2777
🛡️ Cybersecurity enthusiast | 💻 Helping secure the digital world | 🌐 Web App Tester | 🕵️♂️ OSINT Specialist Admin: @laazy_hack3r
#Research
#MLSecOps
"Exposing the Systematic Vulnerability of Open-Weight Models to Prefill Attacks", Feb. 2026.
// largest empirical study to date of prefill attacks, evaluating over 20 existing and novel strategies across multiple model families and state-of-the-art open-weight models. Prefill attacks are consistently effective against all major contemporary openweight models, revealing a critical and previously underexplored vulnerability with significant implications for deployment
#tools
#MLSecOps
"DeepSight: An All-in-One LM Safety Toolkit", Feb. 2026.
]-> https://github.com/AI45Lab/DeepSafe
]-> https://github.com/AI45Lab/DeepScan
// DeepSight is low-cost, reproducible, efficient, and highly scalable large-scale model safety evaluation project consisting of a evaluation toolkit DeepSafe and a diagnosis toolkit DeepScan
#Cloud_Security
#Cyber_Education
"Secure Service Configuration in AWS, Azure, and GCP", Book + Wall-Poster, 2025.
// Based on content from SEC510: Cloud Security Engineering and Controls
🔐 Breaking APIs: Offensive API Pentesting Course
🔥 Break APIs Before Hackers Do!
Includes: Recon, Endpoint Analysis, BOLA, BFLA, Broken Auth, SSRF, Injection, Mass Assignment, Rate Limiting & more.
Why enroll ?
⏱️ 5+ hours of action-packed content
💯 30-day money-back guarantee
🔗 Enroll: https://www.udemy.com/course/breaking-apis-an-offensive-api-pentesting-course/?referralCode=F7408590E13C6D21428B
This book is for for understanding how API's works and developed
Читать полностью…
Top 10 Web Hacking Techniques of 2025 by PortSwigger
https://portswigger.net/research/top-10-web-hacking-techniques-of-2025
I also recommend checking out the full list of nominees
https://portswigger.net/research/top-10-web-hacking-techniques-of-2025-nominations-open
We lost a great friend, a talented information security researcher two days ago. I hope you remember him in your prayers and contribute to spreading his articles so that his memory may endure.
https://lynguist0.medium.com/
https://rafa.hashnode.dev/exploiting-http-parsers-inconsistencies
Читать полностью…
#info
#Analytics
SIEM and AI SOC Ratings Framework:
Product Heatmap + Moderated Submissions
]-> SIEM Maturity Framework
]-> SIEM and AI SOC Vendor Gaps
#Tech_book
#Offensive_security
"Linux Basics for Hackers 2nd Edition:
Getting Started with Networking, Scripting, and Security in Kali", 2025.
#AIOps
#Threat_Research
Logic-Layer Prompt Control Injection (LPCI):
A Novel Security Vulnerability Class in Agentic Systems
https://cloudsecurityalliance.org/blog/2026/02/09/logic-layer-prompt-control-injection-lpci-a-novel-security-vulnerability-class-in-agentic-systems
]-> LPCI Security Benchmark Framework
// LPCI attack targets the fundamental logic execution layer of AI agents, exploiting persistent memory stores, retrieval systems, and the agent's internal reasoning engine. In these attacks, covert payloads are injected into the logic layer, triggering unauthorized actions across multiple sessions, making detection and mitigation significantly more complex than simple input/output validation
How to Hack JWT using Burp Suite?
https://payatu.com/blog/jwt-vulnerabilities/
Develop a Python-based web application vulnerability scanner designed to identify SQL injection, cross-site scripting (XSS), directory traversal, server-side request forgery (SSRF), and open redirect vulnerabilities. Integrate extensive payload libraries alongside advanced detection algorithms, enabling users to input a URL and execute a thorough security evaluation with ease.
Читать полностью…
https://scriptjacker.in/blogs/Hyperlink-Injection-Bypass/
Читать полностью…
https://seth0x41.github.io/2023/12/24/jwt-attacks
Читать полностью…
https://blog.voorivex.team/9240-bounty-in-30-days-hunt-challenge
Читать полностью…
There are many such commands on Twitter and the Internet. Please stop these bad commands
I will never use any commands like this or those tools
It's all a lie
https://terrific-dart-70e.notion.site/Application-A-Example-294f4ca0f424810eaf56eb26f6a4ea4e
#notion #bugbounty #checklist
𝗥𝗲𝘀𝗲𝗮𝗿𝗰𝗵 𝗪𝗼𝗿𝘁𝗵 𝗥𝗲𝗮𝗱𝗶𝗻𝗴 - 𝗪𝗲𝗲𝗸 𝟲, 𝟮𝟬𝟮𝟲
Busy week! AI, AI, AI and the death of Flash!
🤖 𝗦𝗲𝗺𝗴𝗿𝗲𝗽'𝘀 𝗔𝗴𝗲𝗻𝘁 𝗦𝗸𝗶𝗹𝗹𝘀
Semgrep released a set of agent skills worth looking into: github.com/semgrep/skills.
🤿 𝗦𝗵𝗮𝗸𝗶𝗻𝗴 𝘁𝗵𝗲 𝗠𝗖𝗣 𝗧𝗿𝗲𝗲: 𝗔 𝗦𝗲𝗰𝘂𝗿𝗶𝘁𝘆 𝗗𝗲𝗲𝗽 𝗗𝗶𝘃𝗲
You may think "just another MCP bug" but this post is actually worth reading: blog.voorivex.team/shaking-the-mc….
🤖 𝗘𝘃𝗮𝗹𝘂𝗮𝘁𝗶𝗻𝗴 𝗮𝗻𝗱 𝗺𝗶𝘁𝗶𝗴𝗮𝘁𝗶𝗻𝗴 𝘁𝗵𝗲 𝗴𝗿𝗼𝘄𝗶𝗻𝗴 𝗿𝗶𝘀𝗸 𝗼𝗳 𝗟𝗟𝗠-𝗱𝗶𝘀𝗰𝗼𝘃𝗲𝗿𝗲𝗱 𝟬-𝗱𝗮𝘆𝘀
This section resumes it: "Opus 4.6 is notably better at finding high-severity vulnerabilities than previous models": red.anthropic.com/2026/zero-days/.
♦️ 𝗖𝗼 -𝗥𝗲𝗱𝗧𝗲𝗮𝗺: 𝗢𝗿𝗰𝗵𝗲𝘀𝘁𝗿𝗮𝘁𝗲𝗱 𝗦𝗲𝗰𝘂𝗿𝗶𝘁𝘆 𝗗𝗶𝘀𝗰𝗼𝘃𝗲𝗿𝘆 𝗮𝗻𝗱 𝗘𝘅𝗽𝗹𝗼𝗶𝘁𝗮𝘁𝗶𝗼𝗻 𝘄𝗶𝘁𝗵 𝗟𝗟𝗠 𝗔𝗴𝗲𝗻𝘁𝘀
If you are working on a "LLM based hacker", you are going to want to read this: arxiv.org/pdf/2602.02164.
🚨 𝗔𝗻 𝗶𝗻𝘁𝗿𝗼𝗱𝘂𝗰𝘁𝗶𝗼𝗻 𝘁𝗼 𝗮𝘂𝘁𝗼𝗺𝗮𝘁𝗲𝗱 𝗟𝗟𝗠 𝗿𝗲𝗱 𝘁𝗲𝗮𝗺𝗶𝗻𝗴
Promptfoo is a neat tool to add to your red teaming arsenal: blog.nviso.eu/2026/02/05/an-….
🛠️ 𝗦𝗰𝗮𝗹𝗮𝗯𝗹𝗲 𝗿𝗲𝘀𝗲𝗮𝗿𝗰𝗵 𝘁𝗼𝗼𝗹𝗶𝗻𝗴 𝗳𝗼𝗿 𝗮𝗴𝗲𝗻𝘁 𝘀𝘆𝘀𝘁𝗲𝗺𝘀
A great post on how to scale tooling for agent: knifecoat.com/Posts/Scalable….
🦝 𝗗𝗶𝘀𝗰𝗼𝘃𝗲𝗿𝗶𝗻𝗴 𝗡𝗲𝗴𝗮𝘁𝗶𝘃𝗲-𝗗𝗮𝘆𝘀 𝘄𝗶𝘁𝗵 𝗟𝗟𝗠 𝗪𝗼𝗿𝗸𝗳𝗹𝗼𝘄𝘀
That's something I toyed with in 2012 (Monitoring repositories for Fun and Profit - Ruxcon 2012), I used basic rules at the time. Obviously, having LLMs is a game changer for this kind of workload: spaceraccoon.dev/discovering-ne….
⚡️ 𝗪𝗵𝗮𝘁 𝗥𝗲𝗮𝗹𝗹𝘆 𝗞𝗶𝗹𝗹𝗲𝗱 𝗙𝗹𝗮𝘀𝗵 𝗣𝗹𝗮𝘆𝗲𝗿: 𝗔 𝗦𝗶𝘅-𝗬𝗲𝗮𝗿 𝗖𝗮𝗺𝗽𝗮𝗶𝗴𝗻 𝗼𝗳 𝗗𝗲𝗹𝗶𝗯𝗲𝗿𝗮𝘁𝗲 𝗣𝗹𝗮𝘁𝗳𝗼𝗿𝗺 𝗪𝗼𝗿𝗸
The story of the death of Adobe Flash, a must-read for AppSec practitioners. medium.com/@aglaforge/wha….