Shadow Credentials in Active Directory: When the Exploit Doesn’t Work — Until It Does 2025-5-12 06:15:22 | 阅读: 11 | 收藏 | InfoSec Write-ups - Medium - infosecwriteups.com

The Hidden Language: Exploiting GraphQL for Unauthorized Data Dump 2025-5-12 06:15:13 | 阅读: 11 | 收藏 | Bug Bounty in InfoSec Write-ups on Medium - infosecwriteups.com

The Hidden Language: Exploiting GraphQL for Unauthorized Data Dump 2025-5-12 06:15:13 | 阅读: 8 | 收藏 | InfoSec Write-ups - Medium - infosecwriteups.com

Bug Hunting in JS Files: Tricks, Tools, and Real-World POCs 2025-5-12 06:15:7 | 阅读: 19 | 收藏 | InfoSec Write-ups - Medium - infosecwriteups.com

Bug Bounty Race: Exploiting Race Conditions for Infinite Discounts 2025-5-12 06:14:55 | 阅读: 11 | 收藏 | Bug Bounty in InfoSec Write-ups on Medium - infosecwriteups.com

Bug Bounty Race: Exploiting Race Conditions for Infinite Discounts 2025-5-12 06:14:55 | 阅读: 7 | 收藏 | InfoSec Write-ups - Medium - infosecwriteups.com

Top 5 Easiest Bugs for Beginners in Bug Bounty 2025-5-12 06:14:46 | 阅读: 10 | 收藏 | Bug Bounty in InfoSec Write-ups on Medium - infosecwriteups.com

Top 5 Easiest Bugs for Beginners in Bug Bounty 2025-5-12 06:14:46 | 阅读: 9 | 收藏 | InfoSec Write-ups - Medium - infosecwriteups.com

$10,000 Bounty: HackerOne Report Comments Leak via “Export as .zip” 2025-5-12 06:14:28 | 阅读: 12 | 收藏 | Bug Bounty in InfoSec Write-ups on Medium - infosecwriteups.com

$10,000 Bounty: HackerOne Report Comments Leak via “Export as .zip” 2025-5-12 06:14:28 | 阅读: 11 | 收藏 | InfoSec Write-ups - Medium - infosecwriteups.com

Understanding Stealer Logs and Their Role in Security Testing: A Focus on Asset Discovery- Part 2 2025-5-12 06:14:12 | 阅读: 7 | 收藏 | InfoSec Write-ups - Medium - infosecwriteups.com

Understanding Stealer Logs and Their Role in Security Testing — Part 1 2025-5-12 06:14:6 | 阅读: 9 | 收藏 | Bug Bounty in InfoSec Write-ups on Medium - infosecwriteups.com

Understanding Stealer Logs and Their Role in Security Testing — Part 1 2025-5-12 06:14:6 | 阅读: 5 | 收藏 | InfoSec Write-ups - Medium - infosecwriteups.com

API Key Exposure in NASA GitHub Repository Leads to Unauthorized Access to Academic Data 2025-5-12 06:13:22 | 阅读: 6 | 收藏 | Bug Bounty in InfoSec Write-ups on Medium - infosecwriteups.com

Subdomain Takeover: My $450 Win & How You Can Do It Too 子域名接管漏洞指当子域名指向已停用的第三方服务时，攻击者可接管该子域名并托管恶意内容用于钓鱼或伪装。文中作者发现sportsbook.target.com子域名指向已被删除的Vercel项目，成功接管并可托管钓鱼页面。... 2025-5-12 06:12:52 | 阅读: 4 | 收藏 | Bug Bounty in InfoSec Write-ups on Medium - infosecwriteups.com vercel subdomain sportsbook victim unclaimed

How I Earned $200 From a Simple EXIF Bug (Step by Step Guide, You Can Use Today) 作者通过发现一个网站未清除图片中的EXIF地理定位数据漏洞赚取了200美元。文章详细介绍了如何识别和测试此类漏洞，并提供了适合新手使用的工具和步骤。... 2025-5-12 04:52:28 | 阅读: 4 | 收藏 | Bug Bounty in InfoSec Write-ups on Medium - infosecwriteups.com exif gps jimpl download beginners

How I Found SSTI in a Search Bar 作者在访问某网站时发现搜索功能存在服务器端模板注入（SSTI）漏洞。通过输入特定payload（如{{7*7}}），返回结果被解析为计算结果（如49），证实了漏洞的存在。此漏洞可能引发远程代码执行或敏感数据泄露风险。... 2025-5-12 04:51:3 | 阅读: 12 | 收藏 | InfoSec Write-ups - Medium - infosecwriteups.com ssti curious boom 7d gaining

How Backups Can Break End-to-End Encryption (E2EE) 文章指出端到端加密（E2EE）存在漏洞：云备份通常未充分加密或存储在不安全的位置，使敏感数据易受攻击。黑客、政府和内部人员可能通过此途径获取信息。建议用户关闭云备份、使用支持加密备份的应用，并加强云账户安全。... 2025-5-12 04:50:55 | 阅读: 6 | 收藏 | InfoSec Write-ups - Medium - infosecwriteups.com backup cloud encryption e2ee fernet

Hidden HackerOne & Bugcrowd Programs: How to Get Private Invites 漏洞赏金平台的公共项目竞争激烈，而真正高回报的私人项目却鲜为人知。这些项目不仅提供更高奖金和更少竞争，还能发现更严重漏洞并建立长期合作关系。然而，90%的人不会透露如何获得这些私人邀请的秘诀。... 2025-5-12 04:50:47 | 阅读: 8 | 收藏 | InfoSec Write-ups - Medium - infosecwriteups.com copilotbug competition lesser truth lies

DCSync Attacks: Abusing Replication Rights for Stealthy Domain Dominance DCSync是一种攻击技术，允许模拟域控制器行为以获取密码哈希。它利用Active Directory复制机制（如MS-DRSR），比传统方法更隐蔽。攻击者无需访问LSASS内存即可获取敏感信息，如用户、域管理员和KRBTGT账户的密码哈希。这对红队来说是一个强大的工具，在企业网络中实现持久性和横向移动。... 2025-5-11 02:44:12 | 阅读: 5 | 收藏 | InfoSec Write-ups - Medium - infosecwriteups.com replicating mimikatz drsr replication dcs