infosecwriteups.com Open in urlscan Pro
162.159.152.4  Public Scan

Form analysis
0 forms found in the DOM

Text Content

To make Medium work, we log user data. By using Medium, you agree to our Privacy
Policy, including cookie policy.

Homepage
Open in app
Sign inGet started



AWESOME WRITE-UPS FROM THE WORLD’S BEST HACKERS INTOPICS RANGING FROM BUG
BOUNTIES, CTFS, HACK THE BOX WALKTHROUGHS, HARDWARE CHALLENGES, AND REAL-LIFE
ENCOUNTERS. SUBSCRIBE TO OUR WEEKLY NEWSLETTER FOR THE COOLEST INFOSEC UPDATES:
HTTPS://WEEKLY.INFOSECWRITEUPS.COM/


ArchiveBug BountyWrite-up SubmissionsIW AmbassaorsHouse Of Hackers Forum
FollowFollowing
Let’s Go For Whole Company
LET’S GO FOR WHOLE COMPANY

This time we are not going to talk about the effects of a vulnerability on
users.we want to talk about taking over an entire organization…
M7arm4n
Jul 13
NahamCon CTF 2023 — OSINT Challenges Walkthrough
NAHAMCON CTF 2023 — OSINT CHALLENGES WALKTHROUGH

A detailed walkthrough of all four OSINT Challenges from NahamCon CTF 2023 | by
Yotam Perkal
Yotam Perkal
Jun 20
The Unexpected “0” Master ID for Account Data Manipulation
THE UNEXPECTED “0” MASTER ID FOR ACCOUNT DATA MANIPULATION

A simple story when Allah allowed me to successfully achieve P1 through a broken
access control issue using an unexpected master ID of “0”.
YoKo Kho
Jun 20
IDOR that allowed me to takeover any users account.
IDOR THAT ALLOWED ME TO TAKEOVER ANY USERS ACCOUNT.

Hello all! My name is Vedant, also known as Vegeta(on twitter). I’m a
cybersecurity enthusiast, computer engineering student and a bug…
Vedant Tekale
Feb 17, 2021
Managing Identity and Access in the Cloud: Best Practices for Security
MANAGING IDENTITY AND ACCESS IN THE CLOUD: BEST PRACTICES FOR SECURITY

Companies can accelerate their cyber security by benefitting from Identity and
Access Management in the cloud. Businesses have been using…
InfoSec Write-ups
Jun 14
InfoSec Write-ups
A collection of write-ups from the best hackers in the world on topics ranging
from bug bounties and CTFs to vulnhub machines, hardware challenges and real
life encounters. Subscribe to our weekly newsletter for the coolest infosec
updates: https://weekly.infosecwriteups.com/
More information
Followers
29K
Elsewhere

Subscribe to our Weekly Infosec Newsletter
Infosec Weekly
Latest
Exploiting Incorrectly Configured Load Balancer with XSS to Steal Cookies
EXPLOITING INCORRECTLY CONFIGURED LOAD BALANCER WITH XSS TO STEAL COOKIES

Introduction
Serj N
Jul 12
Reverse shell to your Amazon AWS EC2 instance as ‘root’ or ‘Administrator’ by
injecting user-data
REVERSE SHELL TO YOUR AMAZON AWS EC2 INSTANCE AS ‘ROOT’ OR ‘ADMINISTRATOR’ BY
INJECTING USER-DATA

Summary
Nol White Hat
Jul 12
MITRE Discovery — CMD Commands for Endpoint Reconnaissance — Part 1 (Net,
Tasklist, Route)
MITRE DISCOVERY — CMD COMMANDS FOR ENDPOINT RECONNAISSANCE — PART 1 (NET,
TASKLIST, ROUTE)

Learn how CMD commands Net, Tasklist and Route turn into LOLBAS executables when
doing endpoint/domain recon on an organization.
Jonathan David
Jul 11
Solving Kioptrix Level 1 Capture the Flag (CTF)
SOLVING KIOPTRIX LEVEL 1 CAPTURE THE FLAG (CTF)

Kioptrix Level 1 CTF: Unlock Root Access and Strengthen Your Cybersecurity
Skills!
Ahmet Talha Şen
Jul 11
Python Blue Team: Backing up the Linux OS with rsync
PYTHON BLUE TEAM: BACKING UP THE LINUX OS WITH RSYNC

Establishing a Strategy for Executing Operating System Backups on Kali, Ubuntu
and Other Linux Systems
R. Eric Kiser
Jul 11
The Dark Web: Unveiling the Underbelly of Cybercrime
THE DARK WEB: UNVEILING THE UNDERBELLY OF CYBERCRIME

The Internet is not simple as we think. The Internet is mysterious because the
internet has many secrets. In this article, I will reveal…
Neeraj Kumar (@dachman)
Jul 10
MOVEit Hacks: Stories and lessons learned
MOVEIT HACKS: STORIES AND LESSONS LEARNED

Learn about the MOVEit vulnerability, it’s impact on the world, and how to
protect yourself.
Daniel Iwugo
Jul 9
An In-Depth Look at PEN-300 and OSEP: Succeeding in the Offensive Security Path
AN IN-DEPTH LOOK AT PEN-300 AND OSEP: SUCCEEDING IN THE OFFENSIVE SECURITY PATH

In the dynamic landscape of penetration testing, knowledge growth is a perpetual
journey. Leading this learning curve is the Offensive…
xbz0n
Jul 9
Stored-XSS led to Keylogger injection
STORED-XSS LED TO KEYLOGGER INJECTION

Hello everyone Hope you’re doing well!
Yashar Mohagheghi
Jul 8
Demystifying PyInstaller — A Journey into Decompiling Python Executables
DEMYSTIFYING PYINSTALLER — A JOURNEY INTO DECOMPILING PYTHON EXECUTABLES

Python executables are much easier to reverse than you think!
Serj N
Jul 8
Game Hacking 101: Unleashing the Power of Memory Manipulation
GAME HACKING 101: UNLEASHING THE POWER OF MEMORY MANIPULATION

Introduction
sockpuppets
Jul 8
Python Threat Hunting Tools: Part 10 — The Power of Jupyter Notebooks
PYTHON THREAT HUNTING TOOLS: PART 10 — THE POWER OF JUPYTER NOTEBOOKS

Learn about the power of Jupyter Noteboks and how to integrate your Python
threat hunting tools!
Adam Goss
Jul 6
GDB Baby Step 3: Unraveling Debugging Secrets — StackZero
GDB BABY STEP 3: UNRAVELING DEBUGGING SECRETS — STACKZERO

Take the next step in your reverse engineering journey with our comprehensive
guide on GDB Baby Step 3 Challenge.
StackZero
Jul 6
How to Install OpenVAS
HOW TO INSTALL OPENVAS

Learn how to install OpenVAS with simple steps
Daniel Iwugo
Jul 6
HTB Network Enumeration with Nmap Walkthrough
HTB NETWORK ENUMERATION WITH NMAP WALKTHROUGH

Unveiling the Secrets of HTB Network Enumeration: A Comprehensive Guide
Using Nmap
Ahmet Talha Şen
Jul 6
Unravelling PicoCTF: The GDB Baby Step 2 Challenge — StackZero
UNRAVELLING PICOCTF: THE GDB BABY STEP 2 CHALLENGE — STACKZERO

Dive deeper into the world of GDB and reverse engineering with our detailed
guide on the PicoCTF GDB Baby Step 2 Challenge
StackZero
Jul 5
How to Steal Social Media Accounts Using a Captive Portal
HOW TO STEAL SOCIAL MEDIA ACCOUNTS USING A CAPTIVE PORTAL

In this article, I will show you how to steal login information from social
media accounts using a malicious Wi-Fi captive portal.
Frost
Jul 5
I received a bounty of $60 for finding a critical bug in the patient management
system.
I RECEIVED A BOUNTY OF $60 FOR FINDING A CRITICAL BUG IN THE PATIENT MANAGEMENT
SYSTEM.

Hi hackers,
Krishnadev P Melevila
Jul 4
Testing and Bypassing Technique for Open Redirection Vulnerability
TESTING AND BYPASSING TECHNIQUE FOR OPEN REDIRECTION VULNERABILITY

Open redirection vulnerability
Vignesh
Jul 4
Mobile App Pentesting: AndroGOAT Assessment Walkthrough
MOBILE APP PENTESTING: ANDROGOAT ASSESSMENT WALKTHROUGH

Have you ever wondered about the vulnerabilities hidden beneath the surface of
your favorite mobile apps? I certainly did, which is why I…
Martian
Jul 4
👩‍💻IW Weekly #64: EPP Servers, MOVEIt Transfer RCE, Password Reset Link to
Account Takeover, PII…
👩‍💻IW WEEKLY #64: EPP SERVERS, MOVEIT TRANSFER RCE, PASSWORD RESET LINK TO
ACCOUNT TAKEOVER, PII…

MOVEIt Transfer RCE (CVE-2023–34362) exposes a critical flaw enabling remote
code execution within the MOVEIt Transfer platform, as…
InfoSec Write-ups
Jul 4
WHAT IS FORCE SENDING ETHER IN SMART CONTRACTS SECURITY?!

Hello everyone! Hope you’re doing well
Yashar Mohagheghi
Jul 3
Art of hacking LLM apps
ART OF HACKING LLM APPS

I am Harish SG, a security researcher who studies Masters in Cybersecurity at UT
Dallas,previously hunted on the Microsoft Bug Bounty…
Harish SG
Jul 3
Hackthebox Fawn Writeup, Traffic and Log Analysis, Python Automatic Exploit,
Hardening and…
HACKTHEBOX FAWN WRITEUP, TRAFFIC AND LOG ANALYSIS, PYTHON AUTOMATIC EXPLOIT,
HARDENING AND…

Hackthebox Fawn Writeup, Traffic and Log Analysis, Python Automatic Exploit,
Hardening and Vulnerability Reporting
Anil Yelken
Jul 3
QRadar Threat Hunting: Blue Team CTF Challenge
QRADAR THREAT HUNTING: BLUE TEAM CTF CHALLENGE

This article provides my approach for solving the Qradar101 blue team ctf
challenge on the CyberDefenders website, a blue team-focused…
Hacktivities
Jul 2
About InfoSec Write-upsLatest StoriesArchiveAbout MediumTermsPrivacyTeams