MaxMnMl

Explaining XSS without parentheses and semi-colons Recently, I received an email from a reader asking if I could write an article explaining XSS without parentheses and semi-colons, saying that the payloads in it were hard to understand. Therefore, th

blog.huli.tw/2025/09/15/e...

How to make Self-XSS great again 🔥🧯

blog.slonser.info/posts/make-s...

One-Click RCE in ASUS’s Preinstalled Driver Software 🧯🔥
mrbruh.com/asusdriverhub/

Google Cloud Account Takeover via URL Parsing Confusion TL;DR

Google Cloud Account Takeover via URL Parsing Confusion 💣🔥👀

infosecwriteups.com/google-cloud...

Dojo #40 - Hacker profile - YesWeHack Dojo # Hacker profile - Dojo #40 Active until : **17th April - 2025** Authors: [Minilucker](https://x.com/0xidel) #### How to submit your report 1. Visit the Dojo program at [https://yeswehack.com/progr...

🔓 Just beat the "Dojo #40 - Hacker profile" challenge on @YesWeHack!
Think you can match my skills? 🌟

dojo-yeswehack.com/challenge/pl...

#YesWeHack #ChallengeAccepted

Paged Out! #6 has arrived! And it's jam-packed with content!
You can download it here:
pagedout.institute?page=issues....

Amazing dude 🔥💪

Exploring the DOMPurify library: Hunting for Misconfigurations (2/2). Tags:Article - Article - Web - mXSS Exploring the DOMPurify library: Hunting for Misconfigurations (2/2)

Exploring Dompurify Misc (2/2) by @mizu.re … What an Amazing Work 🫶

mizu.re/post/explori...

Dojo #39 - Phishing - YesWeHack Dojo # Phishing Active until : **28th February - 2025** #### How to submit your report 1. Visit the Dojo program at [https://yeswehack.com/programs/dojo](https://yeswehack.com/programs/dojo) 2. Click on *...

I just pwned the "Dojo #39 - Phishing" challenge on @yeswehack.bsky.social
Who’s next to join the fun? 🚀
dojo-yeswehack.com/challenge/pl...
#YesWeHack #ChallengeAccepted

About This Series | Beyond XSS As a software engineer, you must be familiar with information security. In your work projects, you may have gone through security audits, including static code scanning, vulnerability scanning, or pen...

One of the Best Blog serie about XSS

aszx87410.github.io/beyond-xss/en/

Amazing Work 👏 … The MIDI Shellcode 🎹👾
psi3.ru/blog/swl01u/

Testing JavaScript files for bug bounty hunters You've with no doubt heard or seen other fellow bug bounty hunters find critical vulnerabilities thanks to JavaScript file enumeration, right? This article is all about the importance of testing and e...

Testing JavaScript file for BB 🕸️🐞

click.mlsend2.com/link/c/YT0yN...

Hunting for blind XSS vulnerabilities: A complete guide Cross-site scripting (XSS) vulnerabilities are quite common and fun to find. They also carry great impact when chained with other vulnerabilities. But there's another variant of this vulnerability typ...

Hunting for blind XSS 🕸️ 🐞

www.intigriti.com/researchers/...

Broken authentication: 7 Advanced ways of bypassing insecure 2-FA implementations Two-factor authentication (2FA) has become the go-to solution for strengthening account security. More and more companies are deploying 2FA implementations, and some even enforce them on their users t...

Broken authentication: 7 Advanced ways of bypassing insecure 2-FA implementations 🪲

blog.intigriti.com/hacking-tool...

OAuth Non-Happy Path to ATO Learn how small errors in OAuth implementation can lead to significant security vulnerabilities like one-click account takeover in web applications

OAuth Non-Happy Path to ATO 🎯

blog.voorivex.team/oauth-non-ha...

Dojo #37 - Hacker forum - YesWeHack Dojo # Hacker forum Active until : **12th December - 2024** #### How to submit your report 1. Visit the Dojo program at [https://yeswehack.com/programs/dojo](https://yeswehack.com/programs/dojo) 2. Click ...

Just completed the "Dojo #37 - Hacker forum" challenge on @yeswehack.bsky.social
Level up with me! 🌟
dojo-yeswehack.com/challenge/pl...
#YesWeHack #ChallengeAccepted

Bypassing WAFs with the phantom $Version cookie HTTP cookies often control critical website features, but their long and convoluted history exposes them to parser discrepancy vulnerabilities. In this post, I'll explore some dangerous, lesser-known

Bypassing WAFs with the phantom $Version cookie 🍪

portswigger.net/research/byp...

Cross-Site POST Requests Without a Content-Type Header 🛰️

nastystereo.com/security/cro...

Zero-Day in Active Directory Certificate Services: Researcher Exposes CVE-2024-49019 with PoC Discover the details of the critical zero-day vulnerability CVE-2024-49019 affecting Active Directory Certificate Services (AD CS).

Zero-Day in Active Directory Certificate Services: Researcher Exposes CVE-2024-49019 with PoC 🚀🪟

securityonline.info/zero-day-in-...

Bypass Apache Superset to perform SQLI 💉🦄

blog.quarkslab.com/bypass-apach...

A mindmap with the following text https://tl.gd/n_1ss2vji

What is an API? What makes them special? And what kind of APIs are out there? #apisecurity #apis #bugbountytips #BugBounty

‪Poc: github.com/lflare/cve-2...

💢 regreSSHion: RCE in OpenSSH's server, on glibc-based Linux systems
(CVE-2024-6387)

Qualys Paper : www.qualys.com/2024/07/01/c...

‎Click Here : 139. Mic Drop: GhostSec’s quest for redemption: their leader claims their life of crime is over. sur Apple Podcasts ‎Afficher Click Here, ép 139. Mic Drop: GhostSec’s quest for redemption: their leader claims their life of crime is over. - 14 juin 2024

The leader of GhostSec, Sebastian Dante Alexander, talks about the group's decision to abandon financial hacking and shift its focus to hacktivism.

podcasts.apple.com/fr/podcast/c...

Hacking Millions of Modems (and Investigating Who Hacked My Modem) Two years ago, something very strange happened to me while working from my home network. I was exploiting a blind XXE vulnerability that required an external HTTP server to smuggle out files, so I spu...

Hacking Millions Of Modem 👀. An incredible work of samwcyo, a must read guys. 💢

samcurry.net/hacking-mill...

💢Le groupe de hacker pro russe Killnet annonce detenir la version originale de Pegasus (NSO Group). Mise en vente : 1 500 000 $.

« Nous avons actuellement entre nos mains la version originale. Nous avons le programme pour toujours ! NSO ne pourra pas restreindre l’accès. »

The DGSI gets DDOSed by the GLORIAMIST hacker group 😅 We've seen it all !!

Beware! Backdoor found in XZ utilities used by many Linux distros (CVE-2024-3094) - Help Net Security A vulnerability (CVE-2024-3094) in XZ Utils may enable a malicious actor to gain unauthorized access to Linux systems remotely.

Outch 💢 xz —version

www.helpnetsecurity.com/2024/03/29/c...

PyPI Halts Sign-Ups Amid Surge of Malicious Package Uploads Targeting Developers PyPI temporarily shut down new user sign-ups and project creation to combat a malicious malware upload campaign.

The python and the mongoose 🐍

thehackernews.com/2024/03/pypi...

Playing Doom in Windows task manager. Finally got it working and looking decent!But can it run Crysis?... ctrl+alt+doomDone by taking the original pixels, th... Windows Task Manager Runs Doom (896 cores)

OMG 😧 Playing doom using windows task manager youtu.be/hSoCmAoIMOU?... 32 sockets, 896 cores, 1792 logical processors??? 🤯 very cool indeed 👌