- Graphics 59
- MachineLearning 5
- Javascript 4
- AccessControl 2
- CSP 2
- Redis 2
- Rootkits 2
- javascript 2
- AI 1
- APIHacking 1
- AWS 1
- Agile 1
- Android 1
- Apache Kafka 1
- CORS 1
- CSPBypass 1
- Chinese Idioms/Proverbs 1
- Deepseek 1
- Education 1
- Game 1
- Gitlab 1
- Gobuster 1
- HPROF dump file 1
- IR 1
- JWT 1
- LLM design 1
- Langchain 1
- LoadBalancer 1
- Microsoft Entra 1
- Network Anomaly Detection 1
- Odoo 1
- PathTraversal 1
- Postman 1
- PrivEscalation 1
- PrivilegeEscalation 1
- PrivsEscalation 1
- Proxychains 1
- Psychology experiment 1
- RAG 1
- ReactHooks 1
- Rotating IP 1
- Rotating IPs 1
- SNMP 1
- SOC 1
- SSO 1
- Text-to-speech 1
- Time Series Database 1
- Union-based SQL injection 1
- VisualStudio 1
- Vulnerabilites 1
- WAF-bypass 1
- Wordpress 1
- XSS 1
- cookie stealing 1
- crypto 1
- csrf 1
- extension 1
- forensics 1
- pentest 1
- text2video 1
- valentine_game 1
- waf 1
Graphics
Catch the Hearts - Valentine’s Day Game
Click on the falling hearts to make it disappear and score points.
Variable Petal Lines Animation
Variable Petal Lines Animation (v2)
Epitrochoid (v2) Curves
Epitrochoid (v2) Curves
Epitrochoid Curves
Epitrochoid Curves
Double polygon double rotation
Double polygon double rotation
Chasing polygon
Chasing polygon
Adding two hypotrochoid curves
This is the result of direct addition of two hypotrochoids on top of each other, i.e., (x, y) = (x_hypotrochoid1, y_hypotrochoid1) + (x_hypotrochoid2, y_hypotrochoid2)
Joining points on the hypotrochoids
Joining points on the hypotrochoid. Compare this with that of joining lines on the circle.
Joining points on the circle
Joining points on the circle to form heart-shaped line art. If instead of circle we used hyptrochoid then we will get the following:
Joining points on the hypotrochoids (generalized)
Joining points on the hypotrochoid. Compare this with that of joining lines on the circle.
Three Flower in Motion (v3)
Three Flower in Motion (v3)
Flower in Motion (v2)
Flower in Motion (v2)
Hypotrochoid Curves with Slow Rotation and Offset Control
Hypotrochoid Curves with Slow Rotation and Offset Control
Hypotrochoid Curves with Rotation and Offset Control
Hypotrochoid Curves with Rotation and Offset Control
Hypotrochoid Curve (v4)
Hypotrochoid Curve with Additional Scrollbars
Flower in Motion
Flower in Motion
Epicycloid Curves
Epicycloid Curves
Epicycloid Curves
Epicycloid Curves
Epicycloid Curves
Epicycloid Curves
Hypotrochoid Curve (v3)
Hypotrochoid Curve with Additional Scrollbars
Donut animation drawn using characters
AI generated javascript: Drawing a donut using characters.
Hypotrochoid Curve (v2)
Hypotrochoid Curve with Additional Scrollbars
Hypotrochoid Curves with Scrollbars, Labels, and Color Picker
Hypotrochoid Curves with Scrollbars, Labels, and Color Picker
Hypotrochoid Curves (save as PNG feature)
Hypotrochoid Curves (save as PNG feature)
Vortex Parametric Equation Visualization
Vortex Parametric Equation Visualization
Generalized Cardioid Shape
Generalized Cardioid Shape
Dynamic Petals
Dynamic Petals
Dynamic Petals with Red-Blue-Yellow Gradient
Dynamic Petals with Red-Blue-Yellow Gradient
Animated Sinusoidal Wave on Ellipse
Animated Sinusoidal Wave on Ellipse
Polygon Midpoint Generator
Polygon Midpoint Generator
Polygon with Colored Lines
Polygon with Colored Lines
Epicycloid Curves with Petal with Scrollbars, Labels, and Color Picker
Epicycloid Curves with Petal with Scrollbars, Labels, and Color Picker
Variable Petal Lines Animation
Variable Petal Lines Animation
Variable Petal Lines Animation
Variable Petal Lines Animation
Variable Petal Lines Animation
Variable Petal Lines Animation
Square with Colored Lines
Square with Colored Lines
Generalized chasing rotating polygon
Generalized chasing rotating polygon.
Parametric Equation Visualization with Rotation
AI generated javascript for prametric equation visualization.
Drawing double polygon
AI generated javascript for drawing double polygon - about 60%. And about 5% of code really needs lots of manual Chrome Devtool debugging + ChatGPT advise.
Pentagon with Colored Line
How to draw pentagon with colored lines. This method of drawing lines is called chasing diagram. The two adjacent edge of the pentagon are specified.
Chasing rotating triangle
Chasing rotating triangle.
Drawing chasing triangle
Drawing chasing triangle.
Chasing and rotating square
Drawing chasing and rotating square.
Chasing on square
Chasing on square.
Chasing on rotating pentagon
Chasing on rotating pentagon.
Chasing pentagon
Chasing pentagon.
Chasing lines on rotating hexagon
Chasing lines on rotating hexagon.
Chasing lines and running color
Chasing lines and special effects of running color.
Chasing diagram on rotating hexagon
Chasing diagram on rotating hexagon.
Chasing on hexagon
Chasing diagram on hexagon.
Chasing diagram on diamond around a diamond
Chasing diagram on diamond around a diamond.
Chasing diagram on a circle
This is just drawing two circles and joing lines from one circle to another, and input parameter is just adjusting the index offset from 0 to connect.
Chasing diagram on hexagon around hexagon animated with color.
Chasing diagram on hexagon around hexagon animated with color shifting.
Chasing hexagon around hexagon
Drawing chasing hexagon around hexagon.
Chasing diagram on pentagon around pentagon
Drawing chasing diagram on pentagon around pentagon.
Chasing diagram on squares around squares
Drawing squares around squares, while having chasing diagram inside each square.
Chasing diagram inside a square
Chasing diagram inside a square.
Triangle around triangle with chasing diagram
How to draw triangle around existing triangle. This method of drawing lines is called chasing diagram. The two adjacent edge of the pentagon are specified.
Chasing diagram on triangle
How to draw triangle. This method of drawing lines is called chasing diagram. The two adjacent edge of the pentagon are specified.
MachineLearning
Continuity of thoughts problems in AI
The “continuity of thoughts” problem in large language models (LLMs) refers to the challenge of maintaining coherent and contextually relevant reasoning across multiple interactions or steps. This issue arises because LLMs, by design, generate responses based on the immediate input without inherently retaining long-term context or memory of previous interactions. Here are some key points and approaches related to this problem:
Using Groq to build AI agents framework
Groq primarily provides high-performance hardware for AI workloads and does not come with a specific proprietary AI agent framework. However, Groq’s ecosystem is designed to work seamlessly with widely-used AI frameworks, enabling the creation and deployment of AI agents by leveraging these existing tools.
Process of AI agent implementations using Groq
Creating AI agents using Groq involves leveraging the Groq hardware and software ecosystem, primarily designed for high-performance machine learning workloads. Groq processors are optimized for matrix operations and neural network computations, making them well-suited for implementing AI agents that require real-time decision-making or computationally intensive tasks.
AI agents framework
AI agents can be classified based on their purpose, behavior, and the techniques used to implement them. Here’s an overview of the most popular types of AI agents:
Implement a AI agent for bug hunting
How to implement a deliberative AI agent for web application bug hunting purposes
Javascript
60 jQuery exercises
Here’s a list of 60 jQuery exercises, categorized by difficulty and functionality.
60 AngularJS exercises
A list of 60 AngularJS exercises, categorized into different topics to cover basics, data binding, directives, routing, services, and advanced features.
Tools for deobfuscating, decoding, or decrypting JavaScript (II)
Another list of Javascript deobfuscation tools
Tools for deobfuscating, decoding, or decrypting JavaScript
Here’s a list of tools and websites commonly used for deobfuscating, decoding, or decrypting JavaScript. These tools serve various purposes, including simplifying obfuscated code, reversing encoded strings, or analyzing minified JavaScript.
AccessControl
Identifying Access Control Bugs
Access control bugs can be critical in exposing sensitive data or allowing unauthorized actions. Here are 30 methods to detect access control bugs systematically:
Identifying access control bugs through automation
Privilege Creep Detection
Example: Verify if permissions are retained after role changes.
CSP
top 30 CSP bypass techniques
The top 30 CSP bypass techniques known in the CTF and bug bounty hunting communities, along with their explanations and use cases:
Top 100 Content Security Policy (CSP) features
Content Security Policy (CSP) is an HTTP header that provides a robust mechanism to mitigate certain types of attacks, such as Cross-Site Scripting (XSS) and data injection. Here are the top 50 features and directives supported by CSP:
Redis
10 examples of coding with Redis using different programming languages and Redis functionalities
1. Basic Redis Connection (Python)
```python import redis
100 key aspects of Redis
1-10: Basic Features and Commands
- In-Memory Storage – Redis stores data in RAM, making it extremely fast.
- Persistence Options – Redis supports RDB (snapshotting) and AOF (Append-Only File) for durability.
- Data Structures – Supports strings, lists, sets, sorted sets, hashes, bitmaps, hyperloglogs, and geospatial indexes.
- Basic Commands –
SET,GET,DEL,EXPIRE,TTL,KEYS,FLUSHDB,FLUSHALL. - Advanced Commands –
ZADD(sorted sets),HSET(hashes),LPUSH/RPUSH(lists),BITOP(bit operations). - Atomic Operations – All Redis operations are atomic at the single command level.
- Pipeline Support – Redis allows multiple commands to be sent together for efficiency.
- Pub/Sub Messaging – Real-time publish-subscribe capabilities using
PUBLISHandSUBSCRIBE. - Transactions (MULTI/EXEC) – Supports multiple operations in a single transaction.
- Lua Scripting – Supports server-side scripting via Lua (
EVAL,EVALSHA).
Rootkits
Linux user space rootkit technologies
Linux user space rootkit technologies
Linux kernel rootkits
Linux kernel rootkits
javascript
postMessage() usage
How postMessage() appears across browser context.
iframe internals when design applications
A breakdown of everything security-critical about iframe communication in an application design, properly chained from concept → implementation → spec → source code.
AI
400 Plus questions to test any generative AI system
400 Plus (redacted) questions and answers to test any generative AI system.
APIHacking
100 ways of API Hacking
100 ways of API Hacking
AWS
Examples of development of applications using Amazon Bedrocks
Examples of development of applications using Amazon Bedrocks
Agile
50 key characteristics of Agile development
1. Iterative Development
Work is done in small, manageable cycles called iterations or sprints.
Android
How to run Android headless in the cloud
How to run Android headless in the cloud
Apache Kafka
AI generated checklist: Apache Kafka
Top 20 applications of Apache Kafka
CORS
50 distinct CORS misconfiguration patterns
50 distinct CORS misconfiguration patterns, chaining each one to specific headers, server behaviors, and, where possible, how the relevant source code or framework behavior leads to it.
CSPBypass
Client Side CSP Bypass
Here’s a detailed list of 30 ways client-side Content Security Policy (CSP) bypasses are possible, with explanations and references to potential vulnerabilities:
Chinese Idioms/Proverbs
中国谚语: 涵盖了智慧、人生、道德、时间、友谊、家庭、成功等多个方面。
以下是 中国谚语,涵盖了智慧、人生、道德、时间、友谊、家庭、成功等多个方面。
Deepseek
DeepSeek: key characteristics that differentiate DeepSeek’s LLM implementations
DeepSeek, a Chinese AI startup, has developed a series of large language models (LLMs) that stand out due to their innovative design and efficient performance. Here’s an in-depth look at the key characteristics that differentiate DeepSeek’s LLM implementations:
Education
20 Gamification Ideas for Teenager-AI Dialogue
Following up from previous article:
Game
Back to Top ↑Gitlab
Top GitLab’s bug bounty program hunters
Based on GitLab’s bug bounty program reports from recent years, here are some of the most notable bug hunters who have made significant contributions:
Gobuster
20 examples of using gobuster for directory traversal and discovery
Below are 20 examples of using gobuster for directory traversal and discovery. These examples cover different scenarios, including custom wordlists, extensions, and output formatting.
HPROF dump file
HPROF dump file
Creating a Java HPROF Dump
IR
Opensource Security Operation Centers and Incident Response system
Opensource Security Operation Centers and Incident Response system.
JWT
30 common mistakes in JSON Web Tokens (JWT) : authentication or authorization
Here are 30 common mistakes to avoid when using JSON Web Tokens (JWT) for authentication or authorization:
LLM design
Comparing different LLM models: what are the key differentiator
There are numerous factors that differentiate large language model (LLM) implementations, leading to variations in performance, efficiency, and accuracy. Below are 50 key differentiators, categorized into architecture, training, data handling, optimization techniques, and deployment strategies.
Langchain
List of LangChain applications
What is LangChain?
LoadBalancer
RFCs related to load balancers and their associated protocols
A list of the most important RFCs related to load balancers and their associated protocols.
Microsoft Entra
Microsoft Entra: SSO design from the start
Microsoft Entra: SSO design from the start
Network Anomaly Detection
50 different Wireshark or TCPDump filters for network anomalies detection
Here’s a list of 50 different Wireshark or TCPDump filters that can help detect a variety of network attacks or anomalies. Filters are categorized for convenience.
Odoo
Odoo Setup Guides
Odoo Setup Guides
PathTraversal
Path traversal vulnerability and how its different types of manifestation
Path traversal, also known as directory traversal, is a common security vulnerability that can allow attackers to read arbitrary files on a server. Below is a list of general ways path traversal can be exploited to achieve this:
Postman
10 different ways you can use Postman
Postman is a versatile tool for API testing, development, and debugging. Here are 10 different ways you can use Postman:
PrivEscalation
List of linux privilege escalation methods
List of Linux privilege escalation vulnerabilities with available Proof-of-Concepts (POCs) from 2019 to 2024:
PrivilegeEscalation
100 ways to achieve privilege escalation in Linux
100 ways to achieve privilege escalation in Linux
PrivsEscalation
Privilege escalation in Linx
Privilege escalation in Linux involves exploiting system vulnerabilities or misconfigurations to gain unauthorized elevated access. Staying informed about the latest techniques is crucial for both attackers and defenders. Below is a curated list of resources and tools that provide comprehensive information and scripts for Linux privilege escalation:
Proxychains
10 different ways of using proxychains
proxychains is a powerful tool for routing application traffic through a chain of proxies. Below are 10 different ways to use it, with examples:
Psychology experiment
Dialogue generation experiment
First a problem is posed by the user: here it is “game addiction” as an example. Next AI is used to generate the full dialogue, attempting to uncover the origin of the problem, identifying other problems, and most important to suggest new solutions for the user.
Teenager (Boy, 14): Hey… I need some help, I guess. I’ve been gaming a lot. Like, too much.
RAG
Building a Retrieval-Augmented Generation (RAG) system
Building a Retrieval-Augmented Generation (RAG) system involves combining a retrieval mechanism with a generative model to produce contextually relevant and accurate responses. Below, I’ll outline the detailed steps to build a RAG system using suitable models from Hugging Face, a popular platform for open-source NLP models and tools. The process assumes you have some familiarity with Python, transformers, and basic machine learning concepts.
ReactHooks
10 different ways of using React Hooks with examples
React Hooks are functions introduced in React 16.8 that allow you to use state and other React features in functional components. Here is an explanation of all the commonly used hooks, categorized into basic hooks, additional hooks, and custom hooks, with examples for each.
Rotating IP
Rotating IP addresses using Squid and Docker
Great — here’s a low-level, reproducible setup for rotating IPs using Docker and Squid proxy. This is particularly useful for scraping, automation, or anonymization.
Rotating IPs
What are the purposes of rotating IP addresses
Rotating IPs refers to the practice of changing the IP address used by a client or server periodically or per request. This technique is used in a variety of domains, and it has security, anonymity, rate-limiting evasion, and load balancing implications. Below is a breakdown of the purpose, use cases, and technical underpinnings of IP rotation:
SNMP
20 command-line examples to enumerate SNMP (Simple Network Management Protocol) information
20 command-line examples to enumerate SNMP (Simple Network Management Protocol) information when provided with an IP address and UDP port 161:
SOC
Opensource Security Operation Centers and Incident Response system
Opensource Security Operation Centers and Incident Response system.
SSO
Microsoft Entra: SSO design from the start
Microsoft Entra: SSO design from the start
Text-to-speech
Building a Text-to-Speech (TTS) system
Building a Text-to-Speech (TTS) system using models from Hugging Face involves selecting appropriate pre-trained models, setting up the pipeline, and generating audio from text input. Below, I’ll walk you through the detailed steps to create a TTS system using Hugging Face’s transformers library and other suitable tools. The process will leverage a popular TTS model like Tacotron 2 or VITS, paired with a vocoder like HiFi-GAN, both of which are available on Hugging Face.
Time Series Database
Time Series Database
A Time Series Database (TSDB) is optimized for handling time-stamped or time-ordered data, which is often used in monitoring, financial applications, IoT, and analytics. Below are some well-known time series databases with their characteristics:
Union-based SQL injection
Why is UNION Query-Based SQLi the Fastest SQL Injection Type?
The UNION-based SQL Injection technique is often considered one of the fastest ways to extract data from a vulnerable database. This is due to several reasons, including direct data retrieval, minimal execution complexity, and leveraging native SQL functions. Below is a detailed explanation.
VisualStudio
Top 100 common compilation and runtime errors encountered in Visual Studio IDE environment
Visual Studio compilation and runtime errors can come from various sources, including syntax mistakes, type mismatches, missing dependencies, or logic flaws in the code. Below is a categorized list of 100 common compilation and runtime errors encountered in Visual Studio, particularly for C++ and C# development.
Vulnerabilites
Assetnote.io Vulnerabilities Writeup
Assetnote.io Vulnerabilities Writeup
WAF-bypass
Bypassing a Web Application Firewall (WAF) for XSS exploits
Bypassing a Web Application Firewall (WAF) for XSS (Cross-Site Scripting) exploits requires a combination of techniques to evade detection mechanisms. Here’s a comprehensive approach to bypass WAFs when testing XSS vulnerabilities, relevant to your scenario with DalFox and Cloudflare WAF.
Wordpress
100 differeny ways to test WordPress vulnerabilities
Testing a WordPress URL or webpage for vulnerabilities involves a structured methodology, leveraging both automated tools and manual techniques. Below are 100 different ways categorized into specific areas for comprehensive security testing:
XSS
Prototype pollution leading to XSS
Crafting 50 distinct ways Cross-Site Scripting (XSS) can arise from prototype pollution, complete with code examples, is a substantial task that requires exploring various scenarios where prototype pollution vulnerabilities could be exploited to inject malicious scripts. Prototype pollution occurs when an attacker manipulates an object’s prototype (e.g., Object.prototype in JavaScript), affecting all objects that inherit from it. If this leads to the injection or manipulation of HTML, scripts, or other executable content in a web application, it can result in XSS.
crypto
Crypto Currency Setup Notes
Crypto Currency Setup Notes
csrf
list of 50 different patterns that could lead to a CSRF vulnerability
CSRF patterns and their explanation to fundamental web behaviors and, when applicable, show how they would appear in real codebases (PHP, Java, Node.js, etc.).
extension
Chrome browser extension for webapp security
How to design a Chrome Extension from the ground up with full security discipline, and link it with specs, source code, and browser internals. 🧠⚙️
forensics
Linux C2 attack emulation
Here’s an explanation for each URL in 2-3 lines:
pentest
Comparing DeepSeek and ChatGPT: 30 different ways of using X-FORWARDED-FOR header
This is by DeepSeek:
text2video
Hugging Face for video generation
Hugging Face offers a variety of open-source models and tools for video generation, primarily through its Diffusers library, which supports tasks like text-to-video and image-to-video generation. Below are some of the key options available as of April 2, 2025, based on the latest developments in the ecosystem:
valentine_game
Back to Top ↑waf
100 patterns for Web Application Firewall (WAF) bypass
Below is a list of 100 patterns that can be used at the Web Application Firewall (WAF) level to detect potential HTTP traffic attempting to bypass WAF protections. These patterns focus on common evasion techniques, unusual behaviors, and malicious payloads that attackers might use to circumvent standard WAF rules. Note that these patterns should be tailored to your specific WAF solution and environment, and some may require regex or custom logic for implementation.