-writeup-c305dd88f150?source=rss----7b722bfd1b8d---4)
2022-05-31T22:35:27Z	**Tryhackme tsharkpcapanalysis Writeup** ⌘ [Read more](https://infosecwriteups.com/tryhackme-tsharkpcapanalysis-writeup-7b9ed3a19ea3?source=rss----7b722bfd1b8d---4)
2022-06-01T09:52:06Z	**How I am winning battle with Windows 10 and 11 Security and avoiding detection** ⌘ [Read more](https://infosecwriteups.com/how-i-am-winning-battle-with-windows-10-and-11-security-and-avoiding-detection-6ea9f954b2a7?source=rss----7b722bfd1b8d---4)
2022-06-03T05:36:47Z	**Android Pentesting Methodology (Pt. 1)** ⌘ [Read more](https://infosecwriteups.com/android-pentesting-methodology-pt-1-9557f6664307?source=rss----7b722bfd1b8d---4)
2022-06-03T06:50:01Z	**Kubernetes 101 | Setting up Kubernetes Cluster Locally**
[![](https://cdn-images-1.medium.com/max/832/1*C5qJjcTuJvY7Xh0hFmwjGQ.png)](https://infosecwriteups.com/kubernetes-101-setting-up-kubernetes-cluster-locally-aa8c34c89862?source=rss----7b722bfd1b8d---4)

This blog is about setting the local Kubernetes cluster for learning & testing using multiple tools like Kind, Minikube, Kubeadm & K3s.

[Continue reading on InfoSec Write-ups »](https://inf ... ⌘ [Read more](https://infosecwriteups.com/kubernetes-101-setting-up-kubernetes-cluster-locally-aa8c34c89862?source=rss----7b722bfd1b8d---4)
2022-06-03T06:49:53Z	**Enumeration and lateral movement in GCP environments** ⌘ [Read more](https://infosecwriteups.com/enumeration-and-lateral-movement-in-gcp-environments-c3b82d342794?source=rss----7b722bfd1b8d---4)
2022-06-04T07:56:16Z	**Linux Hardening techniques**
[![](https://cdn-images-1.medium.com/max/2600/0*Osq2YkbhVyeraqQC)](https://infosecwriteups.com/linux-hardening-techniques-802b12bebcae?source=rss----7b722bfd1b8d---4)

Introduction

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/linux-hardening-techniques-802b12bebcae?source=rss----7b722bfd1b8d---4) ⌘ [Read more](https://infosecwriteups.com/linux-hardening-techniques-802b12bebcae?source=rss----7b722bfd1b8d---4)
2022-06-04T07:55:31Z	**#Part 1 : The reality of modern information security in enterprise around the world.** ⌘ [Read more](https://infosecwriteups.com/part-1-the-reality-of-modern-information-security-in-enterprise-around-the-world-57bcd3feb169?source=rss----7b722bfd1b8d---4)
2022-06-05T07:20:28Z	**Creating a backdoor in PAM in 5 line of code** ⌘ [Read more](https://infosecwriteups.com/creating-a-backdoor-in-pam-in-5-line-of-code-e23e99579cd9?source=rss----7b722bfd1b8d---4)
2022-06-05T07:15:57Z	**Owasp crAPI: Introducing API Security The Hacker Way** ⌘ [Read more](https://infosecwriteups.com/crapi-api-security-the-hacker-way-7f8402bb6e65?source=rss----7b722bfd1b8d---4)
2022-06-05T07:15:54Z	**Testing EDRs for Linux — Things I wish I knew before getting started** ⌘ [Read more](https://infosecwriteups.com/testing-edrs-for-linux-things-i-wish-i-knew-before-getting-started-3ab15112c183?source=rss----7b722bfd1b8d---4)
2022-06-06T11:22:35Z	**Pen #005: Linux Basics (Part 2)** ⌘ [Read more](https://infosecwriteups.com/pen-5-linux-basics-part-2-57f8392ea216?source=rss----7b722bfd1b8d---4)
2022-06-07T08:24:36Z	**Spring4Shell (SpringShell) Vulnerability** ⌘ [Read more](https://infosecwriteups.com/spring4shell-springshell-vulnerability-7a616e2f20ff?source=rss----7b722bfd1b8d---4)
2022-06-07T08:23:54Z	**VLAN Hopping Attack** ⌘ [Read more](https://infosecwriteups.com/vlan-hopping-attack-33a8b109c068?source=rss----7b722bfd1b8d---4)
2022-06-07T08:22:47Z	**NoSQL Injection** ⌘ [Read more](https://infosecwriteups.com/hacking-nosql-c07e74d8ce2c?source=rss----7b722bfd1b8d---4)
2022-06-07T08:20:49Z	**Hacking Nginx: Best ways** ⌘ [Read more](https://infosecwriteups.com/hacking-nginx-best-ways-7c576cc17ccc?source=rss----7b722bfd1b8d---4)
2022-06-07T08:20:19Z	**Capture the Ether — Challenge Writeup**
[![](https://cdn-images-1.medium.com/max/625/1*Q3IFpaR0r5HIzEGUJ8H07A.png)](https://infosecwriteups.com/capture-the-ether-challenge-writeup-b10853807690?source=rss----7b722bfd1b8d---4)

I started concentrating in smart contract security and it is really interesting.

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/capture-the-ether-challenge-writeup-b10853807690?source=rss----7b722bfd1b8d---4) ⌘ [Read more](https://infosecwriteups.com/capture-the-ether-challenge-writeup-b10853807690?source=rss----7b722bfd1b8d---4)
2022-06-07T09:21:10Z	**Pandora from HackTheBox — Detailed Walkthrough** ⌘ [Read more](https://infosecwriteups.com/pandora-from-hackthebox-detailed-walkthrough-7d52066e5dc5?source=rss----7b722bfd1b8d---4)
2022-06-08T12:41:10Z	**Detecting DNS Tunneling using Spark Structured Streaming**
[![](https://cdn-images-1.medium.com/max/1536/1*3_2FywRePkmco2Q5Cd-U5A.png)](https://infosecwriteups.com/detecting-dns-tunneling-using-spark-structured-streaming-c7e2b6af0349?source=rss----7b722bfd1b8d---4)

From generating DNS logs to end-to-end implementation of structured streaming

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/detecting-dns-tunneling-using- ... ⌘ [Read more](https://infosecwriteups.com/detecting-dns-tunneling-using-spark-structured-streaming-c7e2b6af0349?source=rss----7b722bfd1b8d---4)
2022-06-10T06:46:35Z	**[BugBounty] Tips to Find Stored XSS**
[![](https://cdn-images-1.medium.com/max/600/1*Q4FqFV_y2V7Ue3CDEnU13A.png)](https://infosecwriteups.com/bugbounty-tips-to-find-stored-xss-9995814d353f?source=rss----7b722bfd1b8d---4)

Intro

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/bugbounty-tips-to-find-stored-xss-9995814d353f?source=rss----7b722bfd1b8d---4) ⌘ [Read more](https://infosecwriteups.com/bugbounty-tips-to-find-stored-xss-9995814d353f?source=rss----7b722bfd1b8d---4)
2022-06-10T15:26:46Z	**Brainpan 1 WriteUp Tryhackme** ⌘ [Read more](https://infosecwriteups.com/brainpan-1-writeup-tryhackme-ba33c01c4fc4?source=rss----7b722bfd1b8d---4)
2022-06-11T17:14:30Z	**[Bug Bounty] How I was able edit AWS’s files from file upload function?** ⌘ [Read more](https://infosecwriteups.com/bug-bounty-how-i-was-able-edit-awss-files-from-file-upload-function-cb33bc3bd3a9?source=rss----7b722bfd1b8d---4)
2022-06-11T18:17:21Z	**Timing from HackTheBox — Detailed Walkthrough** ⌘ [Read more](https://infosecwriteups.com/timing-from-hackthebox-detailed-walkthrough-7671466227fd?source=rss----7b722bfd1b8d---4)
2022-06-12T14:01:12Z	**TryHackMe: LazyAdmin** ⌘ [Read more](https://infosecwriteups.com/tryhackme-lazyadmin-9441e1240cb7?source=rss----7b722bfd1b8d---4)
2022-06-12T15:03:36Z	**Learning More About YAML Deserialization**
[![](https://cdn-images-1.medium.com/max/1600/0*qiKO_Eao27BOQL6_)](https://infosecwriteups.com/learning-more-about-yaml-deserialization-9c08093b4a3d?source=rss----7b722bfd1b8d---4)

Introduction

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/learning-more-about-yaml-deserialization-9c08093b4a3d?source=rss----7b722bfd1b8d---4) ⌘ [Read more](https://infosecwriteups.com/learning-more-about-yaml-deserialization-9c08093b4a3d?source=rss----7b722bfd1b8d---4)
2022-06-13T05:36:09Z	**NTLM Authentication in Active Directory** ⌘ [Read more](https://infosecwriteups.com/ntlm-authentication-in-active-directory-b99ea9087519?source=rss----7b722bfd1b8d---4)
2022-06-13T05:35:58Z	**How to get started in Cybersecurity in 2022** ⌘ [Read more](https://infosecwriteups.com/how-to-get-started-in-cybersecurity-in-2022-e36bd5732da?source=rss----7b722bfd1b8d---4)
2022-06-14T10:37:34Z	**How I found a Critical Bug in Instagram and Got 49500$ Bounty From Facebook** ⌘ [Read more](https://infosecwriteups.com/how-i-found-a-critical-bug-in-instagram-and-got-49500-bounty-from-facebook-626ff2c6a853?source=rss----7b722bfd1b8d---4)
2022-06-15T08:03:44Z	**Phishing Domain Detection using Neural Networks**
[![](https://cdn-images-1.medium.com/max/1000/1*quHtZCsfOml6gtt0_FUTmw.jpeg)](https://infosecwriteups.com/phishing-domain-detection-using-neural-networks-b133a6495a78?source=rss----7b722bfd1b8d---4)

Applying neural networks on domain name analysis to detect phishing

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/phishing-domain-detection-using-neural-networks-b133a6495a78?sourc ... ⌘ [Read more](https://infosecwriteups.com/phishing-domain-detection-using-neural-networks-b133a6495a78?source=rss----7b722bfd1b8d---4)
2022-06-15T09:06:06Z	**AdmirerToo from HackTheBox — Detailed Walkthrough** ⌘ [Read more](https://infosecwriteups.com/admirertoo-from-hackthebox-detailed-walkthrough-b005ec7a4877?source=rss----7b722bfd1b8d---4)
2022-06-16T16:52:43Z	**Attacks on Blockchain** ⌘ [Read more](https://infosecwriteups.com/attacks-on-blockchain-84fac903b20a?source=rss----7b722bfd1b8d---4)
2022-06-17T16:16:06Z	**Vulnerabilities in JS based Applications**
[![](https://cdn-images-1.medium.com/max/1400/0*8mbMihOcjOTdVrD7)](https://infosecwriteups.com/vulnerabilities-in-js-based-applications-397e0dc90124?source=rss----7b722bfd1b8d---4)

Introduction

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/vulnerabilities-in-js-based-applications-397e0dc90124?source=rss----7b722bfd1b8d---4) ⌘ [Read more](https://infosecwriteups.com/vulnerabilities-in-js-based-applications-397e0dc90124?source=rss----7b722bfd1b8d---4)
2022-06-19T14:56:45Z	**LDAP in Active Directory** ⌘ [Read more](https://infosecwriteups.com/ldap-in-active-directory-f0de5729f72f?source=rss----7b722bfd1b8d---4)
2022-06-21T08:21:08Z	**Kubernetes Security Policy Enforcement — OPA** ⌘ [Read more](https://infosecwriteups.com/kubernetes-security-policy-enforcement-opa-70975ec51272?source=rss----7b722bfd1b8d---4)
2022-06-21T08:20:59Z	**Google Dorks: An Advanced Hacking Tool** ⌘ [Read more](https://infosecwriteups.com/google-dorks-an-advanced-hacking-tool-a523c4996279?source=rss----7b722bfd1b8d---4)
2022-06-21T08:20:42Z	**Create a Hidden IRC Server with The Onion Router (TOR)** ⌘ [Read more](https://infosecwriteups.com/create-a-hidden-irc-server-with-the-onion-router-tor-c839e3a81d78?source=rss----7b722bfd1b8d---4)
2022-06-21T13:58:30Z	**HacktheBox Writeup: Paper** ⌘ [Read more](https://infosecwriteups.com/hackthebox-writeup-paper-5a13adfcc549?source=rss----7b722bfd1b8d---4)
2022-06-21T14:36:39Z	**Telangana, Andhra Pradesh, Karnataka, Himachal Pradesh & Kerala — All Government bus services were…** ⌘ [Read more](https://infosecwriteups.com/telangana-andhra-pradesh-karnataka-himachal-pradesh-kerala-all-government-bus-services-were-885b44c21a?source=rss----7b722bfd1b8d---4)
2022-06-21T15:03:25Z	**What are supply chains and they security**
[![](https://cdn-images-1.medium.com/max/1400/0*FstMp3fX0oEzs5Eu)](https://infosecwriteups.com/what-are-supply-chains-and-they-security-8295f437061f?source=rss----7b722bfd1b8d---4)

What are Supply Chains Attacks

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/what-are-supply-chains-and-they-security-8295f437061f?source=rss----7b722bfd1b8d---4) ⌘ [Read more](https://infosecwriteups.com/what-are-supply-chains-and-they-security-8295f437061f?source=rss----7b722bfd1b8d---4)
2022-06-21T15:53:06Z	**Infosec Weekly #2 — Docker, Google Dorks, Bug Bounty and other interesting Infosec stuff.** ⌘ [Read more](https://infosecwriteups.com/https-weekly-infosecwriteups-com-infosec-weekly-2-an-in-depth-79c080c14f5e?source=rss----7b722bfd1b8d---4)
2022-06-23T18:23:13Z	**Why is the Zero Trust Security Model Effective?** ⌘ [Read more](https://infosecwriteups.com/why-is-the-zero-trust-security-model-effective-93e853bee9c5?source=rss----7b722bfd1b8d---4)
2022-06-23T19:27:54Z	**Information Leak: Posted, Discovered & Misused! How easy for Criminals to get your data?** ⌘ [Read more](https://infosecwriteups.com/information-leak-posted-discovered-misused-how-easy-for-criminals-to-get-your-data-7a83b39f9df7?source=rss----7b722bfd1b8d---4)
2022-06-25T09:09:00Z	**Meta from HackTheBox — Detailed Walkthrough** ⌘ [Read more](https://infosecwriteups.com/meta-from-hackthebox-detailed-walkthrough-a26925443ab7?source=rss----7b722bfd1b8d---4)
2022-06-27T15:31:51Z	**Analyzing CVE-2022–22980 to discover a real exploitable path in the source code review process with…** ⌘ [Read more](https://infosecwriteups.com/analyzing-cve-2022-22980-to-discover-a-real-exploitable-path-in-the-source-code-review-process-with-145d97717656?source=rss----7b722bfd1b8d---4)
2022-06-27T15:31:43Z	**How i was able to takeover 3 Subdomains of an Organization via Shopify?** ⌘ [Read more](https://infosecwriteups.com/how-i-was-able-to-takeover-3-shopify-subdomains-of-an-organization-867141854d37?source=rss----7b722bfd1b8d---4)
2022-06-27T15:30:36Z	**Getting Your First Bug (Part II)** ⌘ [Read more](https://infosecwriteups.com/getting-your-first-bug-part-ii-f7081a027f71?source=rss----7b722bfd1b8d---4)
2022-06-27T17:17:57Z	**IW Weekly #3: SQL Injection, Data Exfiltration, Log Poisoning, Blind XSS, and more.** ⌘ [Read more](https://infosecwriteups.com/iw-weekly-3-sql-injection-data-exfiltration-log-poisoning-blind-xss-and-more-bb98cd5523f?source=rss----7b722bfd1b8d---4)
2022-06-28T09:21:18Z	**Make a Self-Replicating Virus in Python** ⌘ [Read more](https://infosecwriteups.com/make-a-self-replicating-virus-in-python-bb29404e3f6b?source=rss----7b722bfd1b8d---4)
2022-06-28T09:20:40Z	**Learning More about File Upload Vulnerabilities**
[![](https://cdn-images-1.medium.com/max/1400/0*tia56VnJ3cTu8KmT)](https://infosecwriteups.com/learning-more-about-file-upload-vulnerabilities-1833bed29f5d?source=rss----7b722bfd1b8d---4)

The vulnerability associated with file uploads is well-known and considered to be of high severity. This vulnerability exists because the…

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/learni ... ⌘ [Read more](https://infosecwriteups.com/learning-more-about-file-upload-vulnerabilities-1833bed29f5d?source=rss----7b722bfd1b8d---4)
2022-06-29T10:03:19Z	**HTML and Hyperlink Injection via Share Option In Microsoft Onenote Application**
[![](https://cdn-images-1.medium.com/max/2600/1*ZDW696xGKELspXP6bhWs9A.png)](https://infosecwriteups.com/html-and-hyperlink-injection-via-share-option-in-microsoft-onenote-application-47e94d0e6478?source=rss----7b722bfd1b8d---4)

Hyperlink Injection it’s when attacker injecting a malicious link when sending an email invitation.

[Continue re ... ⌘ [Read more](https://infosecwriteups.com/html-and-hyperlink-injection-via-share-option-in-microsoft-onenote-application-47e94d0e6478?source=rss----7b722bfd1b8d---4)
2022-06-29T12:39:14Z	**Text Based Injection | Content Spoofing on ISRO Website** ⌘ [Read more](https://infosecwriteups.com/text-based-injection-content-spoofing-96e9eb1615d8?source=rss----7b722bfd1b8d---4)
2022-06-29T16:34:19Z	**IW Weekly #4: BITB Attack, Hackthebox Walkthrough, Twitter Link Takeover, and more.** ⌘ [Read more](https://infosecwriteups.com/iw-weekly-4-bitb-attack-hackthebox-walkthrough-twitter-link-takeover-and-more-d7909993ecc7?source=rss----7b722bfd1b8d---4)
2022-06-30T16:14:29Z	**All About String in Python** ⌘ [Read more](https://infosecwriteups.com/all-about-string-in-python-b13d2306029f?source=rss----7b722bfd1b8d---4)
2022-06-30T16:51:25Z	**Choosing your job role in cybersecurity** ⌘ [Read more](https://infosecwriteups.com/choosing-your-job-role-in-cybersecurity-75ab920285a0?source=rss----7b722bfd1b8d---4)
2022-07-01T07:46:50Z	**Let’s Understand SSRF vulnerability**
[![](https://cdn-images-1.medium.com/max/1400/0*ng8Lok1fxomlENRU)](https://infosecwriteups.com/lets-understand-ssrf-vulnerability-6f1d28b228f9?source=rss----7b722bfd1b8d---4)

Introduction

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/lets-understand-ssrf-vulnerability-6f1d28b228f9?source=rss----7b722bfd1b8d---4) ⌘ [Read more](https://infosecwriteups.com/lets-understand-ssrf-vulnerability-6f1d28b228f9?source=rss----7b722bfd1b8d---4)
2022-07-01T12:42:40Z	**IW Weekly #5: Account Takeover, Recon, Ransomware Creation, and more.** ⌘ [Read more](https://infosecwriteups.com/iw-weekly-5-account-takeover-recon-ransomware-creation-and-more-9b662e6e0c88?source=rss----7b722bfd1b8d---4)
2022-07-03T15:48:36Z	**A swag for a Open Redirect — Google Dork — Bug Bounty**
[![](https://cdn-images-1.medium.com/max/2000/1*Rli0gKZWWLdQktrxLGFOhw.png)](https://infosecwriteups.com/a-swag-for-a-open-redirect-google-dork-bug-bounty-2143b943f34e?source=rss----7b722bfd1b8d---4)

Hello Folks 👋,I have found a good open redirect with my param scanner. I will tell you here how I found it and what kind of swag I got…

[Continue reading on InfoSec Write-ups »](https://infosecwr ... ⌘ [Read more](https://infosecwriteups.com/a-swag-for-a-open-redirect-google-dork-bug-bounty-2143b943f34e?source=rss----7b722bfd1b8d---4)
2022-07-03T15:47:39Z	**DNS in Active Directory** ⌘ [Read more](https://infosecwriteups.com/dns-in-active-directory-dcb93b10c3f3?source=rss----7b722bfd1b8d---4)
2022-07-04T14:27:29Z	**CVE-2022–32511 | Exploit | Remote Code Execution** ⌘ [Read more](https://infosecwriteups.com/cve-2022-32511-exploit-remote-code-execution-daeffdc94219?source=rss----7b722bfd1b8d---4)
2022-07-06T06:53:28Z	**Undetected from HackTheBox — Detailed Walkthrough** ⌘ [Read more](https://infosecwriteups.com/undetected-from-hackthebox-detailed-walkthrough-82847eadf7a7?source=rss----7b722bfd1b8d---4)
2022-07-07T07:21:05Z	**Annie From TryHackme** ⌘ [Read more](https://infosecwriteups.com/annie-from-tryhackme-edfea2b78eb5?source=rss----7b722bfd1b8d---4)
2022-07-07T10:32:15Z	**W Weekly #6: Bypassing 2FA, Steghide Challenges, PEStudio Walkthrough, and more…** ⌘ [Read more](https://infosecwriteups.com/w-weekly-6-bypassing-2fa-steghide-challenges-pestudio-walkthrough-and-more-1688a8e24b09?source=rss----7b722bfd1b8d---4)
2022-07-08T11:58:22Z	**Let’s Learn about Cookie and Its Security**
[![](https://cdn-images-1.medium.com/max/1400/0*dbMwNM_xNhn7DoIZ)](https://infosecwriteups.com/lets-learn-about-cookie-and-its-security-f6d349f2ccc0?source=rss----7b722bfd1b8d---4)

Introduction

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/lets-learn-about-cookie-and-its-security-f6d349f2ccc0?source=rss----7b722bfd1b8d---4) ⌘ [Read more](https://infosecwriteups.com/lets-learn-about-cookie-and-its-security-f6d349f2ccc0?source=rss----7b722bfd1b8d---4)
2022-07-09T11:38:04Z	**IW Weekly #7: Facebook account takeover, Java Deserialization, SSRF, and more…** ⌘ [Read more](https://infosecwriteups.com/https-weekly-infosecwriteups-com-iw-weekly-7-facebook-account-takeover-java-deserialization-ssrf-and-more-adb10046c646?source=rss----7b722bfd1b8d---4)
2022-07-09T19:30:08Z	**Exposing Millions of Voter ID card user’s details.** ⌘ [Read more](https://infosecwriteups.com/exposing-millions-of-voter-id-card-users-details-8a993c9a5d35?source=rss----7b722bfd1b8d---4)
2022-07-09T19:29:59Z	**Docker: Creating a Pivoting Lab and Exploiting it** ⌘ [Read more](https://infosecwriteups.com/docker-creating-a-pivoting-lab-and-exploiting-it-a66646dc2cf3?source=rss----7b722bfd1b8d---4)
2022-07-09T19:29:02Z	**HackTheBox Writeup: RouterSpace** ⌘ [Read more](https://infosecwriteups.com/hackthebox-writeup-routerspace-d0a4d5c1ce78?source=rss----7b722bfd1b8d---4)
2022-07-09T19:28:54Z	**How I Hacked My College Server?** ⌘ [Read more](https://infosecwriteups.com/how-i-hacked-my-college-server-738f038712c3?source=rss----7b722bfd1b8d---4)
2022-07-09T20:32:24Z	**RouterSpace From Hackthebox** ⌘ [Read more](https://infosecwriteups.com/routerspace-from-hackthebox-74de4a9ba988?source=rss----7b722bfd1b8d---4)
2022-07-10T16:31:46Z	**Hunting malwares with Yara** ⌘ [Read more](https://infosecwriteups.com/hunting-malwares-with-yara-6b451b2ad1a8?source=rss----7b722bfd1b8d---4)
2022-07-10T17:32:06Z	**Sandboxing python modules in your code** ⌘ [Read more](https://infosecwriteups.com/sandboxing-python-modules-in-your-code-1e590d71fc26?source=rss----7b722bfd1b8d---4)
2022-07-11T11:18:10Z	**IW Weekly #8: Cloudflare WAF, OAuth, TLS Fingerprinting, Talosplus, and more…** ⌘ [Read more](https://infosecwriteups.com/https-weekly-infosecwriteups-com-iw-weekly-8-2b8f40c888e3?source=rss----7b722bfd1b8d---4)
2022-07-13T11:22:37Z	**‍IW Weekly #9: Web3 Hacking, Leveraging Google Dorks, Python Flaws, and more…** ⌘ [Read more](https://infosecwriteups.com/https-weekly-infosecwriteups-com-iw-weekly-9-web3-hacking-leveraging-google-dorks-python-flaws-and-more-c230c4b6fea3?source=rss----7b722bfd1b8d---4)
2022-07-14T14:35:30Z	**Let’s talk about buffer overflow**
[![](https://cdn-images-1.medium.com/max/2240/1*D89RU58NsgWw2ohreS_7Fg.png)](https://infosecwriteups.com/lets-talk-about-buffer-overflow-54764101030b?source=rss----7b722bfd1b8d---4)

A buffer overflow, or buffer overrun, occurs when more data is put into a fixed-length buffer than the buffer can handle.

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/lets-talk-about-buffer-overflow-54764101030b?source=rss----7 ... ⌘ [Read more](https://infosecwriteups.com/lets-talk-about-buffer-overflow-54764101030b?source=rss----7b722bfd1b8d---4)
2022-07-14T15:37:10Z	**Understanding and Bypassing Rate Limiting's**
[![](https://cdn-images-1.medium.com/max/1400/0*g42Mdx-kCUyeC1lc)](https://infosecwriteups.com/understanding-and-bypassing-rate-limitings-7c99a1252635?source=rss----7b722bfd1b8d---4)

Introduction

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/understanding-and-bypassing-rate-limitings-7c99a1252635?source=rss----7b722bfd1b8d---4) ⌘ [Read more](https://infosecwriteups.com/understanding-and-bypassing-rate-limitings-7c99a1252635?source=rss----7b722bfd1b8d---4)
2022-07-15T08:05:11Z	**WiFi Hacking Week Pt. 4 — Evil Twin Attacks** ⌘ [Read more](https://infosecwriteups.com/wifi-hacking-week-pt-4-evil-twin-attacks-63f79a800206?source=rss----7b722bfd1b8d---4)
2022-07-15T08:04:58Z	**Android WebView Hacking — Enable WebView Debugging** ⌘ [Read more](https://infosecwriteups.com/android-webview-hacking-enable-webview-debugging-d292b53f7a63?source=rss----7b722bfd1b8d---4)
2022-07-15T11:07:58Z	**‍IW Weekly #10: 5 Articles, 4 Threads, 3 Videos, 2 Github Repos, 1 Job Alert** ⌘ [Read more](https://infosecwriteups.com/https-weekly-infosecwriteups-com-iw-weekly-10-5-articles-4-threads-3-videos-2-github-repos-1-job-alert-2ebff2c27f80?source=rss----7b722bfd1b8d---4)
2022-07-16T09:32:33Z	**RouterSpace from HackTheBox — Detailed Walkthrough** ⌘ [Read more](https://infosecwriteups.com/routerspace-from-hackthebox-detailed-walkthrough-d40c22ad9d7c?source=rss----7b722bfd1b8d---4)
2022-07-17T17:14:30Z	**FFUF-ing RECON**
[![](https://cdn-images-1.medium.com/max/720/1*o29QbJycAhYssrg274Fz5w.png)](https://infosecwriteups.com/ffuf-ing-recon-1ee4e79b3256?source=rss----7b722bfd1b8d---4)

, or how to get to P1–P3 from a slightly different recon

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/ffuf-ing-recon-1ee4e79b3256?source=rss----7b722bfd1b8d---4) ⌘ [Read more](https://infosecwriteups.com/ffuf-ing-recon-1ee4e79b3256?source=rss----7b722bfd1b8d---4)
2022-07-17T18:17:17Z	**Finding 0-days in Enterprise Application** ⌘ [Read more](https://infosecwriteups.com/finding-0-days-in-enterprise-application-471a409ade8d?source=rss----7b722bfd1b8d---4)
2022-07-19T05:15:27Z	**Good things takes time | Story of my first “valid” critical bug!** ⌘ [Read more](https://infosecwriteups.com/story-of-my-first-valid-critical-bug-22029115f8d7?source=rss----7b722bfd1b8d---4)
2022-07-19T05:13:12Z	**Hacking Facebook Invoice: How I could’ve bought anything for Free from Facebook Business Pages** ⌘ [Read more](https://infosecwriteups.com/hacking-facebook-invoice-how-i-couldve-bought-anything-for-free-from-facebook-business-pages-42bcfaa73ec4?source=rss----7b722bfd1b8d---4)
2022-07-20T07:03:19Z	**TryHackMe — Offensive Security** ⌘ [Read more](https://infosecwriteups.com/tryhackme-offensive-security-a5ed067ca234?source=rss----7b722bfd1b8d---4)
2022-07-20T07:03:08Z	**Paper from HackTheBox — Detailed Walkthrough** ⌘ [Read more](https://infosecwriteups.com/paper-from-hackthebox-detailed-walkthrough-8afa8de0ff3e?source=rss----7b722bfd1b8d---4)
2022-07-20T07:37:45Z	**File Permissions in Linux** ⌘ [Read more](https://infosecwriteups.com/file-permissions-in-linux-8d35ed810a23?source=rss----7b722bfd1b8d---4)
2022-07-21T06:15:16Z	**HTB-Business CTF** ⌘ [Read more](https://infosecwriteups.com/htb-business-ctf-e388db78649?source=rss----7b722bfd1b8d---4)
2022-07-22T05:33:36Z	**TryHackMe — Antivirus** ⌘ [Read more](https://infosecwriteups.com/tryhackme-antivirus-2c69a4b3e26e?source=rss----7b722bfd1b8d---4)
2022-07-22T06:38:25Z	**A Lab for Practicing Azure Service Principal Abuse** ⌘ [Read more](https://infosecwriteups.com/a-lab-for-practicing-azure-service-principal-abuse-bd000e6c48eb?source=rss----7b722bfd1b8d---4)
2022-07-22T10:42:19Z	**The more predictable you are, the less you get detected — hiding malicious shellcodes via Shannon…** ⌘ [Read more](https://infosecwriteups.com/the-more-predictable-you-are-the-less-you-get-detected-hiding-malicious-shellcodes-via-shannon-111a83fe60e4?source=rss----7b722bfd1b8d---4)
2022-07-22T11:47:05Z	**Let’s Understand Path Traversal Vulnerabilities**
[![](https://cdn-images-1.medium.com/max/1400/0*cFk5Ddgy1dOcaS8o)](https://infosecwriteups.com/lets-understand-path-traversal-vulnerabilities-e4263dcb4e39?source=rss----7b722bfd1b8d---4)

Introduction

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/lets-understand-path-traversal-vulnerabilities-e4263dcb4e39?source=rss----7b722bfd1b8d---4) ⌘ [Read more](https://infosecwriteups.com/lets-understand-path-traversal-vulnerabilities-e4263dcb4e39?source=rss----7b722bfd1b8d---4)
2022-07-22T15:53:26Z	**How Malicious Hackers Can Takeover Your Headless Browser: Part 1** ⌘ [Read more](https://infosecwriteups.com/how-malicious-hackers-can-takeover-your-headless-browser-part-1-bcab9e3a2f9c?source=rss----7b722bfd1b8d---4)
2022-07-22T15:53:10Z	**How Malicious Hackers Can Takeover Your Headless Browser: Part 2** ⌘ [Read more](https://infosecwriteups.com/how-malicious-hackers-can-takeover-your-headless-browser-part-2-e56fe87b567b?source=rss----7b722bfd1b8d---4)
2022-07-22T15:52:57Z	**Don’t let evil hackers abuse this simple Flask/Jinja2 mistake** ⌘ [Read more](https://infosecwriteups.com/walkthrough-templated-hack-the-box-web-challenge-defc45ebbf01?source=rss----7b722bfd1b8d---4)
2022-07-23T07:19:47Z	**I mean, IDOR is NOT only about others ID** ⌘ [Read more](https://infosecwriteups.com/i-mean-idor-is-not-only-about-others-id-2d26115072ba?source=rss----7b722bfd1b8d---4)
2022-07-23T07:19:34Z	**How to NOT keep your Active Directory safe.** ⌘ [Read more](https://infosecwriteups.com/walkthrough-phonebook-hack-the-box-web-challenge-b853924b5542?source=rss----7b722bfd1b8d---4)
2022-07-23T07:19:22Z	**This one trick will exploit URL parsers to perform SSRF** ⌘ [Read more](https://infosecwriteups.com/walkthrough-weather-app-hack-the-box-web-challenge-34b0c930dfca?source=rss----7b722bfd1b8d---4)
2022-07-23T07:19:10Z	**This is why you should NEVER use the eval() function — RCE!** ⌘ [Read more](https://infosecwriteups.com/walkthrough-lovetok-hack-the-box-web-challenge-430c44f6a0c9?source=rss----7b722bfd1b8d---4)
2022-07-23T07:18:39Z	**Be Careful of User Input. You will get hacked.** ⌘ [Read more](https://infosecwriteups.com/walkthrough-toxic-hack-the-box-web-challenge-de8badbded86?source=rss----7b722bfd1b8d---4)
2022-07-23T07:18:19Z	**Beware of Ghosts!! — when CVE-2018–16509 leads to Remote Code Execution.** ⌘ [Read more](https://infosecwriteups.com/walkthrough-petpet-rcbee-hack-the-box-web-challenge-e0f23fe487a6?source=rss----7b722bfd1b8d---4)
2022-07-23T13:12:09Z	**Un3xpected DoS Attack on Profile Pictur3** ⌘ [Read more](https://infosecwriteups.com/un3xpected-dos-attack-on-profile-pictur3-b957979dcc7?source=rss----7b722bfd1b8d---4)
2022-07-24T08:19:23Z	**Pivoting Techniques with THM Wreath** ⌘ [Read more](https://infosecwriteups.com/pivoting-techniques-with-thm-wreath-95fecba1b580?source=rss----7b722bfd1b8d---4)
2022-07-24T09:22:45Z	**How I chained multiple CVEs and other web vulnerabilities during a past Red Team Op to pwn the** ⌘ [Read more](https://infosecwriteups.com/how-i-chained-multiple-cves-and-other-web-vulnerabilities-during-a-past-red-team-op-to-pwn-the-77274ef6b7e3?source=rss----7b722bfd1b8d---4)
2022-07-25T08:26:56Z	**This is why you should ALWAYS check for Race Conditions (even in JavaScript)** ⌘ [Read more](https://infosecwriteups.com/this-is-why-you-should-always-check-for-race-conditions-even-in-javascript-410b6021ad1a?source=rss----7b722bfd1b8d---4)
2022-07-26T09:06:11Z	**Mail Server Misconfiguration leads to sending a fax from anyone’s account on HelloFax (Dropbox BBP)…** ⌘ [Read more](https://infosecwriteups.com/mail-server-misconfiguration-leads-to-sending-a-fax-from-anyones-account-on-hellofax-dropbox-bbp-aab3d97ab4e7?source=rss----7b722bfd1b8d---4)
2022-07-26T10:12:43Z	**You MUST sanitize PHP mail() inputs — or else RCE!** ⌘ [Read more](https://infosecwriteups.com/you-must-sanitize-php-mail-inputs-or-else-rce-7ac7ba906dca?source=rss----7b722bfd1b8d---4)
2022-07-26T11:06:06Z	**IW Weekly #11: Hacking Nginx, eJPT2.0, Free Hacking Resources, OWASP API, and more** ⌘ [Read more](https://infosecwriteups.com/iw-weekly-11-hacking-nginx-ejpt2-0-free-hacking-resources-owasp-api-and-more-642045883c0?source=rss----7b722bfd1b8d---4)
2022-07-27T07:22:45Z	**How a Race Condition made these crypto hackers $5000 bug bounty** ⌘ [Read more](https://infosecwriteups.com/how-a-race-condition-made-these-crypto-hackers-5000-bug-bounty-a72158a472a8?source=rss----7b722bfd1b8d---4)
2022-07-27T14:26:22Z	**Catch from HackTheBox — Detailed Walkthrough** ⌘ [Read more](https://infosecwriteups.com/catch-from-hackthebox-detailed-walkthrough-d0ad7cf318b3?source=rss----7b722bfd1b8d---4)
2022-07-28T08:04:48Z	**Why this SIMPLE mistake earned a $5000 bug bounty from Reddit** ⌘ [Read more](https://infosecwriteups.com/why-this-simple-mistake-earned-a-5000-bug-bounty-from-reddit-d906cb46c60e?source=rss----7b722bfd1b8d---4)
2022-07-28T08:03:25Z	**How to Install Elastic Stack on Ubuntu 22.04 LTS** ⌘ [Read more](https://infosecwriteups.com/how-to-install-elastic-stack-on-ubuntu-22-04-lts-a2f1b00eced?source=rss----7b722bfd1b8d---4)
2022-07-29T11:51:51Z	**How this team accidentally found a SSRF in Slack exposing AWS credentials! A $4000 bug bounty** ⌘ [Read more](https://infosecwriteups.com/how-this-team-accidentally-found-a-ssrf-in-slack-exposing-aws-credentials-a-4000-bug-bounty-513be19286e?source=rss----7b722bfd1b8d---4)
2022-07-29T12:21:36Z	**IW Weekly #12: $O to $150,000/month mindset, Zoom RCE, Abusing FB Features, Bypass CSRF Protection…** ⌘ [Read more](https://infosecwriteups.com/iw-weekly-12-o-to-150-000-month-mindset-zoom-rce-abusing-fb-features-bypass-csrf-protection-abf86efeca5e?source=rss----7b722bfd1b8d---4)
2022-07-30T08:38:16Z	**GSuite domain takeover through delegation** ⌘ [Read more](https://infosecwriteups.com/gsuite-domain-takeover-through-delegation-9d6664c91142?source=rss----7b722bfd1b8d---4)
2022-08-01T06:27:29Z	**Cybersecurity Learning Path** ⌘ [Read more](https://infosecwriteups.com/cybersecurity-learning-path-19f64f6a547e?source=rss----7b722bfd1b8d---4)
2022-08-01T06:27:00Z	**Zero-day XSS** ⌘ [Read more](https://infosecwriteups.com/zero-day-xss-309916922ea6?source=rss----7b722bfd1b8d---4)
2022-08-01T06:24:18Z	**Why this EASY vulnerability resulted in a $20,000 bug bounty from GitLab**
[![](https://cdn-images-1.medium.com/max/1420/1*q8df8dhpfcAcknz5iHA78A.png)](https://infosecwriteups.com/how-this-easy-vulnerability-resulted-in-a-20-000-bug-bounty-from-gitlab-d9dc9312c10a?source=rss----7b722bfd1b8d---4)

The hidden dangers of numerical IDs

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/how-this-easy-vulnerabilit ... ⌘ [Read more](https://infosecwriteups.com/how-this-easy-vulnerability-resulted-in-a-20-000-bug-bounty-from-gitlab-d9dc9312c10a?source=rss----7b722bfd1b8d---4)
2022-08-01T06:24:05Z	**This SIMPLE vulnerability in Shopify earned a $2500 bug bounty**
[![](https://cdn-images-1.medium.com/max/1308/1*Wdq44-jgI1mZFiwv_tv3sg.png)](https://infosecwriteups.com/this-simple-vulnerability-in-shopify-earned-a-2500-bug-bounty-25f0b8358012?source=rss----7b722bfd1b8d---4)

Don’t forget to check for user access rights

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/this-simple-vulnerability-in-shopify-earned-a-2 ... ⌘ [Read more](https://infosecwriteups.com/this-simple-vulnerability-in-shopify-earned-a-2500-bug-bounty-25f0b8358012?source=rss----7b722bfd1b8d---4)
2022-08-01T08:13:03Z	**IW Weekly #13: 1000s of user tokens exposed, pre-auth RCEs in Oracle, AWS Misconfigurations, IDOR…** ⌘ [Read more](https://infosecwriteups.com/iw-weekly-13-1000s-of-user-tokens-exposed-pre-auth-rces-in-oracle-aws-misconfigurations-idor-46d1771fdbd6?source=rss----7b722bfd1b8d---4)
2022-08-02T10:56:51Z	**Learn SQL injection in practice by hacking vulnerable application! — StackZero** ⌘ [Read more](https://infosecwriteups.com/learn-sql-injection-in-practice-by-hacking-vulnerable-application-stackzero-ef7931c72aec?source=rss----7b722bfd1b8d---4)
2022-08-02T10:54:48Z	**How to Setup BurpSuite on Linux** ⌘ [Read more](https://infosecwriteups.com/how-to-setup-burpsuite-on-linux-350d17780fdb?source=rss----7b722bfd1b8d---4)
2022-08-02T10:50:50Z	**Is CSRF really dead? Examining Stripe’s $5000 CSRF bug bounty.**
[![](https://cdn-images-1.medium.com/max/1272/1*DUBayO9EToMxhGPHDsObUg.png)](https://infosecwriteups.com/is-csrf-really-dead-examining-stripes-5000-csrf-bug-bounty-37bbd6631de3?source=rss----7b722bfd1b8d---4)

Testing for CSRF can be worth it.

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/is-csrf-really-dead-examining-stripes-5000-csrf-bug-bounty-37bbd ... ⌘ [Read more](https://infosecwriteups.com/is-csrf-really-dead-examining-stripes-5000-csrf-bug-bounty-37bbd6631de3?source=rss----7b722bfd1b8d---4)
2022-08-03T06:16:08Z	**IW Weekly #14: $1M bounty, bug bounty tips, upcoming CTF events, API attacks, bypassing .NET,** ⌘ [Read more](https://infosecwriteups.com/iw-weekly-14-1m-bounty-bug-bounty-tips-upcoming-ctf-events-api-attacks-bypassing-net-2f6ed3439976?source=rss----7b722bfd1b8d---4)
2022-08-03T12:44:44Z	**Cyber Security Detection Frameworks** ⌘ [Read more](https://infosecwriteups.com/cyber-security-detection-frameworks-b5fec0c93195?source=rss----7b722bfd1b8d---4)
2022-08-03T12:44:35Z	**Abusing URL Shortners for fun and profit**
[![](https://cdn-images-1.medium.com/max/2600/0*EfOdlUz3Y7H7EHn6)](https://infosecwriteups.com/abusing-url-shortners-for-fun-and-profit-c83c67713916?source=rss----7b722bfd1b8d---4)

Hello Security Researchers

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/abusing-url-shortners-for-fun-and-profit-c83c67713916?source=rss----7b722bfd1b8d---4) ⌘ [Read more](https://infosecwriteups.com/abusing-url-shortners-for-fun-and-profit-c83c67713916?source=rss----7b722bfd1b8d---4)
2022-08-03T12:44:21Z	**Multiple bugs in one program leads to 1500€** ⌘ [Read more](https://infosecwriteups.com/multiple-bugs-in-one-program-leads-to-1500-c35fcde06bc7?source=rss----7b722bfd1b8d---4)
2022-08-04T11:34:14Z	**Intro to Digital Forensics** ⌘ [Read more](https://infosecwriteups.com/intro-to-digital-forensics-f41093f37a05?source=rss----7b722bfd1b8d---4)
2022-08-04T11:34:03Z	**This is how he could hijack Reddit accounts with just ONE click: a $10,000 bug bounty**
[![](https://cdn-images-1.medium.com/max/1306/1*9UKYd90liOFnN5aVSVE1YA.png)](https://infosecwriteups.com/this-is-how-he-could-hijack-reddit-accounts-with-just-one-click-a-10-000-bug-bounty-7fd8d54d5582?source=rss----7b722bfd1b8d---4)

Exploring Frans Rosén’s bypass of OAuth security

[Continue reading on InfoSec Write-ups »](http ... ⌘ [Read more](https://infosecwriteups.com/this-is-how-he-could-hijack-reddit-accounts-with-just-one-click-a-10-000-bug-bounty-7fd8d54d5582?source=rss----7b722bfd1b8d---4)
2022-08-04T12:37:43Z	**A Multi-Layered Security Architecture for Databases** ⌘ [Read more](https://infosecwriteups.com/a-multi-layered-security-architecture-for-databases-3d2b3a60070f?source=rss----7b722bfd1b8d---4)
2022-08-04T17:22:10Z	**Analyzing a Remcos RAT Infection** ⌘ [Read more](https://infosecwriteups.com/analyzing-a-remcos-rat-infection-5c9b6bfd7139?source=rss----7b722bfd1b8d---4)
2022-08-05T04:58:25Z	**HTB — Dirty Money — Debugger Unchained Write Up** ⌘ [Read more](https://infosecwriteups.com/htb-dirty-money-debugger-unchained-write-up-e831a83941e6?source=rss----7b722bfd1b8d---4)
2022-08-05T04:57:32Z	**Malware Traffic Analysis Exercise | Burnincandle | IcedID Malware** ⌘ [Read more](https://infosecwriteups.com/malware-traffic-analysis-exercise-burnincandle-icedid-malware-67e78ef1d46c?source=rss----7b722bfd1b8d---4)
2022-08-05T11:04:56Z	**What do we learn from modern Cyber Warfare & State Sponsored Threats (SCADA & ICS)** ⌘ [Read more](https://infosecwriteups.com/what-do-we-learn-from-the-modern-cyber-warfare-state-sponsored-threats-scada-ics-32d224288934?source=rss----7b722bfd1b8d---4)
2022-08-05T12:07:14Z	**Let’s Learn API Security: More about Broken Object Level Authorization**
[![](https://cdn-images-1.medium.com/max/1400/0*MzF39G_22FLWCQ4N)](https://infosecwriteups.com/lets-learn-api-security-more-about-broken-object-level-authorization-b5fd1d73e0d8?source=rss----7b722bfd1b8d---4)

Introduction

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/lets-learn-api-security-more-about-broken-object-level-authorizatio ... ⌘ [Read more](https://infosecwriteups.com/lets-learn-api-security-more-about-broken-object-level-authorization-b5fd1d73e0d8?source=rss----7b722bfd1b8d---4)
2022-08-06T05:22:32Z	**Another day, Another IDOR vulnerability— $5000 Reddit Bug Bounty**
[![](https://cdn-images-1.medium.com/max/1828/1*R8GhyIN5OvOdH1gP8cu0eQ.png)](https://infosecwriteups.com/another-day-another-idor-vulnerability-5000-reddit-bug-bounty-22a75003d999?source=rss----7b722bfd1b8d---4)

Gaining unprivileged access to Reddit moderator logs

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/another-day-another-idor-vulnerabilit ... ⌘ [Read more](https://infosecwriteups.com/another-day-another-idor-vulnerability-5000-reddit-bug-bounty-22a75003d999?source=rss----7b722bfd1b8d---4)
2022-08-06T06:21:05Z	**How i was able to get 29 free products. | Bug Bounty** ⌘ [Read more](https://infosecwriteups.com/how-i-was-able-to-get-29-free-products-bug-bounty-845667ab4ad4?source=rss----7b722bfd1b8d---4)
2022-08-06T11:32:05Z	**Smart contract security best practices: PART 1** ⌘ [Read more](https://infosecwriteups.com/smart-contract-security-best-practices-part-1-c35b640ee2ff?source=rss----7b722bfd1b8d---4)
2022-08-06T11:31:56Z	**Post-Exploitation Basics In Active Directory Environment By Hashar Mujahid** ⌘ [Read more](https://infosecwriteups.com/post-exploitation-basics-in-active-directory-enviorment-by-hashar-mujahid-d46880974f87?source=rss----7b722bfd1b8d---4)
2022-08-07T17:04:13Z	**Enterprise: Active Directory Room From TryHackMe By** ⌘ [Read more](https://infosecwriteups.com/enterprise-active-directory-room-from-tryhackme-87f8738efc96?source=rss----7b722bfd1b8d---4)
2022-08-07T17:03:59Z	**TryHackMe WriteUp: Agent T** ⌘ [Read more](https://infosecwriteups.com/tryhackme-writeup-agent-t-4807b77f768d?source=rss----7b722bfd1b8d---4)
2022-08-07T17:03:48Z	**What is command injection and how to exploit it — StackZero** ⌘ [Read more](https://infosecwriteups.com/what-is-command-injection-and-how-to-exploit-it-stackzero-ac7643bc492?source=rss----7b722bfd1b8d---4)
2022-08-08T12:15:33Z	**Kubernetes Security** ⌘ [Read more](https://infosecwriteups.com/kubernetes-security-df58a8e5f379?source=rss----7b722bfd1b8d---4)
2022-08-08T12:15:17Z	**PortSwigger Web Security Academy Lab: SQL injection vulnerability in WHERE clause allowing…** ⌘ [Read more](https://infosecwriteups.com/portswigger-web-security-academy-lab-sql-injection-vulnerability-in-where-clause-allowing-be11d2611987?source=rss----7b722bfd1b8d---4)
2022-08-09T10:10:18Z	**IW Weekly #15: Admin account takeover, IDOR broken authentication, CyberChef alternatives, Dark web…** ⌘ [Read more](https://infosecwriteups.com/iw-weekly-15-admin-account-takeover-idor-broken-authentication-cyberchef-alternatives-dark-web-ce821697e49e?source=rss----7b722bfd1b8d---4)
2022-08-09T15:04:05Z	**Stored XSS to Account Takeover : Going beyond document.cookie (Dumping IndexedDB)** ⌘ [Read more](https://infosecwriteups.com/stored-xss-to-account-takeover-going-beyond-document-cookie-970e42362f43?source=rss----7b722bfd1b8d---4)
2022-08-09T15:03:36Z	**PortSwigger Web Security Academy Lab: SQL injection vulnerability allowing login bypass** ⌘ [Read more](https://infosecwriteups.com/portswigger-web-security-academy-lab-sql-injection-vulnerability-allowing-login-bypass-2cb40fcf4a10?source=rss----7b722bfd1b8d---4)
2022-08-09T15:03:00Z	**About the discovery of another security vulnerability in NASA** ⌘ [Read more](https://infosecwriteups.com/about-the-discovery-of-another-security-vulnerability-in-nasa-427ea194f537?source=rss----7b722bfd1b8d---4)
2022-08-09T16:06:04Z	**Creating a basic backdoor on an android mobile** ⌘ [Read more](https://infosecwriteups.com/creating-a-basic-backdoor-on-an-android-mobile-66bb58fc7507?source=rss----7b722bfd1b8d---4)
2022-08-10T07:28:41Z	**IIot, Operational Technology Cybersecurity Challenges** ⌘ [Read more](https://infosecwriteups.com/iiot-operational-technology-cybersecurity-challenges-8fd522ad84ef?source=rss----7b722bfd1b8d---4)
2022-08-10T10:37:45Z	**RazorBlack: Active Directory Room From TryHackMe By Hashar Mujahid** ⌘ [Read more](https://infosecwriteups.com/razorblack-active-directory-room-from-tryhackme-by-hashar-mujahid-52985f24d929?source=rss----7b722bfd1b8d---4)
2022-08-10T11:42:49Z	**Hunting webshell with NeoPI** ⌘ [Read more](https://infosecwriteups.com/hunting-webshell-with-neopi-62b76ce10d6b?source=rss----7b722bfd1b8d---4)
2022-08-10T12:42:51Z	**Write-up: Pickle Rick @ TryHackMe** ⌘ [Read more](https://infosecwriteups.com/write-up-pickle-rick-tryhackme-6a3c838507c2?source=rss----7b722bfd1b8d---4)
2022-08-10T16:06:35Z	**Hacker101 CTF — Travial CTF Flag 0** ⌘ [Read more](https://infosecwriteups.com/hacker101-ctf-travial-ctf-flag-0-9912113630bc?source=rss----7b722bfd1b8d---4)
2022-08-10T16:06:25Z	**Car Hacking: Cyber Security in Automotive Industry** ⌘ [Read more](https://infosecwriteups.com/car-hacking-cyber-security-in-automotive-industry-e9a7a4ffd6bb?source=rss----7b722bfd1b8d---4)
2022-08-11T14:44:29Z	**PortSwigger Web Security Lab: SQL injection UNION attack, determining the number of columns…** ⌘ [Read more](https://infosecwriteups.com/portswigger-web-security-lab-sql-injection-union-attack-determining-the-number-of-columns-5f0a4fa95e5e?source=rss----7b722bfd1b8d---4)
2022-08-11T14:44:16Z	**Hacker101 CTF — Micro CMS v1 Flag 0** ⌘ [Read more](https://infosecwriteups.com/hacker101-ctf-micro-cms-v1-flag-0-dd5b40652282?source=rss----7b722bfd1b8d---4)
2022-08-11T14:44:04Z	**Phoenix Challenges — Stack Zero** ⌘ [Read more](https://infosecwriteups.com/phoenix-challenges-stack-zero-f8743cc871ed?source=rss----7b722bfd1b8d---4)
2022-08-12T07:01:19Z	**Let’s Learn API Security: More about Excessive Data Exposure**
[![](https://cdn-images-1.medium.com/max/1400/0*N7EWy7Ibg6xXN8W0)](https://infosecwriteups.com/lets-learn-api-security-more-about-excessive-data-exposure-372fe2dd70c8?source=rss----7b722bfd1b8d---4)

We are going to talk about “Excessive Data Exposure” in this post that we are making for API Security.

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/lets-le ... ⌘ [Read more](https://infosecwriteups.com/lets-learn-api-security-more-about-excessive-data-exposure-372fe2dd70c8?source=rss----7b722bfd1b8d---4)
2022-08-12T08:03:23Z	**Configuring TOR with Python** ⌘ [Read more](https://infosecwriteups.com/configuring-tor-with-python-1a90fc1c246f?source=rss----7b722bfd1b8d---4)
2022-08-13T07:50:29Z	**An interesting voice confusion discovery in Meta bug bounty** ⌘ [Read more](https://infosecwriteups.com/an-interesting-voice-confusion-discovery-in-meta-bug-bounty-a9b65175af32?source=rss----7b722bfd1b8d---4)
2022-08-13T07:49:06Z	**Server Side Template Injections By Hashar Mujahid.** ⌘ [Read more](https://infosecwriteups.com/server-side-template-injections-by-hashar-mujahid-e5a1a383027e?source=rss----7b722bfd1b8d---4)
2022-08-15T10:34:42Z	**Irremovable guest in facebook event — Facebook bug bounty** ⌘ [Read more](https://infosecwriteups.com/irremovable-guest-in-facebook-event-facebook-bug-bounty-e10e03c98cd5?source=rss----7b722bfd1b8d---4)
2022-08-15T10:34:11Z	**PortSwigger Web Security Academy Lab: SQL injection UNION attack, finding a column containing text** ⌘ [Read more](https://infosecwriteups.com/portswigger-web-security-academy-lab-sql-injection-union-attack-finding-a-column-containing-text-f67728a4240a?source=rss----7b722bfd1b8d---4)
2022-08-15T11:36:05Z	**Salesforce bug hunting to Critical bug**
[![](https://cdn-images-1.medium.com/max/720/1*xrtmfuoiJmDfTkjGNrtK7g.jpeg)](https://infosecwriteups.com/salesforce-bug-hunting-to-critical-bug-b5da44789d3?source=rss----7b722bfd1b8d---4)

Or how I learned that some bugs are truly rare

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/salesforce-bug-hunting-to-critical-bug-b5da44789d3?source=rss----7b722bfd1b8d---4) ⌘ [Read more](https://infosecwriteups.com/salesforce-bug-hunting-to-critical-bug-b5da44789d3?source=rss----7b722bfd1b8d---4)
2022-08-16T07:10:54Z	**IW Weekly #16: AWS Vulnerability, Threat Hunting, Reflected XSS, Pentesting Resource, Command…** ⌘ [Read more](https://infosecwriteups.com/iw-weekly-16-aws-vulnerability-threat-hunting-reflected-xss-pentesting-resource-command-1b172801f2b7?source=rss----7b722bfd1b8d---4)
2022-08-16T07:18:55Z	**How To Hack With SQL Injection Attacks! DVWA low security — StackZero** ⌘ [Read more](https://infosecwriteups.com/how-to-hack-with-sql-injection-attacks-dvwa-low-security-stackzero-9286d7d0dfd1?source=rss----7b722bfd1b8d---4)
2022-08-16T18:30:26Z	**PortSwigger Web Security Academy Lab: SQL injection UNION attack, retrieving data from other tables** ⌘ [Read more](https://infosecwriteups.com/portswigger-web-security-academy-lab-sql-injection-union-attack-retrieving-data-from-other-tables-92d776fa0059?source=rss----7b722bfd1b8d---4)
2022-08-16T19:33:03Z	**StepSecurity releases tool that it used to improve security of 30 critical open-source projects…** ⌘ [Read more](https://infosecwriteups.com/stepsecurity-releases-tool-that-it-used-to-improve-security-of-30-critical-open-source-projects-4ebbef31b908?source=rss----7b722bfd1b8d---4)
2022-08-17T07:19:06Z	**PortSwigger Web Security Academy Lab: SQL injection UNION attack, retrieving multiple values in a…** ⌘ [Read more](https://infosecwriteups.com/portswigger-web-security-academy-lab-sql-injection-union-attack-retrieving-multiple-values-in-a-3f025ac94b67?source=rss----7b722bfd1b8d---4)
2022-08-17T15:48:37Z	**Using Kubernetes Plugins for Better Security** ⌘ [Read more](https://infosecwriteups.com/using-kubernetes-plugins-for-better-security-7b083cc3a7b7?source=rss----7b722bfd1b8d---4)
2022-08-18T08:18:08Z	**IW Weekly #17: $30,000 Bounty, Instagram Account Takeover, AWS Security Series, Google…** ⌘ [Read more](https://infosecwriteups.com/iw-weekly-17-30-000-bounty-instagram-account-takeover-aws-security-series-google-a0f3e6f980fb?source=rss----7b722bfd1b8d---4)
2022-08-19T17:06:09Z	**Erlik — Vulnerable SOAP Service** ⌘ [Read more](https://infosecwriteups.com/erlik-vulnerable-soap-service-d0a71355058e?source=rss----7b722bfd1b8d---4)
2022-08-19T17:05:56Z	**C Language for Hackers & Beyond! 0x02** ⌘ [Read more](https://infosecwriteups.com/c-language-for-hackers-beyond-0x01-eb885c8a189a?source=rss----7b722bfd1b8d---4)
2022-08-19T18:07:21Z	**Write-up: Git Happens @ TryHackMe** ⌘ [Read more](https://infosecwriteups.com/write-up-git-happens-tryhackme-408a111e880f?source=rss----7b722bfd1b8d---4)
2022-08-20T16:01:34Z	**IW Weekly #18: $45,000 Facebook Bug Bounty, Cross-site Scripting, Hacking, Recon and Breaking into…** ⌘ [Read more](https://infosecwriteups.com/iw-weekly-18-45-000-facebook-bug-bounty-cross-site-scripting-hacking-recon-and-breaking-into-7c7cff7cde76?source=rss----7b722bfd1b8d---4)
2022-08-21T17:34:23Z	**Redline Stealer Malware Static Analysis** ⌘ [Read more](https://infosecwriteups.com/redline-stealer-malware-static-analysis-69367b37a146?source=rss----7b722bfd1b8d---4)
2022-08-21T17:34:09Z	**Confidential — TryHackMe Walkthrough** ⌘ [Read more](https://infosecwriteups.com/tryhackme-confidential-walk-through-8b8294579134?source=rss----7b722bfd1b8d---4)
2022-08-21T17:33:59Z	**Hackers use String of Emojis to hack you.** ⌘ [Read more](https://infosecwriteups.com/hackers-use-string-of-emojis-to-hack-you-296499845b0d?source=rss----7b722bfd1b8d---4)
2022-08-21T17:33:20Z	**BrainStrom TryHackme** ⌘ [Read more](https://infosecwriteups.com/brainstrom-tryhackme-523b916661ff?source=rss----7b722bfd1b8d---4)
2022-08-21T17:31:58Z	**Linux fundamentals — Summary:** ⌘ [Read more](https://infosecwriteups.com/linux-fundamentals-summary-98a1d24cae17?source=rss----7b722bfd1b8d---4)
2022-08-21T18:33:23Z	**Write-up: JWT authentication bypass via flawed signature verification @ PortSwigger Academy** ⌘ [Read more](https://infosecwriteups.com/write-up-jwt-authentication-bypass-via-flawed-signature-verification-portswigger-academy-2107eddec3b7?source=rss----7b722bfd1b8d---4)
2022-08-22T11:14:36Z	**First Bug Bounty from DOS: Taking the service down** ⌘ [Read more](https://infosecwriteups.com/first-bug-bounty-from-dos-taking-the-service-down-30f9ad4e0246?source=rss----7b722bfd1b8d---4)
2022-08-22T11:14:21Z	**Account takeover worth $1000** ⌘ [Read more](https://infosecwriteups.com/account-takeover-worth-1000-611452063cf?source=rss----7b722bfd1b8d---4)
2022-08-22T11:11:30Z	**PortSwigger Web Security Academy Lab: SQL injection attack, querying the database type and versio** ⌘ [Read more](https://infosecwriteups.com/portswigger-web-security-academy-lab-sql-injection-attack-querying-the-database-type-and-versio-c6ca5bd380e2?source=rss----7b722bfd1b8d---4)
2022-08-22T12:18:31Z	**Create a simple phishing website and a Javascript keylogger** ⌘ [Read more](https://infosecwriteups.com/create-a-simple-phishing-website-and-a-javascript-keylogger-9bcafbe6ffda?source=rss----7b722bfd1b8d---4)
2022-08-22T13:18:20Z	**Portswigger Labs, how to get the most out of it**
[![](https://cdn-images-1.medium.com/max/1442/1*vckzb3TCXzHlKxtId-nmZw.png)](https://infosecwriteups.com/portswigger-labs-how-to-get-the-most-out-of-it-7add3553f88c?source=rss----7b722bfd1b8d---4)

or why looking up the solution underneath the lab isn’t cheating, it’s part of learning

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/portswigger-labs-how-to-get-the-most-out-of-it-7a ... ⌘ [Read more](https://infosecwriteups.com/portswigger-labs-how-to-get-the-most-out-of-it-7add3553f88c?source=rss----7b722bfd1b8d---4)
2022-08-23T08:10:52Z	**‍$5000 Bounty, Free Certification Courses, IndexDB, Reconnaissance Guide, Elasticsearch, and…** ⌘ [Read more](https://infosecwriteups.com/5000-bounty-free-certification-courses-indexdb-reconnaissance-guide-elasticsearch-and-da29bf1ba28a?source=rss----7b722bfd1b8d---4)
2022-08-24T11:44:45Z	**PortSwigger Web Security Academy Lab: SQL injection attack, querying the database type and version…** ⌘ [Read more](https://infosecwriteups.com/portswigger-web-security-academy-lab-sql-injection-attack-querying-the-database-type-and-version-acd2688592aa?source=rss----7b722bfd1b8d---4)
2022-08-24T12:47:32Z	**Write-up: Upload Vulnerabilities @ TryHackMe** ⌘ [Read more](https://infosecwriteups.com/write-up-upload-vulnerabilities-tryhackme-32bbaca5686c?source=rss----7b722bfd1b8d---4)
2022-08-24T13:06:31Z	**Break the Logic: Insecure Parameters (€300)** ⌘ [Read more](https://infosecwriteups.com/break-the-logic-insecure-parameters-300-e655cc4fcc42?source=rss----7b722bfd1b8d---4)
2022-08-25T07:21:26Z	**Bug Bounty Tips, Desync Attacks, SSRF, SQL Injection, Vulnerabilities in CPU, RCE, and much more…** ⌘ [Read more](https://infosecwriteups.com/bug-bounty-tips-desync-attacks-ssrf-sql-injection-vulnerabilities-in-cpu-rce-and-much-more-f4d43635dd23?source=rss----7b722bfd1b8d---4)
2022-08-25T10:19:38Z	**Server Side Template Injections Portswiggers Labs Walkthrough.** ⌘ [Read more](https://infosecwriteups.com/server-side-template-injections-portswiggers-labs-walkthrough-5a1a06f057d2?source=rss----7b722bfd1b8d---4)
2022-08-25T10:19:25Z	**How I found my first RCE!** ⌘ [Read more](https://infosecwriteups.com/how-i-found-my-first-rce-c063546114ef?source=rss----7b722bfd1b8d---4)
2022-08-25T10:18:46Z	**Cool Recon techniques every hacker misses! ** ⌘ [Read more](https://infosecwriteups.com/cool-recon-techniques-every-hacker-misses-1c5e0e294e89?source=rss----7b722bfd1b8d---4)
2022-08-25T11:22:10Z	**This SIMPLE trick will exploit image uploads - $2500 TikTok bug bounty.**
[![](https://cdn-images-1.medium.com/max/1000/1*_5yeoPC54yupPaf0KGJ_Pg.png)](https://infosecwriteups.com/this-simple-trick-will-exploit-image-uploads-2500-tiktok-bug-bounty-41fc01128ee?source=rss----7b722bfd1b8d---4)

Stored XSS in SVG files.

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/this-simple-trick-will-exploit-image-uploads-250 ... ⌘ [Read more](https://infosecwriteups.com/this-simple-trick-will-exploit-image-uploads-2500-tiktok-bug-bounty-41fc01128ee?source=rss----7b722bfd1b8d---4)
2022-08-25T12:22:11Z	**Write-up: Host header authentication bypass @ PortSwigger Academy** ⌘ [Read more](https://infosecwriteups.com/write-up-host-header-authentication-bypass-portswigger-academy-30bee8fbf05c?source=rss----7b722bfd1b8d---4)
2022-08-25T13:17:02Z	**‍Bug Bounty Tips, Desync Attacks, SSRF, SQL Injection, Vulnerabilities in CPU, RCE, and much…** ⌘ [Read more](https://infosecwriteups.com/bug-bounty-tips-desync-attacks-ssrf-sql-injection-vulnerabilities-in-cpu-rce-and-much-703c547810c3?source=rss----7b722bfd1b8d---4)
2022-08-26T06:57:24Z	**Bypassing unexpected IDOR** ⌘ [Read more](https://infosecwriteups.com/bypassing-unexpected-idor-e6a9da2e0498?source=rss----7b722bfd1b8d---4)
2022-08-26T06:56:52Z	**Stored XSS using SVG file** ⌘ [Read more](https://infosecwriteups.com/stored-xss-using-svg-file-2e3608248fae?source=rss----7b722bfd1b8d---4)
2022-08-26T06:55:59Z	**Break the Logic: 5 Different Perspectives in Single Page (€1500)** ⌘ [Read more](https://infosecwriteups.com/break-the-logic-5-different-perspectives-in-single-page-1500-5aa09da0fe7a?source=rss----7b722bfd1b8d---4)
2022-08-26T07:58:17Z	**Sometimes times the best hack is no hack at all — $2900 Shopify Bug Bounty**
[![](https://cdn-images-1.medium.com/max/2600/0*JBC8ZRklV_pU_Q2c)](https://infosecwriteups.com/sometimes-times-the-best-hack-is-no-hack-at-all-2900-shopify-bug-bounty-38531b279c67?source=rss----7b722bfd1b8d---4)

Access control is key.

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/sometimes-times-the-best-hack-is-no-hack-at-all ... ⌘ [Read more](https://infosecwriteups.com/sometimes-times-the-best-hack-is-no-hack-at-all-2900-shopify-bug-bounty-38531b279c67?source=rss----7b722bfd1b8d---4)
2022-08-27T06:41:26Z	**$7000 Bounty, Web3 Bug Hunting, API Hacking, IDOR, Triggering XSS with emojis, XSS Flyer, and much…** ⌘ [Read more](https://infosecwriteups.com/7000-bounty-web3-bug-hunting-api-hacking-idor-triggering-xss-with-emojis-xss-flyer-and-much-fb4c51fb26ef?source=rss----7b722bfd1b8d---4)
2022-08-27T11:18:05Z	**SSRF leads to access AWS metadata.** ⌘ [Read more](https://infosecwriteups.com/ssrf-leads-to-access-aws-metadata-21952c220aeb?source=rss----7b722bfd1b8d---4)
2022-08-27T13:22:40Z	**‍$7000 Bounty, Web3 Bug Hunting, API Hacking, IDOR, Triggering XSS with emojis, XSS Flyer, and…** ⌘ [Read more](https://infosecwriteups.com/7000-bounty-web3-bug-hunting-api-hacking-idor-triggering-xss-with-emojis-xss-flyer-and-7c9d691354e4?source=rss----7b722bfd1b8d---4)
2022-08-27T20:30:50Z	**SSRF — The Server’s Loophole 01** ⌘ [Read more](https://infosecwriteups.com/ssrf-the-servers-loophole-01-6e7e33fb1d57?source=rss----7b722bfd1b8d---4)
2022-08-27T20:30:19Z	**Server Side Template Injections Portswiggers Labs Walkthrough Part III** ⌘ [Read more](https://infosecwriteups.com/server-side-template-injections-portswiggers-labs-walkthrough-part-iii-bc6983412a3d?source=rss----7b722bfd1b8d---4)
2022-08-29T08:29:27Z	**Double free() attacks in ARM Part one.** ⌘ [Read more](https://infosecwriteups.com/double-free-attacks-in-arm-part-one-4519eee6770a?source=rss----7b722bfd1b8d---4)
2022-08-29T08:28:31Z	**Out-Of-Bond Remote code Execution(RCE) on De Nederlandsche Bank N.V. with burp-suite collaborator** ⌘ [Read more](https://infosecwriteups.com/out-of-bond-remote-code-execution-rce-on-de-nederlandsche-bank-n-v-with-burp-suite-collaborator-2ce50260e2e4?source=rss----7b722bfd1b8d---4)
2022-08-29T09:33:32Z	**Definitive Guide to SQL Injection**
[![](https://cdn-images-1.medium.com/max/941/1*FpzOjoG5IEvmsM4phCB31w.png)](https://infosecwriteups.com/definitive-guide-to-sql-injection-df5ac445eef1?source=rss----7b722bfd1b8d---4)

Introduction

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/definitive-guide-to-sql-injection-df5ac445eef1?source=rss----7b722bfd1b8d---4) ⌘ [Read more](https://infosecwriteups.com/definitive-guide-to-sql-injection-df5ac445eef1?source=rss----7b722bfd1b8d---4)
2022-08-29T09:33:32Z	**Secure Messaging **
[![](https://cdn-images-1.medium.com/max/2600/0*QXoy5ohqMOgzWc9G)](https://infosecwriteups.com/secure-messaging-5d2fc7748c24?source=rss----7b722bfd1b8d---4)

Confidentiality, Reliability, Privacy, Usability, Cross-Platform support… — So many things to consider!

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/secure-messaging-5d2fc7748c24?source=rss----7b722bfd1b8d---4) ⌘ [Read more](https://infosecwriteups.com/secure-messaging-5d2fc7748c24?source=rss----7b722bfd1b8d---4)
2022-08-29T10:33:27Z	**Bypassing Amazon WAF to pop an alert()** ⌘ [Read more](https://infosecwriteups.com/bypassing-amazon-waf-to-pop-an-alert-4646ce35554e?source=rss----7b722bfd1b8d---4)
2022-08-30T11:50:00Z	**‍File Leakage, Blockchain Security, Bypass 2FA, Kerberoasting, Exploiting Security Bugs, and…** ⌘ [Read more](https://infosecwriteups.com/file-leakage-blockchain-security-bypass-2fa-kerberoasting-exploiting-security-bugs-and-58bdf350dd25?source=rss----7b722bfd1b8d---4)
2022-08-30T11:47:59Z	**Hack With SQL Injection Attacks! DVWA medium security — StackZero** ⌘ [Read more](https://infosecwriteups.com/hack-with-sql-injection-attacks-dvwa-medium-security-stackzero-d4af0a9a5f9?source=rss----7b722bfd1b8d---4)
2022-08-30T11:47:47Z	**AWS Attribute-Based Access Control (ABAC) With Tags** ⌘ [Read more](https://infosecwriteups.com/aws-attribute-based-access-control-abac-with-tags-f4340385011e?source=rss----7b722bfd1b8d---4)
2022-08-30T11:47:34Z	**SSRF — Exploitation 02** ⌘ [Read more](https://infosecwriteups.com/ssrf-exploitation-02-b682de16594?source=rss----7b722bfd1b8d---4)
2022-08-30T12:52:04Z	**Write-up: Authentication bypass via OAuth implicit flow @ PortSwigger Academy** ⌘ [Read more](https://infosecwriteups.com/write-up-authentication-bypass-via-oauth-implicit-flow-portswigger-academy-c98b841d3d3d?source=rss----7b722bfd1b8d---4)
2022-08-31T12:07:52Z	**mfa bypass in private program, the abdulsec way** ⌘ [Read more](https://infosecwriteups.com/mfa-bypass-in-private-program-the-abdulsec-way-f677fea209f7?source=rss----7b722bfd1b8d---4)
2022-09-01T07:52:57Z	**Mass Hunting CVE’s Part-1** ⌘ [Read more](https://infosecwriteups.com/mass-hunting-cves-part-1-1e162ba6028b?source=rss----7b722bfd1b8d---4)
2022-09-01T07:52:28Z	**S3 Bucket: Cloud Trail Log Analysis** ⌘ [Read more](https://infosecwriteups.com/s3-bucket-cloud-trail-log-analysis-ddefee0f025f?source=rss----7b722bfd1b8d---4)
2022-09-01T07:52:08Z	**OAuth 2.0 (Introduction and Exploitation Part I)Explained By Hashar Mujahid** ⌘ [Read more](https://infosecwriteups.com/oauth-2-0-introduction-and-exploitation-part-i-explained-by-hashar-mujahid-262f9c59de6c?source=rss----7b722bfd1b8d---4)
2022-09-02T09:39:36Z	**Utkuici — Nessus Automation** ⌘ [Read more](https://infosecwriteups.com/utkuici-nessus-automation-2c8db08df0ec?source=rss----7b722bfd1b8d---4)
2022-09-03T18:09:53Z	**Exploiting OAuth authentication vulnerabilities Part II** ⌘ [Read more](https://infosecwriteups.com/exploiting-oauth-authentication-vulnerabilities-part-ii-6c150f492e62?source=rss----7b722bfd1b8d---4)
2022-09-03T18:09:28Z	**Hack With SQL Injection Attacks! DVWA high security — StackZero** ⌘ [Read more](https://infosecwriteups.com/hack-with-sql-injection-attacks-dvwa-high-security-stackzero-713638840515?source=rss----7b722bfd1b8d---4)
2022-09-03T19:11:09Z	**Thick Client Pentest: Modern Approaches and Techniques: PART 1** ⌘ [Read more](https://infosecwriteups.com/thick-client-pentest-modern-approaches-and-techniques-part-1-7bb0f5f28e8e?source=rss----7b722bfd1b8d---4)
2022-09-05T08:43:21Z	**Phoenix Challenges — Stack One** ⌘ [Read more](https://infosecwriteups.com/phoenix-challenges-stack-one-4a9d2100274f?source=rss----7b722bfd1b8d---4)
2022-09-05T08:40:50Z	**Passing a Role to AWS CloudFormation to Escalate Privileges** ⌘ [Read more](https://infosecwriteups.com/passing-a-role-to-cloudformation-to-escalate-privileges-602010d26f55?source=rss----7b722bfd1b8d---4)
2022-09-05T08:40:31Z	**Pen #007: Wi-Fi Hacking 101** ⌘ [Read more](https://infosecwriteups.com/pen-7-wi-fi-hacking-101-544c79bd77c9?source=rss----7b722bfd1b8d---4)
2022-09-05T08:40:09Z	**Bayanay — Python Wardriving Tool** ⌘ [Read more](https://infosecwriteups.com/bayanay-python-wardriving-tool-e105a4ad3c63?source=rss----7b722bfd1b8d---4)
2022-09-05T09:46:01Z	**Timelapse from HackTheBox — Detailed Walkthrough** ⌘ [Read more](https://infosecwriteups.com/timelapse-from-hackthebox-detailed-walkthrough-5b36f5cde290?source=rss----7b722bfd1b8d---4)
2022-09-05T10:49:49Z	**Why broken access control is the most severe vulnerability**
[![](https://cdn-images-1.medium.com/max/700/1*mPqyjo3rcuwSEsigkPANdQ.jpeg)](https://infosecwriteups.com/why-broken-access-control-is-the-most-severe-vulnerability-2223baf9bb48?source=rss----7b722bfd1b8d---4)

Introduction

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/why-broken-access-control-is-the-most-severe-vulnerability-2223baf9bb48?source=rss----7b7 ... ⌘ [Read more](https://infosecwriteups.com/why-broken-access-control-is-the-most-severe-vulnerability-2223baf9bb48?source=rss----7b722bfd1b8d---4)
2022-09-05T22:03:30Z	**‍Smart Contract Security, WAF Bypassing, HTTP Parameter Pollution, Race Condition, IDOR, Web…** ⌘ [Read more](https://infosecwriteups.com/smart-contract-security-waf-bypassing-http-parameter-pollution-race-condition-idor-web-cf9ab2793aac?source=rss----7b722bfd1b8d---4)
2022-09-09T07:36:04Z	**Anti-Reversing Techniques (Part 1)** ⌘ [Read more](https://infosecwriteups.com/anti-reversing-techniques-part-1-3200db42f1e3?source=rss----7b722bfd1b8d---4)
2022-09-09T07:35:47Z	**Malware Analysis — NanoCore Rat** ⌘ [Read more](https://infosecwriteups.com/malware-analysis-nanocore-rat-6cae8c6df918?source=rss----7b722bfd1b8d---4)
2022-09-09T07:35:25Z	**Malware Analysis — FFDroider** ⌘ [Read more](https://infosecwriteups.com/malware-analysis-ffdroider-21a3fc0fe40f?source=rss----7b722bfd1b8d---4)
2022-09-09T07:35:04Z	**[Malware Analysis #3] — Disk Writer** ⌘ [Read more](https://infosecwriteups.com/malware-analysis-3-disk-writer-5ee764819597?source=rss----7b722bfd1b8d---4)
2022-09-09T08:37:01Z	**Retired from HackTheBox — Detailed Walkthrough** ⌘ [Read more](https://infosecwriteups.com/retired-from-hackthebox-detailed-walkthrough-ee2f7cf288a?source=rss----7b722bfd1b8d---4)
2022-09-09T12:24:52Z	**Insufficient Logging and Monitoring**
[![](https://cdn-images-1.medium.com/max/1920/1*tYSCAzds4LQ_p00GekCSvA.jpeg)](https://infosecwriteups.com/insufficient-logging-and-monitoring-65f2bc42b6d5?source=rss----7b722bfd1b8d---4)

Introduction

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/insufficient-logging-and-monitoring-65f2bc42b6d5?source=rss----7b722bfd1b8d---4) ⌘ [Read more](https://infosecwriteups.com/insufficient-logging-and-monitoring-65f2bc42b6d5?source=rss----7b722bfd1b8d---4)
2022-09-10T06:24:34Z	**How I found 3 RXSS on the Lululemon bug bounty program** ⌘ [Read more](https://infosecwriteups.com/how-i-found-3-rxss-on-the-lululemon-bug-bounty-program-fa357a0154c2?source=rss----7b722bfd1b8d---4)
2022-09-10T06:24:09Z	**Reflected XSS DVWA — An Exploit With Real World Consequences — StackZero** ⌘ [Read more](https://infosecwriteups.com/reflected-xss-dvwa-an-exploit-with-real-world-consequences-stackzero-171cfb2d87d2?source=rss----7b722bfd1b8d---4)
2022-09-12T10:29:24Z	**How I found 3 rare security bugs in a day** ⌘ [Read more](https://infosecwriteups.com/how-i-found-3-bug-bounties-in-a-day-c82fe023716e?source=rss----7b722bfd1b8d---4)
2022-09-12T10:29:01Z	**New technique 403 bypass lyncdiscover.microsoft.com** ⌘ [Read more](https://infosecwriteups.com/403-bypass-lyncdiscover-microsoft-com-db2778458c33?source=rss----7b722bfd1b8d---4)
2022-09-12T10:28:35Z	**Take Confusion Out of IAM Policies, AWS S3 Bucket Policies and AWS S3 ACLs** ⌘ [Read more](https://infosecwriteups.com/take-confusion-out-of-iam-policies-aws-s3-bucket-policies-and-aws-s3-acls-61d8fa04a658?source=rss----7b722bfd1b8d---4)
2022-09-12T10:28:11Z	**Raccoon Stealer v2 Malware Analysis** ⌘ [Read more](https://infosecwriteups.com/raccoon-stealer-v2-malware-analysis-55cc33774ac8?source=rss----7b722bfd1b8d---4)
2022-09-12T10:27:55Z	**How To Perform Command Injection Attacks (DVWA) For Aspiring Hackers! — StackZero** ⌘ [Read more](https://infosecwriteups.com/how-to-perform-command-injection-attacks-dvwa-for-aspiring-hackers-stackzero-c9d521c6f934?source=rss----7b722bfd1b8d---4)
2022-09-12T10:27:40Z	**How to prevent more than 200 million users from using Google services** ⌘ [Read more](https://infosecwriteups.com/how-to-prevent-more-than-200-million-users-from-using-google-services-136b3b8e221f?source=rss----7b722bfd1b8d---4)
2022-09-12T11:32:09Z	**‍Thick Client Pentest, Out-of-band XXE, Bug Hunting Resources, RDP, LogonTypes, PowerShell…** ⌘ [Read more](https://infosecwriteups.com/thick-client-pentest-out-of-band-xxe-bug-hunting-resources-rdp-logontypes-powershell-2363bc3c7752?source=rss----7b722bfd1b8d---4)
2022-09-12T11:26:59Z	**Detecting Log4j & its Remediation**
[![](https://cdn-images-1.medium.com/max/2400/1*pCBv7DtBtOgBbaq9lEr80A.jpeg)](https://infosecwriteups.com/detecting-log4j-its-remediation-58ab3a59c865?source=rss----7b722bfd1b8d---4)

This article is dedicated to log4j and how it’s being exploited in the wild by attackers.

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/detecting-log4j-its-remediation-58ab3a59c865?source=rss----7b722bfd1b8d---4) ⌘ [Read more](https://infosecwriteups.com/detecting-log4j-its-remediation-58ab3a59c865?source=rss----7b722bfd1b8d---4)
2022-09-13T14:32:03Z	**Exploiting OAuth authentication vulnerabilities Part III** ⌘ [Read more](https://infosecwriteups.com/exploiting-oauth-authentication-vulnerabilities-part-iii-e3db79c83359?source=rss----7b722bfd1b8d---4)
2022-09-14T07:08:18Z	**CVE-2022-31625: PHP Vulnerability due to uninitialized array** ⌘ [Read more](https://infosecwriteups.com/cve-2022-31625-php-vulnerability-due-to-uninitialized-array-30b04f6536f?source=rss----7b722bfd1b8d---4)
2022-09-14T07:07:48Z	**How to start Penetration testing of Artificial Intelligence** ⌘ [Read more](https://infosecwriteups.com/how-to-start-penetration-testing-of-artificial-intelligence-c11e97b77dfa?source=rss----7b722bfd1b8d---4)
2022-09-14T07:07:18Z	**Attacking GPP (Group Policy Preferences) Credentials | Active Directory Pentesting** ⌘ [Read more](https://infosecwriteups.com/attacking-gpp-group-policy-preferences-credentials-active-directory-pentesting-16d9a65fa01a?source=rss----7b722bfd1b8d---4)
2022-09-19T07:12:05Z	**Write-up: JWT authentication bypass via weak signing key @ PortSwigger Academy** ⌘ [Read more](https://infosecwriteups.com/write-up-jwt-authentication-bypass-via-weak-signing-key-portswigger-academy-f212ee600ddd?source=rss----7b722bfd1b8d---4)
2022-09-19T07:02:23Z	**How I Found My FIRST Vulnerability/Bug Bounty and How You Can Too: Part 2**
[![](https://cdn-images-1.medium.com/max/1024/1*b1htFX-Uy2ieSGT-fol-Ag.png)](https://infosecwriteups.com/how-i-found-my-first-vulnerability-bug-bounty-and-how-you-can-too-part-2-2e8681f4e3b7?source=rss----7b722bfd1b8d---4)

Simple hacks!

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/how-i-found-my-first-vulnerability-bug-bounty ... ⌘ [Read more](https://infosecwriteups.com/how-i-found-my-first-vulnerability-bug-bounty-and-how-you-can-too-part-2-2e8681f4e3b7?source=rss----7b722bfd1b8d---4)
2022-09-19T07:01:51Z	**How I Found My FIRST Vulnerability/Bug Bounty and How You Can Too: Part 1**
[![](https://cdn-images-1.medium.com/max/1024/1*jnKaUju7BKX0wO5afMRS8g.png)](https://infosecwriteups.com/how-i-found-my-first-vulnerability-bug-bounty-and-how-you-can-too-part-1-f2dd0b7d7665?source=rss----7b722bfd1b8d---4)

How to start ethically hacking websites

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/how-i-found-my-firs ... ⌘ [Read more](https://infosecwriteups.com/how-i-found-my-first-vulnerability-bug-bounty-and-how-you-can-too-part-1-f2dd0b7d7665?source=rss----7b722bfd1b8d---4)
2022-09-19T07:01:16Z	**Cool Recon techniques every hacker misses! Episode 2** ⌘ [Read more](https://infosecwriteups.com/cool-recon-techniques-every-hacker-misses-episode-2-8024e8338756?source=rss----7b722bfd1b8d---4)
2022-09-19T07:24:42Z	**30 Search Engines for Cybersecurity Researchers (Part 1 of 3)** ⌘ [Read more](https://infosecwriteups.com/30-search-engines-for-cybersecurity-researchers-part-1-of-3-faf68bfc6be8?source=rss----7b722bfd1b8d---4)
2022-09-19T07:51:38Z	**30 Search Engines for Cybersecurity Researchers (Part 2 of 3)** ⌘ [Read more](https://infosecwriteups.com/30-search-engines-for-cybersecurity-researchers-part-2-of-3-3412d6a35118?source=rss----7b722bfd1b8d---4)
2022-09-19T08:21:57Z	**Living Off The Land: Suspicious System32**
[![](https://cdn-images-1.medium.com/max/779/0*DZZ-mOcCO8qIjc_D)](https://infosecwriteups.com/living-off-the-land-suspicious-system32-6ad8d8119fe1?source=rss----7b722bfd1b8d---4)

The services below are some of the most commonly abused services for malicious parties to “live of the land”. Each are built into Windows…

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/living-off-the-land-suspicious ... ⌘ [Read more](https://infosecwriteups.com/living-off-the-land-suspicious-system32-6ad8d8119fe1?source=rss----7b722bfd1b8d---4)
2022-09-19T12:36:52Z	**How I abused the file upload function to get a high severity vulnerability in Bug Bounty** ⌘ [Read more](https://infosecwriteups.com/how-i-abused-the-file-upload-function-to-get-a-high-severity-vulnerability-in-bug-bounty-7cdcf349080b?source=rss----7b722bfd1b8d---4)
2022-09-19T12:36:11Z	**The terrifying world of Cross-Site Scripting (XSS) (Part 2) — StackZero** ⌘ [Read more](https://infosecwriteups.com/the-terrifying-world-of-cross-site-scripting-xss-part-2-stackzero-cc7fa7e8dcbb?source=rss----7b722bfd1b8d---4)
2022-09-19T14:57:55Z	**‍Hacking Smart Contracts, Android Vulnerability, RCE, Prototype Poisoning, Anti-Human Server…** ⌘ [Read more](https://infosecwriteups.com/hacking-smart-contracts-android-vulnerability-rce-prototype-poisoning-anti-human-server-881a42ba43c1?source=rss----7b722bfd1b8d---4)
2022-09-20T05:55:01Z	**Sharkbot Virus in Android** ⌘ [Read more](https://infosecwriteups.com/sharkbot-virus-in-android-b5be7c2ead16?source=rss----7b722bfd1b8d---4)
2022-09-20T05:54:07Z	**Bypassing 2FA With Cookies!**
[![](https://cdn-images-1.medium.com/max/602/0*W3m2LM6epd1Bmsfg.png)](https://infosecwriteups.com/bypassing-2fa-with-cookies-ff2c79022f63?source=rss----7b722bfd1b8d---4)

If you have two-factor authentication (2FA) enabled on your account, you can’t be compromised, right?

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/bypassing-2fa-with-cookies-ff2c79022f63?source=rss----7b722bfd1b8d---4) ⌘ [Read more](https://infosecwriteups.com/bypassing-2fa-with-cookies-ff2c79022f63?source=rss----7b722bfd1b8d---4)
2022-09-20T11:10:53Z	**Cross-site request forgery (CSRF) Explained and Exploited I** ⌘ [Read more](https://infosecwriteups.com/cross-site-request-forgery-csrf-explained-and-exploited-i-db464a61a582?source=rss----7b722bfd1b8d---4)
2022-09-20T11:10:23Z	**Phishing and its effect on healthcare sector** ⌘ [Read more](https://infosecwriteups.com/phishing-and-its-effect-on-healthcare-sector-bde4cb767374?source=rss----7b722bfd1b8d---4)
2022-09-20T11:09:52Z	**Domain-based Message Authentication Reporting and Conformance (DMARC) and its importance for…** ⌘ [Read more](https://infosecwriteups.com/domain-based-message-authentication-reporting-and-conformance-dmarc-and-its-importance-for-57872e93954c?source=rss----7b722bfd1b8d---4)
2022-09-20T11:09:13Z	**Key Web 3.0 Security Issues That Need to be Settled** ⌘ [Read more](https://infosecwriteups.com/key-web-3-0-security-issues-that-need-to-be-settled-2fd59c41d7d7?source=rss----7b722bfd1b8d---4)
2022-09-20T15:03:18Z	**Abusing Broken Link In Fitbit (Google Acquisition)To Collect BugBounty Reports On Behalf Of Google !** ⌘ [Read more](https://infosecwriteups.com/abusing-broken-link-in-fitbit-google-acquisition-to-collect-bugbounty-reports-on-behalf-of-google-5885a556eb7c?source=rss----7b722bfd1b8d---4)
2022-09-20T19:48:14Z	**30 Search Engines for Cybersecurity Researchers (Part 3 of 3)** ⌘ [Read more](https://infosecwriteups.com/30-search-engines-for-cybersecurity-researchers-part-3-of-3-aa6cae94db0d?source=rss----7b722bfd1b8d---4)
2022-09-20T19:50:05Z	**How I Hacked my College’s student portal** ⌘ [Read more](https://infosecwriteups.com/how-i-hacked-my-colleges-student-portal-f51775d75a3d?source=rss----7b722bfd1b8d---4)
2022-09-20T19:49:34Z	**Bypassing CSRF Protection (I)** ⌘ [Read more](https://infosecwriteups.com/bypassing-csrf-protection-i-bc014384d0aa?source=rss----7b722bfd1b8d---4)
2022-09-20T19:48:57Z	**OSINT AND TOP 15 OPEN-SOURCE INTELLIGENCE TOOLS** ⌘ [Read more](https://infosecwriteups.com/osint-and-top-15-open-source-intelligence-tools-f5132bf9e40f?source=rss----7b722bfd1b8d---4)
2022-09-21T10:11:20Z	**Vulnerable Flask App** ⌘ [Read more](https://infosecwriteups.com/vulnerable-flask-app-881bcc960889?source=rss----7b722bfd1b8d---4)
2022-09-21T11:12:18Z	**Write-up: File path traversal, validation of file extension with null byte bypass @ PortSwigger…** ⌘ [Read more](https://infosecwriteups.com/write-up-file-path-traversal-validation-of-file-extension-with-null-byte-bypass-portswigger-801300e13799?source=rss----7b722bfd1b8d---4)
2022-09-22T06:43:43Z	**OSINT Information Gathering with Informer** ⌘ [Read more](https://infosecwriteups.com/osint-information-gathering-with-informer-28176a704cf6?source=rss----7b722bfd1b8d---4)
2022-09-22T06:43:31Z	**Understanding the NMAP methodology — Part 1** ⌘ [Read more](https://infosecwriteups.com/network-mapping-part-1-112116ce6555?source=rss----7b722bfd1b8d---4)
2022-09-22T06:43:18Z	**Try Hack Me: Basic Pentesting Walkthrough** ⌘ [Read more](https://infosecwriteups.com/try-hack-me-basic-pentesting-walkthrough-a70b85308b0a?source=rss----7b722bfd1b8d---4)
2022-09-22T06:42:51Z	**Try Hack Me: Intro to Digital Forensics Walkthrough** ⌘ [Read more](https://infosecwriteups.com/try-hack-me-intro-to-digital-forensics-write-up-566977aabe4e?source=rss----7b722bfd1b8d---4)
2022-09-22T06:42:28Z	**How I hacked an exam portal and got access to 10K+ users data including webcams** ⌘ [Read more](https://infosecwriteups.com/how-i-hacked-exam-portal-and-got-access-to-10k-users-data-including-webcams-ec2262b43df7?source=rss----7b722bfd1b8d---4)
2022-09-22T07:46:54Z	**Write-up: JWT authentication bypass via jwk header injection @ PortSwigger Academy**
[![](https://cdn-images-1.medium.com/max/843/0*zPhDGGupNrqISE6M.png)](https://infosecwriteups.com/write-up-jwt-authentication-bypass-via-jwk-header-injection-portswigger-academy-a08975256e8c?source=rss----7b722bfd1b8d---4)

This write-up for the lab JWT authentication bypass via jwk header injection is part of my walk-through series for ... ⌘ [Read more](https://infosecwriteups.com/write-up-jwt-authentication-bypass-via-jwk-header-injection-portswigger-academy-a08975256e8c?source=rss----7b722bfd1b8d---4)
2022-09-22T15:10:04Z	**AWS control tower — the best way to govern multi-account environments**
[![](https://cdn-images-1.medium.com/max/1024/0*KO3NW0Pzm7PYMA1W.png)](https://infosecwriteups.com/aws-control-tower-the-best-way-to-govern-multi-account-environments-27a727a529dd?source=rss----7b722bfd1b8d---4)

Anyone who has worked in the cloud knows how quickly this environment can increase in complexity as more and more workloads get migrated…

[Continue r ... ⌘ [Read more](https://infosecwriteups.com/aws-control-tower-the-best-way-to-govern-multi-account-environments-27a727a529dd?source=rss----7b722bfd1b8d---4)
2022-09-23T13:06:28Z	**How I Found Multiple SQL Injections in 5 Minutes in Bug Bounty** ⌘ [Read more](https://infosecwriteups.com/how-i-found-multiple-sql-injections-in-5-minutes-in-bug-bounty-40155964c498?source=rss----7b722bfd1b8d---4)
2022-09-23T13:05:52Z	**Bypassing CSRF Protection (II)** ⌘ [Read more](https://infosecwriteups.com/bypassing-csrf-protection-ii-b479009b4a7a?source=rss----7b722bfd1b8d---4)
2022-09-24T13:39:31Z	**How to exploit a stored XSS vulnerability on DVWA — StackZero** ⌘ [Read more](https://infosecwriteups.com/how-to-exploit-a-stored-xss-vulnerability-on-dvwa-stackzero-1de6cc9545b9?source=rss----7b722bfd1b8d---4)
2022-09-24T13:39:22Z	**Understanding the NMAP methodology — Part 2** ⌘ [Read more](https://infosecwriteups.com/understanding-the-nmap-methodology-part-2-3d0442f1c482?source=rss----7b722bfd1b8d---4)
2022-09-26T12:11:42Z	**Top 10 Dockerfile Security Best Practices for a More Secure Container** ⌘ [Read more](https://infosecwriteups.com/top-10-dockerfile-security-best-practices-for-a-more-secure-container-e5426f69738b?source=rss----7b722bfd1b8d---4)
2022-09-26T12:11:27Z	**Android Hardening Guide** ⌘ [Read more](https://infosecwriteups.com/android-hardening-guide-2439a77f7e83?source=rss----7b722bfd1b8d---4)
2022-09-26T12:09:01Z	**Connect State Attack — First Request Validation** ⌘ [Read more](https://infosecwriteups.com/connect-state-attack-first-request-validation-2bea8e42a647?source=rss----7b722bfd1b8d---4)
2022-09-26T12:08:15Z	**HTML Injection inside Email body- The First BUG I hunted down in a Bug Bounty Platform!** ⌘ [Read more](https://infosecwriteups.com/html-injection-inside-email-body-the-first-bug-i-hunted-in-a-bug-bounty-platform-3c96b1e0ae9f?source=rss----7b722bfd1b8d---4)
2022-09-26T13:16:52Z	**JSON web tokens**
[![](https://cdn-images-1.medium.com/max/640/1*wCj6WtTPC19CWK23qzBMkQ.jpeg)](https://infosecwriteups.com/json-web-tokens-c1f01028f5ac?source=rss----7b722bfd1b8d---4)

For decades cookies have been used to authenticate a user and hold session data. But a simple session cookie has certain limitations and…

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/json-web-tokens-c1f01028f5ac?source=rss----7b722bfd1b8d---4) ⌘ [Read more](https://infosecwriteups.com/json-web-tokens-c1f01028f5ac?source=rss----7b722bfd1b8d---4)
2022-09-26T13:12:27Z	**Monitoring your targets for bug bounties** ⌘ [Read more](https://infosecwriteups.com/monitoring-your-targets-for-bug-bounties-36f6be3e69c9?source=rss----7b722bfd1b8d---4)
2022-09-27T16:27:43Z	**Complete take-over of Cisco Unified Communications Manager due consecutively misconfigurations** ⌘ [Read more](https://infosecwriteups.com/complete-take-over-of-cisco-unified-communications-manager-due-consecutively-misconfigurations-2a1b5ce8bd9a?source=rss----7b722bfd1b8d---4)
2022-09-27T16:27:32Z	**SANS Top 25 Software Errors (Part 1 of 25): CWE-787 Out-of-bounds Write** ⌘ [Read more](https://infosecwriteups.com/sans-top-25-software-errors-part-1-of-25-cwe-787-out-of-bounds-write-4e1a7c63ff38?source=rss----7b722bfd1b8d---4)
2022-09-27T16:27:22Z	**How to exploit DOM XSS on DVWA — StackZero**
[![](https://cdn-images-1.medium.com/max/930/0*zKV9DnQqKZW7NkWQ.jpg)](https://infosecwriteups.com/how-to-exploit-dom-xss-on-dvwa-stackzero-c83a682ed7b7?source=rss----7b722bfd1b8d---4)

In this write-up we are going to we will learn how to pass all levels of DOM XSS on DVWA so we can better understand that vulnerability.

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/how-to-exploit-dom-xss-o ... ⌘ [Read more](https://infosecwriteups.com/how-to-exploit-dom-xss-on-dvwa-stackzero-c83a682ed7b7?source=rss----7b722bfd1b8d---4)
2022-09-27T16:27:07Z	**Multi-Factor Authentication Vulnerabilities** ⌘ [Read more](https://infosecwriteups.com/multi-factor-authentication-vulnerabilities-7a4b647a7b09?source=rss----7b722bfd1b8d---4)
2022-09-28T11:40:44Z	**CVE-2022–36934: An integer overflow in WhatsApp leading to remote code execution in an established…** ⌘ [Read more](https://infosecwriteups.com/cve-2022-36934-an-integer-overflow-in-whatsapp-leading-to-remote-code-execution-in-an-established-e0fc4e2cd900?source=rss----7b722bfd1b8d---4)
2022-09-28T11:38:59Z	**A Tale of Account Takeover** ⌘ [Read more](https://infosecwriteups.com/a-tale-of-account-takeover-fcae914f067b?source=rss----7b722bfd1b8d---4)
2022-09-28T11:38:39Z	**CVE-2022–27492: An integer underflow in WhatsApp causing remote code execution when receiving a…** ⌘ [Read more](https://infosecwriteups.com/cve-2022-27492-an-integer-underflow-in-whatsapp-causing-remote-code-execution-when-receiving-a-b50bebae14f4?source=rss----7b722bfd1b8d---4)
2022-09-28T11:38:19Z	**Writing and Using Python Burp Extension — Adding a Custom Header Field** ⌘ [Read more](https://infosecwriteups.com/writing-and-using-python-burp-extension-adding-a-custom-header-field-770fe1cbabc9?source=rss----7b722bfd1b8d---4)
2022-09-28T12:19:48Z	**‍ $600k Bounty, Jetty Features, Response Queue Poisoning, Bypass SSRF Protections, XSS…** ⌘ [Read more](https://infosecwriteups.com/600k-bounty-jetty-features-response-queue-poisoning-bypass-ssrf-protections-xss-9b7644077829?source=rss----7b722bfd1b8d---4)
2022-09-28T12:42:22Z	**How To Attack Admin Panels Successfully**
[![](https://cdn-images-1.medium.com/max/2600/0*IicDJ5FsOki0m8Mr)](https://infosecwriteups.com/how-to-attack-admin-panels-successfully-72c90eeb818c?source=rss----7b722bfd1b8d---4)

Attacking Web Apps Admin Panels The Right Way

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/how-to-attack-admin-panels-successfully-72c90eeb818c?source=rss----7b722bfd1b8d---4) ⌘ [Read more](https://infosecwriteups.com/how-to-attack-admin-panels-successfully-72c90eeb818c?source=rss----7b722bfd1b8d---4)
2022-09-28T16:20:16Z	**Integrated Approach for Application Security and Security Operations Center using data correlation…** ⌘ [Read more](https://infosecwriteups.com/integrated-approach-for-application-security-and-security-operations-center-using-data-correlation-dc723f493316?source=rss----7b722bfd1b8d---4)
2022-09-28T16:19:50Z	**Cloud Security Tooling Series — What the heck is a CSPM ?**
[![](https://cdn-images-1.medium.com/max/1638/1*N96VhaUAoyTvjt-dOi9s6A.png)](https://infosecwriteups.com/cloud-security-tooling-series-what-the-heck-is-a-cspm-8f37f6b1db19?source=rss----7b722bfd1b8d---4)

Understanding the concept of Cloud Security Posture Management (CSPM)

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/cloud-security-tooling-series-what-the-heck ... ⌘ [Read more](https://infosecwriteups.com/cloud-security-tooling-series-what-the-heck-is-a-cspm-8f37f6b1db19?source=rss----7b722bfd1b8d---4)
2022-09-28T17:21:53Z	**Write-up: Authentication bypass via flawed state machine @ PortSwigger Academy** ⌘ [Read more](https://infosecwriteups.com/write-up-authentication-bypass-via-flawed-state-machine-portswigger-academy-e7448edeeb3d?source=rss----7b722bfd1b8d---4)