“Bug Bounty Bootcamp #39: PDF SSRF and Blind Exfiltration — When Headless Browsers Become Your Data… The invoice generator doesn’t show errors. The image fetcher hangs on invalid IPs. But with a single... 2026-5-28 12:12:0 | 阅读: 29 | 收藏 | InfoSec Write-ups - Medium - infosecwriteups.com ssrf inject headless exfiltrate hangs

“Bug Bounty Bootcamp #39: PDF SSRF and Blind Exfiltration — When Headless Browsers Become Your Data… The invoice generator doesn’t show errors. The image fetcher hangs on invalid IPs. But with a single... 2026-5-28 12:12:0 | 阅读: 26 | 收藏 | Bug Bounty in InfoSec Write-ups on Medium - infosecwriteups.com ssrf headless inject princexml tackle

Extending Wazuh detection capabilities with clickdetect, Opensearch PPL and Sigma Rules Hey, souzo here. If you’ve ever wanted alerting rules that actually work in Wazuh without fighting O... 2026-5-28 12:9:11 | 阅读: 26 | 收藏 | InfoSec Write-ups - Medium - infosecwriteups.com opensearch sigma wazuh clickdetect runner

Built Pentest Environment On Your Mac Using Docker A Simple and Working Setup for Every Apple Silicon Macs (M1, M2, M3, M4, M5)Press enter or click to... 2026-5-28 12:6:17 | 阅读: 24 | 收藏 | InfoSec Write-ups - Medium - infosecwriteups.com silicon macs chip macbooks chips

I Found Root Access on Critical Financial Infrastructure Using a Two-Day-Old Kernel Exploit My name is Hamza Hashim. I’m an offensive security researcher and if you’ve followed my work before,... 2026-5-28 12:4:52 | 阅读: 32 | 收藏 | InfoSec Write-ups - Medium - infosecwriteups.com jenkins sitting github frag security

Intercepting Docker Application Requests Using Burp Suite on Windows Press enter or click to view image in full sizeIntercepting Docker Application Requests Using Burp S... 2026-5-28 12:4:28 | 阅读: 24 | 收藏 | InfoSec Write-ups - Medium - infosecwriteups.com burp proxy windows wsl2 containers

How a GraphQL Invitation Flow Exposed Users at Scale Press enter or click to view image in full sizeA normal invite feature revealed registered accounts,... 2026-5-28 11:55:16 | 阅读: 28 | 收藏 | Bug Bounty in InfoSec Write-ups on Medium - infosecwriteups.com invite invitation overly readers identifiers

How a GraphQL Invitation Flow Exposed Users at Scale Press enter or click to view image in full sizeA normal invite feature revealed registered accounts,... 2026-5-28 11:55:16 | 阅读: 29 | 收藏 | InfoSec Write-ups - Medium - infosecwriteups.com invite invitation workflows exposure reveals

I Sent You a JPEG. Now I Own Your Mac. Exploiting ExifTool’s macOS Command Injection Blind Spot (CVE-2026–3102)A JPEG should never execute... 2026-5-28 11:52:19 | 阅读: 23 | 收藏 | InfoSec Write-ups - Medium - infosecwriteups.com exiftool injection 2026 3102 pipelines

Prompt Engineering: TryHackMe Walkthrough Learn how LLMs process text and craft effective prompts for security and adversarial testing, from T... 2026-5-28 11:48:46 | 阅读: 17 | 收藏 | InfoSec Write-ups - Medium - infosecwriteups.com security prompts tryhackme llm

I Booked a ₹30,000 Conference Ticket for ₹1. The Site Let Me. A business logic flaw. A Burp Suite intercept. And the first Hall of Fame of my life.Press enter or... 2026-5-28 11:47:46 | 阅读: 21 | 收藏 | InfoSec Write-ups - Medium - infosecwriteups.com premium client burp discount fame

How to Detect Data Exfiltration with Elastic SIEM: SOC Analyst Hands-On Lab | Hunt Forward Lab #007 Hunt Forward Lab #007 — Threat Hunting for Bulk File Transfer & Archive Creation | MITRE ATT&CK T103... 2026-5-27 17:59:53 | 阅读: 20 | 收藏 | InfoSec Write-ups - Medium - infosecwriteups.com network hunt ratio attacker 7z

Testing SQL Injection Using Google gemma4:31b-cloud on PortSwigger’s Vulnerable Shop 2026-5-25 09:11:8 | 阅读: 18 | 收藏 | Bug Bounty in InfoSec Write-ups on Medium - infosecwriteups.com injection 31b gemma4 database insecurely

Testing SQL Injection Using Google gemma4:31b-cloud on PortSwigger’s Vulnerable Shop 2026-5-25 09:11:8 | 阅读: 16 | 收藏 | InfoSec Write-ups - Medium - infosecwriteups.com injection 31b database gemma4 practicing

Hacking the Scammers and Exposing Their Tactics in a Mission to Protect Nepalese Youth Press enter or click to view image in full sizeA few days ago, I returned to my hometown during my s... 2026-5-25 09:10:58 | 阅读: 15 | 收藏 | InfoSec Write-ups - Medium - infosecwriteups.com cousin him jassi friend bhai

The Invite That Lied: A Business Logic Flaw Hidden Behind LG’s Walls A business logic flaw that let anyone redirect an invitation, create accounts under a stolen identit... 2026-5-25 09:7:49 | 阅读: 19 | 收藏 | InfoSec Write-ups - Medium - infosecwriteups.com invite attacker invited invitation testvictim

How I Found 2 Bugs on BBC’s Subdomains and Made It Into Their Hall of Fame Press enter or click to view image in full sizeA real case study in hyperlink injection and SSTI & t... 2026-5-25 09:7:20 | 阅读: 23 | 收藏 | Bug Bounty in InfoSec Write-ups on Medium - infosecwriteups.com bbc injection hyperlink hall

How I Found 2 Bugs on BBC’s Subdomains and Made It Into Their Hall of Fame Press enter or click to view image in full sizeA real case study in hyperlink injection and SSTI & t... 2026-5-25 09:7:20 | 阅读: 15 | 收藏 | InfoSec Write-ups - Medium - infosecwriteups.com bbc injection hyperlink boring

Building Another Vulnerable Lab — SSRF. Press enter or click to view image in full sizeThe previous blog was something that some of you real... 2026-5-25 09:6:6 | 阅读: 15 | 收藏 | InfoSec Write-ups - Medium - infosecwriteups.com ssrf 3002 carstatus frontend

MonitorsFour HTB — HackTheBox Walkthrough | By Alham Rizvi Press enter or click to view image in full sizeHello everyone, This is Alham Rizvi again, finally th... 2026-5-25 09:5:49 | 阅读: 15 | 收藏 | InfoSec Write-ups - Medium - infosecwriteups.com cacti htb jquery