↳
In-reply-to
»
Advent of Code 2025 starts tomorrow. 🥳🎄
⤋ Read More
FWIW, day 03 and day 04 where solved on SuSE Linux 6.4:
https://movq.de/v/faaa3c9567/day03.jpg
https://movq.de/v/faaa3c9567/day04%2Dv3.jpg
Performance really is an issue. Anything is fast on a modern machine with modern Python. But that old stuff, oof, it takes a while … 😅
Should have used C or Java. 🤪 Well, maybe I do have to fall back on that for later puzzles. We’ll see.
Advent of Code 2025 starts tomorrow. 🥳🎄
This year, I’m going to use Python 1 on SuSE Linux 6.4, writing the code on my trusty old Pentium 133 with its 64 MB of RAM. No idea if that old version of Python will be fast enough for later puzzles. We’ll see.
↳
In-reply-to
»
@bender It's good enough ti iron out any bugs 🐛 Can I haz an account? 🙏
⤋ Read More
@prologic@twtxt.net I will share later my GoToSocial 10 lines (or less) config.yaml, and 4 lines Caddyfile, and you will see how easy it is.
↳
In-reply-to
»
And regarding those broken URLs: I once speculated that these bots operate on an old dataset, because I thought that my redirect rules actually were broken once and produced loops. But a) I cannot reproduce this today, and b) I cannot find anything related to that in my Git history, either. But it’s hard to tell, because I switched operating systems and webservers since then …
⤋ Read More
@lyse@lyse.isobeef.org Probably wouldn’t help, since almost every request comes from a different IP address. These are the hits on those weird /projects URLs since Sunday:
1 IP has 5 hits
1 IP has 4 hits
13 IPs have 3 hits
280 IPs have 2 hits
25543 IPs have 1 hit
The total number of hits has decreased now. Maybe the botnet has moved on …
When Reading the Source Code Is the Real Hack: A Web Challenge Story | v1t CTF ⌘ Read more
Reflected XSS → DVWA Walkthrough: Learn How User Input Can Trigger a Script Execution ⌘ Read more
** SQL Injection: Listing Database Contents on Non-Oracle Databases**
UNION-based SQL injection used to enumerate database tables, extract credential columns, dump usernames and passwords, and log in as the…
[Continue reading on I … ⌘ Read more
Privilege Escalation From Guest To Admin ⌘ Read more
CORS Vulnerability with Trusted Null Origin
Discover how a simple CORS misconfiguration can leak sensitive data across origins.
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/cors-vulnerability-with-trusted-null-origin-0f9593bd7674?source= … ⌘ Read more
How I Cleared the CISSP and CISM in 6 Months — A Realistic Strategy That Actually Works
The Opening: Why This Matters
[Continue reading on InfoSec Write-ups »](https://infosecwri … ⌘ Read more
CORS Vulnerability with Trusted Insecure Protocols
Understanding how insecure CORS configurations can expose sensitive data across subdomains.
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/cors-vulnerability-with-trusted-in … ⌘ Read more
Digital Forensics — Windows USB Artifacts [Insider Threat Case] ⌘ Read more
How to Find P1 Bugs using Google in your Target — (Part-2)
Earn rewards with this simple method.
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/how-to-find-p1-bugs-using-google-in-your-target-part-2-d37a9bb0b2e7?sour … ⌘ Read more
**I Could Change Anyone’s Email Preferences — Without Logging In ** ⌘ Read more
Lab 3#: Finding and exploiting an unused API endpoint | Api Testing ⌘ Read more
A single unsanitized parameter is all an attacker needs
Ignite Realtime Blog: First release candidate of Smack 4.5 published
The Smack developers are happy to announce the availability the first release candidate (RC) of Smack 4.5.0.
The upcoming Smack 4.5 release contains many bug fixes and improvements. Please consider testing this release candidate in your integration stages and report back any issues you may found. The more people are actively testing release candidates, the less issues will remain in the actual release.
Smac … ⌘ Read more
From Wooden Ducks to Digital Flags: My First v1t CTF OSINT Challenge ⌘ Read more
**How I Used AI to Become Someone Else (And Why Your Face Is No Longer Your Password) **
Free Link 🎈
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/how-i-used-ai-to-b … ⌘ Read more
Capture: A TryHackMe CTF writeup ⌘ Read more
HTB Starting Point: Synced ⌘ Read more
**The Authorization Circus: Where Security Was the Main Clown **
Free Link 🎈
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/the-authorization-circus-where-security-was-the-main-clown-f4b84ca9356f?source=rss—-7b … ⌘ Read more
Time-of-check Time-of-use (TOCTOU) Race Condition Leads to Broken Authentication | Critical Finding ⌘ Read more
Account Takeover via IDOR: From UserID to Full Access ⌘ Read more
AI/ LLM Hacking — Part 6 — Excessive Agency | Insecure Plugin ⌘ Read more
HTB Starting Point: Mongod ⌘ Read more
Python Software Foundation Running Out of Money
After turning down $1.5 Million from the US Government as an act of DEI Virtue Signalling, the Python Software Foundation reveals that they have a $1.4 Million deficit, with only 6 months of money left. ⌘ Read more
**How I Used Sequential IDs to Download an Entire Company’s User Database (And The Joker Helped) **
Hey there!😁
[Continue reading on InfoSec Write-ups »](https://infosec … ⌘ Read more
Ehxb | Race Conditions Vulnerabilities I ⌘ Read more
Ehxb | Path Traversal Vulnerabilities ⌘ Read more
Tre — PG Play Writeup ⌘ Read more
**The Great Tenant Mix-Up: How I Accidentally Became Every Company’s Employee **
Free Link 🎈
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/the-great-tenant-mix-up-how-i-accidentally … ⌘ Read more
How I Cracked the eJPT Exam in Just 3 Hours with a Score of 85% ⌘ Read more
A Hacker’s Journey to NASA’s Hall of Fame ⌘ Read more
** Autumnal week notes **
Someone I grew up with happened to go to the same college as me, and now we happen to live in the same relatively small city. We’ve been totally casual but pretty consistent mainstays of each others’ lives for going on 20 years at this point. She’s also one of the few people that I run into who knows that I can’t actually see well enough to reliably tell people apart from any further away than like 4 or 5 feet, and I always feel really appreciative whenever she waves that she also always says“hi” and who … ⌘ Read more
Idor — TryHackMe writeup ⌘ Read more
Web Cache Deception Attack – A Hidden Threat in Today’s Web Applications ⌘ Read more
SQL Injection Leads to dump the Student PII ⌘ Read more
HTB Academy: Windows Fundamentals ⌘ Read more
011e021d6fa524b55bfc5ba67522daeb | MD5 Breakdown? ⌘ Read more
#4 RFI: From an External URL Into your Application
Understanding RFI isn’t just about finding a bug; it’s about recognizing a critical design flaw that, if exploited, hands an attacker the…
[Continue reading on InfoSec Write-ups »](https://infosecwrit … ⌘ Read more
**How I Made ChatGPT My Personal Hacking Assistant (And Broke Their “AI-Powered” Security) **
Free Link 🎈
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/how-i-m … ⌘ Read more
Hack the Box: Nibbles Walkthrough ⌘ Read more
**How I Hacked JWT Tokens and Became Everyone on the Internet (Temporarily) **
Hey there!😁
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/how-i-hacked-jwt-tokens-and-became-everyone-on-t … ⌘ Read more
Exposed API Keys and Secrets with AI
Quick Disclosure of API Key and Secret to guess parameter value
$1000 Bounty: GitLab Security Flaw Exposed
How a $1000 Bounty Hunt Revealed a GraphQL Type Check Nightmare Allowing Maintainers to Nuke Repositories
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/1000-bounty-gitlab-security-flaw-exposed-dd30978 … ⌘ Read more
**How I Became the Unofficial Company Archivist (And Saw Things I Can’t Unsee) **
Free Link🎈
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/how-i-became-the-unofficial-company-archiv … ⌘ Read more
Planning — HackTheBox Walkthrough ⌘ Read more
Relevant — TryHackMe Room Walkthrough ⌘ Read more
The $2,000 Bug That Changed My Life: How a Tiny URL Parameter Broke Web-Store Pricing !! ⌘ Read more
Reverse Polish Pwn Writeup | FortID CTF 2025 ⌘ Read more
“The $10,000 Handlebars Hack: How Email Templates Led to Server Takeover”
While studying advanced template injection techniques, I came across one of the most fascinating bug bounty stories I’ve ever encountere … ⌘ Read more
**The Day I Became Everyone: How User Swapping Turned Me into a Digital Shapeshifter **
Hey there!😁
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/the-day-i-became-ev … ⌘ Read more
“The $12,500 DNS Trick That Hacked Snapchat’s Cloud Servers”
While studying advanced SSRF techniques, I came across a fascinating case where researchers @nahamsec, @daeken, and @ziot combined DNS…
[Continue reading on InfoSec Write-ups … ⌘ Read more
How I Reported a Pre-Account Hijack Affecting Any Gmail User (Even Google Employees)- My Bug… ⌘ Read more
↳
In-reply-to
»
There are no really good GUI toolkits for Linux, are there?
⤋ Read More
@movq@www.uninformativ.de Don’t you worry, this was meant as a joke. :-D
There was a time when I thought that Swing was actually really good. But having done some Qt/KDE later, I realized how much better that was. That were the late KDE 3 and early KDE 4 days, though. Not sure how it is today. But back then it felt Trolltech and the KDE folks put a hell lot more thought into their stuff. I was pleasantly surprised how natural it appeared and all the bits played together. Sure, there were the odd ends, but the overall design was a lot better in my opinion.
To be fair, I never used it from C++, always the Python bindings, which were considerably more comfortable (just alone the possibility to specify most attributes right away as kwargs in the constructor instead of calling tons of setters). And QtJambi, the Java binding, was also relatively nice. I never did a real project though, just played around with the latter.
↳
In-reply-to
»
@lyse it hasn't happened yet. It is this coming Saturday.
⤋ Read More
@bender@twtxt.net Hm, are we talking about different dates or are there different timezone offsets for this timezone abbreviation? With EDT being UTC-4, 2025-11-02T12:00:00Z is Sunday at 8:00 in the morning local time for you. Or were did I mess up here? :-?
@prologic@twtxt.net You want me to submit a reply with “I probably won’t show up”?
O Público a dar 4 estrelas à porcaria da xbox portátil, megalol
Canada’s annual inflation rate rose 2.4% in September as grocery prices keep creeping up ⌘ Read more
Unveiling Hidden AWS Keys In My First Android Pentest
We often find our greatest challenges — and lessons — in the most unexpected places. For me, it was during a casual, personal e … ⌘ Read more
**How I Became an Accidental Admin and Almost Got Fired (From Someone Else’s Company) **
Free Link 🎈
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/how-i-became-an-acci … ⌘ Read more
️ Spring Boot API Security Like a Pro: Rate Limiting, Replay Protection & Signature Validation…
Learn how to secure your Spring Boot APIs using rate lim … ⌘ Read more
25. Monetizing Your Skills Beyond Bug Bounty
Turn your hacking expertise into a thriving career beyond bounties.
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/25-monetizing-your-skills-beyond-bug-bounty-a6b503d6b6dc?source=rss—-7b722bf … ⌘ Read more
The Art of Breaking OAuth: Real-World Exploit and Misuses ⌘ Read more
Mastering Host Header Injection: Techniques, Payloads and Real-World Scenarios
Learn How Attackers Manipulate Host Headers to Compromise Web Applications and How to Defend Against It
[Continue re … ⌘ Read more
The Ultimate Guide to 403 Forbidden Bypass (2025 Edition)
Master the art of 403 bypass with hands-on examples, tools and tips..
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/the-ultimate-guide-to-403-forbidden-byp … ⌘ Read more
How to Identify Sensitive Data in JavaScript Files: (JS-Recon)
A complete guide to uncovering hidden secrets, API keys, and credentials inside JavaScript files
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/h … ⌘ Read more
FFUF Mastery: The Ultimate Web Fuzzing Guide
Practical techniques, wordlists, and templates to fuzz every layer of a web app.
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/ffuf-mastery-the-ultimate-web-fuzzing-guide-f7755c396b92?source= … ⌘ Read more
How I Mastered Blind SQL Injection With One Simple Method
Transforming my web security skills by learning to listen to a silent database
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/how-i-mastered-blind-sql-injection-w … ⌘ Read more
ProtoVault Breach Forensics Challenge Offsec CTF Week 1
Maverick is back again with a fresh article this time I dug into ProtoVault Breach, the Week 1 forensics challenge from the Offsec CTF…
[Continue reading on InfoSec Write-ups »](ht … ⌘ Read more
Internal Password Spraying from Linux: Attacking Active Directory
[Continue rea … ⌘ Read more
How I was able to discover Broken Access Control ⌘ Read more
How I Found a $250 XSS Bug After Losing Hope in Bug Bounty
📌 Free Link
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/how-i-found-a-250-xss-bug-after-losing-hope-in-bug-bounty-8ab557df4d1d?source=rss—-7b722bf … ⌘ Read more
23. Tools vs. Mindset: What Matters More in 2025
Why the Right Mindset Will Outperform the Most Advanced Tools
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/23-tools-vs-mindset-what-matters-more-in-2025-1be217350787?source=rss—-7b7 … ⌘ Read more
How to Find XSS Vulnerabilities in 2 Minutes [Updated]
My simple yet powerful technique for spotting XSS vulnerabilities during bug hunting.
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/find-xss-vulnerabilities-in-just-2-minutes-d14b63d00 … ⌘ Read more
Analysis of 4.4-million-year-old ankle exposes how earliest ancestors moved and evolved
For more than a century, scientists have been piecing together the puzzle of human evolution, examining fossil evidence to understand the transition from our earliest ancestors to modern humans. ⌘ Read more
** Encrypt & Decrypt Database Fields in Spring Boot Like a Pro (2025 Secure Guide)**
“Your database backup just leaked. Is your data still safe?”
[Continue reading on InfoSec Write-ups »](https://infos … ⌘ Read more
Reflected in the DOM, Escalated to Account Takeover ⌘ Read more
A Bug Hunter’s Guide to CSP Bypasses (Part 1) ⌘ Read more
CTF to Bug Bounty: Part 1 of the Beginner’s Series for Aspiring Hunters
From CTF flags to real-world bugs — your next hacking adventure starts here.
[Continue reading on InfoSec Write-ups »](https://infosecwriteups. … ⌘ Read more
Bypass 403 Response Code by Adding Creative String | IRSYADSEC
HTTP 403 is a response code indicating that access to the requested resource is forbidden. This can happen due to various reasons, such as…
[Continue reading on Inf … ⌘ Read more
Hack the Box Starting Point: Preignition ⌘ Read more
How Prosper Landed His First Cybersecurity Job (and What You Can Learn From It) ⌘ Read more
Beyond the Shell: Advanced Enumeration and Privilege Escalation for OSCP (Part 3)
Part 3 reveals the high-value Windows PrivEsc methods that defeat rabbit holes. Master file transfer, service … ⌘ Read more
CVE Deep Dive : CVE-2025–32463 ⌘ Read more
** SecurityFilterChain Explained: The Secret Sauce Behind Spring Security**
Spring Security has evolved — the old WebSecurityConfigurerAdapter is gone, and the new SecurityFilterChain is now the backbone of Spring…
… ⌘ Read more
Wage growth slows slightly over summer
Annual growth in employees’ average earnings was 4.7% in the three months to August. ⌘ Read more
Wage growth slows slightly over summer
Annual growth in employees’ average earnings was 4.7% in the three months to August. ⌘ Read more
Wage growth slows slightly over summer
Annual growth in employees’ average earnings was 4.7% in the three months to August. ⌘ Read more
Wage growth slows slightly over summer
Annual growth in employees’ average earnings was 4.7% in the three months to August. ⌘ Read more
Wage growth slows slightly over summer
Annual growth in employees’ average earnings was 4.7% in the three months to August. ⌘ Read more
Wage growth slows slightly over summer
Annual growth in employees’ average earnings was 4.7% in the three months to August. ⌘ Read more
Wage growth slows slightly over summer
Annual growth in employees’ average earnings was 4.7% in the three months to August. ⌘ Read more
Israel accuses Hamas of violating deal after group says it’s only releasing 4 bodies ⌘ Read more
“The Overlooked P4 Goldmine: Turning Simple Flaws into Consistent Bounties”
We’ve all been there — scrolling through bug bounty platforms, seeing hunters post about critical RCEs and complex chain exploit … ⌘ Read more
CVE Deep Dive : CVE-2025–32462 ⌘ Read more