Raju

New Challenges Alert!!! 🔥🔥 And yes you just saw it right, an AI/ML challenge! Releasing today at 5 PM UTC. Join now at app.ctfzone.com and advance your skills 🔥 #ctfzonelabs #cybersecurity #aisecurity #websecurity #forensics

We are launching this December, Stay tuned for 31st December 2025 7PM EAT. ctfzone.com app.ctfzone.com #urchinsec #ctfzone #cybersecurity

@offsectraining @tahaafarooq 🔥🔥🔥🔥

🔍⬆️ Ready to level up your PEN-200 skills? Join us for our next #OffSecLive session where we’ll walk through the PG Practice Apex machine, step by step. From information gathering to public exploits, fixing code, and tackling password attacks, this session is packed with hands-on techniques and real-world insight. Perfect for aspiring OSCPs and anyone sharpening their offensive security skills! 📅 Don’t miss it! 👉🔗 offs.ec/45iow7Y #TryHarder #PGPractice #OSCPJourney #InfoSecTraining #CyberSkills

We have just released our official writeup for the UrchinSec DTS Finals CTF challenge: 🔥 @urchinsec/urchinsec-dts-winkey" target="_blank" rel="nofollow noopener">hackmd.io/@urchinsec/urc…

🥳Today was the UrchinSec DTS Finals CTF!🥳 Congratulations @AlexiusSamson , masscos99, stuxnet8 and cyrange for winning the competition and receiving the prize of 700k TZS!🎊 And congratulations to everybody who participated in both the semi-finals and the finals!🎊🎊

Join the #ShePwns movement. offs.ec/4hRNtdB We're championing #womenincyber by providing the knowledge and tools to strengthen their career prospects at every level. Hear from women shaping cybersecurity across all backgrounds, including industry leaders, practitioners, and OffSec-certified professionals, and join our Learn One giveaway!

UrchinSec CTF DTS (Dominating The Servers) is here!! Participate now with your team and have a chance to win 500,000 TZS!🔥 Note: Only Tanzanians are eligible for prizes.👨🏾‍💻 To participate on the semi-finals, register your team now at ctf.urchinsec.com, robots are noisy😉

We wish you a happy new year!🎊

Here is a list of 100 web and API exploits every bug bounty hunter should know: thexssrat.podia.com/christmas2024?… Tell me which ones I missed in a comment <3 1–25: Authentication and Session Management =================================== SQL Injection in Login Forms Password Reset Token Hijacking Weak Password Policy Broken Authentication Brute Force Attacks Session Fixation Cookie Theft Improper Logout Mechanism Token Mismanagement (JWT, OAuth, etc.) Credential Stuffing Default Credentials Sensitive Data Exposure in Session Session Expiry Mismanagement Open Redirect Exploitation in Login Workflows Single Sign-On (SSO) Bypass Replay Attacks Lack of MFA Enforcement Exposed Admin Panels Weak Captcha Implementations Insecure Password Storage Privilege Escalation via Session ID Account Takeover (ATO) Misconfigured Logout from Multiple Devices Reset Link Parameter Manipulation Session ID Enumeration 26–50: Injection Attacks =================================== SQL Injection (Classic, Blind, Time-based) NoSQL Injection Command Injection XPath Injection LDAP Injection XML External Entity (XXE) Injection Server-Side Template Injection (SSTI) Code Injection CRLF Injection Path Traversal Log Injection Second-Order SQL Injection HTML Injection Insecure Deserialization Remote File Inclusion (RFI) Local File Inclusion (LFI) Blind XXE Attacks HQL Injection GraphQL Query Injection Content Injection Data Manipulation through Injection Shell Injection XQuery Injection Email Header Injection Expression Language Injection 51–75: Cross-Site Vulnerabilities =================================== Cross-Site Scripting (XSS) Reflected XSS Stored XSS DOM-based XSS Self-XSS JSONP-based XSS Clickjacking Content Security Policy (CSP) Bypass CSRF (Cross-Site Request Forgery) Cross-Origin Resource Sharing (CORS) Misconfiguration Browser Autofill Exploitation PostMessage Exploitation Subdomain Takeover Cross-Site Script Inclusion (XSSI) SOP Bypass Techniques Open Redirects Web Cache Poisoning Mixed Content Exploitation JSON Hijacking Cross-Site WebSocket Hijacking Tabnabbing Iframe Sandbox Bypass DOM Clobbering Browser Plugin Exploitation UI Redressing Attacks 76–100: API-Specific Exploits =================================== Mass Assignment Rate-Limiting Bypass IDOR (Insecure Direct Object Reference) Unrestricted File Uploads Improper JSON Parsing Excessive Data Exposure GraphQL Introspection Misconfigurations API Key Leakage Improper Input Validation Lack of Output Encoding Broken Object Level Authorization Broken Function Level Authorization Improper Use of API Gateway Misconfigured Rate Limiting Unencrypted Data Transfer Overly Permissive CORS Race Condition Exploits Lack of Scope Enforcement in OAuth Improper Error Messaging API Endpoint Enumeration Method Overriding Hidden Parameters in API Requests Webhooks Exploitation Improper Use of HATEOAS JWT Token Manipulation

@urchinsec_ 🔥🔥 the awards

It's Cybersecurity Awareness Month🔥 we are hosting a 48-hours CTF (Jeopardy-Style)😎, Awards: 1st Winner - eJPT Voucher + $50 2nd Winner - HTB Pro-Lab Month Voucher 3rd Winner - THM VIP Voucher Register now at ctf.urchinsec.com with code : cyber_security_aw4renessM0nth

@BlackInCyberCo1 @tahaafarooq 🔥🔥

Meet our 2024 BIC Village CTF Creators! 💻️🚩⁠ 🌍️ @tahaafarooq is one of our International BIC CTF Contributors from Tanzania 🇹🇿 👾 Play his reversing challenges this August! ⁠ #BlacksInCyber #BIC_Village #BIC_CTF #DEFCON #DEFCON32 #AWS #Amazon #BIC_Tanzania #TanzaniaCyber

Hello Cybersecurity enthusiasts, Professionals and CTF players. We have just launched our archive for our previous and upcoming CTFs where you can access then and practice their skille through our challenges. Visit : archive.urchinsec.com

I am creating challenges for the reverse engineering category at this years #DEFCON32 @ @BlackInCyberCo1 #BICVillage ! See you then! 😎

@nicl4ssic @ine @tahaafarooq @AlienKeric @AuxGrep @blackninja233 @hashghost21 @MalwarePeter @KMchatta @INEsecurity 🔥🔥🔥

Thrilled to announce that I have passed @ine Junior Penetration Tester exam!

Happy to announce, I have just earned my RTO 1 badge marking me as a Certified Red Team Operator (CRTO)!

@tahaafarooq 🔥🔥🔥congrats sensei

@tahaafarooq @machuche1 @karimnyumba @nicl4ssic @UdsmFinhub @GitHubEducation 🔥🔥🔥

Today I had an awesome opportunity to talk about "opportunities in cybersecurity as a developer" more of how to apply the mindset into coping with cybersecurity at the OPEN SOURCE UNLEASHED TANZANIA.I Gave a simple roadmap and met awesome guys @machuche1 @karimnyumba @nicl4ssic