#hacking

2d ago · 8 min read · TL;DR: Got an MCP OAuth proxy to hand me real production access tokens for any user who clicked one link. No fake login page. No cert warning. No MFA bypass. The victim actually signs in at the real S

Join discussion

SRSatyam Rastogisatyamrastogi.hashnode.dev

0

FTP Plaintext Exposure: 3M Unencrypted Servers & Active Exploitation

3d ago · 6 min read · Originally published on satyamrastogi.com 3 million FTP servers operating without encryption expose credentials and sensitive data to network interception. Red teams exploit plaintext protocols for initial access and lateral movement in enterprise e...

Join discussion

Sshkzmyhack.tech

0

Reaching the Top Ranks on Hack The Box, and What Changed Along the Way

Apr 16 · 5 min read · After 6 or 7 years on Hack The Box, competing, failing, learning, and coming back again, I finally reached the Top 7 worldwide. The number itself is not what matters most, but everything behind it: ti

Join discussion

SXStavro Xhardhadispatchersdotplayground.hashnode.dev

0

Hijacking AIDL Interfaces

Apr 16 · 4 min read · Two years ago, I wrote an introduction article for how components communicate with each-other across the whole Android system. This article would assume that the reader has some knowledge about inter-

Join discussion

KSKaranam Shrivastakaranamshrivasta.hashnode.dev

0

How Hackers Are Using AI for Modern Attacks

Apr 16 · 3 min read · AI isn’t just helping defenders anymore — it’s also changing how cyber attacks are carried out. By Karanam Shrivasta 15-year-old cybersecurity student | 170+ certifications | 300+ badges | 40+ project

Join discussion

OIOluwaseyi Idowuidowuseyi.hashnode.dev

0

Why I Don't Just "Test" User Registration

Apr 16 · 2 min read · In my years leading engineering teams, especially in the highly regulated US HealthTech space, I’ve learned one thing: User registration is a wolf in sheep’s clothing. On the surface, it’s a form, a b

Join discussion

SRSatyam Rastogisatyamrastogi.hashnode.dev

0

Basic-Fit Breach: Targeting SaaS Membership Platforms at Scale

Apr 14 · 8 min read · Originally published on satyamrastogi.com Basic-Fit's 1M member breach reveals systemic weaknesses in SaaS membership platforms. Attack likely leveraged credential compromise or API exploitation targeting customer databases without proper segmentati...

Join discussion

SRSatyam Rastogisatyamrastogi.hashnode.dev

0

PlugX RAT via Fake Claude: DLL Sideloading Supply Chain Attack

Apr 13 · 7 min read · Originally published on satyamrastogi.com Analysis of PlugX RAT distribution through counterfeit Claude website. Exploitation chain combines DLL sideloading with supply chain targeting. Attack methodology, detection evasion, and hardening strategies...

Join discussion

SPSahil Patelblog.sahil.cloud

0

I Built a GitHub Secret Leak Scanner After My Own API Key Was Exposed — What Happened Next Changed How I See Public Code Forever

Apr 12 · 4 min read · It started with a mistake that cost attention. My own credentials were exposed. Not because of some advanced breach. Not because of malware. Just a simple developer mistake — a secret that should neve

Join discussion

HEHarine Ecipherbloom.hashnode.dev

0

6 months after graduation, I had nothing. Here is what I did next.

Apr 12 · 3 min read · Let me be honest with you from the start — I am not writing this as an expert. I have no job yet. I am sitting at home, still waiting on companies to call me for onboarding after passing their intervi

Join discussion

Tag feed

Tag feed

#hacking

Trending tags this week

Full Account Takeover on an MCP OAuth Proxy: Why PKCE Can't Save You

FTP Plaintext Exposure: 3M Unencrypted Servers & Active Exploitation

Reaching the Top Ranks on Hack The Box, and What Changed Along the Way

Hijacking AIDL Interfaces

How Hackers Are Using AI for Modern Attacks

Why I Don't Just "Test" User Registration

Basic-Fit Breach: Targeting SaaS Membership Platforms at Scale

PlugX RAT via Fake Claude: DLL Sideloading Supply Chain Attack

I Built a GitHub Secret Leak Scanner After My Own API Key Was Exposed — What Happened Next Changed How I See Public Code Forever

6 months after graduation, I had nothing. Here is what I did next.

#hacking

Search Hashnode

#hacking

Trending tags this week

Full Account Takeover on an MCP OAuth Proxy: Why PKCE Can't Save You

FTP Plaintext Exposure: 3M Unencrypted Servers & Active Exploitation

Reaching the Top Ranks on Hack The Box, and What Changed Along the Way

Hijacking AIDL Interfaces

How Hackers Are Using AI for Modern Attacks

Why I Don't Just "Test" User Registration

Basic-Fit Breach: Targeting SaaS Membership Platforms at Scale

PlugX RAT via Fake Claude: DLL Sideloading Supply Chain Attack

I Built a GitHub Secret Leak Scanner After My Own API Key Was Exposed — What Happened Next Changed How I See Public Code Forever

6 months after graduation, I had nothing. Here is what I did next.