infosecwriteups.com
Resources curated from this publisher and indexed across appsec.fyi topic pages. Last item added: 2026-07-08.
Bug Bounty 39
SSRF 21
AuthZ 20
AuthN 18
Recon 15
AI 10
OSINT 10
RCE 10
XSS 10
API Sec 9
Burp 7
GraphQL 6
IDOR 6
Mobile 4
SQLi 4
Supply Chain 3
Secrets 2
SSTI 2
Talks 2
XXE 2
CSRF 1
Deser 1
JWT 1
| Date Added | Resource | Excerpt |
|---|---|---|
| 2026-07-08 2026 | BadSuccessor — Exploiting delegated Managed Service Accounts in Windows Server 2025AuthZ | Library for exploiting delegated Managed Service Accounts (dMSAs) in Windows Server 2025, detailing the "BadSuccessor" vulnerability. This flaw arises from missing permission checks, allowing low-level users with `CreateChild` rights on an OU to create a dMSA and link it to a privileged account. The system then incorrectly grants the dMSA all of the predecessor's permissions during Kerberos ticket issuance, enabling privilege escalation to high-level administrative roles. |
| 2026-07-08 2026 | Chaining a DOM XSS Sink, WAF Bypass, Cross-Origin Smuggling, and SDK Abuse into One Click Account…API SecAuthNXSS | Library for chaining DOM XSS, WAF bypass via `window.name` cross-origin smuggling, and SDK abuse to achieve one-click account takeover. The technique exploits a `javascript:` URL sink, bypasses Akamai's WAF by inserting characters between keywords and parentheses, leverages `window.name` persistence across navigations, and abuses a first-party authentication SDK to retrieve signed JWTs and live AWS STS credentials. |
| 2026-07-08 2026 | The HTTP 303 SSRF Hack : From Python HTTP Client Defaults to AWS Credential Exfiltration.SecretsSSRF | Writeup detailing an HTTP 303 SSRF vulnerability that escalates to AWS credential exfiltration. This exploit chains a user-controlled `token_uri` field in BigQuery service account credentials, an HTTP client with default redirect handling, and the AWS Instance Metadata Service (IMDS). By configuring a server to respond with an HTTP 303 redirect, a POST request to IMDS is implicitly converted to a GET request, allowing the attacker to retrieve temporary IAM credentials for the Kubernetes worker node. |
| 2026-07-08 2026 | JWTweak v2.1: A Guided, Offline Toolkit for Modern JWT AttacksJWT | Toolkit for offline JWT attack execution, JWTweak v2.1 guides users through identifying and exploiting vulnerabilities. Users paste JWTs to receive decoded and risk-scored tokens, suggested attack vectors, and step-by-step instructions for executing techniques such as algorithm confusion. This Python 3.8+ powered application requires pyjwt and cryptography libraries and operates entirely offline. |
| 2026-07-07 2026 | PicoCTF Web Exploitation Easy Category Web Challenge [SSTL 1]SSTI | Writeup detailing Server Side Template Injection (SSTI) techniques used to exploit a PicoCTF web challenge. The article explains how to identify template engines like Jinja2 by testing inputs such as `{{ 8*8 }}` and then leverages object traversal through `{{ config }}`, `{{ request }}`, and `{{ self }}` to access Python internals. It demonstrates how to use `__init__.__globals__.__builtins__.__import__('os').popen('ls').read()` and similar payloads to execute system commands and read files like `flag`, highlighting the importance of understanding template engine processing and object structures for deeper exploitation. |
| 2026-07-07 2026 | How I Found a Data Deletion Bypass via Subdomain SynchronizationAuthZBug Bounty | Writeup detailing a business logic vulnerability bypass on interconnected subdomains. A Moderator role, lacking delete permissions on the primary account management subdomain, could initiate a full organizational group deletion by exploiting synchronization flaws in the secondary task scheduling subdomain. This allowed for a cascade deletion affecting both platforms, a privilege intended only for Admin or Owner roles. The discovery highlights how understanding application workflows and reading developer documentation can uncover critical security gaps. |
| 2026-07-07 2026 | How I Found a Critical OAuth Misconfiguration That Led to Account TakeoverAuthNBug Bounty | Writeup detailing an account takeover vulnerability found via chaining multiple OAuth misconfigurations. The exploit leveraged open client registration, an authorization endpoint lacking authentication enforcement, and PKCE validation weaknesses that allowed token exchanges without client secrets. Additionally, wildcard CORS expanded attack vectors, while Google SSO auto-provisioning provided context for user authentication. |
| 2026-07-07 2026 | RCE via Gemini Live AI Voice Session Misconfiguration.AIRCE | Library for exploiting RCE vulnerabilities in applications integrating Google's Gemini Live AI Voice sessions by injecting client-controlled setup frames. The vulnerability arises when ephemeral tokens, used for browser-facing WebSocket connections to endpoints like `BidiGenerateContentConstrained`, are issued without proper `live_connect_constraints`. This misconfiguration allows attackers to control session parameters, including the model, system instruction, and critically, the `tools` field, enabling the injection of code execution capabilities. The writeup details how the official Gemini Live API example repository promotes this insecure pattern by omitting the `bidi_generate_content_setup` from token creation. |
| 2026-07-07 2026 | The File That Answered Back — XXE Hidden in Cell A2XXE | Writeup detailing an XML External Entity (XXE) vulnerability discovered in an Excel file upload endpoint. The exploit bypasses Imperva WAF rules by hiding the `DOCTYPE` declaration within the XML structure of an `.xlsx` file, which is essentially a ZIP archive containing XML documents. The writeup explains how to manually construct a valid XLSX file with a malicious XML parser instruction to read server-side files, ultimately returning sensitive data within the application's JSON response. |
| 2026-07-07 2026 | Mass Assignment and the Identity Drift: From Profile Edit to Insurance TakeoverAuthZBug Bounty | Writeup detailing Mass Assignment vulnerabilities that enable "identity drift" by allowing attackers to alter sensitive profile fields like legal name, date of birth, and government ID number without invalidating the verified status. This can lead to downstream impacts, such as falsely linking third-party insurance records by manipulating matching attributes like date of birth, effectively granting unauthorized financial access. |
| 2026-07-07 2026 | Mastering curl Commands Bug Bounty Hunter's GuideBug BountyRecon | Guide to mastering curl commands for bug bounty hunting, focusing on advanced techniques beyond basic POST requests. It covers real-world workflows like fuzzing, WAF bypasses, pipeline automation, and creative exploitation. Specific examples include subdomain discovery using Certificate Transparency logs with `curl` and `jq`, and header fingerprinting to gather intelligence on target applications. |
| 2026-07-06 2026 | The Internet’s Dirty Little Secret: Anyone Can Investigate Anyone — and Here Are 20 Free Tools to…OSINT | Tools for OSINT investigations, offering 20 free online resources that allow individuals to legally gather information on anyone. These platforms enable users to conduct digital investigations comparable to those used by professionals and intelligence agencies, focusing on publicly available data. |
| 2026-07-06 2026 | AdversaryGraph v5.0: From CTI Mapping to Attack Simulation and SIEM ValidationRecon | Library for CTI-to-detection workflow automation, AdversaryGraph v5.0 enhances attack simulation and SIEM validation. It integrates threat intelligence analysis, MITRE ATT&CK mapping, IOC enrichment, malware analysis, attack-surface mapping, and AI-assisted reporting. New in v5.0, the Attack Simulation module allows analysts to run controlled lab scenarios based on TTPs, inspect target telemetry, forward logs to a SIEM collector, and utilize an AI assistant for multi-phase attack chain drills, directly linking observed behaviors to detection engineering. |
| 2026-07-06 2026 | I Found an Unauthenticated Attachment Disclosure Bug in a WordPress Support Plugin — and a…AuthZ | Writeup detailing an unauthenticated attachment disclosure vulnerability in a WordPress support plugin. The research, conducted in an isolated Docker environment, reveals that a specific REST API endpoint lacks proper authorization checks, allowing anonymous users to access sensitive customer attachments like invoices and personal records. The author validates the vulnerability through proof-of-concept requests and MD5 hash comparisons, highlighting the potential for widespread data exfiltration. |
| 2026-07-06 2026 | TryHackMe — Bounty Hacker: The FTP Server Was Talking. I Just Listened.Bug BountyRecon | Writeup detailing a TryHackMe room, "Bounty Hacker: The FTP Server Was Talking. I Just Listened." This walkthrough focuses on practical exploitation, starting with anonymous FTP access on port 21 to obtain a username (`lin`) and a password list (`locks.txt`). It then proceeds to use Hydra for an SSH brute-force attack against port 22, successfully gaining a user shell. Privilege escalation is achieved by leveraging `tar`'s `checkpoint-action` capability, as documented on GTFOBins, to execute commands as root and retrieve the final flag. |
| 2026-07-06 2026 | Protocols and Servers 2 TryHackMe WriteupAuthN | Library detailing foundational attacks against network protocols, including sniffing with tools like tcpdump and Wireshark, Man-in-the-Middle (MITM) attacks using Bettercap and Responder, and password attacks. The resource emphasizes that cleartext protocols like POP3, FTP, and HTTP are insecure by design, highlighting vulnerabilities where credentials can be exposed over internal networks, legacy systems, and wireless connections. It also covers mitigations such as TLS encryption, network segmentation, and zero-trust principles. |
| 2026-07-06 2026 | Mr Robot CTF Walkthrough -TryHackMe DetailedAuthZBug BountyRecon | Library detailing a CTF walkthrough, starting with web enumeration via robots.txt to find `key-1-of-3.txt` and `fsocity.dic`. It then covers Nmap scans, Gobuster directory brute-forcing to discover WordPress, and exploiting a Base64-encoded string in the `/license` page's source for WordPress credentials. The entry explains obtaining a reverse shell through the WordPress Theme Editor, cracking an MD5 hash for the `robot` user, and performing privilege escalation by abusing the SUID bit on the `/usr/local/bin/nmap` binary to gain root access. |
| 2026-07-06 2026 | TryHackMe CTF Writeup of Hidden Deep Into my HeartBug BountyRecon | Writeup detailing a TryHackMe CTF challenge involving web enumeration. The process begins with analyzing `robots.txt` and `sitemap.xml`, leading to the discovery of a hidden directory. The tool `gobuster` is then employed for further directory enumeration, uncovering an administrator login page. Exploitation involves identifying a password clue within the `robots.txt` comments and successfully logging in to retrieve the flag. |
| 2026-07-04 2026 | Certified AD Red Team Specialist (AD-RTS): Full Exam Write-UpAuthNAuthZ | Writeup detailing a full methodology for the Certified AD Red Team Specialist (AD-RTS) exam, covering two distinct adversary paths. Path 1 begins with zero credentials and involves DNS zone transfers for enumeration, ASREPRoasting via GetNPUsers to gain SQL Server access, privilege escalation with GodPotato to SYSTEM, and credential harvesting using MiniDump. This leads to abusing AD Certificate Services (ADCS) via ESC1, leveraging certipy-ad, to request a certificate impersonating Domain Admin. Path 2 focuses on escalating from a low-privilege foothold on a public-facing web server. |
| 2026-07-04 2026 | TryHackMe: Checkpoint WalkthroughAISupply Chain | Walkthrough of a TryHackMe CISO challenge assessing four code review model candidates for production readiness. It details the evaluation telemetry for Candidates B (code_reviewer_lite.safetensors), C (pr_analyzer_v3.h5) with its detected LAMBDA LAYER and suspicious code execution, and D (api.reviewsvc.io) with its unverified endpoint and absent compliance certificate. The assessment involves examining Candidate A's file access to /etc/passwd and its disabled security_review_flag, identifying the CommunityReview policy template, and discovering the supply chain flag THM{supp1y_ch41n_0wn3d}. |
| 2026-07-04 2026 | TryHackMe — Pickle Rick: Rick Left the Door Open. I Just Walked In.Deser | Writeup of the TryHackMe "Pickle Rick" room, detailing how credentials and privilege escalation were found in plain sight. The room features a username leaked in HTML comments, a password in robots.txt, and a direct web shell granting unrestricted sudo access for the www-data user, allowing immediate root access. |
| 2026-07-04 2026 | TryHackMe — Simple CTF: The Note That Gave Everything AwayBug BountyRecon | Writeup of TryHackMe's "Simple CTF" room, detailing a straightforward penetration test. It highlights how reconnaissance on an anonymous FTP server, revealing a weak password, coupled with identifying a CMS Made Simple 2.2.8 installation vulnerable to CVE-2019–9053, leads to an initial foothold. Privilege escalation is achieved by exploiting sudo permissions for `/usr/bin/vim`, enabling a shell escape to gain root access. |
| 2026-07-04 2026 | I found North Korean (DPRK) malware hiding in my tailwind.config.jsSupply Chain | Library for detecting North Korean (DPRK) malware injected into Node.js projects, specifically found in `tailwind.config.js` files. This malware uses obfuscated code and attempts to exfiltrate data to `api.trongrid.io`. The library highlights the risks of compromised build tools and starter templates, emphasizing the need for thorough inspection of project configuration files. |
| 2026-07-04 2026 | Post-Compromise Attacks in AD: Credential Validation with CrackMapExecAuthNAuthZ | Writeup detailing post-compromise Active Directory attacks, focusing on credential validation using CrackMapExec. The article demonstrates using a compromised domain user credential, obtained via LLMNR poisoning, to authenticate against other machines on the network. It covers using CrackMapExec to check credentials, dump local SAM hashes, and leverage the Impacket suite (secretsdump, psexec.py) for further access, along with a brief mention of hash cracking with Hashcat. |
| 2026-07-04 2026 | Demonstrating LLMNR Poisoning in Active DirectoryAuthN | Writeup demonstrating LLMNR poisoning in an Active Directory lab, leveraging the Link Local Multicast Name Resolution protocol's fallback for DNS failures. An attacker can intercept authentication requests for mistyped or non-existent hostnames, capturing NTLM password hashes. The article details using Responder for poisoning and Hashcat with mode 5600 to crack NTLMv2 hashes from a Windows 2016 Server and Windows 10 Enterprise environment. |
| 2026-07-04 2026 | Host & Network Penetration Testing: Exploitation CTF 2 — eJPT (INE)AuthNAuthZ | Walkthrough of eJPT Exploitation CTF 2, chaining SMB brute-forcing for user tom's weak password to obtain leaked hashes, then performing a Pass-the-Hash attack against user nancy. These credentials lead to FTP access for user david, revealing flag3.txt and enabling an ASPX webshell upload to retrieve flag4.txt. |
| 2026-07-04 2026 | Exploiting Resource-Based Constrained Delegation (RBCD)AuthZ | Writeup on exploiting Resource-Based Constrained Delegation (RBCD) to achieve full Computer Account takeover. The article details how RBCD, introduced in Windows Server 2012, flips the trust direction from outgoing to incoming, allowing any account with write permissions on a computer object to modify its `msDS-AllowedToActOnBehalfOfOtherIdentity` attribute. This vulnerability can be exploited by creating a new computer account (Service A) with an SPN, obtaining a non-forwardable Kerberos ticket via S4U2Self, and then using RBCD to impersonate users to a target resource (Service B) via S4U2Proxy. |
| 2026-07-04 2026 | TryHackMe: Payload WalkthroughRCERecon | Writeup of an AI supply chain compromise on TryHackMe, detailing an investigation into a malicious model that remained undetected for 21 days. The analysis reveals the model's ability to execute shell commands via `system()` and exfiltrate data using POST requests. The writeup highlights the importance of inspecting candidate replacement models, specifically identifying a suspicious `manipulate_output` layer, and emphasizes securing AI model supply chains by verifying provenance and monitoring runtime behavior, referencing the organization `trustworthy-ai-lab` and the shell command `hostname`. |
| 2026-07-02 2026 | Beyond Canarytokens: Building a DIY Document Tripwire with Passive OS FingerprintingOSINT | Library for building a DIY document tripwire using a Python HTTP listener and passive OS fingerprinting with p0f. This approach enhances CTI, pentest, and red team analysis by enriching standard Canarytoken alerts with detailed callback metadata and inferred operating system characteristics, offering deeper insights into system interactions. |
| 2026-07-02 2026 | LLMborghini: TryHackMe AI Security ChallengeAI | Walkthrough of the LLMborghini TryHackMe AI Security Challenge, detailing practical steps for prompt injection and jailbreaking against an LLM-powered calendar assistant. The challenge focuses on extracting sensitive internal data, such as the Singapore branch's weekly revenue report, by circumventing the AI's security instructions and gaining unauthorized access to confidential information. |
| 2026-07-02 2026 | Auth Bypass is it?API SecAuthNAuthZ | Writeup details a bypass of an MSPACE-style auto-login feature where the backend accepted a fake inner MSPACE token within an encrypted JSON request body, despite a valid outer API bearer token being present. This vulnerability was discovered by observing client-side encrypted API flows and testing how the application handled decrypted data originating from the browser. |
| 2026-07-02 2026 | ChatGPT: Guardrail Bypass to LFI Vulnerability POCAI | Writeup detailing a ChatGPT guardrail bypass leading to a Local File Inclusion (LFI) vulnerability, referencing LLM02:2025 Sensitive Information Disclosure. The exploit involves uploading a file, tricking the LLM into providing a download link via a specific prompt sequence, and then manipulating the download URL's `sandbox_path` parameter. By appending a path traversal payload like `../../../../etc/passwd` to a legitimate file path, the attacker can bypass validation and retrieve sensitive system files, demonstrating a primitive useful in larger exploit chains. |
| 2026-07-02 2026 | Is the Android Lock Screen an Illusion? A Critical Logical Bypass Discovered in the Gemini AppAIMobile | Writeup detailing a critical logical bypass of the Android lock screen within the Gemini app, achieved through a multi-touch interaction exploiting context hijacking. This vulnerability, discovered organically by the author, allowed unauthorized access to sensitive data like chat histories, NotebookLM notebooks, and Gmail drafts by circumventing the system Keyguard. The bypass leveraged inadequate validation of concurrent UI interactions, specifically by maintaining a press on a permitted area while tapping a restricted element, creating a race condition that neutralized security controls. The vulnerability was responsibly disclosed and subsequently patched by Google. |
| 2026-07-02 2026 | Why Being in the Docker Group Is a Backdoor to Your Whole SystemAuthZRCE | Library explaining how membership in the `docker` group on Linux grants users root privileges on the host system without explicit `sudo` access. It details how this is an intended consequence of Docker's design, not a vulnerability, and provides a proof of concept demonstrating this capability. Administrators are advised on mitigation strategies to prevent this elevated access. |
| 2026-07-02 2026 | Hack Smarter — City Council (Active Directory)AuthNAuthZ | Writeup detailing the compromise of a City Council Active Directory environment, starting with only an IP address. The process involved initial port scanning with rustscan, web enumeration with gobuster, and reverse engineering an application executable with strings to uncover a service account. The service account's password was then extracted by intercepting application traffic with Wireshark. Finally, BloodHound was used to map the Active Directory structure via credentials obtained for the svc_services_portal account. |
| 2026-07-02 2026 | How I Found an Email Verification Bypass on an AI Freelance PlatformAPI SecAuthN | Writeup detailing an email verification bypass on an AI freelance platform, discovered by observing network traffic in Chrome DevTools during account registration. The vulnerability stemmed from the platform reusing the same JWT in both the registration response and the email verification link, rendering the email itself unnecessary for account verification. This flaw breaks the trust model of email verification, allowing users to bypass ownership confirmation and potentially impacting features reliant on verified email addresses. |
| 2026-07-01 2026 | Beating LinkedIn’s Mini Sudoku in 3 Seconds: A Parameter Tampering Case StudyBug Bounty | Writeup detailing a parameter tampering vulnerability in LinkedIn's Mini Sudoku. The vulnerability allows attackers using tools like Burp Suite to submit an artificially low `timeElapsed` value, as low as 3 seconds, directly to the GraphQL API. This bypasses server-side validation, enabling manipulation of game completion times, leaderboards, and associated badges, though it does not affect account security. The root cause is the application's reliance on client-supplied time data rather than server-side tracking. |
| 2026-07-01 2026 | Hacking With GoogleOSINTRecon | Writeup on using Google Search for reconnaissance and dorking, detailing techniques to uncover vulnerabilities via specific service versions, identify exposed cloud assets like S3 buckets, and enumerate subdomains. It explains advanced search operators such as quotes, wildcards, `site:`, `-`, `filetype:`, `inurl:`, `intitle:`, and `intext:`, referencing the Google Hacking Database and emphasizing ethical usage within authorized penetration tests and bug bounty programs. |
| 2026-06-25 2026 | TryHackMe — Mr. Robot CTF | Full Write-UpAuthZBug Bounty | Platform: TryHackMe Room: Mr. Robot CTF Difficulty: Medium Author: Shikhali Jamalzade ( @alisalive ) Date: May 2026 Tags: #CTF #TryHackMe #WordPress #PrivilegeEscalation #PenTest #MrRobot “Give a man ... |
| 2026-06-25 2026 | I Wasted 3 Days Intercepting a Flutter App. Here’s What Actually Works.BurpMobile | The author spent three days attempting to intercept traffic from a Flutter app for security assessment using various tools and techniques like Burp Suite, Objection, ReFlutter, custom CA installation, VPN interception, and Frida scripts. Despite these efforts, all methods resulted in the app displaying a "no internet" error, rather than typical SSL or certificate warnings. The author found that none of the common approaches were successful in capturing the app's traffic. |
| 2026-06-20 2026 | VulnHub — sunset: dawn | Full WalkthroughBug Bounty | This VulnHub machine, "sunset: dawn" by @whitecr0wz, is a beginner-to-intermediate Debian GNU/Linux 10 machine. The walkthrough details an attack path starting with SMB enumeration. This leads to discovering a writable share, which is directly mapped to a directory used by a root-owned cron job. This vulnerability allows for uploading a reverse shell. No bug bounty payout amount is mentioned. |
| 2026-06-20 2026 | Web-RTA Exam Writeup — Passed | CyberWarFare LabsBug Bounty | The Web-RTA (Web Red Team Analyst) certification from CyberWarFare Labs is a practical, black-box exam focusing on web application penetration testing. It features two live web applications and requires capturing 16 flags, testing real-world vulnerabilities. The exam is designed for beginner to intermediate skill levels and does not include theoretical or multiple-choice questions. No bug bounty payout amount is mentioned in this content. |
| 2026-06-20 2026 | CRTA Exam Writeup — Passed | CyberWarFare LabsBug Bounty | The CRTA (Certified Red Team Analyst) exam from CyberWarFare Labs is a practical, black-box assessment focused on hands-on red teaming. The certification requires users to compromise machines within a live lab environment and collect flags, with no theoretical questions. Success is determined solely by achieving root access and flag retrieval. |
| 2026-06-20 2026 | Phone Numbers and Emails to Hidden Subdomains: The OSINT Acquisition Pipeline That Uncovered a…OSINT | Phone Numbers and Emails to Hidden Subdomains: The OSINT Acquisition Pipeline That Uncovered a Critical Bug A deep technical blog on using phone numbers and email addresses to discover hidden domains,... |
| 2026-06-20 2026 | “Bug Bounty Bootcamp #48: OAuth + XSS ”AuthNBug BountyXSS | This "Bug Bounty Bootcamp #48" article, titled "OAuth + XSS," explores a potent combination of vulnerabilities: OAuth and Cross-Site Scripting (XSS). The content suggests that by leveraging these two, attackers can achieve account takeovers, effectively describing it as an "ultimate account takeover one-two punch." The article is part of a series and can be found on InfoSec Write-ups. No specific bounty payout amount is mentioned. |
| 2026-06-20 2026 | BITSCTF 2026 Writeups | OSINT And Steganography / Forensics ChallengesOSINT | This summary details solutions for OSINT and Steganography challenges from BITSCTF 2026. Tools like zsteg, cyberchef, reverse image search, strings, and exiftool were employed. One OSINT challenge involved identifying a "major event" in Copenhagen in early 2024, described by unusual geometric structures near a river. The event's difficulty was rated 6.5/10. No bug bounty payout amount was mentioned. |
| 2026-06-20 2026 | Breaking Down Two Simple Vulnerabilities That Exposed A School’s Admission RecordsBug BountyIDOR | Security researchers discovered data-exposure vulnerabilities on a school's website, revealing sensitive admission records containing PII like names, emails, and addresses. The `/print-form.php?app_number=` endpoint was vulnerable to Insecure Direct Object Reference (IDOR), allowing access to records by manipulating application numbers. |
| 2026-06-19 2026 | I Pentested a Real CRM System and Found 4 Critical Vulnerabilities — Here’s the Full Attack ChainBug Bounty | The author, Shikhali Jamalzade, conducted a pentest on a real CRM system with explicit authorization. They discovered and successfully chained four critical vulnerabilities, demonstrating a complete attack path. Sensitive details were redacted to protect the organization. No specific bounty payout amount is mentioned in this excerpt. |
| 2026-06-19 2026 | VulnHub — Shenron: 1 | Full WalkthroughBug Bounty | This VulnHub machine, "Shenron: 1" by Shubham Mandloi, is an easy to medium difficulty Ubuntu 20.04.1 LTS target. The walkthrough details a penetration test starting with credentials found in an HTML comment. This leads to a Remote Code Execution vulnerability via a malicious extension upload within a misconfigured Joomla CMS. The ultimate goal is achieving full root access on the system. |
| 2026-06-19 2026 | TryHackMe — Blog CTF | Full Write-UpRCE | This TryHackMe room, "Blog," is a medium-difficulty CTF focused on a WordPress blog run by "Billy Joel." The challenge features CVE-2019–8942, a WordPress image crop Remote Code Execution vulnerability, alongside a custom binary for privilege escalation. The write-up details the steps to exploit these vulnerabilities to gain access and complete the room. No bounty payout amount is mentioned. |
| 2026-06-19 2026 | “Bug Bounty Bootcamp #46: Not Allowed From Your IP?”AuthN | This article from InfoSec Write-ups, "Bug Bounty Bootcamp #46: Not Allowed From Your IP?", details advanced techniques for bypassing authentication barriers in bug bounty hunting. The methods discussed include IP spoofing, brute-force attacks, and mass assignment, all aimed at gaining unauthorized access. The focus is on exploiting authentication vulnerabilities to overcome access restrictions. No specific bug bounty payout amount is mentioned in the provided text. |
| 2026-06-19 2026 | Building a Hackbot for Bug Bounties — Auth Testing Subagent SetupBug Bounty | If you have been keeping up with the current state of Bug Bounties on X, you probably heard that some hunters are making small fortunes using their own custom-made hackbots to aid them in Bug Bounty H... |
| 2026-06-19 2026 | I almost ordered a product for free. (Business Logic Vulnerability)AuthZ | Security engineer Sumeet Mahadik discovered a business logic vulnerability that nearly allowed him to order a product for free. While the exact method isn't detailed, the vulnerability presented an opportunity for significant savings. The content is the beginning of a blog post where Mahadik intends to explain his findings. No bounty payout amount is mentioned. |
| 2026-06-19 2026 | BEARCAT CTF 2026 WRITEUPSOSINT | Flag Format: BCCTF{} #1.RIVER RAIDER (OSINT) For this challenge, we were given a picture of a rogue pirate ship sailing through a river, and we needed to find the name of the bridge right behind it. I... |
| 2026-06-19 2026 | Build an IDOR Vulnerability Lab: Why WHERE Clauses Don’t Protect Your API.API SecIDOR | Last time we covered SQL injection . I promised IDOR was next. Today you are going to see why a WHERE clause alone will not save you. When you learn about backend APIs feeding your frontend, you are r... |
| 2026-06-19 2026 | “Bug Bounty Bootcamp #47: Account Takeover 101 — How to Steal Everyone’s Account (Legally)”AuthZIDOR | This article, "Bug Bounty Bootcamp #47: Account Takeover 101," explains that hackers don't need advanced skills to achieve account takeovers. Common vulnerabilities like Insecure Direct Object References (IDOR), insecure invite links, or misconfigured "role" fields can be exploited. The piece encourages readers to learn these techniques legally through bug bounty programs. No specific payout amount is mentioned. |
| 2026-06-17 2026 | TryHackMe — Break Out The Cage | Full Write-UpBug BountyRecon | This TryHackMe room, "Break Out The Cage," is an easy-level challenge designed by Shikhali Jamalzade. The room features a Nicolas Cage theme and incorporates several real-world attack techniques. These include anonymous FTP access, multi-layer cryptography, SSH lateral movement, and cron-based command injection. No bug bounty payout amount is mentioned in the provided content. |
| 2026-06-17 2026 | TryHackMe — Checkmate | Full WalkthroughAuthZBug BountyOSINT | The TryHackMe "Checkmate" room, an easy-difficulty lab by Shikhali Jamalzade, focuses on password attacks, OSINT, and privilege escalation within a simulated internal network compromise. It challenges users to exploit weak password practices of an IT Operations employee, Marco Bianchi, to gain access to various internal systems, including a firewall and SSH. The walkthrough guides participants through these steps. |
| 2026-06-17 2026 | Bug Bounty Bootcamp #45: Token?API SecAuthN | In Bug Bounty Bootcamp #45, a critical vulnerability is highlighted: a password reset function that inadvertently leaks the magic token in its API response. This discovery poses a significant security risk, potentially allowing unauthorized access. The article suggests that developers may have even left an endpoint that directly provides this sensitive token, exacerbating the vulnerability. Further details on this insecure implementation and its implications can be found on InfoSec Write-ups. No specific bounty payout amount was stated. |
| 2026-06-17 2026 | The Crime Blue Team Lab (CyberDefenders)OSINT | This CyberDefenders Blue Team challenge, "The Crime," involves analyzing a victim's phone, seized as evidence in a murder investigation. The objective is to reconstruct the events leading up to the incident by meticulously examining gathered information. Key tools for this analysis include ALEAPP and sqlitebrowser. The content does not mention any bug bounty payout amounts. |
| 2026-06-17 2026 | CAT Reloaded CTF — CATF 2025 — DFIR ChallengesOSINT | The author successfully solved 4 out of 5 Digital Forensics and Incident Response (DFIR) challenges at the CAT Reloaded CTF — CATF 2025. A writeup detailing their solutions is available on their GitBook account. The first challenge, "Index of Secrets," required retrieving a Windows search database file located at "C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb." The writeup focuses on the technical steps involved in solving these DFIR puzzles. No bug bounty payout amount was mentioned. |
| 2026-06-17 2026 | Mastery Hunt: Hidden API Endpoints — A Deep Dive into API Bug Bounty Recon & ExploitationAPI SecBug BountyRecon | This article focuses on API security testing as a crucial aspect of bug bounty hunting, highlighting APIs as a prime target for discovering sensitive data and business logic flaws. It details the process of finding, analyzing, and exploiting hidden API endpoints for bug bounty and penetration testing. The initial phase covered is "Surface Reconnaissance," which involves passive methods for identifying the API attack surface. The content emphasizes the significant value and potential found within API vulnerabilities. |
| 2026-06-17 2026 | The Intelligent Shield. OpenCTIAI | "The Intelligent Shield" proposes an AI-driven enrichment approach for OpenCTI, moving beyond manual threat intelligence. It addresses data fragmentation and lack of context in cyber attacks by utilizing automated machine learning pipelines. This system aims to transform raw threat data into high-confidence intelligence, enabling security teams to effectively manage the overwhelming volume of information and respond to sophisticated threats. |
| 2026-06-16 2026 | Silent Breach Lab Writeup (CyberDefenders)Talks | This writeup details a blue team challenge from CyberDefenders involving a silent breach at the IMF. The scenario centers on recovering compromised, unreadable data by creating a forensic image of a server. The challenge involves analyzing Windows Mail artifacts, specifically Microsoft HxStore.hxd. The participant is tasked with uncovering crucial information through forensic analysis and decoding. No specific bug bounty payout amount is mentioned in the provided content. |
| 2026-06-16 2026 | Connectors CTF 2025 — DFIR ChallengesTalks | This is a write-up detailing the solution of three Digital Forensics and Incident Response (DFIR) challenges from CONCTF 2025. The author successfully solved all three independently. One challenge involved a malicious document file, "Invoice_Q1–2021.doc," which was treated like a zip archive to extract its contents and reveal the malicious elements. No specific payout amounts were mentioned. |
| 2026-06-16 2026 | My Instructor Said “You Can’t Get a Shell.” I Got Root. — Full Web Pentest Exam Write-UpBug BountyRCE | This write-up details a successful penetration test of the VanguardCorp Hotel Management System, a CTF/exam environment. Despite an instructor's assertion that a shell was impossible, the author achieved root access. The assessment was conducted under MilliSec LLC supervision in an isolated lab network on May 24, 2026, involving no real user data. |
| 2026-06-13 2026 | I Simulated an SSH Brute-Force Attack on My Ubuntu Server — Here’s How Fail2Ban Stopped ItAuthN | The author details setting up an attack lab to simulate SSH brute-force attempts against their Ubuntu server. The primary focus is on observing how Fail2Ban functions to detect and automatically block repeated failed login sequences. The article aims to provide a practical understanding of Fail2Ban's effectiveness in protecting against such attacks. No bug bounty payout amount is mentioned. |
| 2026-06-13 2026 | Beyond the Patch: Understanding the SonicWall SSL-VPN MFA Bypass ExposureAuthN | A SonicWall SSL-VPN vulnerability, CVE-2024–12802, allows attackers to bypass Multi-Factor Authentication (MFA). The flaw lies in how SSL-VPN handles UPN and SAM account formats separately. Attackers can exploit alternative login formats to circumvent MFA, even when it seems active. This issue affects SonicWall Gen6 SSL-VPN devices and has been linked to ransomware attacks. The content does not state a specific bug bounty payout amount. |
| 2026-06-13 2026 | Header Manipulation: Bypasses, Probing, and the Security Audit Nobody DoesAPI SecAuthZ | Request headers are not mere metadata but critical inputs that can be manipulated. Attackers exploit this to bypass access controls, probe for misconfigurations, spoof identities, and test security. This article delves into header manipulation techniques frequently encountered in penetration testing platforms, emphasizing their role in security assessments. |
| 2026-06-13 2026 | Six levels, one lesson: LLMs cannot keep a secretAIXSS | GitHub's Secure Code Game Season 3, a six-level challenge, demonstrates that Large Language Models (LLMs) cannot keep secrets. The game involves prompt injection attacks against vulnerable AI assistants designed to hide information. Players craft attacks to extract these secrets, highlighting that system prompts are not a security measure. The content focuses on hands-on learning of AI security principles through this open-source, browser-based game. No bounty payout amounts are mentioned. |
| 2026-06-13 2026 | DVWA Cheat Sheet (Low & Medium)Bug BountyBurpSQLi | This cheat sheet focuses on brute-forcing the Damn Vulnerable Web Application (DVWA) at low and medium security levels. The method involves capturing a GET request using Burp Suite after obtaining an error message from an initial username/password test. This request is then sent to Burp Intruder. By clearing existing parameters and selecting the password field, users can configure it for brute-force attacks, preparing to input payloads for password cracking. |
| 2026-06-13 2026 | IEEE Victoris 4.0 — CTF 2025 — Quals DFIR ChallengesBug BountyOSINT | This writeup details the author's first-blood achievement in two DFIR challenges from IEEE Victoris 4.0 — CTF 2025 Quals. The first challenge, "the Frontdoor," involved analyzing a Linux disk image. By examining `.zsh_history` and `.bash_history`, the author discovered file navigation and Git activity within a `/home/Documents/MyProject` directory, providing initial clues for the investigation. |
| 2026-06-12 2026 | Building Another Vulnerable Lab — SSRF.SSRF | This blog post is a follow-up to a previous one, detailing how to build a Server-Side Request Forgery (SSRF) lab. The author will guide readers through setting up this vulnerable environment, which will be added to their GitHub repository. The post begins by defining SSRF as a vulnerability where an attacker can cause a server to make unintended requests. |
| 2026-06-12 2026 | Android App Penetration Testing: From APK Decompilation to Runtime Exploitation [Tools and Labs]Mobile | This article introduces the fundamentals of Android penetration testing, covering essential tools and their usage. It emphasizes the necessity of an Android virtual device or a physical device for practical application. The author, while not an expert, aims to provide a useful guide for beginners. The content highlights Android Studio as the official Integrated Development Environment (IDE) for this process. No bug bounty payout amounts are mentioned. |
| 2026-06-12 2026 | Hacking Into A Server Through FTPRCE | This article explores the continued vulnerability of servers still using FTP (File Transfer Protocol). It highlights how this outdated protocol can be a gateway for attackers to gain unauthorized access to sensitive data and systems. The piece likely details the methods used in such attacks and emphasizes the importance of migrating to more secure alternatives to prevent potential breaches. |
| 2026-06-12 2026 | Hacking a Fortune 500 Finance Company via Envoy Proxy MisconfigurationIDOR | A security researcher discovered a vulnerability at a Fortune 500 finance company by exploring their websites. While most domains required SSO credentials, a sister website accessible via Google Dorking allowed verified authors to publish articles. This avenue was initially used to understand the company's systems. The content doesn't mention a specific bug bounty payout amount. |
| 2026-06-12 2026 | Analyzing CVE-2026-32743: PX4 MAVLink Buffer Overflow DoSSupply Chain | The analysis of CVE-2026-32743 highlights a critical vulnerability in PX4's MAVLink implementation, specifically a buffer overflow leading to a Denial of Service (DoS) attack. This is particularly concerning given the increasing use of autonomous drones in civilian sectors, which are now also potential targets in modern conflicts. The widespread deployment of commercial drones exposes a vulnerability in the global supply chain, where platforms used for agriculture and industry could be compromised. The summary does not mention a specific bug bounty payout amount. |
| 2026-06-12 2026 | Making A SQLi Lab Is Not Difficult, Build One With Me.SQLi | This content is the second part of a series on building a SQL injection (SQLi) lab. The author highlights SQLi's intrusiveness, noting that it doesn't require privilege escalation and, in this lab's case, can be exploited without tools like Burp. The author also shares an inside joke about pronouncing "SQL" as "skweel." No specific bug bounty payout amount is mentioned in this excerpt. |
| 2026-06-12 2026 | How I Built a Burp Extension Efficiently with ClaudeAIBurp | Claude significantly streamlined Burp extension development for security researchers. The author used Claude to create an extension that flags non-standard HTTP headers, aiding in the discovery of injection vulnerabilities. By prompting Claude, the author generated an idea and a prototype, demonstrating how AI can overcome the coding hurdles previously associated with extension building. The extension leverages the IANA registry of common HTTP headers as a filtering mechanism. |
| 2026-06-12 2026 | Chaining Stored XSS and CSRF in Typemill CMS: A Deep Dive into Attribute InjectionCSRFXSS | A security assessment of Typemill CMS uncovered a critical vulnerability chain combining Stored XSS and CSRF (CVE-2026–53468). An attacker can bypass frontend validation to inject malicious scripts into page metadata. This allows for the theft of admin sessions by exploiting attribute injection. This vulnerability impacts Typemill, a popular flat-file CMS built on PHP and the Slim framework, and poses a significant risk to its users. |
| 2026-06-12 2026 | AI Security: explanation to Exploitation || Part 1AI | This article introduces AI security, focusing on "jailbreaking" large language models (LLMs) and AI-powered tools. With the widespread adoption of AI in organizations like Meta and Google for task automation, understanding and exploiting vulnerabilities in these systems is becoming crucial. The author plans to delve into the methods and extent of jailbreak exploitation. |
| 2026-06-10 2026 | SQL Injection in Password Reset: Full Database, One EmailAuthNSQLi | A critical SQL injection vulnerability in a password reset function granted a researcher full read access to an entire database, including user records and password hashes. The vulnerability was discovered through a `ukey` parameter in a password reset email. Despite being reported in early 2025, the issue remained live at the time of the report. The researcher was able to extract all data from every table. No specific bounty payout amount was mentioned. |
| 2026-06-10 2026 | How GraphQL Mutation Aliasing Led to a $12,500 DoS Bug in HackerOne’s Account Recovery FlowBug BountyGraphQL | A researcher discovered a Denial of Service (DoS) bug in HackerOne's account recovery process due to a feature in GraphQL called mutation aliasing. This behavior allowed an attacker to trigger multiple, recursive mutations, overwhelming the system and preventing legitimate users from recovering their accounts. HackerOne acknowledged the vulnerability and awarded the researcher $12,500 for their findings. |
| 2026-06-10 2026 | I Found the Entire Admin UI of a Live PlatformJust By Tweaking Traffic in Burp SuiteAuthZBurp | During an internship, Hamza Hashim (refang) discovered a significant security vulnerability on the REDACTED.org internship program portal. By manipulating traffic using Burp Suite, he gained access to the entire administrative user interface of the live platform. This article details one of the findings from his broader bug report submitted to the organization. |
| 2026-06-10 2026 | Zero-Click IP Leak in a Privacy Search Engine: Indirect Prompt Injection & Silent PatchingAI | A security researcher discovered a zero-click IP leak vulnerability in Kagi Search, a privacy-focused search engine. The vulnerability exploited an indirect prompt injection technique using a Markdown trick to deanonymize users. This allowed the attacker to force a victim's browser to reveal their IP address, undermining Kagi's core privacy promise. Kagi Search has since quietly patched the vulnerability, indicating a "Not Applicable" status for the report, which the researcher interprets as a silent fix. No specific bug bounty payout amount was mentioned in the provided content. |
| 2026-06-08 2026 | JavaScript Prototype Pollution Deep Dive : — Reconnaissance, Exploitation & Bug Bounty GuidelineRCEXSS | This article provides a deep dive into JavaScript Prototype Pollution vulnerabilities, explaining the underlying prototype chain and its attack vectors. It covers reconnaissance methodologies, exploitation techniques ranging from XSS to Remote Code Execution (RCE), and real-world bug bounty case studies. The guide also delves into advanced exploit chains, tooling, automation, and defense strategies, offering a production-ready Python scanner. The content focuses on understanding and mitigating this complex JavaScript vulnerability. |
| 2026-06-08 2026 | OSCP Windows Enumeration Checklist: My Complete Privilege Escalation Workflow for Every BoxAuthZ | This article details a comprehensive Windows enumeration workflow for the OSCP certification, focusing on privilege escalation. The author shares their exact process, highlighting key techniques like analyzing WinPEAS output, hunting for credentials, leveraging token abuse, and examining services. The goal is to provide a structured approach for tackling Windows-based machines encountered during the exam, ensuring thoroughness in identifying vulnerabilities and escalating privileges effectively. |
| 2026-06-08 2026 | SPIP RCE + Docker SUID Escape | THM PublisherRCE | This TryHackMe Publisher challenge focuses on exploiting a vulnerable SPIP CMS. The initial steps involve Nmap reconnaissance to identify open ports and services, revealing SPIP CMS running on the target. Subsequent web enumeration using FFUF helps uncover hidden paths within the SPIP-based Community Magazine. The content does not mention a bug bounty payout amount. |
| 2026-06-08 2026 | Update: The Ending of My $500 Loss and Web Cache Poisoning Story.SSRF | The author recounts a personal experience where a $500 loss prompted them to revisit a previously discovered Web Cache Poisoning vulnerability. The initial discovery was documented but later forgotten. This unexpected financial setback led the author back to investigate the bug further, with the aim of resolving outstanding questions and understanding the implications of the vulnerability, ultimately turning a loss into a learning opportunity. |
| 2026-06-08 2026 | The Most Dangerous Security Bug Is the One That Feels Like a FeatureBug Bounty | This article argues that the most dangerous security bugs are those that appear to be legitimate features. Such vulnerabilities are difficult to detect because they don't immediately trigger red flags. The author uses the example of a single click potentially compromising a developer's entire identity to illustrate this point, emphasizing that seemingly benign actions can have catastrophic security consequences if not properly scrutinized. |
| 2026-04-19 2026 | The Art of Breaking OAuth: Real-World Exploits and MisusesAuthN | The Art of Breaking OAuth: Real-World Exploits and Misuses |
| 2026-04-19 2026 | Broken Access Control: The Quiet Killer in Web ApplicationsAuthZ | Broken Access Control: The Quiet Killer in Web Applications |
| 2026-04-16 2026 | Deep Dive into SSTI: Finding and Exploiting Like a ProSSTI | Deep Dive into SSTI: Finding and Exploiting Like a Pro |
| 2026-04-16 2026 | Abusing GraphQL Introspection: A Gateway for Recon and ExploitationGraphQL | Abusing GraphQL Introspection: A Gateway for Recon and Exploitation |
| 2026-04-11 2026 | What is BOLA? 3-digit bounty from TopcoderAPI Sec | What is BOLA? 3-digit bounty from Topcoder |
| 2026-04-10 2026 | From SSRF to RCE: A 7-Step Chain Against PostHogSSRF | From SSRF to RCE: A 7-Step Chain Against PostHog |
| 2026-04-10 2026 | GraphQL Security Flaws and ExploitationGraphQL | GraphQL Security Flaws and Exploitation |
| 2026-04-10 2026 | From Recon to RCE: Hunting React2Shell (CVE-2025-55182)RCE | From Recon to RCE: Hunting React2Shell (CVE-2025-55182) |
| 2026-04-10 2026 | Mastering Blind XSS: Real-World Techniques for High BountiesXSS | Mastering Blind XSS: Real-World Techniques for High Bounties |
| 2026-04-06 2026 | GraphQL Security: How I Found and Exploited Critical IDOR and Authorization BypassGraphQLIDOR | GraphQL Security: How I Found and Exploited Critical IDOR and Authorization Bypass |
| 2026-04-06 2026 | The Complete Beginner's Guide to Bug Bounty ReconnaissanceRecon | The Complete Beginner's Guide to Bug Bounty Reconnaissance |
| 2026-04-06 2026 | How Bug Bounty Hunters Are Using Claude CodeBug Bounty | How Bug Bounty Hunters Are Using Claude Code |
| 2026-04-06 2026 | Bug Bounty Bootcamp #29: Boolean Blind SQL Injection Part 2SQLi | Bug Bounty Bootcamp #29: Boolean Blind SQL Injection Part 2 |
| 2026-04-03 2026 | Comprehensive Bug Bounty Hunting Methodology (2024 Edition)Bug Bounty | Comprehensive Bug Bounty Hunting Methodology (2024 Edition) |
| 2026-04-03 2026 | Hail Frida!! The Universal SSL Pinning Bypass for AndroidMobile | Hail Frida!! The Universal SSL Pinning Bypass for Android |
| 2026-03-02 2026 | Breaking the Trust Boundary: SSRF via a Misconfigured Sentry TunnelSecretsSSRF | Free Article Link: Click for free! |
| 2026-01-29 2026 | How I Made Burp Suite My IDOR-Finding Robot Butler (And Found 20+ Bugs) 🤖🔍Bug BountyBurpIDOR | The content titled "How I Made Burp Suite My IDOR-Finding Robot Butler (And Found 20+ Bugs)" likely discusses utilizing the Burp Suite tool to automate the discovery of Insecure Direct Object Reference (IDOR) vulnerabilities, leading to the identification of over 20 bugs. The author shares their experience and strategies for leveraging Burp Suite effectively in bug hunting. The content may provide insights into the process of using automation tools for security testing and the successful outcomes achieved through this approach. |
| 2026-01-22 2026 | Recon to Master: The Complete Bug Bounty ChecklistBug BountyRecon | “” is published by 𝙇𝙤𝙨𝙩𝙨𝙚𝙘 in InfoSec Write-ups. |
| 2026-01-22 2026 | My 5-Minute Workflow to Find Bugs on Any WebsiteBug BountyRecon | My 5-Minute Workflow to Find Bugs on Any Website A step-by-step guide to my most effective, shortcut methods for bug bounty hunting. Introduction Hi everyone, welcome back! Today, I’m going to show … |
| 2025-08-14 2025 | HTTP-HOST HEADER ATTACKS. Hi! My name is Hashar Mujahid and today… | by HasBug Bounty | The content discusses HTTP-Host header attacks and is authored by Hashar Mujahid. It seems to provide information or insights related to this type of cyber attack. |
| 2025-08-14 2025 | How to discover up to 10,000 subdomains with your own tool | by _Y000_ | InBug Bounty | The content discusses a method to uncover up to 10,000 subdomains using a self-created tool by _Y000_. It likely provides insights or instructions on how to utilize this tool effectively for discovering subdomains efficiently. The focus is on empowering individuals to explore a large number of subdomains using a personalized tool. |
| 2025-08-14 2025 | Mastering the Realm of GraphQL ExploitationGraphQL | The content is titled "Mastering the Realm of GraphQL Exploitation" and appears to focus on the topic of exploiting GraphQL. It suggests a deep dive into understanding and potentially exploiting GraphQL, a query language for APIs. The title implies that the content may cover advanced techniques or strategies for manipulating GraphQL queries to gain unauthorized access or extract sensitive information. |
| 2025-08-14 2025 | How I Found Multiple XSS Vulnerabilities Using Unknown TechniquesXSS | The content discusses the discovery of multiple XSS vulnerabilities through the use of undisclosed techniques. It implies that the author has found a method to identify and exploit these vulnerabilities, potentially showcasing a unique approach to uncovering security flaws. The focus is on the process of discovering XSS vulnerabilities rather than detailing specific techniques or findings. |
| 2025-08-14 2025 | Mastering XSS: A Comprehensive Guide for Bug Bounty Hunters | by Security LXSS | The content titled "Mastering XSS: A Comprehensive Guide for Bug Bounty Hunters" by Security L provides detailed information and guidance on mastering Cross-Site Scripting (XSS) for individuals participating in bug bounty programs. It aims to help bug bounty hunters understand and effectively exploit XSS vulnerabilities to enhance their skills in identifying and reporting security issues. The guide likely covers various aspects of XSS attacks, techniques, prevention methods, and practical examples to equip readers with the knowledge needed to excel in finding and addressing XSS vulnerabilities in web applications. |
| 2025-08-14 2025 | https://infosecwriteups.com/bypassing-character-limit-xss-using-spanned-payload-7301ffac226eXSS | The content discusses a technique to bypass character limits in Cross-Site Scripting (XSS) attacks using a spanned payload. By breaking the payload into smaller parts and using HTML span tags, attackers can evade character restrictions imposed by input fields, allowing them to execute malicious scripts on vulnerable websites. This method enables the injection of longer payloads while avoiding detection, making it a valuable tool for attackers seeking to exploit XSS vulnerabilities. |
| 2025-08-14 2025 | Exploiting Non-Cloud SSRF for More Fun & Profit | by Basavaraj Banakar | InSSRF | The content appears to focus on exploiting Non-Cloud Server-Side Request Forgery (SSRF) for increased enjoyment and financial gain. It is likely a technical article or presentation by Basavaraj Banakar that delves into the methods and implications of leveraging SSRF vulnerabilities outside of cloud environments. The content may provide insights into how SSRF can be used for malicious purposes or for ethical hacking to uncover security weaknesses. It seems to aim at educating readers on the potential risks and rewards associated with exploiting SSRF vulnerabilities in non-cloud settings. |
| 2025-08-14 2025 | Breaking Down SSRF on PDF Generation: A Pentesting GuideSSRF | The content is titled "Breaking Down SSRF on PDF Generation: A Pentesting Guide." It likely discusses the topic of Server-Side Request Forgery (SSRF) in the context of PDF generation and provides a guide for penetration testing related to this issue. The focus is on understanding and potentially exploiting SSRF vulnerabilities in PDF generation processes for security testing purposes. |
| 2025-08-14 2025 | https://infosecwriteups.com/walkthrough-weather-app-hack-the-box-web-challenge-34b0c930dfcaSSRF | The content is a walkthrough of a web challenge called "Weather App" from the platform Hack The Box. It provides a step-by-step guide on how to solve the challenge, including identifying vulnerabilities, exploiting them, and gaining access to the target system. The walkthrough covers topics such as reconnaissance, enumeration, exploitation, and privilege escalation. It aims to help readers understand the process of hacking a web application and improving their cybersecurity skills. |
| 2025-08-14 2025 | https://infosecwriteups.com/multiple-http-redirects-to-bypass-ssrf-protections-45c894e5d41cSSRF | The content discusses a technique using multiple HTTP redirects to bypass Server-Side Request Forgery (SSRF) protections. By chaining together several HTTP redirects, an attacker can manipulate the server to access internal resources or perform unauthorized actions. This method can be used to exploit vulnerabilities in web applications that are susceptible to SSRF attacks. The article provides insights into how attackers can leverage this technique and offers recommendations for organizations to strengthen their defenses against SSRF vulnerabilities. |
| 2025-08-14 2025 | Beginner Guide To Exploit Server Side Request Forgery (SSRF) VulnerabilitySSRF | The content is a beginner's guide to exploiting Server Side Request Forgery (SSRF) vulnerability. It likely covers the basics of identifying and exploiting SSRF vulnerabilities, which involve manipulating a server to make unauthorized requests on behalf of the attacker. The guide may provide insights into how SSRF vulnerabilities can be leveraged for malicious purposes and the potential risks associated with such exploits. It serves as an introductory resource for individuals looking to understand and potentially exploit SSRF vulnerabilities. |
| 2025-04-11 2025 | Nmap for Beginners: Easy Tips to Scan Networks Like a ProRecon | So, Think this :::: one night when you are trying to sleep , suddenly you imagine what’s happening on your network .. what devices are connected? What services are they running? {JUST 2 AM THOUGHTS… |
| 2025-04-10 2025 | Best Browser Extensions for Bug Hunting and CybersecurityBug BountyBurp | If you are getting into bug hunting or cybersecurity the right tools can make a huge difference. Browser extensions help automate tasks, find hidden vulnerabilities and protect your privacy. Here is… |
| 2025-04-09 2025 | Controlling XSS Using A Secure WebSocket CLI - InfoSec Write-upsXSS | When experimenting with Cross-Site Scripting (XSS), what’s the quickest way to test multiple payloads efficiently? Not long ago, I set up an XSS server that serves remote payloads, which can easily… |
| 2025-01-30 2025 | Advanced DNS Attacks: Poisoning and ExploitationRecon | Understanding DNS Vulnerabilities and Practical Techniques for Exploitation and Defense |
| 2024-10-17 2024 | Let’s Understand SSRF vulnerabilitySSRF | The content provides an introduction to understanding SSRF (Server-Side Request Forgery) vulnerability. SSRF is a type of security vulnerability that allows an attacker to manipulate the server into making unauthorized requests on their behalf. This can lead to data breaches, unauthorized access, and other security risks. Understanding SSRF is crucial for developers and security professionals to prevent and mitigate such vulnerabilities in web applications. |
| 2024-10-17 2024 | 👩💻Roadmap to Cybersecurity in 2022, Full-Read SSRF, IDOR in GraphQL, GCP Pentesting, and much…GraphQLSSRF | The content discusses a talk focusing on cybersecurity in 2022, covering topics such as SSRF, IDOR in GraphQL, GCP Pentesting, and more. The talk highlights the significant value, over $25 billion, that is at risk due to practical attacks on bridges. It emphasizes the importance of understanding and addressing vulnerabilities in cybersecurity to protect valuable assets. |
| 2024-10-17 2024 | 👩💻 $600k Bounty, Jetty Features, Response Queue Poisoning, Bypass SSRF Protections, XSS…Bug BountySSRF | A $600K bounty was awarded due to a business logic flaw in smart contracts. |
| 2024-10-17 2024 | Exploiting: SSRF For Admin AccessSSRF | The content is about exploiting Server-Side Request Forgery (SSRF) vulnerabilities to gain admin access. SSRF allows attackers to make requests on behalf of the server, potentially accessing internal systems or performing unauthorized actions. By manipulating URLs, attackers can trick the server into fetching sensitive data or executing commands. This can lead to unauthorized access to admin interfaces, compromising the system's security. The article likely discusses the risks of SSRF vulnerabilities, the impact on system security, and potential mitigation strategies to prevent such attacks. |
| 2024-10-17 2024 | Server-Side Request Forgery — SSRF: Exploitation TechniqueSSRF | Server-side request forgery (SSRF) is a vulnerability where an attacker can manipulate a server to make unauthorized HTTP requests. This exploitation technique can lead to sensitive data exposure, unauthorized access, and potential server compromise. Preventing SSRF involves input validation, using whitelists, and restricting server access to prevent attackers from exploiting this vulnerability. |
| 2024-10-17 2024 | Story of a 2.5k Bounty — SSRF on Zimbra Led to Dump All Credentials in Clear TextBug BountySSRF | The content discusses a successful bug bounty story where the author and a friend earned approximately $2500 from Cafebazaar by exploiting a Server-Side Request Forgery (SSRF) vulnerability on Zimbra, leading to the exposure of all credentials in clear text. |
| 2024-10-17 2024 | My First Bug: Blind SSRF Through Profile Picture UploadBug BountySSRF | The content is a writeup detailing the discovery of the author's first bug, which involves a blind Server-Side Request Forgery (SSRF) vulnerability through profile picture upload. The author likely shares their experience, the steps taken to identify the bug, and the impact of the vulnerability. This bug could potentially allow an attacker to manipulate the server into making requests on their behalf, leading to unauthorized access or data leakage. The writeup may also include insights on responsible disclosure and the importance of thorough security testing in web applications. |
| 2024-10-17 2024 | Server Side Request Forgery — SSRFSSRF | Server Side Request Forgery (SSRF) is a web vulnerability that enables attackers to manipulate a server to make unauthorized requests. This issue can lead to data leaks, unauthorized access, and potential server exploitation. Preventing SSRF involves input validation, restricting access to sensitive resources, and using secure coding practices. It is crucial for developers and organizations to be aware of SSRF risks and implement robust security measures to mitigate this threat effectively. |
| 2024-10-17 2024 | Vimeo SSRF with code execution potential.RCESSRF | The content discusses the discovery of a semi-responded SSRF vulnerability on Vimeo that potentially allows for code execution. The author shares their process of finding and exploiting this vulnerability in a blog post. |
| 2024-10-17 2024 | Server Side Request Forgery (SSRF) TestingSSRF | The content discusses Server Side Request Forgery (SSRF) testing for fun rather than for a bounty. The author discovered a website vulnerable to SSRF but did not exploit it. The focus is on testing and identifying SSRF vulnerabilities in web applications. |
| 2024-09-21 2024 | XXE : From Zero to HeroXXE | Hello fellow hackers, I hope you all are doing good and learning something new :) . As i said in my RECON blog I will be writing about… |
| 2024-09-14 2024 | Unlocking OAuth SecurityAPI SecAuthN | In this blog, we will uncover the different oauth security implications on both the client applications and the oauth server. |
| 2021-06-05 2021 | Automating Burp Suite -4 | Understanding And Customising Custom Header FromBurp | The content discusses the creation of a Burp Extension using Jython to automate Burp Suite tasks. Specifically, it focuses on adding custom headers to requests. This is the fourth tutorial in the series, emphasizing understanding and customizing custom headers. The tutorial likely provides step-by-step instructions on how to implement this feature within Burp Suite for automated testing and customization purposes. |
| 2021-05-17 2021 | How to discover up to 10,000 subdomains with your own tool | by _Y000_ | InBug Bounty | The content discusses creating a tool using bash to discover up to 10,000 subdomains. The tool's development involves programming tasks in bash and breaking them down into parts for better understanding and implementation. |
| 2021-04-15 2021 | Story of a really cool SSRF bug.. Hello all! My name is Vedant, also… | bySSRF | Vedant, also known as Vegeta on Twitter, is a cybersecurity enthusiast and bug bounty hunter. He shares a story about discovering a significant Server-Side Request Forgery (SSRF) bug. This bug showcases his skills in identifying vulnerabilities and his passion for cybersecurity. |
| 2021-04-10 2021 | Intro to Bug Bounty Automation (pt.2): Port Scanning with Slack | InfoSec WBug Bounty | The content discusses using Slack as a communication channel for delegating tasks like port scanning, even though Slack itself cannot perform port scans. It highlights the importance of utilizing automation tools and platforms like Slack to streamline bug bounty processes and improve efficiency in cybersecurity tasks. |