2777
🛡️ Cybersecurity enthusiast | 💻 Helping secure the digital world | 🌐 Web App Tester | 🕵️♂️ OSINT Specialist Admin: @laazy_hack3r
#tools
#Fuzzing
"PickleFuzzer: A Case Study in Fuzzing for Discrepancies Between Python Pickle Implementations", May 2026.
]-> https://github.com/Legoclones/PickleFuzzer
// Python's native serialization protocol, pickle, is a powerful but insecure format for transferring untrusted data. It is frequently used, especially for saving machine learning models, despite known security challenges. PickleFuzzer - custom generation-based fuzzer that identifies inconsistencies across pickle implementations
#AppSec
#Threat_Research
New Nightmare Eclipse Vulnerabilities
1⃣ YellowKey Bitlocker Bypass Vulnerability
https://github.com/Nightmare-Eclipse/YellowKey
2⃣ GreenPlasma Windows CTFMON Arbitrary Section Creation EoP Vulnerability
https://github.com/Nightmare-Eclipse/GreenPlasma
#tools
#Blue_Team_Techniques
#Purple_Team_Exercises
AiSOC v.7.2.0
https://github.com/beenuar/AiSOC
// Open-source AI-powered Security Operations Center - alert fusion, purple-team drills, agent-assisted triage, MITRE ATT&CK investigation. MIT-licensed, self-hostable
*$$$$ How I Turned a ‘Low Severity’ Reflected XSS into Full Admin Account Takeover: asharm.khan7/how-i-turned-a-low-severity-reflected-xss-into-full-admin-account-takeover-42ff5ab31230?source=rss------bug_bounty-5" rel="nofollow">https://medium.com/@asharm.khan7/how-i-turned-a-low-severity-reflected-xss-into-full-admin-account-takeover-42ff5ab31230?source=rss------bug_bounty-5
Читать полностью…
🚨 119GB+ Google Drive — All Paid Cybersecurity Courses 🔥
One massive collection packed with premium cybersecurity content for beginners & advanced learners alike. 💻
Inside you’ll find topics covering Ethical Hacking, Red Teaming, Networking, OSINT, Malware Analysis, Wi-Fi Security, Linux, Web Exploitation, Active Directory, Python, and much more. 🧠
Perfect for: ⚡ Self-learning & skill building
📡 Network & security enthusiasts
🛠️ Hands-on lab practice
🎯 Certification preparation
🔍 Red Team & Blue Team knowledge
🐉 Kali Linux & NetHunter users
Knowledge is power — consistency is what builds real skill. 🔐
⚠️ Educational purposes only.
Always use your knowledge ethically and legally.
Download: https://drive.google.com/drive/u/0/mobile/folders/1CgN7DE3pNRNh_4BA_zrrMLqWz6KquwuD
#CyberSecurity #EthicalHacking #Infosec #KaliLinux #RedTeam #BlueTeam #Networking #Linux #BugBounty #OSINT #Hacking #CyberAwareness #Termux #NetHunter #Tech #Programming
CVE-2026-23870, CVE-2026-44575, CVE-2026-44579, CVE-2026-44574, CVE-2026-44578, CVE-2026-44573, CVE-2026-44581, CVE-2026-44580, CVE-2026-44577, CVE-2026-44576, CVE-2026-44582, CVE-2026-44572
https://github.com/dwisiswant0/next-16.2.4-pocs
#Tech_book
#Cyber_Education
"Memory Thinking for C & C++ Windows Diagnostics", 2023.
// This full-color reference book is a part of the Accelerated C/C++ for Linux Diagnostics training course organized by Software Diagnostics Services
#Tech_book
#Kernel_Security
"Windows Internals, Seventh Edition.
Part 2. Developer Reference", 2022.
// This guide is now fully updated for Win10/8.x.
See also:
]-> Windows Internals, Part 1.
#exploit
1⃣ CVE-2026-42511:
A 21-Year-Old FreeBSD RCE Vulnerability
// Any attacker able to operate a malicious DHCP server on the same broadcast domain, or spoof one, can feed hostile lease data to the client..
2⃣ VLC Media Player MKV Exploit Analysis
// This post is part of a series on MCP-based time-travel debugging for security analysis
3⃣ Dirty Frag:
0-day Universal Linux LPE
// Dirty Frag is a case that extends the bug class to which Dirty Pipe and Copy Fail belong
// Disclaimer
🔍 Quick Win: Git Exposure → Secret Hunting 🔥
Step 1: Mass Git Config Hunt
nuclei -l alive_http_services.txt -id git-config
git-dumper https://target.com/ output/
nuclei -u output/ -file
Cloudflare has recently started blocking proxy tools such as Burp Suite by detecting their unique TLS and request fingerprints.
If you encounter this issue, install the "Bypass Bot Detection" extension from the BApp Store. It spoofs Burp’s TLS fingerprint to resemble normal browser traffic and bypass the block.
https://github.com/PortSwigger/bypass-bot-detection
#bugbountytips
Not many know this: nuclei's param fuzzing skips a parameter after the first 10 payloads that return nothing.
So if the initial 10 tries don't trigger anything, that parameter gets ignored and you might miss interesting cases.
How to fix it: use -fuzz-param-frequency. It controls how many "uninteresting" payloads are allowed before nuclei skips a parameter (default is 10).
nuclei -h | grep frequency
...
-fuzz-param-frequency int frequency of uninteresting parameters for fuzzing before skipping (default 10)
katana -u http://testphp.vulnweb.com -aff -iqp -j -o katana.jsonl && \
nuclei -l katana.jsonl -im jsonl -dast -fuzz-param-frequency 10000
#exploit
#AppSec
"Copirate 365 at DEF CON: Plundering in the Depths of Microsoft Copilot", May 2026.
]-> https://embracethered.com/blog/posts/2026/defcon-talk-copirate-365
// The presentation walks through a chain of vulns (CVE-2026-24299) across the M365 Copilot family, incl. data exfiltration via the HTML preview feature, Delayed Tool Invocation as an exploit reliability trick, hijacking long-term memory, and combining all of the above into a persistent backdoor
#Kernel_Security
#Malware_analysis
DragonBreath: Dragon in the Kernel
https://ransom-isac.org/blog/dragonbreath-dragon-in-the-kernel
// A 0-day BYOVD vulnerability in dragoncore_k.sys signed by Zhengzhou 403 Network Technology, with shell company analysis, Dragon Breath APT-Q-27 attribution, and an APT31 / Wuhan Xiaoruizhi personnel nexus
#Offensive_security
Bypassing Windows (11 24H2/Server 2025) authentication reflection mitigations for SYSTEM shells
Part 1 (CVE-2025-33073)
Part 2 (CVE-2026-26128)
// Authentication relay (or reflection) attacks will persist as long as integrity mechanisms are not enforced by default on Windows services
#exploit
#Mobile_security
#Kernel_Security
A 0-click exploit chain for the Pixel 10:
When a Door Closes, a Window Opens..
https://projectzero.google/2026/05/pixel-10-exploit.html
// Researchers developed a new exploit chain for Pixel 10, updating previous vulns found in Pixel 9, including Dolby and VPU driver issues. Dolby exploit was adapted for Pixel 10, but LPE link was replaced due to hardware driver differences, leading to the discovery of a critical VPU vulnerability
#Whitepaper
"Applying CIS Controls to AI Workflows", Apr. 2026.
// This research provides guidance on using the CIS Controls in conjunction with AI-specific frameworks to build a robust information security program
#exploit
#AppSec
1⃣ Checkmarx Jenkins AST plugin compromise
https://checkmarx.com/blog/ongoing-security-updates
2⃣ RCE vulnerabilities in AI agent frameworks
https://www.microsoft.com/en-us/security/blog/2026/05/07/prompts-become-shells-rce-vulnerabilities-ai-agent-frameworks
3⃣ XBOW - Dead.Letter (CVE-2026-45185):
How XBOW found an unauthenticated RCE on Exim https://xbow.com/blog/dead-letter-cve-2026-45185-xbow-found-rce-exim
4⃣ Claude Code RCE:
Exploiting Deeplink Handlers via Settings Injection
https://0day.click/recipe/2026-05-12-cc-rce
2FA Bypass
https://github.com/0xmaximus/Galaxy-Bugbounty-Checklist/tree/main/2FA%20bypass
🗂 20 free MIT courses — the entire Computer Science base in one place
#MIT has made courses in key CS areas publicly available. #Python, #algorithms, #ML, neural networks, #OS, #databases, #mathematics — all can be completed for free directly on #YouTube.
▶️ Introduction to Python Programming
▶️ Data Structures and Algorithms
▶️ Mathematics for Computer Science
▶️ Machine Learning
▶️ Deep Learning
▶️ Artificial Intelligence
▶️ Machine Learning in Healthcare
▶️ Database Management Systems
▶️ Operating Systems
▶️ One-Variable Calculus
▶️ Many-Variable Calculus
▶️ Introduction to Probability Theory
▶️ Statistics
▶️ Probability Theory and Statistics
▶️ Linear Algebra
▶️ Matrix Calculus for Machine Learning
▶️ Java Programming
▶️ Design and Analysis of Algorithms
▶️ Advanced Data Structures
▶️ Introduction to Computational Thinking
#reversing
HyperVenom:
Using Hyper-V for Ring-1 Control from Usermode
https://gsmll.github.io/hypervenom/writeup
// HyperVenom demonstrates how a lightweight, symbiotic payload can bypass Ring 0 visibility without causing timing or performance issues that would be picked up by telemetry
#tools
#RAG_Security
"LeakDojo: Decoding the Leakage Threats of RAG Systems", May 2026.
// LeakDojo - configurable framework for controlled evaluation of RAG leakage
#OSINT
#Tech_book
"HACKS, LEAKS, AND REVELATIONS:
The Art of Analyzing Hacked and Leaked Data", 2024.
// This book is split into five parts. You’ll begin with security and privacy considerations, including how to verify that datasets are authentic and how to safely communicate with sources. You’ll then work with datasets in your computer’s terminal and on remote servers in the cloud and learn how to make various kinds of datasets searchable, including how to scour email dumps for information. You’ll get a crash course in Python programming, with a focus on writing code to automate investigative tasks. These coding skills will allow you to analyze datasets that contain millions of files, which is impossible to do manually
Want to report a scanner finding, but feel like writing it up is too tedious? 😅
Install the ReportLM extension and get Burp AI to do it for you!
Prompt example:
Generate a bug bounty report, outlining the finding summary, impact, provide full HTTP requests and CVSS scoring
🎯 CSP Takeover Hunting
Content-Security-Policy (CSP) whitelists trusted hosts for scripts/resources — but if a whitelisted domain is vulnerable to subdomain takeover (expired DNS, dangling CNAME, abandoned cloud service), an attacker can host malicious assets and bypass CSP.
How to find them:
Use cspgrabber - to extract domains/subdomains from CSP headers across your targets, then feed results to Nuclei’s subdomain-takeovers profile to detect takeovers that could bypass CSP.
One-liner example:
./cspgrabber -f alive_http_services.txt -c 40 -rps 120 -clean -o csp_domains.txt && \
nuclei -l csp_domains.txt -profile subdomain-takeovers -nh -o takeovers.txt
TLS-Based Recon for Attack Surface
Here's a fast and effective recon flow to find and scan hidden assets using TLS certificate metadata and Shodan dorking via Nuclei’s built-in Uncover engine.
Step 1: Find subdomains with subfinder and use tlsx to extract TLS certificate metadata:
subfinder -d tesla.com | tlsx -nc -silent -so | awk '{for(i=2; i<=NF; i++) printf "%s ", $i; print ""}'| tr -d '[],' | sort -ufexport SHODAN_API_KEY=your_key_here && \
nuclei -rl 300 -nc -uc -ue -ul 10000 -uq 'org:"Tesla Motors Inc"' -silent
#Purple_Team_Exercises
Cross-Session Activation
https://ipurple.team/2026/05/04/cross-session-activation
// Cross-Session activation attacks enable threat actors to run code or commands under the context of another user (local) or perform lateral movement (remote). Although the blast radius is limited by the requirement to identify hosts with interactive sessions in which the compromised user has privileges, the technique is considered highly effective, and detection has several constraints..
#tools
#RAG_Security
"CleanBase: Detecting Malicious Documents in RAG Knowledge Databases", May 2026.
// CleanBase - framework for detecting malicious documents in RAG systems’ knowledge database
#Research
#Offensive_security
GPT-5.5 vs Claude Opus 4.7 for Pentesting:
A Practical Workflow-Based Comparison
https://www.penligent.ai/hackinglabs/gpt-5-5-vs-claude-opus-4-7-for-pentesting-a-practical-workflow-based-comparison
// A model that writes convincing exploit code is not automatically useful for pentesting. A model that explains a vulnerability clearly is not automatically able to verify it. A model that scores well on coding or agent benchmarks is not automatically safe to connect to scanners, browsers, shells, credentials, or production-like targets...