infosec-write-ups-medium
feeds.twtxt.netNo description provided.
Beyond best practices: Using OWASP ASVS to bake security into your delivery pipeline for 2025
How to turn a community-driven checklist into a living part of your SDLC.
[Cont … ⌘ Read more
Find Secrets in Hidden Directories Using Fuzzing ️
Free Article Link
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/find-secrets-in-hidden-directories-using-fuzzing-%EF%B8%8F-1666d6f34fd8?source=rss—-7b722bfd1b8d- … ⌘ Read more
Day 4: DOM XSS in innerHTML sink using source location.search: Zero to Hero Series — Portswigger ⌘ Read more
Lab: Exploiting server-side parameter pollution in a query string
Server Side parameter pollution
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/lab-exploiting-server-side-parameter-pollution-in-a … ⌘ Read more
Exploiting Server-Side Parameter Pollution in Query Strings — An API Hacking Tale ⌘ Read more
Breaking Twitter’s VPN: $20,160 Bounty for a Pre-Auth RCE via Pulse Secure Chain
How Orange Tsai & Meh Chang Combined File Read, Session Hijack, and Admin Injection to Breach Twitter’s Internal … ⌘ Read more
**One Endpoint to Rule Them All: How I Chained 3 Bugs into Full Account Takeover **
Hey there!😁
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/one-endpoint-to-rule-them-all-h … ⌘ Read more
Demystifying Cookies : The Complete Guide for Bug Bounty Hunters — Part 1
Everything you need to know about cookies to expand your attack surface and find real bugs.
[Continue reading on InfoSec Write-ups »](h … ⌘ Read more
**Silent but Deadly: How Blind XSS in Email Notifications Gave Me Root Alerts **
Hey there!😁
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/silent-but-deadly-how-blind-xss-in-email … ⌘ Read more
DFIR: An Introduction | TryHackMe Write-Up | FarrosFR
Here is my article on the walkthrough of a free room: DFIR: An Introduction. Introductory room for the DFIR module. I wrote this in 2025…
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/ … ⌘ Read more
Hacking My Car, and probably yours— Security Flaws in Volkswagen’s App ⌘ Read more
Light Mode for Hack The Box ⌘ Read more
The Ultimate Roadmap to Becoming a Bug Bounty Hunter ⌘ Read more
Step by Step Complete Beginners guide of iOS penetration testing ⌘ Read more
MITM HTTPS Payload with Python
A lightweight MITM tool for monitoring encrypted traffic and detecting threats powered by AI and built in Python
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/mitm-https-payload-with-python-499ebf8e933f?source=rss—-7b722bfd1b8d— … ⌘ Read more
**From CSP to OMG: How a Tiny Misconfigured Header Let Me Run JS Anywhere **
Hey there!😁
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/from-csp-to-omg-how-a-tiny-misconfigured-header-let- … ⌘ Read more
I Gave Myself 60 Minutes to Find a Bug — This Is What Happened
Free Article Link
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/i-gave-myself-60-minutes-to-find-a-bug-this-is-what-happened-e5fa76563a33?so … ⌘ Read more
How to Build a Secure Password Manager in Python ⌘ Read more
From Zero to $1000/Month | Bug Bounty Automation Blueprint
Proven Tactics, Tools, and Code to Automate Your Way to Consistent Bounties
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/from-zero-to-1000-month-bug-boun … ⌘ Read more
️My Top 7 Mistakes as a New Bug Hunter (And How to Avoid Them)
Free Article Link only for you
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/%EF%B8%8Fmy-top-7-mistakes-as-a-new-bug-hunter- … ⌘ Read more
What is Cross-Site Scripting (XSS)? Completely explained with types. ⌘ Read more
Exploiting Unsanitized URL Handling & SQL Injection via Deep Links in iOS App: Write-up of Flipcoin ⌘ Read more
Bypassing iOS App Jailbreak Detection by Patching the Binary with Ghidra: Write-up of No-Escape Lab ⌘ Read more
** The Misconfigured Magnet: How Public Buckets Exposed Millions of User Files **
Hey there😁
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/the-misconfigured-magnet-how-public-buck … ⌘ Read more
** They Missed This One Tiny Parameter — I Made $500 Instantly**
✨Free Article Link
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/they-missed-this-one-tiny-parameter-i-made-500-instantly-f2f7d1c1c1d9?source=rss—-7 … ⌘ Read more
The Battle for Python’s Soul: How uv is Challenging pip’s Championship Reign
The stadium lights flicker on. The crowd falls silent. In the blue corner, weighing in with over a decade of dominance and … ⌘ Read more
Rabbit Store | TryHackMe Medium
Problems: What is user.txt? What is root.txt? Solution: First of all we get a IP address so I preformed an NMAP scan discovering ports…
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/rabbit-store-tryhackme-medium-f9f5069fbb50?source=r … ⌘ Read more
Mastering SQL Injection Recon: Step-by-Step Guide for Bug Bounty Hunters
A practical guide to uncovering SQL injection flaws using automation, payloads and deep reconnaissance techniques.
[Continue reading … ⌘ Read more
Build Your Own AI SOC — Part 7 Build a Security Knowledge Assistant With RAG + GPT
From Search to Understanding
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/build-you … ⌘ Read more
Exciting Cybersecurity Careers That Don’t Require Coding
Do you believe that cybersecurity is only for programmers who are bent over keyboards, typing code after code to ward off hackers? Rethink…
Writing Pentest Reports | TryHackMe Write-Up | FarrosFR
Non-members are welcome to access the full story here. Write-Up by FarrosFR | Cybersecurity
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/writing-pentest-reports-tryhackme-wri … ⌘ Read more
Part 3:2 — Electron-Based App Security Testing Fundamentals — Case Study of Extract & Analyze .asar ⌘ Read more
Part 3:1 — Electron-Based App Security Testing Fundamentals - Extract & Analyze .asar ⌘ Read more
Part 2 — Electron-Based App Security Testing Fundamentals — Installing and Detecting… ⌘ Read more
Part 1 — Electron-Based App Security Testing Fundamentals — Introduction to Electron Framework ⌘ Read more
Find Subdomains Like a Pro! ⌘ Read more
** “Before injection, understanding” — What every hacker needs to master before exploiting a NoSQL…**
NoSQL database types
[Continue reading on InfoSec Write-ups »](https: … ⌘ Read more
Another security patch. Another missed opportunity. ⌘ Read more
$4,500 Bounty: SQL Injection in WordPress Plugin Leads to PII Exposure at Grab
How a Plugin Preview Feature Exposed User Data and Nearly Enabled Admin Dashboard Pivoting
[Continue reading on Info … ⌘ Read more
I Broke Rate Limits and Accessed 1000+ User Records — Responsibly
👉Free Article Link
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/i-broke-rate-limits-and-accessed-1000-user-records-responsibly-8c45f … ⌘ Read more
Write Cybersecurity Blog Titles That Get Clicks ⌘ Read more
Millions of Records Exposed via SQL Injection in a Tamil Nadu Government Portal ⌘ Read more
Crypto Failures | TryHackMe Medium
Questions: What is the value of the web flag? What is the encryption key? Solution: We are firstly given an IP address. I preformed a…
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/crypto-failures-tryhackme-medium-d60d55b849 … ⌘ Read more
$20,000 Bounty: How a Leaked Session Cookie Led to Account Takeover on HackerOne
How one accidental copy-paste exposed sensitive data and what you can learn to find similar bugs
[Continue rea … ⌘ Read more
Strengthening Web service security with Apache2: Best practices for 2025
Keeping your Apache2 web services safe: What you need to know this year
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/ … ⌘ Read more
Bypassing Login via NoSQL Operator Injection: A MongoDB Authentication Hack ⌘ Read more
Build Your Own AI SOC — Part 6 Daily AI-Powered Threat Briefings With n8n + GPT
Introduction: Information Without Overload
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/buil … ⌘ Read more
** Redirect Roulette: How Poor OAuth Redirect Handling Gave Me Account Takeover **
Hey there!😁
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/redirect-roulette-how-poor-oauth-red … ⌘ Read more
5 Linux Commands You’ve Probably Never Heard Of
In this article, I will show you five Linux commands you’ve probably never heard of. They’re simple, practical, and designed to make your…
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.c … ⌘ Read more
Here’s everything you need to know about ARP Poisoning. ⌘ Read more
$750 Bounty: for HTTP Request Smuggling on Data.gov
How a cleverly crafted desync attack revealed a hidden path to client-side compromise, JS injection and potential cookie theft
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/ … ⌘ Read more
The Most Dangerous Bug I’ve Ever Found (And No One Was Looking)
👉Free Article Link
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/the-most-dangerous-bug-ive-ever-found-and-no-one-was-looking-2e96e5079a01? … ⌘ Read more
Sharpening Command Injections to get Full RCE
Uncommon Bash tricks to Bypass WAF and achieve Remote Code Execution (RCE)
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/sharpening-command-injections-to-get-full-rce-e4cf257d2c66?source= … ⌘ Read more
**Token of Misfortune: How a Refresh Token Leak Let Me Regenerate Unlimited Sessions **
Free Link 🎈
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/token-of-misfortune … ⌘ Read more
IPinfo Free Geolocation API: Tools, Setup & Use Cases ⌘ Read more
$10,500 Bounty: A Grammarly Account Takeover Vector
When a Space Breaks the System: How Improper Entity Validation Led to a Full SSO Denial and Potential Account Takeovers
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/10-500- … ⌘ Read more
How I Gained Root Access on a Vulnerable Web Server: From Reconnaissance to Privilege Escalation
Web Server Exploitation & Privilege Escalation - Full Walkthr … ⌘ Read more
0 to First Bug: What I’d Do Differently If I Started Bug Bounty Today
Free Article Link
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/0-to-first-bug-what-id-do-differently-if-i-started-bug … ⌘ Read more
I Built a Tool to Hack AI Models — Here’s What It Uncovered
A few months ago, I was auditing a chatbot deployed inside a financial services platform. It used a mix of retrieval-augmented generation…
[Continue reading on InfoSec Write-ups »](http … ⌘ Read more
**Caching Trouble: The Public Cache That Leaked Private User Data **
Hey there!😁
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/caching-trouble-the-public-cache-that-leaked-private-user-data-0d410af5cb4c … ⌘ Read more
$500 Bounty: A Referer Leak in Brave’s Private Tor Window
When Anonymity Isn’t Anonymous: $500 Bounty for Revealing a Brave Referer Exposure
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/500-bounty-a-referer-leak-in … ⌘ Read more
Instagram API Documentation: Key Concepts Explained for Developers ⌘ Read more
Get Geocoding API Key: Step-by-Step Guide for Developers ⌘ Read more
Part-2️♂️Bug Bounty Secrets They Don’t Tell You: Tricks From 100+ Reported Bugs
✨Free Article Link
[Continue reading on InfoSec Write-ups »](https://infosecwri … ⌘ Read more
$500 Bounty: Race Condition in Hacker101 CTF Group Join
$500 for discovering a timing flaw in Hacker101’s invite system that let users join the same team multiple times
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/50 … ⌘ Read more
Secret to find bugs in five minutes. Juicy reality. ⌘ Read more
Securing MCP Servers: Key Lessons from a Vulnerable Project ⌘ Read more
Microsoft Goes Passwordless: What You Need to Know ⌘ Read more
** NoSQL Injection Detection — A hands-on Exploitation Walkthrough** ⌘ Read more
How a Simple Logic Flaw Led to a $3,250 Bounty
Claiming Unclaimed Restaurants on Zomato via OTP Manipulation
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/how-a-simple-logic-flaw-led-to-a-3-250-bounty-476d747bf57a?source=rss—-7b722 … ⌘ Read more
From 0 to $$$: Finding Rate Limit Bypasses Like a Pro ⌘ Read more
** Blog Title: Not Your File: How Misconfigured MIME Types Let Me Upload Evil Scripts **
Hey there!😁
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/blog-title-not-your … ⌘ Read more
☕Best Tool for Analyzing Java Files (90% of Hackers Don’t Know This)
Free Article Link
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/best-tool-for-analyzing-java-files-90-of-hackers-dont-know-this- … ⌘ Read more
Application Security Checklist: From Idea to Production ⌘ Read more
How to Pitch at RSA Innovation Sandbox, Black Hat Startup Spotlight, and GISEC Cyberstars ⌘ Read more
Expose & Explore: Discover misconfigured service protocols and ports using Linux
Internet Assigned Numbers Authority (IANA) is the organisation responsible for managing and assigning port number … ⌘ Read more
Hacking With No Tools: How to Break Web Apps Using Just Your Browser ️♂️
Hacking With No Tools: How to Break Web Apps Using Just Your Browser 🕵️♂️
[Continue reading on In … ⌘ Read more
Breaking In Through the Backdoor: Password Reset Gone Wrong
Imagine being able to take over any user’s account on a platform — even without their interaction. No phishing, no social engineering, and…
[Continue reading on InfoSec Wr … ⌘ Read more
** JWT Exploitation: How I Forged Tokens and Took Over Accounts**
🔐Free Article Link
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/jwt-exploitation-how-i-forged-tokens-and-took-over-accounts-2e7ab1cf4df8?sour … ⌘ Read more
Top 8 Best Vulnerability Scanning Tools (2025 Guide) ⌘ Read more
HTB Zephyr Lab Explained: Real-World Red Team Operator Strategies for OSEP ⌘ Read more
How I Found a Way to Prolong Password Reset Code Expiry
Free Article Link: Click for free!
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/how-i-found-a-way-to-prolong-password-reset-code-expiry-6214391023de?source=rss—-7b7 … ⌘ Read more
How I Deleted Any User’s Account— No Interaction Needed
Free Article Link: Click for free!
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/how-i-deleted-any-users-account-no-interaction-needed-faae0442ff4f?source=rss—-7b722bfd1 … ⌘ Read more
**Forget Me Not: How Broken Logout Functionality Let Me Ride Sessions Forever **
Hey there!😁
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/forget-me-not-how-broken-logout-function … ⌘ Read more
I Broke Authentication — Without Exploiting Anything ⌘ Read more
$256 Bounty : XSS via Web Cache Poisoning in Discourse
How Injecting Headers and Poisoning Cache Led to Stored Cross-Site Scripting
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/256-bounty-xss-via-web-cache-poisoning-in-d … ⌘ Read more
The Human Firewall: Why Your Employees Are Both Your Greatest Vulnerability and Asset
In the high-stakes world of cybersecurity, organizations invest millions in sophisticated technologic … ⌘ Read more