2777
🛡️ Cybersecurity enthusiast | 💻 Helping secure the digital world | 🌐 Web App Tester | 🕵️♂️ OSINT Specialist Admin: @laazy_hack3r
OpenClaw Official Website: https://openclaw.ai/
Official GitHub: https://github.com/openclaw/openclaw
Official Chinese Documentation: https://docs.openclaw.ai/zh-CN
Chinese Version of OpenClaw (unofficial): https://clawd.org.cn/
Chinese Version (unofficial): https://github.com/jiulingyun/openclaw-cn
Awesome Moltbot Skills (Chinese Official Skill Library): https://github.com/clawdbot-ai/awesome-openclaw-skills-zh
One-Click Deployment Tool: https://github.com/miaoxworld/OpenClawInstaller
AI Model Quota Monitoring Plugin: https://github.com/wusimpl/AntigravityQuotaWatcher
CLI Proxy API: https://github.com/router-for-me/CLIProxyAPI
OpenClaw Common Commands: https://www.appinn.com/openclaw-common-commands/
Popular OpenClaw Skills Collection: https://github.com/VoltAgent/awesome-openclaw-skills
OpenClaw China IM Plugin Integration Docker Image, pre-installed and configured with Feishu, DingTalk, QQ Robots, and WeCom, allowing you to quickly deploy an AI robot gateway that supports multiple Chinese IM platforms: https://github.com/justlovemaki/OpenClaw-Docker-CN-IM
OpenClaw Tutorials:
* https://www.runoob.com/ai-agent/openclaw-clawdbot-tutorial.html
* https://zhuanlan.zhihu.com/p/2000850539936765122
* https://zhuanlan.zhihu.com/p/2000594994495524904
Deploying OpenClaw on GreenCloud NAS: https://zhuanlan.zhihu.com/p/2000679714730301347
Deploying OpenClaw on AWS: https://aws.amazon.com/cn/blogs/china/openclaw-deployment-aws-mac/
Deploying OpenClaw on Aliyun: https://help.aliyun.com/zh/simple-application-server/use-cases/quickly-deploy-and-use-openclaw
Deploying OpenClaw on Tencent Cloud: https://cloud.tencent.com/act/pro/lighthouse-moltbot
Deploying OpenClaw on Volcano Cloud: https://www.volcengine.com/activity/clawdbot
Deploying OpenClaw on Baidu Cloud: https://cloud.baidu.com/product/BCC/moltbot.html
🚀Subdomain Takeover: One of the Most Misunderstood Bug Bounty Vulnerabilities🚀
https://brutsecurity.medium.com/f4a64b192d55
#OSINT
#Infographics
"The Intelligence Analyst’s Playbook", Feb. 2026.
// This intelligence analyst resource provides a field-ready framework for structuring OSINT reports with analytical rigor and clarity
#Research
#MLSecOps
"Exposing the Systematic Vulnerability of Open-Weight Models to Prefill Attacks", Feb. 2026.
// largest empirical study to date of prefill attacks, evaluating over 20 existing and novel strategies across multiple model families and state-of-the-art open-weight models. Prefill attacks are consistently effective against all major contemporary openweight models, revealing a critical and previously underexplored vulnerability with significant implications for deployment
#tools
#MLSecOps
"DeepSight: An All-in-One LM Safety Toolkit", Feb. 2026.
]-> https://github.com/AI45Lab/DeepSafe
]-> https://github.com/AI45Lab/DeepScan
// DeepSight is low-cost, reproducible, efficient, and highly scalable large-scale model safety evaluation project consisting of a evaluation toolkit DeepSafe and a diagnosis toolkit DeepScan
#Cloud_Security
#Cyber_Education
"Secure Service Configuration in AWS, Azure, and GCP", Book + Wall-Poster, 2025.
// Based on content from SEC510: Cloud Security Engineering and Controls
🔐 Breaking APIs: Offensive API Pentesting Course
🔥 Break APIs Before Hackers Do!
Includes: Recon, Endpoint Analysis, BOLA, BFLA, Broken Auth, SSRF, Injection, Mass Assignment, Rate Limiting & more.
Why enroll ?
⏱️ 5+ hours of action-packed content
💯 30-day money-back guarantee
🔗 Enroll: https://www.udemy.com/course/breaking-apis-an-offensive-api-pentesting-course/?referralCode=F7408590E13C6D21428B
This book is for for understanding how API's works and developed
Читать полностью…
Top 10 Web Hacking Techniques of 2025 by PortSwigger
https://portswigger.net/research/top-10-web-hacking-techniques-of-2025
I also recommend checking out the full list of nominees
https://portswigger.net/research/top-10-web-hacking-techniques-of-2025-nominations-open
We lost a great friend, a talented information security researcher two days ago. I hope you remember him in your prayers and contribute to spreading his articles so that his memory may endure.
https://lynguist0.medium.com/
https://rafa.hashnode.dev/exploiting-http-parsers-inconsistencies
Читать полностью…
OSCP Challenge Lab 1- Medtech Complete Walkthrough
Читать полностью…
#tools
#MLSecOps
AIsbom - specialized security and compliance scanner for ML artifacts
https://github.com/Lab700xOrg/aisbom
// Unlike generic SBOM tools that only parse requirements.txt, AIsbom performs Deep Binary Introspection on model files (.pt, .pkl, .safetensors, .gguf) to detect malware risks and legal license violations hidden inside the serialized weights
#tools
#OSINT
#Offensive_security
AASRT (AI Agent Security Reconnaissance Tool)
// automates the discovery of publicly exposed AI agent implementations - including ClawdBot, AutoGPT, LangChain agents, Jupyter notebooks, and more - using the Shodan search engine API
#info
#Analytics
SIEM and AI SOC Ratings Framework:
Product Heatmap + Moderated Submissions
]-> SIEM Maturity Framework
]-> SIEM and AI SOC Vendor Gaps
#Tech_book
#Offensive_security
"Linux Basics for Hackers 2nd Edition:
Getting Started with Networking, Scripting, and Security in Kali", 2025.
#AIOps
#Threat_Research
Logic-Layer Prompt Control Injection (LPCI):
A Novel Security Vulnerability Class in Agentic Systems
https://cloudsecurityalliance.org/blog/2026/02/09/logic-layer-prompt-control-injection-lpci-a-novel-security-vulnerability-class-in-agentic-systems
]-> LPCI Security Benchmark Framework
// LPCI attack targets the fundamental logic execution layer of AI agents, exploiting persistent memory stores, retrieval systems, and the agent's internal reasoning engine. In these attacks, covert payloads are injected into the logic layer, triggering unauthorized actions across multiple sessions, making detection and mitigation significantly more complex than simple input/output validation
How to Hack JWT using Burp Suite?
https://payatu.com/blog/jwt-vulnerabilities/
Develop a Python-based web application vulnerability scanner designed to identify SQL injection, cross-site scripting (XSS), directory traversal, server-side request forgery (SSRF), and open redirect vulnerabilities. Integrate extensive payload libraries alongside advanced detection algorithms, enabling users to input a URL and execute a thorough security evaluation with ease.
Читать полностью…
https://scriptjacker.in/blogs/Hyperlink-Injection-Bypass/
Читать полностью…
https://seth0x41.github.io/2023/12/24/jwt-attacks
Читать полностью…
https://blog.voorivex.team/9240-bounty-in-30-days-hunt-challenge
Читать полностью…
There are many such commands on Twitter and the Internet. Please stop these bad commands
I will never use any commands like this or those tools
It's all a lie