MaxMnMl
LightNews LightNews
banner
maxmnml.bsky.social
MaxMnMl
@maxmnml.bsky.social
39 followers 87 following 53 posts
[ - ] https://github.com/MaxMnMl [ - ] c12f97f864dff657f7294c6c9d03e18d
Posts Replies Media Videos
maxmnml.bsky.social
blog.huli.tw/2025/09/15/e...
Explaining XSS without parentheses and semi-colons
Recently, I received an email from a reader asking if I could write an article explaining XSS without parentheses and semi-colons, saying that the payloads in it were hard to understand. Therefore, th
blog.huli.tw
October 11, 2025 at 7:02 AM
maxmnml.bsky.social
How to make Self-XSS great again 🔥🧯

blog.slonser.info/posts/make-s...
Make Self-XSS Great Again
Disclaimer: This article is intended for security professionals conducting authorized testing within the scope of a contract. The author is not responsible for any damage caused by the application of ...
blog.slonser.info
June 29, 2025 at 7:11 AM
maxmnml.bsky.social
One-Click RCE in ASUS’s Preinstalled Driver Software 🧯🔥
mrbruh.com/asusdriverhub/
One-Click RCE in ASUS's Preinstalled Driver Software
One-Click RCE in ASUS’s Preinstalled Driver Software Part Two of this series on ASUS will be dropping within a week, yes it somehow manages to get worse Introduction This story begins with a conversat...
mrbruh.com
May 30, 2025 at 1:16 PM
maxmnml.bsky.social
Google Cloud Account Takeover via URL Parsing Confusion 💣🔥👀

infosecwriteups.com/google-cloud...
Google Cloud Account Takeover via URL Parsing Confusion
TL;DR
infosecwriteups.com
May 3, 2025 at 5:25 PM
maxmnml.bsky.social
🔓 Just beat the "Dojo #40 - Hacker profile" challenge on @YesWeHack!
Think you can match my skills? 🌟

dojo-yeswehack.com/challenge/pl...

#YesWeHack #ChallengeAccepted
Dojo #40 - Hacker profile - YesWeHack Dojo
# Hacker profile - Dojo #40 Active until : **17th April - 2025** Authors: [Minilucker](https://x.com/0xidel) #### How to submit your report 1. Visit the Dojo program at [https://yeswehack.com/progr...
dojo-yeswehack.com
March 30, 2025 at 8:55 PM
Reposted by MaxMnMl
pagedout.bsky.social
Paged Out! #6 has arrived! And it's jam-packed with content!
You can download it here:
pagedout.institute?page=issues....
March 29, 2025 at 12:17 PM
maxmnml.bsky.social
Exploring Dompurify Misc (2/2) by @mizu.re … What an Amazing Work 🫶

mizu.re/post/explori...
Exploring the DOMPurify library: Hunting for Misconfigurations (2/2). Tags:Article - Article - Web - mXSS
Exploring the DOMPurify library: Hunting for Misconfigurations (2/2)
mizu.re
March 1, 2025 at 8:01 AM
maxmnml.bsky.social
I just pwned the "Dojo #39 - Phishing" challenge on @yeswehack.bsky.social
Who’s next to join the fun? 🚀
dojo-yeswehack.com/challenge/pl...
#YesWeHack #ChallengeAccepted
Dojo #39 - Phishing - YesWeHack Dojo
# Phishing Active until : **28th February - 2025** #### How to submit your report 1. Visit the Dojo program at [https://yeswehack.com/programs/dojo](https://yeswehack.com/programs/dojo) 2. Click on *...
dojo-yeswehack.com
February 4, 2025 at 2:43 PM
maxmnml.bsky.social
One of the Best Blog serie about XSS

aszx87410.github.io/beyond-xss/en/
About This Series | Beyond XSS
As a software engineer, you must be familiar with information security. In your work projects, you may have gone through security audits, including static code scanning, vulnerability scanning, or pen...
aszx87410.github.io
February 1, 2025 at 9:26 AM
maxmnml.bsky.social
Amazing Work 👏 … The MIDI Shellcode 🎹👾
psi3.ru/blog/swl01u/
World's First MIDI Shellcode
Blog post about a reverse engineering project
psi3.ru
January 27, 2025 at 9:36 PM
maxmnml.bsky.social
Testing JavaScript file for BB 🕸️🐞

click.mlsend2.com/link/c/YT0yN...
Testing JavaScript files for bug bounty hunters
You've with no doubt heard or seen other fellow bug bounty hunters find critical vulnerabilities thanks to JavaScript file enumeration, right? This article is all about the importance of testing and e...
click.mlsend2.com
January 12, 2025 at 8:10 AM
maxmnml.bsky.social
Hunting for blind XSS 🕸️ 🐞

www.intigriti.com/researchers/...
Hunting for blind XSS vulnerabilities: A complete guide
Cross-site scripting (XSS) vulnerabilities are quite common and fun to find. They also carry great impact when chained with other vulnerabilities. But there's another variant of this vulnerability typ...
www.intigriti.com
January 6, 2025 at 6:11 AM
maxmnml.bsky.social
Broken authentication: 7 Advanced ways of bypassing insecure 2-FA implementations 🪲

blog.intigriti.com/hacking-tool...
Broken authentication: 7 Advanced ways of bypassing insecure 2-FA implementations
Two-factor authentication (2FA) has become the go-to solution for strengthening account security. More and more companies are deploying 2FA implementations, and some even enforce them on their users t...
blog.intigriti.com
December 9, 2024 at 6:19 AM
maxmnml.bsky.social
OAuth Non-Happy Path to ATO 🎯

blog.voorivex.team/oauth-non-ha...
OAuth Non-Happy Path to ATO
Learn how small errors in OAuth implementation can lead to significant security vulnerabilities like one-click account takeover in web applications
blog.voorivex.team
December 6, 2024 at 6:30 AM
maxmnml.bsky.social
Just completed the "Dojo #37 - Hacker forum" challenge on @yeswehack.bsky.social
Level up with me! 🌟
dojo-yeswehack.com/challenge/pl...
#YesWeHack #ChallengeAccepted
Dojo #37 - Hacker forum - YesWeHack Dojo
# Hacker forum Active until : **12th December - 2024** #### How to submit your report 1. Visit the Dojo program at [https://yeswehack.com/programs/dojo](https://yeswehack.com/programs/dojo) 2. Click ...
dojo-yeswehack.com
December 5, 2024 at 1:31 PM
maxmnml.bsky.social
Bypassing WAFs with the phantom $Version cookie 🍪

portswigger.net/research/byp...
Bypassing WAFs with the phantom $Version cookie
HTTP cookies often control critical website features, but their long and convoluted history exposes them to parser discrepancy vulnerabilities. In this post, I'll explore some dangerous, lesser-known
portswigger.net
December 4, 2024 at 9:09 PM
maxmnml.bsky.social
Cross-Site POST Requests Without a Content-Type Header 🛰️

nastystereo.com/security/cro...
Cross-Site POST Requests Without a Content-Type Header / nastystereo.com
nastystereo.com
December 4, 2024 at 8:26 PM
maxmnml.bsky.social
Zero-Day in Active Directory Certificate Services: Researcher Exposes CVE-2024-49019 with PoC 🚀🪟

securityonline.info/zero-day-in-...
Zero-Day in Active Directory Certificate Services: Researcher Exposes CVE-2024-49019 with PoC
Discover the details of the critical zero-day vulnerability CVE-2024-49019 affecting Active Directory Certificate Services (AD CS).
securityonline.info
November 30, 2024 at 8:38 AM
maxmnml.bsky.social
Bypass Apache Superset to perform SQLI 💉🦄

blog.quarkslab.com/bypass-apach...
Bypass Apache Superset restrictions to perform SQL injections
The following article explains how during an audit we took a look at Apache Superset and found bypasses (by reading the PostgreSQL documentation) for the security measures implemented.
blog.quarkslab.com
November 30, 2024 at 8:35 AM
Reposted by MaxMnMl
insider.phd
What is an API? What makes them special? And what kind of APIs are out there? #apisecurity #apis #bugbountytips #BugBounty
A mindmap with the following text https://tl.gd/n_1ss2vji
November 30, 2024 at 8:00 AM
maxmnml.bsky.social
💢 regreSSHion: RCE in OpenSSH's server, on glibc-based Linux systems
(CVE-2024-6387)

Qualys Paper : www.qualys.com/2024/07/01/c...
www.qualys.com
July 3, 2024 at 5:03 AM
maxmnml.bsky.social
The leader of GhostSec, Sebastian Dante Alexander, talks about the group's decision to abandon financial hacking and shift its focus to hacktivism.

podcasts.apple.com/fr/podcast/c...
‎Click Here : 139. Mic Drop: GhostSec’s quest for redemption: their leader claims their life of crime is over. sur Apple Podcasts
‎Afficher Click Here, ép 139. Mic Drop: GhostSec’s quest for redemption: their leader claims their life of crime is over. - 14 juin 2024
podcasts.apple.com
June 15, 2024 at 1:42 PM
maxmnml.bsky.social
Hacking Millions Of Modem 👀. An incredible work of samwcyo, a must read guys. 💢

samcurry.net/hacking-mill...
Hacking Millions of Modems (and Investigating Who Hacked My Modem)
Two years ago, something very strange happened to me while working from my home network. I was exploiting a blind XXE vulnerability that required an external HTTP server to smuggle out files, so I spu...
samcurry.net
June 8, 2024 at 1:53 PM
maxmnml.bsky.social
💢Le groupe de hacker pro russe Killnet annonce detenir la version originale de Pegasus (NSO Group). Mise en vente : 1 500 000 $.

« Nous avons actuellement entre nos mains la version originale. Nous avons le programme pour toujours ! NSO ne pourra pas restreindre l’accès. »
April 6, 2024 at 10:26 AM
maxmnml.bsky.social
The DGSI gets DDOSed by the GLORIAMIST hacker group 😅 We've seen it all !!
April 1, 2024 at 9:10 PM