cybersecurity
-
Yo everyone! Back with another write-up, Today we’re going to solve the w1seGuy room on TryHackMe. First, download the task files provided in the room and then start the machine source.py import randomimport socketserver import socket, osimport stringflag = open(‘flag.txt’,’r’).read().strip()def send_message(server, message): enc = message.encode() server.send(enc)def setup(server, key): flag = ‘THM{thisisafakeflag}’ xored = “” for i…
-
Yo, Back with another writeup! Today, we’ll try to complete the Unstable Twin room. We start with an Nmap scan: nmap -sS -sV <IP> The scan shows that ports 22 (SSH) and 80 (HTTP) are open. What is the build number of Vincent’s server? Answer: 1.3.4-dev To find this, you can use Burp Suite: To get…
-
In November 2025, Anthropic, the company behind the AI model Claude revealed something the cybersecurity world knew was coming one day, but hoped would be far in the future:A state-sponsored hacking group used an AI system to carry out a major cyberattack with very little human involvement. This isn’t just “AI helped hackers.”It’s the first…
-
How to find AWS misconfigured S3 Buckets for bug hunting | By Alham Rizvi
AWS pentesting, AWS security, bug bounty, Bug Bounty Tips, cloud hacking, cloud misconfiguration, cloud pentesting, cybersecurity, data exposure, Ethical Hacking, Information Disclosure, LazyS3, misconfigured S3, open S3 buckets, PyLazyS3, recon automation, Reconnaissance, S3 bucket, s3recon, S3Scanner, Security ToolsIntroAmazon S3 stores files in named containers called buckets. Developers sometimes leave buckets public by mistake, exposing files like logs, backups, or credentials. This guide shows what S3 is, why misconfigs happen, simple non-destructive checks, and practical install/run commands for common tools. What is an S3 bucket?An S3 bucket is a named storage location in…
-
GitHub Recon for finding Sensitive data in js files| By Alham Rizvi
API Key Leak, Automation Tools, Bounty Hunting, bug bounty, Credential Leak, cybersecurity, Ethical Hacking, GitDorker, GitHub Dorks, GitHub Enumeration, GitHub Recon, GitHub Recon Tips, GitHub Secrets, GitHub Security, Gitleaks, Gitrob, Information Disclosure, OSINT, Penetration Testing, Reconnaissance, Secret Scanning, Security Research, Security Tools, Sensitive Data Exposure, Source Code Analysis, Token Exposure, TruffleHog, Vulnerability Hunting, Web SecurityGitHub is one of the most common places where developers accidentally leak sensitive information. For bug bounty hunters, learning GitHub recon is a great way to find exposed secrets, config files, and credentials that can lead to valid reports. What Sensitive Files Can Be Leaked on GitHubWhile exploring public repositories, you might find files that…
-
Sensitive Data Exposure in .js Files |By Alham Rizvi
Alham Rizvi, API Key Exposure, Bounty Report Writing, bug bounty, Bug Bounty Tips, Bug Hunter Guide, Credential Exposure, cybersecurity, Data Leakage, Ethical Hacking, GetJS, Hacking Guide, httpx, Information Disclosure, JavaScript Security, JS Bundle Analysis, JS File Analysis, Katana, LinkFinder, Mantra, Penetration Testing, Recon Tools, Reconnaissance, ripgrep, Secret Key Finder, Security Research, Security Tools, Sensitive Data Exposure, Sensitive Information in JS, Source Map Exposure, subjs, Token Leak, Vulnerability Hunting, Web Application Security, Web Security1. Why JS Files Are Useful for Hunters Web apps send a lot of code to the browser. JavaScript bundles, source maps, and inline scripts can leak: • Hardcoded config like API endpoints and environment flags.• API keys, tokens, and credentials left in code or comments.• URLs to staging or internal services.• Source maps that…
-
Sensitive Data Exposure in .js Files |By Alham Rizvi
Alham Rizvi, API Key Exposure, Bounty Report Writing, bug bounty, Bug Bounty Tips, Bug Hunter Guide, Credential Exposure, cybersecurity, Data Leakage, Ethical Hacking, GetJS, Hacking Guide, httpx, Information Disclosure, JavaScript Security, JS Bundle Analysis, JS File Analysis, Katana, LinkFinder, Mantra, Penetration Testing, Recon Tools, Reconnaissance, ripgrep, Secret Key Finder, Security Research, Security Tools, Sensitive Data Exposure, Sensitive Information in JS, Source Map Exposure, subjs, Token Leak, Vulnerability Hunting, Web Application Security, Web Security1. Why JS Files Are Useful for Hunters Web apps send a lot of code to the browser. JavaScript bundles, source maps, and inline scripts can leak: • Hardcoded config like API endpoints and environment flags.• API keys, tokens, and credentials left in code or comments.• URLs to staging or internal services.• Source maps that…
-
Windows 10 has been one of the most widely used operating systems in the world, running on millions of personal and business computers. It has been a reliable platform for daily work, gaming, and business operations. But all good things come to an end and for Windows 10, that end is approaching. From today ,…
-
lets gooo Task 1: Intro to AD Breaches Ini /etc/resolv.conf (after) Test Hostname Lookups Bash Why does this work? You’re instructing the DNS resolution service to search between 10.200.54.101 and 10.0.0.1 . So, let’s say you say something like this: Bash What’s happening is this: Task 2: OSINT & Phishing Read through and learn about two very common techniques…
-
Alham Rizvi “ Disclaimer : Read Before Proceeding: This guide is for educational purposes only and describes findings from controlled, lab-based experiments. Do not use the information to access systems without explicit authorization. Attempting to crack passwords on live systems can lead to IP blocks, account bans, civil liability, and criminal charges” What is Hydra?…
