Got access to the server room. It was spotless… and hotter than my future after touching production servers. Took the pic and evacuated immediately 😂🔥

@ishareFike

Servers are introverts they like it clean, quiet, and cold.😅

If your server room feels like a sauna, something upstream is crying.
Cooling isn’t a luxury, it’s infrastructure.

⚠️ ማስጠንቀቂያ፡ የብሔራዊ መታወቂያዎን በኢንተርኔት ላይ ከማጋራት ይቆጠቡ!

የብሔራዊ መታወቂያ (National ID) የእርስዎ ዲጂታል ማንነት መገለጫ ነው። ይህንን መረጃ በማህበራዊ ሚዲያ (Facebook, Telegram, WhatsApp) ወይም ባልተረጋገጡ ድረ-ገጾች ላይ ማጋራት ለከፍተኛ አደጋ ያጋልጥዎታል።

📌 መታወቂያን ማጋራት የሚያስከትላቸው ጉዳቶች፦

የማንነት ስርቆት (Identity Theft)፡ ወንጀለኞች የእርስዎን መረጃ በመጠቀም በእርስዎ ስም የባንክ አካውንት ሊከፍቱ፣ ብድር ሊወስዱ ወይም የተለያዩ ግብይቶችን ሊፈጽሙ ይችላሉ።

የፋይናንስ መጭበርበር፦ ከመታወቂያዎ ላይ የሚገኙ መረጃዎችን በመጠቀም የባንክ አካውንትዎን ወይም የዲጂታል ክፍያ መተግበሪያዎችዎን ሰብረው በመግባት ገንዘብዎን ሊሰርቁ ይችላሉ።

Dark Web ገበያ ሽያጭ፦ የግል መረጃዎች በድብቅ የኢንተርኔት ዓለም (Dark Web) ላይ ለሽያጭ ሊቀርቡ ይችላሉ።

ለተለያዩ ወንጀሎች ተባባሪ መሆን፦ የእርስዎ መታወቂያ ለሌላ ህገ-ወጥ ተግባር (ለምሳሌ ለሲም ካርድ ስም ዝውውር) ቢውል፣ ተጠያቂነቱ የእርስዎ ይሆናል።

✅ እራስዎን እንዴት ይጠብቁ
... Part 2

ስለ ሳይበር ደህንነት (Cybersecurity) የበለጠ መረዳት ይፈልጋሉ?

ከእኛ ጋር በመሆን መረጃዎን ይጠብቁ፦

🌐 ድረ-ገጻችን፦ bunabyte.com
📢 ቴሌግራም፦ t.me/bunabytecs
📧 ኢሜይል፦ info@bunabyte.com

Buna Byte — ለተሻለ የዲጂታል ደህንነት!

...#Part02

✅ እራስዎን እንዴት ይጠብቁ?

1. መታወቂያዎን ፎቶ አንስተው አይፖስቱ፦ የቱንም ያህል ደስተኛ ቢሆኑ ወይም ለስራ ቢፈለግ፣ በግልጽ የሶሻል ሚዲያ ገጾች ላይ በፍጹም አይልቀቁ።

2. በቴሌግራም ወይም በሜሴንጀር አይላኩ፦ አስፈላጊ ሆኖ ሲገኝ እንኳን ደህንነቱ በተጠበቀ መንገድ እንጂ በግል የመልዕክት መለዋወጫዎች መላክ አደጋ አለው።

3. የማንነት ማረጋገጫ ሲጠየቁ ይጠንቀቁ፦ ማንኛውም ድርጅት መታወቂያዎን ሲጠይቅ ለምን ዓላማ እንደሚውል እና መረጃው እንዴት እንደሚጠበቅ እርግጠኛ ይሁኑ።


ማስታወሻ፦ የእርስዎ ደህንነት ለእኛ ቅድሚያ የምንሰጠው ጉዳይ ነው። ጥንቃቄ በማድረግ ማንነትዎን ከዲጂታል አጭበርባሪዎች ይጠብቁ።

ስለ ሳይበር ደህንነት (Cybersecurity) የበለጠ መረዳት ይፈልጋሉ?

ከእኛ ጋር በመሆን መረጃዎን ይጠብቁ፦

🌐 ድረ-ገጻችን፦ bunabyte.com
📢 ቴሌግራም፦ t.me/bunabytecs
📧 ኢሜይል፦ info@bunabyte.com

Buna Byte — ለተሻለ የዲጂታል ደህንነት!

I was doing some math on the #TryHackMe monthly subscription today. The official price is $16.99, which currently converts to roughly 2,640+ ETB at market rates.

For many of us in the local tech community, that’s a significant monthly investment. However, I found a more accessible bridge: @tegene is offering 1-month vouchers for 2,000 ETB.

If you’ve been waiting to start a new learning path or get that "AttackBox" access, this might be the right time to save about 25% on your overhead.

Note: This isn't a sponsorship—just a heads-up for my fellow learners looking to optimize their budget.

@bunabytecs
bunabyte.com

#CyberSecurity #TryHackMe

☃️🎄 ለመላው የክርስትና እምነት ተከታዮች በሙሉ እንኳን ለገና በዓል በሰላም አደረሳችሁ!

መልካም በዓል ይሁንልን. bunabyte.com

@bunabytecs

Tools don’t replace understanding, they just amplify it.

@bunabytecs

We built this TryHackMe room while teaching the BBJST Buna Byte Junior Security Tester program batch 03.

It’s hands-on Linux fundamentals - not theory, not slides.

This is how we learn. This is how we teach.

🔗 https://tryhackme.com/jr/bbjstlinux

More structured resources coming soon on bunabyte.com

@bunabytecs

Full walk-through of the room

https://youtu.be/hVjNjWePaRA

$book_name = $_GET['book_name'] ?? '';
$special_chars = array("OR", "or", "AND", "and" , "UNION", "SELECT");
$book_name = str_replace($special_chars, '', $book_name);
$sql = "SELECT * FROM books WHERE book_name = '$book_name'";
echo "<p>Generated SQL Query: $sql</p>";
$result = $conn->query($sql) or die("Error: " . $conn->error . " (Error Code: " . $conn->errno . ")");
if ($result->num_rows > 0) {
    while ($row = $result->fetch_assoc()) {
...
..

What makes this code vulnerable?

bunabyte.com

Why this code is vulnerable

• User input is directly concatenated into the SQL query
• Once input enters the query string, SQL injection is already possible

Why str_replace makes it worse

• SQL is a grammar-based language, not a keyword list
• Removing words like OR, AND, UNION, SELECT does not change SQL logic

str_replace is:

- case-sensitive
- literal
- context-unaware

Attackers can bypass filters using:

- alternative operators
- comments
- encodings
- numeric logic
- functions and comparisons

🙅‍♂️The critical mistake

• User input is still placed inside quotes

WHERE book_name = '$book_name'

• The database still parses input as executable SQL
• Filtering inside a dangerous context does not make it safe

Additional security issues

• Echoing the SQL query leaks:

- table names
- column names
- filtering logic

• Displaying database errors gives attackers free reconnaissance


Here is the best‑practice version of that code

$book_name = $_GET['book_name'] ?? '';

$stmt = $conn->prepare(
    "SELECT * FROM books WHERE book_name = ?"
);

$stmt->bind_param("s", $book_name);
$stmt->execute();

$result = $stmt->get_result();

if ($result->num_rows > 0) {
    while ($row = $result->fetch_assoc()) {
        // process result
    }
}

☕️ $stmt turns user input from code into data.

bunabyte.com
@bunabytecs

እንኳን አደረሳችሁ! መልካም የጥምቀት በዓል!

bunabyte.com

Buna Byte Resources Channel, You can find book files related to ethical hacking and cybersecurity in this channel.

👉 here: @hacker_habesha

Are you ready to join today and tomorrow's cybersecurity foot soldiers?

picoCTF-Africa 2026 is back! Bigger, better and upto 80 students to be awarded!

Join our picoCTF-Africa prep info session
📅 24 January
⏰ 11 am Rwanda time ( convert time to your own country )
⛓️‍💥  bit.ly/picoCTF2026

Registration for the CTF opens on 1 February 2026, so get ready.
Competition runs 9 - 19 March 2026

stay alert. protect your accounts. share this with a friend

https://www.instagram.com/p/DTxI73ZDAS2/?igsh=MWlzYWgwbTZ1c3UyMA==

#Buna_Qurs

The original definition of hacking, emerging in the 1950s-1960s at MIT’s Tech Model Railroad Club, referred to

creative, skillful, and often playful modification of technical systems to improve them or make them function in new, unconventional ways.

@bunabytecs

⚡️ Buna Byte Academy is coming.

We are building a focused learning space for:
• Hands-on cybersecurity labs
• Expert-led training
• Structured paths for real-world skills

The waitlist is now open.

Join early to get launch updates, early access, and exclusive opportunities reserved for first members.

👉 Join the waitlist: academy.bunabyte.com

#Cybersecurity #Learning @bunabytecs