The following technical work is entirely credited to @infosecfacts — I was just the glorified spellchecker and keyboard monkey for this one. If you’ve got questions, feedback, or failed attempts at hacking your girlfriend’s Instagram (let’s be honest, we know you don’t have one 😉 ), direct them to Infosecfacts via the links or contact […]
Using Gospider for Recon – A No-BS Guide
In a world where data is currency and everyone’s got something to hide, Gospider doesn’t ask questions—it just digs. Born from the brains of @thebl4ckturtle and @j3ssiejjj, this Go-powered beast doesn’t care if your target is a pristine marketing site or a dark, cluttered corner of the web. It gets in, gets what it needs, […]
Wfuzz For Skids: A Primer on Fuzzing for Nerds
What Is Fuzzing? Imagine whispering sweet, chaotic nothings into a web app’s ear just to see how it reacts. That’s fuzzing. Or more accurately: you throw malformed, unexpected, or straight-up weird input at a target, hoping something breaks, spills its guts, or at least blinks weirdly. Web fuzzing is the digital equivalent of jiggling every […]
Path Traversal to RCE: Bug Bounty Write-Up POC
Path Traversal to RCE: Bug Bounty Write-Up POC Path Traversal to RCE: Bug Bounty Write-Up POC Introduction Bug bounty hunting is all about persistence and creativity. This write-up documents my approach to a CTF lab that simulates a real-world vulnerability, inspired by this $40,000 bounty write-up by Abdullah Nawaf and Orwa Atyat. In this challenge, […]