2777
🛡️ Cybersecurity enthusiast | 💻 Helping secure the digital world | 🌐 Web App Tester | 🕵️♂️ OSINT Specialist Admin: @laazy_hack3r
#exploit
#AppSec
1⃣ Reprompt: The Single-Click Microsoft Copilot Attack that Silently Steals Your Personal Data
// The attack exploits the q URL parameter, double-request techniques, and chain-request methods to inject malicious prompts, perform repeated actions, and establish ongoing data exfiltration chains
2⃣ Lack of isolation in agentic browsers resurfaces old vulnerabilities
// Agentic browsers' lack of proper isolation enables vulnerabilities like XSS and CSRF, leading to data leaks, prompt injections, and session hijacking, necessitating system-level security measures and extended origin policies
3⃣ Clang Hardening Cheat Sheet
// The article reviews a decade of Clang hardening techniques, highlighting new compiler flags and hardware-assisted protections against modern exploits like ROP, JOP, and speculative attacks
#AIOps
#Research
#Threat_Research
"VulnLLM-R: Specialized Reasoning LLM for Vulnerability Detection", Dec. 2025.
]-> Code & Data
]-> Demo
]-> Model
// We propose VulnLLM-R, the~\emph{first specialized reasoning LLM} for vulnerability detection. Our key insight is that LLMs can reason about program states and analyze the potential vulnerabilities, rather than simple pattern matching
#DFIR
#Tech_book
"Cyber Security Kill Chain - Tactics and Strategies: Breaking down the cyberattack process and responding to threats", 1st Edition, 2025.
// The book is a timely response to the increasing complexity of cyber threats. With the rapid growth of technologies such as AI, the Internet of Things, and quantum computing, the battlefield of cyber warfare is evolving faster than ever..
#DevOps
#Tech_book
#Threat_Modelling
"Threat Modeling Best Practices:
Proven frameworks and practical techniques to secure modern systems", Oct. 2025.
// This book takes you through the spectrum of threat modeling processes and practices. From foundational methodologies such as STRIDE to cutting-edge implementations that keep pace with the speed of system development, we begin by establishing a solid understanding of threat modeling principles, methodologies, and best practices that form the foundation of threat identification
#AIOps
#MLSecOps
"OpenRT: An Open-Source Red Teaming Framework for Multimodal LLMs", Jan 2026.
]-> https://github.com/AI45Lab/OpenRT
// Existing red-teaming benchmarks are often fragmented, limited to single-turn text interactions, and lack the scalability required for systematic evaluation. To address this, we introduce OpenRT, a unified, modular, and high-throughput red-teaming framework designed for comprehensive MLLM safety evaluation
#exploit
Complete comprehensive archive of all 1558 exploits added to Packet Storm in 2025.
#MLSecOps
#Whitepaper
"Implementing Secure AI Framework Controls in Google Cloud", Dec. 2025.
// Google’s Secure AI Framework is a framework for securing AI systems throughout their lifecycles. SAIF is designed for practitioners – the security professionals, developers, and data scientists on the front lines – to ensure AI models and applications are secure by design
Acunetix Premium Plus OnPremise with API Discovery v25.8.250820089 Full Activated
https://www.up-4ever.net/oromifz4sng2
🌐 Network Security – Protecting the Backbone of Digital Communication
Network security is the foundation of cybersecurity.
It focuses on protecting data, devices, and services from unauthorized access, attacks, and disruptions.
📌 What You’ll Learn:
• What network security really means
• Common network threats & attack types
• Firewalls, IDS/IPS, VPNs & segmentation
• Secure protocols and traffic monitoring
• Best practices for defending enterprise networks
Grab it here:
https://resources.codelivly.com/product/computer-networking-all-in-one-for-dummies/
🎯 Essential knowledge for cybersecurity students, SOC analysts, network engineers, and ethical hackers.
🐞 The Complete Bug Bounty Hunting Guide
Want to get started with bug bounty hunting or level up your vulnerability hunting skills?
This guide walks you through the entire bug bounty workflow — from finding targets to responsibly reporting vulnerabilities.
📌 What You’ll Learn:
• Bug bounty basics & mindset
• Reconnaissance and asset discovery
• Common web vulnerabilities (OWASP)
• Manual testing vs automation
• Writing high-quality vulnerability reports
• Legal & ethical guidelines
• Tips to increase valid findings and payouts
Explore more at :
https://resources.codelivly.com/product/bug-bounty-beginner-editions/
https://resources.codelivly.com/product/bug-bounty-payloads-bible/
🎯 Perfect for ethical hackers, students, and security researchers aiming to earn while learning.
⚠️ Practice only on authorized programs and platforms.
🔐 *How to Secure Your APIs – A Practical Guide*
APIs are the backbone of modern apps — but without security, they become open doors to attacks. Here's how to lock them down effectively:
---
✅ *1. Use Authentication & Authorization*
- Implement *OAuth2*, *JWT*, or *API keys*
- Enforce *role-based access control (RBAC)*
---
🔐 *2. Validate Inputs Strictly*
- Sanitize user inputs
- Use strong data validation (e.g., Joi, Yup)
- Prevent SQL & NoSQL injection
---
📦 *3. Rate Limiting & Throttling*
- Control request frequency to avoid abuse
- Use tools like *NGINX*, *API Gateway*, or *Cloudflare*
---
📜 *4. Use HTTPS Everywhere*
- Encrypt all data in transit
- Never expose APIs over HTTP
---
🕵️♂️ *5. Monitor & Log*
- Track unusual behavior
- Use centralized logging (e.g., ELK, Datadog)
---
🧱 *6. CORS & Firewall Rules*
- Restrict allowed origins
- Protect using *WAFs* and IP whitelisting
---
Secure APIs = Safe apps + Protected data + Trusted users
Build smart. Build safe.
https://www.instagram.com/reel/DS6S9o_iZ1p/?igsh=bXYwdTRtbm9oc2hl
Читать полностью…
🔰 Quick Linux Tip🐧
You can enable timestamps in your bash command history to see when you ran previous commands. This can be useful for tracing what you were working on and when.
To add timestamps to your history, just set the HISTTIMEFORMAT environment variable like so:$ export HISTTIMEFORMAT="%F %T "
Now when you view your history or grep through it, you'll see a timestamp next to each command indicating when it was run:$ history | tail -n 5
Or to save a couple of keystrokes:$ history 5
The format "%F %T" shows the date and time, but you can customize it to your liking.
Note: This does not put historical timestamps on commands you executed before setting HISTTIMEFORMAT and also this only works in bash.
Quick Linux tip 🐧
If you have trouble reading the directories in the $PATH variable, use the tr command to translate colon (":") characters to newline characters ("n") so they can be displayed in lines:
$ echo $PATH | tr ":" "\n"Читать полностью…
THE OWASP TOP TEN: A RESTAURANT TALE by MoS , 2025
GitBook - BugBounty
#pdf #bugbounty #owasp #Pentesting
#gitbook #prerequisite #bug_bounty
Plz give reaction 2 every post
#AIOps
#exploit
#AppSec
BodySnatcher (CVE-2025-12420):
A Broken Authentication and Agentic Hijacking Vulnerability in ServiceNow
https://appomni.com/ao-labs/bodysnatcher-agentic-ai-security-vulnerability-in-servicenow
// The discovery of BodySnatcher represents the most severe AI-driven security vulnerability uncovered to date and a defining example of agentic AI security vulnerabilities in modern SaaS platforms
#AIOps
#AppSec
#Threat_Research
ZombieAgent: New ChatGPT Vulnerabilities
https://www.radware.com/blog/threat-intelligence/zombieagent
// several new vulnerabilities + method to achieve persostence + new propagation technique
#AppSec
#Threat_Research
1⃣ GnuPG Vulnerabilities
2⃣ zlib v1.3.1.2 Global BOF in TGZfname() of zlib untgz Utility
// The untgz utility that is part of zlib suffers from a straightforward buffer overflow in the filename parameter
3⃣ SmarterMail Pre-Auth RCE
// pre-auth RCE (CVE-2025-52691) in SmarterMail allowed unauthenticated file uploads via /api/upload, enabling RCE through path traversal, highlighting risks of silent patches and the need for proactive security
#MLSecOps
AI Model Confusion:
An LLM/AI Model Supply Chain Attack
https://checkmarx.com/zero-post/hugs-from-strangers-ai-model-confusion-supply-chain-attack
// Checkmarx Zero research reveals the AI Model Confusion attack pattern against registries like Hugging Face, building on Dependency Confusion in OSS library registry
⚙️ Learn Python, Docker, Git, DevOps & more, all in one interactive platform
A new all-in-one learning resource has popped up with fully interactive courses covering Python, Docker, Git, DevOps, and many other tech topics, perfect for beginners and upskillers.
🔸 Step-by-step explanations for every concept, function, and method.
🔸 Interactive lessons with lots of hands-on practice and real examples.
🔸 Covers everything from basic syntax to advanced workflows.
For anyone looking to build strong technical skills from scratch, this is a clean, beginner-friendly place to start.Читать полностью…
#tools
#Offensive_security
1⃣ MSFinger - Microsoft Network Service Fingerprinting Tool
2⃣ PowerShell Script to Reset The KrbTgt Account Password/Keys For Both RWDCs And RODCs
3⃣ ZeroPulse - Modern Command & Control (C2) Platform with Cloudflare Tunnel Integration
#Tech_book
#Cyber_Education
"Attacking Active Directory with Linux - Lab Manual", 2025.
☁️🚀 AWS DevOps Guide – Build, Deploy & Scale with Confidence
Want to master DevOps on AWS?
This guide helps you understand how modern teams build, automate, deploy, and monitor applications using AWS DevOps best practices.
📌 What You’ll Learn:
• Core AWS services for DevOps
• CI/CD pipelines & automation
• Infrastructure as Code (IaC)
• Monitoring, logging & scaling
• Security & DevOps best practices
🎯 Perfect for DevOps engineers, cloud learners, and cybersecurity professionals.
📥 Grab resources here:
👉 https://resources.codelivly.com/
Level up your cloud & DevOps skills the right way ☁️🔧🚀
🐧 Important Linux Commands You Need to Know
Linux is powerful — but with great power comes great responsibility.
Some commands can break systems, wipe data, or create serious security risks if used carelessly, especially in production environments.
📘 Read this essential article:
👉 Dangerous Linux Commands You Should Never Use in Production
🔗 https://hacklivly.com/blog/13-dangerous-linux-commands-you-should-never-use-in-production
If you’re serious about mastering Linux for cybersecurity, ethical hacking, or system administration, go deeper with structured learning 👇
📚 Linux Playbook for Hackers (eBooks):
🎄CHRISTMAS SALE IS LIVE - upto 90% off
☁️ AWS Interview Questions for Top Multinational Companies
Preparing for interviews at Amazon, Google, Microsoft, Accenture, Deloitte, Infosys, TCS, Wipro, or other MNCs?
This guide is designed to help you crack AWS cloud interviews with confidence.
📌 What This Covers:
• Core AWS services (EC2, S3, IAM, VPC, RDS, Lambda)
• Security & IAM interview questions
• Networking & VPC scenarios
• High availability & scalability concepts
• Cost optimization & best practices
• Real-world, scenario-based questions asked by MNCs
Explore more at:
https://resources.codelivly.com/product/the-complete-cybersecurity-playbook/
🎯 Ideal for cloud engineers, DevOps learners, and cybersecurity professionals moving into cloud security.
Quick Port Scan Without Nmap❗️❓
nc -zv abc.com 1-1000
Useful when Nmap is blocked.
Lightweight ≠ useless.✌🏻
http://GitBook_s.t.me
#nc #curl #bugbounty #Network
#pentest #tips
Plz give reaction 2 every post
Happy new year everyone.... Hope you guys have a great prosperous year.. May all your dreams comes true
Читать полностью…
Quick Linux Tip 🐧
When you run a program on your terminal or over SSH, it will be terminated as soon as your terminal session ends (when you exit from terminal) or your connection drops.
nohup command, short for "no hangup." It ignores all hangup signals, allowing the process to persist even if the terminal session is interrupted.$ nohup tar -cf archive.tar file1 file2
$ cat nohup.outЧитать полностью…
Linux tip of the day🐧
In Linux, the pipe(|) operator is very useful if you want to redirect the output of one command to serve as input to the next for further processing:
$ cat data.txt | grep "No such file"
$ cat data.txt |& grep "No such file"
$ cmd-1 2>&1 | cmd-2Читать полностью…
⚡️ExecSentry — Arbitrary Binary Execution Vulnerability Scanner.
🔆https://github.com/errorfiathck/execsentry