I just published a write-up on prototype pollution and how it leads to XSS.

The key idea: you’re not injecting into the sink—you’re controlling the property lookup that eventually reaches it.

Pollute → Gadget → Sink → Execution

Includes examples and common vulnerable patterns (merge functions, __proto__, etc.)

https://medium.com/@marduk.i.am/prototype-pollution-15f47d9e5c6a

#Cybersecurity #WebSecurity #AppSec #Infosec #BugBounty

DOM XSS isn’t always in the HTML.

Sometimes your input never appears in the Source because JavaScript is building the page.
Source → Sink → Execution in real-world DOM flows.

https://medium.com/@marduk.i.am/url-based-xss-c41d94090e6e

#infosec #cybersecurity #bugbountytips #websecurity #OWASP

A lot of XSS testing turns into guessing payloads and hoping something works.

It doesn’t have to be that way.

I wrote a short guide on a 3-step process to identify context quickly and approach reflections more methodically.

https://medium.com/@marduk.i.am/stop-guessing-xss-payloads-881cad409624

#infosec #xss #bugbounty #cybersecurity #websecurity

A lot of XSS write-ups focus on HTML injection (innerHTML, document.write, etc).

But navigation-based sinks are just as dangerous.

If user input reaches location.href, a javascript: URI can turn a redirect into code execution in the page’s context.

I put together a practical breakdown with examples and real-world patterns:

https://medium.com/@marduk.i.am/why-location-href-isnt-just-a-redirect-f7c77c0e4bcd

#xss #cybersecurity #bugbounty

A breakdown of how execution context determines whether your payload fails or fires — using hands-on PortSwigger labs.

#xss #BugBounty #ethicalhacking #CyberSecurityAwareness

https://medium.com/@marduk.i.am/context-is-everything-a-practical-guide-to-xss-eff8d30421df

One of my first Kali Linux VMs… and I forgot the password

Instead of rebuilding it, I explored snapshot disk analysis and mounted the VDI to recover the data.

#Linux #digital-forensics #cybersecurity #ethical-hacking #virtualization

https://medium.com/@marduk.i.am/vm-snapshot-disk-recovery-657019478cbe

New CTF walkthrough for TryHackMe's RootMe. This is a fun one!

I just published RootMe (CTF Walkthrough) https://medium.com/p/rootme-ctf-walkthrough-efe69ef73510?source=social.tw

#TryHackMe #Cybersecurity #ReverseShell #CTF #PenetrationTesting

Fun Rick & Morty themed CTF here

https://medium.com/@marduk.i.am/pickle-rick-ctf-walkthrough-023a7bfac72b

#TryHackMe
#Cybersecurity
#EthicalHacking
#CTF
#PenetrationTesting

Been having fun with TryHackMe labs. Look for more write-ups to come.

#TryHackMe
#Cybersecurity
#EthicalHacking
#CTF
#PenetrationTesting

https://medium.com/@marduk.i.am/ctf-basic-pentesting-2d3d56aaeb52

Using #owasp tool Amass 5.0.0 for recon. Hope this helps!

https://medium.com/@marduk.i.am/amass-5-0-0-usage-for-recon-8041bc727480

#bugbountytips #bugbounty #CyberSecurity #resonnaissance #EthicalHacking