2777
🛡️ Cybersecurity enthusiast | 💻 Helping secure the digital world | 🌐 Web App Tester | 🕵️♂️ OSINT Specialist Admin: @laazy_hack3r
#Infographics
#Offensive_security
Active Directory Pentest Mindmap 2025
https://mayfly277.github.io/posts/AD-mindmap-2k25
]-> Source code
#Whitepaper
"JWT Security:
Complete Enterprise Implementation Guide for Modern Applications", Ver.2.0, Oct. 2025.
// JSON Web Tokens (JWT) have fundamentally transformed authentication and authorization in modern distributed systems, becoming the cornerstone of stateless authentication architectures worldwide. This comprehensive technical guide represents the most thorough examination of JWT security available, combining theoretical foundations with battle-tested production implementations
#info
#Infographics
#Infosec_Standards
The DoD Cybersecurity Policy Chart, 2025.
]-> https://csiac.dtic.mil/resources/the-dod-cybersecurity-policy-chart
// Cybersecurity-Related Policies and Issuances Developed by the DoW Deputy CIO for Cybersecurity.
Last Updated: Nov 4, 2025.
#AIOps
#Whitepaper
"AI Agent Security: Architecture, Attack Surface, and Defense. A Practical 90-Day Roadmap for Securing Agentic AI", 2025.
// This guide provides the architectural controls and operational practices required to secure agentic systems. It covers the MCP hardening framework, defensive controls that reduce agent risk, and a 90-day implementation checklist organized by priority and effort
#MLSecOps
"SCOUT: A Defense Against Data Poisoning Attacks in Fine-Tuned Language Models", Dec. 2025.
// This paper introduces three novel contextually-aware attack scenarios that exploit domain-specific knowledge and semantic plausibility: ViralApp, Fever attack, and Referral attack. These attacks represent realistic threats where malicious actors exploit domain-specific vocabulary while maintaining semantic coherence, demonstrating how adversaries can weaponize contextual appropriateness to evade conventional detection methods. To counter both traditional and these sophisticated attacks, we present SCOUT (Saliency-based Classification Of Untrusted Tokens), a novel defense framework that identifies backdoor triggers through token-level saliency analysis rather than traditional context-based detection methods
🐧 Linux Privilege Escalation – Essential Guide for Ethical Hackers & Defenders
Privilege escalation is one of the most critical skills in penetration testing and red teaming.
📌 What You’ll Learn:
• What privilege escalation really means in Linux
• Common misconfigurations attackers abuse
• SUID / SGID files & permissions abuse
• Cron jobs, PATH hijacking & environment flaws
• Kernel & service-based escalation concepts
• Defensive checks & hardening tips
Explore more at :
https://resources.codelivly.com/product/codelivly-hacker-starter-pack/
⚠️ For educational and authorized testing only.
Practice safely in labs like TryHackMe, Hack The Box, or your own test environment.
🚀 Level Up Your Cybersecurity Skills!
Join Codelivly _ Learn Cybersecurity – a community for beginners and pros to:
» Learn real-world cybersecurity & SOC skills
» Stay updated on latest threats & hacking trends
» Ask questions, share knowledge, and collaborate
🔗 Join here: https://www.facebook.com/groups/830190320008379
🔥 The Pentester’s Linux Library — a full 3-in-1 bundle (Playbook + Advanced + PrivEsc). Get Master Shell Scripting FREE with this — save $10 instantly. Limited copies available for a limited time.
👉 Grab them here:
📘 The Pentester’s Linux Library: https://resources.codelivly.com/product/the-pentesters-linux-library-playbook-advanced-privesc/
I built these to be more than just books — they’re learning companions for hackers, pentesters, and defenders who like to get their hands dirty. 💪
🚀 Master Linux Privilege Escalation Like a Pro! 🔥
Think you know Linux? 😏 Let’s put that to the test.
💀 From SUID to Kernel exploits, Docker escapes to real-world misconfigs — this book takes you from basic enumeration to root domination.
📖 1200+ pages |💡 100% practical | 💻 Real examples | 🧠 Step-by-step explanations
📘 Get your copy of “Linux Privilege Escalation: From User to Root”
👉 Perfect for hackers, pentesters, and CTF players.
⚡ Limited stock available — Offer ends soon!
🎯 Start learning → https://resources.codelivly.com/product/rootcraft-the-ultimate-linux-privilege-escalation-playbook-red-blue-edition/
⚡ Level up your Linux game before your target does.
Advanced Cybersecurity – Day 5
💻 Malware Analysis & Reverse Engineering
Ever wondered how experts uncover the secrets of malicious software? 🕵️♂️
In Day 5, explore how malware works, how to dissect it safely, and how reverse engineering helps strengthen your defenses.
📖 Read now 👉 https://hacklivly.com/blog/104-advanced-cybersecurity-day-5-malware-analysis-reverse-engineering
#CyberSecurity #MalwareAnalysis #ReverseEngineering #Hacklivly #InfoSec #AdvancedCybersecurity #EthicalHacking
#Whitepaper
"OWASP Top 10 for Agentic AI Applications 2026", Dec. 2025.
// OWASP Top 10 for Agentic Applications 2026 is a globally peer-reviewed framework that identifies the most critical security risks facing autonomous and agentic AI systems. Developed through extensive collaboration with more than 100 industry experts, researchers, and practitioners, the list provides practical, actionable guidance to help organizations secure AI agents that plan, act, and make decisions across complex workflows. By distilling a broad ecosystem of OWASP GenAI Security guidance into an accessible, operational format, the Top 10 equips builders, defenders, and decision-makers with a clear starting point for reducing agentic AI risks and supporting safe, trustworthy deployments
#Malware_analysis
1⃣ Ghostframe Phishing Kit
https://blog.barracuda.com/2025/12/04/threat-spotlight-ghostframe-phishing-kit
2⃣ EtherRAT Ethereum implant in React2Shell attacks
https://www.sysdig.com/blog/etherrat-dprk-uses-novel-ethereum-implant-in-react2shell-attacks
3⃣ BYOVD loader behind DeadLock ransomware attack
https://blog.talosintelligence.com/byovd-loader-deadlock-ransomware
4⃣ BRICKSTORM/WARP PANDA Malware
https://www.crowdstrike.com/en-us/blog/warp-panda-cloud-threats
#MLSecOps
#Offensive_security
"Multi-Faceted Attack: Exposing Cross-Model Vulnerabilities in Defense-Equipped Vision-Language Models", Nov. 2025.
// Multi-Faceted Attack (MFA) - framework that systematically uncovers general safety vulnerabilities in leading defense-equipped VLMs, including GPT-4o, Gemini-Pro, and LlaMA 4, etc. Central to MFA is the Attention-Transfer Attack, which conceals harmful instructions inside a meta task with competing objectives. We offer a theoretical perspective grounded in reward-hacking to explain why such an attack can succeed
#Threat_Modelling
"Advanced Threat Modeling: Methodologies and Implementation Strategies for Security Architects",
June 2025.
// This comprehensive guide explores advanced threat modeling methodologies, practical implementation strategies, and integration approaches for security architects and development teams seeking to build security into the fabric of their systems
#Research
#MLSecOps
"Evaluating the Robustness of Large Language Model Safety Guardrails Against Adversarial Attacks", Nov. 2025.
// This study evaluated ten publicly available guardrail models from Meta, Google, IBM, NVIDIA, Alibaba, and Allen AI across 1,445 test prompts spanning 21 attack categories
#DevOps
#Tech_book
"DevOps Security and Automation:
Building, deploying, and scaling modern software systems", 2025.
]-> Example code files
// This book equips readers with the knowledge and practical skills needed to excel in DevOps. From foundational concepts to advanced techniques, it covers the DevOps lifecycle, including version control, CI/CD, IaC, containerization, Kubernetes, observability, security integration, and site reliability engineering. Each chapter includes hands-on exercises using industry-standard tools like Docker, Jenkins, Terraform, and Prometheus
#exploit
1⃣ CVE-2025-64669:
LPE in Windows Admin Center
// A privilege escalation flaw in Windows Admin Center 2.4x allows attackers to execute malicious code with SYSTEM privileges via insecure directory permissions and DLL hijacking
2⃣ Exploiting Anno 1404
// Multiple vulns in Anno 1404: Venice multiplayer mode enable arbitrary code execution through path traversal, DLL hijacking, RPC exposure, and memory corruption, demonstrated on Win10
3⃣ win3zz/google-cloud-shell-container-escape-b69ffb46b5df">Google Cloud Shell Container Escape
// A successful container escape from Google Cloud Shell was achieved via hotplug hijacking, exploiting kernel hotplug events on a KVM-hosted environment, highlighting the risks posed by kernel vulnerabilities and system configurations
4⃣ Windows Exploitation Techniques:
Winning Race Conditions with Path Lookups
// The article details methods to drastically slow Windows object namespace lookups using complex directory structures, symbolic links, and hash collisions, thereby expanding race condition windows for exploitation
#MLSecOps
#Threat_Modelling
"Cisco Integrated AI Security and Safety Framework Report", Dec. 2025.
]-> Cisco AI security and safety taxonomy
// This paper presents Cisco’s Integrated AI Security and Safety Framework, a unified, lifecycleaware taxonomy and operationalization framework that can be used to classify, integrate, and operationalize the full range of AI risks. It integrates AI security and AI safety across modalities, agents, pipelines, and the broader ecosystem
#AIOps
#Research
#MLSecOps
#Sec_code_review
"From Code Foundation Models to Agents and Applications: A Comprehensive Survey and Practical Guide to Code Intelligence", Dec. 2025.
// In this work, we provide a comprehensive synthesis and practical guide (a series of analytic and probing experiments) about code LLMs, systematically examining the complete model life cycle from data curation to post-training through advanced prompting paradigms, code pre-training, supervised fine-tuning, reinforcement learning, and autonomous coding agents. We analyze the code capability of the general LLMs (GPT-4, Claude, LLaMA) and code-specialized LLMs (StarCoder, Code LLaMA, DeepSeek-Coder, and QwenCoder), critically examining the techniques, design decisions, and trade-offs
#Tech_book
#Cyber_Education
"The Embedded Linux Security Handbook:
Fortify your embedded Linux systems from design to deployment", 2025.
]-> Repo
🔥 Cybersecurity Attacks Playbook – Must-Read Guide for Every Aspiring Hacker & Defender 🔥
If you're learning ethical hacking, penetration testing, SOC analysis, or blue-team defense, this Cybersecurity Attacks Playbook is a complete breakdown of how modern attacks actually work — step by step.
📌 What’s Inside the Playbook:
• Real-world attack techniques explained clearly
• Breakdown of Reconnaissance → Exploitation → Privilege Escalation → Persistence
• Web, Network, Cloud & Endpoint attack paths
• Common tools & tactics used by attackers
• How defenders detect, analyze, and stop attacks
• Practical examples you can apply in labs
Explore more indepth at : https://resources.codelivly.com/product/the-complete-cybersecurity-playbook/
📘 Cybersecurity Interview Questions Study Guide
Level up your infosec skills and crush your next interview!
🔐 Inside:
Core Security Concepts & Networking
SOC Analyst & Incident Response Questions
Malware, Threat Analysis & SIEM (Splunk, QRadar, Elastic)
Linux, Windows, Active Directory & Cloud Security
Web App Security & OWASP
Blue Team + Red Team Scenarios
Real-world, scenario-based Q&A
⚡️ Plus: Boost your skills further with The Complete Cybersecurity Playbook: https://resources.codelivly.com/product/the-complete-cybersecurity-playbook/
— everything you need to master cybersecurity from basics to advanced!
💥 Stop “just preparing” and start dominating your interview. Sharpen your fundamentals, think like a pro, and get interview-ready with confidence.
🚀 I just dropped a power-packed new guide: The Bug Bounty Black Book: 1000+ Killer Techniques, Scripts & Payloads They Don’t Want You To See
>> https://resources.codelivly.com/product/the-bug-bounty-black-book/
If you’ve ever wanted to move from “just curious” to hunt-and-print-the-bug-bounty-win, this is for you. I’m laying out the exact hacker-starter-kit: scripts, payloads, workflows — no fluff.
💡 “The bugs they hide are the bounties they’re paying for.”
Ready to dig in and start finding the vulnerabilities they think you’ll never touch? Grab your copy now and let’s get to work. 🐛💥
🔐 FREE Cybersecurity Interview Resource!
Are you preparing for a cybersecurity job interview? 🚀
We’re giving away a FREE PDF: “The Cybersecurity Interview Bible” – packed with real questions, answers, and tips to help you crack interviews with confidence.
📖 Grab your free copy now 👉 https://resources.codelivly.com/product/the-cybersecurity-interview-bible/
✅ Perfect for beginners, students, and professionals looking to boost their cybersecurity career.
✅ Covers technical, scenario-based, and behavioral questions.
💡 Don’t miss out – download today and start your prep!
#tools
#AIOps
#Fuzzing
"Make Agent Defeat Agent: Automatic Detection of Taint-Style Vulnerabilities in LLM-based Agents", Black Hat Europe 2025.
]-> Slides (.pdf)
]-> https://github.com/LFYSec/AgentFuzz
// In this paper, we propose a novel directed greybox fuzzing approach, called AgentFuzz, the first fuzzing framework for detecting taint-style vulnerabilities in LLM-based agents
#AIOps
#CogSec
#MLSecOps
"Cognitive Control Architecture (CCA): A Lifecycle Supervision Framework for Robustly Aligned AI Agents", Dec.2025.
// Method is predicated on a core insight: no matter how subtle an IPI attack, its pursuit of a malicious objective will ultimately manifest as a detectable deviation in the action trajectory, distinct from the expected legitimate plan
See also:
]-> Dynamic Environment to Evaluate Prompt Injection Attacks and Defenses for LLM Agents
]-> https://agentdojo.spylab.ai
InfoSec Write-ups - Medium
Securing AI Agents with Information Flow Control (Part I)
#Whitepaper
#Offensive_security
"API Security Testing (Penetration Testing) Guide", 03.03.2025.
// This comprehensive guide explores the methodologies, techniques, and best practices for conducting thorough API security testing, also known as API penetration testing
#reversing
#Whitepaper
#Cyber_Education
#Hardware_Security
"Embedded Hacking", Nov. 2025.
]-> Repo
// A comprehensive step-by-step embedded hacking tutorial covering Embedded Software Development to Reverse Engineering