# Twtxt is an open, distributed microblogging platform that # uses human-readable text files, common transport protocols, # and free software. # # Learn more about twtxt at https://github.com/buckket/twtxt # # This is an automated Yarn.social feed running feeds v0.1.0@72e53a9 # Learn more about Yarn.social at https://yarn.social # # nick = infosec-write-ups-medium # url = https://feeds.twtxt.net/infosec-write-ups-medium/twtxt.txt # type = rss # source = https://infosecwriteups.com/feed # avatar = https://feeds.twtxt.net/infosec-write-ups-medium/avatar.png#g7lgdrxj7kzxpnt5cnipgwwla267fo37sbahua7sc7vx6z6d6bdq # description = # updated_at = 2023-02-07T03:26:20Z # 2022-04-13T12:54:52Z **Heap Exploitation for Homo sapiens.** ⌘ [Read more](https://infosecwriteups.com/heap-exploitation-for-homo-sapiens-f166cd6a59fe?source=rss----7b722bfd1b8d---4) 2022-04-13T12:54:25Z **Arming the Use-After-Free()** ⌘ [Read more](https://infosecwriteups.com/arming-the-use-after-free-bc174a26c5f4?source=rss----7b722bfd1b8d---4) 2022-04-13T12:53:18Z **ROP Chains on ARM** ⌘ [Read more](https://infosecwriteups.com/rop-chains-on-arm-3f087a95381e?source=rss----7b722bfd1b8d---4) 2022-04-13T12:52:42Z **Integer Overflows in ARM** ⌘ [Read more](https://infosecwriteups.com/integer-overflows-in-arm-b4e650d072d4?source=rss----7b722bfd1b8d---4) 2022-04-13T12:51:32Z **Invoking mprotect() using ROP Chains in ARM** ⌘ [Read more](https://infosecwriteups.com/invoking-mprotect-using-rop-chains-in-arm-d737bea2a9bb?source=rss----7b722bfd1b8d---4) 2022-04-13T12:47:30Z **500$ Bug: Sensitive Data Exposure to Broken Access Control leads, How I able to take over any…** ⌘ [Read more](https://infosecwriteups.com/500-bug-sensitive-data-exposure-to-broken-access-control-leads-how-i-able-to-take-over-any-33658f16e265?source=rss----7b722bfd1b8d---4) 2022-04-13T12:47:04Z **P1 Vulnerability: How I chained Logical-Error to Account-Takeover Vulnerability ‍that No-One…** ⌘ [Read more](https://infosecwriteups.com/p1-vulnerability-how-i-chained-logical-error-to-account-takeover-vulnerability-that-no-one-59aa88a9cae8?source=rss----7b722bfd1b8d---4) 2022-04-13T08:21:05Z **How hackers impersonate email-id’s : Email Spoofing and Phishing Attacks** ⌘ [Read more](https://infosecwriteups.com/how-hackers-impersonate-email-ids-email-spoofing-and-phishing-attacks-a215fcf9341b?source=rss----7b722bfd1b8d---4) 2022-04-13T07:20:01Z **How a YouTube Video lead to pwning a web application via SQL Injection worth $4324 bounty** ⌘ [Read more](https://infosecwriteups.com/how-a-youtube-video-lead-to-pwning-a-web-application-via-sql-injection-worth-4324-bounty-285f0a9b9f6c?source=rss----7b722bfd1b8d---4) 2022-04-13T07:19:50Z **Android Pentesting Setup On Macbook M1** ⌘ [Read more](https://infosecwriteups.com/android-pentesting-setup-on-macbook-m1-d2f1f0a8db4b?source=rss----7b722bfd1b8d---4) 2022-04-14T09:47:09Z **BITB (browser in the browser)Attack** ⌘ [Read more](https://infosecwriteups.com/bitb-browser-in-the-browser-attack-e2008c405701?source=rss----7b722bfd1b8d---4) 2022-04-14T09:46:47Z **Develop Bluetooth Apps | Fundamentals, Tools & Coding** ⌘ [Read more](https://infosecwriteups.com/develop-bluetooth-apps-fundamentals-tools-coding-4a08922a7cd6?source=rss----7b722bfd1b8d---4) 2022-04-14T10:48:46Z **Bypass Rate Limit — A blank space leads to this random encounter!** ⌘ [Read more](https://infosecwriteups.com/bypass-rate-limit-a-blank-space-leads-to-this-random-encounter-e18e72fbf228?source=rss----7b722bfd1b8d---4) 2022-04-14T12:50:58Z **Serialization&Deserialization Attacks** ⌘ [Read more](https://infosecwriteups.com/serialization-deserialization-attacks-on-php-d5fb02e29248?source=rss----7b722bfd1b8d---4) 2022-04-17T20:37:21Z **THM Writeup: VulnNet Roasted** ⌘ [Read more](https://infosecwriteups.com/thm-writeup-vulnnet-roasted-8f4e18314ca7?source=rss----7b722bfd1b8d---4) 2022-04-17T20:37:15Z **Devzat from HackTheBox — Detailed Walkthrough** ⌘ [Read more](https://infosecwriteups.com/devzat-from-hackthebox-detailed-walkthrough-46f39b25fa82?source=rss----7b722bfd1b8d---4) 2022-04-17T20:35:55Z **Tech_Supp0rt: 1 (Tryhackme)** ⌘ [Read more](https://infosecwriteups.com/tech-supp0rt-1-tryhackme-59896cbb9957?source=rss----7b722bfd1b8d---4) 2022-04-17T21:37:17Z **TryHackMe writeup: Bebop** ⌘ [Read more](https://infosecwriteups.com/tryhackme-writeup-bebop-ed290135d7e2?source=rss----7b722bfd1b8d---4) 2022-04-18T12:47:57Z **How Mobile Operators should Thousands of Dollars because of SMS Malware.** ⌘ [Read more](https://infosecwriteups.com/how-mobile-operators-should-thousands-of-dollars-because-of-sms-malware-2a4d7ac1e3a2?source=rss----7b722bfd1b8d---4) 2022-04-20T10:23:00Z **$1000: How I could have Hack any account and become a billionaire overnightTop Crypto-Trading….** ⌘ [Read more](https://infosecwriteups.com/1000-how-i-could-have-hack-any-account-and-become-a-billionaire-overnight-top-crypto-trading-ff0e25b6013c?source=rss----7b722bfd1b8d---4) 2022-04-20T10:22:53Z **Create Bind and Reverse Shells using Netcat** ⌘ [Read more](https://infosecwriteups.com/create-bind-and-reverse-shells-using-netcat-c53b23df8059?source=rss----7b722bfd1b8d---4) 2022-04-20T11:27:00Z **Burp Suite Extensions for Web Hunting**
[![](https://cdn-images-1.medium.com/max/600/1*FhcCd_K_IiFpaoQIy6C66w.png)](https://infosecwriteups.com/burp-suite-extensions-for-web-hunting-44ffc3b655aa?source=rss----7b722bfd1b8d---4)

Introduction

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/burp-suite-extensions-for-web-hunting-44ffc3b655aa?source=rss----7b722bfd1b8d---4) ⌘ [Read more](https://infosecwriteups.com/burp-suite-extensions-for-web-hunting-44ffc3b655aa?source=rss----7b722bfd1b8d---4) 2022-04-22T11:06:35Z **A Facebook Bug that Disclosed Unused Custom Thumbnails of Any Facebook Page’s Public Videos** ⌘ [Read more](https://infosecwriteups.com/a-facebook-bug-that-disclosed-unused-custom-thumbnails-of-any-facebook-pages-public-videos-6414dc1f7adb?source=rss----7b722bfd1b8d---4) 2022-04-22T12:06:09Z **Pythonic Malware Part-2: Reversing Python Executables**
[![](https://cdn-images-1.medium.com/max/2600/0*RqfyqDbuA5dzxWp-)](https://infosecwriteups.com/pythonic-malware-part-2-reversing-python-executables-1b197bd023ca?source=rss----7b722bfd1b8d---4)

In Pythonic Malware Part-1, I demonstrated how Python executables can be used to bypass Windows Defender and successfully launch…

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com ... ⌘ [Read more](https://infosecwriteups.com/pythonic-malware-part-2-reversing-python-executables-1b197bd023ca?source=rss----7b722bfd1b8d---4) 2022-04-22T13:06:06Z **How I Bypass 2FA while Resetting Password**
[![](https://cdn-images-1.medium.com/max/725/1*tb1iUKE5DjTJiAz1L8sdkA.png)](https://infosecwriteups.com/how-i-bypass-2fa-while-resetting-password-3f73bf665728?source=rss----7b722bfd1b8d---4)

It was a private program on “Hackerone” , I had set target in my mind that I have to bypass 2fa, so I checked every method to bypass “Two…

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/how-i-bypass-2f ... ⌘ [Read more](https://infosecwriteups.com/how-i-bypass-2fa-while-resetting-password-3f73bf665728?source=rss----7b722bfd1b8d---4) 2022-04-24T08:09:13Z **How to perform a basic SQL Injection Attack? — Ethical Hacking** ⌘ [Read more](https://infosecwriteups.com/how-to-perform-a-basic-sql-injection-attack-ethical-hacking-f59e5ccbe51f?source=rss----7b722bfd1b8d---4) 2022-04-24T21:53:58Z **THM: Raz0rBlack** ⌘ [Read more](https://infosecwriteups.com/thm-raz0rblack-b368631c38a5?source=rss----7b722bfd1b8d---4) 2022-04-24T22:57:33Z **Secret from HackTheBox — Detailed Walkthrough** ⌘ [Read more](https://infosecwriteups.com/secret-from-hackthebox-detailed-walkthrough-d256fb39a910?source=rss----7b722bfd1b8d---4) 2022-04-26T15:58:35Z **Tryhackme: Anonymous** ⌘ [Read more](https://infosecwriteups.com/tryhackme-anonymous-d7d5b6d14478?source=rss----7b722bfd1b8d---4) 2022-04-26T15:57:31Z **Tryhackme: AgentSudo** ⌘ [Read more](https://infosecwriteups.com/tryhackme-agentsudo-fcc701caeae3?source=rss----7b722bfd1b8d---4) 2022-04-26T17:03:25Z **Advanced Docker Security Part II**
[![](https://cdn-images-1.medium.com/max/750/1*yRcI2Y7WBKbSTsEuqVLPyg.jpeg)](https://infosecwriteups.com/advanced-docker-security-part-ii-4a6994f0c328?source=rss----7b722bfd1b8d---4)

Introduction

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/advanced-docker-security-part-ii-4a6994f0c328?source=rss----7b722bfd1b8d---4) ⌘ [Read more](https://infosecwriteups.com/advanced-docker-security-part-ii-4a6994f0c328?source=rss----7b722bfd1b8d---4) 2022-04-27T09:27:33Z **Using PGP to enhance security and non-repudiation of terraform ops** ⌘ [Read more](https://infosecwriteups.com/using-pgp-to-enhance-security-and-non-repudiation-of-terraform-ops-93c0b4bb209f?source=rss----7b722bfd1b8d---4) 2022-04-28T12:24:13Z **Hacking IPMI and Zabbix in HackTheBox — Shibboleth** ⌘ [Read more](https://infosecwriteups.com/hacking-ipmi-and-zabbix-in-hackthebox-shibboleth-e48c4f235faf?source=rss----7b722bfd1b8d---4) 2022-04-28T13:27:35Z **PicoCTF 2022 Web Exploitation** ⌘ [Read more](https://infosecwriteups.com/picoctf-2022-web-exploitation-558673a65f79?source=rss----7b722bfd1b8d---4) 2022-05-01T14:31:52Z **NahamCon CTF 2022 Write-up: Click Me! Android challenge** ⌘ [Read more](https://infosecwriteups.com/nahamcon-ctf-2022-write-up-click-me-android-challenge-63ccba7cb663?source=rss----7b722bfd1b8d---4) 2022-05-01T14:31:40Z **TryHackMe — Content Discovery** ⌘ [Read more](https://infosecwriteups.com/tryhackme-content-discovery-ade077cf7437?source=rss----7b722bfd1b8d---4) 2022-05-01T15:38:25Z **Vulnerabilities that shook the internet**
[![](https://cdn-images-1.medium.com/max/1920/1*V6k1ntnSRUjmG6aWTL8EFA.jpeg)](https://infosecwriteups.com/vulnerabilities-that-shook-the-internet-4cb82a22d3ff?source=rss----7b722bfd1b8d---4)

Introduction

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/vulnerabilities-that-shook-the-internet-4cb82a22d3ff?source=rss----7b722bfd1b8d---4) ⌘ [Read more](https://infosecwriteups.com/vulnerabilities-that-shook-the-internet-4cb82a22d3ff?source=rss----7b722bfd1b8d---4) 2022-05-03T13:51:52Z **THM Writeup: Ra** ⌘ [Read more](https://infosecwriteups.com/thm-writeup-ra-7e276f05700?source=rss----7b722bfd1b8d---4) 2022-05-03T14:57:41Z **Shibboleth from HackTheBox — Detailed Walkthrough** ⌘ [Read more](https://infosecwriteups.com/shibboleth-from-hackthebox-detailed-walkthrough-97c7055cb94d?source=rss----7b722bfd1b8d---4) 2022-05-03T15:57:42Z **The ABCs of Kerberoasting**
[![](https://cdn-images-1.medium.com/max/2600/0*qnhxgfd5CAtfeUpS)](https://infosecwriteups.com/the-abcs-of-kerberoasting-4b192e6a9fb4?source=rss----7b722bfd1b8d---4)

Introduction

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/the-abcs-of-kerberoasting-4b192e6a9fb4?source=rss----7b722bfd1b8d---4) ⌘ [Read more](https://infosecwriteups.com/the-abcs-of-kerberoasting-4b192e6a9fb4?source=rss----7b722bfd1b8d---4) 2022-05-04T13:01:27Z **Rate Limiting attack bypassing invisible captcha** ⌘ [Read more](https://infosecwriteups.com/rate-limiting-attack-bypassing-invisible-captcha-a6e800903c5f?source=rss----7b722bfd1b8d---4) 2022-05-04T14:03:33Z **NahamCon 2022 CTF Write-up: “No Space Between Us” Challenge** ⌘ [Read more](https://infosecwriteups.com/nahamcon-2022-ctf-write-up-no-space-between-us-challenge-887965280f77?source=rss----7b722bfd1b8d---4) 2022-05-06T05:31:48Z **Clique Writeup — ångstromCTF 2022** ⌘ [Read more](https://infosecwriteups.com/clique-writeup-%C3%A5ngstromctf-2022-e7ae871eaa0e?source=rss----7b722bfd1b8d---4) 2022-05-06T06:37:15Z **TryHackMe writeup: Atlas** ⌘ [Read more](https://infosecwriteups.com/tryhackme-writeup-atlas-c3dff235d109?source=rss----7b722bfd1b8d---4) 2022-05-06T07:38:39Z **Backdoor from HackTheBox — Detailed Walkthrough** ⌘ [Read more](https://infosecwriteups.com/backdoor-from-hackthebox-detailed-walkthrough-93d238979397?source=rss----7b722bfd1b8d---4) 2022-05-07T20:49:40Z **Shellcode Analysis** ⌘ [Read more](https://infosecwriteups.com/shellcode-analysis-313bf4ca4dec?source=rss----7b722bfd1b8d---4) 2022-05-07T20:49:29Z **I Secured More Than 10 Million User's Data on the Kerala Government Website Maintained by NIC.** ⌘ [Read more](https://infosecwriteups.com/i-secured-more-than-10-million-users-data-on-the-kerala-government-website-maintained-by-nic-fb7d5a9f156b?source=rss----7b722bfd1b8d---4) 2022-05-07T20:49:04Z **C Language for Hackers & Beyond! 0x01** ⌘ [Read more](https://infosecwriteups.com/c-language-for-hackers-beyond-0x01-23bdb00e53f2?source=rss----7b722bfd1b8d---4) 2022-05-07T20:48:32Z **India’s Biggest Hack — 1100+ Security bugs in Indian Government Websites and Servers compromised** ⌘ [Read more](https://infosecwriteups.com/indias-biggest-hack-1100-security-bugs-in-indian-government-websites-and-servers-compromised-1f10a4c0a631?source=rss----7b722bfd1b8d---4) 2022-05-07T21:52:39Z **TryHackMe — Nessus** ⌘ [Read more](https://infosecwriteups.com/tryhackme-nessus-3bcd7a04e484?source=rss----7b722bfd1b8d---4) 2022-05-07T22:52:59Z **What caused Psychic Signatures Vulnerability (CVE-2022–21449)?**
[![](https://cdn-images-1.medium.com/max/2600/0*FgNC8xUGciscl1Zp)](https://infosecwriteups.com/what-caused-psychic-signatures-vulnerability-cve-2022-21449-60542811eac2?source=rss----7b722bfd1b8d---4)

Introduction

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/what-caused-psychic-signatures-vulnerability-cve-2022-21449-60542811eac2?source=rss----7b722b ... ⌘ [Read more](https://infosecwriteups.com/what-caused-psychic-signatures-vulnerability-cve-2022-21449-60542811eac2?source=rss----7b722bfd1b8d---4) 2022-05-09T13:56:05Z **THM Writeup: Ra 2** ⌘ [Read more](https://infosecwriteups.com/thm-writeup-ra-2-ed3de7c719a8?source=rss----7b722bfd1b8d---4) 2022-05-10T16:14:13Z **Common C Vulnerabilities**
[![](https://cdn-images-1.medium.com/max/2600/0*0KiOvYYHbaIQAxdX)](https://infosecwriteups.com/common-c-vulnerabilities-b84777e071b9?source=rss----7b722bfd1b8d---4)

Introduction

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/common-c-vulnerabilities-b84777e071b9?source=rss----7b722bfd1b8d---4) ⌘ [Read more](https://infosecwriteups.com/common-c-vulnerabilities-b84777e071b9?source=rss----7b722bfd1b8d---4) 2022-05-11T10:45:37Z **PWN101 Walkthrough | TryHackMe** ⌘ [Read more](https://infosecwriteups.com/pwn101-walkthrough-tryhackme-d34b4236b2a0?source=rss----7b722bfd1b8d---4) 2022-05-11T10:45:30Z **Cryptography essential for H4CK3R and CTF player 0x1(encoding).** ⌘ [Read more](https://infosecwriteups.com/cryptography-essential-for-h4ck3r-and-ctf-player-0x1-encoding-b638ab5821a9?source=rss----7b722bfd1b8d---4) 2022-05-11T11:47:36Z **11 Essential Tools for Java Developers** ⌘ [Read more](https://infosecwriteups.com/11-essential-tools-for-java-developers-725228f41234?source=rss----7b722bfd1b8d---4) 2022-05-12T10:47:44Z **Api endpoint- Revealed Transaction Details of about Millions of users** ⌘ [Read more](https://infosecwriteups.com/api-endpoint-revealed-transaction-details-of-about-millions-of-users-9d5a5324547f?source=rss----7b722bfd1b8d---4) 2022-05-16T09:47:02Z **Module-1 | Introduction -Pentesting & Bypassing AWS/Azure/GCP Cloud WAF Fun & Profit** ⌘ [Read more](https://infosecwriteups.com/module-1-introduction-pentesting-bypassing-cloud-waf-fun-profit-75f315951aa8?source=rss----7b722bfd1b8d---4) 2022-05-17T07:35:47Z **Create Your Ultimate Bug Bounty Automation Without Nerdy Bash Skills (Part 3)** ⌘ [Read more](https://infosecwriteups.com/create-your-ultimate-bug-bounty-automation-without-nerdy-bash-skills-part-3-7ee2b353a781?source=rss----7b722bfd1b8d---4) 2022-05-17T07:35:40Z **Create Your Ultimate Bug Bounty Automation Without Nerdy Bash Skills (Part 2)** ⌘ [Read more](https://infosecwriteups.com/create-your-ultimate-bug-bounty-automation-without-nerdy-bash-skills-part-2-c8cd72018922?source=rss----7b722bfd1b8d---4) 2022-05-17T07:35:28Z **What is SSH and How to use it? | With Examples** ⌘ [Read more](https://infosecwriteups.com/what-is-ssh-and-how-to-use-it-with-examples-578c72ff32b0?source=rss----7b722bfd1b8d---4) 2022-05-17T07:35:19Z **Module-2 | Introduction -Pentesting & Bypassing AWS/Azure/GCP Cloud WAF Fun & Profit** ⌘ [Read more](https://infosecwriteups.com/module-2-introduction-pentesting-bypassing-aws-azure-gcp-cloud-waf-fun-profit-cfcfd55454f6?source=rss----7b722bfd1b8d---4) 2022-05-17T07:35:12Z **This is how my Windows 10 Hacked! and how i overcome it (Remove a Trojan-Horse from affected PC).** ⌘ [Read more](https://infosecwriteups.com/this-is-how-my-windows-10-hacked-and-how-i-overcome-it-remove-a-trojan-horse-from-affected-pc-9cb5c90df26d?source=rss----7b722bfd1b8d---4) 2022-05-17T07:34:40Z **Create Your Ultimate Bug Bounty Automation Without Nerdy Bash Skills (Part 1)** ⌘ [Read more](https://infosecwriteups.com/create-your-ultimate-bug-bounty-automation-without-nerdy-bash-skills-part-1-a78c2b109731?source=rss----7b722bfd1b8d---4) 2022-05-17T08:37:06Z **Bypassing WAF to Weaponize a Stored XSS** ⌘ [Read more](https://infosecwriteups.com/bypassing-waf-to-weaponize-a-stored-xss-ff9963c421ee?source=rss----7b722bfd1b8d---4) 2022-05-18T08:00:02Z **The Basics of Subdomain Takeovers** ⌘ [Read more](https://infosecwriteups.com/the-basics-of-subdomain-takeovers-a0bbd4c84a4?source=rss----7b722bfd1b8d---4) 2022-05-19T08:42:44Z **Active Directory Overview** ⌘ [Read more](https://infosecwriteups.com/active-directory-overview-98692e1b0233?source=rss----7b722bfd1b8d---4) 2022-05-19T08:42:25Z **Unicode from HackTheBox — Detailed Walkthrough** ⌘ [Read more](https://infosecwriteups.com/unicode-from-hackthebox-detailed-walkthrough-5da3481816de?source=rss----7b722bfd1b8d---4) 2022-05-20T07:30:09Z **Cyber Apocalypse CTF 2022 — Web — Intergalactic Post Write-up** ⌘ [Read more](https://infosecwriteups.com/cyber-apocalypse-ctf-2022-web-intergalactic-post-write-up-9f2b1acc5386?source=rss----7b722bfd1b8d---4) 2022-05-20T07:30:04Z **Cyber Apocalypse CTF 2022 — Web — Amidst Us Write-up** ⌘ [Read more](https://infosecwriteups.com/cyber-apocalypse-ctf-2022-web-amidst-us-write-up-a6864e23c3b9?source=rss----7b722bfd1b8d---4) 2022-05-20T07:29:59Z **Cyber Apocalypse CTF 2022 — Misc — Compressor Write-up (easy way)** ⌘ [Read more](https://infosecwriteups.com/cyber-apocalypse-ctf-2022-misc-compressor-write-up-easy-way-de9efcccd6af?source=rss----7b722bfd1b8d---4) 2022-05-20T07:29:55Z **Cyber Apocalypse CTF 2022 — Web — Kryptos Support Write-up** ⌘ [Read more](https://infosecwriteups.com/cyber-apocalypse-ctf-2022-web-kryptos-support-write-up-2cf5057c4161?source=rss----7b722bfd1b8d---4) 2022-05-20T07:29:36Z **Cyber Apocalypse CTF 2022 — Intergalactic Chase Write up** ⌘ [Read more](https://infosecwriteups.com/cyber-apocalypse-ctf-2022-intergalactic-chase-write-up-6d2e89b1633e?source=rss----7b722bfd1b8d---4) 2022-05-20T08:31:16Z **Implementing Security in SDLC**
[![](https://cdn-images-1.medium.com/max/1400/0*WgbwcIcQFGpwkF8j)](https://infosecwriteups.com/implementing-security-in-sdlc-631ff4fd5451?source=rss----7b722bfd1b8d---4)

Introduction

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/implementing-security-in-sdlc-631ff4fd5451?source=rss----7b722bfd1b8d---4) ⌘ [Read more](https://infosecwriteups.com/implementing-security-in-sdlc-631ff4fd5451?source=rss----7b722bfd1b8d---4) 2022-05-20T08:28:56Z **Wireless Penetration Testing (WPA-2 Cracking)** ⌘ [Read more](https://infosecwriteups.com/wireless-penetration-testing-wpa-2-cracking-9c925e51a873?source=rss----7b722bfd1b8d---4) 2022-05-22T09:05:45Z **OTP Bypass on Vahak.in** ⌘ [Read more](https://infosecwriteups.com/otp-bypass-on-vahak-in-f4931e195697?source=rss----7b722bfd1b8d---4) 2022-05-22T09:05:07Z **TryHackMe: Biblioteca** ⌘ [Read more](https://infosecwriteups.com/tryhackme-biblioteca-c56be949564c?source=rss----7b722bfd1b8d---4) 2022-05-24T07:51:18Z **Cybersecurity & Application Attacks**
[![](https://cdn-images-1.medium.com/max/2600/1*jVeAyZy_4ryg0MG8XjPilw.jpeg)](https://infosecwriteups.com/objective-1-3-application-attacks-3f36896715fd?source=rss----7b722bfd1b8d---4)

Buffer Overflow and XSS Cross-site Scripting attacks for SY0–601

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/objective-1-3-application-attacks-3f36896715fd?source=rss----7b722bfd1b8d---4) ⌘ [Read more](https://infosecwriteups.com/objective-1-3-application-attacks-3f36896715fd?source=rss----7b722bfd1b8d---4) 2022-05-24T08:57:21Z **How I Found a company’s internal S3 Bucket with 41k Files** ⌘ [Read more](https://infosecwriteups.com/how-i-found-a-companys-internal-s3-bucket-with-41k-files-94b453e588b5?source=rss----7b722bfd1b8d---4) 2022-05-25T06:54:10Z **Antivirus Evasion — Part 1** ⌘ [Read more](https://infosecwriteups.com/antivirus-evasion-26a30f072f76?source=rss----7b722bfd1b8d---4) 2022-05-25T06:51:50Z **Hacking Web3: Introduction and How to Start** ⌘ [Read more](https://infosecwriteups.com/hacking-web3-introduction-and-how-to-start-88ae2c51f3ec?source=rss----7b722bfd1b8d---4) 2022-05-25T06:51:34Z **Kerberos Authentication in Active Directory** ⌘ [Read more](https://infosecwriteups.com/kerberos-authentication-in-active-directory-2dc4af232f65?source=rss----7b722bfd1b8d---4) 2022-05-25T07:52:39Z **Nunchucks from HackTheBox — Detailed Walkthrough** ⌘ [Read more](https://infosecwriteups.com/nunchucks-from-hackthebox-detailed-walkthrough-c09ba0f276fa?source=rss----7b722bfd1b8d---4) 2022-05-25T08:53:58Z **TryHackMe writeup: HackPark** ⌘ [Read more](https://infosecwriteups.com/tryhackme-writeup-hackpark-bd9c075c5262?source=rss----7b722bfd1b8d---4) 2022-05-25T09:53:21Z **Approaching CTF OSINT Challenges — Learn by Example** ⌘ [Read more](https://infosecwriteups.com/approaching-ctf-osint-challenges-learn-by-example-b92be1dddc8d?source=rss----7b722bfd1b8d---4) 2022-05-25T10:52:35Z **Learning Linux & InfoSec Principles Using OverTheWire’s Bandit — Part 4** ⌘ [Read more](https://infosecwriteups.com/learning-linux-infosec-principles-using-overthewires-bandit-part-4-a202c2e44843?source=rss----7b722bfd1b8d---4) 2022-05-26T05:54:22Z **Secure Code Review -1 | Cheat sheet For Security Vulnerability In Python — Injection Flaws**
Based on OWASP Top-10 Vulnerabilities. This time we are looking for secure coding bugs related to Injection Flaws

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/secure-code-review-1-cheat-sheet-for-security-vulnerability-in-python-injection-flaws-15c93b9d754f?source=rss----7b722bfd1b8d---4) ⌘ [Read more](https://infosecwriteups.com/secure-code-review-1-cheat-sheet-for-security-vulnerability-in-python-injection-flaws-15c93b9d754f?source=rss----7b722bfd1b8d---4) 2022-05-26T05:54:16Z **Module-2 | Introduction -Pentesting & Bypassing AWS/Azure/GCP Cloud WAF Fun & Profit**
[![](https://cdn-images-1.medium.com/max/1290/1*-rZYQ4hufBSXDednAQ3XqQ.png)](https://infosecwriteups.com/module-2-introduction-pentesting-bypassing-aws-azure-gcp-cloud-waf-fun-profit-9c87b6276fe7?source=rss----7b722bfd1b8d---4)

Q. What is Core Rule Set & why it is utilized by all the cloud WAFs?
A. We will try to understand more about ... ⌘ [Read more](https://infosecwriteups.com/module-2-introduction-pentesting-bypassing-aws-azure-gcp-cloud-waf-fun-profit-9c87b6276fe7?source=rss----7b722bfd1b8d---4) 2022-05-26T05:54:07Z **Module-3 | Introduction -Pentesting & Bypassing AWS/Azure/GCP Cloud WAF Fun & Profit**
[![](https://cdn-images-1.medium.com/max/1290/1*eulqyvUY36J18tEwCHskFA.png)](https://infosecwriteups.com/module-3-introduction-pentesting-bypassing-aws-azure-gcp-cloud-waf-fun-profit-6b38a836d78f?source=rss----7b722bfd1b8d---4)

1\. Setting up Vulnerable Application For AWS WAF

[Continue reading on InfoSec Write-ups »](https://infosecw ... ⌘ [Read more](https://infosecwriteups.com/module-3-introduction-pentesting-bypassing-aws-azure-gcp-cloud-waf-fun-profit-6b38a836d78f?source=rss----7b722bfd1b8d---4) 2022-05-26T20:38:18Z **Operational Methodologies of Cyber Terrorist Organization “Transparent Tribe”** ⌘ [Read more](https://infosecwriteups.com/operational-methodologies-of-cyber-terrorist-organization-transparent-tribe-3389bdc1db3e?source=rss----7b722bfd1b8d---4) 2022-05-26T20:38:07Z **Penetration Testing Benefits** ⌘ [Read more](https://infosecwriteups.com/penetration-testing-benefits-348aa3a168a3?source=rss----7b722bfd1b8d---4) 2022-05-26T20:37:54Z **How an Open Redirection Leads to an Account Takeover?** ⌘ [Read more](https://infosecwriteups.com/how-an-open-redirection-leads-to-an-account-takeover-73ea883055d1?source=rss----7b722bfd1b8d---4) 2022-05-27T09:02:36Z **Firewall Evasion Techniques using Nmap**
[![](https://cdn-images-1.medium.com/max/1400/0*nR0pYXwZKKMcsmR6)](https://infosecwriteups.com/firewall-evasion-techniques-using-nmap-523dd18b1b1c?source=rss----7b722bfd1b8d---4)

Introduction

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/firewall-evasion-techniques-using-nmap-523dd18b1b1c?source=rss----7b722bfd1b8d---4) ⌘ [Read more](https://infosecwriteups.com/firewall-evasion-techniques-using-nmap-523dd18b1b1c?source=rss----7b722bfd1b8d---4) 2022-05-29T04:33:24Z **Hacking GraphQL — Part 1** ⌘ [Read more](https://infosecwriteups.com/hacking-graphql-part-1-61d7a31b30c3?source=rss----7b722bfd1b8d---4) 2022-05-29T04:33:07Z **Bypass the Firewall with SSH Tunnelling** ⌘ [Read more](https://infosecwriteups.com/bypass-the-firewall-with-ssh-tunnelling-711fa78ea97f?source=rss----7b722bfd1b8d---4) 2022-05-29T04:31:40Z **CyberStarters CTF — Gunship** ⌘ [Read more](https://infosecwriteups.com/cyberstarters-ctf-gunship-93c23b3d5f1d?source=rss----7b722bfd1b8d---4) 2022-05-29T13:19:57Z **Learning Linux & InfoSec Principles Using OverTheWire’s Bandit — Part 4** ⌘ [Read more](https://infosecwriteups.com/learning-linux-infosec-principles-using-overthewires-bandit-part-4-69803b6f43ed?source=rss----7b722bfd1b8d---4) 2022-05-30T06:17:04Z **Pen #004: Linux Basics (Part 1)** ⌘ [Read more](https://infosecwriteups.com/pen-4-linux-basics-part-1-8559551db747?source=rss----7b722bfd1b8d---4) 2022-05-30T06:16:54Z **AWS IAM Exploitation Techniques** ⌘ [Read more](https://infosecwriteups.com/aws-iam-exploitation-techniques-565830bf704b?source=rss----7b722bfd1b8d---4) 2022-05-30T06:16:47Z **Anatomy Of Spring4Shell CVE-2022–22965** ⌘ [Read more](https://infosecwriteups.com/anatomy-of-spring4shell-cve-2022-22965-e0df259cef9d?source=rss----7b722bfd1b8d---4) 2022-05-31T13:39:32Z **HackThebox: Lame** ⌘ [Read more](https://infosecwriteups.com/hackthebox-lame-649ae6d39ac6?source=rss----7b722bfd1b8d---4) 2022-05-31T13:39:21Z **Erlik Machine Writeup** ⌘ [Read more](https://infosecwriteups.com/erlik-machine-writeup-4565f27a5695?source=rss----7b722bfd1b8d---4) 2022-05-31T13:39:11Z **Serial Communication with Raspberry Pi Pico in Windows 10/11 via WSL** ⌘ [Read more](https://infosecwriteups.com/serial-communication-with-raspberry-pi-pico-in-windows-10-11-via-wsl-50f93e29e2cb?source=rss----7b722bfd1b8d---4) 2022-05-31T13:38:27Z **Top 5 Hacking Book , Must Read !!** ⌘ [Read more](https://infosecwriteups.com/top-5-hacking-book-must-read-72b37d7f885a?source=rss----7b722bfd1b8d---4) 2022-05-31T13:38:20Z **Persistent Windows 10 and 11 keylogger (keylogiq)** ⌘ [Read more](https://infosecwriteups.com/persistent-windows-10-and-11-keylogger-keylogiq-eada8f2dbf9c?source=rss----7b722bfd1b8d---4) 2022-05-31T13:38:11Z **Zero Day Vulnerability: Chromium v8 js engine issue 1303458 — Use After Free in x64 Instruction…** ⌘ [Read more](https://infosecwriteups.com/zero-day-vulnerability-chromium-v8-js-engine-issue-1303458-use-after-free-in-x64-instruction-e874419436a6?source=rss----7b722bfd1b8d---4) 2022-05-31T14:43:56Z **Tryhackme Pcap Analysis Room Official Writeup** ⌘ [Read more](https://infosecwriteups.com/tryhackme-pcap-analysis-room-official-writeup-5788e5853acf?source=rss----7b722bfd1b8d---4) 2022-05-31T15:41:06Z **SSO: A Secure way for authentication and authorization ?**
[![](https://cdn-images-1.medium.com/max/2600/0*Mp4aBiuz1aTEoDeV)](https://infosecwriteups.com/sso-a-secure-way-for-authentication-and-authorization-6a4fb8794dd6?source=rss----7b722bfd1b8d---4)

Introduction

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/sso-a-secure-way-for-authentication-and-authorization-6a4fb8794dd6?source=rss----7b722bfd1b8d---4) ⌘ [Read more](https://infosecwriteups.com/sso-a-secure-way-for-authentication-and-authorization-6a4fb8794dd6?source=rss----7b722bfd1b8d---4) 2022-05-31T22:35:40Z **Tryhackme linuxloganalysis Writeup** ⌘ [Read more](https://infosecwriteups.com/tryhackme-linuxloganalysis-writeup-8a28fca4ac02?source=rss----7b722bfd1b8d---4) 2022-05-31T22:35:32Z **Tryhackme ramanalysis Writeup** ⌘ [Read more](https://infosecwriteups.com/tryhackme-ramanalysis-writeup-c305dd88f150?source=rss----7b722bfd1b8d---4) 2022-05-31T22:35:27Z **Tryhackme tsharkpcapanalysis Writeup** ⌘ [Read more](https://infosecwriteups.com/tryhackme-tsharkpcapanalysis-writeup-7b9ed3a19ea3?source=rss----7b722bfd1b8d---4) 2022-06-01T09:52:06Z **How I am winning battle with Windows 10 and 11 Security and avoiding detection** ⌘ [Read more](https://infosecwriteups.com/how-i-am-winning-battle-with-windows-10-and-11-security-and-avoiding-detection-6ea9f954b2a7?source=rss----7b722bfd1b8d---4) 2022-06-03T05:36:47Z **Android Pentesting Methodology (Pt. 1)** ⌘ [Read more](https://infosecwriteups.com/android-pentesting-methodology-pt-1-9557f6664307?source=rss----7b722bfd1b8d---4) 2022-06-03T06:50:01Z **Kubernetes 101 | Setting up Kubernetes Cluster Locally**
[![](https://cdn-images-1.medium.com/max/832/1*C5qJjcTuJvY7Xh0hFmwjGQ.png)](https://infosecwriteups.com/kubernetes-101-setting-up-kubernetes-cluster-locally-aa8c34c89862?source=rss----7b722bfd1b8d---4)

This blog is about setting the local Kubernetes cluster for learning & testing using multiple tools like Kind, Minikube, Kubeadm & K3s.

[Continue reading on InfoSec Write-ups »](https://inf ... ⌘ [Read more](https://infosecwriteups.com/kubernetes-101-setting-up-kubernetes-cluster-locally-aa8c34c89862?source=rss----7b722bfd1b8d---4) 2022-06-03T06:49:53Z **Enumeration and lateral movement in GCP environments** ⌘ [Read more](https://infosecwriteups.com/enumeration-and-lateral-movement-in-gcp-environments-c3b82d342794?source=rss----7b722bfd1b8d---4) 2022-06-04T07:56:16Z **Linux Hardening techniques**
[![](https://cdn-images-1.medium.com/max/2600/0*Osq2YkbhVyeraqQC)](https://infosecwriteups.com/linux-hardening-techniques-802b12bebcae?source=rss----7b722bfd1b8d---4)

Introduction

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/linux-hardening-techniques-802b12bebcae?source=rss----7b722bfd1b8d---4) ⌘ [Read more](https://infosecwriteups.com/linux-hardening-techniques-802b12bebcae?source=rss----7b722bfd1b8d---4) 2022-06-04T07:55:31Z **#Part 1 : The reality of modern information security in enterprise around the world.** ⌘ [Read more](https://infosecwriteups.com/part-1-the-reality-of-modern-information-security-in-enterprise-around-the-world-57bcd3feb169?source=rss----7b722bfd1b8d---4) 2022-06-05T07:20:28Z **Creating a backdoor in PAM in 5 line of code** ⌘ [Read more](https://infosecwriteups.com/creating-a-backdoor-in-pam-in-5-line-of-code-e23e99579cd9?source=rss----7b722bfd1b8d---4) 2022-06-05T07:15:57Z **Owasp crAPI: Introducing API Security The Hacker Way** ⌘ [Read more](https://infosecwriteups.com/crapi-api-security-the-hacker-way-7f8402bb6e65?source=rss----7b722bfd1b8d---4) 2022-06-05T07:15:54Z **Testing EDRs for Linux — Things I wish I knew before getting started** ⌘ [Read more](https://infosecwriteups.com/testing-edrs-for-linux-things-i-wish-i-knew-before-getting-started-3ab15112c183?source=rss----7b722bfd1b8d---4) 2022-06-06T11:22:35Z **Pen #005: Linux Basics (Part 2)** ⌘ [Read more](https://infosecwriteups.com/pen-5-linux-basics-part-2-57f8392ea216?source=rss----7b722bfd1b8d---4) 2022-06-07T08:24:36Z **Spring4Shell (SpringShell) Vulnerability** ⌘ [Read more](https://infosecwriteups.com/spring4shell-springshell-vulnerability-7a616e2f20ff?source=rss----7b722bfd1b8d---4) 2022-06-07T08:23:54Z **VLAN Hopping Attack** ⌘ [Read more](https://infosecwriteups.com/vlan-hopping-attack-33a8b109c068?source=rss----7b722bfd1b8d---4) 2022-06-07T08:22:47Z **NoSQL Injection** ⌘ [Read more](https://infosecwriteups.com/hacking-nosql-c07e74d8ce2c?source=rss----7b722bfd1b8d---4) 2022-06-07T08:20:49Z **Hacking Nginx: Best ways** ⌘ [Read more](https://infosecwriteups.com/hacking-nginx-best-ways-7c576cc17ccc?source=rss----7b722bfd1b8d---4) 2022-06-07T08:20:19Z **Capture the Ether — Challenge Writeup**
[![](https://cdn-images-1.medium.com/max/625/1*Q3IFpaR0r5HIzEGUJ8H07A.png)](https://infosecwriteups.com/capture-the-ether-challenge-writeup-b10853807690?source=rss----7b722bfd1b8d---4)

I started concentrating in smart contract security and it is really interesting.

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/capture-the-ether-challenge-writeup-b10853807690?source=rss----7b722bfd1b8d---4) ⌘ [Read more](https://infosecwriteups.com/capture-the-ether-challenge-writeup-b10853807690?source=rss----7b722bfd1b8d---4) 2022-06-07T09:21:10Z **Pandora from HackTheBox — Detailed Walkthrough** ⌘ [Read more](https://infosecwriteups.com/pandora-from-hackthebox-detailed-walkthrough-7d52066e5dc5?source=rss----7b722bfd1b8d---4) 2022-06-08T12:41:10Z **Detecting DNS Tunneling using Spark Structured Streaming**
[![](https://cdn-images-1.medium.com/max/1536/1*3_2FywRePkmco2Q5Cd-U5A.png)](https://infosecwriteups.com/detecting-dns-tunneling-using-spark-structured-streaming-c7e2b6af0349?source=rss----7b722bfd1b8d---4)

From generating DNS logs to end-to-end implementation of structured streaming

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/detecting-dns-tunneling-using- ... ⌘ [Read more](https://infosecwriteups.com/detecting-dns-tunneling-using-spark-structured-streaming-c7e2b6af0349?source=rss----7b722bfd1b8d---4) 2022-06-10T06:46:35Z **[BugBounty] Tips to Find Stored XSS**
[![](https://cdn-images-1.medium.com/max/600/1*Q4FqFV_y2V7Ue3CDEnU13A.png)](https://infosecwriteups.com/bugbounty-tips-to-find-stored-xss-9995814d353f?source=rss----7b722bfd1b8d---4)

Intro

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/bugbounty-tips-to-find-stored-xss-9995814d353f?source=rss----7b722bfd1b8d---4) ⌘ [Read more](https://infosecwriteups.com/bugbounty-tips-to-find-stored-xss-9995814d353f?source=rss----7b722bfd1b8d---4) 2022-06-10T15:26:46Z **Brainpan 1 WriteUp Tryhackme** ⌘ [Read more](https://infosecwriteups.com/brainpan-1-writeup-tryhackme-ba33c01c4fc4?source=rss----7b722bfd1b8d---4) 2022-06-11T17:14:30Z **[Bug Bounty] How I was able edit AWS’s files from file upload function?** ⌘ [Read more](https://infosecwriteups.com/bug-bounty-how-i-was-able-edit-awss-files-from-file-upload-function-cb33bc3bd3a9?source=rss----7b722bfd1b8d---4) 2022-06-11T18:17:21Z **Timing from HackTheBox — Detailed Walkthrough** ⌘ [Read more](https://infosecwriteups.com/timing-from-hackthebox-detailed-walkthrough-7671466227fd?source=rss----7b722bfd1b8d---4) 2022-06-12T14:01:12Z **TryHackMe: LazyAdmin** ⌘ [Read more](https://infosecwriteups.com/tryhackme-lazyadmin-9441e1240cb7?source=rss----7b722bfd1b8d---4) 2022-06-12T15:03:36Z **Learning More About YAML Deserialization**
[![](https://cdn-images-1.medium.com/max/1600/0*qiKO_Eao27BOQL6_)](https://infosecwriteups.com/learning-more-about-yaml-deserialization-9c08093b4a3d?source=rss----7b722bfd1b8d---4)

Introduction

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/learning-more-about-yaml-deserialization-9c08093b4a3d?source=rss----7b722bfd1b8d---4) ⌘ [Read more](https://infosecwriteups.com/learning-more-about-yaml-deserialization-9c08093b4a3d?source=rss----7b722bfd1b8d---4) 2022-06-13T05:36:09Z **NTLM Authentication in Active Directory** ⌘ [Read more](https://infosecwriteups.com/ntlm-authentication-in-active-directory-b99ea9087519?source=rss----7b722bfd1b8d---4) 2022-06-13T05:35:58Z **How to get started in Cybersecurity in 2022** ⌘ [Read more](https://infosecwriteups.com/how-to-get-started-in-cybersecurity-in-2022-e36bd5732da?source=rss----7b722bfd1b8d---4) 2022-06-14T10:37:34Z **How I found a Critical Bug in Instagram and Got 49500$ Bounty From Facebook** ⌘ [Read more](https://infosecwriteups.com/how-i-found-a-critical-bug-in-instagram-and-got-49500-bounty-from-facebook-626ff2c6a853?source=rss----7b722bfd1b8d---4) 2022-06-15T08:03:44Z **Phishing Domain Detection using Neural Networks**
[![](https://cdn-images-1.medium.com/max/1000/1*quHtZCsfOml6gtt0_FUTmw.jpeg)](https://infosecwriteups.com/phishing-domain-detection-using-neural-networks-b133a6495a78?source=rss----7b722bfd1b8d---4)

Applying neural networks on domain name analysis to detect phishing

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/phishing-domain-detection-using-neural-networks-b133a6495a78?sourc ... ⌘ [Read more](https://infosecwriteups.com/phishing-domain-detection-using-neural-networks-b133a6495a78?source=rss----7b722bfd1b8d---4) 2022-06-15T09:06:06Z **AdmirerToo from HackTheBox — Detailed Walkthrough** ⌘ [Read more](https://infosecwriteups.com/admirertoo-from-hackthebox-detailed-walkthrough-b005ec7a4877?source=rss----7b722bfd1b8d---4) 2022-06-16T16:52:43Z **Attacks on Blockchain** ⌘ [Read more](https://infosecwriteups.com/attacks-on-blockchain-84fac903b20a?source=rss----7b722bfd1b8d---4) 2022-06-17T16:16:06Z **Vulnerabilities in JS based Applications**
[![](https://cdn-images-1.medium.com/max/1400/0*8mbMihOcjOTdVrD7)](https://infosecwriteups.com/vulnerabilities-in-js-based-applications-397e0dc90124?source=rss----7b722bfd1b8d---4)

Introduction

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/vulnerabilities-in-js-based-applications-397e0dc90124?source=rss----7b722bfd1b8d---4) ⌘ [Read more](https://infosecwriteups.com/vulnerabilities-in-js-based-applications-397e0dc90124?source=rss----7b722bfd1b8d---4) 2022-06-19T14:56:45Z **LDAP in Active Directory** ⌘ [Read more](https://infosecwriteups.com/ldap-in-active-directory-f0de5729f72f?source=rss----7b722bfd1b8d---4) 2022-06-21T08:21:08Z **Kubernetes Security Policy Enforcement — OPA** ⌘ [Read more](https://infosecwriteups.com/kubernetes-security-policy-enforcement-opa-70975ec51272?source=rss----7b722bfd1b8d---4) 2022-06-21T08:20:59Z **Google Dorks: An Advanced Hacking Tool** ⌘ [Read more](https://infosecwriteups.com/google-dorks-an-advanced-hacking-tool-a523c4996279?source=rss----7b722bfd1b8d---4) 2022-06-21T08:20:42Z **Create a Hidden IRC Server with The Onion Router (TOR)** ⌘ [Read more](https://infosecwriteups.com/create-a-hidden-irc-server-with-the-onion-router-tor-c839e3a81d78?source=rss----7b722bfd1b8d---4) 2022-06-21T13:58:30Z **HacktheBox Writeup: Paper** ⌘ [Read more](https://infosecwriteups.com/hackthebox-writeup-paper-5a13adfcc549?source=rss----7b722bfd1b8d---4) 2022-06-21T14:36:39Z **Telangana, Andhra Pradesh, Karnataka, Himachal Pradesh & Kerala — All Government bus services were…** ⌘ [Read more](https://infosecwriteups.com/telangana-andhra-pradesh-karnataka-himachal-pradesh-kerala-all-government-bus-services-were-885b44c21a?source=rss----7b722bfd1b8d---4) 2022-06-21T15:03:25Z **What are supply chains and they security**
[![](https://cdn-images-1.medium.com/max/1400/0*FstMp3fX0oEzs5Eu)](https://infosecwriteups.com/what-are-supply-chains-and-they-security-8295f437061f?source=rss----7b722bfd1b8d---4)

What are Supply Chains Attacks

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/what-are-supply-chains-and-they-security-8295f437061f?source=rss----7b722bfd1b8d---4) ⌘ [Read more](https://infosecwriteups.com/what-are-supply-chains-and-they-security-8295f437061f?source=rss----7b722bfd1b8d---4) 2022-06-21T15:53:06Z **Infosec Weekly #2 — Docker, Google Dorks, Bug Bounty and other interesting Infosec stuff.** ⌘ [Read more](https://infosecwriteups.com/https-weekly-infosecwriteups-com-infosec-weekly-2-an-in-depth-79c080c14f5e?source=rss----7b722bfd1b8d---4) 2022-06-23T18:23:13Z **Why is the Zero Trust Security Model Effective?** ⌘ [Read more](https://infosecwriteups.com/why-is-the-zero-trust-security-model-effective-93e853bee9c5?source=rss----7b722bfd1b8d---4) 2022-06-23T19:27:54Z **Information Leak: Posted, Discovered & Misused! How easy for Criminals to get your data?** ⌘ [Read more](https://infosecwriteups.com/information-leak-posted-discovered-misused-how-easy-for-criminals-to-get-your-data-7a83b39f9df7?source=rss----7b722bfd1b8d---4) 2022-06-25T09:09:00Z **Meta from HackTheBox — Detailed Walkthrough** ⌘ [Read more](https://infosecwriteups.com/meta-from-hackthebox-detailed-walkthrough-a26925443ab7?source=rss----7b722bfd1b8d---4) 2022-06-27T15:31:51Z **Analyzing CVE-2022–22980 to discover a real exploitable path in the source code review process with…** ⌘ [Read more](https://infosecwriteups.com/analyzing-cve-2022-22980-to-discover-a-real-exploitable-path-in-the-source-code-review-process-with-145d97717656?source=rss----7b722bfd1b8d---4) 2022-06-27T15:31:43Z **How i was able to takeover 3 Subdomains of an Organization via Shopify?** ⌘ [Read more](https://infosecwriteups.com/how-i-was-able-to-takeover-3-shopify-subdomains-of-an-organization-867141854d37?source=rss----7b722bfd1b8d---4) 2022-06-27T15:30:36Z **Getting Your First Bug (Part II)** ⌘ [Read more](https://infosecwriteups.com/getting-your-first-bug-part-ii-f7081a027f71?source=rss----7b722bfd1b8d---4) 2022-06-27T17:17:57Z **IW Weekly #3: SQL Injection, Data Exfiltration, Log Poisoning, Blind XSS, and more.** ⌘ [Read more](https://infosecwriteups.com/iw-weekly-3-sql-injection-data-exfiltration-log-poisoning-blind-xss-and-more-bb98cd5523f?source=rss----7b722bfd1b8d---4) 2022-06-28T09:21:18Z **Make a Self-Replicating Virus in Python** ⌘ [Read more](https://infosecwriteups.com/make-a-self-replicating-virus-in-python-bb29404e3f6b?source=rss----7b722bfd1b8d---4) 2022-06-28T09:20:40Z **Learning More about File Upload Vulnerabilities**
[![](https://cdn-images-1.medium.com/max/1400/0*tia56VnJ3cTu8KmT)](https://infosecwriteups.com/learning-more-about-file-upload-vulnerabilities-1833bed29f5d?source=rss----7b722bfd1b8d---4)

The vulnerability associated with file uploads is well-known and considered to be of high severity. This vulnerability exists because the…

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/learni ... ⌘ [Read more](https://infosecwriteups.com/learning-more-about-file-upload-vulnerabilities-1833bed29f5d?source=rss----7b722bfd1b8d---4) 2022-06-29T10:03:19Z **HTML and Hyperlink Injection via Share Option In Microsoft Onenote Application**
[![](https://cdn-images-1.medium.com/max/2600/1*ZDW696xGKELspXP6bhWs9A.png)](https://infosecwriteups.com/html-and-hyperlink-injection-via-share-option-in-microsoft-onenote-application-47e94d0e6478?source=rss----7b722bfd1b8d---4)

Hyperlink Injection it’s when attacker injecting a malicious link when sending an email invitation.

[Continue re ... ⌘ [Read more](https://infosecwriteups.com/html-and-hyperlink-injection-via-share-option-in-microsoft-onenote-application-47e94d0e6478?source=rss----7b722bfd1b8d---4) 2022-06-29T12:39:14Z **Text Based Injection | Content Spoofing on ISRO Website** ⌘ [Read more](https://infosecwriteups.com/text-based-injection-content-spoofing-96e9eb1615d8?source=rss----7b722bfd1b8d---4) 2022-06-29T16:34:19Z **IW Weekly #4: BITB Attack, Hackthebox Walkthrough, Twitter Link Takeover, and more.** ⌘ [Read more](https://infosecwriteups.com/iw-weekly-4-bitb-attack-hackthebox-walkthrough-twitter-link-takeover-and-more-d7909993ecc7?source=rss----7b722bfd1b8d---4) 2022-06-30T16:14:29Z **All About String in Python** ⌘ [Read more](https://infosecwriteups.com/all-about-string-in-python-b13d2306029f?source=rss----7b722bfd1b8d---4) 2022-06-30T16:51:25Z **Choosing your job role in cybersecurity** ⌘ [Read more](https://infosecwriteups.com/choosing-your-job-role-in-cybersecurity-75ab920285a0?source=rss----7b722bfd1b8d---4) 2022-07-01T07:46:50Z **Let’s Understand SSRF vulnerability**
[![](https://cdn-images-1.medium.com/max/1400/0*ng8Lok1fxomlENRU)](https://infosecwriteups.com/lets-understand-ssrf-vulnerability-6f1d28b228f9?source=rss----7b722bfd1b8d---4)

Introduction

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/lets-understand-ssrf-vulnerability-6f1d28b228f9?source=rss----7b722bfd1b8d---4) ⌘ [Read more](https://infosecwriteups.com/lets-understand-ssrf-vulnerability-6f1d28b228f9?source=rss----7b722bfd1b8d---4) 2022-07-01T12:42:40Z **IW Weekly #5: Account Takeover, Recon, Ransomware Creation, and more.** ⌘ [Read more](https://infosecwriteups.com/iw-weekly-5-account-takeover-recon-ransomware-creation-and-more-9b662e6e0c88?source=rss----7b722bfd1b8d---4) 2022-07-03T15:48:36Z **A swag for a Open Redirect — Google Dork — Bug Bounty**
[![](https://cdn-images-1.medium.com/max/2000/1*Rli0gKZWWLdQktrxLGFOhw.png)](https://infosecwriteups.com/a-swag-for-a-open-redirect-google-dork-bug-bounty-2143b943f34e?source=rss----7b722bfd1b8d---4)

Hello Folks 👋,I have found a good open redirect with my param scanner. I will tell you here how I found it and what kind of swag I got…

[Continue reading on InfoSec Write-ups »](https://infosecwr ... ⌘ [Read more](https://infosecwriteups.com/a-swag-for-a-open-redirect-google-dork-bug-bounty-2143b943f34e?source=rss----7b722bfd1b8d---4) 2022-07-03T15:47:39Z **DNS in Active Directory** ⌘ [Read more](https://infosecwriteups.com/dns-in-active-directory-dcb93b10c3f3?source=rss----7b722bfd1b8d---4) 2022-07-04T14:27:29Z **CVE-2022–32511 | Exploit | Remote Code Execution** ⌘ [Read more](https://infosecwriteups.com/cve-2022-32511-exploit-remote-code-execution-daeffdc94219?source=rss----7b722bfd1b8d---4) 2022-07-06T06:53:28Z **Undetected from HackTheBox — Detailed Walkthrough** ⌘ [Read more](https://infosecwriteups.com/undetected-from-hackthebox-detailed-walkthrough-82847eadf7a7?source=rss----7b722bfd1b8d---4) 2022-07-07T07:21:05Z **Annie From TryHackme** ⌘ [Read more](https://infosecwriteups.com/annie-from-tryhackme-edfea2b78eb5?source=rss----7b722bfd1b8d---4) 2022-07-07T10:32:15Z **W Weekly #6: Bypassing 2FA, Steghide Challenges, PEStudio Walkthrough, and more…** ⌘ [Read more](https://infosecwriteups.com/w-weekly-6-bypassing-2fa-steghide-challenges-pestudio-walkthrough-and-more-1688a8e24b09?source=rss----7b722bfd1b8d---4) 2022-07-08T11:58:22Z **Let’s Learn about Cookie and Its Security**
[![](https://cdn-images-1.medium.com/max/1400/0*dbMwNM_xNhn7DoIZ)](https://infosecwriteups.com/lets-learn-about-cookie-and-its-security-f6d349f2ccc0?source=rss----7b722bfd1b8d---4)

Introduction

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/lets-learn-about-cookie-and-its-security-f6d349f2ccc0?source=rss----7b722bfd1b8d---4) ⌘ [Read more](https://infosecwriteups.com/lets-learn-about-cookie-and-its-security-f6d349f2ccc0?source=rss----7b722bfd1b8d---4) 2022-07-09T11:38:04Z **IW Weekly #7: Facebook account takeover, Java Deserialization, SSRF, and more…** ⌘ [Read more](https://infosecwriteups.com/https-weekly-infosecwriteups-com-iw-weekly-7-facebook-account-takeover-java-deserialization-ssrf-and-more-adb10046c646?source=rss----7b722bfd1b8d---4) 2022-07-09T19:30:08Z **Exposing Millions of Voter ID card user’s details.** ⌘ [Read more](https://infosecwriteups.com/exposing-millions-of-voter-id-card-users-details-8a993c9a5d35?source=rss----7b722bfd1b8d---4) 2022-07-09T19:29:59Z **Docker: Creating a Pivoting Lab and Exploiting it** ⌘ [Read more](https://infosecwriteups.com/docker-creating-a-pivoting-lab-and-exploiting-it-a66646dc2cf3?source=rss----7b722bfd1b8d---4) 2022-07-09T19:29:02Z **HackTheBox Writeup: RouterSpace** ⌘ [Read more](https://infosecwriteups.com/hackthebox-writeup-routerspace-d0a4d5c1ce78?source=rss----7b722bfd1b8d---4) 2022-07-09T19:28:54Z **How I Hacked My College Server?** ⌘ [Read more](https://infosecwriteups.com/how-i-hacked-my-college-server-738f038712c3?source=rss----7b722bfd1b8d---4) 2022-07-09T20:32:24Z **RouterSpace From Hackthebox** ⌘ [Read more](https://infosecwriteups.com/routerspace-from-hackthebox-74de4a9ba988?source=rss----7b722bfd1b8d---4) 2022-07-10T16:31:46Z **Hunting malwares with Yara** ⌘ [Read more](https://infosecwriteups.com/hunting-malwares-with-yara-6b451b2ad1a8?source=rss----7b722bfd1b8d---4) 2022-07-10T17:32:06Z **Sandboxing python modules in your code** ⌘ [Read more](https://infosecwriteups.com/sandboxing-python-modules-in-your-code-1e590d71fc26?source=rss----7b722bfd1b8d---4) 2022-07-11T11:18:10Z **IW Weekly #8: Cloudflare WAF, OAuth, TLS Fingerprinting, Talosplus, and more…** ⌘ [Read more](https://infosecwriteups.com/https-weekly-infosecwriteups-com-iw-weekly-8-2b8f40c888e3?source=rss----7b722bfd1b8d---4) 2022-07-13T11:22:37Z **‍IW Weekly #9: Web3 Hacking, Leveraging Google Dorks, Python Flaws, and more…** ⌘ [Read more](https://infosecwriteups.com/https-weekly-infosecwriteups-com-iw-weekly-9-web3-hacking-leveraging-google-dorks-python-flaws-and-more-c230c4b6fea3?source=rss----7b722bfd1b8d---4) 2022-07-14T14:35:30Z **Let’s talk about buffer overflow**
[![](https://cdn-images-1.medium.com/max/2240/1*D89RU58NsgWw2ohreS_7Fg.png)](https://infosecwriteups.com/lets-talk-about-buffer-overflow-54764101030b?source=rss----7b722bfd1b8d---4)

A buffer overflow, or buffer overrun, occurs when more data is put into a fixed-length buffer than the buffer can handle.

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/lets-talk-about-buffer-overflow-54764101030b?source=rss----7 ... ⌘ [Read more](https://infosecwriteups.com/lets-talk-about-buffer-overflow-54764101030b?source=rss----7b722bfd1b8d---4) 2022-07-14T15:37:10Z **Understanding and Bypassing Rate Limiting's**
[![](https://cdn-images-1.medium.com/max/1400/0*g42Mdx-kCUyeC1lc)](https://infosecwriteups.com/understanding-and-bypassing-rate-limitings-7c99a1252635?source=rss----7b722bfd1b8d---4)

Introduction

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/understanding-and-bypassing-rate-limitings-7c99a1252635?source=rss----7b722bfd1b8d---4) ⌘ [Read more](https://infosecwriteups.com/understanding-and-bypassing-rate-limitings-7c99a1252635?source=rss----7b722bfd1b8d---4) 2022-07-15T08:05:11Z **WiFi Hacking Week Pt. 4 — Evil Twin Attacks** ⌘ [Read more](https://infosecwriteups.com/wifi-hacking-week-pt-4-evil-twin-attacks-63f79a800206?source=rss----7b722bfd1b8d---4) 2022-07-15T08:04:58Z **Android WebView Hacking — Enable WebView Debugging** ⌘ [Read more](https://infosecwriteups.com/android-webview-hacking-enable-webview-debugging-d292b53f7a63?source=rss----7b722bfd1b8d---4) 2022-07-15T11:07:58Z **‍IW Weekly #10: 5 Articles, 4 Threads, 3 Videos, 2 Github Repos, 1 Job Alert** ⌘ [Read more](https://infosecwriteups.com/https-weekly-infosecwriteups-com-iw-weekly-10-5-articles-4-threads-3-videos-2-github-repos-1-job-alert-2ebff2c27f80?source=rss----7b722bfd1b8d---4) 2022-07-16T09:32:33Z **RouterSpace from HackTheBox — Detailed Walkthrough** ⌘ [Read more](https://infosecwriteups.com/routerspace-from-hackthebox-detailed-walkthrough-d40c22ad9d7c?source=rss----7b722bfd1b8d---4) 2022-07-17T17:14:30Z **FFUF-ing RECON**
[![](https://cdn-images-1.medium.com/max/720/1*o29QbJycAhYssrg274Fz5w.png)](https://infosecwriteups.com/ffuf-ing-recon-1ee4e79b3256?source=rss----7b722bfd1b8d---4)

, or how to get to P1–P3 from a slightly different recon

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/ffuf-ing-recon-1ee4e79b3256?source=rss----7b722bfd1b8d---4) ⌘ [Read more](https://infosecwriteups.com/ffuf-ing-recon-1ee4e79b3256?source=rss----7b722bfd1b8d---4) 2022-07-17T18:17:17Z **Finding 0-days in Enterprise Application** ⌘ [Read more](https://infosecwriteups.com/finding-0-days-in-enterprise-application-471a409ade8d?source=rss----7b722bfd1b8d---4) 2022-07-19T05:15:27Z **Good things takes time | Story of my first “valid” critical bug!** ⌘ [Read more](https://infosecwriteups.com/story-of-my-first-valid-critical-bug-22029115f8d7?source=rss----7b722bfd1b8d---4) 2022-07-19T05:13:12Z **Hacking Facebook Invoice: How I could’ve bought anything for Free from Facebook Business Pages** ⌘ [Read more](https://infosecwriteups.com/hacking-facebook-invoice-how-i-couldve-bought-anything-for-free-from-facebook-business-pages-42bcfaa73ec4?source=rss----7b722bfd1b8d---4) 2022-07-20T07:03:19Z **TryHackMe — Offensive Security** ⌘ [Read more](https://infosecwriteups.com/tryhackme-offensive-security-a5ed067ca234?source=rss----7b722bfd1b8d---4) 2022-07-20T07:03:08Z **Paper from HackTheBox — Detailed Walkthrough** ⌘ [Read more](https://infosecwriteups.com/paper-from-hackthebox-detailed-walkthrough-8afa8de0ff3e?source=rss----7b722bfd1b8d---4) 2022-07-20T07:37:45Z **File Permissions in Linux** ⌘ [Read more](https://infosecwriteups.com/file-permissions-in-linux-8d35ed810a23?source=rss----7b722bfd1b8d---4) 2022-07-21T06:15:16Z **HTB-Business CTF** ⌘ [Read more](https://infosecwriteups.com/htb-business-ctf-e388db78649?source=rss----7b722bfd1b8d---4) 2022-07-22T05:33:36Z **TryHackMe — Antivirus** ⌘ [Read more](https://infosecwriteups.com/tryhackme-antivirus-2c69a4b3e26e?source=rss----7b722bfd1b8d---4) 2022-07-22T06:38:25Z **A Lab for Practicing Azure Service Principal Abuse** ⌘ [Read more](https://infosecwriteups.com/a-lab-for-practicing-azure-service-principal-abuse-bd000e6c48eb?source=rss----7b722bfd1b8d---4) 2022-07-22T10:42:19Z **The more predictable you are, the less you get detected — hiding malicious shellcodes via Shannon…** ⌘ [Read more](https://infosecwriteups.com/the-more-predictable-you-are-the-less-you-get-detected-hiding-malicious-shellcodes-via-shannon-111a83fe60e4?source=rss----7b722bfd1b8d---4) 2022-07-22T11:47:05Z **Let’s Understand Path Traversal Vulnerabilities**
[![](https://cdn-images-1.medium.com/max/1400/0*cFk5Ddgy1dOcaS8o)](https://infosecwriteups.com/lets-understand-path-traversal-vulnerabilities-e4263dcb4e39?source=rss----7b722bfd1b8d---4)

Introduction

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/lets-understand-path-traversal-vulnerabilities-e4263dcb4e39?source=rss----7b722bfd1b8d---4) ⌘ [Read more](https://infosecwriteups.com/lets-understand-path-traversal-vulnerabilities-e4263dcb4e39?source=rss----7b722bfd1b8d---4) 2022-07-22T15:53:26Z **How Malicious Hackers Can Takeover Your Headless Browser: Part 1** ⌘ [Read more](https://infosecwriteups.com/how-malicious-hackers-can-takeover-your-headless-browser-part-1-bcab9e3a2f9c?source=rss----7b722bfd1b8d---4) 2022-07-22T15:53:10Z **How Malicious Hackers Can Takeover Your Headless Browser: Part 2** ⌘ [Read more](https://infosecwriteups.com/how-malicious-hackers-can-takeover-your-headless-browser-part-2-e56fe87b567b?source=rss----7b722bfd1b8d---4) 2022-07-22T15:52:57Z **Don’t let evil hackers abuse this simple Flask/Jinja2 mistake** ⌘ [Read more](https://infosecwriteups.com/walkthrough-templated-hack-the-box-web-challenge-defc45ebbf01?source=rss----7b722bfd1b8d---4) 2022-07-23T07:19:47Z **I mean, IDOR is NOT only about others ID** ⌘ [Read more](https://infosecwriteups.com/i-mean-idor-is-not-only-about-others-id-2d26115072ba?source=rss----7b722bfd1b8d---4) 2022-07-23T07:19:34Z **How to NOT keep your Active Directory safe.** ⌘ [Read more](https://infosecwriteups.com/walkthrough-phonebook-hack-the-box-web-challenge-b853924b5542?source=rss----7b722bfd1b8d---4) 2022-07-23T07:19:22Z **This one trick will exploit URL parsers to perform SSRF** ⌘ [Read more](https://infosecwriteups.com/walkthrough-weather-app-hack-the-box-web-challenge-34b0c930dfca?source=rss----7b722bfd1b8d---4) 2022-07-23T07:19:10Z **This is why you should NEVER use the eval() function — RCE!** ⌘ [Read more](https://infosecwriteups.com/walkthrough-lovetok-hack-the-box-web-challenge-430c44f6a0c9?source=rss----7b722bfd1b8d---4) 2022-07-23T07:18:39Z **Be Careful of User Input. You will get hacked.** ⌘ [Read more](https://infosecwriteups.com/walkthrough-toxic-hack-the-box-web-challenge-de8badbded86?source=rss----7b722bfd1b8d---4) 2022-07-23T07:18:19Z **Beware of Ghosts!! — when CVE-2018–16509 leads to Remote Code Execution.** ⌘ [Read more](https://infosecwriteups.com/walkthrough-petpet-rcbee-hack-the-box-web-challenge-e0f23fe487a6?source=rss----7b722bfd1b8d---4) 2022-07-23T13:12:09Z **Un3xpected DoS Attack on Profile Pictur3** ⌘ [Read more](https://infosecwriteups.com/un3xpected-dos-attack-on-profile-pictur3-b957979dcc7?source=rss----7b722bfd1b8d---4) 2022-07-24T08:19:23Z **Pivoting Techniques with THM Wreath** ⌘ [Read more](https://infosecwriteups.com/pivoting-techniques-with-thm-wreath-95fecba1b580?source=rss----7b722bfd1b8d---4) 2022-07-24T09:22:45Z **How I chained multiple CVEs and other web vulnerabilities during a past Red Team Op to pwn the** ⌘ [Read more](https://infosecwriteups.com/how-i-chained-multiple-cves-and-other-web-vulnerabilities-during-a-past-red-team-op-to-pwn-the-77274ef6b7e3?source=rss----7b722bfd1b8d---4) 2022-07-25T08:26:56Z **This is why you should ALWAYS check for Race Conditions (even in JavaScript)** ⌘ [Read more](https://infosecwriteups.com/this-is-why-you-should-always-check-for-race-conditions-even-in-javascript-410b6021ad1a?source=rss----7b722bfd1b8d---4) 2022-07-26T09:06:11Z **Mail Server Misconfiguration leads to sending a fax from anyone’s account on HelloFax (Dropbox BBP)…** ⌘ [Read more](https://infosecwriteups.com/mail-server-misconfiguration-leads-to-sending-a-fax-from-anyones-account-on-hellofax-dropbox-bbp-aab3d97ab4e7?source=rss----7b722bfd1b8d---4) 2022-07-26T10:12:43Z **You MUST sanitize PHP mail() inputs — or else RCE!** ⌘ [Read more](https://infosecwriteups.com/you-must-sanitize-php-mail-inputs-or-else-rce-7ac7ba906dca?source=rss----7b722bfd1b8d---4) 2022-07-26T11:06:06Z **IW Weekly #11: Hacking Nginx, eJPT2.0, Free Hacking Resources, OWASP API, and more** ⌘ [Read more](https://infosecwriteups.com/iw-weekly-11-hacking-nginx-ejpt2-0-free-hacking-resources-owasp-api-and-more-642045883c0?source=rss----7b722bfd1b8d---4) 2022-07-27T07:22:45Z **How a Race Condition made these crypto hackers $5000 bug bounty** ⌘ [Read more](https://infosecwriteups.com/how-a-race-condition-made-these-crypto-hackers-5000-bug-bounty-a72158a472a8?source=rss----7b722bfd1b8d---4) 2022-07-27T14:26:22Z **Catch from HackTheBox — Detailed Walkthrough** ⌘ [Read more](https://infosecwriteups.com/catch-from-hackthebox-detailed-walkthrough-d0ad7cf318b3?source=rss----7b722bfd1b8d---4) 2022-07-28T08:04:48Z **Why this SIMPLE mistake earned a $5000 bug bounty from Reddit** ⌘ [Read more](https://infosecwriteups.com/why-this-simple-mistake-earned-a-5000-bug-bounty-from-reddit-d906cb46c60e?source=rss----7b722bfd1b8d---4) 2022-07-28T08:03:25Z **How to Install Elastic Stack on Ubuntu 22.04 LTS** ⌘ [Read more](https://infosecwriteups.com/how-to-install-elastic-stack-on-ubuntu-22-04-lts-a2f1b00eced?source=rss----7b722bfd1b8d---4) 2022-07-29T11:51:51Z **How this team accidentally found a SSRF in Slack exposing AWS credentials! A $4000 bug bounty** ⌘ [Read more](https://infosecwriteups.com/how-this-team-accidentally-found-a-ssrf-in-slack-exposing-aws-credentials-a-4000-bug-bounty-513be19286e?source=rss----7b722bfd1b8d---4) 2022-07-29T12:21:36Z **IW Weekly #12: $O to $150,000/month mindset, Zoom RCE, Abusing FB Features, Bypass CSRF Protection…** ⌘ [Read more](https://infosecwriteups.com/iw-weekly-12-o-to-150-000-month-mindset-zoom-rce-abusing-fb-features-bypass-csrf-protection-abf86efeca5e?source=rss----7b722bfd1b8d---4) 2022-07-30T08:38:16Z **GSuite domain takeover through delegation** ⌘ [Read more](https://infosecwriteups.com/gsuite-domain-takeover-through-delegation-9d6664c91142?source=rss----7b722bfd1b8d---4) 2022-08-01T06:27:29Z **Cybersecurity Learning Path** ⌘ [Read more](https://infosecwriteups.com/cybersecurity-learning-path-19f64f6a547e?source=rss----7b722bfd1b8d---4) 2022-08-01T06:27:00Z **Zero-day XSS** ⌘ [Read more](https://infosecwriteups.com/zero-day-xss-309916922ea6?source=rss----7b722bfd1b8d---4) 2022-08-01T06:24:18Z **Why this EASY vulnerability resulted in a $20,000 bug bounty from GitLab**
[![](https://cdn-images-1.medium.com/max/1420/1*q8df8dhpfcAcknz5iHA78A.png)](https://infosecwriteups.com/how-this-easy-vulnerability-resulted-in-a-20-000-bug-bounty-from-gitlab-d9dc9312c10a?source=rss----7b722bfd1b8d---4)

The hidden dangers of numerical IDs

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/how-this-easy-vulnerabilit ... ⌘ [Read more](https://infosecwriteups.com/how-this-easy-vulnerability-resulted-in-a-20-000-bug-bounty-from-gitlab-d9dc9312c10a?source=rss----7b722bfd1b8d---4) 2022-08-01T06:24:05Z **This SIMPLE vulnerability in Shopify earned a $2500 bug bounty**
[![](https://cdn-images-1.medium.com/max/1308/1*Wdq44-jgI1mZFiwv_tv3sg.png)](https://infosecwriteups.com/this-simple-vulnerability-in-shopify-earned-a-2500-bug-bounty-25f0b8358012?source=rss----7b722bfd1b8d---4)

Don’t forget to check for user access rights

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/this-simple-vulnerability-in-shopify-earned-a-2 ... ⌘ [Read more](https://infosecwriteups.com/this-simple-vulnerability-in-shopify-earned-a-2500-bug-bounty-25f0b8358012?source=rss----7b722bfd1b8d---4) 2022-08-01T08:13:03Z **IW Weekly #13: 1000s of user tokens exposed, pre-auth RCEs in Oracle, AWS Misconfigurations, IDOR…** ⌘ [Read more](https://infosecwriteups.com/iw-weekly-13-1000s-of-user-tokens-exposed-pre-auth-rces-in-oracle-aws-misconfigurations-idor-46d1771fdbd6?source=rss----7b722bfd1b8d---4) 2022-08-02T10:56:51Z **Learn SQL injection in practice by hacking vulnerable application! — StackZero** ⌘ [Read more](https://infosecwriteups.com/learn-sql-injection-in-practice-by-hacking-vulnerable-application-stackzero-ef7931c72aec?source=rss----7b722bfd1b8d---4) 2022-08-02T10:54:48Z **How to Setup BurpSuite on Linux** ⌘ [Read more](https://infosecwriteups.com/how-to-setup-burpsuite-on-linux-350d17780fdb?source=rss----7b722bfd1b8d---4) 2022-08-02T10:50:50Z **Is CSRF really dead? Examining Stripe’s $5000 CSRF bug bounty.**
[![](https://cdn-images-1.medium.com/max/1272/1*DUBayO9EToMxhGPHDsObUg.png)](https://infosecwriteups.com/is-csrf-really-dead-examining-stripes-5000-csrf-bug-bounty-37bbd6631de3?source=rss----7b722bfd1b8d---4)

Testing for CSRF can be worth it.

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/is-csrf-really-dead-examining-stripes-5000-csrf-bug-bounty-37bbd ... ⌘ [Read more](https://infosecwriteups.com/is-csrf-really-dead-examining-stripes-5000-csrf-bug-bounty-37bbd6631de3?source=rss----7b722bfd1b8d---4) 2022-08-03T06:16:08Z **IW Weekly #14: $1M bounty, bug bounty tips, upcoming CTF events, API attacks, bypassing .NET,** ⌘ [Read more](https://infosecwriteups.com/iw-weekly-14-1m-bounty-bug-bounty-tips-upcoming-ctf-events-api-attacks-bypassing-net-2f6ed3439976?source=rss----7b722bfd1b8d---4) 2022-08-03T12:44:44Z **Cyber Security Detection Frameworks** ⌘ [Read more](https://infosecwriteups.com/cyber-security-detection-frameworks-b5fec0c93195?source=rss----7b722bfd1b8d---4) 2022-08-03T12:44:35Z **Abusing URL Shortners for fun and profit**
[![](https://cdn-images-1.medium.com/max/2600/0*EfOdlUz3Y7H7EHn6)](https://infosecwriteups.com/abusing-url-shortners-for-fun-and-profit-c83c67713916?source=rss----7b722bfd1b8d---4)

Hello Security Researchers

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/abusing-url-shortners-for-fun-and-profit-c83c67713916?source=rss----7b722bfd1b8d---4) ⌘ [Read more](https://infosecwriteups.com/abusing-url-shortners-for-fun-and-profit-c83c67713916?source=rss----7b722bfd1b8d---4) 2022-08-03T12:44:21Z **Multiple bugs in one program leads to 1500€** ⌘ [Read more](https://infosecwriteups.com/multiple-bugs-in-one-program-leads-to-1500-c35fcde06bc7?source=rss----7b722bfd1b8d---4) 2022-08-04T11:34:14Z **Intro to Digital Forensics** ⌘ [Read more](https://infosecwriteups.com/intro-to-digital-forensics-f41093f37a05?source=rss----7b722bfd1b8d---4) 2022-08-04T11:34:03Z **This is how he could hijack Reddit accounts with just ONE click: a $10,000 bug bounty**
[![](https://cdn-images-1.medium.com/max/1306/1*9UKYd90liOFnN5aVSVE1YA.png)](https://infosecwriteups.com/this-is-how-he-could-hijack-reddit-accounts-with-just-one-click-a-10-000-bug-bounty-7fd8d54d5582?source=rss----7b722bfd1b8d---4)

Exploring Frans Rosén’s bypass of OAuth security

[Continue reading on InfoSec Write-ups »](http ... ⌘ [Read more](https://infosecwriteups.com/this-is-how-he-could-hijack-reddit-accounts-with-just-one-click-a-10-000-bug-bounty-7fd8d54d5582?source=rss----7b722bfd1b8d---4) 2022-08-04T12:37:43Z **A Multi-Layered Security Architecture for Databases** ⌘ [Read more](https://infosecwriteups.com/a-multi-layered-security-architecture-for-databases-3d2b3a60070f?source=rss----7b722bfd1b8d---4) 2022-08-04T17:22:10Z **Analyzing a Remcos RAT Infection** ⌘ [Read more](https://infosecwriteups.com/analyzing-a-remcos-rat-infection-5c9b6bfd7139?source=rss----7b722bfd1b8d---4) 2022-08-05T04:58:25Z **HTB — Dirty Money — Debugger Unchained Write Up** ⌘ [Read more](https://infosecwriteups.com/htb-dirty-money-debugger-unchained-write-up-e831a83941e6?source=rss----7b722bfd1b8d---4) 2022-08-05T04:57:32Z **Malware Traffic Analysis Exercise | Burnincandle | IcedID Malware** ⌘ [Read more](https://infosecwriteups.com/malware-traffic-analysis-exercise-burnincandle-icedid-malware-67e78ef1d46c?source=rss----7b722bfd1b8d---4) 2022-08-05T11:04:56Z **What do we learn from modern Cyber Warfare & State Sponsored Threats (SCADA & ICS)** ⌘ [Read more](https://infosecwriteups.com/what-do-we-learn-from-the-modern-cyber-warfare-state-sponsored-threats-scada-ics-32d224288934?source=rss----7b722bfd1b8d---4) 2022-08-05T12:07:14Z **Let’s Learn API Security: More about Broken Object Level Authorization**
[![](https://cdn-images-1.medium.com/max/1400/0*MzF39G_22FLWCQ4N)](https://infosecwriteups.com/lets-learn-api-security-more-about-broken-object-level-authorization-b5fd1d73e0d8?source=rss----7b722bfd1b8d---4)

Introduction

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/lets-learn-api-security-more-about-broken-object-level-authorizatio ... ⌘ [Read more](https://infosecwriteups.com/lets-learn-api-security-more-about-broken-object-level-authorization-b5fd1d73e0d8?source=rss----7b722bfd1b8d---4) 2022-08-06T05:22:32Z **Another day, Another IDOR vulnerability— $5000 Reddit Bug Bounty**
[![](https://cdn-images-1.medium.com/max/1828/1*R8GhyIN5OvOdH1gP8cu0eQ.png)](https://infosecwriteups.com/another-day-another-idor-vulnerability-5000-reddit-bug-bounty-22a75003d999?source=rss----7b722bfd1b8d---4)

Gaining unprivileged access to Reddit moderator logs

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/another-day-another-idor-vulnerabilit ... ⌘ [Read more](https://infosecwriteups.com/another-day-another-idor-vulnerability-5000-reddit-bug-bounty-22a75003d999?source=rss----7b722bfd1b8d---4) 2022-08-06T06:21:05Z **How i was able to get 29 free products. | Bug Bounty** ⌘ [Read more](https://infosecwriteups.com/how-i-was-able-to-get-29-free-products-bug-bounty-845667ab4ad4?source=rss----7b722bfd1b8d---4) 2022-08-06T11:32:05Z **Smart contract security best practices: PART 1** ⌘ [Read more](https://infosecwriteups.com/smart-contract-security-best-practices-part-1-c35b640ee2ff?source=rss----7b722bfd1b8d---4) 2022-08-06T11:31:56Z **Post-Exploitation Basics In Active Directory Environment By Hashar Mujahid** ⌘ [Read more](https://infosecwriteups.com/post-exploitation-basics-in-active-directory-enviorment-by-hashar-mujahid-d46880974f87?source=rss----7b722bfd1b8d---4) 2022-08-07T17:04:13Z **Enterprise: Active Directory Room From TryHackMe By** ⌘ [Read more](https://infosecwriteups.com/enterprise-active-directory-room-from-tryhackme-87f8738efc96?source=rss----7b722bfd1b8d---4) 2022-08-07T17:03:59Z **TryHackMe WriteUp: Agent T** ⌘ [Read more](https://infosecwriteups.com/tryhackme-writeup-agent-t-4807b77f768d?source=rss----7b722bfd1b8d---4) 2022-08-07T17:03:48Z **What is command injection and how to exploit it — StackZero** ⌘ [Read more](https://infosecwriteups.com/what-is-command-injection-and-how-to-exploit-it-stackzero-ac7643bc492?source=rss----7b722bfd1b8d---4) 2022-08-08T12:15:33Z **Kubernetes Security** ⌘ [Read more](https://infosecwriteups.com/kubernetes-security-df58a8e5f379?source=rss----7b722bfd1b8d---4) 2022-08-08T12:15:17Z **PortSwigger Web Security Academy Lab: SQL injection vulnerability in WHERE clause allowing…** ⌘ [Read more](https://infosecwriteups.com/portswigger-web-security-academy-lab-sql-injection-vulnerability-in-where-clause-allowing-be11d2611987?source=rss----7b722bfd1b8d---4) 2022-08-09T10:10:18Z **IW Weekly #15: Admin account takeover, IDOR broken authentication, CyberChef alternatives, Dark web…** ⌘ [Read more](https://infosecwriteups.com/iw-weekly-15-admin-account-takeover-idor-broken-authentication-cyberchef-alternatives-dark-web-ce821697e49e?source=rss----7b722bfd1b8d---4) 2022-08-09T15:04:05Z **Stored XSS to Account Takeover : Going beyond document.cookie (Dumping IndexedDB)** ⌘ [Read more](https://infosecwriteups.com/stored-xss-to-account-takeover-going-beyond-document-cookie-970e42362f43?source=rss----7b722bfd1b8d---4) 2022-08-09T15:03:36Z **PortSwigger Web Security Academy Lab: SQL injection vulnerability allowing login bypass** ⌘ [Read more](https://infosecwriteups.com/portswigger-web-security-academy-lab-sql-injection-vulnerability-allowing-login-bypass-2cb40fcf4a10?source=rss----7b722bfd1b8d---4) 2022-08-09T15:03:00Z **About the discovery of another security vulnerability in NASA** ⌘ [Read more](https://infosecwriteups.com/about-the-discovery-of-another-security-vulnerability-in-nasa-427ea194f537?source=rss----7b722bfd1b8d---4) 2022-08-09T16:06:04Z **Creating a basic backdoor on an android mobile** ⌘ [Read more](https://infosecwriteups.com/creating-a-basic-backdoor-on-an-android-mobile-66bb58fc7507?source=rss----7b722bfd1b8d---4) 2022-08-10T07:28:41Z **IIot, Operational Technology Cybersecurity Challenges** ⌘ [Read more](https://infosecwriteups.com/iiot-operational-technology-cybersecurity-challenges-8fd522ad84ef?source=rss----7b722bfd1b8d---4) 2022-08-10T10:37:45Z **RazorBlack: Active Directory Room From TryHackMe By Hashar Mujahid** ⌘ [Read more](https://infosecwriteups.com/razorblack-active-directory-room-from-tryhackme-by-hashar-mujahid-52985f24d929?source=rss----7b722bfd1b8d---4) 2022-08-10T11:42:49Z **Hunting webshell with NeoPI** ⌘ [Read more](https://infosecwriteups.com/hunting-webshell-with-neopi-62b76ce10d6b?source=rss----7b722bfd1b8d---4) 2022-08-10T12:42:51Z **Write-up: Pickle Rick @ TryHackMe** ⌘ [Read more](https://infosecwriteups.com/write-up-pickle-rick-tryhackme-6a3c838507c2?source=rss----7b722bfd1b8d---4) 2022-08-10T16:06:35Z **Hacker101 CTF — Travial CTF Flag 0** ⌘ [Read more](https://infosecwriteups.com/hacker101-ctf-travial-ctf-flag-0-9912113630bc?source=rss----7b722bfd1b8d---4) 2022-08-10T16:06:25Z **Car Hacking: Cyber Security in Automotive Industry** ⌘ [Read more](https://infosecwriteups.com/car-hacking-cyber-security-in-automotive-industry-e9a7a4ffd6bb?source=rss----7b722bfd1b8d---4) 2022-08-11T14:44:29Z **PortSwigger Web Security Lab: SQL injection UNION attack, determining the number of columns…** ⌘ [Read more](https://infosecwriteups.com/portswigger-web-security-lab-sql-injection-union-attack-determining-the-number-of-columns-5f0a4fa95e5e?source=rss----7b722bfd1b8d---4) 2022-08-11T14:44:16Z **Hacker101 CTF — Micro CMS v1 Flag 0** ⌘ [Read more](https://infosecwriteups.com/hacker101-ctf-micro-cms-v1-flag-0-dd5b40652282?source=rss----7b722bfd1b8d---4) 2022-08-11T14:44:04Z **Phoenix Challenges — Stack Zero** ⌘ [Read more](https://infosecwriteups.com/phoenix-challenges-stack-zero-f8743cc871ed?source=rss----7b722bfd1b8d---4) 2022-08-12T07:01:19Z **Let’s Learn API Security: More about Excessive Data Exposure**
[![](https://cdn-images-1.medium.com/max/1400/0*N7EWy7Ibg6xXN8W0)](https://infosecwriteups.com/lets-learn-api-security-more-about-excessive-data-exposure-372fe2dd70c8?source=rss----7b722bfd1b8d---4)

We are going to talk about “Excessive Data Exposure” in this post that we are making for API Security.

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/lets-le ... ⌘ [Read more](https://infosecwriteups.com/lets-learn-api-security-more-about-excessive-data-exposure-372fe2dd70c8?source=rss----7b722bfd1b8d---4) 2022-08-12T08:03:23Z **Configuring TOR with Python** ⌘ [Read more](https://infosecwriteups.com/configuring-tor-with-python-1a90fc1c246f?source=rss----7b722bfd1b8d---4) 2022-08-13T07:50:29Z **An interesting voice confusion discovery in Meta bug bounty** ⌘ [Read more](https://infosecwriteups.com/an-interesting-voice-confusion-discovery-in-meta-bug-bounty-a9b65175af32?source=rss----7b722bfd1b8d---4) 2022-08-13T07:49:06Z **Server Side Template Injections By Hashar Mujahid.** ⌘ [Read more](https://infosecwriteups.com/server-side-template-injections-by-hashar-mujahid-e5a1a383027e?source=rss----7b722bfd1b8d---4) 2022-08-15T10:34:42Z **Irremovable guest in facebook event — Facebook bug bounty** ⌘ [Read more](https://infosecwriteups.com/irremovable-guest-in-facebook-event-facebook-bug-bounty-e10e03c98cd5?source=rss----7b722bfd1b8d---4) 2022-08-15T10:34:11Z **PortSwigger Web Security Academy Lab: SQL injection UNION attack, finding a column containing text** ⌘ [Read more](https://infosecwriteups.com/portswigger-web-security-academy-lab-sql-injection-union-attack-finding-a-column-containing-text-f67728a4240a?source=rss----7b722bfd1b8d---4) 2022-08-15T11:36:05Z **Salesforce bug hunting to Critical bug**
[![](https://cdn-images-1.medium.com/max/720/1*xrtmfuoiJmDfTkjGNrtK7g.jpeg)](https://infosecwriteups.com/salesforce-bug-hunting-to-critical-bug-b5da44789d3?source=rss----7b722bfd1b8d---4)

Or how I learned that some bugs are truly rare

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/salesforce-bug-hunting-to-critical-bug-b5da44789d3?source=rss----7b722bfd1b8d---4) ⌘ [Read more](https://infosecwriteups.com/salesforce-bug-hunting-to-critical-bug-b5da44789d3?source=rss----7b722bfd1b8d---4) 2022-08-16T07:10:54Z **IW Weekly #16: AWS Vulnerability, Threat Hunting, Reflected XSS, Pentesting Resource, Command…** ⌘ [Read more](https://infosecwriteups.com/iw-weekly-16-aws-vulnerability-threat-hunting-reflected-xss-pentesting-resource-command-1b172801f2b7?source=rss----7b722bfd1b8d---4) 2022-08-16T07:18:55Z **How To Hack With SQL Injection Attacks! DVWA low security — StackZero** ⌘ [Read more](https://infosecwriteups.com/how-to-hack-with-sql-injection-attacks-dvwa-low-security-stackzero-9286d7d0dfd1?source=rss----7b722bfd1b8d---4) 2022-08-16T18:30:26Z **PortSwigger Web Security Academy Lab: SQL injection UNION attack, retrieving data from other tables** ⌘ [Read more](https://infosecwriteups.com/portswigger-web-security-academy-lab-sql-injection-union-attack-retrieving-data-from-other-tables-92d776fa0059?source=rss----7b722bfd1b8d---4) 2022-08-16T19:33:03Z **StepSecurity releases tool that it used to improve security of 30 critical open-source projects…** ⌘ [Read more](https://infosecwriteups.com/stepsecurity-releases-tool-that-it-used-to-improve-security-of-30-critical-open-source-projects-4ebbef31b908?source=rss----7b722bfd1b8d---4) 2022-08-17T07:19:06Z **PortSwigger Web Security Academy Lab: SQL injection UNION attack, retrieving multiple values in a…** ⌘ [Read more](https://infosecwriteups.com/portswigger-web-security-academy-lab-sql-injection-union-attack-retrieving-multiple-values-in-a-3f025ac94b67?source=rss----7b722bfd1b8d---4) 2022-08-17T15:48:37Z **Using Kubernetes Plugins for Better Security** ⌘ [Read more](https://infosecwriteups.com/using-kubernetes-plugins-for-better-security-7b083cc3a7b7?source=rss----7b722bfd1b8d---4) 2022-08-18T08:18:08Z **IW Weekly #17: $30,000 Bounty, Instagram Account Takeover, AWS Security Series, Google…** ⌘ [Read more](https://infosecwriteups.com/iw-weekly-17-30-000-bounty-instagram-account-takeover-aws-security-series-google-a0f3e6f980fb?source=rss----7b722bfd1b8d---4) 2022-08-19T17:06:09Z **Erlik — Vulnerable SOAP Service** ⌘ [Read more](https://infosecwriteups.com/erlik-vulnerable-soap-service-d0a71355058e?source=rss----7b722bfd1b8d---4) 2022-08-19T17:05:56Z **C Language for Hackers & Beyond! 0x02** ⌘ [Read more](https://infosecwriteups.com/c-language-for-hackers-beyond-0x01-eb885c8a189a?source=rss----7b722bfd1b8d---4) 2022-08-19T18:07:21Z **Write-up: Git Happens @ TryHackMe** ⌘ [Read more](https://infosecwriteups.com/write-up-git-happens-tryhackme-408a111e880f?source=rss----7b722bfd1b8d---4) 2022-08-20T16:01:34Z **IW Weekly #18: $45,000 Facebook Bug Bounty, Cross-site Scripting, Hacking, Recon and Breaking into…** ⌘ [Read more](https://infosecwriteups.com/iw-weekly-18-45-000-facebook-bug-bounty-cross-site-scripting-hacking-recon-and-breaking-into-7c7cff7cde76?source=rss----7b722bfd1b8d---4) 2022-08-21T17:34:23Z **Redline Stealer Malware Static Analysis** ⌘ [Read more](https://infosecwriteups.com/redline-stealer-malware-static-analysis-69367b37a146?source=rss----7b722bfd1b8d---4) 2022-08-21T17:34:09Z **Confidential — TryHackMe Walkthrough** ⌘ [Read more](https://infosecwriteups.com/tryhackme-confidential-walk-through-8b8294579134?source=rss----7b722bfd1b8d---4) 2022-08-21T17:33:59Z **Hackers use String of Emojis to hack you.** ⌘ [Read more](https://infosecwriteups.com/hackers-use-string-of-emojis-to-hack-you-296499845b0d?source=rss----7b722bfd1b8d---4) 2022-08-21T17:33:20Z **BrainStrom TryHackme** ⌘ [Read more](https://infosecwriteups.com/brainstrom-tryhackme-523b916661ff?source=rss----7b722bfd1b8d---4) 2022-08-21T17:31:58Z **Linux fundamentals — Summary:** ⌘ [Read more](https://infosecwriteups.com/linux-fundamentals-summary-98a1d24cae17?source=rss----7b722bfd1b8d---4) 2022-08-21T18:33:23Z **Write-up: JWT authentication bypass via flawed signature verification @ PortSwigger Academy** ⌘ [Read more](https://infosecwriteups.com/write-up-jwt-authentication-bypass-via-flawed-signature-verification-portswigger-academy-2107eddec3b7?source=rss----7b722bfd1b8d---4) 2022-08-22T11:14:36Z **First Bug Bounty from DOS: Taking the service down** ⌘ [Read more](https://infosecwriteups.com/first-bug-bounty-from-dos-taking-the-service-down-30f9ad4e0246?source=rss----7b722bfd1b8d---4) 2022-08-22T11:14:21Z **Account takeover worth $1000** ⌘ [Read more](https://infosecwriteups.com/account-takeover-worth-1000-611452063cf?source=rss----7b722bfd1b8d---4) 2022-08-22T11:11:30Z **PortSwigger Web Security Academy Lab: SQL injection attack, querying the database type and versio** ⌘ [Read more](https://infosecwriteups.com/portswigger-web-security-academy-lab-sql-injection-attack-querying-the-database-type-and-versio-c6ca5bd380e2?source=rss----7b722bfd1b8d---4) 2022-08-22T12:18:31Z **Create a simple phishing website and a Javascript keylogger** ⌘ [Read more](https://infosecwriteups.com/create-a-simple-phishing-website-and-a-javascript-keylogger-9bcafbe6ffda?source=rss----7b722bfd1b8d---4) 2022-08-22T13:18:20Z **Portswigger Labs, how to get the most out of it**
[![](https://cdn-images-1.medium.com/max/1442/1*vckzb3TCXzHlKxtId-nmZw.png)](https://infosecwriteups.com/portswigger-labs-how-to-get-the-most-out-of-it-7add3553f88c?source=rss----7b722bfd1b8d---4)

or why looking up the solution underneath the lab isn’t cheating, it’s part of learning

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/portswigger-labs-how-to-get-the-most-out-of-it-7a ... ⌘ [Read more](https://infosecwriteups.com/portswigger-labs-how-to-get-the-most-out-of-it-7add3553f88c?source=rss----7b722bfd1b8d---4) 2022-08-23T08:10:52Z **‍$5000 Bounty, Free Certification Courses, IndexDB, Reconnaissance Guide, Elasticsearch, and…** ⌘ [Read more](https://infosecwriteups.com/5000-bounty-free-certification-courses-indexdb-reconnaissance-guide-elasticsearch-and-da29bf1ba28a?source=rss----7b722bfd1b8d---4) 2022-08-24T11:44:45Z **PortSwigger Web Security Academy Lab: SQL injection attack, querying the database type and version…** ⌘ [Read more](https://infosecwriteups.com/portswigger-web-security-academy-lab-sql-injection-attack-querying-the-database-type-and-version-acd2688592aa?source=rss----7b722bfd1b8d---4) 2022-08-24T12:47:32Z **Write-up: Upload Vulnerabilities @ TryHackMe** ⌘ [Read more](https://infosecwriteups.com/write-up-upload-vulnerabilities-tryhackme-32bbaca5686c?source=rss----7b722bfd1b8d---4) 2022-08-24T13:06:31Z **Break the Logic: Insecure Parameters (€300)** ⌘ [Read more](https://infosecwriteups.com/break-the-logic-insecure-parameters-300-e655cc4fcc42?source=rss----7b722bfd1b8d---4) 2022-08-25T07:21:26Z **Bug Bounty Tips, Desync Attacks, SSRF, SQL Injection, Vulnerabilities in CPU, RCE, and much more…** ⌘ [Read more](https://infosecwriteups.com/bug-bounty-tips-desync-attacks-ssrf-sql-injection-vulnerabilities-in-cpu-rce-and-much-more-f4d43635dd23?source=rss----7b722bfd1b8d---4) 2022-08-25T10:19:38Z **Server Side Template Injections Portswiggers Labs Walkthrough.** ⌘ [Read more](https://infosecwriteups.com/server-side-template-injections-portswiggers-labs-walkthrough-5a1a06f057d2?source=rss----7b722bfd1b8d---4) 2022-08-25T10:19:25Z **How I found my first RCE!** ⌘ [Read more](https://infosecwriteups.com/how-i-found-my-first-rce-c063546114ef?source=rss----7b722bfd1b8d---4) 2022-08-25T10:18:46Z **Cool Recon techniques every hacker misses! ** ⌘ [Read more](https://infosecwriteups.com/cool-recon-techniques-every-hacker-misses-1c5e0e294e89?source=rss----7b722bfd1b8d---4) 2022-08-25T11:22:10Z **This SIMPLE trick will exploit image uploads - $2500 TikTok bug bounty.**
[![](https://cdn-images-1.medium.com/max/1000/1*_5yeoPC54yupPaf0KGJ_Pg.png)](https://infosecwriteups.com/this-simple-trick-will-exploit-image-uploads-2500-tiktok-bug-bounty-41fc01128ee?source=rss----7b722bfd1b8d---4)

Stored XSS in SVG files.

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/this-simple-trick-will-exploit-image-uploads-250 ... ⌘ [Read more](https://infosecwriteups.com/this-simple-trick-will-exploit-image-uploads-2500-tiktok-bug-bounty-41fc01128ee?source=rss----7b722bfd1b8d---4) 2022-08-25T12:22:11Z **Write-up: Host header authentication bypass @ PortSwigger Academy** ⌘ [Read more](https://infosecwriteups.com/write-up-host-header-authentication-bypass-portswigger-academy-30bee8fbf05c?source=rss----7b722bfd1b8d---4) 2022-08-25T13:17:02Z **‍Bug Bounty Tips, Desync Attacks, SSRF, SQL Injection, Vulnerabilities in CPU, RCE, and much…** ⌘ [Read more](https://infosecwriteups.com/bug-bounty-tips-desync-attacks-ssrf-sql-injection-vulnerabilities-in-cpu-rce-and-much-703c547810c3?source=rss----7b722bfd1b8d---4) 2022-08-26T06:57:24Z **Bypassing unexpected IDOR** ⌘ [Read more](https://infosecwriteups.com/bypassing-unexpected-idor-e6a9da2e0498?source=rss----7b722bfd1b8d---4) 2022-08-26T06:56:52Z **Stored XSS using SVG file** ⌘ [Read more](https://infosecwriteups.com/stored-xss-using-svg-file-2e3608248fae?source=rss----7b722bfd1b8d---4) 2022-08-26T06:55:59Z **Break the Logic: 5 Different Perspectives in Single Page (€1500)** ⌘ [Read more](https://infosecwriteups.com/break-the-logic-5-different-perspectives-in-single-page-1500-5aa09da0fe7a?source=rss----7b722bfd1b8d---4) 2022-08-26T07:58:17Z **Sometimes times the best hack is no hack at all — $2900 Shopify Bug Bounty**
[![](https://cdn-images-1.medium.com/max/2600/0*JBC8ZRklV_pU_Q2c)](https://infosecwriteups.com/sometimes-times-the-best-hack-is-no-hack-at-all-2900-shopify-bug-bounty-38531b279c67?source=rss----7b722bfd1b8d---4)

Access control is key.

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/sometimes-times-the-best-hack-is-no-hack-at-all ... ⌘ [Read more](https://infosecwriteups.com/sometimes-times-the-best-hack-is-no-hack-at-all-2900-shopify-bug-bounty-38531b279c67?source=rss----7b722bfd1b8d---4) 2022-08-27T06:41:26Z **$7000 Bounty, Web3 Bug Hunting, API Hacking, IDOR, Triggering XSS with emojis, XSS Flyer, and much…** ⌘ [Read more](https://infosecwriteups.com/7000-bounty-web3-bug-hunting-api-hacking-idor-triggering-xss-with-emojis-xss-flyer-and-much-fb4c51fb26ef?source=rss----7b722bfd1b8d---4) 2022-08-27T11:18:05Z **SSRF leads to access AWS metadata.** ⌘ [Read more](https://infosecwriteups.com/ssrf-leads-to-access-aws-metadata-21952c220aeb?source=rss----7b722bfd1b8d---4) 2022-08-27T13:22:40Z **‍$7000 Bounty, Web3 Bug Hunting, API Hacking, IDOR, Triggering XSS with emojis, XSS Flyer, and…** ⌘ [Read more](https://infosecwriteups.com/7000-bounty-web3-bug-hunting-api-hacking-idor-triggering-xss-with-emojis-xss-flyer-and-7c9d691354e4?source=rss----7b722bfd1b8d---4) 2022-08-27T20:30:50Z **SSRF — The Server’s Loophole 01** ⌘ [Read more](https://infosecwriteups.com/ssrf-the-servers-loophole-01-6e7e33fb1d57?source=rss----7b722bfd1b8d---4) 2022-08-27T20:30:19Z **Server Side Template Injections Portswiggers Labs Walkthrough Part III** ⌘ [Read more](https://infosecwriteups.com/server-side-template-injections-portswiggers-labs-walkthrough-part-iii-bc6983412a3d?source=rss----7b722bfd1b8d---4) 2022-08-29T08:29:27Z **Double free() attacks in ARM Part one.** ⌘ [Read more](https://infosecwriteups.com/double-free-attacks-in-arm-part-one-4519eee6770a?source=rss----7b722bfd1b8d---4) 2022-08-29T08:28:31Z **Out-Of-Bond Remote code Execution(RCE) on De Nederlandsche Bank N.V. with burp-suite collaborator** ⌘ [Read more](https://infosecwriteups.com/out-of-bond-remote-code-execution-rce-on-de-nederlandsche-bank-n-v-with-burp-suite-collaborator-2ce50260e2e4?source=rss----7b722bfd1b8d---4) 2022-08-29T09:33:32Z **Definitive Guide to SQL Injection**
[![](https://cdn-images-1.medium.com/max/941/1*FpzOjoG5IEvmsM4phCB31w.png)](https://infosecwriteups.com/definitive-guide-to-sql-injection-df5ac445eef1?source=rss----7b722bfd1b8d---4)

Introduction

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/definitive-guide-to-sql-injection-df5ac445eef1?source=rss----7b722bfd1b8d---4) ⌘ [Read more](https://infosecwriteups.com/definitive-guide-to-sql-injection-df5ac445eef1?source=rss----7b722bfd1b8d---4) 2022-08-29T09:33:32Z **Secure Messaging **
[![](https://cdn-images-1.medium.com/max/2600/0*QXoy5ohqMOgzWc9G)](https://infosecwriteups.com/secure-messaging-5d2fc7748c24?source=rss----7b722bfd1b8d---4)

Confidentiality, Reliability, Privacy, Usability, Cross-Platform support… — So many things to consider!

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/secure-messaging-5d2fc7748c24?source=rss----7b722bfd1b8d---4) ⌘ [Read more](https://infosecwriteups.com/secure-messaging-5d2fc7748c24?source=rss----7b722bfd1b8d---4) 2022-08-29T10:33:27Z **Bypassing Amazon WAF to pop an alert()** ⌘ [Read more](https://infosecwriteups.com/bypassing-amazon-waf-to-pop-an-alert-4646ce35554e?source=rss----7b722bfd1b8d---4) 2022-08-30T11:50:00Z **‍File Leakage, Blockchain Security, Bypass 2FA, Kerberoasting, Exploiting Security Bugs, and…** ⌘ [Read more](https://infosecwriteups.com/file-leakage-blockchain-security-bypass-2fa-kerberoasting-exploiting-security-bugs-and-58bdf350dd25?source=rss----7b722bfd1b8d---4) 2022-08-30T11:47:59Z **Hack With SQL Injection Attacks! DVWA medium security — StackZero** ⌘ [Read more](https://infosecwriteups.com/hack-with-sql-injection-attacks-dvwa-medium-security-stackzero-d4af0a9a5f9?source=rss----7b722bfd1b8d---4) 2022-08-30T11:47:47Z **AWS Attribute-Based Access Control (ABAC) With Tags** ⌘ [Read more](https://infosecwriteups.com/aws-attribute-based-access-control-abac-with-tags-f4340385011e?source=rss----7b722bfd1b8d---4) 2022-08-30T11:47:34Z **SSRF — Exploitation 02** ⌘ [Read more](https://infosecwriteups.com/ssrf-exploitation-02-b682de16594?source=rss----7b722bfd1b8d---4) 2022-08-30T12:52:04Z **Write-up: Authentication bypass via OAuth implicit flow @ PortSwigger Academy** ⌘ [Read more](https://infosecwriteups.com/write-up-authentication-bypass-via-oauth-implicit-flow-portswigger-academy-c98b841d3d3d?source=rss----7b722bfd1b8d---4) 2022-08-31T12:07:52Z **mfa bypass in private program, the abdulsec way** ⌘ [Read more](https://infosecwriteups.com/mfa-bypass-in-private-program-the-abdulsec-way-f677fea209f7?source=rss----7b722bfd1b8d---4) 2022-09-01T07:52:57Z **Mass Hunting CVE’s Part-1** ⌘ [Read more](https://infosecwriteups.com/mass-hunting-cves-part-1-1e162ba6028b?source=rss----7b722bfd1b8d---4) 2022-09-01T07:52:28Z **S3 Bucket: Cloud Trail Log Analysis** ⌘ [Read more](https://infosecwriteups.com/s3-bucket-cloud-trail-log-analysis-ddefee0f025f?source=rss----7b722bfd1b8d---4) 2022-09-01T07:52:08Z **OAuth 2.0 (Introduction and Exploitation Part I)Explained By Hashar Mujahid** ⌘ [Read more](https://infosecwriteups.com/oauth-2-0-introduction-and-exploitation-part-i-explained-by-hashar-mujahid-262f9c59de6c?source=rss----7b722bfd1b8d---4) 2022-09-02T09:39:36Z **Utkuici — Nessus Automation** ⌘ [Read more](https://infosecwriteups.com/utkuici-nessus-automation-2c8db08df0ec?source=rss----7b722bfd1b8d---4) 2022-09-03T18:09:53Z **Exploiting OAuth authentication vulnerabilities Part II** ⌘ [Read more](https://infosecwriteups.com/exploiting-oauth-authentication-vulnerabilities-part-ii-6c150f492e62?source=rss----7b722bfd1b8d---4) 2022-09-03T18:09:28Z **Hack With SQL Injection Attacks! DVWA high security — StackZero** ⌘ [Read more](https://infosecwriteups.com/hack-with-sql-injection-attacks-dvwa-high-security-stackzero-713638840515?source=rss----7b722bfd1b8d---4) 2022-09-03T19:11:09Z **Thick Client Pentest: Modern Approaches and Techniques: PART 1** ⌘ [Read more](https://infosecwriteups.com/thick-client-pentest-modern-approaches-and-techniques-part-1-7bb0f5f28e8e?source=rss----7b722bfd1b8d---4) 2022-09-05T08:43:21Z **Phoenix Challenges — Stack One** ⌘ [Read more](https://infosecwriteups.com/phoenix-challenges-stack-one-4a9d2100274f?source=rss----7b722bfd1b8d---4) 2022-09-05T08:40:50Z **Passing a Role to AWS CloudFormation to Escalate Privileges** ⌘ [Read more](https://infosecwriteups.com/passing-a-role-to-cloudformation-to-escalate-privileges-602010d26f55?source=rss----7b722bfd1b8d---4) 2022-09-05T08:40:31Z **Pen #007: Wi-Fi Hacking 101** ⌘ [Read more](https://infosecwriteups.com/pen-7-wi-fi-hacking-101-544c79bd77c9?source=rss----7b722bfd1b8d---4) 2022-09-05T08:40:09Z **Bayanay — Python Wardriving Tool** ⌘ [Read more](https://infosecwriteups.com/bayanay-python-wardriving-tool-e105a4ad3c63?source=rss----7b722bfd1b8d---4) 2022-09-05T09:46:01Z **Timelapse from HackTheBox — Detailed Walkthrough** ⌘ [Read more](https://infosecwriteups.com/timelapse-from-hackthebox-detailed-walkthrough-5b36f5cde290?source=rss----7b722bfd1b8d---4) 2022-09-05T10:49:49Z **Why broken access control is the most severe vulnerability**
[![](https://cdn-images-1.medium.com/max/700/1*mPqyjo3rcuwSEsigkPANdQ.jpeg)](https://infosecwriteups.com/why-broken-access-control-is-the-most-severe-vulnerability-2223baf9bb48?source=rss----7b722bfd1b8d---4)

Introduction

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/why-broken-access-control-is-the-most-severe-vulnerability-2223baf9bb48?source=rss----7b7 ... ⌘ [Read more](https://infosecwriteups.com/why-broken-access-control-is-the-most-severe-vulnerability-2223baf9bb48?source=rss----7b722bfd1b8d---4) 2022-09-05T22:03:30Z **‍Smart Contract Security, WAF Bypassing, HTTP Parameter Pollution, Race Condition, IDOR, Web…** ⌘ [Read more](https://infosecwriteups.com/smart-contract-security-waf-bypassing-http-parameter-pollution-race-condition-idor-web-cf9ab2793aac?source=rss----7b722bfd1b8d---4) 2022-09-09T07:36:04Z **Anti-Reversing Techniques (Part 1)** ⌘ [Read more](https://infosecwriteups.com/anti-reversing-techniques-part-1-3200db42f1e3?source=rss----7b722bfd1b8d---4) 2022-09-09T07:35:47Z **Malware Analysis — NanoCore Rat** ⌘ [Read more](https://infosecwriteups.com/malware-analysis-nanocore-rat-6cae8c6df918?source=rss----7b722bfd1b8d---4) 2022-09-09T07:35:25Z **Malware Analysis — FFDroider** ⌘ [Read more](https://infosecwriteups.com/malware-analysis-ffdroider-21a3fc0fe40f?source=rss----7b722bfd1b8d---4) 2022-09-09T07:35:04Z **[Malware Analysis #3] — Disk Writer** ⌘ [Read more](https://infosecwriteups.com/malware-analysis-3-disk-writer-5ee764819597?source=rss----7b722bfd1b8d---4) 2022-09-09T08:37:01Z **Retired from HackTheBox — Detailed Walkthrough** ⌘ [Read more](https://infosecwriteups.com/retired-from-hackthebox-detailed-walkthrough-ee2f7cf288a?source=rss----7b722bfd1b8d---4) 2022-09-09T12:24:52Z **Insufficient Logging and Monitoring**
[![](https://cdn-images-1.medium.com/max/1920/1*tYSCAzds4LQ_p00GekCSvA.jpeg)](https://infosecwriteups.com/insufficient-logging-and-monitoring-65f2bc42b6d5?source=rss----7b722bfd1b8d---4)

Introduction

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/insufficient-logging-and-monitoring-65f2bc42b6d5?source=rss----7b722bfd1b8d---4) ⌘ [Read more](https://infosecwriteups.com/insufficient-logging-and-monitoring-65f2bc42b6d5?source=rss----7b722bfd1b8d---4) 2022-09-10T06:24:34Z **How I found 3 RXSS on the Lululemon bug bounty program** ⌘ [Read more](https://infosecwriteups.com/how-i-found-3-rxss-on-the-lululemon-bug-bounty-program-fa357a0154c2?source=rss----7b722bfd1b8d---4) 2022-09-10T06:24:09Z **Reflected XSS DVWA — An Exploit With Real World Consequences — StackZero** ⌘ [Read more](https://infosecwriteups.com/reflected-xss-dvwa-an-exploit-with-real-world-consequences-stackzero-171cfb2d87d2?source=rss----7b722bfd1b8d---4) 2022-09-12T10:29:24Z **How I found 3 rare security bugs in a day** ⌘ [Read more](https://infosecwriteups.com/how-i-found-3-bug-bounties-in-a-day-c82fe023716e?source=rss----7b722bfd1b8d---4) 2022-09-12T10:29:01Z **New technique 403 bypass lyncdiscover.microsoft.com** ⌘ [Read more](https://infosecwriteups.com/403-bypass-lyncdiscover-microsoft-com-db2778458c33?source=rss----7b722bfd1b8d---4) 2022-09-12T10:28:35Z **Take Confusion Out of IAM Policies, AWS S3 Bucket Policies and AWS S3 ACLs** ⌘ [Read more](https://infosecwriteups.com/take-confusion-out-of-iam-policies-aws-s3-bucket-policies-and-aws-s3-acls-61d8fa04a658?source=rss----7b722bfd1b8d---4) 2022-09-12T10:28:11Z **Raccoon Stealer v2 Malware Analysis** ⌘ [Read more](https://infosecwriteups.com/raccoon-stealer-v2-malware-analysis-55cc33774ac8?source=rss----7b722bfd1b8d---4) 2022-09-12T10:27:55Z **How To Perform Command Injection Attacks (DVWA) For Aspiring Hackers! — StackZero** ⌘ [Read more](https://infosecwriteups.com/how-to-perform-command-injection-attacks-dvwa-for-aspiring-hackers-stackzero-c9d521c6f934?source=rss----7b722bfd1b8d---4) 2022-09-12T10:27:40Z **How to prevent more than 200 million users from using Google services** ⌘ [Read more](https://infosecwriteups.com/how-to-prevent-more-than-200-million-users-from-using-google-services-136b3b8e221f?source=rss----7b722bfd1b8d---4) 2022-09-12T11:32:09Z **‍Thick Client Pentest, Out-of-band XXE, Bug Hunting Resources, RDP, LogonTypes, PowerShell…** ⌘ [Read more](https://infosecwriteups.com/thick-client-pentest-out-of-band-xxe-bug-hunting-resources-rdp-logontypes-powershell-2363bc3c7752?source=rss----7b722bfd1b8d---4) 2022-09-12T11:26:59Z **Detecting Log4j & its Remediation**
[![](https://cdn-images-1.medium.com/max/2400/1*pCBv7DtBtOgBbaq9lEr80A.jpeg)](https://infosecwriteups.com/detecting-log4j-its-remediation-58ab3a59c865?source=rss----7b722bfd1b8d---4)

This article is dedicated to log4j and how it’s being exploited in the wild by attackers.

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/detecting-log4j-its-remediation-58ab3a59c865?source=rss----7b722bfd1b8d---4) ⌘ [Read more](https://infosecwriteups.com/detecting-log4j-its-remediation-58ab3a59c865?source=rss----7b722bfd1b8d---4) 2022-09-13T14:32:03Z **Exploiting OAuth authentication vulnerabilities Part III** ⌘ [Read more](https://infosecwriteups.com/exploiting-oauth-authentication-vulnerabilities-part-iii-e3db79c83359?source=rss----7b722bfd1b8d---4) 2022-09-14T07:08:18Z **CVE-2022-31625: PHP Vulnerability due to uninitialized array** ⌘ [Read more](https://infosecwriteups.com/cve-2022-31625-php-vulnerability-due-to-uninitialized-array-30b04f6536f?source=rss----7b722bfd1b8d---4) 2022-09-14T07:07:48Z **How to start Penetration testing of Artificial Intelligence** ⌘ [Read more](https://infosecwriteups.com/how-to-start-penetration-testing-of-artificial-intelligence-c11e97b77dfa?source=rss----7b722bfd1b8d---4) 2022-09-14T07:07:18Z **Attacking GPP (Group Policy Preferences) Credentials | Active Directory Pentesting** ⌘ [Read more](https://infosecwriteups.com/attacking-gpp-group-policy-preferences-credentials-active-directory-pentesting-16d9a65fa01a?source=rss----7b722bfd1b8d---4) 2022-09-19T07:12:05Z **Write-up: JWT authentication bypass via weak signing key @ PortSwigger Academy** ⌘ [Read more](https://infosecwriteups.com/write-up-jwt-authentication-bypass-via-weak-signing-key-portswigger-academy-f212ee600ddd?source=rss----7b722bfd1b8d---4) 2022-09-19T07:02:23Z **How I Found My FIRST Vulnerability/Bug Bounty and How You Can Too: Part 2**
[![](https://cdn-images-1.medium.com/max/1024/1*b1htFX-Uy2ieSGT-fol-Ag.png)](https://infosecwriteups.com/how-i-found-my-first-vulnerability-bug-bounty-and-how-you-can-too-part-2-2e8681f4e3b7?source=rss----7b722bfd1b8d---4)

Simple hacks!

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/how-i-found-my-first-vulnerability-bug-bounty ... ⌘ [Read more](https://infosecwriteups.com/how-i-found-my-first-vulnerability-bug-bounty-and-how-you-can-too-part-2-2e8681f4e3b7?source=rss----7b722bfd1b8d---4) 2022-09-19T07:01:51Z **How I Found My FIRST Vulnerability/Bug Bounty and How You Can Too: Part 1**
[![](https://cdn-images-1.medium.com/max/1024/1*jnKaUju7BKX0wO5afMRS8g.png)](https://infosecwriteups.com/how-i-found-my-first-vulnerability-bug-bounty-and-how-you-can-too-part-1-f2dd0b7d7665?source=rss----7b722bfd1b8d---4)

How to start ethically hacking websites

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/how-i-found-my-firs ... ⌘ [Read more](https://infosecwriteups.com/how-i-found-my-first-vulnerability-bug-bounty-and-how-you-can-too-part-1-f2dd0b7d7665?source=rss----7b722bfd1b8d---4) 2022-09-19T07:01:16Z **Cool Recon techniques every hacker misses! Episode 2** ⌘ [Read more](https://infosecwriteups.com/cool-recon-techniques-every-hacker-misses-episode-2-8024e8338756?source=rss----7b722bfd1b8d---4) 2022-09-19T07:24:42Z **30 Search Engines for Cybersecurity Researchers (Part 1 of 3)** ⌘ [Read more](https://infosecwriteups.com/30-search-engines-for-cybersecurity-researchers-part-1-of-3-faf68bfc6be8?source=rss----7b722bfd1b8d---4) 2022-09-19T07:51:38Z **30 Search Engines for Cybersecurity Researchers (Part 2 of 3)** ⌘ [Read more](https://infosecwriteups.com/30-search-engines-for-cybersecurity-researchers-part-2-of-3-3412d6a35118?source=rss----7b722bfd1b8d---4) 2022-09-19T08:21:57Z **Living Off The Land: Suspicious System32**
[![](https://cdn-images-1.medium.com/max/779/0*DZZ-mOcCO8qIjc_D)](https://infosecwriteups.com/living-off-the-land-suspicious-system32-6ad8d8119fe1?source=rss----7b722bfd1b8d---4)

The services below are some of the most commonly abused services for malicious parties to “live of the land”. Each are built into Windows…

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/living-off-the-land-suspicious ... ⌘ [Read more](https://infosecwriteups.com/living-off-the-land-suspicious-system32-6ad8d8119fe1?source=rss----7b722bfd1b8d---4) 2022-09-19T12:36:52Z **How I abused the file upload function to get a high severity vulnerability in Bug Bounty** ⌘ [Read more](https://infosecwriteups.com/how-i-abused-the-file-upload-function-to-get-a-high-severity-vulnerability-in-bug-bounty-7cdcf349080b?source=rss----7b722bfd1b8d---4) 2022-09-19T12:36:11Z **The terrifying world of Cross-Site Scripting (XSS) (Part 2) — StackZero** ⌘ [Read more](https://infosecwriteups.com/the-terrifying-world-of-cross-site-scripting-xss-part-2-stackzero-cc7fa7e8dcbb?source=rss----7b722bfd1b8d---4) 2022-09-19T14:57:55Z **‍Hacking Smart Contracts, Android Vulnerability, RCE, Prototype Poisoning, Anti-Human Server…** ⌘ [Read more](https://infosecwriteups.com/hacking-smart-contracts-android-vulnerability-rce-prototype-poisoning-anti-human-server-881a42ba43c1?source=rss----7b722bfd1b8d---4) 2022-09-20T05:55:01Z **Sharkbot Virus in Android** ⌘ [Read more](https://infosecwriteups.com/sharkbot-virus-in-android-b5be7c2ead16?source=rss----7b722bfd1b8d---4) 2022-09-20T05:54:07Z **Bypassing 2FA With Cookies!**
[![](https://cdn-images-1.medium.com/max/602/0*W3m2LM6epd1Bmsfg.png)](https://infosecwriteups.com/bypassing-2fa-with-cookies-ff2c79022f63?source=rss----7b722bfd1b8d---4)

If you have two-factor authentication (2FA) enabled on your account, you can’t be compromised, right?

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/bypassing-2fa-with-cookies-ff2c79022f63?source=rss----7b722bfd1b8d---4) ⌘ [Read more](https://infosecwriteups.com/bypassing-2fa-with-cookies-ff2c79022f63?source=rss----7b722bfd1b8d---4) 2022-09-20T11:10:53Z **Cross-site request forgery (CSRF) Explained and Exploited I** ⌘ [Read more](https://infosecwriteups.com/cross-site-request-forgery-csrf-explained-and-exploited-i-db464a61a582?source=rss----7b722bfd1b8d---4) 2022-09-20T11:10:23Z **Phishing and its effect on healthcare sector** ⌘ [Read more](https://infosecwriteups.com/phishing-and-its-effect-on-healthcare-sector-bde4cb767374?source=rss----7b722bfd1b8d---4) 2022-09-20T11:09:52Z **Domain-based Message Authentication Reporting and Conformance (DMARC) and its importance for…** ⌘ [Read more](https://infosecwriteups.com/domain-based-message-authentication-reporting-and-conformance-dmarc-and-its-importance-for-57872e93954c?source=rss----7b722bfd1b8d---4) 2022-09-20T11:09:13Z **Key Web 3.0 Security Issues That Need to be Settled** ⌘ [Read more](https://infosecwriteups.com/key-web-3-0-security-issues-that-need-to-be-settled-2fd59c41d7d7?source=rss----7b722bfd1b8d---4) 2022-09-20T15:03:18Z **Abusing Broken Link In Fitbit (Google Acquisition)To Collect BugBounty Reports On Behalf Of Google !** ⌘ [Read more](https://infosecwriteups.com/abusing-broken-link-in-fitbit-google-acquisition-to-collect-bugbounty-reports-on-behalf-of-google-5885a556eb7c?source=rss----7b722bfd1b8d---4) 2022-09-20T19:48:14Z **30 Search Engines for Cybersecurity Researchers (Part 3 of 3)** ⌘ [Read more](https://infosecwriteups.com/30-search-engines-for-cybersecurity-researchers-part-3-of-3-aa6cae94db0d?source=rss----7b722bfd1b8d---4) 2022-09-20T19:50:05Z **How I Hacked my College’s student portal** ⌘ [Read more](https://infosecwriteups.com/how-i-hacked-my-colleges-student-portal-f51775d75a3d?source=rss----7b722bfd1b8d---4) 2022-09-20T19:49:34Z **Bypassing CSRF Protection (I)** ⌘ [Read more](https://infosecwriteups.com/bypassing-csrf-protection-i-bc014384d0aa?source=rss----7b722bfd1b8d---4) 2022-09-20T19:48:57Z **OSINT AND TOP 15 OPEN-SOURCE INTELLIGENCE TOOLS** ⌘ [Read more](https://infosecwriteups.com/osint-and-top-15-open-source-intelligence-tools-f5132bf9e40f?source=rss----7b722bfd1b8d---4) 2022-09-21T10:11:20Z **Vulnerable Flask App** ⌘ [Read more](https://infosecwriteups.com/vulnerable-flask-app-881bcc960889?source=rss----7b722bfd1b8d---4) 2022-09-21T11:12:18Z **Write-up: File path traversal, validation of file extension with null byte bypass @ PortSwigger…** ⌘ [Read more](https://infosecwriteups.com/write-up-file-path-traversal-validation-of-file-extension-with-null-byte-bypass-portswigger-801300e13799?source=rss----7b722bfd1b8d---4) 2022-09-22T06:43:43Z **OSINT Information Gathering with Informer** ⌘ [Read more](https://infosecwriteups.com/osint-information-gathering-with-informer-28176a704cf6?source=rss----7b722bfd1b8d---4) 2022-09-22T06:43:31Z **Understanding the NMAP methodology — Part 1** ⌘ [Read more](https://infosecwriteups.com/network-mapping-part-1-112116ce6555?source=rss----7b722bfd1b8d---4) 2022-09-22T06:43:18Z **Try Hack Me: Basic Pentesting Walkthrough** ⌘ [Read more](https://infosecwriteups.com/try-hack-me-basic-pentesting-walkthrough-a70b85308b0a?source=rss----7b722bfd1b8d---4) 2022-09-22T06:42:51Z **Try Hack Me: Intro to Digital Forensics Walkthrough** ⌘ [Read more](https://infosecwriteups.com/try-hack-me-intro-to-digital-forensics-write-up-566977aabe4e?source=rss----7b722bfd1b8d---4) 2022-09-22T06:42:28Z **How I hacked an exam portal and got access to 10K+ users data including webcams** ⌘ [Read more](https://infosecwriteups.com/how-i-hacked-exam-portal-and-got-access-to-10k-users-data-including-webcams-ec2262b43df7?source=rss----7b722bfd1b8d---4) 2022-09-22T07:46:54Z **Write-up: JWT authentication bypass via jwk header injection @ PortSwigger Academy**
[![](https://cdn-images-1.medium.com/max/843/0*zPhDGGupNrqISE6M.png)](https://infosecwriteups.com/write-up-jwt-authentication-bypass-via-jwk-header-injection-portswigger-academy-a08975256e8c?source=rss----7b722bfd1b8d---4)

This write-up for the lab JWT authentication bypass via jwk header injection is part of my walk-through series for ... ⌘ [Read more](https://infosecwriteups.com/write-up-jwt-authentication-bypass-via-jwk-header-injection-portswigger-academy-a08975256e8c?source=rss----7b722bfd1b8d---4) 2022-09-22T15:10:04Z **AWS control tower — the best way to govern multi-account environments**
[![](https://cdn-images-1.medium.com/max/1024/0*KO3NW0Pzm7PYMA1W.png)](https://infosecwriteups.com/aws-control-tower-the-best-way-to-govern-multi-account-environments-27a727a529dd?source=rss----7b722bfd1b8d---4)

Anyone who has worked in the cloud knows how quickly this environment can increase in complexity as more and more workloads get migrated…

[Continue r ... ⌘ [Read more](https://infosecwriteups.com/aws-control-tower-the-best-way-to-govern-multi-account-environments-27a727a529dd?source=rss----7b722bfd1b8d---4) 2022-09-23T13:06:28Z **How I Found Multiple SQL Injections in 5 Minutes in Bug Bounty** ⌘ [Read more](https://infosecwriteups.com/how-i-found-multiple-sql-injections-in-5-minutes-in-bug-bounty-40155964c498?source=rss----7b722bfd1b8d---4) 2022-09-23T13:05:52Z **Bypassing CSRF Protection (II)** ⌘ [Read more](https://infosecwriteups.com/bypassing-csrf-protection-ii-b479009b4a7a?source=rss----7b722bfd1b8d---4) 2022-09-24T13:39:31Z **How to exploit a stored XSS vulnerability on DVWA — StackZero** ⌘ [Read more](https://infosecwriteups.com/how-to-exploit-a-stored-xss-vulnerability-on-dvwa-stackzero-1de6cc9545b9?source=rss----7b722bfd1b8d---4) 2022-09-24T13:39:22Z **Understanding the NMAP methodology — Part 2** ⌘ [Read more](https://infosecwriteups.com/understanding-the-nmap-methodology-part-2-3d0442f1c482?source=rss----7b722bfd1b8d---4) 2022-09-26T12:11:42Z **Top 10 Dockerfile Security Best Practices for a More Secure Container** ⌘ [Read more](https://infosecwriteups.com/top-10-dockerfile-security-best-practices-for-a-more-secure-container-e5426f69738b?source=rss----7b722bfd1b8d---4) 2022-09-26T12:11:27Z **Android Hardening Guide** ⌘ [Read more](https://infosecwriteups.com/android-hardening-guide-2439a77f7e83?source=rss----7b722bfd1b8d---4) 2022-09-26T12:09:01Z **Connect State Attack — First Request Validation** ⌘ [Read more](https://infosecwriteups.com/connect-state-attack-first-request-validation-2bea8e42a647?source=rss----7b722bfd1b8d---4) 2022-09-26T12:08:15Z **HTML Injection inside Email body- The First BUG I hunted down in a Bug Bounty Platform!** ⌘ [Read more](https://infosecwriteups.com/html-injection-inside-email-body-the-first-bug-i-hunted-in-a-bug-bounty-platform-3c96b1e0ae9f?source=rss----7b722bfd1b8d---4) 2022-09-26T13:16:52Z **JSON web tokens**
[![](https://cdn-images-1.medium.com/max/640/1*wCj6WtTPC19CWK23qzBMkQ.jpeg)](https://infosecwriteups.com/json-web-tokens-c1f01028f5ac?source=rss----7b722bfd1b8d---4)

For decades cookies have been used to authenticate a user and hold session data. But a simple session cookie has certain limitations and…

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/json-web-tokens-c1f01028f5ac?source=rss----7b722bfd1b8d---4) ⌘ [Read more](https://infosecwriteups.com/json-web-tokens-c1f01028f5ac?source=rss----7b722bfd1b8d---4) 2022-09-26T13:12:27Z **Monitoring your targets for bug bounties** ⌘ [Read more](https://infosecwriteups.com/monitoring-your-targets-for-bug-bounties-36f6be3e69c9?source=rss----7b722bfd1b8d---4) 2022-09-27T16:27:43Z **Complete take-over of Cisco Unified Communications Manager due consecutively misconfigurations** ⌘ [Read more](https://infosecwriteups.com/complete-take-over-of-cisco-unified-communications-manager-due-consecutively-misconfigurations-2a1b5ce8bd9a?source=rss----7b722bfd1b8d---4) 2022-09-27T16:27:32Z **SANS Top 25 Software Errors (Part 1 of 25): CWE-787 Out-of-bounds Write** ⌘ [Read more](https://infosecwriteups.com/sans-top-25-software-errors-part-1-of-25-cwe-787-out-of-bounds-write-4e1a7c63ff38?source=rss----7b722bfd1b8d---4) 2022-09-27T16:27:22Z **How to exploit DOM XSS on DVWA — StackZero**
[![](https://cdn-images-1.medium.com/max/930/0*zKV9DnQqKZW7NkWQ.jpg)](https://infosecwriteups.com/how-to-exploit-dom-xss-on-dvwa-stackzero-c83a682ed7b7?source=rss----7b722bfd1b8d---4)

In this write-up we are going to we will learn how to pass all levels of DOM XSS on DVWA so we can better understand that vulnerability.

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/how-to-exploit-dom-xss-o ... ⌘ [Read more](https://infosecwriteups.com/how-to-exploit-dom-xss-on-dvwa-stackzero-c83a682ed7b7?source=rss----7b722bfd1b8d---4) 2022-09-27T16:27:07Z **Multi-Factor Authentication Vulnerabilities** ⌘ [Read more](https://infosecwriteups.com/multi-factor-authentication-vulnerabilities-7a4b647a7b09?source=rss----7b722bfd1b8d---4) 2022-09-28T11:40:44Z **CVE-2022–36934: An integer overflow in WhatsApp leading to remote code execution in an established…** ⌘ [Read more](https://infosecwriteups.com/cve-2022-36934-an-integer-overflow-in-whatsapp-leading-to-remote-code-execution-in-an-established-e0fc4e2cd900?source=rss----7b722bfd1b8d---4) 2022-09-28T11:38:59Z **A Tale of Account Takeover** ⌘ [Read more](https://infosecwriteups.com/a-tale-of-account-takeover-fcae914f067b?source=rss----7b722bfd1b8d---4) 2022-09-28T11:38:39Z **CVE-2022–27492: An integer underflow in WhatsApp causing remote code execution when receiving a…** ⌘ [Read more](https://infosecwriteups.com/cve-2022-27492-an-integer-underflow-in-whatsapp-causing-remote-code-execution-when-receiving-a-b50bebae14f4?source=rss----7b722bfd1b8d---4) 2022-09-28T11:38:19Z **Writing and Using Python Burp Extension — Adding a Custom Header Field** ⌘ [Read more](https://infosecwriteups.com/writing-and-using-python-burp-extension-adding-a-custom-header-field-770fe1cbabc9?source=rss----7b722bfd1b8d---4) 2022-09-28T12:19:48Z **‍ $600k Bounty, Jetty Features, Response Queue Poisoning, Bypass SSRF Protections, XSS…** ⌘ [Read more](https://infosecwriteups.com/600k-bounty-jetty-features-response-queue-poisoning-bypass-ssrf-protections-xss-9b7644077829?source=rss----7b722bfd1b8d---4) 2022-09-28T12:42:22Z **How To Attack Admin Panels Successfully**
[![](https://cdn-images-1.medium.com/max/2600/0*IicDJ5FsOki0m8Mr)](https://infosecwriteups.com/how-to-attack-admin-panels-successfully-72c90eeb818c?source=rss----7b722bfd1b8d---4)

Attacking Web Apps Admin Panels The Right Way

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/how-to-attack-admin-panels-successfully-72c90eeb818c?source=rss----7b722bfd1b8d---4) ⌘ [Read more](https://infosecwriteups.com/how-to-attack-admin-panels-successfully-72c90eeb818c?source=rss----7b722bfd1b8d---4) 2022-09-28T16:20:16Z **Integrated Approach for Application Security and Security Operations Center using data correlation…** ⌘ [Read more](https://infosecwriteups.com/integrated-approach-for-application-security-and-security-operations-center-using-data-correlation-dc723f493316?source=rss----7b722bfd1b8d---4) 2022-09-28T16:19:50Z **Cloud Security Tooling Series — What the heck is a CSPM ?**
[![](https://cdn-images-1.medium.com/max/1638/1*N96VhaUAoyTvjt-dOi9s6A.png)](https://infosecwriteups.com/cloud-security-tooling-series-what-the-heck-is-a-cspm-8f37f6b1db19?source=rss----7b722bfd1b8d---4)

Understanding the concept of Cloud Security Posture Management (CSPM)

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/cloud-security-tooling-series-what-the-heck ... ⌘ [Read more](https://infosecwriteups.com/cloud-security-tooling-series-what-the-heck-is-a-cspm-8f37f6b1db19?source=rss----7b722bfd1b8d---4) 2022-09-28T17:21:53Z **Write-up: Authentication bypass via flawed state machine @ PortSwigger Academy** ⌘ [Read more](https://infosecwriteups.com/write-up-authentication-bypass-via-flawed-state-machine-portswigger-academy-e7448edeeb3d?source=rss----7b722bfd1b8d---4) 2022-09-29T06:26:22Z **Understanding the NMAP methodology — Part 3** ⌘ [Read more](https://infosecwriteups.com/understanding-the-nmap-methodology-part-3-bb377b7767e0?source=rss----7b722bfd1b8d---4) 2022-09-29T07:27:07Z **Try Hack Me: Simple CTF Walkthrough** ⌘ [Read more](https://infosecwriteups.com/try-hack-me-simple-ctf-walkthrough-62824db116fa?source=rss----7b722bfd1b8d---4) 2022-09-29T14:37:07Z **Blockchain Network is Secured! But not the apps and their Integrations** ⌘ [Read more](https://infosecwriteups.com/blockchain-network-is-secured-but-not-the-apps-and-their-integrations-8077195d2c49?source=rss----7b722bfd1b8d---4) 2022-10-01T12:54:42Z **TryHackMe: Corridor Room Write-Up [No Answer]** ⌘ [Read more](https://infosecwriteups.com/tryhackme-corridor-room-write-up-no-answer-3732354e72ed?source=rss----7b722bfd1b8d---4) 2022-10-01T12:54:32Z **Security vs Compliance-Cloudflare Password Policy Restriction Bypass** ⌘ [Read more](https://infosecwriteups.com/security-vs-compliance-cloudflare-password-policy-restriction-bypass-da07ca7df4f2?source=rss----7b722bfd1b8d---4) 2022-10-01T12:54:23Z **CVE-2022–35405: Critical ManageEngine RCE** ⌘ [Read more](https://infosecwriteups.com/cve-2022-35405-critical-manageengine-rce-30d16f2e9ce6?source=rss----7b722bfd1b8d---4) 2022-10-03T12:56:19Z **Orange Arbitrary Command Execution** ⌘ [Read more](https://infosecwriteups.com/orange-arbitrary-command-execution-75ba7f283d53?source=rss----7b722bfd1b8d---4) 2022-10-03T12:59:11Z **‍$40,000 Bounty, Authentication Bypass Techniques, Cache Poisoning, IDORs, Password Recovery…** ⌘ [Read more](https://infosecwriteups.com/40-000-bounty-authentication-bypass-techniques-cache-poisoning-idors-password-recovery-2ec097380c57?source=rss----7b722bfd1b8d---4) 2022-10-03T13:57:27Z **Credential Stuffing Attack: Countermeasures using Patterns and Machine Learning** ⌘ [Read more](https://infosecwriteups.com/credential-stuffing-attack-countermeasures-using-patterns-and-machine-learning-4b356d6cb741?source=rss----7b722bfd1b8d---4) 2022-10-05T14:51:45Z **Cloud Security Tooling — What does a CIEM do exactly ??**
[![](https://cdn-images-1.medium.com/max/2600/0*nQXn4oZ0ua-FXIPx)](https://infosecwriteups.com/cloud-security-tooling-what-does-a-ciem-do-exactly-aca98f988784?source=rss----7b722bfd1b8d---4)

One more cloud abbreviation to understand

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/cloud-security-tooling-what-does-a-ciem-do-exactly-aca98f988784?source=rss----7b722bfd1b8 ... ⌘ [Read more](https://infosecwriteups.com/cloud-security-tooling-what-does-a-ciem-do-exactly-aca98f988784?source=rss----7b722bfd1b8d---4) 2022-10-05T14:50:51Z **Ransomware Attacks — Current Trends and Protection Strategies** ⌘ [Read more](https://infosecwriteups.com/ransomware-attacks-current-trends-and-protection-strategies-11265c8ae36d?source=rss----7b722bfd1b8d---4) 2022-10-05T14:49:46Z **TryHackMe: OhSINT Room Write-Up [No Answers]** ⌘ [Read more](https://infosecwriteups.com/tryhackme-ohsint-room-write-up-no-answers-9765366c3849?source=rss----7b722bfd1b8d---4) 2022-10-06T05:59:32Z **How to properly enforce authorization**
[![](https://cdn-images-1.medium.com/max/720/1*0KvydQpwzgxw8PKoBSZ74Q.jpeg)](https://infosecwriteups.com/how-to-properly-enforce-authorization-65dc62d21745?source=rss----7b722bfd1b8d---4)

Introduction

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/how-to-properly-enforce-authorization-65dc62d21745?source=rss----7b722bfd1b8d---4) ⌘ [Read more](https://infosecwriteups.com/how-to-properly-enforce-authorization-65dc62d21745?source=rss----7b722bfd1b8d---4) 2022-10-06T05:58:50Z **The Day I End-Up finding that Critical Database Info leaking on CM Cell(TN) Application** ⌘ [Read more](https://infosecwriteups.com/the-day-i-end-up-finding-that-critical-database-info-leaking-on-cm-cell-tn-application-b6c126687f13?source=rss----7b722bfd1b8d---4) 2022-10-06T05:58:06Z **Cloud Security Tooling Series : What the heck is a CWPP ?**
[![](https://cdn-images-1.medium.com/max/2600/0*dQsXRrfDmy709vQj)](https://infosecwriteups.com/cloud-security-tooling-series-what-the-heck-is-a-cwpp-aa9758f9a339?source=rss----7b722bfd1b8d---4)

Understanding where CWPPs fit in the Cloud Security puzzle

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/cloud-security-tooling-series-what-the-heck-is-a-cwpp-aa9758f9a3 ... ⌘ [Read more](https://infosecwriteups.com/cloud-security-tooling-series-what-the-heck-is-a-cwpp-aa9758f9a339?source=rss----7b722bfd1b8d---4) 2022-10-06T06:05:44Z **Hacking the WordPress sites for fun and profit | Part-1 [ Water ]** ⌘ [Read more](https://infosecwriteups.com/hacking-the-wordpress-sites-for-fun-and-profit-part-1-water-7ba474ced0f8?source=rss----7b722bfd1b8d---4) 2022-10-06T08:20:17Z **HTTP-HOST HEADER ATTACKS** ⌘ [Read more](https://infosecwriteups.com/http-host-header-attacks-55ca4b7786c?source=rss----7b722bfd1b8d---4) 2022-10-06T08:19:36Z **HackTheBox Canvas CTF Writeup** ⌘ [Read more](https://infosecwriteups.com/hackthebox-canvas-ctf-writeup-75b0f4682ef5?source=rss----7b722bfd1b8d---4) 2022-10-06T08:18:46Z **Try Hack Me: Pickle Rick Walkthrough** ⌘ [Read more](https://infosecwriteups.com/try-hack-me-pickle-rick-walkthrough-f3378114dd7a?source=rss----7b722bfd1b8d---4) 2022-10-06T13:37:53Z **WordPress Security**
[![](https://cdn-images-1.medium.com/max/680/1*jE4AlZDGPVeGeIoj7rOeVA.png)](https://infosecwriteups.com/wordpress-security-c8ea1891bd51?source=rss----7b722bfd1b8d---4)

Initially started as a blogging platform has turned into a lifesaver for many startups, companies, influencers, and bloggers. WordPress…

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/wordpress-security-c8ea1891bd51?source=rss----7b722bfd1b8d---4) ⌘ [Read more](https://infosecwriteups.com/wordpress-security-c8ea1891bd51?source=rss----7b722bfd1b8d---4) 2022-10-06T13:37:07Z **Bugcrowd — Tale of multiple misconfigurations!! ❌** ⌘ [Read more](https://infosecwriteups.com/bugcrowd-tale-of-multiple-misconfigurations-cb5b98f09302?source=rss----7b722bfd1b8d---4) 2022-10-07T08:24:26Z **The Importance of Infrastructure as Code Security Scanning** ⌘ [Read more](https://infosecwriteups.com/the-importance-of-infrastructure-as-code-security-scanning-7add9e8dbb06?source=rss----7b722bfd1b8d---4) 2022-10-09T14:33:24Z **Finding of Directory/Path in Linux** ⌘ [Read more](https://infosecwriteups.com/finding-of-directory-path-in-linux-820be9ae759b?source=rss----7b722bfd1b8d---4) 2022-10-09T14:32:25Z **njRAT Malware Analysis** ⌘ [Read more](https://infosecwriteups.com/njrat-malware-analysis-8e90dce07a9e?source=rss----7b722bfd1b8d---4) 2022-10-09T14:31:47Z **Browser in the Browser Attack** ⌘ [Read more](https://infosecwriteups.com/browser-in-the-browser-attack-a670e9a2be11?source=rss----7b722bfd1b8d---4) 2022-10-09T14:31:18Z **CVE-2022–40684: New Authentication Bypass Affecting FortiGate and FortiProxy** ⌘ [Read more](https://infosecwriteups.com/cve-2022-40684-new-authentication-bypass-affecting-fortigate-and-fortiproxy-c9bd36112949?source=rss----7b722bfd1b8d---4) 2022-10-09T14:31:01Z **Best CTF Platforms**
[![](https://cdn-images-1.medium.com/max/1920/1*Nb-v4VlicZOUED-Sg_tMHA.png)](https://infosecwriteups.com/best-ctf-platforms-876cc0870f3b?source=rss----7b722bfd1b8d---4)

I have compiled a list of Red Team/Blue Team Capture The Flag Platforms to test your skills on.

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/best-ctf-platforms-876cc0870f3b?source=rss----7b722bfd1b8d---4) ⌘ [Read more](https://infosecwriteups.com/best-ctf-platforms-876cc0870f3b?source=rss----7b722bfd1b8d---4) 2022-10-09T14:30:34Z **Full Company Building Takeover** ⌘ [Read more](https://infosecwriteups.com/company-building-takeover-10a422385390?source=rss----7b722bfd1b8d---4) 2022-10-09T14:30:08Z **EXPLOITING OS COMMAND INJECTION VULNERABILITIES** ⌘ [Read more](https://infosecwriteups.com/exploiting-os-command-injection-vulnerabilities-14195c9a410b?source=rss----7b722bfd1b8d---4) 2022-10-09T15:31:51Z **Everything About Path Traversal Vulnerability**
[![](https://cdn-images-1.medium.com/max/601/1*Q3U83Z8FYycogZGRqndnCQ.png)](https://infosecwriteups.com/everything-about-path-traversal-vulnerability-c40ba5465bc4?source=rss----7b722bfd1b8d---4)

Introduction

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/everything-about-path-traversal-vulnerability-c40ba5465bc4?source=rss----7b722bfd1b8d---4) ⌘ [Read more](https://infosecwriteups.com/everything-about-path-traversal-vulnerability-c40ba5465bc4?source=rss----7b722bfd1b8d---4) 2022-10-10T12:48:13Z **‍Roadmap to Cybersecurity in 2022, Full-Read SSRF, IDOR in GraphQL, GCP Pentesting, and much…** ⌘ [Read more](https://infosecwriteups.com/roadmap-to-cybersecurity-in-2022-full-read-ssrf-idor-in-graphql-gcp-pentesting-and-much-74d2d906f7d7?source=rss----7b722bfd1b8d---4) 2022-10-10T13:09:34Z **Accidental Account takeover** ⌘ [Read more](https://infosecwriteups.com/accidental-account-takeover-4301b56f4fb2?source=rss----7b722bfd1b8d---4) 2022-10-11T05:39:36Z **Harley Malware: New Attack on Android Devices** ⌘ [Read more](https://infosecwriteups.com/harley-malware-new-attack-on-android-devices-ae2c599c2217?source=rss----7b722bfd1b8d---4) 2022-10-11T06:43:05Z **Why do Deserialization Vulnerabilities occur?**
[![](https://cdn-images-1.medium.com/max/720/1*VUUVxdI0qSHdO_ksAExrqQ.jpeg)](https://infosecwriteups.com/why-do-deserialization-vulnerabilities-occur-577aafd39785?source=rss----7b722bfd1b8d---4)

Introduction

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/why-do-deserialization-vulnerabilities-occur-577aafd39785?source=rss----7b722bfd1b8d---4) ⌘ [Read more](https://infosecwriteups.com/why-do-deserialization-vulnerabilities-occur-577aafd39785?source=rss----7b722bfd1b8d---4) 2022-10-12T14:47:54Z **Critical IDOR Vulnerability on Medium?** ⌘ [Read more](https://infosecwriteups.com/critical-idor-vulnerability-on-medium-f78346edbcb1?source=rss----7b722bfd1b8d---4) 2022-10-12T15:51:42Z **$6000 with Microsoft Hall of Fame | Microsoft Firewall Bypass | CRLF to XSS | Microsoft Bug Bounty** ⌘ [Read more](https://infosecwriteups.com/6000-with-microsoft-hall-of-fame-microsoft-firewall-bypass-crlf-to-xss-microsoft-bug-bounty-8f6615c47922?source=rss----7b722bfd1b8d---4) 2022-10-13T15:19:51Z **Server Hardening with OpenSCAP** ⌘ [Read more](https://infosecwriteups.com/server-hardening-with-openscap-be072ba2e415?source=rss----7b722bfd1b8d---4) 2022-10-13T15:19:39Z **TryHackMe writeup: Tools R Us**
[![](https://cdn-images-1.medium.com/max/767/0*2A8pzy_YD1bJzoDJ.png)](https://infosecwriteups.com/tryhackme-writeup-tools-r-us-daf0934f32f2?source=rss----7b722bfd1b8d---4)

ToolsRUs (“tryhackme”, 2019) is a fun little TryHackMe room that has its users “[p]ractise using tools such as dirbuster, hydra, nmap…

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/tryhackme-writeup-tools-r-us-daf0934f32f2?source=rss----7b722bf ... ⌘ [Read more](https://infosecwriteups.com/tryhackme-writeup-tools-r-us-daf0934f32f2?source=rss----7b722bfd1b8d---4) 2022-10-13T17:33:11Z **Get yourself a rooted Android Virtual Device (AVD)** ⌘ [Read more](https://infosecwriteups.com/get-yourself-a-rooted-android-virtual-device-avd-fb443d590dfa?source=rss----7b722bfd1b8d---4) 2022-10-13T18:37:04Z **It’s the Little Things : Breaking an AI** ⌘ [Read more](https://infosecwriteups.com/its-the-little-things-breaking-an-ai-40c30ae85f37?source=rss----7b722bfd1b8d---4) 2022-10-14T12:19:56Z **Threat Hunting Series: Using Threat Emulation for Threat Hunting** ⌘ [Read more](https://infosecwriteups.com/threat-hunting-series-using-threat-emulation-for-threat-hunting-f7ccaa4b85e5?source=rss----7b722bfd1b8d---4) 2022-10-14T12:19:46Z **Exploit Eternal Blue (MS17–010) for Windows XP with custom payload** ⌘ [Read more](https://infosecwriteups.com/exploit-eternal-blue-ms17-010-for-windows-xp-with-custom-payload-fabbbbeb692f?source=rss----7b722bfd1b8d---4) 2022-10-14T12:19:34Z **Exploit Eternal Blue (MS17–010) for Window 7 and higher (custom payload)** ⌘ [Read more](https://infosecwriteups.com/exploit-eternal-blue-ms17-010-for-window-7-and-higher-custom-payload-efd9fcc8b623?source=rss----7b722bfd1b8d---4) 2022-10-15T12:47:58Z **Write-up: Infinite money logic flaw @ PortSwigger Academy** ⌘ [Read more](https://infosecwriteups.com/write-up-infinite-money-logic-flaw-portswigger-academy-5b6182f42f57?source=rss----7b722bfd1b8d---4) 2022-10-17T11:36:44Z **SSH: Introduction, How to Secure and Working** ⌘ [Read more](https://infosecwriteups.com/ssh-introduction-how-to-secure-and-working-b446abb34309?source=rss----7b722bfd1b8d---4) 2022-10-17T11:36:25Z **CVE-2022–41040: ProxyNotShell Exchange Vulnerability** ⌘ [Read more](https://infosecwriteups.com/cve-2022-41040-proxynotshell-f0b8fb53ec8b?source=rss----7b722bfd1b8d---4) 2022-10-17T11:35:38Z **HTTP request smuggling Explained and Exploited Part 0x1** ⌘ [Read more](https://infosecwriteups.com/http-request-smuggling-explained-and-exploited-part-0x1-89ce2956534f?source=rss----7b722bfd1b8d---4) 2022-10-17T11:34:11Z **How I Got $10,000 From GitHub For Bypassing Filtration oF HTML tags** ⌘ [Read more](https://infosecwriteups.com/how-i-got-10-000-from-github-for-bypassing-filtration-of-html-tags-db31173c8b37?source=rss----7b722bfd1b8d---4) 2022-10-17T12:37:30Z **Conducting a free AWS Security Assessment with Prowler**
[![](https://cdn-images-1.medium.com/max/2600/0*8gHIe5GinsEmYZnw)](https://infosecwriteups.com/conducting-a-free-aws-security-assessment-with-prowler-f54a65de1020?source=rss----7b722bfd1b8d---4)

Get a complete AWS security report with this free tool

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/conducting-a-free-aws-security-assessment-with-prowler-f54a65de1020?s ... ⌘ [Read more](https://infosecwriteups.com/conducting-a-free-aws-security-assessment-with-prowler-f54a65de1020?source=rss----7b722bfd1b8d---4) 2022-10-17T12:50:10Z **‍$6000 from Microsoft, WAF Bypass, Manual Exploitation, Nuclei Guide, Admin Panel and much…** ⌘ [Read more](https://infosecwriteups.com/6000-from-microsoft-waf-bypass-manual-exploitation-nuclei-guide-admin-panel-and-much-48458802ee6f?source=rss----7b722bfd1b8d---4) 2022-10-17T17:37:25Z **Linux Privilege Escalation: Linux kernel / distribution exploits you should now about.** ⌘ [Read more](https://infosecwriteups.com/linux-privilege-escalation-linux-kernel-distribution-exploits-you-should-now-about-1c46152d133d?source=rss----7b722bfd1b8d---4) 2022-10-18T10:35:06Z **Hacking into a modern Linux distribution**
[![](https://cdn-images-1.medium.com/max/2600/1*CABHxpgY1e4UoQ_H91fsJg.jpeg)](https://infosecwriteups.com/how-to-hack-into-a-linux-machine-4fd2384a8700?source=rss----7b722bfd1b8d---4)

3 methods to gain access to the Linux filesystem

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/how-to-hack-into-a-linux-machine-4fd2384a8700?source=rss----7b722bfd1b8d---4) ⌘ [Read more](https://infosecwriteups.com/how-to-hack-into-a-linux-machine-4fd2384a8700?source=rss----7b722bfd1b8d---4) 2022-10-18T10:34:36Z **How I exploited Blind SQLi without using any tool!— StackZero**
[![](https://cdn-images-1.medium.com/max/930/0*nzhwtJt2LWjdzs8w.jpg)](https://infosecwriteups.com/how-i-exploited-blind-sqli-without-using-any-tool-stackzero-396e831ecbdf?source=rss----7b722bfd1b8d---4)

Hi hackers! Here is another article that will show how to exploit a WELL KNOWN vulnerability in practice.

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.co ... ⌘ [Read more](https://infosecwriteups.com/how-i-exploited-blind-sqli-without-using-any-tool-stackzero-396e831ecbdf?source=rss----7b722bfd1b8d---4) 2022-10-18T10:34:10Z **XML External Entities** ⌘ [Read more](https://infosecwriteups.com/xml-external-entities-9c2f2169430a?source=rss----7b722bfd1b8d---4) 2022-10-19T13:15:27Z **Reverse Engineering Function Call in C and Exploiting it**
[![](https://cdn-images-1.medium.com/max/717/1*cIS2KWpDmG0LOeI1Qe5n2w.png)](https://infosecwriteups.com/reverse-engineering-function-call-in-c-and-exploiting-it-b1b539974018?source=rss----7b722bfd1b8d---4)

Binary Exploitation of a Simple Function in C

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/reverse-engineering-function-call-in-c-and-exploiting-it-b1b539 ... ⌘ [Read more](https://infosecwriteups.com/reverse-engineering-function-call-in-c-and-exploiting-it-b1b539974018?source=rss----7b722bfd1b8d---4) 2022-10-19T14:16:54Z **Four Steps to Prepare for a Ransomware Attack** ⌘ [Read more](https://infosecwriteups.com/four-steps-to-prepare-for-a-ransomware-attack-ab74d98abdaa?source=rss----7b722bfd1b8d---4) 2022-10-20T11:42:35Z **Pylirt — Python Linux Incident Response Toolkit** ⌘ [Read more](https://infosecwriteups.com/pylirt-python-linux-incident-response-toolkit-d04fdbadae6c?source=rss----7b722bfd1b8d---4) 2022-10-20T11:42:26Z **JSON Web Tokens** ⌘ [Read more](https://infosecwriteups.com/json-web-tokens-409297c260a0?source=rss----7b722bfd1b8d---4) 2022-10-20T11:42:14Z **HTTP request smuggling Explained and Exploited Part 0x2** ⌘ [Read more](https://infosecwriteups.com/http-request-smuggling-explained-and-exploited-part-0x2-7768d04883fb?source=rss----7b722bfd1b8d---4) 2022-10-20T12:46:50Z **TEXT4Shell PoC (CVE-2022–42889)** ⌘ [Read more](https://infosecwriteups.com/text4shell-poc-cve-2022-42889-f6e9df41b3b7?source=rss----7b722bfd1b8d---4) 2022-10-21T17:23:51Z **Firing 8 Account Takeover Methods** ⌘ [Read more](https://infosecwriteups.com/firing-8-account-takeover-methods-77e892099050?source=rss----7b722bfd1b8d---4) 2022-10-21T17:22:27Z **Kerberos: The Ticket Authentication Protocol** ⌘ [Read more](https://infosecwriteups.com/kerberos-the-ticket-authentication-protocol-d545dde9fe03?source=rss----7b722bfd1b8d---4) 2022-10-22T11:29:58Z **Android Pentesting 101 — Part 1** ⌘ [Read more](https://infosecwriteups.com/android-pentesting-101-part-1-8e31b8cd8b2b?source=rss----7b722bfd1b8d---4) 2022-10-23T16:15:13Z **Exposed .git Directory Exploitation** ⌘ [Read more](https://infosecwriteups.com/exposed-git-directory-exploitation-3e30481e8d75?source=rss----7b722bfd1b8d---4) 2022-10-23T16:14:56Z **SQL Injection: An Overview** ⌘ [Read more](https://infosecwriteups.com/sql-injection-an-overview-1057c5729dc5?source=rss----7b722bfd1b8d---4) 2022-10-23T16:14:31Z **Hacked Tathva ’22 Biggest Techno-Management Fest in South India** ⌘ [Read more](https://infosecwriteups.com/hacked-tathva-22-biggest-techno-management-fest-in-south-india-6a95435c82e7?source=rss----7b722bfd1b8d---4) 2022-10-23T16:14:15Z **We’ve seized a hacker's computer, what now?**
[![](https://cdn-images-1.medium.com/max/1300/0*zZ_VMCudho7CEpNz.jpg)](https://infosecwriteups.com/hard-drive-forensics-7e5ffd6036fd?source=rss----7b722bfd1b8d---4)

Imagine you are given a hard drive that you need to examine for a criminal investigation. As is for handling all evidence, you need to be…

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/hard-drive-forensics-7e5ffd6036fd?source=rss----7b722bfd1b8d ... ⌘ [Read more](https://infosecwriteups.com/hard-drive-forensics-7e5ffd6036fd?source=rss----7b722bfd1b8d---4) 2022-10-23T17:16:51Z **Write-up: HTTP request smuggling, basic CL.TE vulnerability @ PortSwigger Academy** ⌘ [Read more](https://infosecwriteups.com/write-up-http-request-smuggling-basic-cl-te-vulnerability-portswigger-academy-5acbbc040c74?source=rss----7b722bfd1b8d---4) 2022-10-24T12:44:25Z **‍IW Weekly #30: $10,000 Bounty, Bypassing Filtration, DDoS Attack, Fuzzing for SQL Injection…** ⌘ [Read more](https://infosecwriteups.com/iw-weekly-30-10-000-bounty-bypassing-filtration-ddos-attack-fuzzing-for-sql-injection-96b11768523c?source=rss----7b722bfd1b8d---4) 2022-10-25T04:41:24Z **Faster your NMAP scan with “Agile Grabber”** ⌘ [Read more](https://infosecwriteups.com/faster-your-nmap-scan-with-agile-grabber-2786c236c3dc?source=rss----7b722bfd1b8d---4) 2022-10-25T13:23:31Z **Android Pentesting 101 — Part 2** ⌘ [Read more](https://infosecwriteups.com/android-pentesting-101-part-2-419facdf11c1?source=rss----7b722bfd1b8d---4) 2022-10-25T13:22:44Z **HTTP request smuggling Explained and Exploited Part 0x3** ⌘ [Read more](https://infosecwriteups.com/http-request-smuggling-explained-and-exploited-part-0x3-b61623287603?source=rss----7b722bfd1b8d---4) 2022-10-26T07:10:49Z **Burp Suite? No Thanks! Blind SQLi in DVWA With Python (Part 2) — StackZero** ⌘ [Read more](https://infosecwriteups.com/burp-suite-no-thanks-blind-sqli-in-dvwa-with-python-part-2-stackzero-a5c0acf431dc?source=rss----7b722bfd1b8d---4) 2022-10-26T08:11:45Z **TryHackMe writeup: Skynet**
[![](https://cdn-images-1.medium.com/max/1064/1*Drzbg6vwNnVVUsn9JIQ7Xg.jpeg)](https://infosecwriteups.com/tryhackme-writeup-skynet-2c068f19521b?source=rss----7b722bfd1b8d---4)

A fun TryHackMe room that has its twist and turns. Featuring a PHP Meterpreter, SMB enumeration, and PwnKit!

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/tryhackme-writeup-skynet-2c068f19521b?source=rss----7b722bfd1b8d---4) ⌘ [Read more](https://infosecwriteups.com/tryhackme-writeup-skynet-2c068f19521b?source=rss----7b722bfd1b8d---4) 2022-10-26T09:21:55Z **Devel From HackTheBox** ⌘ [Read more](https://infosecwriteups.com/devel-from-hackthebox-21c6436acf52?source=rss----7b722bfd1b8d---4) 2022-10-26T18:21:45Z **Chatterbox Hackthebox** ⌘ [Read more](https://infosecwriteups.com/chatterbox-hackthebox-4d5050018438?source=rss----7b722bfd1b8d---4) 2022-10-27T07:34:10Z **Cyber Security Control Validation Platform** ⌘ [Read more](https://infosecwriteups.com/cyber-security-control-validation-platform-bf22dca3657e?source=rss----7b722bfd1b8d---4) 2022-10-27T07:43:07Z **ANNOUNCEMENT: Paid Writing Opportunity for Infosec Writeups** ⌘ [Read more](https://infosecwriteups.com/announcement-paid-writing-opportunity-for-infosec-writeups-8750df0e0a74?source=rss----7b722bfd1b8d---4) 2022-10-27T08:37:04Z **OAuth and the flaws in its implementation**
[![](https://cdn-images-1.medium.com/max/1100/1*NAV0dHyrjPi3VB4r7PZUpw.jpeg)](https://infosecwriteups.com/oauth-and-the-flaws-in-its-implementation-74de16f115c0?source=rss----7b722bfd1b8d---4)

What is OAuth?

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/oauth-and-the-flaws-in-its-implementation-74de16f115c0?source=rss----7b722bfd1b8d---4) ⌘ [Read more](https://infosecwriteups.com/oauth-and-the-flaws-in-its-implementation-74de16f115c0?source=rss----7b722bfd1b8d---4) 2022-10-27T18:27:41Z **Openzeppelin Ethernaut Part — 0X00** ⌘ [Read more](https://infosecwriteups.com/openzeppelin-ethernaut-part-0x00-be38d7113110?source=rss----7b722bfd1b8d---4) 2022-10-28T10:59:06Z **Blind SSRF in Skype (Microsoft)** ⌘ [Read more](https://infosecwriteups.com/blind-ssrf-in-skype-microsoft-6639f4961052?source=rss----7b722bfd1b8d---4) 2022-10-30T08:46:55Z **Registrations Open for IWCON2022 Version 2.0 — the Online International Cybersecurity Conference** ⌘ [Read more](https://infosecwriteups.com/registrations-open-for-iwcon2022-version-2-0-the-online-international-cybersecurity-conference-ff4c4d1cddf3?source=rss----7b722bfd1b8d---4) 2022-10-31T08:42:18Z **Burp Suite? No Thanks! Blind SQLi in DVWA With Python (Part 3) — StackZero** ⌘ [Read more](https://infosecwriteups.com/burp-suite-no-thanks-blind-sqli-in-dvwa-with-python-part-3-stackzero-911545003f01?source=rss----7b722bfd1b8d---4) 2022-10-31T08:41:14Z **Android Pentesting 101 — Part 3** ⌘ [Read more](https://infosecwriteups.com/android-pentesting-101-part-3-2bf846b05594?source=rss----7b722bfd1b8d---4) 2022-10-31T08:40:44Z **Phoenix Challenges — Stack Two** ⌘ [Read more](https://infosecwriteups.com/phoenix-challenges-stack-two-da59b290dfa?source=rss----7b722bfd1b8d---4) 2022-10-31T09:41:36Z **Write-up: Forced OAuth profile linking @ PortSwigger Academy** ⌘ [Read more](https://infosecwriteups.com/write-up-forced-oauth-profile-linking-portswigger-academy-2ce996700c9c?source=rss----7b722bfd1b8d---4) 2022-11-01T12:27:42Z **Building a SIEM: centralized logging of all Linux commands with ELK + auditd** ⌘ [Read more](https://infosecwriteups.com/building-a-siem-centralized-logging-of-all-linux-commands-with-elk-auditd-3f2e70503933?source=rss----7b722bfd1b8d---4) 2022-11-01T13:31:35Z **Write-up: Remote code execution via web shell upload @ PortSwigger Academy** ⌘ [Read more](https://infosecwriteups.com/write-up-remote-code-execution-via-web-shell-upload-portswigger-academy-5fa00de47229?source=rss----7b722bfd1b8d---4) 2022-11-02T11:26:51Z **Upgrade Your Infosec Knowledge and Learn From the Speakers at IWCON 2022** ⌘ [Read more](https://infosecwriteups.com/upgrade-your-infosec-knowledge-and-learn-from-the-speakers-at-iwcon-2022-a74a2c1dafab?source=rss----7b722bfd1b8d---4) 2022-11-02T13:22:34Z **How I found accidentally copy-pasted Gmail inboxes** ⌘ [Read more](https://infosecwriteups.com/how-i-found-accidentally-copy-pasted-gmail-inboxes-49fcb8da5b8a?source=rss----7b722bfd1b8d---4) 2022-11-02T14:26:49Z **How to Assess Active Directory for Vulnerabilities Using Tenable Nessus’ Active Directory Starter…**
[![](https://cdn-images-1.medium.com/max/2600/1*bqx_uwhmLgXQP0ahnu_vTA.jpeg)](https://infosecwriteups.com/how-to-assess-active-directory-for-vulnerabilities-using-tenable-nessus-active-directory-starter-74b8bce2218a?source=rss----7b722bfd1b8d---4)

The Nessus vulnerability scanner from Tenable is a widel ... ⌘ [Read more](https://infosecwriteups.com/how-to-assess-active-directory-for-vulnerabilities-using-tenable-nessus-active-directory-starter-74b8bce2218a?source=rss----7b722bfd1b8d---4) 2022-11-02T15:26:55Z **How 403 Forbidden Bypass got me NOKIA Hall Of Fame (HOF)** ⌘ [Read more](https://infosecwriteups.com/how-403-forbidden-bypass-got-me-nokia-hall-of-fame-hof-8acbd2c1c2c8?source=rss----7b722bfd1b8d---4) 2022-11-03T12:20:06Z **The easiest bug to get a Hall of fame from a Billion dollar company.** ⌘ [Read more](https://infosecwriteups.com/the-easiest-bug-to-get-a-hall-of-fame-from-a-billion-dollar-company-8278fd7b3035?source=rss----7b722bfd1b8d---4) 2022-11-03T12:19:57Z **The Complete Guide to PortSwigger Directory Traversal and How to Prevent It** ⌘ [Read more](https://infosecwriteups.com/the-complete-guide-to-portswigger-directory-traversal-and-how-to-prevent-it-f6309d5aec94?source=rss----7b722bfd1b8d---4) 2022-11-03T12:19:48Z **Guess Your Enemies’ Passwords With Python (Brute Force Attack)** ⌘ [Read more](https://infosecwriteups.com/guess-your-enemies-passwords-with-python-brute-force-attack-99352e65ec8a?source=rss----7b722bfd1b8d---4) 2022-11-03T13:21:56Z **Fun with TurboIntruder,**
[![](https://cdn-images-1.medium.com/max/1391/1*TdM-VkIrbOhY2jDOSGmVJw.png)](https://infosecwriteups.com/fun-with-turbointruder-7be04ddcd73?source=rss----7b722bfd1b8d---4)

or, how to get ffuf with a gui while also doing some py coding

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/fun-with-turbointruder-7be04ddcd73?source=rss----7b722bfd1b8d---4) ⌘ [Read more](https://infosecwriteups.com/fun-with-turbointruder-7be04ddcd73?source=rss----7b722bfd1b8d---4) 2022-11-03T14:21:58Z **Write-up: Information disclosure in error messages @ PortSwigger Academy** ⌘ [Read more](https://infosecwriteups.com/write-up-information-disclosure-in-error-messages-portswigger-academy-b85f73054fa9?source=rss----7b722bfd1b8d---4) 2022-11-03T17:13:50Z **Get Blind XSS within 5 Minutes — $100** ⌘ [Read more](https://infosecwriteups.com/get-blind-xss-within-5-minutes-100-9718bd056570?source=rss----7b722bfd1b8d---4) 2022-11-03T17:13:29Z **OSCP — Cracking The New Pattern** ⌘ [Read more](https://infosecwriteups.com/oscp-cracking-the-new-pattern-6c4f1c9e2409?source=rss----7b722bfd1b8d---4) 2022-11-03T17:13:18Z **pentesting.cloud part 1: “Open To The Public” CTF walkthrough** ⌘ [Read more](https://infosecwriteups.com/pentesting-cloud-part-1-open-to-the-public-ctf-walkthrough-aa4dae59ec4e?source=rss----7b722bfd1b8d---4) 2022-11-04T10:00:37Z **4 Videos From 4 Infosec Experts to Explain Web3 Hacking** ⌘ [Read more](https://infosecwriteups.com/4-videos-from-4-infosec-experts-to-explain-web3-hacking-3f33c999264f?source=rss----7b722bfd1b8d---4) 2022-11-04T14:42:44Z **Python Source Code Analysis** ⌘ [Read more](https://infosecwriteups.com/python-source-code-analysis-53addcb3894?source=rss----7b722bfd1b8d---4) 2022-11-04T14:42:38Z **Automation of Buffer-Overflow** ⌘ [Read more](https://infosecwriteups.com/automation-of-buffer-overflow-b7252d77e72e?source=rss----7b722bfd1b8d---4) 2022-11-07T02:42:50Z **HTB ‘Blackfield’ [Writeup]**
[![](https://cdn-images-1.medium.com/max/2600/0*cyVwYPKkPbfAmgeP)](https://infosecwriteups.com/htb-blackfield-writeup-e7c3570aca00?source=rss----7b722bfd1b8d---4)

ASREPRoast \| Dictionary attack \|

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/htb-blackfield-writeup-e7c3570aca00?source=rss----7b722bfd1b8d---4) ⌘ [Read more](https://infosecwriteups.com/htb-blackfield-writeup-e7c3570aca00?source=rss----7b722bfd1b8d---4) 2022-11-07T02:42:40Z **Enterprise — Tryhackme Writeup** ⌘ [Read more](https://infosecwriteups.com/enterprise-tryhackme-writeup-aee8691afa17?source=rss----7b722bfd1b8d---4) 2022-11-07T02:42:26Z **Story of a $1k bounty — SSRF to leaking access token and other sensitive information** ⌘ [Read more](https://infosecwriteups.com/story-of-a-1k-bounty-ssrf-d5c4868680f5?source=rss----7b722bfd1b8d---4) 2022-11-07T03:47:00Z **Write-up: Unprotected admin functionality @ PortSwigger Academy** ⌘ [Read more](https://infosecwriteups.com/write-up-unprotected-admin-functionality-portswigger-academy-ff7de6a3c691?source=rss----7b722bfd1b8d---4) 2022-11-07T12:45:14Z **‍IW Weekly #32: 2FA Bypass, OpenSSL Vulnerabilities, Automated Recon Script, Subdomain…** ⌘ [Read more](https://infosecwriteups.com/iw-weekly-32-2fa-bypass-openssl-vulnerabilities-automated-recon-script-subdomain-d146e09e5157?source=rss----7b722bfd1b8d---4) 2022-11-07T15:01:30Z **P4 CTF: Apfel Seite** ⌘ [Read more](https://infosecwriteups.com/p4-ctf-apfel-seite-6eb03b7b60d7?source=rss----7b722bfd1b8d---4) 2022-11-08T11:07:03Z **Behind-the-Scenes of Infosec Writeups** ⌘ [Read more](https://infosecwriteups.com/behind-the-scenes-of-infosec-writeups-afa738793c9?source=rss----7b722bfd1b8d---4) 2022-11-08T17:58:59Z **Intro to & troubleshooting SIEM Collector Issues**
[![](https://cdn-images-1.medium.com/max/2600/0*p5w7G_PToHL2a-Kv)](https://infosecwriteups.com/intro-to-troubleshooting-siem-collector-issues-be92d01d19a6?source=rss----7b722bfd1b8d---4)

Blue Team in SOC

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/intro-to-troubleshooting-siem-collector-issues-be92d01d19a6?source=rss----7b722bfd1b8d---4) ⌘ [Read more](https://infosecwriteups.com/intro-to-troubleshooting-siem-collector-issues-be92d01d19a6?source=rss----7b722bfd1b8d---4) 2022-11-08T17:58:46Z **Auditing the Network Devices using Nipper**
[![](https://cdn-images-1.medium.com/max/602/1*mUaF02EdMny6_jsCnm8Ekg.png)](https://infosecwriteups.com/auditing-the-network-devices-using-nipper-ebb3217c6670?source=rss----7b722bfd1b8d---4)

SecTools

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/auditing-the-network-devices-using-nipper-ebb3217c6670?source=rss----7b722bfd1b8d---4) ⌘ [Read more](https://infosecwriteups.com/auditing-the-network-devices-using-nipper-ebb3217c6670?source=rss----7b722bfd1b8d---4) 2022-11-09T17:22:41Z **Interesting Account Takeover Bugs** ⌘ [Read more](https://infosecwriteups.com/interesting-account-takeover-bugs-in-the-wild-619df8466ca0?source=rss----7b722bfd1b8d---4) 2022-11-09T17:22:20Z **Cool Recon techniques every hacker misses! Episode 3** ⌘ [Read more](https://infosecwriteups.com/cool-recon-techniques-every-hacker-misses-episode-3-3812e7da3425?source=rss----7b722bfd1b8d---4) 2022-11-10T17:11:41Z **The tale of taking down the KBC scammers.** ⌘ [Read more](https://infosecwriteups.com/the-tale-of-taking-down-the-kbc-scammers-f8f8961a0bdd?source=rss----7b722bfd1b8d---4) 2022-11-10T17:11:26Z **Cross-origin resource sharing (CORS) Explanation & Exploitation ☠** ⌘ [Read more](https://infosecwriteups.com/cross-origin-resource-sharing-cors-explanation-exploitation-b4179235728b?source=rss----7b722bfd1b8d---4) 2022-11-10T17:11:07Z **A Beginner’s Guide to Nmap** ⌘ [Read more](https://infosecwriteups.com/a-beginners-guide-to-nmap-91aaecf15056?source=rss----7b722bfd1b8d---4) 2022-11-10T18:11:01Z **Write-up: Web shell upload via Content-Type restriction bypass @ PortSwigger Academy** ⌘ [Read more](https://infosecwriteups.com/write-up-web-shell-upload-via-content-type-restriction-bypass-portswigger-academy-839365e13bc?source=rss----7b722bfd1b8d---4) 2022-11-11T06:14:49Z **Router NR1800X — Command injection via setUssd** ⌘ [Read more](https://infosecwriteups.com/router-nr1800x-command-injection-via-setussd-7291f60b3c95?source=rss----7b722bfd1b8d---4) 2022-11-11T06:14:33Z **Destroying The Scammers Portal** ⌘ [Read more](https://infosecwriteups.com/destroying-the-scammers-portal-a78b034fb4b2?source=rss----7b722bfd1b8d---4) 2022-11-11T06:14:12Z **Reading My Crush Messages through XSS** ⌘ [Read more](https://infosecwriteups.com/reading-my-crush-messages-through-xss-f662661119c2?source=rss----7b722bfd1b8d---4) 2022-11-12T16:34:30Z **Understanding Privilege Escalation by Abusing Linux Access Control** ⌘ [Read more](https://infosecwriteups.com/understand-privilege-escalation-by-abusing-linux-access-control-6cab107e7203?source=rss----7b722bfd1b8d---4) 2022-11-12T16:34:03Z **From Shodan Dork to Grafana Local File Inclusion** ⌘ [Read more](https://infosecwriteups.com/from-shodan-dork-to-grafana-local-file-inclusion-e77dc4cfc264?source=rss----7b722bfd1b8d---4) 2022-11-12T17:36:42Z **Write-up: Information disclosure on debug page @ PortSwigger Academy** ⌘ [Read more](https://infosecwriteups.com/write-up-information-disclosure-on-debug-page-portswigger-academy-84fa667af24c?source=rss----7b722bfd1b8d---4) 2022-11-13T04:52:33Z **Analysis of a Smishing Text** ⌘ [Read more](https://infosecwriteups.com/analysis-of-a-smishing-text-2898a49e673d?source=rss----7b722bfd1b8d---4) 2022-11-14T07:31:40Z **Razor Black Active Directory Writeup** ⌘ [Read more](https://infosecwriteups.com/razor-black-active-directory-writeup-3636c53faa4c?source=rss----7b722bfd1b8d---4) 2022-11-14T07:31:15Z **Python APT1 Simulator** ⌘ [Read more](https://infosecwriteups.com/python-apt1-simulator-41df8f4fe655?source=rss----7b722bfd1b8d---4) 2022-11-14T12:54:40Z **‍IW Weekly #33: 15,000 Sites Hacked, $70,000 Bounty, API Injection Vulnerabilities, IDOR…** ⌘ [Read more](https://infosecwriteups.com/iw-weekly-33-15-000-sites-hacked-70-000-bounty-api-injection-vulnerabilities-idor-21b2e4c8038e?source=rss----7b722bfd1b8d---4) 2022-11-14T16:28:07Z **BugTrails-23 Writeup** ⌘ [Read more](https://infosecwriteups.com/bugtrails-23-writeup-96641e051aa5?source=rss----7b722bfd1b8d---4) 2022-11-15T09:07:51Z **Gauing+Nuclei for Instant Bounties** ⌘ [Read more](https://infosecwriteups.com/gauing-nuclei-for-instant-bounties-7a8a07979fff?source=rss----7b722bfd1b8d---4) 2022-11-15T09:07:35Z **Stealthy Persistence While Using Windows Terminal.** ⌘ [Read more](https://infosecwriteups.com/stealthy-persistence-while-using-windows-terminal-ff6f4927563a?source=rss----7b722bfd1b8d---4) 2022-11-15T10:52:40Z **Check Out The Full Speaker Line-Up of IWCON 2022** ⌘ [Read more](https://infosecwriteups.com/check-out-the-full-speaker-line-up-of-iwcon-2022-6989ab7976f5?source=rss----7b722bfd1b8d---4) 2022-11-16T08:22:53Z **Fine-Tuning & Optimising Security Alerts**
[![](https://cdn-images-1.medium.com/max/2600/0*wV5CvkpcDe08YDyK)](https://infosecwriteups.com/fine-tuning-optimising-security-alerts-5b12a1f6d42f?source=rss----7b722bfd1b8d---4)

Blue Team SOC Activity

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/fine-tuning-optimising-security-alerts-5b12a1f6d42f?source=rss----7b722bfd1b8d---4) ⌘ [Read more](https://infosecwriteups.com/fine-tuning-optimising-security-alerts-5b12a1f6d42f?source=rss----7b722bfd1b8d---4) 2022-11-16T09:27:11Z **DLL Hijacking Persistence Using Discord** ⌘ [Read more](https://infosecwriteups.com/dll-hijacking-persistence-using-discord-80691a63c559?source=rss----7b722bfd1b8d---4) 2022-11-17T13:02:05Z **Only 1 Month Left For Infosec Writeups Virtual Cybersecurity Conference** ⌘ [Read more](https://infosecwriteups.com/only-1-month-left-for-infosec-writeups-virtual-cybersecurity-conference-525cc5973be1?source=rss----7b722bfd1b8d---4) 2022-11-17T14:26:23Z **Frida & Objection without Jailbreak! ** ⌘ [Read more](https://infosecwriteups.com/frida-objection-without-jailbreak-27a66501bf38?source=rss----7b722bfd1b8d---4) 2022-11-19T14:32:02Z **4 Videos to Help You At The Start of Your Infosec/Hacking Career** ⌘ [Read more](https://infosecwriteups.com/4-videos-to-help-you-at-the-start-of-your-infosec-hacking-career-2a5bae0bbe5a?source=rss----7b722bfd1b8d---4) 2022-11-20T19:00:48Z **HTB Omni [writeup]**
[![](https://cdn-images-1.medium.com/max/2600/0*e-YqGj-KTD6TAv_P)](https://infosecwriteups.com/htb-omni-writeup-7efdc6fd1c10?source=rss----7b722bfd1b8d---4)

Exploiting Windows IoT Core using SireRAT

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/htb-omni-writeup-7efdc6fd1c10?source=rss----7b722bfd1b8d---4) ⌘ [Read more](https://infosecwriteups.com/htb-omni-writeup-7efdc6fd1c10?source=rss----7b722bfd1b8d---4) 2022-11-20T19:00:22Z **Russian roulette XSS** ⌘ [Read more](https://infosecwriteups.com/russian-roulette-xss-bbba6afd2570?source=rss----7b722bfd1b8d---4) 2022-11-20T19:00:04Z **Deep Dive into Hidden Web** ⌘ [Read more](https://infosecwriteups.com/deep-dive-into-hidden-web-a5110a9c65e7?source=rss----7b722bfd1b8d---4) 2022-11-20T19:08:30Z **Write-up: Reflected XSS into HTML context with nothing encoded @ PortSwigger Academy** ⌘ [Read more](https://infosecwriteups.com/write-up-reflected-xss-into-html-context-with-nothing-encoded-portswigger-academy-c45e7e53c775?source=rss----7b722bfd1b8d---4) 2022-11-20T19:08:08Z **How I earned $47000 USD as a high school student** ⌘ [Read more](https://infosecwriteups.com/how-i-earned-47000-usd-as-a-high-school-student-a9a68896b3a3?source=rss----7b722bfd1b8d---4) 2022-11-21T13:22:27Z **‍IW Weekly #34: Attacking SAML 2.0,** ⌘ [Read more](https://infosecwriteups.com/iw-weekly-34-attacking-saml-2-0-5d6cd7507ac4?source=rss----7b722bfd1b8d---4) 2022-11-21T14:27:32Z **TryHackMe writeup: AttackerKB**
[![](https://cdn-images-1.medium.com/max/696/1*MZZ3mE4V15WMzCz80juevQ.png)](https://infosecwriteups.com/tryhackme-writeup-attackerkb-48cef82cfefa?source=rss----7b722bfd1b8d---4)

This article discusses the AttackerKB project and a greater phenomena that it is based off of: the wisdom of the crowds.

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/tryhackme-writeup-attackerkb-48cef82cfefa?source=rss----7b722bfd1b8d--- ... ⌘ [Read more](https://infosecwriteups.com/tryhackme-writeup-attackerkb-48cef82cfefa?source=rss----7b722bfd1b8d---4) 2022-11-21T14:26:23Z **[ Malware Analysis #5] — Eternity Project — Eternity Worm** ⌘ [Read more](https://infosecwriteups.com/malware-analysis-5-eternity-project-eternity-worm-abd7803fcab?source=rss----7b722bfd1b8d---4) 2022-11-21T15:27:12Z **Pass the Hash Attack**
[![](https://cdn-images-1.medium.com/max/640/0*FXv0sK_Aq6bOI2iX.jpeg)](https://infosecwriteups.com/pass-the-hash-attack-ddf956cf9551?source=rss----7b722bfd1b8d---4)

We hear about breaches on a daily basis, and sometimes even about system compromises, so what stages does the attacker take and how does…

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/pass-the-hash-attack-ddf956cf9551?source=rss----7b722bfd1b8d---4) ⌘ [Read more](https://infosecwriteups.com/pass-the-hash-attack-ddf956cf9551?source=rss----7b722bfd1b8d---4) 2022-11-21T16:31:33Z **Write-up: Basic server-side template injection @ PortSwigger Academy** ⌘ [Read more](https://infosecwriteups.com/write-up-basic-server-side-template-injection-portswigger-academy-8e74931c6bd7?source=rss----7b722bfd1b8d---4) 2022-11-22T07:01:23Z **Must See Sites From The Depths of Dark Web!** ⌘ [Read more](https://infosecwriteups.com/must-see-sites-from-the-depths-of-dark-web-5bc42ab4b179?source=rss----7b722bfd1b8d---4) 2022-11-22T08:01:56Z **Write-up: Unprotected admin functionality @ PortSwigger Academy** ⌘ [Read more](https://infosecwriteups.com/write-up-unprotected-admin-functionality-portswigger-academy-d5804e3bb65?source=rss----7b722bfd1b8d---4) 2022-11-22T09:06:01Z **Bug Bounty Tips and Getting Persistence With Electron Applications** ⌘ [Read more](https://infosecwriteups.com/bug-bounty-tips-and-getting-persistence-with-electron-applications-c538d4dda446?source=rss----7b722bfd1b8d---4) 2022-11-22T20:24:39Z **Fastly Subdomain Takeover $2000** ⌘ [Read more](https://infosecwriteups.com/fastly-subdomain-takeover-2000-217bb180730f?source=rss----7b722bfd1b8d---4) 2022-11-23T08:06:51Z **3 Videos About Web3 Hacking to Fast-Forward Your Cybersecurity Journey** ⌘ [Read more](https://infosecwriteups.com/4-videos-about-web3-hacking-to-fast-forward-your-cybersecurity-journey-6e14b9b7d722?source=rss----7b722bfd1b8d---4) 2022-11-23T18:56:11Z **How To Exploit CSRF In DVWA — StackZero** ⌘ [Read more](https://infosecwriteups.com/how-to-exploit-csrf-in-dvwa-stackzero-bf1b6b557d85?source=rss----7b722bfd1b8d---4) 2022-11-24T11:52:38Z **Defending against ransomware in the Cloud**
[![](https://cdn-images-1.medium.com/max/2600/0*NTg1XD1eOSWTyhSI)](https://infosecwriteups.com/defending-against-ransomware-in-the-cloud-a6ff2c1efcab?source=rss----7b722bfd1b8d---4)

Is the Cloud more or less secure against ransomware ?

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/defending-against-ransomware-in-the-cloud-a6ff2c1efcab?source=rss----7b722bfd1b8d---4) ⌘ [Read more](https://infosecwriteups.com/defending-against-ransomware-in-the-cloud-a6ff2c1efcab?source=rss----7b722bfd1b8d---4) 2022-11-24T11:51:23Z **THE ANATOMY OF KERBEROS AUTHENTICATION (AD BASICS 0x1)** ⌘ [Read more](https://infosecwriteups.com/the-anatomy-of-kerberos-authentication-ad-basics-0x1-1532305a18a3?source=rss----7b722bfd1b8d---4) 2022-11-24T20:32:15Z **Write-up: Authentication bypass via information disclosure @ PortSwigger Academy** ⌘ [Read more](https://infosecwriteups.com/write-up-authentication-bypass-via-information-disclosure-portswigger-academy-f3998ded54e?source=rss----7b722bfd1b8d---4) 2022-11-25T06:53:56Z **From CloudSec to Web3 Security, Bug Bounties to DFIR, and More: 15 Power-Packed Talks at IWCON2022** ⌘ [Read more](https://infosecwriteups.com/from-cloudsec-to-web3-security-bug-bounties-to-dfir-and-more-15-power-packed-talks-at-iwcon2022-ae0691dc6c9d?source=rss----7b722bfd1b8d---4) 2022-11-26T12:38:05Z **Quick Update For Our Indian Members Who Want to Attend IWCON** ⌘ [Read more](https://infosecwriteups.com/quick-update-for-our-indian-members-who-want-to-attend-iwcon-e6b2a02e099d?source=rss----7b722bfd1b8d---4) 2022-11-28T09:01:00Z **Python Malware Analysis** ⌘ [Read more](https://infosecwriteups.com/python-malware-analysis-a36f75ec0cad?source=rss----7b722bfd1b8d---4) 2022-11-28T08:59:59Z **A great weekend hack(worth $8k)** ⌘ [Read more](https://infosecwriteups.com/a-great-weekend-hack-worth-8k-9bfda8ab65b9?source=rss----7b722bfd1b8d---4) 2022-11-28T08:59:48Z **TryHackMe WriteUp: Warzone 2** ⌘ [Read more](https://infosecwriteups.com/tryhackme-writeup-warzone-2-d74bc379e4b1?source=rss----7b722bfd1b8d---4) 2022-11-28T08:59:31Z **How I hacked into a government e-learning website** ⌘ [Read more](https://infosecwriteups.com/how-i-hacked-into-a-government-e-learning-website-ce8da8fb4ccc?source=rss----7b722bfd1b8d---4) 2022-11-28T08:58:03Z **Inyección SQL divertida 3— MSSQL ejemplo practico | In Spanish**
[![](https://cdn-images-1.medium.com/max/626/1*c0V6ZeKSGnQyYWd_OLm7dw.png)](https://infosecwriteups.com/inyecci%C3%B3n-sql-divertida-3-mssql-ejemplo-practico-43f883f5eeb7?source=rss----7b722bfd1b8d---4)

Hola querido lector, de verdad me da mucho gusto que me regales un poco de tu valioso tiempo para leer el siguiente escrito. En esta…

[Continue reading on InfoSec Write-ups »](htt ... ⌘ [Read more](https://infosecwriteups.com/inyecci%C3%B3n-sql-divertida-3-mssql-ejemplo-practico-43f883f5eeb7?source=rss----7b722bfd1b8d---4) 2022-11-28T10:01:59Z **Write-up: Basic server-side template injection (code context) @ PortSwigger Academy** ⌘ [Read more](https://infosecwriteups.com/write-up-basic-server-side-template-injection-code-context-portswigger-academy-910a3720c26d?source=rss----7b722bfd1b8d---4) 2022-11-28T11:02:01Z **TryHackMe writeup: BadByte**
[![](https://cdn-images-1.medium.com/max/966/0*U3rvar97WQdWSQaD.png)](https://infosecwriteups.com/tryhackme-writeup-badbyte-f224175ad302?source=rss----7b722bfd1b8d---4)

That lassie with the dragon tattoo took a bad byte — but nothing more than she can chew ;-)

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/tryhackme-writeup-badbyte-f224175ad302?source=rss----7b722bfd1b8d---4) ⌘ [Read more](https://infosecwriteups.com/tryhackme-writeup-badbyte-f224175ad302?source=rss----7b722bfd1b8d---4) 2022-11-28T12:01:58Z **Automate GitHub Actions Security Best Practices** ⌘ [Read more](https://infosecwriteups.com/automate-github-actions-security-best-practices-f5f178001291?source=rss----7b722bfd1b8d---4) 2022-11-28T13:29:19Z **‍IW Weekly #35: HTTP Desync Attack, Mass Account Takeover, SSRF via DNS Rebinding, Exploiting…** ⌘ [Read more](https://infosecwriteups.com/iw-weekly-35-http-desync-attack-mass-account-takeover-ssrf-via-dns-rebinding-exploiting-84b4c651af52?source=rss----7b722bfd1b8d---4) 2022-11-29T08:47:08Z **Unrestricted File Upload: A Common Bug With A High Potential Revenue On HackerOne! — StackZero** ⌘ [Read more](https://infosecwriteups.com/unrestricted-file-upload-a-common-bug-with-a-high-potential-revenue-on-hackerone-stackzero-dcf71e56e48b?source=rss----7b722bfd1b8d---4) 2022-11-29T08:46:53Z **Behind the SMS Bombing Application** ⌘ [Read more](https://infosecwriteups.com/behind-the-sms-bombing-application-33ac4e9924df?source=rss----7b722bfd1b8d---4) 2022-11-29T09:52:00Z **Unvalidated Redirects and Forwards**
[![](https://cdn-images-1.medium.com/max/640/0*IUwdvvr7TngPdmQQ.jpeg)](https://infosecwriteups.com/unvalidated-redirects-and-forwards-4cad5eb66b64?source=rss----7b722bfd1b8d---4)

Introduction

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/unvalidated-redirects-and-forwards-4cad5eb66b64?source=rss----7b722bfd1b8d---4) ⌘ [Read more](https://infosecwriteups.com/unvalidated-redirects-and-forwards-4cad5eb66b64?source=rss----7b722bfd1b8d---4) 2022-11-29T10:51:58Z **How to Plug Common Supply Chain Vulnerabilities** ⌘ [Read more](https://infosecwriteups.com/how-to-plug-common-supply-chain-vulnerabilities-3f7daadd4a7e?source=rss----7b722bfd1b8d---4) 2022-11-29T14:49:37Z **Best Information Technology Schools in 2023** ⌘ [Read more](https://infosecwriteups.com/best-information-technology-schools-in-2023-698d3c043bb3?source=rss----7b722bfd1b8d---4) 2022-11-29T15:46:21Z **Who Will You Learn From at IWCON2022?** ⌘ [Read more](https://infosecwriteups.com/who-will-you-learn-from-at-iwcon2022-451c238822cc?source=rss----7b722bfd1b8d---4) 2022-11-30T06:15:40Z **Unique Rate limit bypass worth 1800$** ⌘ [Read more](https://infosecwriteups.com/unique-rate-limit-bypass-worth-1800-6e2947c7d972?source=rss----7b722bfd1b8d---4) 2022-11-30T12:09:42Z **Attacktive Directory** ⌘ [Read more](https://infosecwriteups.com/attacktive-directory-d1ab5fef716a?source=rss----7b722bfd1b8d---4) 2022-11-30T12:09:16Z **Write-up: Source code disclosure via backup files @ PortSwigger Academy** ⌘ [Read more](https://infosecwriteups.com/write-up-source-code-disclosure-via-backup-files-portswigger-academy-3709812fa111?source=rss----7b722bfd1b8d---4) 2022-11-30T13:11:34Z **TryHackMe writeup: A cursory analysis of the Jigsaw ransomware**
[![](https://cdn-images-1.medium.com/max/1219/1*wUdCGsUSyvshMxVUzxtY3A.png)](https://infosecwriteups.com/tryhackme-writeup-a-cursory-analysis-of-the-jigsaw-ransomware-ee949b444f3f?source=rss----7b722bfd1b8d---4)

Ransomware is a threat that sent the computing world into a frenzy. In this article, I will discuss analysing a the Jigsaw stain of it.

[Continue reading on InfoS ... ⌘ [Read more](https://infosecwriteups.com/tryhackme-writeup-a-cursory-analysis-of-the-jigsaw-ransomware-ee949b444f3f?source=rss----7b722bfd1b8d---4) 2022-11-30T15:11:56Z **My Latest XSS Finding, Explained To Beginners | Bug Bounty** ⌘ [Read more](https://infosecwriteups.com/my-latest-xss-finding-explained-to-beginners-bug-bounty-8674fa3626e7?source=rss----7b722bfd1b8d---4) 2022-12-01T03:44:48Z **SSRF via DNS Rebinding (CVE-2022–4096)** ⌘ [Read more](https://infosecwriteups.com/ssrf-via-dns-rebinding-cve-2022-4096-b7bf75928bb2?source=rss----7b722bfd1b8d---4) 2022-12-01T03:44:34Z **RAVEN 2 Walkthrough (OSWE like machine )** ⌘ [Read more](https://infosecwriteups.com/raven-2-walkthrough-oswe-like-machine-98bdfc62b9bf?source=rss----7b722bfd1b8d---4) 2022-12-01T18:26:06Z **Hacking Into Social Media Account using Social Engineering!** ⌘ [Read more](https://infosecwriteups.com/hacking-social-media-account-1abb06c80e1a?source=rss----7b722bfd1b8d---4) 2022-12-01T18:25:54Z **DoS on a Wifi Router — Wifi Hacking #1** ⌘ [Read more](https://infosecwriteups.com/wifi-hacking-1-deauthenticating-users-6f8ed6a11d73?source=rss----7b722bfd1b8d---4) 2022-12-01T18:25:40Z **TryHackMe Advent of Cyber 2022 [Day 1] — No Answers :P**
[![](https://cdn-images-1.medium.com/max/950/1*JPEDYBhfGnu7arGfRcTeVQ.png)](https://infosecwriteups.com/tryhackme-advent-of-cyber-2022-day-1-no-answers-p-87cdbad59c7d?source=rss----7b722bfd1b8d---4)

I am so excited about this Cyber Advent from TryHackMe and today the 1st of December is Day 1. TryHackMe has a lot of prizes for this…

[Continue reading on InfoSec Write-ups »](https://infosecwri ... ⌘ [Read more](https://infosecwriteups.com/tryhackme-advent-of-cyber-2022-day-1-no-answers-p-87cdbad59c7d?source=rss----7b722bfd1b8d---4) 2022-12-01T18:25:11Z **pentesting.cloud part 2: “Is there an echo in here?” AWS CTF walkthrough** ⌘ [Read more](https://infosecwriteups.com/pentesting-cloud-part-2-is-there-an-echo-in-here-ctf-walkthrough-54ec188a585d?source=rss----7b722bfd1b8d---4) 2022-12-02T09:08:57Z **3 Free Videos to Turbocharge Your Infosec Journey** ⌘ [Read more](https://infosecwriteups.com/3-free-videos-to-turbocharge-your-infosec-journey-2acbe12aa9e?source=rss----7b722bfd1b8d---4) 2022-12-05T04:46:35Z **Learn From 16 Experts at IWCON2022 Cybersecurity Conference** ⌘ [Read more](https://infosecwriteups.com/learn-from-16-experts-at-iwcon2022-cybersecurity-conference-7b281e9cf4e3?source=rss----7b722bfd1b8d---4) 2022-12-05T11:39:58Z **Set up Cloud Instances**
[![](https://cdn-images-1.medium.com/max/2600/0*3enjfvsf1M9NtTfm)](https://infosecwriteups.com/set-up-cloud-instances-703340af4897?source=rss----7b722bfd1b8d---4)

AWS

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/set-up-cloud-instances-703340af4897?source=rss----7b722bfd1b8d---4) ⌘ [Read more](https://infosecwriteups.com/set-up-cloud-instances-703340af4897?source=rss----7b722bfd1b8d---4) 2022-12-05T11:39:48Z **My first experience in hosting a National Level Capture The Flag Competition** ⌘ [Read more](https://infosecwriteups.com/my-first-experience-in-hosting-a-national-level-capture-the-flag-competition-f274eb9db0f7?source=rss----7b722bfd1b8d---4) 2022-12-05T11:39:18Z **TryHackMe Advent of Cyber 2022 [Day 2] — No Answers :P**
[![](https://cdn-images-1.medium.com/max/600/1*pmDX3aN-SW-Xw6x1MjquEg.png)](https://infosecwriteups.com/tryhackme-advent-of-cyber-2022-day-2-no-answers-p-5bad39fb83ec?source=rss----7b722bfd1b8d---4)

Day 2 Learning Objectives

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/tryhackme-advent-of-cyber-2022-day-2-no-answers-p-5bad39fb83ec?source=rss----7b722bfd1b8d---4) ⌘ [Read more](https://infosecwriteups.com/tryhackme-advent-of-cyber-2022-day-2-no-answers-p-5bad39fb83ec?source=rss----7b722bfd1b8d---4) 2022-12-05T11:39:08Z **TryHackMe Advent of Cyber 2022 [Day 3] — No Answers :P**
[![](https://cdn-images-1.medium.com/max/1216/1*MMmdC1sSqy2RckVRs45Zmw.png)](https://infosecwriteups.com/tryhackme-advent-of-cyber-2022-day-3-no-answers-p-771895ffd492?source=rss----7b722bfd1b8d---4)

Day 3 Learning Objectives:

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/tryhackme-advent-of-cyber-2022-day-3-no-answers-p-771895ffd492?source=rss----7b722bfd1b8d---4) ⌘ [Read more](https://infosecwriteups.com/tryhackme-advent-of-cyber-2022-day-3-no-answers-p-771895ffd492?source=rss----7b722bfd1b8d---4) 2022-12-05T11:38:58Z **TryHackMe Advent of Cyber 2022 [Day 4] Scanning through the snow— No Answers :P**
[![](https://cdn-images-1.medium.com/max/744/1*Q7SnqxluYBT7RYBDXOCfhA.png)](https://infosecwriteups.com/tryhackme-advent-of-cyber-2022-day-4-scanning-through-the-snow-no-answers-p-791b6afd80c3?source=rss----7b722bfd1b8d---4)

Day 4 Learning Objectives

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/tryhackme-advent-of-cy ... ⌘ [Read more](https://infosecwriteups.com/tryhackme-advent-of-cyber-2022-day-4-scanning-through-the-snow-no-answers-p-791b6afd80c3?source=rss----7b722bfd1b8d---4) 2022-12-05T11:38:13Z **Phoenix Challenges — Stack Three** ⌘ [Read more](https://infosecwriteups.com/phoenix-challenges-stack-three-984e0434356b?source=rss----7b722bfd1b8d---4) 2022-12-05T11:38:02Z **Anti-Reversing Techniques (Part 2)** ⌘ [Read more](https://infosecwriteups.com/anti-reversing-techniques-part-2-bd5e0d3cd7aa?source=rss----7b722bfd1b8d---4) 2022-12-05T11:28:55Z **‍IW Weekly #36: 1,250€ Bounty, VoIP Spoofing, SSL Pinning, Intercepting Proxy, XSS Resources…** ⌘ [Read more](https://infosecwriteups.com/iw-weekly-36-1-250-bounty-voip-spoofing-ssl-pinning-intercepting-proxy-xss-resources-fc34f50220d3?source=rss----7b722bfd1b8d---4) 2022-12-06T11:46:56Z **Reflected XSS using Double Encoding** ⌘ [Read more](https://infosecwriteups.com/got-another-xss-using-double-encoding-e6493a9f7368?source=rss----7b722bfd1b8d---4) 2022-12-06T11:46:39Z **Intercepting HTTP traffic with OpenVPN on Android** ⌘ [Read more](https://infosecwriteups.com/intercepting-http-traffic-with-openvpn-on-android-5835fa40466d?source=rss----7b722bfd1b8d---4) 2022-12-06T11:45:52Z **HTB Time [writeup]**
[![](https://cdn-images-1.medium.com/max/766/1*0lAimW4DRYVnlyrjHJHwWA.png)](https://infosecwriteups.com/htb-time-writeup-1c5b51a82eb7?source=rss----7b722bfd1b8d---4)

Exploiting the RCE and SSRF Vulnerabilities

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/htb-time-writeup-1c5b51a82eb7?source=rss----7b722bfd1b8d---4) ⌘ [Read more](https://infosecwriteups.com/htb-time-writeup-1c5b51a82eb7?source=rss----7b722bfd1b8d---4) 2022-12-06T11:45:40Z **TryHackMe Advent of Cyber 2022 [Day 5] He knows when you’re awake — No Answers :P**
[![](https://cdn-images-1.medium.com/max/686/1*xNaz_ZlcRJoNsMXHAuUimw.png)](https://infosecwriteups.com/tryhackme-advent-of-cyber-2022-day-5-he-knows-when-youre-awake-no-answers-p-25db80f3a89e?source=rss----7b722bfd1b8d---4)

Day 5 Learning Objectives:

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/tryhackme-advent-of ... ⌘ [Read more](https://infosecwriteups.com/tryhackme-advent-of-cyber-2022-day-5-he-knows-when-youre-awake-no-answers-p-25db80f3a89e?source=rss----7b722bfd1b8d---4) 2022-12-06T11:45:29Z **How to Hack Applications’ Logic** ⌘ [Read more](https://infosecwriteups.com/how-to-hack-applications-logic-6b0219f0dd04?source=rss----7b722bfd1b8d---4) 2022-12-06T11:44:26Z **[WRITE-UP] ATO bug in a target who wasn’t running any bug bounty program (Bounty: 40K INR)** ⌘ [Read more](https://infosecwriteups.com/my-first-bug-bounty-write-up-about-my-first-valid-finding-a-very-simple-ato-bug-in-a-target-who-1b8259f531d6?source=rss----7b722bfd1b8d---4) 2022-12-06T11:43:40Z **HTB University CTF 2022 — Cloud — Enchanted** ⌘ [Read more](https://infosecwriteups.com/htb-university-ctf-2022-cloud-enchanted-2966780f13f5?source=rss----7b722bfd1b8d---4) 2022-12-06T11:43:26Z **Facebook page admin disclosure by "Message Seller" button (Bounty: 1500 USD)** ⌘ [Read more](https://infosecwriteups.com/facebook-page-admin-disclosure-by-message-seller-button-bounty-1500-usd-caaa2eac4121?source=rss----7b722bfd1b8d---4) 2022-12-06T11:43:12Z **Facebook page admin disclosure by "Create doc" button (Bounty: 5000 USD)** ⌘ [Read more](https://infosecwriteups.com/facebook-page-admin-disclosure-by-create-doc-button-bounty-5000-usd-2fd1ff615bf8?source=rss----7b722bfd1b8d---4) 2022-12-06T11:42:39Z **Irremovable Facebook group album photos and entire album under certain circumstances (Bounty: 1000…** ⌘ [Read more](https://infosecwriteups.com/irremovable-facebook-group-album-photos-and-entire-album-under-certain-circumstances-bounty-1000-b1b2a870b8e0?source=rss----7b722bfd1b8d---4) 2022-12-06T12:46:36Z **TryHackMe writeup: Bounty Hacker**
[![](https://cdn-images-1.medium.com/max/991/1*D6ThfLSMAjto813yFzolrg.png)](https://infosecwriteups.com/tryhackme-writeup-bounty-hacker-4f06536c94c4?source=rss----7b722bfd1b8d---4)

In this room, I join forces with Faye Valentine et al to get a bunch of internet terrorists with FTP and privilege escalation hacks!

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/tryhackme-writeup-bounty-hacker-4f06536c94c4?sourc ... ⌘ [Read more](https://infosecwriteups.com/tryhackme-writeup-bounty-hacker-4f06536c94c4?source=rss----7b722bfd1b8d---4) 2022-12-06T21:56:09Z **Pickle Rick -THM** ⌘ [Read more](https://infosecwriteups.com/picke-rick-thm-e8fb33d1f259?source=rss----7b722bfd1b8d---4) 2022-12-06T21:55:58Z **TryHackMe Advent of Cyber 2022 [Day 6] It’s beginning to look a lot like phishing — No Answers :P** ⌘ [Read more](https://infosecwriteups.com/tryhackme-advent-of-cyber-2022-day-6-its-beginning-to-look-a-lot-like-phishing-no-answers-p-66b57be74cb3?source=rss----7b722bfd1b8d---4) 2022-12-08T08:31:01Z **Hacking into Wi-Fi Camera TP-Link Tapo C200 (CVE-2021–4045)** ⌘ [Read more](https://infosecwriteups.com/hacking-into-wi-fi-camera-tp-link-tapo-c200-cve-2021-4045-4c4e43115864?source=rss----7b722bfd1b8d---4) 2022-12-09T04:42:00Z **Don’t Miss the Expert Talks at IWCON2022 Cybersecurity Conference** ⌘ [Read more](https://infosecwriteups.com/dont-miss-the-expert-talks-at-iwcon2022-cybersecurity-conference-ddf91d19ab17?source=rss----7b722bfd1b8d---4) 2022-12-09T11:59:02Z **HackTheBox — Networked Writeup** ⌘ [Read more](https://infosecwriteups.com/hackthebox-networked-writeup-3d0a1276ad3c?source=rss----7b722bfd1b8d---4) 2022-12-09T11:58:02Z **Email analysis : avoid phishing attacks** ⌘ [Read more](https://infosecwriteups.com/email-analysis-avoid-phishing-attacks-360a81e1ebf8?source=rss----7b722bfd1b8d---4) 2022-12-09T11:57:44Z **TryHackMe Advent of Cyber 2022 [Day 7] Maldocs roasting on an open fire— No Answers :P**
[![](https://cdn-images-1.medium.com/max/956/1*MN5g9P-B53V4qJT4KsgTJw.png)](https://infosecwriteups.com/tryhackme-advent-of-cyber-2022-day-7-maldocs-roasting-on-an-open-fire-no-answers-p-d9d90522bc94?source=rss----7b722bfd1b8d---4)

Day 7 Learning Objectives:

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/ ... ⌘ [Read more](https://infosecwriteups.com/tryhackme-advent-of-cyber-2022-day-7-maldocs-roasting-on-an-open-fire-no-answers-p-d9d90522bc94?source=rss----7b722bfd1b8d---4) 2022-12-09T11:56:51Z **The most underrated injection of all time — CYPHER INJECTION.** ⌘ [Read more](https://infosecwriteups.com/the-most-underrated-injection-of-all-time-cypher-injection-fa2018ba0de8?source=rss----7b722bfd1b8d---4) 2022-12-09T11:56:42Z **STRIPE Live Key Exposed:: Bounty: $1000** ⌘ [Read more](https://infosecwriteups.com/stripe-live-key-exposed-bounty-1000-dc670f2c5d9c?source=rss----7b722bfd1b8d---4) 2022-12-09T13:01:44Z **TryHackMe writeup: RootMe**
[![](https://cdn-images-1.medium.com/max/1117/1*d4q1ICseQBKebkrmGSXovw.png)](https://infosecwriteups.com/tryhackme-writeup-rootme-7140eeb6b99f?source=rss----7b722bfd1b8d---4)

A simple TryHackMe room that is good stuff for ctf practice. I root a boot2root system with a Katana sword (and Python ;-)

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/tryhackme-writeup-rootme-7140eeb6b99f?source=rss----7b722bfd1b8d---4) ⌘ [Read more](https://infosecwriteups.com/tryhackme-writeup-rootme-7140eeb6b99f?source=rss----7b722bfd1b8d---4) 2022-12-09T17:12:58Z **Supply Chain Attacks on the risk - Open Source Security** ⌘ [Read more](https://infosecwriteups.com/supply-chain-attacks-on-the-risk-open-source-security-ee7a8cf1ec58?source=rss----7b722bfd1b8d---4) 2022-12-10T17:17:13Z **Operationalizing MITRE ATT&CK to harden cyber defenses**
[![](https://cdn-images-1.medium.com/max/600/1*qMA2EYuHH4Uxdr6zX6V55Q.png)](https://infosecwriteups.com/operationalizing-mitre-att-ck-to-harden-cyber-defenses-ba9f6852228f?source=rss----7b722bfd1b8d---4)

Take Adversary’s perspective in Defender’s Team

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/operationalizing-mitre-att-ck-to-harden-cyber-defenses-ba9f6852228f ... ⌘ [Read more](https://infosecwriteups.com/operationalizing-mitre-att-ck-to-harden-cyber-defenses-ba9f6852228f?source=rss----7b722bfd1b8d---4) 2022-12-10T17:16:53Z **TryHackMe writeup: Basic Pentesting**
[![](https://cdn-images-1.medium.com/max/800/1*mF1JExrZtPXdOZu-nGh_kQ.png)](https://infosecwriteups.com/tryhackme-writeup-basic-pentesting-49fb45e97058?source=rss----7b722bfd1b8d---4)

In this room, I discuss the process that I used to complete TryHackMe’s “Basic Pentesting” room.

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/tryhackme-writeup-basic-pentesting-49fb45e97058?source=rss----7b722bfd1b8d--- ... ⌘ [Read more](https://infosecwriteups.com/tryhackme-writeup-basic-pentesting-49fb45e97058?source=rss----7b722bfd1b8d---4) 2022-12-10T17:16:34Z **Recon** ⌘ [Read more](https://infosecwriteups.com/recon-98cf42e60eff?source=rss----7b722bfd1b8d---4) 2022-12-10T17:14:38Z **Write-up: DOM XSS in document.write sink using source location.search @ PortSwigger Academy** ⌘ [Read more](https://infosecwriteups.com/write-up-dom-xss-in-document-write-sink-using-source-location-search-portswigger-academy-c8e270203773?source=rss----7b722bfd1b8d---4) 2022-12-10T17:14:28Z **Smart contracts** ⌘ [Read more](https://infosecwriteups.com/smart-contracts-931081d9649a?source=rss----7b722bfd1b8d---4) 2022-12-10T21:11:31Z **Year of the Rabbit — TryHackMe Writeup By Karthikeyan** ⌘ [Read more](https://infosecwriteups.com/year-of-the-rabbit-tryhackme-writeup-by-karthikeyan-a3223529e888?source=rss----7b722bfd1b8d---4) 2022-12-10T21:11:10Z **TryHackMe CMesS CTF** ⌘ [Read more](https://infosecwriteups.com/tryhackme-cmess-ctf-c1339774550e?source=rss----7b722bfd1b8d---4) 2022-12-12T04:51:39Z **Only 5 Days Left For IWCON 2022** ⌘ [Read more](https://infosecwriteups.com/only-5-days-left-for-iwcon-2022-55d7ee302ddb?source=rss----7b722bfd1b8d---4) 2022-12-12T09:09:03Z **Advent of Cyber 2022 [Day 11]-Memory Forensics-Not all gifts are nice Write up** ⌘ [Read more](https://infosecwriteups.com/advent-of-cyber-2022-day-11-memory-forensics-not-all-gifts-are-nice-write-up-1ec97f6d8249?source=rss----7b722bfd1b8d---4) 2022-12-12T09:08:49Z **Lian_Yu — TryHackMe Writeup by Karthikeyan** ⌘ [Read more](https://infosecwriteups.com/lian-yu-ae415d1f6fc7?source=rss----7b722bfd1b8d---4) 2022-12-12T09:08:40Z **Forensics —Writeup** ⌘ [Read more](https://infosecwriteups.com/forensics-6b4aaf85f87f?source=rss----7b722bfd1b8d---4) 2022-12-12T09:08:31Z **Advent of Cyber 2022 [Day 7]-Cyber Chef Maldocs roasting on an open fire Writeup by Karthikeyan…** ⌘ [Read more](https://infosecwriteups.com/advent-of-cyber-2022-day-7-cyber-chef-maldocs-roasting-on-an-open-fire-writeup-by-karthikeyan-edd2f2f8a4b5?source=rss----7b722bfd1b8d---4) 2022-12-12T09:08:21Z **Advent of Cyber 2022 [Day5] Email Analysis — It’s beginning to look a lot like phishing by…** ⌘ [Read more](https://infosecwriteups.com/advent-of-cyber-2022-day5-email-analysis-its-beginning-to-look-a-lot-like-phishing-by-978dab792ebf?source=rss----7b722bfd1b8d---4) 2022-12-12T09:08:08Z **Advent of Cyber Day 2~ Log Analysis Santa’s Naughty & Nice Log** ⌘ [Read more](https://infosecwriteups.com/advent-of-cyber-day-2-log-analysis-santas-naughty-nice-log-ff194383a9e3?source=rss----7b722bfd1b8d---4) 2022-12-12T09:07:57Z **Carnage — TryHackme Write-up (600 Points) | Cyberw1ng** ⌘ [Read more](https://infosecwriteups.com/carnage-tryhackme-write-up-600-points-cyberw1ng-6e4468c010a8?source=rss----7b722bfd1b8d---4) 2022-12-12T09:07:45Z **Memory Forensics — TryHackMe Write-up — Cyberw1ng** ⌘ [Read more](https://infosecwriteups.com/memory-forensics-tryhackme-write-up-cyberw1ng-945217d0cbc7?source=rss----7b722bfd1b8d---4) 2022-12-12T09:07:34Z **Wireshark: The Basics — TryHackMe** ⌘ [Read more](https://infosecwriteups.com/wireshark-the-basics-tryhackme-57e50c7d9c4f?source=rss----7b722bfd1b8d---4) 2022-12-12T09:07:23Z **Committed — TryHackMe** ⌘ [Read more](https://infosecwriteups.com/committed-tryhackme-b1def8f545e2?source=rss----7b722bfd1b8d---4) 2022-12-12T10:11:01Z **Write-up: SQL injection with filter bypass via XML encoding @ PortSwigger Academy** ⌘ [Read more](https://infosecwriteups.com/write-up-sql-injection-with-filter-bypass-via-xml-encoding-portswigger-academy-977aaeb2b04d?source=rss----7b722bfd1b8d---4) 2022-12-12T10:06:06Z **TryHackMe ultraTech CTF** ⌘ [Read more](https://infosecwriteups.com/tryhackme-ultratech-ctf-5f4a8e238ed9?source=rss----7b722bfd1b8d---4) 2022-12-12T11:06:27Z **Portswigger Lab: JWT authentication bypass via algorithm confusion with no exposed key, a slightly…**
[![](https://cdn-images-1.medium.com/max/1063/1*SzvEvjYyq7eNGCI4A_GZIQ.png)](https://infosecwriteups.com/portswigger-lab-jwt-authentication-bypass-via-algorithm-confusion-with-no-exposed-key-a-slightly-e28602b6ef70?source=rss----7b722bfd1b8d---4)

, or how I learned the importance of RTFM yet again

[Co ... ⌘ [Read more](https://infosecwriteups.com/portswigger-lab-jwt-authentication-bypass-via-algorithm-confusion-with-no-exposed-key-a-slightly-e28602b6ef70?source=rss----7b722bfd1b8d---4) 2022-12-12T13:24:05Z **‍IW Weekly #37: ChatGPT for Pentesting, Hacking Govt.** ⌘ [Read more](https://infosecwriteups.com/iw-weekly-37-chatgpt-for-pentesting-hacking-govt-a3d4952a407e?source=rss----7b722bfd1b8d---4) 2022-12-13T09:56:31Z **SQL Injection Payload List**
[![](https://cdn-images-1.medium.com/max/1422/1*qWAFJ0WnyExJw37sQcR3xQ.png)](https://infosecwriteups.com/sql-injection-payload-list-b97656cfd66b?source=rss----7b722bfd1b8d---4)

PayloadBox

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/sql-injection-payload-list-b97656cfd66b?source=rss----7b722bfd1b8d---4) ⌘ [Read more](https://infosecwriteups.com/sql-injection-payload-list-b97656cfd66b?source=rss----7b722bfd1b8d---4) 2022-12-13T09:56:10Z **XML External Entity (XXE) Injection Payload List** ⌘ [Read more](https://infosecwriteups.com/xml-external-entity-xxe-injection-payload-list-937d33e5e116?source=rss----7b722bfd1b8d---4) 2022-12-13T09:54:18Z **Write-up: DOM XSS in innerHTML sink using source location.search @ PortSwigger Academy** ⌘ [Read more](https://infosecwriteups.com/write-up-dom-xss-in-innerhtml-sink-using-source-location-search-portswigger-academy-94c6691f89b0?source=rss----7b722bfd1b8d---4) 2022-12-13T10:28:12Z **Advent of Cyber 2022 [Day 12]-Malware Analysis Forensic McBlue to the REVscue! Write up** ⌘ [Read more](https://infosecwriteups.com/advent-of-cyber-2022-day-12-malware-analysis-forensic-mcblue-to-the-revscue-write-up-44fc80e95c7?source=rss----7b722bfd1b8d---4) 2022-12-13T10:27:58Z **Windows LNK File Analysis in Forensic IT Reviews** ⌘ [Read more](https://infosecwriteups.com/windows-lnk-file-analysis-in-forensic-it-reviews-75b3dfd49f36?source=rss----7b722bfd1b8d---4) 2022-12-13T10:27:37Z **Directory Payload List via PayloadBox** ⌘ [Read more](https://infosecwriteups.com/directory-payload-list-via-payloadbox-433f689b8afd?source=rss----7b722bfd1b8d---4) 2022-12-13T21:26:47Z **Pivoting** ⌘ [Read more](https://infosecwriteups.com/pivoting-253d65c6c867?source=rss----7b722bfd1b8d---4) 2022-12-13T21:26:34Z **Advent of Cyber 2022 [Day 14]-Packet Analysis | Simply having a wonderful pcap time — Simple Write…** ⌘ [Read more](https://infosecwriteups.com/advent-of-cyber-2022-day-14-packet-analysis-simply-having-a-wonderful-pcap-time-simple-write-37169e62c23f?source=rss----7b722bfd1b8d---4) 2022-12-14T15:11:20Z **Why and How to Use HTTP Security Headers?** ⌘ [Read more](https://infosecwriteups.com/why-and-how-to-use-http-security-headers-d2034306fb33?source=rss----7b722bfd1b8d---4) 2022-12-14T18:04:21Z **Recon Skills and Tips — Learn All About Them at IWCON 2022** ⌘ [Read more](https://infosecwriteups.com/recon-skills-and-tips-learn-all-about-them-at-iwcon-2022-43e6564b7a96?source=rss----7b722bfd1b8d---4) 2022-12-15T11:37:41Z **How To Exploit File Inclusion Vulnerabilities: A Beginner’s Introduction. — StackZero** ⌘ [Read more](https://infosecwriteups.com/how-to-exploit-file-inclusion-vulnerabilities-a-beginners-introduction-stackzero-a55267b5fafb?source=rss----7b722bfd1b8d---4) 2022-12-15T12:42:05Z **Tryhackme: Simple CTF** ⌘ [Read more](https://infosecwriteups.com/tryhackme-simple-ctf-879a19561438?source=rss----7b722bfd1b8d---4) 2022-12-16T04:56:53Z **Only 24 Hours Left For IWCON2022** ⌘ [Read more](https://infosecwriteups.com/only-24-hours-left-for-iwcon2022-d5fbd0496233?source=rss----7b722bfd1b8d---4) 2022-12-16T09:21:43Z **Custom Browser Analysis** ⌘ [Read more](https://infosecwriteups.com/custom-browser-analysis-c0ef18fb75a8?source=rss----7b722bfd1b8d---4) 2022-12-16T09:21:24Z **Cyber Threat Intelligence (C.T.I)** ⌘ [Read more](https://infosecwriteups.com/cyber-threat-intelligence-c-t-i-92c09832fe18?source=rss----7b722bfd1b8d---4) 2022-12-16T09:21:14Z **Getting Started with Reverse Engineering** ⌘ [Read more](https://infosecwriteups.com/getting-started-with-reverse-engineering-609a42e86cc1?source=rss----7b722bfd1b8d---4) 2022-12-16T09:21:05Z **Using Threat Intelligence data to generate MISP alerts**
[![](https://cdn-images-1.medium.com/max/1920/0*Nn0oVDS3uNp12bJS.jpg)](https://infosecwriteups.com/using-threat-intelligence-data-to-generate-misp-alerts-b8a275df5131?source=rss----7b722bfd1b8d---4)

There are various Threat Intelligence sources that shares threat information with each other to help identify those threats in their…

[Continue reading on InfoSec Write-ups »](https://infose ... ⌘ [Read more](https://infosecwriteups.com/using-threat-intelligence-data-to-generate-misp-alerts-b8a275df5131?source=rss----7b722bfd1b8d---4) 2022-12-16T09:20:31Z **Malware analysis** ⌘ [Read more](https://infosecwriteups.com/malware-analysis-fe47d6a5f3f?source=rss----7b722bfd1b8d---4) 2022-12-16T09:20:20Z **Advent of Cyber 2022 [Day 15] Secure Coding | Santa is looking for a Sidekick | Simple Write up** ⌘ [Read more](https://infosecwriteups.com/advent-of-cyber-2022-day-15-secure-coding-santa-is-looking-for-a-sidekick-simple-write-up-60fe902423ef?source=rss----7b722bfd1b8d---4) 2022-12-16T09:20:09Z **Param Hunting to Injections** ⌘ [Read more](https://infosecwriteups.com/param-hunting-to-injections-4365da5447cf?source=rss----7b722bfd1b8d---4) 2022-12-16T17:34:06Z **IWCON2022 Networking Rooms Are Now Open + New Speaker Announcement** ⌘ [Read more](https://infosecwriteups.com/iwcon2022-networking-rooms-are-now-open-new-speaker-announcement-de2394b4fd0e?source=rss----7b722bfd1b8d---4) 2022-12-19T12:21:12Z **‍IW Weekly #38: Cache Poisoning, XSS Payloads, Akamai and Amazon S3 buckets, Hybrid Fuzzing in…** ⌘ [Read more](https://infosecwriteups.com/iw-weekly-38-cache-poisoning-xss-payloads-akamai-and-amazon-s3-buckets-hybrid-fuzzing-in-860ce4225eee?source=rss----7b722bfd1b8d---4) 2022-12-20T09:04:41Z **Use nim compiled language to evade Windows Defender reverse shell detection** ⌘ [Read more](https://infosecwriteups.com/use-nim-compiled-language-to-evade-windows-defender-reverse-shell-detection-a9268b4a3b0e?source=rss----7b722bfd1b8d---4) 2022-12-20T09:04:21Z **Advent of Cyber 2022 [Day 16] Secure Coding | SQLi’s the king, the carolers sing | Simple Write up** ⌘ [Read more](https://infosecwriteups.com/advent-of-cyber-2022-day-16-secure-coding-sqlis-the-king-the-carolers-sing-simple-write-up-1de37365eb94?source=rss----7b722bfd1b8d---4) 2022-12-20T09:04:08Z **Burp Suite Extension Development** ⌘ [Read more](https://infosecwriteups.com/burp-suite-extension-development-b177bddaa940?source=rss----7b722bfd1b8d---4) 2022-12-20T09:03:16Z **Advent of Cyber 2022 [Day 17] Secure Coding | Filtering for Order Amidst Chaos-Simple Write up** ⌘ [Read more](https://infosecwriteups.com/advent-of-cyber-2022-day-17-secure-coding-filtering-for-order-amidst-chaos-simple-write-up-64b7e2d94ae5?source=rss----7b722bfd1b8d---4) 2022-12-20T09:03:05Z **CVE-2022-42710: A journey through XXE to Stored-XSS** ⌘ [Read more](https://infosecwriteups.com/cve-2022-42710-a-journey-through-xxe-to-stored-xss-851d74dfe917?source=rss----7b722bfd1b8d---4) 2022-12-20T09:02:40Z **Directory Traversal Vulnerability in Huawei HG255s Products** ⌘ [Read more](https://infosecwriteups.com/directory-ttraversal-vulnerability-in-huawei-hg255s-products-dce941a1d015?source=rss----7b722bfd1b8d---4) 2022-12-20T09:00:14Z **How Fuzzing helps me to get my first bounty?** ⌘ [Read more](https://infosecwriteups.com/how-fuzzing-helps-me-to-get-my-first-bounty-2c63eb864e08?source=rss----7b722bfd1b8d---4) 2022-12-20T08:59:05Z **Advent of Cyber 2022 [Day 18] Sigma | Lumberjack Lenny Learns New Rules-Simple Write up** ⌘ [Read more](https://infosecwriteups.com/advent-of-cyber-2022-day-18-sigma-lumberjack-lenny-learns-new-rules-simple-write-up-205a403d6c08?source=rss----7b722bfd1b8d---4) 2022-12-20T08:58:48Z **TCM Security “Academy” — Walkthrough** ⌘ [Read more](https://infosecwriteups.com/tcm-security-academy-walkthrough-51b292cf337b?source=rss----7b722bfd1b8d---4) 2022-12-20T08:58:25Z **Destroying the Scammers Portal — SBI Scam** ⌘ [Read more](https://infosecwriteups.com/destroying-the-scammers-portal-sbi-scam-2169e21adeeb?source=rss----7b722bfd1b8d---4) 2022-12-20T10:06:03Z **Everything about Cookie and Its Security**
[![](https://cdn-images-1.medium.com/max/600/1*Pchf3dI0XblEn172vq9D_A.jpeg)](https://infosecwriteups.com/everything-about-cookie-and-its-security-f5742381d6e7?source=rss----7b722bfd1b8d---4)

What is a cookie and why is it used?

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/everything-about-cookie-and-its-security-f5742381d6e7?source=rss----7b722bfd1b8d---4) ⌘ [Read more](https://infosecwriteups.com/everything-about-cookie-and-its-security-f5742381d6e7?source=rss----7b722bfd1b8d---4) 2022-12-20T10:06:01Z **TryHackMe writeup: Daily Bugle**
[![](https://cdn-images-1.medium.com/max/952/1*n1SOuc-CZgDIlpVqAcLQ7A.png)](https://infosecwriteups.com/tryhackme-writeup-daily-bugle-87a52f234a82?source=rss----7b722bfd1b8d---4)

The Daily Bugle is a fake news paper in the world of Spiderman. In this article, it’s gonna get r00ted and pwn’d hard!

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/tryhackme-writeup-daily-bugle-87a52f234a82?source=rss----7b722bfd1b8d- ... ⌘ [Read more](https://infosecwriteups.com/tryhackme-writeup-daily-bugle-87a52f234a82?source=rss----7b722bfd1b8d---4) 2022-12-20T10:01:56Z **Write-up: Authentication bypass via encryption oracle @ PortSwigger Academy** ⌘ [Read more](https://infosecwriteups.com/write-up-authentication-bypass-via-encryption-oracle-portswigger-academy-4b4e363347b9?source=rss----7b722bfd1b8d---4) 2022-12-20T10:01:56Z **Using ChatGPT to Create DarkWeb Monitoring Tool** ⌘ [Read more](https://infosecwriteups.com/using-chatgpt-to-create-darkweb-monitoring-tool-7b7eeaab351f?source=rss----7b722bfd1b8d---4) 2022-12-20T10:01:46Z **How I found my first RCE? A simple one…** ⌘ [Read more](https://infosecwriteups.com/how-i-found-my-first-rce-a-simple-one-4d7dc1444c4?source=rss----7b722bfd1b8d---4) 2022-12-21T13:58:03Z **Advent of Cyber 2022 [Day 20] Firmware | Binwalkin’ around the Christmas tree-Simple Write up** ⌘ [Read more](https://infosecwriteups.com/advent-of-cyber-2022-day-20-firmware-binwalkin-around-the-christmas-tree-simple-write-up-345f9525d20c?source=rss----7b722bfd1b8d---4) 2022-12-21T13:57:41Z **TryHackMe — Warzone 2 Write-up with Answers** ⌘ [Read more](https://infosecwriteups.com/tryhackme-warzone-2-write-up-with-answers-51030b8639d4?source=rss----7b722bfd1b8d---4) 2022-12-21T13:57:06Z **How to spy on people on iOS** ⌘ [Read more](https://infosecwriteups.com/how-to-spy-on-people-on-ios-516651069844?source=rss----7b722bfd1b8d---4) 2022-12-22T07:34:59Z **Upgrading Kali Linux to the latest version** ⌘ [Read more](https://infosecwriteups.com/upgrade-update-kali-linux-c72dee1d1f4c?source=rss----7b722bfd1b8d---4) 2022-12-22T07:34:41Z **Advent of Cyber 2022 [Day 21] MQTT | Have yourself a merry little webcam-Simple Write up** ⌘ [Read more](https://infosecwriteups.com/advent-of-cyber-2022-day-21-mqtt-have-yourself-a-merry-little-webcam-simple-write-up-553be880db73?source=rss----7b722bfd1b8d---4) 2022-12-22T17:09:48Z **HTTP Header Injection**
[![](https://cdn-images-1.medium.com/max/2600/0*zBEp7WGG6xrjSl6l)](https://infosecwriteups.com/http-header-injection-4ba857fb9a16?source=rss----7b722bfd1b8d---4)

What is HTTP Header Injection?

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/http-header-injection-4ba857fb9a16?source=rss----7b722bfd1b8d---4) ⌘ [Read more](https://infosecwriteups.com/http-header-injection-4ba857fb9a16?source=rss----7b722bfd1b8d---4) 2022-12-23T15:36:52Z **Advent of Cyber 2022 [Day 22] Attack Surface | Reduction Threats are failing all around me-Simple…** ⌘ [Read more](https://infosecwriteups.com/advent-of-cyber-2022-day-22-attack-surface-reduction-threats-are-failing-all-around-me-simple-d23543635152?source=rss----7b722bfd1b8d---4) 2022-12-23T15:36:22Z **Everything about Docker Security**
[![](https://cdn-images-1.medium.com/max/640/0*QoBhTFOsuvioey3d.jpeg)](https://infosecwriteups.com/everything-about-docker-security-ceaef9612ebe?source=rss----7b722bfd1b8d---4)

Photo by Hacker Noon on Unsplash

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/everything-about-docker-security-ceaef9612ebe?source=rss----7b722bfd1b8d---4) ⌘ [Read more](https://infosecwriteups.com/everything-about-docker-security-ceaef9612ebe?source=rss----7b722bfd1b8d---4) 2022-12-23T15:36:07Z **❗️Capture The Ether ❗️— Token Sale [Difficulty = Low-Medium]** ⌘ [Read more](https://infosecwriteups.com/%EF%B8%8Fcapture-the-ether-%EF%B8%8F-token-sale-difficulty-low-medium-adc2928bbcc9?source=rss----7b722bfd1b8d---4) 2022-12-23T15:35:23Z **Advent of Cyber 2022 [Day 23] Defence in Depth | Mission ELFPossible: Abominable for a Day-Simple…** ⌘ [Read more](https://infosecwriteups.com/advent-of-cyber-2022-day-23-defence-in-depth-mission-elfpossible-abominable-for-a-day-simple-af55abcf3d23?source=rss----7b722bfd1b8d---4) 2022-12-23T16:36:22Z **How these IDOR vulnerability earned 5000$ | Hackerone Reddit Bug Bounty** ⌘ [Read more](https://infosecwriteups.com/how-these-idor-vulnerability-earned-5000-hackerone-reddit-bug-bounty-c685fcfbd8bc?source=rss----7b722bfd1b8d---4) 2022-12-24T17:15:17Z **Pythonic Malware Part-3: In-Memory Execution and Modern Evasion**
[![](https://cdn-images-1.medium.com/max/2334/0*r3MA6RYCIzXs4r4E)](https://infosecwriteups.com/pythonic-malware-part-3-in-memory-execution-and-modern-evasion-ec3cc1084628?source=rss----7b722bfd1b8d---4)

Forget compiling payloads and operating on disk — this post demonstrates the use of Python’s portable interpreter for in-memory malware…

[Continue reading on InfoSec Wri ... ⌘ [Read more](https://infosecwriteups.com/pythonic-malware-part-3-in-memory-execution-and-modern-evasion-ec3cc1084628?source=rss----7b722bfd1b8d---4) 2022-12-24T17:14:46Z **CRLF Injection — xxx$ — How was it possible for me to earn a bounty with the Cloudflare WAF?**
[![](https://cdn-images-1.medium.com/max/2600/1*ik45QVIqERYZJzW7qF6CWA.png)](https://infosecwriteups.com/crlf-injection-xxx-how-was-it-possible-for-me-to-earn-a-bounty-with-the-cloudflare-waf-f581506f97f5?source=rss----7b722bfd1b8d---4)

I recently discovered a CRLF injection vulnerability on a popular website. In this ... ⌘ [Read more](https://infosecwriteups.com/crlf-injection-xxx-how-was-it-possible-for-me-to-earn-a-bounty-with-the-cloudflare-waf-f581506f97f5?source=rss----7b722bfd1b8d---4) 2022-12-24T17:14:19Z **Know Your Adversary: Cuba Ransomware** ⌘ [Read more](https://infosecwriteups.com/know-your-adversary-cuba-ransomware-7b899be0410d?source=rss----7b722bfd1b8d---4) 2022-12-24T17:12:50Z **Bypass Apple’s redirection process with the dot (“.”) character** ⌘ [Read more](https://infosecwriteups.com/bypass-apples-redirection-process-with-the-dot-character-c47d40537202?source=rss----7b722bfd1b8d---4) 2022-12-26T12:16:59Z **Performing Security Gap Analysis using Breach & Attack Simulation (BAS) Tools**
[![](https://cdn-images-1.medium.com/max/1080/1*SV1x8J-7odUt7A3ivO6xsQ.png)](https://infosecwriteups.com/performing-security-gap-analysis-using-breach-attack-simulation-bas-tools-3717f482cec6?source=rss----7b722bfd1b8d---4)

Continuous Testing and Auditing - Purple Teaming Activity

[Continue reading on InfoSec Write-ups »](https://infosecwriteups ... ⌘ [Read more](https://infosecwriteups.com/performing-security-gap-analysis-using-breach-attack-simulation-bas-tools-3717f482cec6?source=rss----7b722bfd1b8d---4) 2022-12-26T12:16:20Z **Advent of Cyber 2022 [Day 1 — Day 24] All Challenges Walkthrough and Writeups with Answers by…** ⌘ [Read more](https://infosecwriteups.com/advent-of-cyber-2022-day-1-day-24-all-challenges-walkthrough-and-writeups-with-answers-by-c818cda6dc6e?source=rss----7b722bfd1b8d---4) 2022-12-26T12:12:38Z **Understanding the Scapy Module: Its Use in Cyber Security** ⌘ [Read more](https://infosecwriteups.com/understanding-the-scapy-module-its-use-in-cyber-security-434ff8b38dbf?source=rss----7b722bfd1b8d---4) 2022-12-26T12:12:27Z **Endpoint Security: The Protection Mechanism of Web Application and Networks**
[![](https://cdn-images-1.medium.com/max/640/1*dQpUq9djnDQXUl3zzL6nIg.jpeg)](https://infosecwriteups.com/endpoint-security-the-protection-mechanism-of-web-application-and-networks-5ac965935446?source=rss----7b722bfd1b8d---4)

Introduction

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/endpoint-security-the-protection-mechani ... ⌘ [Read more](https://infosecwriteups.com/endpoint-security-the-protection-mechanism-of-web-application-and-networks-5ac965935446?source=rss----7b722bfd1b8d---4) 2022-12-26T12:12:13Z **Securing your Linux server with these best practices**
[![](https://cdn-images-1.medium.com/max/2600/0*FZyLVbnGCCLl6mNf)](https://infosecwriteups.com/securing-your-linux-server-with-these-best-practices-50b30e026bd?source=rss----7b722bfd1b8d---4)

Introduction

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/securing-your-linux-server-with-these-best-practices-50b30e026bd?source=rss----7b722bfd1b8d---4) ⌘ [Read more](https://infosecwriteups.com/securing-your-linux-server-with-these-best-practices-50b30e026bd?source=rss----7b722bfd1b8d---4) 2022-12-26T12:46:36Z **‍IW Weekly #39: $10,000 Bounty, Zero-click Account Takeover, Stored XSS, Open Redirection…** ⌘ [Read more](https://infosecwriteups.com/iw-weekly-39-10-000-bounty-zero-click-account-takeover-stored-xss-open-redirection-2e6bf480bc26?source=rss----7b722bfd1b8d---4) 2022-12-26T13:17:00Z **Advent of Cyber 4 writeup: A case study in digital forensics and incident response**
[![](https://cdn-images-1.medium.com/max/1638/1*L5lJkpAD485TS62RNCTWSw.png)](https://infosecwriteups.com/advent-of-cyber-4-writeup-a-case-study-in-digital-forensics-and-incident-response-4988aae9f48b?source=rss----7b722bfd1b8d---4)

Digital forensics and incident response is a necessary process for any organisation that is serious abo ... ⌘ [Read more](https://infosecwriteups.com/advent-of-cyber-4-writeup-a-case-study-in-digital-forensics-and-incident-response-4988aae9f48b?source=rss----7b722bfd1b8d---4) 2022-12-26T13:22:21Z **You won’t believe how this AI tool can build a website in minutes!** ⌘ [Read more](https://infosecwriteups.com/you-wont-believe-how-this-ai-tool-can-build-a-website-in-minutes-ea0ad7870bf1?source=rss----7b722bfd1b8d---4) 2022-12-26T19:57:29Z **DOM XSS Using Web Messages (Practioner) — Portswigger Lab 1 | Solution and Approach** ⌘ [Read more](https://infosecwriteups.com/dom-xss-using-web-messages-practioner-portswigger-lab-1-solution-and-approach-a9153ec6ac64?source=rss----7b722bfd1b8d---4) 2022-12-27T03:28:18Z **Tautulli 2.1.9 version; Cross-Site Request Forgery (ShutDown) and Denial of Service (Metasploit)** ⌘ [Read more](https://infosecwriteups.com/tautulli-2-1-9-version-cross-site-request-forgery-shutdown-and-denial-of-service-metasploit-f23d6b1fc464?source=rss----7b722bfd1b8d---4) 2022-12-27T08:44:57Z **JNDI Injection Series: RMI Vector — 1** ⌘ [Read more](https://infosecwriteups.com/jndi-injection-series-rmi-vector-1-31044f782daa?source=rss----7b722bfd1b8d---4) 2022-12-27T08:44:42Z **Safe Opener — Reverse Engineering | PicoCTF 2022 Writeup** ⌘ [Read more](https://infosecwriteups.com/safe-opener-reverse-engineering-picoctf-2022-writeup-21b22937b6ae?source=rss----7b722bfd1b8d---4) 2022-12-27T08:44:28Z **Efficient methodology to get P2 level - subdomain takeover vulnerability** ⌘ [Read more](https://infosecwriteups.com/efficient-methodology-to-get-p2-level-subdomain-takeover-vulnerability-3a68b883b150?source=rss----7b722bfd1b8d---4) 2022-12-28T10:57:17Z **The Big Danger With Laravel ( .env file )** ⌘ [Read more](https://infosecwriteups.com/the-big-danger-with-laravel-env-file-403ca60aaf14?source=rss----7b722bfd1b8d---4) 2022-12-28T10:56:52Z **Wireshark twoo — Forensics| PicoCTF Write-up | 100 Points** ⌘ [Read more](https://infosecwriteups.com/wireshark-twoo-forensics-picoctf-write-up-100-points-bb3dbc9e14ec?source=rss----7b722bfd1b8d---4) 2022-12-28T10:56:34Z **Compromising a vulnerable GCP, INE-Labs GCPGoat walkthrough. Part-1** ⌘ [Read more](https://infosecwriteups.com/compromising-a-vulnerable-gcp-ine-labs-gcpgoat-walkthrough-part-1-90090ed0448b?source=rss----7b722bfd1b8d---4) 2022-12-28T12:01:32Z **How I Earned My First Bug Bounty Reward of $1000** ⌘ [Read more](https://infosecwriteups.com/how-i-earned-my-first-bug-bounty-reward-of-1000-9dc6643977e4?source=rss----7b722bfd1b8d---4) 2022-12-28T13:01:29Z **Unauthorized Sign-up on Subdomain of Subdomain leading to Organization takeover worth $2000** ⌘ [Read more](https://infosecwriteups.com/unauthorized-sign-up-on-subdomain-of-subdomain-leading-to-organization-takeover-worth-2000-a7199952d80b?source=rss----7b722bfd1b8d---4) 2022-12-29T12:27:34Z **How Capabilities actually Work ? | Exploitation | Privilege Escalation** ⌘ [Read more](https://infosecwriteups.com/how-capabilities-actually-work-exploitation-privilege-escalation-536afee917ad?source=rss----7b722bfd1b8d---4) 2022-12-29T12:27:11Z **Exploiting XSS with Javascript/JPEG Polyglot** ⌘ [Read more](https://infosecwriteups.com/exploiting-xss-with-javascript-jpeg-polyglot-4cff06f8201a?source=rss----7b722bfd1b8d---4) 2022-12-29T12:30:00Z **Compromising a vulnerable GCP, INE-Labs GCPGoat walkthrough. Part-2** ⌘ [Read more](https://infosecwriteups.com/compromising-a-vulnerable-gcp-ine-labs-gcpgoat-walkthrough-part-2-1674abd16a40?source=rss----7b722bfd1b8d---4) 2022-12-30T09:06:20Z **Infiltration in local network with Raspberry Pi (creating tunnel)** ⌘ [Read more](https://infosecwriteups.com/infiltration-in-local-network-with-raspberry-pi-creating-tunnel-c72b0880146d?source=rss----7b722bfd1b8d---4) 2022-12-30T09:05:44Z **Setting up your bug bounty scripts with Python and Bash** ⌘ [Read more](https://infosecwriteups.com/setting-up-your-bug-bounty-scripts-with-python-and-bash-327baa414c99?source=rss----7b722bfd1b8d---4) 2022-12-30T09:05:03Z **RPS — Binary Exploitation Challenge Writeup | PicoCTF 2022** ⌘ [Read more](https://infosecwriteups.com/rps-binary-exploitation-challenge-writeup-picoctf-2022-5e856321a644?source=rss----7b722bfd1b8d---4) 2022-12-30T10:03:19Z **OSINT Case Study: Validating a website if its fraud or legit** ⌘ [Read more](https://infosecwriteups.com/osint-case-study-validating-a-website-if-its-fraud-or-legit-9c316223e11?source=rss----7b722bfd1b8d---4) 2023-01-02T09:38:46Z **CVE-2022-38627: A journey through SQLite Injection to compromise the whole enterprise building** ⌘ [Read more](https://infosecwriteups.com/cve-2022-38627-a-journey-through-sqlite-injection-to-compromise-the-whole-enterprise-building-15cebd072ed6?source=rss----7b722bfd1b8d---4) 2023-01-02T13:09:53Z **‍IW Weekly #40: Open Redirection Vulnerability, Misconfigured Jira, Bugs in Red Bull, ChatGPT…** ⌘ [Read more](https://infosecwriteups.com/iw-weekly-40-open-redirection-vulnerability-misconfigured-jira-bugs-in-red-bull-chatgpt-ea5ac454d0cf?source=rss----7b722bfd1b8d---4) 2023-01-03T09:31:47Z **Creating Darkweb Crawler using Python and Tor**
[![](https://cdn-images-1.medium.com/max/2600/0*CGUQnNnFQ9OmOoFR)](https://infosecwriteups.com/creating-darkweb-crawler-using-python-and-tor-53169d146301?source=rss----7b722bfd1b8d---4)

In this blog, we will look at a Python script that can be used to crawl the darkweb, and we will discuss the advantages and benefits of…

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/creating-darkw ... ⌘ [Read more](https://infosecwriteups.com/creating-darkweb-crawler-using-python-and-tor-53169d146301?source=rss----7b722bfd1b8d---4) 2023-01-03T09:28:37Z **Golang Programming and Security Vulnerabilities** ⌘ [Read more](https://infosecwriteups.com/golang-programming-and-security-vulnerabilities-fa44811ef028?source=rss----7b722bfd1b8d---4) 2023-01-03T09:25:58Z **Exploring the World of ESI Injection** ⌘ [Read more](https://infosecwriteups.com/exploring-the-world-of-esi-injection-b86234e66f91?source=rss----7b722bfd1b8d---4) 2023-01-06T04:44:49Z **Analysing Command Detected in Request Body** ⌘ [Read more](https://infosecwriteups.com/analysing-command-detected-in-request-body-1524b2744449?source=rss----7b722bfd1b8d---4) 2023-01-08T10:15:01Z **JNDI Injection Series RMI Vector- Insecure Deserialization** ⌘ [Read more](https://infosecwriteups.com/jndi-injection-series-rmi-vector-insecure-deserialization-9b7a4b524d1d?source=rss----7b722bfd1b8d---4) 2023-01-09T18:06:37Z **Beginners Guide to Container Security** ⌘ [Read more](https://infosecwriteups.com/beginners-guide-to-container-security-f7e671522ae3?source=rss----7b722bfd1b8d---4) 2023-01-12T17:29:17Z **TryHackMe writeup: Dunkle Materie**
[![](https://cdn-images-1.medium.com/max/904/1*dZzqgr2SDfcrIPQQqFKQeg.png)](https://infosecwriteups.com/tryhackme-writeup-dunkle-materie-d87df3c02bea?source=rss----7b722bfd1b8d---4)

A case study in using ProcDOT to investigate a ransomware attack

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/tryhackme-writeup-dunkle-materie-d87df3c02bea?source=rss----7b722bfd1b8d---4) ⌘ [Read more](https://infosecwriteups.com/tryhackme-writeup-dunkle-materie-d87df3c02bea?source=rss----7b722bfd1b8d---4) 2023-01-12T17:26:55Z **Illumination — HackTheBox Forensics Writeup | 2023** ⌘ [Read more](https://infosecwriteups.com/illumination-hackthebox-forensics-writeup-2023-57c33008ba4?source=rss----7b722bfd1b8d---4) 2023-01-12T17:40:43Z **Introduction to Digital Forensics** ⌘ [Read more](https://infosecwriteups.com/introduction-to-digital-forensics-12449aa7e399?source=rss----7b722bfd1b8d---4) 2023-01-13T02:13:14Z **JNDI Injection Series: RMI Vector — The Final Piece of The Puzzle** ⌘ [Read more](https://infosecwriteups.com/jndi-injection-series-rmi-vector-the-final-piece-of-the-puzzle-b6a65c4ab330?source=rss----7b722bfd1b8d---4) 2023-01-13T02:12:41Z **6 Tips for a More Secure Supply Chain**
[![](https://cdn-images-1.medium.com/max/1280/1*b6jkZ2d7fsJx22riYJBETw.png)](https://infosecwriteups.com/6-tips-for-a-more-secure-supply-chain-5aeb43d18f0e?source=rss----7b722bfd1b8d---4)

Software supply chain security is a critical concern for organizations, find out how to make yours more secure using industry best…

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/6-tips-for-a-more-secure-supply-c ... ⌘ [Read more](https://infosecwriteups.com/6-tips-for-a-more-secure-supply-chain-5aeb43d18f0e?source=rss----7b722bfd1b8d---4) 2023-01-13T02:11:18Z **Soccer — Hack The Box | Writeup with Flag | 2023** ⌘ [Read more](https://infosecwriteups.com/soccer-hack-the-box-writeup-with-flag-2023-de695a0e54ec?source=rss----7b722bfd1b8d---4) 2023-01-13T10:08:59Z **Juicy Details — TryHackMe Writeup** ⌘ [Read more](https://infosecwriteups.com/juicy-details-tryhackme-writeup-df4a5b2790a9?source=rss----7b722bfd1b8d---4) 2023-01-13T10:06:50Z **Lost Modulus — HackTheBox Crypto Challenge(RSA) Simple Writeup | 2023** ⌘ [Read more](https://infosecwriteups.com/lost-modulus-hackthebox-crypto-challenge-rsa-simple-writeup-2023-67702fd4955e?source=rss----7b722bfd1b8d---4) 2023-01-13T10:02:08Z **Strange 2FA Misconfiguration** ⌘ [Read more](https://infosecwriteups.com/strange-2fa-misconfiguration-ff1d375c447e?source=rss----7b722bfd1b8d---4) 2023-01-13T10:01:08Z **Clear communication is crucial: why writing effective vulnerability reports matters** ⌘ [Read more](https://infosecwriteups.com/clear-communication-is-crucial-why-writing-effective-vulnerability-reports-matters-5f989ee2e401?source=rss----7b722bfd1b8d---4) 2023-01-14T04:32:41Z **OpenAI ChatGPT for Cyber Security** ⌘ [Read more](https://infosecwriteups.com/openai-chatgpt-for-cyber-security-4bc602069f9c?source=rss----7b722bfd1b8d---4) 2023-01-14T04:31:51Z **Kerberos Authentication (again… but better)** ⌘ [Read more](https://infosecwriteups.com/kerberos-authentication-again-but-better-badb5dc88b2d?source=rss----7b722bfd1b8d---4) 2023-01-14T04:31:24Z **HTML injection in an email template** ⌘ [Read more](https://infosecwriteups.com/html-injection-in-an-email-template-f1a3fe77012c?source=rss----7b722bfd1b8d---4) 2023-01-14T04:30:54Z **Discovering vulnerabilities quickly with targeted scanning — Portswigger** ⌘ [Read more](https://infosecwriteups.com/discovering-vulnerabilities-quickly-with-targeted-scanning-portswigger-b8c102f5c3ba?source=rss----7b722bfd1b8d---4) 2023-01-14T04:29:36Z **AWS EC2 Auto Scaling Privilege Escalation** ⌘ [Read more](https://infosecwriteups.com/aws-ec2-auto-scaling-privilege-escalation-d518f8e7f91b?source=rss----7b722bfd1b8d---4) 2023-01-14T04:29:08Z **Shoppy — HackTheBox Machine Simple Writeup | 2023** ⌘ [Read more](https://infosecwriteups.com/shoppy-hackthebox-machine-simple-writeup-2023-8e699d953d65?source=rss----7b722bfd1b8d---4) 2023-01-14T04:36:13Z **Photobomb — HackTheBox Machine Simple Writeup | 2023** ⌘ [Read more](https://infosecwriteups.com/photobomb-hackthebox-machine-simple-writeup-2023-35fad59f02a6?source=rss----7b722bfd1b8d---4) 2023-01-15T03:06:11Z **bWAPP: A Vulnerable Web Application for Practicing Vulnerabilities - Installation Guide** ⌘ [Read more](https://infosecwriteups.com/bwapp-a-vulnerable-web-application-for-practicing-vulnerabilities-installation-guide-146637e2da92?source=rss----7b722bfd1b8d---4) 2023-01-15T03:05:43Z **India’s Aadhar card source code disclosure via exposed .svn/wc.db** ⌘ [Read more](https://infosecwriteups.com/indias-aadhar-card-source-code-disclosure-via-exposed-svn-wc-db-c05519ea7761?source=rss----7b722bfd1b8d---4) 2023-01-15T03:05:24Z **How I was able to hack anonymous texting services?** ⌘ [Read more](https://infosecwriteups.com/how-i-was-able-to-hack-anonymous-texting-services-a6ceab46aa40?source=rss----7b722bfd1b8d---4) 2023-01-15T03:04:39Z **CSRF leads to account takeover in Yahoo!** ⌘ [Read more](https://infosecwriteups.com/csrf-leads-to-account-takeover-in-yahoo-aa96c678d2aa?source=rss----7b722bfd1b8d---4) 2023-01-15T03:04:24Z **How Browser’s Save As Feature might lead to Code Execution (CVE-2022–45415)** ⌘ [Read more](https://infosecwriteups.com/how-browsers-save-as-feature-might-lead-to-code-execution-cve-2022-45415-ebaa8711692?source=rss----7b722bfd1b8d---4) 2023-01-15T03:04:04Z **Exploiting API with AuthToken** ⌘ [Read more](https://infosecwriteups.com/exploiting-api-with-authtoken-3bea7b1fb6a9?source=rss----7b722bfd1b8d---4) 2023-01-15T03:03:46Z **Bypass mysql_real_escape_string and addslashes from Injection Attacks** ⌘ [Read more](https://infosecwriteups.com/bypass-mysql-real-escape-string-and-addslashes-from-injection-attacks-6e64508e011b?source=rss----7b722bfd1b8d---4) 2023-01-15T03:03:16Z **API based IDOR to leaking Private IP address of 6000 businesses** ⌘ [Read more](https://infosecwriteups.com/api-based-idor-to-leaking-private-ip-address-of-6000-businesses-6bc085ac6a6f?source=rss----7b722bfd1b8d---4) 2023-01-15T15:52:55Z **How to spoof e-mails. (DMARC, SPF, and Phishing)** ⌘ [Read more](https://infosecwriteups.com/how-to-spoof-e-mails-dmarc-spf-and-phishing-5184c10679a0?source=rss----7b722bfd1b8d---4) 2023-01-15T15:52:44Z **How to Create Incident Response Plan?** ⌘ [Read more](https://infosecwriteups.com/how-to-create-incident-response-plan-e336244bb491?source=rss----7b722bfd1b8d---4) 2023-01-15T15:52:06Z **Domain Name System 0x1 | DNS 101** ⌘ [Read more](https://infosecwriteups.com/domain-name-system-0x1-dns-101-cb0aba088abb?source=rss----7b722bfd1b8d---4) 2023-01-15T15:51:02Z **How I Found AWS API Keys using “Trufflehog” and Validated them using “enumerate-iam” tool** ⌘ [Read more](https://infosecwriteups.com/how-i-found-aws-api-keys-using-trufflehog-and-validated-them-using-enumerate-iam-tool-cd6ba7c86d09?source=rss----7b722bfd1b8d---4) 2023-01-15T15:50:11Z **Free Cloud (Browser-based) Labs of DVWA and bWAPP** ⌘ [Read more](https://infosecwriteups.com/free-cloud-browser-based-labs-of-dvwa-and-bwapp-bc1dd42a8de?source=rss----7b722bfd1b8d---4) 2023-01-15T15:50:00Z **QuillAudit CTF challenges — Writeups**
[![](https://cdn-images-1.medium.com/max/1584/0*m2kFaDmeO2yrSDdY)](https://infosecwriteups.com/quillaudit-ctf-challenges-writeups-fd5d38f010a4?source=rss----7b722bfd1b8d---4)

Solutions of all retired challenges can be found here.

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/quillaudit-ctf-challenges-writeups-fd5d38f010a4?source=rss----7b722bfd1b8d---4) ⌘ [Read more](https://infosecwriteups.com/quillaudit-ctf-challenges-writeups-fd5d38f010a4?source=rss----7b722bfd1b8d---4) 2023-01-15T15:49:46Z **OWASP TOP 10** ⌘ [Read more](https://infosecwriteups.com/owasp-top-10-93438cd76d14?source=rss----7b722bfd1b8d---4) 2023-01-15T15:49:29Z **Identifying Coin Scammers with Wallet-Tracker** ⌘ [Read more](https://infosecwriteups.com/identifying-coin-scammers-with-wallet-tracker-8925d28d303d?source=rss----7b722bfd1b8d---4) 2023-01-15T15:49:02Z **What You Need to Know About The CISSP Exam?**
[![](https://cdn-images-1.medium.com/max/600/1*9Qn0NRo1qTeAKoZZCo4nOg.jpeg)](https://infosecwriteups.com/what-you-need-to-know-about-the-cissp-exam-a1aefb1cf0e6?source=rss----7b722bfd1b8d---4)

To prepare for the Certified Information Systems Security Professional (CISSP) exam, you should first familiarize yourself with the exam…

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/what-you-ne ... ⌘ [Read more](https://infosecwriteups.com/what-you-need-to-know-about-the-cissp-exam-a1aefb1cf0e6?source=rss----7b722bfd1b8d---4) 2023-01-16T04:58:48Z **The toddler’s introduction to Heap exploitation (Part 2)** ⌘ [Read more](https://infosecwriteups.com/the-toddlers-introduction-to-heap-exploitation-part-2-d1f325b74286?source=rss----7b722bfd1b8d---4) 2023-01-16T04:58:24Z **The toddler’s introduction to Heap exploitation (Part 1)** ⌘ [Read more](https://infosecwriteups.com/the-toddlers-introduction-to-heap-exploitation-part-1-515b3621e0e8?source=rss----7b722bfd1b8d---4) 2023-01-16T04:57:47Z **The toddler’s introduction to Dynamic Memory Allocation** ⌘ [Read more](https://infosecwriteups.com/the-toddlers-introduction-to-dynamic-memory-allocation-300f312cd2db?source=rss----7b722bfd1b8d---4) 2023-01-16T05:00:31Z **The toddler’s introduction to Heap Exploitation, House of Spirit(Part 4.4)** ⌘ [Read more](https://infosecwriteups.com/the-toddlers-introduction-to-heap-exploitation-house-of-spirit-part-4-4-252cd8928f84?source=rss----7b722bfd1b8d---4) 2023-01-16T05:00:19Z **The toddler’s introduction to Heap Exploitation, Unsafe Unlink(Part 4.3)** ⌘ [Read more](https://infosecwriteups.com/the-toddlers-introduction-to-heap-exploitation-unsafe-unlink-part-4-3-75e00e1b0c68?source=rss----7b722bfd1b8d---4) 2023-01-16T05:00:16Z **The toddler’s introduction to Heap Exploitation, FastBin Dup Consolidate (Part 4.2)** ⌘ [Read more](https://infosecwriteups.com/the-toddlers-introduction-to-heap-exploitation-fastbin-dup-consolidate-part-4-2-ce6d68136aa8?source=rss----7b722bfd1b8d---4) 2023-01-16T05:00:11Z **The toddler’s introduction to Heap exploitation, Use After Free & Double free (Part 4)** ⌘ [Read more](https://infosecwriteups.com/use-after-free-13544be5a921?source=rss----7b722bfd1b8d---4) 2023-01-17T09:38:08Z **eLFI already solved it, better get going #BUGCROWD Challenge Walkthrough** ⌘ [Read more](https://infosecwriteups.com/elfi-already-solved-it-better-get-going-bugcrowd-challenge-walkthrough-b83f6921056b?source=rss----7b722bfd1b8d---4) 2023-01-17T09:37:03Z **DOMAIN ADMIN Compromise in 3 HOURS**
[![](https://cdn-images-1.medium.com/max/2394/1*I_AAihoNqZvIyFpyKILiMg.png)](https://infosecwriteups.com/domain-admin-compromise-in-3-hours-5778902604c9?source=rss----7b722bfd1b8d---4)

Hi everyone; I hope you enjoyed my previous blog post on “How I obtained Admin access in 30 minutes” — so today I am bringing you another…

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/domain-admin-compromise-in-3-hours- ... ⌘ [Read more](https://infosecwriteups.com/domain-admin-compromise-in-3-hours-5778902604c9?source=rss----7b722bfd1b8d---4) 2023-01-17T09:36:39Z **Another day, Another major flaw this time in the TransUnion that allows bypassing security** ⌘ [Read more](https://infosecwriteups.com/another-day-another-major-flaw-this-time-in-the-transunion-that-allows-bypassing-security-5c46ea82eae2?source=rss----7b722bfd1b8d---4) 2023-01-17T09:36:25Z **OTP Leaking Through Cookie Leads to Account Takeover** ⌘ [Read more](https://infosecwriteups.com/otp-leaking-through-cookie-leads-to-account-takeover-4fb96f255e2f?source=rss----7b722bfd1b8d---4) 2023-01-17T09:35:57Z **The toddler’s introduction to Heap Exploitation, House of Lore(Part 4.5)** ⌘ [Read more](https://infosecwriteups.com/the-toddlers-introduction-to-heap-exploitation-house-of-lore-part-4-5-1b5865297057?source=rss----7b722bfd1b8d---4) 2023-01-17T09:35:37Z **Phishing Email Analysis: A complete guide** ⌘ [Read more](https://infosecwriteups.com/phishing-email-analysis-a-complete-guide-6e53b057bf4a?source=rss----7b722bfd1b8d---4) 2023-01-17T09:34:47Z **How I found 130+ Sub-domain Takeover vulnerabilities using Nuclei** ⌘ [Read more](https://infosecwriteups.com/how-i-found-130-sub-domain-takeover-vulnerabilities-using-nuclei-39edf89d3c70?source=rss----7b722bfd1b8d---4) 2023-01-17T09:34:28Z **Microsoft bug reports lead to ranking on Microsoft MSRC Quarterly Leaderboard (Q3 2022)** ⌘ [Read more](https://infosecwriteups.com/microsoft-bug-reports-lead-to-ranking-on-microsoft-msrc-quarterly-leaderboard-q3-2022-c6c9f70e2ccd?source=rss----7b722bfd1b8d---4) 2023-01-17T09:33:42Z **Discock Stealer — Another Polymorphic Malware like WASP Stealer** ⌘ [Read more](https://infosecwriteups.com/discock-stealer-another-polymorphic-malware-like-wasp-stealer-3f032e809f?source=rss----7b722bfd1b8d---4) 2023-01-17T09:33:15Z **Tips for BAC and IDOR Vulnerabilities**
[![](https://cdn-images-1.medium.com/max/600/1*SARJqWcducz0fByqmQHq2g.png)](https://infosecwriteups.com/tips-for-bac-and-idor-vulnerabilities-8a3e58f79d95?source=rss----7b722bfd1b8d---4)

Step-by-step guide for uncovering Broken Access Control and Indirect Object Reference vulnerabilities for bug bounty hunters and…

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/tips-for-bac-and-idor-vulnerabilitie ... ⌘ [Read more](https://infosecwriteups.com/tips-for-bac-and-idor-vulnerabilities-8a3e58f79d95?source=rss----7b722bfd1b8d---4) 2023-01-18T17:41:11Z **How I passed the AWS security specialty certification in 2023**
[![](https://cdn-images-1.medium.com/max/2600/0*jqlqeuss528VlwwD)](https://infosecwriteups.com/how-i-passed-the-aws-security-specialty-certification-in-2023-5828b28cac62?source=rss----7b722bfd1b8d---4)

Another year and another cert !

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/how-i-passed-the-aws-security-specialty-certification-in-2023-5828b28ca ... ⌘ [Read more](https://infosecwriteups.com/how-i-passed-the-aws-security-specialty-certification-in-2023-5828b28cac62?source=rss----7b722bfd1b8d---4) 2023-01-18T17:40:21Z **JWT authentication bypass via unverified signature — Portswigger Simple Solution Writeup | 2023** ⌘ [Read more](https://infosecwriteups.com/jwt-authentication-bypass-via-unverified-signature-portswigger-simple-solution-writeup-2023-c306bdf7ce1b?source=rss----7b722bfd1b8d---4) 2023-01-18T17:39:55Z **Software Development Lifecycle (SDLC), DevSecOps, SAST, DAST And IAST Concepts** ⌘ [Read more](https://infosecwriteups.com/software-development-lifecycle-sdlc-devsecops-sast-dast-and-iast-concepts-373491398585?source=rss----7b722bfd1b8d---4) 2023-01-18T17:39:29Z **How to Find Compromised Credentials on Darkweb?**
[![](https://cdn-images-1.medium.com/max/2600/0*AikHmXf4O28uFg3-)](https://infosecwriteups.com/how-to-find-compromised-credentials-on-darkweb-6e2af2b3a0e8?source=rss----7b722bfd1b8d---4)

How many of you often see messages and alerts saying “Your credentials are compromised and found on darkweb”. In this article, let’s…

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/how-to-find-c ... ⌘ [Read more](https://infosecwriteups.com/how-to-find-compromised-credentials-on-darkweb-6e2af2b3a0e8?source=rss----7b722bfd1b8d---4) 2023-01-18T17:39:13Z **Explore Darkweb With These Surface Web Resources: A Large Collection of Darkweb Onion Links**
[![](https://cdn-images-1.medium.com/max/2600/0*wtWtXLaidxQHvkPa)](https://infosecwriteups.com/explore-darkweb-with-these-surface-web-resources-a-large-collection-of-darkweb-onion-links-92a426f9c0f9?source=rss----7b722bfd1b8d---4)

This article presents you with a list of surface web sites that contain a vast number ... ⌘ [Read more](https://infosecwriteups.com/explore-darkweb-with-these-surface-web-resources-a-large-collection-of-darkweb-onion-links-92a426f9c0f9?source=rss----7b722bfd1b8d---4) 2023-01-18T17:38:42Z **Full Team Takeover** ⌘ [Read more](https://infosecwriteups.com/full-team-takeover-678c79842065?source=rss----7b722bfd1b8d---4) 2023-01-18T17:38:08Z **Internet Down!? Here’s how to solve it…** ⌘ [Read more](https://infosecwriteups.com/internet-down-heres-how-to-solve-it-1ca1b485cec2?source=rss----7b722bfd1b8d---4) 2023-01-18T17:37:20Z **How I found 40+ Directory Listing Vulnerabilities of Source Code Disclosure via Exposed WordPress…** ⌘ [Read more](https://infosecwriteups.com/how-i-found-40-websites-source-code-disclosure-via-exposed-wordpress-folders-wp-admin-using-5273ff2ae53d?source=rss----7b722bfd1b8d---4) 2023-01-18T17:36:44Z **How I found Source Code Disclosure via Exposed .git Folder using Google Dorks** ⌘ [Read more](https://infosecwriteups.com/how-i-found-source-code-disclosure-via-exposed-git-folder-using-google-dorks-b6c02af6009a?source=rss----7b722bfd1b8d---4) 2023-01-19T09:51:54Z **Hack File Inclusion in DVWA: A Full Walkthrough — StackZero** ⌘ [Read more](https://infosecwriteups.com/hack-file-inclusion-in-dvwa-a-full-walkthrough-stackzero-ae0ed2670d23?source=rss----7b722bfd1b8d---4) 2023-01-19T09:51:38Z **Cross-site WebSocket hijacking** ⌘ [Read more](https://infosecwriteups.com/cross-site-websocket-hijacking-915f19edf515?source=rss----7b722bfd1b8d---4) 2023-01-19T09:51:09Z **MySQL LOAD_FILE() and INTO OUTFILE() Sql Injection** ⌘ [Read more](https://infosecwriteups.com/mysql-load-file-and-into-outfile-sql-injection-f98ac4774d32?source=rss----7b722bfd1b8d---4) 2023-01-22T18:21:15Z **Reflected XSS Leads to 3,000$ Bug Bounty Rewards from Microsoft Forms** ⌘ [Read more](https://infosecwriteups.com/reflected-xss-leads-to-3-000-bug-bounty-rewards-from-microsoft-forms-efe34fc6b261?source=rss----7b722bfd1b8d---4) 2023-01-22T18:20:22Z **HTTP Request Smuggling — Basic CL.TE vulnerability** ⌘ [Read more](https://infosecwriteups.com/http-request-smuggling-basic-cl-te-vulnerability-a2975c664c53?source=rss----7b722bfd1b8d---4) 2023-01-22T18:18:55Z **Blockchain Security Best Practices: How to Secure Your Transactions in a Decentralized World** ⌘ [Read more](https://infosecwriteups.com/blockchain-security-best-practices-how-to-secure-your-transactions-in-a-decentralized-world-51aa778f560e?source=rss----7b722bfd1b8d---4) 2023-01-23T19:05:45Z **From Failure to Success: My Experience with the HTB CBBH** ⌘ [Read more](https://infosecwriteups.com/from-failure-to-success-my-experience-with-the-htb-cbbh-49f2bfd41582?source=rss----7b722bfd1b8d---4) 2023-01-23T19:04:53Z **Breaking into Cybersecurity as a Developer**
[![](https://cdn-images-1.medium.com/max/2600/0*zQ3ybcNhlO-KcGOX)](https://infosecwriteups.com/breaking-into-cybersecurity-as-a-developer-e47b8ce56dc0?source=rss----7b722bfd1b8d---4)

I just finished my first year working as security engineer and wanted to give a recap of all the things I did to get into my current role…

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/breaking-into-cyberse ... ⌘ [Read more](https://infosecwriteups.com/breaking-into-cybersecurity-as-a-developer-e47b8ce56dc0?source=rss----7b722bfd1b8d---4) 2023-01-23T18:58:06Z **Decrypting HTTPS Traffic as A Hacker** ⌘ [Read more](https://infosecwriteups.com/decrypting-https-traffic-as-a-hacker-323cb7127441?source=rss----7b722bfd1b8d---4) 2023-01-24T06:39:17Z **Basic SSTI — Server-Side Template Injection | 2023** ⌘ [Read more](https://infosecwriteups.com/basic-ssti-server-side-template-injection-2023-da4995583554?source=rss----7b722bfd1b8d---4) 2023-01-24T06:38:37Z **Clipboard Hijacking **
[![](https://cdn-images-1.medium.com/max/2600/0*BLJH59G-r3GpxTNB)](https://infosecwriteups.com/clipboard-hijacking-50f16695ad4a?source=rss----7b722bfd1b8d---4)

What it is, how to do it, and how to prevent it

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/clipboard-hijacking-50f16695ad4a?source=rss----7b722bfd1b8d---4) ⌘ [Read more](https://infosecwriteups.com/clipboard-hijacking-50f16695ad4a?source=rss----7b722bfd1b8d---4) 2023-01-24T06:37:38Z **Malware Alert: Recognizing the Tell-Tale Signs of an Infection** ⌘ [Read more](https://infosecwriteups.com/malware-alert-recognizing-the-tell-tale-signs-of-an-infection-55d9cf23cf89?source=rss----7b722bfd1b8d---4) 2023-01-24T06:37:13Z **I tried to squiz the best from the most bizzar CVE I ever seen (CVE-2021–38759)** ⌘ [Read more](https://infosecwriteups.com/i-tried-to-squiz-the-best-from-the-most-bizzar-cve-i-ever-seen-cve-2021-38759-bf61efb04e2c?source=rss----7b722bfd1b8d---4) 2023-01-24T06:36:51Z **Signal Client v6.2 and earlier versions vulnerable to CVE-2023–24068 & CVE-2023–24069** ⌘ [Read more](https://infosecwriteups.com/signal-client-v6-2-and-earlier-versions-vulnerable-to-cve-2023-24068-cve-2023-24069-296991a9fa02?source=rss----7b722bfd1b8d---4) 2023-01-27T05:55:00Z **Easy XSSHunter Discord Alerts**
[![](https://cdn-images-1.medium.com/max/1920/1*aPB-JqhbH7-rwfrQSF_v5w.png)](https://infosecwriteups.com/easy-xsshunter-discord-alerts-33fcff24a8f7?source=rss----7b722bfd1b8d---4)

This will be a setup guide for XSSHunter and integrating it with Discord

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/easy-xsshunter-discord-alerts-33fcff24a8f7?source=rss----7b722bfd1b8d---4) ⌘ [Read more](https://infosecwriteups.com/easy-xsshunter-discord-alerts-33fcff24a8f7?source=rss----7b722bfd1b8d---4) 2023-01-27T05:54:40Z **MX Takeovers Automated | Subdomain Takeover**
[![](https://cdn-images-1.medium.com/max/2048/0*Ray9VuIww-_es-y3.png)](https://infosecwriteups.com/mx-takeovers-automated-subdomain-takeover-64e658fc4fb7?source=rss----7b722bfd1b8d---4)

Using MX-Takeover is a Go tool that automatically takes over email subdomains services when they become available

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/mx-takeovers-automated-subdomain-takeover-6 ... ⌘ [Read more](https://infosecwriteups.com/mx-takeovers-automated-subdomain-takeover-64e658fc4fb7?source=rss----7b722bfd1b8d---4) 2023-01-27T05:54:19Z **Biggest Cybersecurity Threats in 2023**
[![](https://cdn-images-1.medium.com/max/2600/1*kDRZmVrI-kZuR81L8BaplA.jpeg)](https://infosecwriteups.com/biggest-cybersecurity-threats-in-2023-353d77af8d11?source=rss----7b722bfd1b8d---4)

Stay informed and protect yourself and your organization against Ransomware, Phishing, Advanced persistent threats, IoT threats, Cloud…

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/biggest-cybersecurity-threat ... ⌘ [Read more](https://infosecwriteups.com/biggest-cybersecurity-threats-in-2023-353d77af8d11?source=rss----7b722bfd1b8d---4) 2023-01-27T05:53:52Z **Data Science meets Cyber Security** ⌘ [Read more](https://infosecwriteups.com/data-science-meets-cyber-security-41d5f567b163?source=rss----7b722bfd1b8d---4) 2023-01-27T05:52:51Z **You got Domain Admin, now what?** ⌘ [Read more](https://infosecwriteups.com/you-got-domain-admin-now-what-aab749c4200d?source=rss----7b722bfd1b8d---4) 2023-01-27T05:52:34Z **3 practical steps to learn AWS security in 2023**
[![](https://cdn-images-1.medium.com/max/2600/0*EB0RuwLCBrs6UoHc)](https://infosecwriteups.com/3-practical-steps-to-learn-aws-security-in-2023-3919624a7949?source=rss----7b722bfd1b8d---4)

Follow these steps to get from a beginner to a pro in AWS security

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/3-practical-steps-to-learn-aws-security-in-2023-3919624a7949?source=rss----7b7 ... ⌘ [Read more](https://infosecwriteups.com/3-practical-steps-to-learn-aws-security-in-2023-3919624a7949?source=rss----7b722bfd1b8d---4) 2023-01-27T05:52:09Z **Easy XSSHunter Express Setup Script**
[![](https://cdn-images-1.medium.com/max/2600/1*Wwgr1ooAlb_sV5_LCzRapQ.png)](https://infosecwriteups.com/easy-xsshunter-express-setup-script-d5a66039f7b6?source=rss----7b722bfd1b8d---4)

With xsshunter.com shutting down setting up your own xsshunter will be more important. This script will make it a lot easier

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/easy-xsshunter-express-setup-script-d5a66039f7 ... ⌘ [Read more](https://infosecwriteups.com/easy-xsshunter-express-setup-script-d5a66039f7b6?source=rss----7b722bfd1b8d---4) 2023-02-01T09:32:02Z **Online Income Generation: Balancing Opportunities and Risks in Cybersecurity**
[![](https://cdn-images-1.medium.com/max/2600/1*_QqT_d4Wsxt92LBhnUsbQA.jpeg)](https://infosecwriteups.com/online-income-generation-balancing-opportunities-and-risks-in-cybersecurity-14e1b50e6e93?source=rss----7b722bfd1b8d---4)

Maximizing Earnings While Protecting Your Online Safety: A Guide to Online Income Generation and Cybersecurity

[Continu ... ⌘ [Read more](https://infosecwriteups.com/online-income-generation-balancing-opportunities-and-risks-in-cybersecurity-14e1b50e6e93?source=rss----7b722bfd1b8d---4) 2023-02-01T09:30:11Z **“Zero-Day Exploits: The Dark Side of Technology to your business”** ⌘ [Read more](https://infosecwriteups.com/zero-day-exploits-the-dark-side-of-technology-to-your-business-c6211285148c?source=rss----7b722bfd1b8d---4) 2023-02-01T09:29:47Z **An IDOR vulnerability often hides many others** ⌘ [Read more](https://infosecwriteups.com/an-idor-vulnerability-often-hides-many-others-2893ddd0a0d7?source=rss----7b722bfd1b8d---4) 2023-02-01T09:28:26Z **My First Hall Of Fame with Web Cache Poisoning** ⌘ [Read more](https://infosecwriteups.com/my-first-hall-of-fame-with-web-cache-poisoning-c11749017cd8?source=rss----7b722bfd1b8d---4) 2023-02-01T09:25:55Z **5 Brain Hacks That Made me one among the Top 15 Security Researchers!** ⌘ [Read more](https://infosecwriteups.com/5-brain-hacks-that-made-me-one-among-the-top-15-security-researchers-779db47b3fc9?source=rss----7b722bfd1b8d---4) 2023-02-01T09:25:30Z **Unlocking the Secrets of LSA** ⌘ [Read more](https://infosecwriteups.com/unlocking-the-secrets-of-lsa-5bd29d5c6927?source=rss----7b722bfd1b8d---4) 2023-02-01T09:23:39Z **Network Fundamentals (OSI model, TCP/IP suite, IP addressing, subnetting)** ⌘ [Read more](https://infosecwriteups.com/network-fundamentals-osi-model-tcp-ip-suite-ip-addressing-subnetting-17615d5e97d6?source=rss----7b722bfd1b8d---4) 2023-02-01T09:47:20Z **Increasing your website’s security**
[![](https://cdn-images-1.medium.com/max/2600/0*aBwswgE_rrD6mx7C)](https://infosecwriteups.com/increasing-your-websites-security-a077eeed3226?source=rss----7b722bfd1b8d---4)

I will be going over things you can add to your company's code base to increase the security of your app.

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/increasing-your-websites-security-a077eeed3226?source=rss----7b722bfd1b8d---4) ⌘ [Read more](https://infosecwriteups.com/increasing-your-websites-security-a077eeed3226?source=rss----7b722bfd1b8d---4) 2023-02-01T09:37:45Z **Don’t Give Up On XSS! | Fun Firefox XSS** ⌘ [Read more](https://infosecwriteups.com/dont-give-up-on-xss-fun-firefox-xss-3fce0ee297a?source=rss----7b722bfd1b8d---4) 2023-02-01T09:59:43Z **Phishing Scams Exposed: The Tricks Hackers Use and How to Defend Yourself**
[![](https://cdn-images-1.medium.com/max/2440/1*CT-bqUrY2lpxsuxhfo7vZA.jpeg)](https://infosecwriteups.com/phishing-scams-exposed-the-tricks-hackers-use-and-how-to-defend-yourself-de51315a746e?source=rss----7b722bfd1b8d---4)

A Comprehensive Guide to Understanding and Defending Against Phishing Scams

[Continue reading on InfoSec Write-ups »](https://in ... ⌘ [Read more](https://infosecwriteups.com/phishing-scams-exposed-the-tricks-hackers-use-and-how-to-defend-yourself-de51315a746e?source=rss----7b722bfd1b8d---4) 2023-02-01T09:56:00Z **The Impact of Artificial Intelligence on Exploit Development** ⌘ [Read more](https://infosecwriteups.com/the-impact-of-artificial-intelligence-on-exploit-development-7522bd2dca2b?source=rss----7b722bfd1b8d---4) 2023-02-01T11:02:37Z **The Importance of Backing Up Your Data for ICS Security** ⌘ [Read more](https://infosecwriteups.com/the-importance-of-backing-up-your-data-for-ics-security-3f1f961d253d?source=rss----7b722bfd1b8d---4) 2023-02-02T14:25:06Z **My first Hall Of Fame with a chained Broken Access Control** ⌘ [Read more](https://infosecwriteups.com/my-first-hall-of-fame-with-a-chained-broken-access-control-76f9e2e0e467?source=rss----7b722bfd1b8d---4) 2023-02-02T18:27:11Z **Chocolate Factory TryHackMe Writeup | By Xploit Ayush** ⌘ [Read more](https://infosecwriteups.com/chocolate-factory-tryhackme-writeup-93f82aea19b9?source=rss----7b722bfd1b8d---4) 2023-02-02T18:26:35Z **Cyborg TryHackMe Writeup | By Xploit Ayush** ⌘ [Read more](https://infosecwriteups.com/cyborg-on-tryhackme-b95178e02eb7?source=rss----7b722bfd1b8d---4) 2023-02-02T18:26:00Z **Threat Detection** ⌘ [Read more](https://infosecwriteups.com/threat-detection-b54091f73b?source=rss----7b722bfd1b8d---4) 2023-02-02T18:25:33Z **High Level Analysis of Custom Browsers** ⌘ [Read more](https://infosecwriteups.com/high-level-analysis-of-custom-browsers-5e2eb4142a2?source=rss----7b722bfd1b8d---4) 2023-02-02T18:23:00Z **PhotoBomb Hack the box Walkthrough — [HTB]** ⌘ [Read more](https://infosecwriteups.com/photobomb-hack-the-box-walkthrough-htb-fe7af2f958a6?source=rss----7b722bfd1b8d---4) 2023-02-02T18:22:13Z **Enforce Zero Trust With East‑West Traffic Encryption in Kubernetes with Istio — Part 2** ⌘ [Read more](https://infosecwriteups.com/enforce-zero-trust-with-east-west-traffic-encryption-in-kubernetes-with-istio-part-2-5a3454560353?source=rss----7b722bfd1b8d---4) 2023-02-02T18:21:25Z **Enforce Zero Trust With East‑West Traffic Encryption in Kubernetes with Istio — Part 1** ⌘ [Read more](https://infosecwriteups.com/enforce-zero-trust-with-east-west-traffic-encryption-in-kubernetes-with-istio-e5e1718eee2?source=rss----7b722bfd1b8d---4) 2023-02-06T06:57:15Z **XorXorXor — Hack The Box Crypto Challenge — Writeup| 2023** ⌘ [Read more](https://infosecwriteups.com/xorxorxor-hack-the-box-crypto-challenge-writeup-2023-237bef94d92a?source=rss----7b722bfd1b8d---4) 2023-02-06T06:56:42Z **Risks of Social Media Use** ⌘ [Read more](https://infosecwriteups.com/risks-of-social-media-use-15aae2867116?source=rss----7b722bfd1b8d---4) 2023-02-06T06:54:20Z **Agent Sudo TryHackMe Writeup | By Xploit Ayush** ⌘ [Read more](https://infosecwriteups.com/agent-sudo-on-tryhackme-bff2ac506eb6?source=rss----7b722bfd1b8d---4) 2023-02-06T06:53:48Z **OhSINT TryHackMe Writeup | By Xploit Ayush** ⌘ [Read more](https://infosecwriteups.com/ohsint-on-tryhackme-db8465894688?source=rss----7b722bfd1b8d---4) 2023-02-06T06:53:13Z **Easy Peasy TryHackMe Writeup | By Xploit Ayush** ⌘ [Read more](https://infosecwriteups.com/easy-peasy-on-tryhackme-1d9c0f84983b?source=rss----7b722bfd1b8d---4) 2023-02-06T06:52:32Z **What is Computer Network? | By Xploit Ayush** ⌘ [Read more](https://infosecwriteups.com/what-is-computer-network-db3ce56b933f?source=rss----7b722bfd1b8d---4) 2023-02-06T06:51:52Z **Ambassador Hack the box Walkthrough — [HTB]** ⌘ [Read more](https://infosecwriteups.com/ambassador-hack-the-box-walkthrough-htb-2c9d81eeb293?source=rss----7b722bfd1b8d---4) 2023-02-06T06:51:17Z **Write-up: Information disclosure in version control history @ PortSwigger Academy** ⌘ [Read more](https://infosecwriteups.com/write-up-information-disclosure-in-version-control-history-portswigger-academy-7686d48dd878?source=rss----7b722bfd1b8d---4) 2023-02-06T07:09:50Z **Phoenix Challenges — Stack Four** ⌘ [Read more](https://infosecwriteups.com/phoenix-challenges-stack-four-6366b29a1223?source=rss----7b722bfd1b8d---4) 2023-02-06T06:59:16Z **GraphQL Security Flaws and Exploitation** ⌘ [Read more](https://infosecwriteups.com/graphql-security-flaws-and-exploitation-d3fac0831e7d?source=rss----7b722bfd1b8d---4) 2023-02-06T07:27:19Z **Get Into Cybersecurity in 2023: A Step-by-Step Guide**
[![](https://cdn-images-1.medium.com/max/600/1*n2pWi2gbGZhvaZ_XpIrQ5Q.png)](https://infosecwriteups.com/get-into-cybersecurity-in-2023-a-step-by-step-guide-c1693dc78666?source=rss----7b722bfd1b8d---4)

Unlocking the Secrets to a Successful Cybersecurity Career: A Step-by-Step Guide for Beginners

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/get-into-cybersecurity-in-20 ... ⌘ [Read more](https://infosecwriteups.com/get-into-cybersecurity-in-2023-a-step-by-step-guide-c1693dc78666?source=rss----7b722bfd1b8d---4) 2023-02-06T07:26:24Z **CSRF Where Token is duplicated in Cookie | 2023** ⌘ [Read more](https://infosecwriteups.com/csrf-where-token-is-duplicated-in-cookie-2023-387556f4adb2?source=rss----7b722bfd1b8d---4) 2023-02-06T07:26:08Z **What are the differences between ISO27001:2013 and ISO27001:2022?**
[![](https://cdn-images-1.medium.com/max/2600/1*AyGFQIVKpCaeqb5HERRYGw.jpeg)](https://infosecwriteups.com/what-are-the-differences-between-iso27001-2013-and-iso27001-2022-b3e3996bf8d8?source=rss----7b722bfd1b8d---4)

ISO/IEC 27001:2013 and ISO/IEC 27001:2022 are both international standards for information security management systems (ISMS). Both…

[Continue reading o ... ⌘ [Read more](https://infosecwriteups.com/what-are-the-differences-between-iso27001-2013-and-iso27001-2022-b3e3996bf8d8?source=rss----7b722bfd1b8d---4) 2023-02-06T07:25:38Z **From Freelance to Entrepreneur: Monetizing Your Skills in the Era of Cyber Threats**
[![](https://cdn-images-1.medium.com/max/2600/1*qjuZnAsQiGFIuE_-X-wGPQ.jpeg)](https://infosecwriteups.com/from-freelance-to-entrepreneur-monetizing-your-skills-in-the-era-of-cyber-threats-3fbd13cf3734?source=rss----7b722bfd1b8d---4)

Navigating the Digital Landscape: Strategies for Monetizing Your Skills in the Face of Cyber Threats

 ... ⌘ [Read more](https://infosecwriteups.com/from-freelance-to-entrepreneur-monetizing-your-skills-in-the-era-of-cyber-threats-3fbd13cf3734?source=rss----7b722bfd1b8d---4) 2023-02-06T07:15:11Z **Source Code Analysis Tool — SAST** ⌘ [Read more](https://infosecwriteups.com/source-code-analysis-tool-sast-74509564e316?source=rss----7b722bfd1b8d---4) 2023-02-06T07:36:15Z **Scheduling Recon Scripts with Docker**
[![](https://cdn-images-1.medium.com/max/2600/0*Q3d0MwVvj0MCwmw3)](https://infosecwriteups.com/scheduling-recon-scripts-with-docker-794c46794c28?source=rss----7b722bfd1b8d---4)

Cronjobs are useful for scheduling tasks to run automatically at a specified time or interval. In this tutorial, we’ll go over how to set…

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/scheduling-recon-scripts-with-docker-79 ... ⌘ [Read more](https://infosecwriteups.com/scheduling-recon-scripts-with-docker-794c46794c28?source=rss----7b722bfd1b8d---4) 2023-02-06T07:35:49Z **Exploiting CSRF chaining with IDOR** ⌘ [Read more](https://infosecwriteups.com/exploiting-csrf-chaining-with-idor-7617371ce6e3?source=rss----7b722bfd1b8d---4) 2023-02-06T07:35:35Z **Understanding and Preventing CSRF AttackAbout CSRF** ⌘ [Read more](https://infosecwriteups.com/understanding-and-preventing-csrf-attackabout-csrf-a107a5b5ddb5?source=rss----7b722bfd1b8d---4) 2023-02-06T07:32:04Z **Bypass SSL Pinning in Android Phones — Part 2** ⌘ [Read more](https://infosecwriteups.com/bypass-ssl-pinning-in-android-phones-part-2-cda0f6d3913f?source=rss----7b722bfd1b8d---4) 2023-02-06T07:31:47Z **Bypass SSL Pinning in Android Phones — Part 1** ⌘ [Read more](https://infosecwriteups.com/bypass-ssl-pinning-in-android-phones-part-1-296f9915b273?source=rss----7b722bfd1b8d---4) 2023-02-06T07:31:22Z **Exploring FTP Vulnerabilities through Hands-On Testing in a Virtual Lab Environment** ⌘ [Read more](https://infosecwriteups.com/exploring-ftp-vulnerabilities-through-hands-on-testing-in-a-virtual-lab-environment-48a44be3a73?source=rss----7b722bfd1b8d---4) 2023-02-06T07:30:40Z **SERIALIZATION VULNERABILITIES [JAVA][Explained & Exploited]** ⌘ [Read more](https://infosecwriteups.com/serialization-vulnerabilities-java-explained-exploited-4e2ccf45eba0?source=rss----7b722bfd1b8d---4) 2023-02-06T07:29:59Z **Password Reset Poisoning with Host Header Injection** ⌘ [Read more](https://infosecwriteups.com/password-reset-poisoning-with-host-header-injection-345b902a9ca5?source=rss----7b722bfd1b8d---4) 2023-02-06T10:06:52Z **‍IW Weekly #41: VueJS XSS, Critical Car-Vulnerabilities, $1000 IAP Proxy Misconfiguration in…** ⌘ [Read more](https://infosecwriteups.com/iw-weekly-41-vuejs-xss-critical-car-vulnerabilities-1000-iap-proxy-misconfiguration-in-1a5eb5b4ca9e?source=rss----7b722bfd1b8d---4) 2023-02-06T11:05:20Z **‍IW Weekly #42: $1M bounty explained, GCP takeover, iOS pentesting, Smart Contract…** ⌘ [Read more](https://infosecwriteups.com/iw-weekly-42-1m-bounty-explained-gcp-takeover-ios-pentesting-smart-contract-bdacf89016d0?source=rss----7b722bfd1b8d---4) 2023-02-06T15:38:36Z **‍IW Weekly #45: RCE in Avaya Aura Device Services, Bypass Sign-Up Pages, JWT Hacking, Broken…** ⌘ [Read more](https://infosecwriteups.com/iw-weekly-45-rce-in-avaya-aura-device-services-bypass-sign-up-pages-jwt-hacking-broken-80eb19b6cf34?source=rss----7b722bfd1b8d---4) 2023-02-07T03:18:05Z **Attacking and securing Docker containers** ⌘ [Read more](https://infosecwriteups.com/attacking-and-securing-docker-containers-cc8c80f05b5b?source=rss----7b722bfd1b8d---4) 2023-02-07T03:16:56Z **ROP chains on ARM64** ⌘ [Read more](https://infosecwriteups.com/rop-chains-on-arm64-6ff10368798f?source=rss----7b722bfd1b8d---4) 2023-02-07T03:16:23Z **Ransomware Negotiations: Do’s and Don’ts**
[![](https://cdn-images-1.medium.com/max/2600/0*88EUrbnopOsFhN9e)](https://infosecwriteups.com/ransomware-negotiations-dos-and-don-ts-5f89883be705?source=rss----7b722bfd1b8d---4)

Negotiating with the threat actors during a ransomware attack is always stressful and challenging. In this article let us see what to do…

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/ransomware-negotiations-dos-and- ... ⌘ [Read more](https://infosecwriteups.com/ransomware-negotiations-dos-and-don-ts-5f89883be705?source=rss----7b722bfd1b8d---4) 2023-02-07T03:15:58Z **BRO SCIENCE [HTB | MEDIUM]** ⌘ [Read more](https://infosecwriteups.com/bro-science-htb-medium-ac5ee09cbdda?source=rss----7b722bfd1b8d---4) 2023-02-07T03:14:57Z **Stocker — HackTheBox Machine Simple Writeup | 2023** ⌘ [Read more](https://infosecwriteups.com/stocker-hackthebox-machine-simple-writeup-2023-316497ed30f7?source=rss----7b722bfd1b8d---4) 2023-02-07T03:14:31Z **SANS 2022 Holiday Hack Challenge & KringleCon**
[![](https://cdn-images-1.medium.com/max/600/1*_Q4h4Kcjq7BvvxNLt6qtCw.png)](https://infosecwriteups.com/sans-2022-holiday-hack-challenge-kringlecon-f0c71e7c2169?source=rss----7b722bfd1b8d---4)

PCAP file & Windows event logs investigation

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/sans-2022-holiday-hack-challenge-kringlecon-f0c71e7c2169?source=rss----7b722bfd1b8d---4) ⌘ [Read more](https://infosecwriteups.com/sans-2022-holiday-hack-challenge-kringlecon-f0c71e7c2169?source=rss----7b722bfd1b8d---4) 2023-02-07T03:14:05Z **BabyEncryption — Hack The Box | Simple Write-up | 2023** ⌘ [Read more](https://infosecwriteups.com/babyencryption-hack-the-box-simple-write-up-2023-c2da8a041df7?source=rss----7b722bfd1b8d---4) 2023-02-07T03:11:44Z **CORS Vulnerability with Basic Origin Reflection | 2023** ⌘ [Read more](https://infosecwriteups.com/cors-vulnerability-with-basic-origin-reflection-2023-43ee788f54f1?source=rss----7b722bfd1b8d---4) 2023-02-07T03:11:24Z **CRLF-Carriage Return and Line Feed in Short | 2023** ⌘ [Read more](https://infosecwriteups.com/crlf-carriage-return-and-line-feed-in-short-2023-1647758900f0?source=rss----7b722bfd1b8d---4) 2023-02-07T03:11:04Z **Confidential — TryHackMe Writeup | Karthikeyan Nagaraj** ⌘ [Read more](https://infosecwriteups.com/confidential-tryhackme-writeup-karthikeyan-nagaraj-32dcf4a133d7?source=rss----7b722bfd1b8d---4)