Graphics

Catch the Hearts - Valentine’s Day Game

Click on the falling hearts to make it disappear and score points.

Variable Petal Lines Animation

Variable Petal Lines Animation (v2)

Double polygon double rotation

Adding two hypotrochoid curves

This is the result of direct addition of two hypotrochoids on top of each other, i.e., (x, y) = (x_hypotrochoid1, y_hypotrochoid1) + (x_hypotrochoid2, y_hypotrochoid2)

Joining points on the hypotrochoids

Joining points on the hypotrochoid. Compare this with that of joining lines on the circle.

Joining points on the circle

Joining points on the circle to form heart-shaped line art. If instead of circle we used hyptrochoid then we will get the following:

Joining points on the hypotrochoids (generalized)

Joining points on the hypotrochoid. Compare this with that of joining lines on the circle.

Hypotrochoid Curves with Slow Rotation and Offset Control

Hypotrochoid Curves with Rotation and Offset Control

Hypotrochoid Curve (v4)

Hypotrochoid Curve with Additional Scrollbars

Hypotrochoid Curve (v3)

Hypotrochoid Curve with Additional Scrollbars

Donut animation drawn using characters

AI generated javascript: Drawing a donut using characters.

Hypotrochoid Curve (v2)

Hypotrochoid Curve with Additional Scrollbars

Hypotrochoid Curves with Scrollbars, Labels, and Color Picker

Hypotrochoid Curves (save as PNG feature)

Vortex Parametric Equation Visualization

Dynamic Petals with Red-Blue-Yellow Gradient

Animated Sinusoidal Wave on Ellipse

Epicycloid Curves with Petal with Scrollbars, Labels, and Color Picker

Variable Petal Lines Animation

Generalized chasing rotating polygon

Generalized chasing rotating polygon.

Parametric Equation Visualization with Rotation

AI generated javascript for prametric equation visualization.

Drawing double polygon

AI generated javascript for drawing double polygon - about 60%. And about 5% of code really needs lots of manual Chrome Devtool debugging + ChatGPT advise.

Pentagon with Colored Line

How to draw pentagon with colored lines. This method of drawing lines is called chasing diagram. The two adjacent edge of the pentagon are specified.

Chasing lines on rotating hexagon

Chasing lines on rotating hexagon.

Chasing lines and running color

Chasing lines and special effects of running color.

Chasing diagram on rotating hexagon

Chasing diagram on rotating hexagon.

Chasing diagram on diamond around a diamond

Chasing diagram on diamond around a diamond.

Chasing diagram on a circle

This is just drawing two circles and joing lines from one circle to another, and input parameter is just adjusting the index offset from 0 to connect.

Chasing diagram on hexagon around hexagon animated with color.

Chasing diagram on hexagon around hexagon animated with color shifting.

Chasing hexagon around hexagon

Drawing chasing hexagon around hexagon.

Chasing diagram on pentagon around pentagon

Drawing chasing diagram on pentagon around pentagon.

Chasing diagram on squares around squares

Drawing squares around squares, while having chasing diagram inside each square.

Chasing diagram inside a square

Chasing diagram inside a square.

Triangle around triangle with chasing diagram

How to draw triangle around existing triangle. This method of drawing lines is called chasing diagram. The two adjacent edge of the pentagon are specified.

Chasing diagram on triangle

How to draw triangle. This method of drawing lines is called chasing diagram. The two adjacent edge of the pentagon are specified.

Back to Top ↑

AI agent

Complete Guide to Building AI Agents with n8n

Introduction to n8n for AI Agents

Most popular automation workflow scenario

Here’s a breakdown of the most popular automation workflows organizations and individuals commonly implement. I’ll group them by domain so you can see the patterns clearly:

50 baseline auditing checklist for AI workflow automation

Here’s a structured list of 50 auditing rules for AI workflow automation, covering governance, compliance, technical integrity, and operational safety. I’ve grouped them into domains for clarity.

AI Agent Framework

Here’s a detailed breakdown of the different AI agent frameworks:

50 ways of AI agent in Education

Here’s a structured list of AI agents in education, broken into categories for clarity:

LangChain Development Problems

Here’s a structured list of 50 different types of development-related problems or bugs you might encounter when working with LangChain, LangGraph, or Pipedream. I grouped them into categories so you can see patterns of issues across the stack.

Ultimate MCP Security Checklist: Hardening Model Context Protocol Deployments

Here’s a tight, practitioner-grade checklist for securing MCP (Model Context Protocol) deployments—organized by layer. Each section points to the authoritative spec and reference SDKs so you can chase details all the way down to code.

Agent-to-Agent (A2A) Orchestration: Next-Gen Automation for AI Workflows

Agent-to-Agent (A2A) orchestration is where multiple autonomous agents collaborate by passing tasks, context, or results to one another. Instead of one monolithic agent, you compose a workflow of specialized agents. This is very relevant to LangGraph (or LangChain agents) where you model workflows as graphs.

LangGraph vs. LangChain: Building Viral AI Agent Orchestration Workflows Step-by-Step

This code creates a multi-agent workflow using LangGraph and OpenAI’s language model. Let me explain what it does and then provide a working version.

Back to Top ↑

Education

Deep Research Agents: A Systematic Examination And Roadmap

Deep Research Agents (DR agents) leverage large language models to autonomously manage complex research tasks by integrating dynamic reasoning, adaptive planning, and iterative tool use. The paper systematically examines their capabilities, architectural design, and benchmarks, highlighting the foundational advances and outlining critical open challenges for future progress.[1]

Google Innovation in Education

Here’s a detailed breakdown of what Google is doing (or planning) with free education-software + LLMs (large language models), how it works, what capabilities are offered, the tech under the hood, and limitations. If you like, I can also pull up some relevant API / source-code level details (where available).

Creating music starting with an existing music as a template

Here’s a step-by-step guide to set up a music generator with Hugging Face, starting from a short audio clip as input. I’ll chain the explanation all the way down to models, code, and internals.

50 ways of AI agent in Education

Here’s a structured list of AI agents in education, broken into categories for clarity:

How to create a viral game

Following up from previous article:

20 Gamification Ideas for Teenager-AI Dialogue

Following up from previous article:

Back to Top ↑

MachineLearning

Continuity of thoughts problems in AI

The “continuity of thoughts” problem in large language models (LLMs) refers to the challenge of maintaining coherent and contextually relevant reasoning across multiple interactions or steps. This issue arises because LLMs, by design, generate responses based on the immediate input without inherently retaining long-term context or memory of previous interactions. Here are some key points and approaches related to this problem:

Using Groq to build AI agents framework

Groq primarily provides high-performance hardware for AI workloads and does not come with a specific proprietary AI agent framework. However, Groq’s ecosystem is designed to work seamlessly with widely-used AI frameworks, enabling the creation and deployment of AI agents by leveraging these existing tools.

Process of AI agent implementations using Groq

Creating AI agents using Groq involves leveraging the Groq hardware and software ecosystem, primarily designed for high-performance machine learning workloads. Groq processors are optimized for matrix operations and neural network computations, making them well-suited for implementing AI agents that require real-time decision-making or computationally intensive tasks.

AI agents framework

AI agents can be classified based on their purpose, behavior, and the techniques used to implement them. Here’s an overview of the most popular types of AI agents:

Implement a AI agent for bug hunting

How to implement a deliberative AI agent for web application bug hunting purposes

Back to Top ↑

Javascript

60 jQuery exercises

Here’s a list of 60 jQuery exercises, categorized by difficulty and functionality.

60 AngularJS exercises

A list of 60 AngularJS exercises, categorized into different topics to cover basics, data binding, directives, routing, services, and advanced features.

Tools for deobfuscating, decoding, or decrypting JavaScript (II)

Another list of Javascript deobfuscation tools

Tools for deobfuscating, decoding, or decrypting JavaScript

Here’s a list of tools and websites commonly used for deobfuscating, decoding, or decrypting JavaScript. These tools serve various purposes, including simplifying obfuscated code, reversing encoded strings, or analyzing minified JavaScript.

Back to Top ↑

React

JSX Specification in 50 lines

Here’s a concise JSX specification in 50 lines, blending syntax rules, semantics, behavior, and how JSX transpiles (mostly via Babel) to JavaScript. This aims to mirror what a minimal JSX RFC/spec might look like for language implementers or advanced users.

50 React Development Rules with Examples (Part2)

50 React Development Rules with Examples

Back to Top ↑

SSTI

Real World Bug Bounty Cases: SSTI

Real-World Bounty Cases Involving SSTI → File Enumeration

Files Enumeration by exploiting SSTI vulnerabilities

Yes, Server-Side Template Injection (SSTI) can potentially be exploited to list files in a server directory, but it depends on the template engine, the server’s configuration, and the level of access the template context provides. Here’s a concise explanation:

Server-side template injection payload

Many template engine (e.g., Jinja2, Twig, FreeMarker) exists different context (e.g., Flask, Symfony).

Back to Top ↑

csrf

CSRF Vulnerabilities in Action: Real-World Patterns in PHP, Node.js, Java EE & Flask

Perfect request — let’s go language by language. I’ll show you 10 vulnerable coding patterns at the source-code level for each of PHP, Node.js, Java EE, and Python Flask. For each, I’ll give you:

CSRF Security Explained: Vulnerable vs. Secure Code Patterns

Here are the side-by-side vulnerable vs secure patterns for each of the PHP, Node.js, Java EE, Flask technology. I’ll show you:

list of 50 different patterns resulting in CSRF

CSRF patterns and their explanation to fundamental web behaviors and, when applicable, show how they would appear in real codebases (PHP, Java, Node.js, etc.).

Back to Top ↑

AccessControl

Identifying Access Control Bugs

Access control bugs can be critical in exposing sensitive data or allowing unauthorized actions. Here are 30 methods to detect access control bugs systematically:

Identifying access control bugs through automation

Privilege Creep Detection

Example: Verify if permissions are retained after role changes.

Back to Top ↑

CSP

top 30 CSP bypass techniques

The top 30 CSP bypass techniques known in the CTF and bug bounty hunting communities, along with their explanations and use cases:

Deep Agents

What is Deep Agents?

Deep Agents are a new class of autonomous AI systems designed to execute complex, multi-turn tasks through dynamic reasoning, adaptive long-horizon planning, multi-hop information retrieval, and iterative tool use. They represent a substantive evolution beyond simple chatbots, capable of generating structured, analytical reports, writing code, building applications, and synthesizing diverse information streams into actionable insight.[1][2][3][4][5][6][7]

What is future of Deep Agents?

The key improvements and evolutions arising in prompting and agent architecture for Deep Agents include expanded self-prompting, dynamic hierarchical multi-agent orchestration, sophisticated memory integration, and vendor-agnostic mesh architectures.[1][2][3][4]

Back to Top ↑

Groovy

50 features why Groovy is better (2)

For each feature, here we explained why Groovy has the advantage.

50 Reasons Groovy Beats Java, Python, JavaScript, PHP, and C for Modern Devs

Here’s a comprehensive list of 50 features that make Groovy stand out compared to Java, JavaScript, PHP, C, or Python. I’ll chain the explanation from syntax-level advantages up to language internals and ecosystem strengths:

Back to Top ↑

Java

Jakarta’s Big Move: Why Java’s Source Code Transfer to Eclipse Foundation Matters

Here’s a detailed write-up expanding on your request about the Spring Boot 3.x and Jakarta EE migration:

Spring Boot Essentials: 20 Must-Know Features Every Engineer Should Master

Here’s a list of 20 new or important things you should know in Spring Boot today (2025) — ranging from features in recent releases, advanced patterns, integrations, and under-the-hood mechanisms:

Back to Top ↑

OneDrive

Connecting to OneDrive from Linux

🧩 1. Overview of Options

Setting up Kali linux to connect to OneDrive

Let’s go step-by-step from the system setup to the protocol-level details, showing both CLI sync and programmatic access.

Back to Top ↑

Redis

10 examples of coding with Redis using different programming languages and Redis functionalities

1. Basic Redis Connection (Python)

```python import redis

100 key aspects of Redis

1-10: Basic Features and Commands

In-Memory Storage – Redis stores data in RAM, making it extremely fast.
Persistence Options – Redis supports RDB (snapshotting) and AOF (Append-Only File) for durability.
Data Structures – Supports strings, lists, sets, sorted sets, hashes, bitmaps, hyperloglogs, and geospatial indexes.
Basic Commands – SET, GET, DEL, EXPIRE, TTL, KEYS, FLUSHDB, FLUSHALL.
Advanced Commands – ZADD (sorted sets), HSET (hashes), LPUSH/RPUSH (lists), BITOP (bit operations).
Atomic Operations – All Redis operations are atomic at the single command level.
Pipeline Support – Redis allows multiple commands to be sent together for efficiency.
Pub/Sub Messaging – Real-time publish-subscribe capabilities using PUBLISH and SUBSCRIBE.
Transactions (MULTI/EXEC) – Supports multiple operations in a single transaction.
Lua Scripting – Supports server-side scripting via Lua (EVAL, EVALSHA).

Back to Top ↑

Rootkits

Linux user space rootkit technologies

Linux user space rootkit technologies

Linux kernel rootkits

Linux kernel rootkits

Back to Top ↑

automation workflow

Most popular automation workflow scenario

Here’s a breakdown of the most popular automation workflows organizations and individuals commonly implement. I’ll group them by domain so you can see the patterns clearly:

AI Agent Framework

Here’s a detailed breakdown of the different AI agent frameworks:

Back to Top ↑

debugging

100 different types of debugging issues in n8n.io

Git push credentials failing after version 1.111.0 update
Executions not displaying when using sub-agents in workflows
AI Agent HTTP Request tool causing workflow execution to hang indefinitely
Errors during workflow import leading to uneditable nodes
Performance degradation in versions 1.105.x and 1.106.0
Inability to create new node projects due to n8n/node breakage
Drastic slowdown in large workflow executions post-1.105.2 update (60s vs. 0.3s)
High failure rate (97%) of workflows in production environments
Significant performance impact during workflow development in 1.105+
Code nodes ceasing to function across all workflows
Complex workflows becoming unresponsive after major upgrades (e.g., 0.198 to 1.84)
Build errors when compiling n8n from source code
Merge node failing to wait for both inputs to arrive properly
Expression syntax breaking after updates ($(…) vs. $node[…])
Executions screen failing to load, especially for successful runs
Nodes reverting or workflow parts deleting after saving
Workflows triggered by other workflows showing as “Queued” indefinitely
Variables (e.g., memory, tools) not accessible inside AI Agent tools
RSS Read node returning 406 errors for specific feeds
Random expression evaluation errors like “a.ok(to)” falsy value
Webhook test URLs returning 404 despite correct setup and timing
GitHub “List” operation failing while other operations succeed
Beginners building workflows that break in production due to API variations
Workflow executions failing due to third-party service errors without proper handling
Workflows canceling mid-execution without errors or visible data loss
Workflows marked as failed despite all nodes completing successfully
Automatic reversion to older workflow versions without user input
Workflows stopping response entirely, even simple webhook-HTTP chains
Workflow activation toggle not reflecting active status correctly
Input data not received correctly when workflows are triggered via AI Agent tools
Issues loading text/title fields from documents in custom note service nodes
Inability to install community nodes after updates
Common syntax or runtime errors in Code nodes
Challenges in testing and debugging custom nodes during development
Custom nodes not displaying properly in the community nodes list
Build failures in n8n-node-dev when including custom classes or files
Outdated documentation for running custom nodes locally
PNPM compatibility issues in node creation and setup
Worker containers failing to load newly installed community nodes
Toggle to disable community nodes not preventing crashes on startup
Bug in custom node text fields showing weird behavior post-update
HTTP Request node unable to access internal webhooks in version 1.24.1
Difficulty selecting specific triggers to run in multi-trigger workflows
New versions forcing use of first() in expressions, breaking legacy logic
Performance bottlenecks when handling large data volumes (e.g., 12,000+ items)
SSH credentials failing to parse encrypted private keys without passphrase
Nodes bugged with missing inputs (e.g., Merge or Agent nodes)
Version mismatches causing node inputs to disappear in UI
AI-generated nodes failing due to incompatible structures
Web scraping automations breaking on dynamic site changes
Third-party API integrations failing due to schema updates
Custom node development stalling on authentication flows
Workflow design errors in complex branching logic
Self-hosting setup issues with Docker configurations
Migration problems from Zapier or Make to n8n
Bug fixing delays in production troubleshooting
Timezone mismatches in schedule triggers
Email node failures when attaching binary data
Database query timeouts in SQL nodes
API rate limiting not handled gracefully in loops
JSON parsing errors from malformed API responses
Binary file handling issues in upload/download nodes
IF node conditions evaluating incorrectly on edge cases
Switch node misrouting items based on dynamic data
Aggregate node losing items during summarization
Split In Batches node skipping items unexpectedly
Error workflows not triggering on node failures
Manual triggers not passing full data payloads
Set node accidentally overwriting nested fields
Deprecated Function node compatibility issues
HTTP node proxy settings ignored in certain environments
OAuth2 token refresh failures mid-workflow
Webhook response delays causing timeouts
Execution timeout configurations being overridden
Queue mode desynchronization between main and workers
Multi-main instance conflicts in credential sharing
Docker volume mounts failing for custom node directories
Environment variables not injecting into node parameters
Log levels not updating in real-time during debugging
Workflow backups corrupting during export
Template imports failing due to parameter mismatches
Credential permissions not propagating across workflows
Git integration bugs in workflow version control
AI chain executions leaking memory over iterations
Vector store connections dropping in persistent agents
LangChain component incompatibilities with n8n updates
Custom script nodes lacking execution permissions
Resource cleanup failures after aborted executions
Scalability issues under high concurrent loads
Stack traces not visible in debugging tools
Credential encryption breaking on instance restarts
Node parameter validation errors on UI save
Workflow pinning failing for active productions
Sub-workflow calls not inheriting parent variables
Cron trigger offsets miscalculating daylight savings
File conversion nodes corrupting media types
Pagination handling bugs in API list operations
Retry logic not respecting exponential backoff
Session management issues in stateful nodes
UI canvas lagging during complex workflow edits

100 debugging challenges in MySQL development

Perfect — let’s build a comprehensive list of 100 different types of development-related problems in MySQL programming. I’ll group them by categories (schema design, indexing, queries, transactions, replication, performance, security, etc.) so it’s structured and easier to navigate.

Back to Top ↑

javascript

postMessage() usage

How postMessage() appears across browser context.

iframe internals when design applications

A breakdown of everything security-critical about iframe communication in an application design, properly chained from concept → implementation → spec → source code.

Back to Top ↑

AI

400 Plus questions to test any generative AI system

400 Plus (redacted) questions and answers to test any generative AI system.

Back to Top ↑

AI agent orchestration

AI-driven orchestration for cloud monitoring

Let’s design a hybrid workflow that combines classic monitoring (Prometheus + Grafana) with AI-driven orchestration (LangChain + LangGraph). This will give you a system that not only collects metrics but can also reason about anomalies, generate insights, and trigger actions.

Back to Top ↑

AI tools

50 most recent AI tools

Here are 50 very recent AI tools (Jul–Sep 2025) that hit the market, grouped by month and tagged with what they do:

[1]: https://www.producthunt.com/leaderboard/monthly/2025/9 “Best of September 2025	Product Hunt”
[2]: https://www.producthunt.com/leaderboard/monthly/2025/8 “Best of August 2025	Product Hunt”
[3]: https://www.producthunt.com/leaderboard/monthly/2025/7 “Best of July 2025	Product Hunt”

Back to Top ↑

AI-Pipeline

Vulnerabilities in AI Pipelines

AI pipelines involve various stages—data ingestion, preprocessing, model training, evaluation, deployment, and monitoring—and each can introduce unique security risks. Here’s a list of 10 different security risk scenarios, each mapped to specific pipeline stages with deep technical details, including possible attack vectors, root causes, and real-world examples or references to research/implementations:

Back to Top ↑

AI-assisted-chat

AI assisted chat popup implementation (with server)

To set up a popup chatbot at the bottom right of a webpage, similar to the example shown, follow these steps. This will involve HTML, CSS, and JavaScript to create the UI and connect to a backend chatbot. I’ll provide a basic implementation that you can adapt based on your backend.

Back to Top ↑

AI-assisted-chatbot-widget

AI assisted chat

I’ll help you create a popup chatbot widget similar to the one shown in your image. This will include a floating chat button that opens a chat interface in the bottom right corner.I’ve created a complete chatbot popup widget that matches the design in your image. Here’s what’s included:

Back to Top ↑

AI-assisted-vulnerability-discovery

Techniques for Discovering Vulnerabilities using AI Pipeline engine

To discover new vulnerabilities in a given GitHub repository, several techniques can be employed to identify potential security flaws. Below, I outline key techniques for vulnerability discovery and then provide an AI-driven pipeline to implement these techniques.

Back to Top ↑

API

What is swagger.json and it is used in recon for enumerating attacking APIs

Using swagger.json (or its equivalents like swagger.yaml, openapi.json, or /v2/api-docs) is one of the most powerful passive reconnaissance techniques for enumerating and attacking APIs. It reveals the entire API surface, including:

Back to Top ↑

APIHacking

100 ways of API Hacking

Back to Top ↑

AWS

Examples of development of applications using Amazon Bedrocks

Examples of development of applications using Amazon Bedrocks

Back to Top ↑

Agile

50 key characteristics of Agile development

1. Iterative Development

Work is done in small, manageable cycles called iterations or sprints.

Back to Top ↑

Airflow

How to call an LLM via API from Airflow

In Apache Airflow, you don’t “call” an LLM (Large Language Model) directly — instead, you integrate it inside a task (usually via a PythonOperator or custom operator). The DAG defines the workflow, and your task code makes the LLM API call.

Back to Top ↑

Android

How to run Android headless in the cloud

How to run Android headless in the cloud

Back to Top ↑

AntiRootkit

Anti rootkit technologies

How to detect rootkits, or tracing kernel activities

Back to Top ↑

Apache Kafka

AI generated checklist: Apache Kafka

Top 20 applications of Apache Kafka

Back to Top ↑

CI/CD

Github CI/CD how to: deployment to Digitalocean

Got it 🚀 — let’s walk through end-to-end deployment of a GitHub application (say a Node.js app) to DigitalOcean using GitHub Actions + CI/CD. I’ll show you the YAML workflow, DigitalOcean setup, and the exact configuration files you’ll need.

Back to Top ↑

CORS

50 distinct CORS misconfiguration patterns

50 distinct CORS misconfiguration patterns, chaining each one to specific headers, server behaviors, and, where possible, how the relevant source code or framework behavior leads to it.

Back to Top ↑

CSPBypass

Client Side CSP Bypass

Here’s a detailed list of 30 ways client-side Content Security Policy (CSP) bypasses are possible, with explanations and references to potential vulnerabilities:

Back to Top ↑

ChatGPT

Differences between using ChatGPT API vs ChatGPT webpage

Using the OpenAI API (instead of directly interacting with the ChatGPT interface at chat.openai.com) gives you more programmatic control but comes with some notable disadvantages depending on your use case. Here’s a deep breakdown of those:

Back to Top ↑

Chinese Idioms/Proverbs

中国谚语: 涵盖了智慧、人生、道德、时间、友谊、家庭、成功等多个方面。

以下是中国谚语，涵盖了智慧、人生、道德、时间、友谊、家庭、成功等多个方面。

Back to Top ↑

ChromaDB

What is ChromaDB vector database

Here’s a detailed explanation of what ChromaDB is.

Back to Top ↑

Deepseek

DeepSeek: key characteristics that differentiate DeepSeek’s LLM implementations

DeepSeek, a Chinese AI startup, has developed a series of large language models (LLMs) that stand out due to their innovative design and efficient performance. Here’s an in-depth look at the key characteristics that differentiate DeepSeek’s LLM implementations:

Back to Top ↑

Firewall-bypass

How to bypass the Linux kernel firewall?

Imagine you curl a URL and a few microseconds later your web server replies. In between, the NIC DMA-writes the frame into memory, the Linux NAPI poller pulls it in softirq context, and the IP/TCP stack peels back headers to find the exact socket your process owns. From there, the kernel queues bytes to that socket and—if your app is blocked in recvmsg()/read() or waiting in epoll_wait()—wakes your task so the scheduler can hand execution back to process context to copy data into userspace.

Back to Top ↑

Game

Double Ping Pong Game by ClaudeAI

Back to Top ↑

Game Design

How to create a viral game

Following up from previous article:

Back to Top ↑

Gitlab

Top GitLab’s bug bounty program hunters

Based on GitLab’s bug bounty program reports from recent years, here are some of the most notable bug hunters who have made significant contributions:

Back to Top ↑

Gobuster

20 examples of using gobuster for directory traversal and discovery

Below are 20 examples of using gobuster for directory traversal and discovery. These examples cover different scenarios, including custom wordlists, extensions, and output formatting.

Back to Top ↑

HPROF dump file

Creating a Java HPROF Dump

Back to Top ↑

IR

Opensource Security Operation Centers and Incident Response system

Opensource Security Operation Centers and Incident Response system.

Back to Top ↑

JWT

30 common mistakes in JSON Web Tokens (JWT) : authentication or authorization

Here are 30 common mistakes to avoid when using JSON Web Tokens (JWT) for authentication or authorization:

Back to Top ↑

LDAP_injection

LDAP injection payload

LDAP (Lightweight Directory Access Protocol) injection is a technique used to exploit vulnerabilities in applications that construct LDAP queries from user input, similar to SQL or NoSQL injection but targeting LDAP directories like Active Directory or OpenLDAP. Below is a list of 50 example LDAP injection payloads designed to test for vulnerabilities. These payloads manipulate LDAP filters to bypass authentication, extract data, or alter query behavior.

Back to Top ↑

LLM

How to call an LLM via API from Airflow

In Apache Airflow, you don’t “call” an LLM (Large Language Model) directly — instead, you integrate it inside a task (usually via a PythonOperator or custom operator). The DAG defines the workflow, and your task code makes the LLM API call.

Back to Top ↑

LLM design

Comparing different LLM models: what are the key differentiator

There are numerous factors that differentiate large language model (LLM) implementations, leading to variations in performance, efficiency, and accuracy. Below are 50 key differentiators, categorized into architecture, training, data handling, optimization techniques, and deployment strategies.

Back to Top ↑

LangChain

LangGraph vs. LangChain: Building Viral AI Agent Orchestration Workflows Step-by-Step

This code creates a multi-agent workflow using LangGraph and OpenAI’s language model. Let me explain what it does and then provide a working version.

Back to Top ↑

LangGraph

LangGraph vs. LangChain: Building Viral AI Agent Orchestration Workflows Step-by-Step

This code creates a multi-agent workflow using LangGraph and OpenAI’s language model. Let me explain what it does and then provide a working version.

Back to Top ↑

Langchain

List of LangChain applications

What is LangChain?

Back to Top ↑

LoadBalancer

RFCs related to load balancers and their associated protocols

A list of the most important RFCs related to load balancers and their associated protocols.

Back to Top ↑

MCP

Ultimate MCP Security Checklist: Hardening Model Context Protocol Deployments

Here’s a tight, practitioner-grade checklist for securing MCP (Model Context Protocol) deployments—organized by layer. Each section points to the authoritative spec and reference SDKs so you can chase details all the way down to code.

Back to Top ↑

Microsoft Entra

Microsoft Entra: SSO design from the start

Back to Top ↑

Music

Creating music starting with an existing music as a template

Here’s a step-by-step guide to set up a music generator with Hugging Face, starting from a short audio clip as input. I’ll chain the explanation all the way down to models, code, and internals.

Back to Top ↑

MySQL

100 debugging challenges in MySQL development

Perfect — let’s build a comprehensive list of 100 different types of development-related problems in MySQL programming. I’ll group them by categories (schema design, indexing, queries, transactions, replication, performance, security, etc.) so it’s structured and easier to navigate.

Back to Top ↑

Network Anomaly Detection

50 different Wireshark or TCPDump filters for network anomalies detection

Here’s a list of 50 different Wireshark or TCPDump filters that can help detect a variety of network attacks or anomalies. Filters are categorized for convenience.

Back to Top ↑

NoSQL_injection

NoSQL injection payload

NoSQL injection is a technique used to exploit vulnerabilities in NoSQL databases by injecting malicious code into queries, similar to SQL injection but tailored to NoSQL query syntax like MongoDB, Cassandra, or CouchDB. Below is a list of 50 example payloads that could be used to test for NoSQL injection vulnerabilities. Warning: These payloads are for educational and testing purposes only, in controlled environments with explicit permission. Unauthorized use is illegal and unethical.

Back to Top ↑

ORM_injection

ORM injection

Object-Relational Mapping (ORM) injection is a type of attack where attackers manipulate queries generated by ORM frameworks (e.g., Hibernate, SQLAlchemy, Sequelize) to exploit vulnerabilities in applications. Unlike traditional SQL injection, ORM injection targets the query-building logic of ORM frameworks, often by injecting malicious input that alters the query’s structure or bypasses security checks. Below is a list of 50 example ORM injection payloads, designed to test for vulnerabilities in applications using ORMs. These payloads are generalized and may need adaptation based on the specific ORM framework (e.g., Hibernate for Java, SQLAlchemy for Python, Sequelize for Node.js) and the application’s query patterns.

Back to Top ↑

Odoo

Odoo Setup Guides

Odoo Setup Guides

Back to Top ↑

PathTraversal

Path traversal vulnerability and how its different types of manifestation

Path traversal, also known as directory traversal, is a common security vulnerability that can allow attackers to read arbitrary files on a server. Below is a list of general ways path traversal can be exploited to achieve this:

Back to Top ↑

Postman

10 different ways you can use Postman

Postman is a versatile tool for API testing, development, and debugging. Here are 10 different ways you can use Postman:

Back to Top ↑

PrivEscalation

List of linux privilege escalation methods

List of Linux privilege escalation vulnerabilities with available Proof-of-Concepts (POCs) from 2019 to 2024:

Back to Top ↑

PrivilegeEscalation

100 ways to achieve privilege escalation in Linux

Back to Top ↑

PrivsEscalation

Privilege escalation in Linx

Privilege escalation in Linux involves exploiting system vulnerabilities or misconfigurations to gain unauthorized elevated access. Staying informed about the latest techniques is crucial for both attackers and defenders. Below is a curated list of resources and tools that provide comprehensive information and scripts for Linux privilege escalation:

Back to Top ↑

Proxychains

10 different ways of using proxychains

proxychains is a powerful tool for routing application traffic through a chain of proxies. Below are 10 different ways to use it, with examples:

Back to Top ↑

Psychology experiment

Dialogue generation experiment

First a problem is posed by the user: here it is “game addiction” as an example. Next AI is used to generate the full dialogue, attempting to uncover the origin of the problem, identifying other problems, and most important to suggest new solutions for the user.

Teenager (Boy, 14): Hey… I need some help, I guess. I’ve been gaming a lot. Like, too much.

Back to Top ↑

RAG

Building a Retrieval-Augmented Generation (RAG) system

Building a Retrieval-Augmented Generation (RAG) system involves combining a retrieval mechanism with a generative model to produce contextually relevant and accurate responses. Below, I’ll outline the detailed steps to build a RAG system using suitable models from Hugging Face, a popular platform for open-source NLP models and tools. The process assumes you have some familiarity with Python, transformers, and basic machine learning concepts.

Back to Top ↑

ReactHooks

10 different ways of using React Hooks with examples

React Hooks are functions introduced in React 16.8 that allow you to use state and other React features in functional components. Here is an explanation of all the commonly used hooks, categorized into basic hooks, additional hooks, and custom hooks, with examples for each.

Back to Top ↑

Rotating IP

Rotating IP addresses using Squid and Docker

Great — here’s a low-level, reproducible setup for rotating IPs using Docker and Squid proxy. This is particularly useful for scraping, automation, or anonymization.

Back to Top ↑

Rotating IPs

What are the purposes of rotating IP addresses

Rotating IPs refers to the practice of changing the IP address used by a client or server periodically or per request. This technique is used in a variety of domains, and it has security, anonymity, rate-limiting evasion, and load balancing implications. Below is a breakdown of the purpose, use cases, and technical underpinnings of IP rotation:

Back to Top ↑

SNMP

20 command-line examples to enumerate SNMP (Simple Network Management Protocol) information

20 command-line examples to enumerate SNMP (Simple Network Management Protocol) information when provided with an IP address and UDP port 161:

Back to Top ↑

SOC

Opensource Security Operation Centers and Incident Response system

Opensource Security Operation Centers and Incident Response system.

Back to Top ↑

SSO

Microsoft Entra: SSO design from the start

Back to Top ↑

SpringBoot

Spring Boot Essentials: 20 Must-Know Features Every Engineer Should Master

Here’s a list of 20 new or important things you should know in Spring Boot today (2025) — ranging from features in recent releases, advanced patterns, integrations, and under-the-hood mechanisms:

Back to Top ↑

Text-to-speech

Building a Text-to-Speech (TTS) system

Building a Text-to-Speech (TTS) system using models from Hugging Face involves selecting appropriate pre-trained models, setting up the pipeline, and generating audio from text input. Below, I’ll walk you through the detailed steps to create a TTS system using Hugging Face’s transformers library and other suitable tools. The process will leverage a popular TTS model like Tacotron 2 or VITS, paired with a vocoder like HiFi-GAN, both of which are available on Hugging Face.

Back to Top ↑

Time Series Database

A Time Series Database (TSDB) is optimized for handling time-stamped or time-ordered data, which is often used in monitoring, financial applications, IoT, and analytics. Below are some well-known time series databases with their characteristics:

Back to Top ↑

Union-based SQL injection

Why is UNION Query-Based SQLi the Fastest SQL Injection Type?

The UNION-based SQL Injection technique is often considered one of the fastest ways to extract data from a vulnerable database. This is due to several reasons, including direct data retrieval, minimal execution complexity, and leveraging native SQL functions. Below is a detailed explanation.

Back to Top ↑

Vector database

What is ChromaDB vector database

Here’s a detailed explanation of what ChromaDB is.

Back to Top ↑

VisualStudio

Top 100 common compilation and runtime errors encountered in Visual Studio IDE environment

Visual Studio compilation and runtime errors can come from various sources, including syntax mistakes, type mismatches, missing dependencies, or logic flaws in the code. Below is a categorized list of 100 common compilation and runtime errors encountered in Visual Studio, particularly for C++ and C# development.

Back to Top ↑

Vulnerabilites

Assetnote.io Vulnerabilities Writeup

Assetnote.io Vulnerabilities Writeup

Back to Top ↑

WAF-bypass

Bypassing a Web Application Firewall (WAF) for XSS exploits

Bypassing a Web Application Firewall (WAF) for XSS (Cross-Site Scripting) exploits requires a combination of techniques to evade detection mechanisms. Here’s a comprehensive approach to bypass WAFs when testing XSS vulnerabilities, relevant to your scenario with DalFox and Cloudflare WAF.

Back to Top ↑

Wordpress

100 differeny ways to test WordPress vulnerabilities

Testing a WordPress URL or webpage for vulnerabilities involves a structured methodology, leveraging both automated tools and manual techniques. Below are 100 different ways categorized into specific areas for comprehensive security testing:

Back to Top ↑

XSS

Prototype pollution leading to XSS

Crafting 50 distinct ways Cross-Site Scripting (XSS) can arise from prototype pollution, complete with code examples, is a substantial task that requires exploring various scenarios where prototype pollution vulnerabilities could be exploited to inject malicious scripts. Prototype pollution occurs when an attacker manipulates an object’s prototype (e.g., Object.prototype in JavaScript), affecting all objects that inherit from it. If this leads to the injection or manipulation of HTML, scripts, or other executable content in a web application, it can result in XSS.

Back to Top ↑

attacksurface

50 attack surface for a webapp

Here’s a detailed list of the Top 50 Attack Surfaces for a Website along with steps to identify each of them. This list is tailored for deep technical audits and vulnerability assessments, including both frontend and backend exposures.

Back to Top ↑

auditing

50 baseline auditing checklist for AI workflow automation

Here’s a structured list of 50 auditing rules for AI workflow automation, covering governance, compliance, technical integrity, and operational safety. I’ve grouped them into domains for clarity.

Back to Top ↑

ci/cd

Jenkins in Action: 20 Real-World YAML Pipeline Examples You Can Copy Today

Here’s a collection of 20 commonly used Jenkins YAML pipeline (Jenkinsfile with declarative YAML-style syntax) examples. Each shows a different CI/CD use case you’d find in real-world projects.

Back to Top ↑

cloud

10 examples of cloud migration scenario

Here are 10 detailed and realistic scenarios where cloud migration is needed, spanning various industries and use cases. For each, we explain the motivation, technical context, and expected benefits of migration, including security, performance, cost, and scalability factors.

Back to Top ↑

cloud monitoring

AI-driven orchestration for cloud monitoring

Let’s design a hybrid workflow that combines classic monitoring (Prometheus + Grafana) with AI-driven orchestration (LangChain + LangGraph). This will give you a system that not only collects metrics but can also reason about anomalies, generate insights, and trigger actions.

Back to Top ↑

cloud performance monitoring

Top 10 Cloud Monitoring & Vulnerability Detection Tools (With Pros & Cons)

When designing a cloud system, you need two categories of monitoring and defense:

Back to Top ↑

cloud security

Cloud Security Unfiltered: Expert Dialogues on Threats, Hacks, and Defenses

Back to Top ↑

cloud security monitoring

Top 10 Cloud Monitoring & Vulnerability Detection Tools (With Pros & Cons)

When designing a cloud system, you need two categories of monitoring and defense:

Back to Top ↑

cookie stealing

30 different stealing authentication tokens mechanism

Stealing authentication tokens inside HTTP cookies can occur in various scenarios due to improper security configurations, vulnerabilities, or malicious activities. Below is a list of 30 scenarios where this can happen:

Back to Top ↑

crypto

Crypto Currency Setup Notes

Crypto Currency Setup Notes

Back to Top ↑

database

Deep Dive into SQLAlchemy Internals: How Python’s ORM Really Works

Here’s a deep introduction and low-level technology breakdown of SQLAlchemy.

Back to Top ↑

extension

Chrome browser extension for webapp security

How to design a Chrome Extension from the ground up with full security discipline, and link it with specs, source code, and browser internals. 🧠⚙️

Back to Top ↑

forensic

How to hide in memory without being detected by any scanner

Logic behind this: In memory forensic at realtime, the memory has to be scanned and identified by looking for certain byte sequence. The scanning is likely to start from low to high logical address. To bypass this scanner, one way is to set memory read hardware breakpoint on the starting address of memory to be protected, move the content away upon memory read is detected, and after some timeout move back the memory again. This approach provides a mechanism to hide memory content from being detected, with automatic restoration after a timeout. For a production system, additional error handling, security checks, and integration with the OS memory manager are essential.

Back to Top ↑

forensics

Linux C2 attack emulation

Here’s an explanation for each URL in 2-3 lines:

Back to Top ↑

github action

Github CI/CD how to: deployment to Digitalocean

Got it 🚀 — let’s walk through end-to-end deployment of a GitHub application (say a Node.js app) to DigitalOcean using GitHub Actions + CI/CD. I’ll show you the YAML workflow, DigitalOcean setup, and the exact configuration files you’ll need.

Back to Top ↑

github-actions

GitHub Tools and its problems: Actions, Marketplace, and Extensions

GitHub Tools Overview: Actions, Marketplace, and Extensions

Back to Top ↑

graphql

Exploring and investigating the vulnerabilities of a GraphQL implementation

Exploring and investigating the vulnerabilities of a GraphQL implementation requires a combination of manual testing, automated tools, and understanding of both GraphQL’s specification and the underlying application stack (backend language, framework, database). Below are 50 in-depth tasks, organized into categories, that you should consider during your GraphQL security assessment.

Back to Top ↑

jenkins

Jenkins in Action: 20 Real-World YAML Pipeline Examples You Can Copy Today

Here’s a collection of 20 commonly used Jenkins YAML pipeline (Jenkinsfile with declarative YAML-style syntax) examples. Each shows a different CI/CD use case you’d find in real-world projects.

Back to Top ↑

langchain

LangChain Development Problems

Here’s a structured list of 50 different types of development-related problems or bugs you might encounter when working with LangChain, LangGraph, or Pipedream. I grouped them into categories so you can see patterns of issues across the stack.

Back to Top ↑

langgraph

LangChain Development Problems

Here’s a structured list of 50 different types of development-related problems or bugs you might encounter when working with LangChain, LangGraph, or Pipedream. I grouped them into categories so you can see patterns of issues across the stack.

Back to Top ↑

memory

How to hide in memory without being detected by any scanner

Logic behind this: In memory forensic at realtime, the memory has to be scanned and identified by looking for certain byte sequence. The scanning is likely to start from low to high logical address. To bypass this scanner, one way is to set memory read hardware breakpoint on the starting address of memory to be protected, move the content away upon memory read is detected, and after some timeout move back the memory again. This approach provides a mechanism to hide memory content from being detected, with automatic restoration after a timeout. For a production system, additional error handling, security checks, and integration with the OS memory manager are essential.

Back to Top ↑

n8n

Internal architecture of n8n running on Macbook via docker

Got it — let’s break this down all the way from n8n’s architecture → Docker internals → how it maps onto a MacBook Air running macOS.

Back to Top ↑

n8n.io

100 different types of debugging issues in n8n.io

Git push credentials failing after version 1.111.0 update
Executions not displaying when using sub-agents in workflows
AI Agent HTTP Request tool causing workflow execution to hang indefinitely
Errors during workflow import leading to uneditable nodes
Performance degradation in versions 1.105.x and 1.106.0
Inability to create new node projects due to n8n/node breakage
Drastic slowdown in large workflow executions post-1.105.2 update (60s vs. 0.3s)
High failure rate (97%) of workflows in production environments
Significant performance impact during workflow development in 1.105+
Code nodes ceasing to function across all workflows
Complex workflows becoming unresponsive after major upgrades (e.g., 0.198 to 1.84)
Build errors when compiling n8n from source code
Merge node failing to wait for both inputs to arrive properly
Expression syntax breaking after updates ($(…) vs. $node[…])
Executions screen failing to load, especially for successful runs
Nodes reverting or workflow parts deleting after saving
Workflows triggered by other workflows showing as “Queued” indefinitely
Variables (e.g., memory, tools) not accessible inside AI Agent tools
RSS Read node returning 406 errors for specific feeds
Random expression evaluation errors like “a.ok(to)” falsy value
Webhook test URLs returning 404 despite correct setup and timing
GitHub “List” operation failing while other operations succeed
Beginners building workflows that break in production due to API variations
Workflow executions failing due to third-party service errors without proper handling
Workflows canceling mid-execution without errors or visible data loss
Workflows marked as failed despite all nodes completing successfully
Automatic reversion to older workflow versions without user input
Workflows stopping response entirely, even simple webhook-HTTP chains
Workflow activation toggle not reflecting active status correctly
Input data not received correctly when workflows are triggered via AI Agent tools
Issues loading text/title fields from documents in custom note service nodes
Inability to install community nodes after updates
Common syntax or runtime errors in Code nodes
Challenges in testing and debugging custom nodes during development
Custom nodes not displaying properly in the community nodes list
Build failures in n8n-node-dev when including custom classes or files
Outdated documentation for running custom nodes locally
PNPM compatibility issues in node creation and setup
Worker containers failing to load newly installed community nodes
Toggle to disable community nodes not preventing crashes on startup
Bug in custom node text fields showing weird behavior post-update
HTTP Request node unable to access internal webhooks in version 1.24.1
Difficulty selecting specific triggers to run in multi-trigger workflows
New versions forcing use of first() in expressions, breaking legacy logic
Performance bottlenecks when handling large data volumes (e.g., 12,000+ items)
SSH credentials failing to parse encrypted private keys without passphrase
Nodes bugged with missing inputs (e.g., Merge or Agent nodes)
Version mismatches causing node inputs to disappear in UI
AI-generated nodes failing due to incompatible structures
Web scraping automations breaking on dynamic site changes
Third-party API integrations failing due to schema updates
Custom node development stalling on authentication flows
Workflow design errors in complex branching logic
Self-hosting setup issues with Docker configurations
Migration problems from Zapier or Make to n8n
Bug fixing delays in production troubleshooting
Timezone mismatches in schedule triggers
Email node failures when attaching binary data
Database query timeouts in SQL nodes
API rate limiting not handled gracefully in loops
JSON parsing errors from malformed API responses
Binary file handling issues in upload/download nodes
IF node conditions evaluating incorrectly on edge cases
Switch node misrouting items based on dynamic data
Aggregate node losing items during summarization
Split In Batches node skipping items unexpectedly
Error workflows not triggering on node failures
Manual triggers not passing full data payloads
Set node accidentally overwriting nested fields
Deprecated Function node compatibility issues
HTTP node proxy settings ignored in certain environments
OAuth2 token refresh failures mid-workflow
Webhook response delays causing timeouts
Execution timeout configurations being overridden
Queue mode desynchronization between main and workers
Multi-main instance conflicts in credential sharing
Docker volume mounts failing for custom node directories
Environment variables not injecting into node parameters
Log levels not updating in real-time during debugging
Workflow backups corrupting during export
Template imports failing due to parameter mismatches
Credential permissions not propagating across workflows
Git integration bugs in workflow version control
AI chain executions leaking memory over iterations
Vector store connections dropping in persistent agents
LangChain component incompatibilities with n8n updates
Custom script nodes lacking execution permissions
Resource cleanup failures after aborted executions
Scalability issues under high concurrent loads
Stack traces not visible in debugging tools
Credential encryption breaking on instance restarts
Node parameter validation errors on UI save
Workflow pinning failing for active productions
Sub-workflow calls not inheriting parent variables
Cron trigger offsets miscalculating daylight savings
File conversion nodes corrupting media types
Pagination handling bugs in API list operations
Retry logic not respecting exponential backoff
Session management issues in stateful nodes
UI canvas lagging during complex workflow edits

Back to Top ↑

pentest

Comparing DeepSeek and ChatGPT: 30 different ways of using X-FORWARDED-FOR header

This is by DeepSeek:

Back to Top ↑

python

Deep Dive into SQLAlchemy Internals: How Python’s ORM Really Works

Here’s a deep introduction and low-level technology breakdown of SQLAlchemy.

Back to Top ↑

statistical-principles

Top 10 statistical principle that pushed data science to dominant position in AI

Survey Note: Detailed Exploration of Statistical Principles

Back to Top ↑

text2video

Hugging Face for video generation

Hugging Face offers a variety of open-source models and tools for video generation, primarily through its Diffusers library, which supports tasks like text-to-video and image-to-video generation. Below are some of the key options available as of April 2, 2025, based on the latest developments in the ecosystem:

Back to Top ↑

valentine_game

Move your mouse to generate hearts!

Back to Top ↑

vulnerability

implementation details for testing insecure image proxy

Below, I’ll elaborate on the implementation details for testing the three specified vulnerabilities related to an insecure image proxy: Internal URL Testing, SSRF via Proxy, and Malicious URL. Each section provides step-by-step instructions, including tools, payloads, and expected outcomes, to help identify and exploit these Server-Side Request Forgery (SSRF) vulnerabilities. The focus is on practical implementation, assuming a target application with an image proxy endpoint that fetches and processes URLs provided by users.

Back to Top ↑

waf

100 patterns for Web Application Firewall (WAF) bypass

Below is a list of 100 patterns that can be used at the Web Application Firewall (WAF) level to detect potential HTTP traffic attempting to bypass WAF protections. These patterns focus on common evasion techniques, unusual behaviors, and malicious payloads that attackers might use to circumvent standard WAF rules. Note that these patterns should be tailored to your specific WAF solution and environment, and some may require regex or custom logic for implementation.

Back to Top ↑

workflow automation

50 baseline auditing checklist for AI workflow automation

Here’s a structured list of 50 auditing rules for AI workflow automation, covering governance, compliance, technical integrity, and operational safety. I’ve grouped them into domains for clarity.

Back to Top ↑

xxxOps

Taxonomy of xxxOps

Yes — many other “Ops” paradigms exist today, each targeting a different intersection of disciplines — extending from DevOps (Dev + Ops) into security, finance, AI, ML, data, networking, compliance, and even business process management.

Back to Top ↑