𝕏 Bug Bounty Writeups 𝕏

🦇 How I Took Over Any Account on a Major Platform With One Click — A Client-Side Path Traversal Story Blog: patrickbatman.hashnode.dev/how-i-took-ove… Author: @hamidonsolo

✅ Linux Checklist: Linux Privilege Escalation Comprehensive Checklist Checklist: hacktricks.wiki/en/linux-harde… #infosec #pentesting

📝 Beginners Guide: Networking Basics for Pentesters Part 1: hackers-arise.com/post/networkin… Part 2: hackers-arise.com/post/networkin… Part 3: hackers-arise.com/post/network-b… #networking #infosec

💉 How I achieved RCE via git clone: Journey to Exploiting CVE-2024-32002 Blog: amalmurali.me/posts/git-rce/ #infosec

🦈 Wireshark For Pentesters: A Comprehensive Beginner’s Guide on Wireshark Guide: hackingarticles.in/wireshark-for-… #infosec #pentesting

🍀 Learning about Universal Links and Fuzzing URL Schemes on iOS with Frida Blog: grepharder.github.io/blog/0x03_lear… #infosec #ios

♾ Reverse-Engineering: A FREE comprehensive reverse engineering tutorial. Github: github.com/mytechnotalent… Author: @mytechnotalent

🗺️ SQLmap for Beginners: The ultimate guide to getting started! Blog: stationx.net/sqlmap-tutoria… #infosec

💻 macOS Red Teaming Comprehensive Guide Guide: hacktricks.wiki/en/macos-harde…

📒 Complete OSWE Certification Guide (2026) Blog: stationx.net/what-is-oswe-c… Author: Jacob Fox

♣ A Technical Deep Dive: Comparing Anti-Cheat Bypass and EDR Bypass Blog: whiteknightlabs.com/2024/02/09/a-t… #infosec

🛏️ From Naptime to Big Sleep: Using LLMs To Catch Vulnerabilities In Real-World Code Blog: projectzero.google/2024/10/from-n… author: Google Project Zero / The Big Sleep Team #infosec

🐍 Building a Simple Web Application Security Scanner with Python: A Beginner's Guide Guide: freecodecamp.org/news/build-a-w…

🖇️ Lessons Learned: One line of code can make your application vulnerable (Pre-Auth RCE in Metabase CVE-2023–38646) Blog: medium.com/appsec-untangl… #infosec

🎲 How an obscure PHP footgun led to RCE in Craft CMS Blog: assetnote.io/resources/rese… author: Adam Kues (@assetnote)

🦎 Automating Client-Side Path Traversals Discovery Blog: vitorfalcao.com/posts/automati… author: @busf4ctor

🔥 Linux Firewalls: The Modern NFTable Firewall Blog: hackers-arise.com/post/linux-fir… Author: @three_cube

Starting April, my @OlaElectric scooter stopped working and wouldn’t charge. I raised an RSA request expecting quick support , but I only got a callback after 24 hours, and that’s where the ordeal began. I was told to immediately pay ₹3000 just to book RSA, and despite raising the request on April 3, the pickup was scheduled for April 9. Even then, no one showed up. After endless waiting and zero proper communication, my scooter was finally picked up on April 21, almost 3 weeks later. Shockingly, I was asked to assist in loading my own scooter because only one person came for pickup. So after paying ₹3000, I’m still expected to do their job? It gets worse. The service center then refused to accept my scooter, claiming they already had 300 pending cases. They also said the battery is damaged and demanded ₹67,000 upfront for replacement, on a scooter I bought for ₹1.5 lakh. On top of that, they threatened to leave my scooter on the road if I didn’t pay, making me responsible for any damage or legal issues. Meanwhile, the pickup agent kept calling saying he would return the scooter to me. Ola Electric support told me not to respond, but the agent went ahead and dumped my scooter back at my premises without my permission, just sending a video as proof. This entire experience shows complete failure in service, accountability, and basic customer respect. I strongly advise everyone to think twice before buying from Ola Electric. Poor product, worse customer service, and a system that seems designed to extract money from customers. Biggest mistake of my life buying this scooter. Sharing this so others don’t go through the same. @OlaElectric @OlaComunity @OlaEV_parodyy @ola_supports please help with this scam please @jagograhakjago @ConsumerReports @nitin_gadkari @CMofKarnataka @BJP4Karnataka i am not sure how these companies works after these many scams?

📜 HackerOne-Reports: Top disclosed reports from HackerOne. - Top 100 reports (most paid/upvoted) - Top reports by bug type (XSS, SQLi, IDOR, etc) - Top reports by program (Yahoo, Uber, Shopify, etc) Github: github.com/reddelexc/hack…

🍯 If you've never seen or worked with a Honeypot, watch this video. It covers how to setup almost 20+ honeypots (and visualize the data) to trap attackers. Video: youtube.com/watch?v=FjZmhI…