Lightnews — Scholar-powered news

Swissky

@swissky.bsky.social

Writeup of "Payload Plz" challenge - Le Hack 2025
The goal was to write a polyglot payload for 13 contexts 🤯
swisskyrepo.github.io/blog/payload...

LeHack 2025 - PayloadPLZ

Last weekend, I took part in the LeHack 2025 event in Paris. As always, the challenges hosted by YesWeHack were top-notch and full of valuable learning opportunities. This year's highlight was craftin...

swisskyrepo.github.io

July 3, 2025 at 11:40 AM

Reposted by Swissky

Taggart

@taggart-tech.com

I migrated my coding life, including my static websites, off GitHub. It's easier than you might think! Here's how I did it.

taggart-tech.com/mig...

How and Why to Ditch GitHub

How much of your code do you feel like entrusting to Microsoft? How about American data centers? Here's an easy way to jump ship and maintain operations.

taggart-tech.com

March 31, 2025 at 1:24 PM

Reposted by Swissky

Robin

@digi.ninja

A great write up on McDonald's API security by Eaton:

eaton-works.com/2024/12/19/m...

If you want to learn some API hacking techniques, I've just pushed a new API module to DVWA:

github.com/digininja/DVWA

I’m Lovin’ It: Exploiting McDonald’s APIs to hijack deliveries and order food for a penny

A series of API flaws in McDelivery India made it possible to order food for a penny, hijack other people’s delivery orders, view user information, and more.

eaton-works.com

January 29, 2025 at 1:08 PM

Reposted by Swissky

Laluka

@laluka.bsky.social

Yop ! 🌿
Reprise des veilles technos ce soir 21h ! 🌖
En compagnie de @drypaint.bsky.social @maltemo.bsky.social @swissky.bsky.social 😎

~ See you there ~
www.twitch.tv/thelaluka

Twitch

Twitch is the world

www.twitch.tv

January 28, 2025 at 5:47 PM

Swissky

@swissky.bsky.social

The results are in! Congratulations to the winners—you’ll receive your prize via DM. Thank you all for participating! 😊

December 25, 2024 at 9:56 AM

Reposted by Swissky

Thomas Seigneuret

@zblurx.bsky.social

New module on #NetExec : wam
Dump #Entra access tokens from Windows Token Broker Cache, and make your way to Entra 🚀

Thanks @xpnsec.com for the technique! More info on his blog : blog.xpnsec.com/wam-bam/

December 18, 2024 at 4:26 PM

Reposted by Swissky

Swissky

@swissky.bsky.social

🚀 Big Announcement! 🚀

After 8+ years of working on PayloadsAllTheThings, I’m excited to release it as an ebook on Leanpub! 📖✨

To celebrate, I’m gifting 2 free copies to random reposters! 🔥

👉 Repost for a chance to win

Thank you all for your incredible support! 🙌

#CyberSecurity #Infosec

Payloads All The Things

leanpub.com

December 1, 2024 at 4:16 PM

Reposted by Swissky

Leanpub

@leanpub.bsky.social

Payloads All The Things: Web Application Security Cheatsheets leanpub.com/payloadsallt... by Swissky is the featured book on the Leanpub homepage! leanpub.com #ComputerProgramming #ComputerSecurity

Payloads All The Things

leanpub.com

December 2, 2024 at 9:49 PM

Swissky

@swissky.bsky.social

🚀 Big Announcement! 🚀

After 8+ years of working on PayloadsAllTheThings, I’m excited to release it as an ebook on Leanpub! 📖✨

To celebrate, I’m gifting 2 free copies to random reposters! 🔥

👉 Repost for a chance to win

Thank you all for your incredible support! 🙌

#CyberSecurity #Infosec

Payloads All The Things

leanpub.com

December 1, 2024 at 4:16 PM

Swissky

@swissky.bsky.social

NTLM Relaying – Making the Old New Again
labs.jumpsec.com/ntlm-relayin...

NTLM Relaying - Making the Old New Again | JUMPSEC LABS

I am old enough to remember that it was not always possible to get domain admin within the first hour of a test via Active Directory Certificate Services (ADCS) misconfigurations or over permissioned ...

labs.jumpsec.com

November 29, 2024 at 3:28 PM

Reposted by Swissky

captnbanana

@bananamafia.dev

still the best bug: GraphQL discloses internal beer consumption (hackerone.com/reports/419883)

November 25, 2024 at 8:35 AM

Reposted by Swissky

Nicolas Grégoire

@agarri.fr

I run @agarri.fr (this main account) and @mastering-burp.agarri.fr (dedicated to @burpsuite.bsky.social tips)

And I like how custom handles bring your "brand" (aka domain name) front and center while helping to combat impersonation

Thomas Vochten ☕️👨‍💻🏃‍♂️ @thomasvochten.com · Nov 2

Essential beginner tip for people with their own domain (that should be everyone): set your domain name as handle. bsky.social/about/blog/4...

How to set your domain as your handle - Bluesky

Using a domain as your handle helps with account identity, verification, and portability. Here's how to set your domain as your handle.

bsky.social

November 2, 2024 at 10:37 AM

Swissky

@swissky.bsky.social

🌧️ On a rainy day, I dove into Pokémon Yellow glitches. Ever wondered how they work under the hood?
As kids, we were already hackers manipulating bits in memory! 🔍👾
Read more in my latest blog post:
swisskyrepo.github.io/Pokemon-Glit...

Anatomy of Pokemon glitches

Digging into the anatomy of Pokemon Yellow glitches, or how to impress your school friends during break time.

swisskyrepo.github.io

November 1, 2024 at 5:34 PM

Swissky

@swissky.bsky.social

It’s never too late to solve an old challenge. I spent some time this week-end to try my luck on a hardware challenge from the Ph0wn CTF 2019.
Here is my writeup,
swisskyrepo.github.io/Ph0wn-Flag-D...

Ph0wn CTF 2019 - Flag Digger

Ph0wn CTF 2019 - Flag Digger TLDR: It’s never too late to try to solve an old challenge. This blog post is a quick writeup of a challenge from the Ph0wn CTF 2019 where you were given a small chip a...

swisskyrepo.github.io

February 4, 2024 at 8:00 PM