↳
In-reply-to
»
I'm contemplating the idea of switching my activity pub instance from
⤋ Read More
Gootosocial to a Pleroma one. While GTS is kinda cute (lightweight and easy to manage) of a software, the inability to fetch/scroll through people's past toots when visiting a profile or having access to a federated timeline and a proper search functionality ...etc felt like handicap for the past N months.
@bender@twtxt.net yeah, I’ve been reading through the documentation last night and it felt overwhelming for a minute… +1 point goes to GTS’s docs. but hey, I’ll be taking the easy route: podman-compose up -d they provide both a container image and an example compose file in a separate git repo but I’m wondering why that is not mentioned anywhere in the docs, (unless it is and I haven’t seen it yet)
↳
In-reply-to
»
FWIW, day 03 and day 04 where solved on SuSE Linux 6.4:
⤋ Read More
I meant were. You get the idea.
Also, I just realized that simple links like that turn into inline images on twtxt.net. Nice! 🥳
↳
In-reply-to
»
@movq I see problems with that, yes. Case in point:
⤋ Read More
@movq@www.uninformativ.de yeah, you fetched it too quickly, it was edited seconds after picking the wrong image. LOL. Which brings us back in a whole, huge circle, to twtxt edits, and how to handle them. 😅
↳
In-reply-to
»
I have a question! I'm looking for a small personal camera(specifically good for videos because that's what I'll use it for) that's cheap enough for a teen to afford but also actually good. Do any of you tech people have any good recs?
⤋ Read More
@kiwu@twtxt.net It also greatly depends on what kind of videos you plan to record. When you go, let’s say, diving, the specs need to be probably more suited to that type of environment. What about zoom, macro shots, wide landscapes, and so on? When typically mounted on a tripod, I’d say builtin image stabilization is not required, but for more action shots, this is fairly important to not get sea sick. :-)
I’ve got a Nikon Coolpix S9300. I typically only take photos, but it also works for the occasional video. Free hand moves are quite difficult, but when mounted to a tripod, this is not too shabby. There’s absolutely no way around a (makeshift) tridpod when zooming in, though. The audio is definitely not the best, especially wind destroys everything. If I recorded more video, I would certainly want to have an external microphone.
** SQL Injection: Listing Database Contents on Non-Oracle Databases**
UNION-based SQL injection used to enumerate database tables, extract credential columns, dump usernames and passwords, and log in as the…
[Continue reading on I … ⌘ Read more
CORS Vulnerability with Trusted Null Origin
Discover how a simple CORS misconfiguration can leak sensitive data across origins.
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/cors-vulnerability-with-trusted-null-origin-0f9593bd7674?source= … ⌘ Read more
How I Cleared the CISSP and CISM in 6 Months — A Realistic Strategy That Actually Works
The Opening: Why This Matters
[Continue reading on InfoSec Write-ups »](https://infosecwri … ⌘ Read more
CORS Vulnerability with Trusted Insecure Protocols
Understanding how insecure CORS configurations can expose sensitive data across subdomains.
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/cors-vulnerability-with-trusted-in … ⌘ Read more
How to Find P1 Bugs using Google in your Target — (Part-2)
Earn rewards with this simple method.
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/how-to-find-p1-bugs-using-google-in-your-target-part-2-d37a9bb0b2e7?sour … ⌘ Read more
A single unsanitized parameter is all an attacker needs
Android shopping list apps disappointed me too many times, so I went back to writing these lists by hand a while ago.
Here’s what’s more fun: Write them in Vim and then print them on the dotmatrix printer. 🥳
And, because I can, I use my own font for that, i.e. ImageMagick renders an image file and then a little tool converts that to ESC/P so I can dump it to /dev/usb/lp0.
(I have so much scrap paper from mail spam lying around that I don’t feel too bad about this. All these sheets would go straight to the bin otherwise.)
ProcessOne: On Signal Protocol and Post-Quantum Ratchets
Signal improved its protocol to prepare encrypted messaging for the quantum era.
They call the improvement “Triple Ratchet” (or SPQR = Signal Post-Quantum Ratchet).
[Signal Protocol and Post-Quantum Ratchets\ \ We are excited to announce a significant advancement in the security … ⌘ Read more
↳
In-reply-to
»
@prologic all I can say or, rather, express is…
⤋ Read More
I have now permitted the following media types:
image/*
audio/*
video/*
text/*
** Timber **
Timber, I’m not gonna lie, I kinda hated you. At the same time I am surprised to find how gutted I am now … ⌘ Read more
**How I Used AI to Become Someone Else (And Why Your Face Is No Longer Your Password) **
Free Link 🎈
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/how-i-used-ai-to-b … ⌘ Read more
**The Authorization Circus: Where Security Was the Main Clown **
Free Link 🎈
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/the-authorization-circus-where-security-was-the-main-clown-f4b84ca9356f?source=rss—-7b … ⌘ Read more
Jeremy Renner Accused of Threatening to Call ICE on Chinese Filmmaker Yi Zhou After Misconduct Allegations. Chinese filmmaker Yi Zhou claims Avengers star Jeremy Renner threatened to call ICE after she confronted him over alleged misconduct and sending explicit images ⌘ Read more
↳
In-reply-to
»
@prologic when I first "fed" the text to Gemini, I asked for a three paragraphs summary. It provided it. Then I asked to "elaborate on three areas: user experience, moral/political impact, and technical/legal concerns". The reply to that is too long for a twtxt.
⤋ Read More
This brings a thought I had for a long time, why can’t we upload arbitrary files to a twtxt? If not an image, make it simply a link. I could have used such feature to upload the text.
The XMPP Standards Foundation: The XMPP Newsletter October 2025
Welcome to the XMPP Newsletter, great to have you here again!
This issue covers the month of October 2025.
The XMPP Newsletter is brought to you by the XSF Communication Team.
Just like any other product or project by the XSF, the Newsletter is the result of voluntary work … ⌘ Read more
↳
In-reply-to
»
This was a bit of a challenge. Wanted to see if I can make a small version, combining the best/most interesting parts, of the previous ones. Like the black lines separating each colour, an interesting pose, more anatomically correct legs... something of a best of the 2025, profile picture.
Media
⤋ Read More
@thecanine@twtxt.net Woof woof! That’s a nice one. For a split second, the posture and the back legs reminded me of https://img.brickowl.com/files/image_cache/large/lego-monkey-with-yellow-hands-74499-99402-178585.jpg that I never had, but always wanted as a child.
ProcessOne: Europe’s Decentralized Messaging Survives “Chat Control” Threat
Good news for anyone building messaging infrastructure in Europe: Denmark&aposs Council presidency is abandoning mandatory detection orders in the Child Sexual Abuse Material (CSAM) proposal for now. The proposal was nickna … ⌘ Read more
**How I Used Sequential IDs to Download an Entire Company’s User Database (And The Joker Helped) **
Hey there!😁
[Continue reading on InfoSec Write-ups »](https://infosec … ⌘ Read more
**The Great Tenant Mix-Up: How I Accidentally Became Every Company’s Employee **
Free Link 🎈
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/the-great-tenant-mix-up-how-i-accidentally … ⌘ Read more
Satellite images show US military edging closer to Venezuela - as Trump’s intentions questioned | World News | Sky News ⌘ Read more
Specimen 1: A caveman marking his territory:
ProcessOne: AI Bots Can’t Use WhatsApp Anymore. So… Who Are They Going to Talk To?
Meta just closed the gates on AI chatbots. I think this is an early warning.
Starting January 15, 2026, [WhatsApp will ban all third-party general-purpose AI chatbots from its platform](https://techcrunch.com/2025/10/18 … ⌘ Read more
#4 RFI: From an External URL Into your Application
Understanding RFI isn’t just about finding a bug; it’s about recognizing a critical design flaw that, if exploited, hands an attacker the…
[Continue reading on InfoSec Write-ups »](https://infosecwrit … ⌘ Read more
**How I Made ChatGPT My Personal Hacking Assistant (And Broke Their “AI-Powered” Security) **
Free Link 🎈
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/how-i-m … ⌘ Read more
**How I Hacked JWT Tokens and Became Everyone on the Internet (Temporarily) **
Hey there!😁
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/how-i-hacked-jwt-tokens-and-became-everyone-on-t … ⌘ Read more
Exposed API Keys and Secrets with AI
Quick Disclosure of API Key and Secret to guess parameter value
$1000 Bounty: GitLab Security Flaw Exposed
How a $1000 Bounty Hunt Revealed a GraphQL Type Check Nightmare Allowing Maintainers to Nuke Repositories
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/1000-bounty-gitlab-security-flaw-exposed-dd30978 … ⌘ Read more
**How I Became the Unofficial Company Archivist (And Saw Things I Can’t Unsee) **
Free Link🎈
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/how-i-became-the-unofficial-company-archiv … ⌘ Read more
“The $10,000 Handlebars Hack: How Email Templates Led to Server Takeover”
While studying advanced template injection techniques, I came across one of the most fascinating bug bounty stories I’ve ever encountere … ⌘ Read more
**The Day I Became Everyone: How User Swapping Turned Me into a Digital Shapeshifter **
Hey there!😁
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/the-day-i-became-ev … ⌘ Read more
“The $12,500 DNS Trick That Hacked Snapchat’s Cloud Servers”
While studying advanced SSRF techniques, I came across a fascinating case where researchers @nahamsec, @daeken, and @ziot combined DNS…
[Continue reading on InfoSec Write-ups … ⌘ Read more
ProcessOne: 🚀 ejabberd 25.10
Release Highlights:
If you are upgrading from a previous version, there are no mandatory changes in SQL schemas, configuration, API commands or hooks.
Other contents:
- **[New option
archive_muc_as_mucsubinmod_mam]( … ⌘ Read more
Satellite Images Show Ukraine Obliterated Key Russian Oil Terminal in Crimea ⌘ Read more
Satellite images confirm 11 fuel tanks destroyed at Crimean oil terminal after Ukrainian strikes ⌘ Read more
Unveiling Hidden AWS Keys In My First Android Pentest
We often find our greatest challenges — and lessons — in the most unexpected places. For me, it was during a casual, personal e … ⌘ Read more
**How I Became an Accidental Admin and Almost Got Fired (From Someone Else’s Company) **
Free Link 🎈
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/how-i-became-an-acci … ⌘ Read more
️ Spring Boot API Security Like a Pro: Rate Limiting, Replay Protection & Signature Validation…
Learn how to secure your Spring Boot APIs using rate lim … ⌘ Read more
25. Monetizing Your Skills Beyond Bug Bounty
Turn your hacking expertise into a thriving career beyond bounties.
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/25-monetizing-your-skills-beyond-bug-bounty-a6b503d6b6dc?source=rss—-7b722bf … ⌘ Read more
Mastering Host Header Injection: Techniques, Payloads and Real-World Scenarios
Learn How Attackers Manipulate Host Headers to Compromise Web Applications and How to Defend Against It
[Continue re … ⌘ Read more
The Ultimate Guide to 403 Forbidden Bypass (2025 Edition)
Master the art of 403 bypass with hands-on examples, tools and tips..
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/the-ultimate-guide-to-403-forbidden-byp … ⌘ Read more
How to Identify Sensitive Data in JavaScript Files: (JS-Recon)
A complete guide to uncovering hidden secrets, API keys, and credentials inside JavaScript files
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/h … ⌘ Read more
FFUF Mastery: The Ultimate Web Fuzzing Guide
Practical techniques, wordlists, and templates to fuzz every layer of a web app.
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/ffuf-mastery-the-ultimate-web-fuzzing-guide-f7755c396b92?source= … ⌘ Read more
How I Mastered Blind SQL Injection With One Simple Method
Transforming my web security skills by learning to listen to a silent database
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/how-i-mastered-blind-sql-injection-w … ⌘ Read more
ProtoVault Breach Forensics Challenge Offsec CTF Week 1
Maverick is back again with a fresh article this time I dug into ProtoVault Breach, the Week 1 forensics challenge from the Offsec CTF…
[Continue reading on InfoSec Write-ups »](ht … ⌘ Read more
Internal Password Spraying from Linux: Attacking Active Directory
[Continue rea … ⌘ Read more
How I Found a $250 XSS Bug After Losing Hope in Bug Bounty
📌 Free Link
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/how-i-found-a-250-xss-bug-after-losing-hope-in-bug-bounty-8ab557df4d1d?source=rss—-7b722bf … ⌘ Read more
23. Tools vs. Mindset: What Matters More in 2025
Why the Right Mindset Will Outperform the Most Advanced Tools
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/23-tools-vs-mindset-what-matters-more-in-2025-1be217350787?source=rss—-7b7 … ⌘ Read more
How to Find XSS Vulnerabilities in 2 Minutes [Updated]
My simple yet powerful technique for spotting XSS vulnerabilities during bug hunting.
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/find-xss-vulnerabilities-in-just-2-minutes-d14b63d00 … ⌘ Read more
** Encrypt & Decrypt Database Fields in Spring Boot Like a Pro (2025 Secure Guide)**
“Your database backup just leaked. Is your data still safe?”
[Continue reading on InfoSec Write-ups »](https://infos … ⌘ Read more
Ex-Premier League referee David Coote admits making indecent image of child
David Coote was charged on 12 August following an investigation by Nottinghamshire Police. ⌘ Read more
Ex-Premier League referee Coote admits making indecent image of child
David Coote was charged on 12 August following an investigation by Nottinghamshire Police. ⌘ Read more
CTF to Bug Bounty: Part 1 of the Beginner’s Series for Aspiring Hunters
From CTF flags to real-world bugs — your next hacking adventure starts here.
[Continue reading on InfoSec Write-ups »](https://infosecwriteups. … ⌘ Read more
Bypass 403 Response Code by Adding Creative String | IRSYADSEC
HTTP 403 is a response code indicating that access to the requested resource is forbidden. This can happen due to various reasons, such as…
[Continue reading on Inf … ⌘ Read more
Beyond the Shell: Advanced Enumeration and Privilege Escalation for OSCP (Part 3)
Part 3 reveals the high-value Windows PrivEsc methods that defeat rabbit holes. Master file transfer, service … ⌘ Read more
** SecurityFilterChain Explained: The Secret Sauce Behind Spring Security**
Spring Security has evolved — the old WebSecurityConfigurerAdapter is gone, and the new SecurityFilterChain is now the backbone of Spring…
… ⌘ Read more
Ex-Premier League referee David Coote admits making indecent image of child
David Coote was charged on 12 August following an investigation by Nottinghamshire Police. ⌘ Read more
Former referee Coote admits child image offence
David Coote was charged on 12 August following an investigation by Nottinghamshire Police. ⌘ Read more
Former referee Coote admits child image offence
David Coote was charged on 12 August following an investigation by Nottinghamshire Police. ⌘ Read more
Ex-Premier League referee David Coote admits making indecent image of child
David Coote was charged on 12 August following an investigation by Nottinghamshire Police. ⌘ Read more
Former referee Coote admits child image offence
David Coote was charged on 12 August following an investigation by Nottinghamshire Police. ⌘ Read more
Ex-Premier League referee David Coote admits making indecent image of child
David Coote was charged on 12 August following an investigation by Nottinghamshire Police. ⌘ Read more
Ex-Premier League referee David Coote admits making indecent image of child
David Coote was charged on 12 August following an investigation by Nottinghamshire Police. ⌘ Read more
Former referee Coote admits child image offence
David Coote was charged on 12 August following an investigation by Nottinghamshire Police. ⌘ Read more
Former referee Coote admits child image offence
David Coote was charged on 12 August following an investigation by Nottinghamshire Police. ⌘ Read more
Ex-Premier League referee David Coote admits making indecent image of child
David Coote was charged on 12 August following an investigation by Nottinghamshire Police. ⌘ Read more
Former referee Coote admits child image offence
David Coote was charged on 12 August following an investigation by Nottinghamshire Police. ⌘ Read more
Ex-Premier League referee David Coote admits making indecent image of child
David Coote was charged on 12 August following an investigation by Nottinghamshire Police. ⌘ Read more
Ex-Premier League referee David Coote admits making indecent image of child
David Coote was charged on 12 August following an investigation by Nottinghamshire Police. ⌘ Read more
100% Transparency and Five Pillars
How to Do Hardened Images (and Container Security) Right Container security is understandably a hot topic these days, with more and more workloads running atop this mainstay of the cloud native landscape. While I might be biased because I work at Docker, it is safe to say that containers are the dominant form factor for… ⌘ Read more
ProcessOne: Europe’s Digital Sovereignty Paradox - “Chat Control” update
October 14th was supposed to be the day the European Council voted to mandate scanning of all private communications, encrypted or not.
The vote was pulled at the last minute.
Germany withdrew support, creating a blocking minority that blocked the Danish Presidency&aposs hope to g … ⌘ Read more
“The Overlooked P4 Goldmine: Turning Simple Flaws into Consistent Bounties”
We’ve all been there — scrolling through bug bounty platforms, seeing hunters post about critical RCEs and complex chain exploit … ⌘ Read more
Master Web Fuzzing: A Cheat‑Sheet to Finding Hidden Paths
Hey there, back again with another post! 😄
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/master-web-fuzzing-a-cheat-sheet-to-finding-hidden-paths-6c2bcf5 … ⌘ Read more
** How to Use AI to Learn Bug Hunting & Cybersecurity Like a Pro (in 2025)**
Hey there 👋,
I’m Vipul, the mind behind The Hacker’s Log — where I break down the hacker’s mindset, tools, and secrets 🧠💻
[Continue reading … ⌘ Read more
** The Access Control Apocalypse: How Broken Permissions Gave Me Keys to Every Digital Door**
Hey there😁
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/th … ⌘ Read more
Authentication bypass via sequential user IDs in Microsoft SSO integration | Critical Vulnerability
If you’re a penetration tester or bug bounty hunter, n … ⌘ Read more
Account Take Over | P1 — Critical
It started off like any other day until I got an unexpected email — an invite to a private bug bounty program. Curious, I jumped in. The…
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/account-take-over-p1-critical-5468ce8218b9?sour … ⌘ Read more
22. How to Get Invites to Private Programs
Unlock the secrets to landing exclusive private program invites and level up your bug bounty journey.
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/22-how-to-get-invites-to-private-programs-9bbb5166 … ⌘ Read more
Satellite images reveal ancient hunting traps used by South American social groups
Satellite images have revealed an ancient system of elaborate, funnel-shaped mega traps likely built by hunters and pastoralists to catch prey in the high altitudes of northern Chile. ⌘ Read more
Best Apple Deals of the Week: AirPods 4 for $89, AirTag for $64.99, and More Prime Day Sales Still Available
This week was Prime Big Deal Days, and although the event is officially over, we’re still tracking great leftover discounts on Amazon. This includes ongoing low prices on AirPods 4, MacBook Air, iPads, and more.
21. Tips for Staying Consistent and Avoiding Burnout
What if the secret to lasting success isn’t working harder, but pacing yourself smarter?
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/21-tips-for-staying-consistent-an … ⌘ Read more
Unbelievable Security Hole: JWT Secret in a Series-B Funded Company
It started as a routine penetration test. Little did I know I was about to uncover one of the most basic yet catastrophic security…
[Continue reading on … ⌘ Read more
The $500 Stored XSS Bug in SideFX’s Messaging System
Hacking the Inbox: How a $500 Stored XSS Bug Exposed SideFX’s Messaging Flaw
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/the-500-stored-xss-bug-in-sidefxs-messaging-sys … ⌘ Read more
A Beginner’s Guide to Finding Hidden API Endpoints in JavaScript Files
How to discover what others miss in plain sight
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/a-beginners-guide-to-finding-h … ⌘ Read more
Apple Hosts Unusual Colorado Event to Showcase Latest Hardware
Apple has invited a group of social media influencers to Colorado this week for an unusual event involving group hiking, trail running, and other outdoor activities designed to showcase the company’s recently launched iPhone 17 Pro Max, AirPods Pro 3, and Apple Watch Ultra 3.
An invitation was [shared on X (Twitter)](https://x.com/JHawkShoots/statu … ⌘ Read more
How I Solved TryHackMe Madness CTF: Step-by-Step Beginner-Friendly Walkthrough for 2025
How I Solved “Madness”: An Easy TryHackMe CTF Walkthrough
[Continue reading on InfoSec W … ⌘ Read more
Learn what MITM attack is, and how to identify the footprints of this attack in the network traffic.
How I found Multiple Bugs on CHESS.COM & they refused
I found JS crash, disallowing anyone to view your profile and HTML Injection. But they ignored everything.
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/how-i-found-multiple-bug … ⌘ Read more
CORS Vulnerability with Trusted Insecure Protocols BurpSuite Walkthrough
CORS misconfig + HTTP subdomain XSS analysis showing API key exfiltration, exploit breakdown and remediation.
[Continue reading on InfoSec W … ⌘ Read more