kid cyber
just found this website to practice xss https://xss-game.appspot.com/
here it all starts !!
same origin policy: it stops one website reading or writing data to and from another website
the policy essentially checks for 3 different things in the origin: protocol, host and port
only if the three are the same for two different origin then the browser allows cross read and write
same origin policy: it stops one website reading or writing data to and from another website
the policy essentially checks for 3 different things in the origin: protocol, host and port
only if the three are the same for two different origin then the browser allows cross read and write
Forwarded from Yekolo Temari (የቆሎ ተማሪ)
Get ready for Ethiopia CyberShield Showdown Week, featuring bootcamps, red-team exploits, incident response simulations, and a high-stakes Capture the Flag (CTF). Join us to learn, compete, and connect with a chance to win prizes, merch, and recognition.
📅 Event Details
🔹 Online Bootcamp: Sept 17 to 18 | 8:00 PM to 10:00 PM
🔹 In-Person CTF: Sept 19 to 21 | 9:00 AM to 5:00 PM
📍 Capstone, ALX Tech Lideta Hub, Lideta
🔗 Register now: https://luma.com/jyu7twze
#ALXEthiopia #CyberShieldShowdown #CTF2025 #Cybersecurity #ALXAfrica #dohardthings #lifeatalx #yekolotemari
📅 Event Details
🔹 Online Bootcamp: Sept 17 to 18 | 8:00 PM to 10:00 PM
🔹 In-Person CTF: Sept 19 to 21 | 9:00 AM to 5:00 PM
📍 Capstone, ALX Tech Lideta Hub, Lideta
🔗 Register now: https://luma.com/jyu7twze
#ALXEthiopia #CyberShieldShowdown #CTF2025 #Cybersecurity #ALXAfrica #dohardthings #lifeatalx #yekolotemari
❤2
kid cyber
here it all starts !! same origin policy: it stops one website reading or writing data to and from another website the policy essentially checks for 3 different things in the origin: protocol, host and port only if the three are the same for two different…
💡 Same-Origin Policy (SOP)
It prevents one website from reading/writing data to another site unless protocol, host, and port all match.
🔒 But what about attacks like XSS?
Cross-Site Scripting (XSS) is a web vulnerability where attackers inject malicious noscripts into trusted websites to run in the victim’s browser.
⚡ Types of XSS:
Stored XSS → Malicious noscript is permanently saved on the target server (e.g., in a database, comment section).
Reflected XSS → Script comes from a crafted link or request and reflects back in the response.
DOM-based XSS → The attack happens fully on the client side due to unsafe JavaScript handling in the DOM.
👉 In short: XSS abuses the trust a site has with your browser.
It prevents one website from reading/writing data to another site unless protocol, host, and port all match.
🔒 But what about attacks like XSS?
Cross-Site Scripting (XSS) is a web vulnerability where attackers inject malicious noscripts into trusted websites to run in the victim’s browser.
⚡ Types of XSS:
Stored XSS → Malicious noscript is permanently saved on the target server (e.g., in a database, comment section).
Reflected XSS → Script comes from a crafted link or request and reflects back in the response.
DOM-based XSS → The attack happens fully on the client side due to unsafe JavaScript handling in the DOM.
👉 In short: XSS abuses the trust a site has with your browser.
Samsung fixes critical zero-day CVE-2025-21043 exploited in android attacks and it releases security update for these phones https://security.samsungmobile.com/workScope.smsb
This media is not supported in your browser
VIEW IN TELEGRAM
Have u ever wondered why college degree is called "bachelor's degree"?
Forwarded from ThreatX Security
🔰 Famous Platforms to practice Pentesting 🔰
tryhackme
https://tryhackme.com
bWAPP
http://itsecgames.com
flAWS Cloud
http://flaws.cloud
Hack Yourself First
http://hackyourselffirst.troyhunt.com
OWASP Juice Shop
http://juice-shop.herokuapp.com
Google Gruyere
https://google-gruyere.appspot.com
Hack Me
https://hack.me
HackTheBox
https://hackthebox.eu
Root-Me
https://root-me.org
XSS Game
https://xss-game.appspot.com
Pentesterlab
https://pentesterlab.com
OverTheWire
https://overthewire.org/wargames/
Hacking Lab
https://hacking-lab.com/index.html
IO
http://io.netgarage.org
smashthestack
http://smashthestack.org
microcorruption
https://microcorruption.com/login
ExploitMe Mobile
http://securitycompass.github.io/AndroidLabs/index.html
Hax.Tor
http://hax.tor.hu/welcome/
Java Vulnerable Lab
https://github.com/CSPF-Founder/JavaVulnerableLab
Pwnos
http://pwnos.com
Ringzero
https://ringzer0team.com/challenges
Avatao
https://avatao.com
GameOver
https://sourceforge.net/projects/null-gameover/
HSCTF3
http://hsctf.com
#ThreatX
#ThreatXSecurity
tryhackme
https://tryhackme.com
bWAPP
http://itsecgames.com
flAWS Cloud
http://flaws.cloud
Hack Yourself First
http://hackyourselffirst.troyhunt.com
OWASP Juice Shop
http://juice-shop.herokuapp.com
Google Gruyere
https://google-gruyere.appspot.com
Hack Me
https://hack.me
HackTheBox
https://hackthebox.eu
Root-Me
https://root-me.org
XSS Game
https://xss-game.appspot.com
Pentesterlab
https://pentesterlab.com
OverTheWire
https://overthewire.org/wargames/
Hacking Lab
https://hacking-lab.com/index.html
IO
http://io.netgarage.org
smashthestack
http://smashthestack.org
microcorruption
https://microcorruption.com/login
ExploitMe Mobile
http://securitycompass.github.io/AndroidLabs/index.html
Hax.Tor
http://hax.tor.hu/welcome/
Java Vulnerable Lab
https://github.com/CSPF-Founder/JavaVulnerableLab
Pwnos
http://pwnos.com
Ringzero
https://ringzer0team.com/challenges
Avatao
https://avatao.com
GameOver
https://sourceforge.net/projects/null-gameover/
HSCTF3
http://hsctf.com
#ThreatX
#ThreatXSecurity
TryHackMe
TryHackMe | Cyber Security Training
TryHackMe is a free online platform for learning cyber security, using hands-on exercises and labs, all through your browser!
👍2
Forwarded from The Hacker News
🚨 Chrome users: a new zero-day is under active attack.
CVE-2025-10585 targets Chrome’s V8 engine—Chrome’s 6th zero-day of 2025.
Details → https://thehackernews.com/2025/09/google-patches-chrome-zero-day-cve-2025.html
⚡ Update now: 140.0.7339.185/.186 (Win/macOS), 140.0.7339.185 (Linux).
If you use Edge/Brave/Opera/Vivaldi, patch too.
CVE-2025-10585 targets Chrome’s V8 engine—Chrome’s 6th zero-day of 2025.
Details → https://thehackernews.com/2025/09/google-patches-chrome-zero-day-cve-2025.html
⚡ Update now: 140.0.7339.185/.186 (Win/macOS), 140.0.7339.185 (Linux).
If you use Edge/Brave/Opera/Vivaldi, patch too.
👍4
Linux and DevOps
just wanted to rehearse the basics and i feel i didn't do enough labs there so ....yeah i'm not here for shortcut just building strong foundations will share the labs and some reports 😊
not to end up being a noscript kiddie😁
not to end up being a noscript kiddie😁
👍3
Forwarded from 《MELEX IT®》
🚨 Big News for Hackers in Ethiopia! 🚨
Introducing Bug Sphere 🕵️♂️💻 — Ethiopia’s FIRST Bug Bounty Platform!
A place where ethical hackers, security researchers, and tech enthusiasts come together to hack, secure, and earn rewards. 🏆
🔒 Help companies stay safe.
💰 Get rewarded for your skills.
🌍 Be part of Ethiopia’s cybersecurity revolution.
👉 Join the Waitlist today and be among the first hackers to get access!
📌 https://www.bug-sphere.com/
⚡️ Don’t just watch the future happen — hack it with Bug Sphere!
#BugSphere #Ethiopia #BugBounty #HackTheFuture
@MelaSec
Introducing Bug Sphere 🕵️♂️💻 — Ethiopia’s FIRST Bug Bounty Platform!
A place where ethical hackers, security researchers, and tech enthusiasts come together to hack, secure, and earn rewards. 🏆
🔒 Help companies stay safe.
💰 Get rewarded for your skills.
🌍 Be part of Ethiopia’s cybersecurity revolution.
👉 Join the Waitlist today and be among the first hackers to get access!
📌 https://www.bug-sphere.com/
⚡️ Don’t just watch the future happen — hack it with Bug Sphere!
#BugSphere #Ethiopia #BugBounty #HackTheFuture
@MelaSec
Bug Sphere
Bug Sphere - Ethiopia's Premier Cybersecurity Platform | Bug Bounty & Security Research
Bug Sphere connects Ethiopian organizations with top security researchers through our comprehensive cybersecurity platform. Discover vulnerabilities, enhance digital security, and protect your assets with ethical hacking and professional security assessments.…
Forwarded from Linkedin Learning
Welcome to our Development Pack! 🚀
If you're interested in web development, mobile development, machine learning, or even ChatGPT, you're in the right place.
You'll find channels for everything, starting with the famous Python 🐍 and JavaScript, and finishing with React, Next.js, Java,C++ and C#. We also cover databases, Linux 🐧, ethical hacking, cybersecurity, finance and marketing, crypto tutorials, and many more. 🌟
📱 Development Pack
If you're interested in web development, mobile development, machine learning, or even ChatGPT, you're in the right place.
You'll find channels for everything, starting with the famous Python 🐍 and JavaScript, and finishing with React, Next.js, Java,C++ and C#. We also cover databases, Linux 🐧, ethical hacking, cybersecurity, finance and marketing, crypto tutorials, and many more. 🌟
Please open Telegram to view this post
VIEW IN TELEGRAM
❤2
https://www.instagram.com/reel/DO8oaMaEeqt/?igsh=MTBjZ2w0c2o4Ymtqbw==
We got AI gaslighting before GTA6
We got AI gaslighting before GTA6