2777
🛡️ Cybersecurity enthusiast | 💻 Helping secure the digital world | 🌐 Web App Tester | 🕵️♂️ OSINT Specialist Admin: @laazy_hack3r
🚨 CVE-2025-53652: Jenkins Git Parameter Plugin Unvalidated Input Vulnerability
🔥PoC :https://github.com/pl4tyz/CVE-2025-53652-Jenkins-Git-Parameter-Analysis
👇Dorks
HUNTER : http://product.name="Jenkins"
📰Refer:https://jenkins.io/security/advisory/2025-07-09/#SECURITY-3419
https://github.com/advisories/GHSA-qcj2-99cg-mppf
Hello, guys i am planning for a team to attend https://16.standoff365.com/en/#how_to_join
it has a 10 members per team if you guys are intrested and happy to try this CTF let me know.
#Cloud_Security
Black Hat USA 2025:
"Expanding Privileges in the Cloud:
Exploring Security Boundaries in Amazon ECS".
]-> PoC for CVE-Requested vulnerability in Amazon ECS allowing cross-task IAM credential theft
Windows lateral movement quick reference
#ThreatHunting #DFIR
People are happy just because OpenAI released there New and Most intelligent Chat Model GPT-5
But as a cybersecurity experts do u think this is a future or a threat?
I have posted a thread on this please do check this out.
https://x.com/Cipher0ps_tech/status/1953701559545868545
#Research
#MLSecOps
"Security study based on the ChatGPT plugin system: Identifying Security Vulnerabilities", 2024.
// The aim of this paper is to explore the security ofplugins in the CHATGPT plugin store, reveal the main security vulnerabilities thatexist, and suggest improvements
⭐️PACU - The AWS exploitation framework, designed for testing the security of Amazon Web Services environments.
✅https://github.com/RhinoSecurityLabs/pacu
Hey everyone,
I just open-sourced a project I've been working on called PITT.
It's a CLI tool to help developers and security folks test their LLM applications against the OWASP LLM Top 10.
It uses a configurable "Judge LLM" to make the vulnerability detection much more accurate than simple keyword matching.
Would love for you to check it out and hear what you think!
GitHub Link: https://github.com/Addy-shetty/Pitt.git
Bug Bounty Tip: HTTP Parameter Pollution (HPP)
Some apps mishandle duplicate parameters. You can bypass logic or elevate privileges by injecting multiple values:
GET /transfer?amount=100&admin=true&amount=1
⚠️ Always test:
•param=value1¶m=value2
•Encoded (%26,)
#exploit
1⃣ CVE-2025-4660:
Windows Forescout SecureConnector RCE
2⃣ CVE-2025-48384:
Breaking git with a carriage return and cloning RCE
3⃣ CVE-2025-32023:
RCE in Redis >= 2.8
4⃣ CVE-2023-4272:
Cache Coherence Vulnerability in the Mali GPU Driver
5⃣ The Journey of Bypassing Ubuntu’s Unprivileged Namespace Restriction
6⃣ CVE-2025-6759:
LPE in Citrix Virtual Apps and Desktops
]-> Tool to test/mitigation
7⃣ CVE-2024-7401:
Improper Authentication in Netskope Client
8⃣ RCE Vulnerability in ETQ Reliance
// Disclaimer
The recently disclosed XSS vulnerability in GlobalProtect (CVE-2025-0133) has affected hundreds of thousands of organizations worldwide — including thousands of bug bounty programs.
Try your luck by running this PoC /ssl-vpn/getconfig.esp?client-type=1&protocol-version=p1&app-version=3.0.1-10&clientos=Linux&os-version=linux-64&hmac-algo=sha1%2Cmd5&enc-algo=aes-128-cbc%2Caes-256-cbc&authcookie=12cea70227d3aafbf25082fac1b6f51d&portal=us-vpn-gw-N&user=<svg xmlns%3D"http%3A%2F%http://2Fwww.w3.org%2F2000%2Fsvg"><script>prompt("XSS")<%2Fscript><%2Fsvg>&domain=(empty_domain)&computer=computer
⚡CloakQuest3r - Uncover the true IP address of websites safeguarded by Cloudflare & Others
✅https://github.com/spyboy-productions/CloakQuest3r
guys after a long time i created a web app to play a suduko game
check out the repo and let me know
https://github.com/Addy-shetty/Suduko_to_play
HTB- ALL modules
Run:
python -m http.server 8000
Notes from "How to Crush Bug Bounties in the first 12 Months" by @hakluke
Читать полностью…
https://x.com/Cipher0ps_tech/status/1954777074457251865
Читать полностью…
#Research
"Llama-3.1-FoundationAI-SecurityLLM-8B-Instruct (FS8BI)
Technical Report", 2025.
]-> https://huggingface.co/fdtn-ai/Foundation-Sec-8B-Instruct
// FS8BI - open-weight, 8-billion parameter instruction-tuned LLM specialized for cybersecurity applications. It leverages prior training to understand security concepts, terminology, and practices across multiple security domains. FS8BI enables organizations to build AI-driven security tools that can be deployed locally, reducing dependency on cloud-based AI services
⚡Bypass Series for bug hunters😎
Part-2
Crazy WAF Bypass:
cat /etc/hosts - triggers WAF
xxd -p /etc/hosts | xxd -p -r
xargs -d '\n' -I{} echo {} < /etc/hosts
perl -pe '' /etc/hosts
sed '' /etc/hosts
awk '{print}' /etc/hosts
dd if=/etc/hosts 2>/dev/null
#Bugbountytips #infosec
Guys check this out, My obsidian notes is now online let me know how it is and happy to listen to your feedback
https://obsius.site/1o2o0n6w0j0q4u48454m
⚡️SSRFUtility - SSRF Exploitation Tool
🔗 https://ssrf.cvssadvisor.com/
#Analytics
#MLSecOps
#Threat_Research
"AI Threat Landscape Report", 2025.
See also:
]-> 2025 GenAI Code Security Report (.pdf)
]-> LLM and Gen AI Data Security Best Practices
#tools
#MLSecOps
#Offensive_security
Security Solutions for AI Systems
1⃣ Confidential Computing
1.1 Sentient Enclaves Framework
1.2 SyMPC - SMPC companion library for Syft
1.3 Confidential Computing API
2⃣ Encryption and Data Protection
2.1 IronCoreLabs Transform encryption lib for Scala
2.2 Diffprivlib - IBM Differential Privacy Library
2.3 TenSEAL - Library for doing homomorphic encryption operations on tensors
2.4 PyDP - Python Differential Privacy Library
3⃣ Governance
3.1 VerifyWise - Open source AI governance platform
3.2 Cartai - OSS AI supervisor Agent
4⃣ Model Testing
4.1 Plexiglass - tool to detect/protect LLM vulns
4.2 Giskard-AI - Evaluation/testing for LLM systems
4.3 ModelScan - ML Model Security Scanner
4.4 LlamaFirewall, PurpleLlama - Tools to LLM security
4.5 Garak - LLM vulnerability scanner
4.6 Package for LLM jailbreak evaluation
5⃣ Prompt Firewall and Redaction
5.1 Guardrails AI - Adding guardrails to LLMs
5.2 Private AI - Detect, anonymize, and replace PII
5.3 Lakera Guard - ChatGPT Data Leak Protection
5.4 Rebuff - LLM Prompt Injection Detector
5.5 Trylon Gateway - Open Source Firewall for LLMs
5.6 LLM Guard, Vigil - Security scanner for LLM prompts
5.7 MCP-Scan - Security scanner tool for MCP servers
5.8 Vibranium Dome - LLM WAF for Agents
6⃣ AI Quality Controls and Testing
6.1 GenAI Prompt Fuzzer
6.2 FuzzyAI, LLMFuzzer Frameworks
6.3 Test Generation for Prompts
6.4 Promptfoo: LLM Evals & Red Teaming
7⃣ Training Data Protection
7.1 Trusted-AI - Adversarial Robustness Toolbox
7.2 datasig - Dataset fingerprinting for AIBOM
8⃣ AI for Offensive Cyber
8.1 Vulnhuntr - AI-Discovered 0-day Tool
8.2 Confident AI - LLM Red Teaming Framework
8.3 Agentic LLM Vulnerability Scanner / AI RedTeam Kit
8.4 llm-attacks - Attacks on Aligned LLMs
8.5 HackGPT - Tool using ChatGPT for hacking
8.6 AI/ML Exploits, CAI CTF Framework
#Research
#MLSecOps
"From Prompt Injections to Protocol Exploits:
Threats in LLM-Powered AI Agents Workflows", 2025.
// In this Research, we introduce the first unified, end-to-end threat model for LLM-agent ecosystems, spanning host-to-tool and agent-to-agent communications, formalize adversary capabilities and attacker objectives, and catalog over thirty attack techniques. We organized the threat model into four domains: Input Manipulation (prompt injections, long-context hijacks, multimodal adversarial inputs), Model Compromise (prompt- and parameter-level backdoors, composite and encrypted multi-backdoors, poisoning strategies), System and Privacy Attacks (speculative side-channels, membership inference, retrieval poisoning, social-engineering simulations), and Protocol Vulnerabilities (exploits in Model Context Protocol, Agent Communication Protocol, Agent Network Protocol, Agent-to-Agent protocol)
https://www.notion.so/AD-aboud-1dcabf92dc0f805fb5e6fbb1917ff1f7?source=copy_link
Читать полностью…
🚨Multi-target unauthenticated RCE scanner for CVE-2025-34085 affecting WordPress Simple File List plugin. Uploads, renames, and triggers PHP webshells across large target sets.
✅https://github.com/ill-deed/CVE-2025-34085-Multi-target
Penetration Testing with KALI and More All You Need to Know full guide
Duration:- 7 Hour
https://beerus11.medium.com/redis-internals-and-use-cases-the-definitive-guide-4bab3b7faf11
Читать полностью…
This is my suggestion on who ever needs to start in cybersecurity a 6month plan
Читать полностью…
https://github.com/kh4sh3i/Application-Security-Interview-Questions
Читать полностью…