MaxMnMl
@maxmnml.bsky.social
📤 38
📥 86
📝 53
[ - ]
https://github.com/MaxMnMl
[ - ] c12f97f864dff657f7294c6c9d03e18d
blog.huli.tw/2025/09/15/e...
loading . . .
Explaining XSS without parentheses and semi-colons
Recently, I received an email from a reader asking if I could write an article explaining XSS without parentheses and semi-colons, saying that the payloads in it were hard to understand. Therefore, th
https://blog.huli.tw/2025/09/15/en/xss-without-semicolon-and-parentheses/?utm_source=blog.criticalthinkingpodcast.io&utm_medium=newsletter&utm_campaign=hackernotes-ep-143-new-cohost-client-side-gadgets-lhe-meta-instant-global-admin-in-entra&_bhlid=a1a6458aeca7a26c776327d80a094ff39da199f0
12 days ago
0
0
0
How to make Self-XSS great again 🔥🧯
blog.slonser.info/posts/make-s...
loading . . .
Make Self-XSS Great Again
Disclaimer: This article is intended for security professionals conducting authorized testing within the scope of a contract. The author is not responsible for any damage caused by the application of ...
https://blog.slonser.info/posts/make-self-xss-great-again/
4 months ago
0
0
0
One-Click RCE in ASUS’s Preinstalled Driver Software 🧯🔥
mrbruh.com/asusdriverhub/
loading . . .
One-Click RCE in ASUS's Preinstalled Driver Software
One-Click RCE in ASUS’s Preinstalled Driver Software Part Two of this series on ASUS will be dropping within a week, yes it somehow manages to get worse Introduction This story begins with a conversat...
https://mrbruh.com/asusdriverhub/
5 months ago
0
0
0
Google Cloud Account Takeover via URL Parsing Confusion 💣🔥👀
infosecwriteups.com/google-cloud...
loading . . .
Google Cloud Account Takeover via URL Parsing Confusion
TL;DR
https://infosecwriteups.com/google-cloud-account-takeover-via-url-parsing-confusion-c5e47389b7c7
6 months ago
0
0
0
🔓 Just beat the "Dojo #40 - Hacker profile" challenge on @YesWeHack! Think you can match my skills? 🌟
dojo-yeswehack.com/challenge/pl...
#YesWeHack
#ChallengeAccepted
loading . . .
Dojo #40 - Hacker profile - YesWeHack Dojo
# Hacker profile - Dojo #40 Active until : **17th April - 2025** Authors: [Minilucker](https://x.com/0xidel) #### How to submit your report 1. Visit the Dojo program at [https://yeswehack.com/progr...
https://dojo-yeswehack.com/challenge/play/e8fe7318-3b61-4fb3-bd2c-3e741ff62a96?pwned
7 months ago
0
1
0
reposted by
MaxMnMl
Paged Out!
7 months ago
Paged Out! #6 has arrived! And it's jam-packed with content! You can download it here:
pagedout.institute?page=issues....
0
23
30
Exploring Dompurify Misc (2/2) by
@mizu.re
… What an Amazing Work 🫶
mizu.re/post/explori...
loading . . .
Exploring the DOMPurify library: Hunting for Misconfigurations (2/2). Tags:Article - Article - Web - mXSS
Exploring the DOMPurify library: Hunting for Misconfigurations (2/2)
https://mizu.re/post/exploring-the-dompurify-library-hunting-for-misconfigurations
8 months ago
1
1
0
I just pwned the "Dojo #39 - Phishing" challenge on
@yeswehack.bsky.social
Who’s next to join the fun? 🚀
dojo-yeswehack.com/challenge/pl...
#YesWeHack
#ChallengeAccepted
loading . . .
Dojo #39 - Phishing - YesWeHack Dojo
# Phishing Active until : **28th February - 2025** #### How to submit your report 1. Visit the Dojo program at [https://yeswehack.com/programs/dojo](https://yeswehack.com/programs/dojo) 2. Click on *...
https://dojo-yeswehack.com/challenge/play/d09a5778-77dc-455c-a614-132ba040986d?pwned
9 months ago
0
0
0
One of the Best Blog serie about XSS
aszx87410.github.io/beyond-xss/en/
loading . . .
About This Series | Beyond XSS
As a software engineer, you must be familiar with information security. In your work projects, you may have gone through security audits, including static code scanning, vulnerability scanning, or pen...
https://aszx87410.github.io/beyond-xss/en/
9 months ago
0
0
0
Amazing Work 👏 … The MIDI Shellcode 🎹👾
psi3.ru/blog/swl01u/
loading . . .
World's First MIDI Shellcode
Blog post about a reverse engineering project
https://psi3.ru/blog/swl01u/
9 months ago
0
0
0
Testing JavaScript file for BB 🕸️🐞
click.mlsend2.com/link/c/YT0yN...
loading . . .
Testing JavaScript files for bug bounty hunters
You've with no doubt heard or seen other fellow bug bounty hunters find critical vulnerabilities thanks to JavaScript file enumeration, right? This article is all about the importance of testing and e...
https://click.mlsend2.com/link/c/YT0yNjU0NTgxODk2MjQ3MjUyNTAwJmM9azZjMiZlPTE5MjgmYj0xNDAzOTg4ODA0JmQ9ZjNjNmY0ag==.1fzQKR-_H42M0lkahL0fu1oRNjqPnZMtdYMUqMyzv9o
9 months ago
0
1
0
Hunting for blind XSS 🕸️ 🐞
www.intigriti.com/researchers/...
loading . . .
Hunting for blind XSS vulnerabilities: A complete guide
Cross-site scripting (XSS) vulnerabilities are quite common and fun to find. They also carry great impact when chained with other vulnerabilities. But there's another variant of this vulnerability typ...
https://www.intigriti.com/researchers/blog/hacking-tools/hunting-for-blind-cross-site-scripting-xss-vulnerabilities-a-complete-guide
10 months ago
0
0
0
Broken authentication: 7 Advanced ways of bypassing insecure 2-FA implementations 🪲
blog.intigriti.com/hacking-tool...
loading . . .
Broken authentication: 7 Advanced ways of bypassing insecure 2-FA implementations
Two-factor authentication (2FA) has become the go-to solution for strengthening account security. More and more companies are deploying 2FA implementations, and some even enforce them on their users t...
https://blog.intigriti.com/hacking-tools/broken-authentication-7-advanced-ways-of-bypassing-insecure-2-fa-implementations
11 months ago
0
1
0
OAuth Non-Happy Path to ATO 🎯
blog.voorivex.team/oauth-non-ha...
loading . . .
OAuth Non-Happy Path to ATO
Learn how small errors in OAuth implementation can lead to significant security vulnerabilities like one-click account takeover in web applications
https://blog.voorivex.team/oauth-non-happy-path-to-ato
11 months ago
0
0
0
Just completed the "Dojo #37 - Hacker forum" challenge on
@yeswehack.bsky.social
Level up with me! 🌟
dojo-yeswehack.com/challenge/pl...
#YesWeHack
#ChallengeAccepted
loading . . .
Dojo #37 - Hacker forum - YesWeHack Dojo
# Hacker forum Active until : **12th December - 2024** #### How to submit your report 1. Visit the Dojo program at [https://yeswehack.com/programs/dojo](https://yeswehack.com/programs/dojo) 2. Click ...
https://dojo-yeswehack.com/challenge/play/07c69662-c78b-4fab-acfb-843f68a71d4c?pwned
11 months ago
0
0
0
Bypassing WAFs with the phantom $Version cookie 🍪
portswigger.net/research/byp...
loading . . .
Bypassing WAFs with the phantom $Version cookie
HTTP cookies often control critical website features, but their long and convoluted history exposes them to parser discrepancy vulnerabilities. In this post, I'll explore some dangerous, lesser-known
https://portswigger.net/research/bypassing-wafs-with-the-phantom-version-cookie
11 months ago
0
0
0
Cross-Site POST Requests Without a Content-Type Header 🛰️
nastystereo.com/security/cro...
loading . . .
Cross-Site POST Requests Without a Content-Type Header / nastystereo.com
https://nastystereo.com/security/cross-site-post-without-content-type.html
11 months ago
0
0
0
Zero-Day in Active Directory Certificate Services: Researcher Exposes CVE-2024-49019 with PoC 🚀🪟
securityonline.info/zero-day-in-...
loading . . .
Zero-Day in Active Directory Certificate Services: Researcher Exposes CVE-2024-49019 with PoC
Discover the details of the critical zero-day vulnerability CVE-2024-49019 affecting Active Directory Certificate Services (AD CS).
https://securityonline.info/zero-day-in-active-directory-certificate-services-researcher-exposes-cve-2024-49019-with-poc/
11 months ago
0
0
0
Bypass Apache Superset to perform SQLI 💉🦄
blog.quarkslab.com/bypass-apach...
loading . . .
Bypass Apache Superset restrictions to perform SQL injections
The following article explains how during an audit we took a look at Apache Superset and found bypasses (by reading the PostgreSQL documentation) for the security measures implemented.
https://blog.quarkslab.com/bypass-apache-superset-restrictions-to-perform-sql-injections.html
11 months ago
0
0
0
reposted by
MaxMnMl
Katie Paxton-Fear
11 months ago
What is an API? What makes them special? And what kind of APIs are out there?
#apisecurity
#apis
#bugbountytips
#BugBounty
1
34
5
💢 regreSSHion: RCE in OpenSSH's server, on glibc-based Linux systems (CVE-2024-6387) Qualys Paper :
www.qualys.com/2024/07/01/c...
loading . . .
https://www.qualys.com/2024/07/01/cve-2024-6387/regresshion.txt
over 1 year ago
1
0
0
The leader of GhostSec, Sebastian Dante Alexander, talks about the group's decision to abandon financial hacking and shift its focus to hacktivism.
podcasts.apple.com/fr/podcast/c...
loading . . .
Click Here : 139. Mic Drop: GhostSec’s quest for redemption: their leader claims their life of crime is over. sur Apple Podcasts
Afficher Click Here, ép 139. Mic Drop: GhostSec’s quest for redemption: their leader claims their life of crime is over. - 14 juin 2024
https://podcasts.apple.com/fr/podcast/click-here/id1225077306?i=1000659000010
over 1 year ago
0
0
0
Hacking Millions Of Modem 👀. An incredible work of samwcyo, a must read guys. 💢
samcurry.net/hacking-mill...
loading . . .
Hacking Millions of Modems (and Investigating Who Hacked My Modem)
Two years ago, something very strange happened to me while working from my home network. I was exploiting a blind XXE vulnerability that required an external HTTP server to smuggle out files, so I spu...
https://samcurry.net/hacking-millions-of-modems
over 1 year ago
0
1
0
💢Le groupe de hacker pro russe Killnet annonce detenir la version originale de Pegasus (NSO Group). Mise en vente : 1 500 000 $. « Nous avons actuellement entre nos mains la version originale. Nous avons le programme pour toujours ! NSO ne pourra pas restreindre l’accès. »
over 1 year ago
0
0
0
The DGSI gets DDOSed by the GLORIAMIST hacker group 😅 We've seen it all !!
over 1 year ago
0
0
0
Outch 💢 xz —version
www.helpnetsecurity.com/2024/03/29/c...
loading . . .
Beware! Backdoor found in XZ utilities used by many Linux distros (CVE-2024-3094) - Help Net Security
A vulnerability (CVE-2024-3094) in XZ Utils may enable a malicious actor to gain unauthorized access to Linux systems remotely.
https://www.helpnetsecurity.com/2024/03/29/cve-2024-3094-linux-backdoor/
over 1 year ago
0
1
0
The python and the mongoose 🐍
thehackernews.com/2024/03/pypi...
loading . . .
PyPI Halts Sign-Ups Amid Surge of Malicious Package Uploads Targeting Developers
PyPI temporarily shut down new user sign-ups and project creation to combat a malicious malware upload campaign.
https://thehackernews.com/2024/03/pypi-halts-sign-ups-amid-surge-of.html?m=1
over 1 year ago
0
0
0
reposted by
MaxMnMl
nixCraft
over 1 year ago
OMG 😧 Playing doom using windows task manager
youtu.be/hSoCmAoIMOU?...
32 sockets, 896 cores, 1792 logical processors??? 🤯 very cool indeed 👌
loading . . .
Windows Task Manager Runs Doom (896 cores)
Playing Doom in Windows task manager. Finally got it working and looking decent!But can it run Crysis?... ctrl+alt+doomDone by taking the original pixels, th...
https://youtu.be/hSoCmAoIMOU?si=-NUUcImcNrf_8eRb
0
13
1
How to debug remotely in Space 📡🚀 By Nasa
blogs.nasa.gov/sunspot/2024...
loading . . .
NASA Engineers Make Progress Toward Understanding Voyager 1 Issue – The Sun Spot
https://blogs.nasa.gov/sunspot/2024/03/13/nasa-engineers-make-progress-toward-understanding-voyager-1-issue/
over 1 year ago
0
1
0
AI, Play with me 👾
github.com/xai-org/grok-1
What is it guys ?
x.ai/model-card/
loading . . .
GitHub - xai-org/grok-1: Grok open release
Grok open release. Contribute to xai-org/grok-1 development by creating an account on GitHub.
https://github.com/xai-org/grok-1
over 1 year ago
0
0
0
Vulnlab is an excellent alternative or complement to the very famous THM and HTB. The catalogue of machines and networks is varied and modern, and new machines are added regularly. The subscription cost is average and the team is cool.🔥💻
www.vulnlab.com
loading . . .
Vulnlab
https://www.vulnlab.com
over 1 year ago
0
0
0
🤖 [ Saturday Night ] IA
www.arte.tv/fr/videos/11...
loading . . .
Course à l'IA - Vers le meilleur des mondes ? - Regarder le documentaire complet | ARTE
État des lieux des avancées en matière d’intelligence artificielle en Europe, à l’aube d’une nouvelle ère aux bouleversements encore inconnus.
https://www.arte.tv/fr/videos/115067-000-A/course-a-l-ia-vers-le-meilleur-des-mondes/p
over 1 year ago
0
0
0
I'm officially
#eCPPTv2
certified by @INEsecurity @ine 💯🔥 Many thanks to all those who made this possible. 🙏
over 1 year ago
0
0
0
💯 Linux Privesc course by @TCMSecurity 🔥🤘Thx bro
over 1 year ago
0
0
0
Outch 💢 CVE-2023-7028 - GitLab user[email][]
[email protected]
&user[email][]
[email protected]
CERT:
cert.ssi.gouv.fr/alerte/CERTF...
POC:
github.com/Vozec/CVE-20...
almost 2 years ago
0
0
0
I took the eJPTv2 exam, and compared to v1 I find the lab to be modern and rather realistic, with both linux and windows machines to operate, and a higher level. It's a very good practical exam for beginners. Thanks @ine @INEsecurity I had a great time.
almost 2 years ago
0
0
0
Start the new year with @RealTryHackMe Jr Penetration Tester LP completion 😍
almost 2 years ago
0
0
0
Best Windows Privesc course. GG @0xTib3rius
almost 2 years ago
0
0
0
reposted by
MaxMnMl
Paged Out!
almost 2 years ago
Issue #3 is here after a long wait, new and shiny. You can download it here
pagedout.institute?page=issues....
. Tell us what you think.
0
2
3
Big thx to
@hackthebox.bsky.social
Meetup Fr for the gift 🎁 One month's Pro subscription to the PentesterLab platform. Thanks to @sniff for donating the prizes 🔥. Let’s go Tryhard 💢
almost 2 years ago
0
0
0
Catspin project is a Cool stuff to bypass blocked ip measure during a scan, brute force, fuzzing …
github.com/rootcathacki...
loading . . .
https://github.com/rootcathacking/catspin
almost 2 years ago
0
0
0
Excellent course on linux privesc. Thanks to @0xTib3rius for the work, I learned a lot and improved my skills. Get 25% Off with the code TWITTER :
courses.tib3rius.com
almost 2 years ago
0
0
0
Comment contrôler les liens envoyés par un GPT personnalisé. . By
@noobosaurus.bsky.social
hacktback.fr/nos-ressourc...
loading . . .
Exploitation des Modèles GPT Personnalisés - HacktBack
La création de GPT personnalisés peut permettre des attaques de type phishing ou partage de malwares de façon simple. Explications.
https://hacktback.fr/nos-ressources/exploitation-des-modeles-gpt-personnalises/
almost 2 years ago
0
1
0
L’ANSSI lance
#Hackropole
, une plateforme regroupant la quasi-totalité des épreuves du France Cybersecurity Challenge
#FCSC
. 🔥🔥🔥
hackropole.fr/fr/
loading . . .
Hackropole
Bienvenue sur Hackropole. Cette plateforme vous propose de rejouer les épreuves du France Cybersecurity Challenge dans le but de découvrir et de vous former à divers domaines de la cybersécurité.
https://hackropole.fr/fr/
almost 2 years ago
0
1
0
PrivEsc in Ubuntu/Kali Linux (CVE-2023-2640 and CVE-2023-32629) POC:
gist.github.com/win3zz/aa1ac...
Research article:
www.wiz.io/blog/ubuntu-...
almost 2 years ago
0
1
0
#HacktBack
Première partie du CyberTalk#12 - Les Arcanes de la Red Team - avec laBrute et h1roki Podcast Vidéo :
youtu.be/9h9qCqpnsNE
Podcast Audio :
podcast.ausha.co/cybertalk/12-p…
#cybertalk
l
#podcast
s
#redteam
a
#cybersécurité
é
loading . . .
Les BASES de la RED TEAM (avec H1roki et LaBrute)
La team qui fait fantasmer tous les apprentis sorciers...On commence par les bases !########## HacktBack ##########Discord : https://discord.gg/QwS7h5hEUCYo...
https://youtu.be/9h9qCqpnsNE
almost 2 years ago
0
0
0
New Darknet Diaries episode! Ep 139: D3F4ULT
darknetdiaries.com/episode/139
loading . . .
D3f4ult – Darknet Diaries
This is the story of D3f4ult from CWA. He was a hacktivist, upset with the state of the way things were, and wanted to make some changes. Changes were made.
https://darknetdiaries.com/episode/139
almost 2 years ago
0
0
0
A cloud security Capture The Flag event. The mission? To identify and learn about common Amazon EKS security issues. ☁️ ☁️
eksclustergames.com
loading . . .
EKS Cluster Games
The mission? To identify common AWS EKS security issues and vulnerabilities and learn how to exploit them in practice.
https://eksclustergames.com/
almost 2 years ago
0
1
1
CyberChef V10 is now up !!! Check new features 👀
github.com/gchq/CyberChef
loading . . .
GitHub - gchq/CyberChef: The Cyber Swiss Army Knife - a web app for encryption, encoding, compressio...
The Cyber Swiss Army Knife - a web app for encryption, encoding, compression and data analysis - GitHub - gchq/CyberChef: The Cyber Swiss Army Knife - a web app for encryption, encoding, compressio...
https://github.com/gchq/CyberChef
almost 2 years ago
0
2
0
Linux 6.6 : Linus Torvalds publie la nouvelle version qui supprime les références à la NSA
loading . . .
Linux 6.6 : Linus Torvalds publie la nouvelle version qui supprime les r�f�rences � la NSA, inclut l...
Linus Torvalds, le cr�ateur et mainteneur du noyau Linux, a annonc� la sortie de la version 6.6, apr�s avoir �puis� toutes les excuses pour retarder le travail. Cette nouvelle mouture apporte plusieur...
https://linux.developpez.com/actu/350085/Linux-6-6-Linus-Torvalds-publie-la-nouvelle-version-qui-supprime-les-references-a-la-NSA-inclut-la-fonctionnalite-de-securite-Shadow-Stack-et-ajoute-le-reseau-SMB-au-serveur-integre-au-noyau-KSMBD/
almost 2 years ago
0
0
0
Load more
feeds!
log in
