Over the last few weeks, I’ve been working on my new website. I wanted to give it a touch of dynamism. After giving it some thought, I decided to use CSS and JS — and I’m pretty satisfied with the final results.

This article isn’t about building or designing a webpage. Today, I’ll show you some code snippets (with explanations) to breathe life into the website you’re building right now.

1. 3D Animation in JS

The first trick is a wonderful three-dimensional effect in JS.

Hi everyone, I’ve not been writing on Medium for a while(busy months here), however today I wanted to share with you how Response manipulation got me a Low severity bug, going hand in hand with a quickly earned bounty. When targeting a Website/Web App(or Both :D), you usually spend a while on it and search mainly for medium/high severity bugs(sometimes also critical ones). However, there are some “easy” Bugs out there which can sometimes get you from 50$ to 200$.

Seems good enough to continue reading?

Response Manipulation

When talking about response manipulation we are talking about a technique that is used…

Hello guys, in my previous write-up I talked about how I was able to bypass CSRF protection on a web app using session fixation, today I will bring you a more “theoric” article, how to boost up your Dorking productivity using webpaste tool from TomNomNom.

Dorking is wonderful, it is plenty of bugs you can find by using Dorking out there. What is there is a tool that can take this to the next level? It has nothing to do with automated tools, it is just your Dorking experience and knowledge mixed with productivity. …

Hello Guys,

I hope you are doing well these times. I decided to write some interesting bug bounty write-ups to help newbies find their first bug.

Today I would like to talk about a Bug I found in a private bug bounty program. It consists of bypassing the entire csrf protection system of the company’s Web app.

As it is a private bug bounty program, let’s assume that our target is https://redacted.com.

Now, when editing my account’s settings, I always look for CSRF. When saving my account’s settings, I get a request like this:

POST /User/Edit?status=success HTTP/1.1 Host: redacted.com User-Agent…

For the ones who didn’t know yet, a Trojan Horse Attack consists of embedding en exploit in an innocent-looking Application, or even in a document. As you might have guessed today we will embed a backdoor into a Kivy-made GUI. This attack is quite simple, the only thing you need to know is just some python and networking basics. Let us get started!

The Trojan

How to build?

The Backdoor

Among the many things we can embed in a Trojan Horse, I choose to embed a Backdoor. We will be using the one I talked about in this article:

Basically, you can embed everything…

Vim is a highly configurable text editor built that makes creating and editing any kind of text more efficient. I don’t have enough space here to describe all the advantages and features of Vim, but the main reason I use this editor is that you can hack it to do anything you want: use common configurations, create custom commands, custom configs, etc.

Perhaps you’ve heard that Vim is difficult to use and configure — well, it’s true. That’s why today I’m going to show you how I set up Vim for Python programming. I have built the perfect Python development…

Machine Learning

Are you bored? Want to build something interesting using ML? Well, here there are some Machine Learning fun and exciting project ideas that you can start to build right now.

Completing one of these projects will surely help you improve your practical skills in Machine Learning. In fact, I hope you make all these projects. Although they may seem trivial to some of you, learning to do things multiple times is another essential skill of a Senior Data Scientist. I also still have a lot to learn!

1. Sentiment Analysis System

Today, we will Hunt Down Social Media Accounts across social networks by using a great tool: Sherlock. This tool allows us to search for Social Media accounts by their usernames.

The first thing we’ll do is installing Sherlock, then we are going to learn how to use it. Finally, we’ll discover on what Social Media platforms Sherlock operates. Let’s get started!

Installation

Sherlock is a tool made in Python, so if you don’t have Python3 installed Sherlock won’t work. To install python3 you can follow this guide.

After having installed Python3, we’re ready to install Sherlock from Github:

git clone https://github.com/sherlock-project/sherlock.git

…