mXgarweg
banner
michaelxg.bsky.social
mXgarweg
@michaelxg.bsky.social
Security researcher | bug bounty hunter
Kali NetHunter ist now installed and running on this old Nokia 8.
#saturdaynightthings
February 8, 2026 at 1:14 AM
So, what are you setting up this Saturday evening?
#kali #nethunter #cybersecurity
February 7, 2026 at 9:11 PM
#Schienenersatzverkehr nächste Woche vielleicht sogar schneller als mit der verspäteten Bahn nach #Dortmund fahren.🤣 #Wuppertal
February 4, 2026 at 10:28 AM
Completed "Build a Stylized To-Do List" CSS challenge on #freeCodeCamp.

Learned that in CSS, anchor elements must be placed in a specific order for the design to work as desired:

a:link, a:visited, a:hover, a:active
February 3, 2026 at 11:35 AM
I just completed Server-side Template Injection room on TryHackMe! Exploit various templating engines that lead to SSTI vulnerability. tryhackme.com/room/servers...
TryHackMe | Cyber Security Training
tryhackme.com
January 31, 2026 at 5:49 PM
I just completed the Web Security Academy lab:
Password reset broken logic

Token for password reset was not checked when new password was submitted.

@WebSecAcademy
portswigger.net/web-security...
Lab: Password reset broken logic | Web Security Academy
This lab's password reset functionality is vulnerable. To solve the lab, reset Carlos's password then log in and access his "My account" page. ...
portswigger.net
January 29, 2026 at 5:15 PM
Reposted by mXgarweg
💡 Today's word of the day is coupling!

The degree of interdependence between software modules.

#coding #developers #buildinpublic
What is coupling?
The degree of interdependence between software modules.
devterms.com
January 28, 2026 at 5:05 AM
I just completed Hardening Basics Part 1 room on TryHackMe! Learn how to harden an Ubuntu Server! Covers a wide range of topics (Part 1) tryhackme.com/room/hardeni... #tryhackme
TryHackMe | Cyber Security Training
tryhackme.com
January 26, 2026 at 4:46 PM
Reposted by mXgarweg
ai models are like cats: you think you own them, but they do whatever they want. #AIsecurity
January 25, 2026 at 6:10 PM
Just solved : Web - Serveur/HTTP - Contournement de filtrage IP challenge on Root-Me :þ

www.root-me.org?page=validat...

@rootme_org

#hacking #challenge #WebServeur
la root est longue mais la voie est Libre
www.root-me.org
January 25, 2026 at 4:08 PM
Just solved : Web - Serveur/HTTP - User-agent challenge on Root-Me :þ

www.root-me.org?page=validat...

@rootme_org

#hacking #challenge #WebServeur
la root est longue mais la voie est Libre
www.root-me.org
January 25, 2026 at 2:19 PM
Just solved : Web - Serveur/Mot de passe faible challenge on Root-Me :þ

www.root-me.org?page=validat...

@rootme_org

#hacking #challenge #WebServeur
la root est longue mais la voie est Libre
www.root-me.org
January 25, 2026 at 11:40 AM
Just solved : Web - Serveur/HTML - Code source challenge on Root-Me :þ

www.root-me.org?page=validat...

@rootme_org

#hacking #challenge #WebServeur
la root est longue mais la voie est Libre
www.root-me.org
January 25, 2026 at 11:37 AM
In the end, it took just some Javascript deobfuscation to resolve this Web - Client/Javascript - Native code challenge on Root-Me :þ

www.root-me.org?page=validat...

@rootme_org

#hacking #challenge #WebClient
Making sure you're not a bot!
www.root-me.org
January 25, 2026 at 10:58 AM
Just solved : Web - Client/Javascript - Obfuscation 2 challenge on Root-Me :þ

www.root-me.org?page=validat...

@rootme_org

#hacking #challenge #WebClient
la root est longue mais la voie est Libre
www.root-me.org
January 25, 2026 at 8:45 AM
Reposted by mXgarweg
Dieu dit aux français : tu te reposeras le septième jour

Exode 34:21 / Guimaëc, France, 1975 – by Pierre Le Gall (1948), French
#silentsunday #Bretagne #agriculture #religion #photography
January 25, 2026 at 8:20 AM
Just solved : Web - Client/Javascript - Obfuscation 1 challenge on Root-Me :þ

www.root-me.org?page=validat...

@rootme_org

#hacking #challenge #WebClient
la root est longue mais la voie est Libre
www.root-me.org
January 25, 2026 at 8:32 AM
Just solved : Web - Client/Javascript - Authentification 2 challenge on Root-Me :þ

www.root-me.org?page=validat...

@rootme_org

#hacking #challenge #WebClient
la root est longue mais la voie est Libre
www.root-me.org
January 25, 2026 at 8:19 AM
Just solved : Web - Client/Javascript - Source challenge on Root-Me :þ

www.root-me.org?page=validat...

@rootme_org

#hacking #challenge #WebClient
la root est longue mais la voie est Libre
www.root-me.org
January 25, 2026 at 8:15 AM
Just solved : Web - Client/Javascript - Authentification challenge on Root-Me :þ

www.root-me.org?page=validat...

@rootme_org

#hacking #challenge #WebClient
Making sure you're not a bot!
www.root-me.org
January 25, 2026 at 7:58 AM
Reposted by mXgarweg
Microsoft and BitLocker: If you have access to keys, eventually governments are going to come. And MS provided the keys www.forbes.com/sites/thomas...
Microsoft Gave FBI BitLocker Encryption Keys, Exposing Privacy Flaw
The tech giant said providing encryption keys was a standard response to a court order. But companies like Apple and Meta set up their systems so such a privacy violation isn’t possible.
www.forbes.com
January 23, 2026 at 8:00 PM
"AI slop is the growing flood of low-effort, AI-generated content that sounds good but doesn't actually contain anything useful or productive."
The developer of the popular curl command-line utility and library announced that the project will end its HackerOne security bug bounty program at the end of this month, after being overwhelmed by low-quality AI-generated vulnerability reports.
Curl ending bug bounty program after flood of AI slop reports
The developer of the popular curl command-line utility and library announced that the project will end its HackerOne security bug bounty program at the end of this month, after being overwhelmed by low-quality AI-generated vulnerability reports.
www.bleepingcomputer.com
January 22, 2026 at 8:07 PM
I just completed Input Manipulation & Prompt Injection room on TryHackMe! Understand the basics of LLM Prompt Injection attacks. tryhackme.com/room/inputma... #tryhackme
TryHackMe | Cyber Security Training
tryhackme.com
January 10, 2026 at 5:34 PM
Reposted by mXgarweg
Viele MongoDB-Instanzen sind oder waren potenziell für MongoBleed anfällig. Ein Tool hilft bei der Server-Analyse auf Angriffsspuren. #Security
MongoBleed-Scanner für Admins
Viele MongoDB-Instanzen sind oder waren potenziell für MongoBleed anfällig. Ein Tool hilft bei der Server-Analyse auf Angriffsspuren.
www.heise.de
January 5, 2026 at 12:52 PM
I just completed tmux room on TryHackMe. Learn to use tmux, one of the most powerful multi-tasking tools on linux! tryhackme.com/room/rptmux?... #tryhackme
TryHackMe | Cyber Security Training
tryhackme.com
January 3, 2026 at 5:21 PM