$256 Bounty : XSS via Web Cache Poisoning in Discourse 2025-5-13 05:48:48 | 阅读: 8 | 收藏 | InfoSec Write-ups - Medium - infosecwriteups.com

The $1,000 Recon Trick: One Command That Changed My Hunting Game 一位安全研究员通过发现一个不为人知的recon技巧，成功找到了一个价值$1,000的漏洞。大多数猎人依赖常见工具和过时列表，而真正关键在于以正确心态聪明地使用工具。... 2025-5-13 05:48:40 | 阅读: 13 | 收藏 | Bug Bounty in InfoSec Write-ups on Medium - infosecwriteups.com smartly tons hunters geminilet theory

The $1,000 Recon Trick: One Command That Changed My Hunting Game 2025-5-13 05:48:40 | 阅读: 7 | 收藏 | InfoSec Write-ups - Medium - infosecwriteups.com

The Human Firewall: Why Your Employees Are Both Your Greatest Vulnerability and Asset 网络安全中,人为因素是最大漏洞。员工行为导致88%的数据泄露,平均每起损失445万美元,钓鱼攻击激增350%。人性弱点如疲劳、信任和捷径成为黑客突破口,技术再强也难防不可预测的人性风险。... 2025-5-13 05:45:1 | 阅读: 10 | 收藏 | Bug Bounty in InfoSec Write-ups on Medium - infosecwriteups.com security greatest begana behaviour judgment

The Human Firewall: Why Your Employees Are Both Your Greatest Vulnerability and Asset 2025-5-13 05:45:1 | 阅读: 10 | 收藏 | InfoSec Write-ups - Medium - infosecwriteups.com

高危漏洞预警：Apache Tomcat远程代码执行漏洞曝光！ 当前环境出现异常问题，需完成验证后方可继续访问服务。... 2025-5-13 05:45:0 | 阅读: 6 | 收藏 | 山石网科安全技术研究院 - mp.weixin.qq.com

高危漏洞预警：Apache Tomcat远程代码执行漏洞曝光！ 环境异常 当前环境异常，完成验证后即可继续访问。 去验证... 2025-5-13 05:45:0 | 阅读: 1 | 收藏 | 山石网科安全技术研究院 - mp.weixin.qq.com

DCShadow Attacks: Subverting Active Directory Replication for Stealthy Persistence 2025-5-13 05:44:42 | 阅读: 9 | 收藏 | InfoSec Write-ups - Medium - infosecwriteups.com

Part 1: How to Become a Pentester in 2025: Free & Affordable Online Labs 2025-5-13 05:44:29 | 阅读: 9 | 收藏 | InfoSec Write-ups - Medium - infosecwriteups.com

Futurum Group Research Sees Cybersecurity Spending Reaching $287.6B by 2029 网络安全市场预计2024至2029年将以11.6%的年复合增长率增至2876亿美元。云安全、集成风险管理、身份管理、应用安全和数据安全为五大增长领域。云安全规模最大，达371亿美元，并以15.2%的增速发展。其他领域如集成风险管理（17%）、身份管理（16.5%）、应用安全（14.2%）和数据安全（12.8%）亦呈快速增长态势。... 2025-5-13 05:44:28 | 阅读: 9 | 收藏 | Security Boulevard - securityboulevard.com security 2029 cagr

Logic Flaw: Using Invitation Function to Block Other Accounts 文章描述了一次安全测试经历，揭示了一个服务预订应用中的逻辑漏洞。攻击者可通过预注册接管和邀请功能阻止潜在客户注册账户，导致用户无法加入平台。该漏洞利用简单且影响深远，可能对平台造成重大损失。... 2025-5-13 05:42:41 | 阅读: 9 | 收藏 | Bug Bounty in InfoSec Write-ups on Medium - infosecwriteups.com victim invitation invited attacker invite

Logic Flaw: Using Invitation Function to Block Other Accounts 2025-5-13 05:42:41 | 阅读: 7 | 收藏 | InfoSec Write-ups - Medium - infosecwriteups.com

Bug Chain: pre-auth takeover to permanent access. 作者利用预认证账户接管漏洞，在预订应用中创建任意邮箱账户，并通过邀请功能逻辑缺陷将自己设为拥有者，实现永久后门访问。... 2025-5-13 05:42:28 | 阅读: 19 | 收藏 | Bug Bounty in InfoSec Write-ups on Medium - infosecwriteups.com victim invited staffer caught attacker

Bug Chain: pre-auth takeover to permanent access. 2025-5-13 05:42:28 | 阅读: 8 | 收藏 | InfoSec Write-ups - Medium - infosecwriteups.com

How I was able to delete a production backend server in my first finding. 作者讲述其首次漏洞狩猎经历，发现并利用phpMyAdmin的CSRF漏洞删除后端服务器。尽管报告被接受为中等风险，但最终因域名归属问题被标记为信息性。文章回顾了作者从CTF玩家到漏洞猎手的成长与挑战。... 2025-5-13 05:42:15 | 阅读: 7 | 收藏 | Bug Bounty in InfoSec Write-ups on Medium - infosecwriteups.com phpmyadmin caterpillar deleting catwatches 401

How I was able to delete a production backend server in my first finding. 2025-5-13 05:42:15 | 阅读: 8 | 收藏 | InfoSec Write-ups - Medium - infosecwriteups.com

Business logic: I can order anything from your account without paying for it 作者在电商平台上发现了一个逻辑漏洞：当未认证用户使用某人邮箱下单时，系统会将订单关联到该邮箱对应的账户。攻击者可借此用受害者账户下单，造成未经授权的交易或财务损失。... 2025-5-13 05:42:4 | 阅读: 7 | 收藏 | Bug Bounty in InfoSec Write-ups on Medium - infosecwriteups.com victim shop attacker idors orders

Business logic: I can order anything from your account without paying for it 作者在电子商务平台发现了一个应用逻辑漏洞：攻击者可利用受害者的邮箱地址在未认证状态下关联订单，导致未经授权访问账户或进行交易。该漏洞可能被用于恶意消费或财务损失。作者已报告问题等待修复。... 2025-5-13 05:42:4 | 阅读: 3 | 收藏 | InfoSec Write-ups - Medium - infosecwriteups.com victim shop attacker idors orders

OSINT Writeups — MIST Cyber Drill 2025 作者分享了在MIST Cyber Drill 2025 CTF比赛中通过OSINT挑战解决五个问题的经历。从一封勒索邮件开始，他通过分析Pastebin链接、Twitter账户和GitHub仓库等公开信息，成功提取了五个旗帜，并最终锁定了威胁行为人的身份。... 2025-5-13 05:41:55 | 阅读: 3 | 收藏 | Bug Bounty in InfoSec Write-ups on Medium - infosecwriteups.com pastebin rayan wtisd github

OSINT Writeups — MIST Cyber Drill 2025 作者在MIST Cyber Drill 2025 CTF比赛中通过OSINT挑战解决了五个问题。他从一封勒索邮件开始，通过分析Pastebin链接、社交媒体和GitHub仓库找到了四个标志。最后一个标志则是通过识别真实姓名获得的。... 2025-5-13 05:41:55 | 阅读: 3 | 收藏 | InfoSec Write-ups - Medium - infosecwriteups.com pastebin github wtisd rayan