Robert Raducanu @abofh

Alexandre Borges has published over 700 pages of free security, malware and vulnerability research. A complete Malware Analysis Series covering Windows, macOS, iOS, Linux and shellcode. An Exploiting Reversing Series covering Windows kernel exploitation, Hyper-V, Chrome, and a three-part deep dive on CVE-2024-30085. No paywall. No course. Just research. Free as in beer. exploitreversing.com Author: @ale_sp_brazil #ReverseEngineering #MalwareAnalysis #InfoSec

#cybersecuritt

vx-underground @vxunderground

a day ago

Yeah, so pretty much this guy is releasing an exploit in solidarity with Nightmare Eclipse guy. He said he notified GitHub about the exploit 60 minutes before releasing this paper. I don't do web stuff, and I'm not a VSCode nerd, so I'm confused by the underlying technologies.

34 222 2K 102K 486

Instagram still hasn't (correctly) patched their AI goop account reset thingy. Accounts are still being stolen and Instagram hasn't said anything about it. Nerds continue to find ways to convince AI to reset accounts for them. People on social media are freaking out because some of these profiles apparently are big sources of revenue for them. Meanwhile, rumors are floating around that a few weeks ago Instagram laid off a large percentage of their Trust & Safety department and had it replaced with AI. Very cool

The arrival of the Concorde in Saint Maarten in 1989.

🕵️ OpSec Guide — A Practical Roadmap to Digital Privacy & Operational Security A curated collection of tools, resources, and recommendations for improving privacy, anonymity, and personal operational security in the modern digital world. What you'll find: • Privacy-focused browsers, search engines, and extensions • Secure email, messaging, DNS, and VPN recommendations • Password managers and account security resources • Privacy testing and leak detection tools • OSINT, anonymity, and digital footprint reduction resources • Books, websites, and learning materials from leading privacy advocates Whether you're a cybersecurity professional, OSINT practitioner, journalist, researcher, or privacy-conscious individual, this guide provides a solid starting point for strengthening your digital security posture. 🔗 github.com/Scrut1ny/OpSec… #CyberSecurity #OpSec #Privacy #DigitalSecurity #OSINT #InfoSec #OpenSource

keyboard_arrow_left Previous keyboard_arrow_right Next

Pentesting 101: Kubernetes Pentesting Complete Guide for Beginners Guide: cloud.hacktricks.wiki/en/pentesting-… #infosec #cloud

I GOT THE DOMAIN! I FINALLY GOT IT!!!!!!!!!!1 🥳🎉 Paint​.NET is now at paint.net! Well, it will be just as soon as I push all the buttons to migrate content and set up redirects from getpaint​.net etc. For now it's just a "hey go here" redirect page.

📝 Awesome Bug Bounty Writeups — Learn From Real Reports, Not Theory A curated collection of hundreds of real-world bug bounty writeups covering vulnerability discovery, exploitation techniques, bypasses, and attack chains from top security researchers. Categories Covered: • Cross-Site Scripting (XSS) • Server-Side Request Forgery (SSRF) • Insecure Direct Object Reference (IDOR) • SQL Injection (SQLi) • Cross-Site Request Forgery (CSRF) • Authentication & 2FA Bypass • CORS Misconfigurations • Local File Inclusion (LFI) • Subdomain Takeovers • Race Conditions • Remote Code Execution (RCE) • Android Security Testing Why it's valuable: • Learn real attack methodologies • Understand vulnerability chaining • Improve bug bounty hunting skills • Study report writing and impact assessment • Discover bypass techniques used in actual programs Instead of reading generic tutorials, study how researchers found, exploited, and reported vulnerabilities on platforms like Google, Microsoft, PayPal, Facebook, Uber, Yahoo, Tesla, Amazon, and many more. 🔗 github.com/devanshbatham/… #bugbounty #Pentesting #WebSecurity #AppSec #XSS #SSRF #IDOR #SQLInjection #CyberSecurity

HackTricks — The Cybersecurity Knowledge Base Every Security Professional Should Bookmark 📚💀 HackTricks is one of the most comprehensive cybersecurity resources available, packed with practical techniques, methodologies, and real-world knowledge across offensive and defensive security. What you'll find: • Web, Network, Cloud, Active Directory, and Mobile Security • Privilege Escalation techniques for Linux and Windows • Red Teaming, Bug Bounty, and CTF resources • Malware Analysis, Reverse Engineering, and Forensics • Kubernetes, Containers, and Cloud Security guides • Regularly updated research, playbooks, and attack techniques Whether you're preparing for certifications, solving CTFs, hunting bugs, or working in security operations, HackTricks is an invaluable reference library. 🔗 github.com/HackTricks-wik… #CyberSecurity #HackTricks #Pentesting #bugbounty #RedTeam #BlueTeam #CloudSecurity #AppSec

Red and Blue team Windows security research manual github.com/darkoperator/m…

#prntesting #cybersecurity

Vivek | Cybersecurity @VivekIntel

6 days ago

🛡️ A Massive Collection of Pentesting Cheat Sheets, Payloads & Security Guides 📚 This repository brings together some of the most valuable resources for penetration testing and offensive security, including: • Web Application Pentesting • Active Directory Attacks • Cloud &

0 17 89 3K 103

Installs latest macOS on Macs as old as 2007 github.com/dortania/OpenC…

How You Can Impersonate Anyone in Active Directory (with Shikata!) youtube.com/watch?v=Jzlasz…

Why MS insists on turning everything on by default while they claim to have their customers security as a top priority baffles me. This pshell command will toggle these off as well as any future connectors that drop. Yes DLP would protect your orgs data exfil - that isn't the point. Not every Org is there yet - so please stop enabling things like this without Admin consent. M365 Admin portal / Copilot / Connectors learn.microsoft.com/en-us/microsof… @Copilot @NathanMcNulty

keyboard_arrow_left Previous keyboard_arrow_right Next

#cybersecurity #activedirectory

7h3h4ckv157 @7h3h4ckv157

a week ago

AdStrike Terminal-based Active Directory attack framework. It helps operators move through discovery, enumeration, exploitation, credential access, lateral movement, persistence, and reporting while keeping session state in one place. Source: github.com/capture0x/adst…

0 30 126 4K 68

github.com/xandemon/devel…

My whole argument regarding AI boils down to this: >>> AI increases output much faster than it increases certainty <<< Yes, it generates more code, more prototypes, more pull requests and more “solutions”. But every generated line still needs ownership, review, testing, debugging and long-term maintenance by humans. And I think the market currently underestimates how expensive that last part really is.

Mo @atmoio

2 weeks ago

Marc Andreessen accidentally told the truth about AI

176 303 3K 521K 2K

Saw CVE-2026-41096 pop up on X and the description immediately caught my attention: a heap overflow in the Windows DNS client, triggered by a single UDP response. No interaction, no auth. I wanted to understand how it works, so I pulled the DLLs and started digging.

AdStrike — AI Powered Active Directory Attack Framework 💀🔥 A modular red-team framework built for advanced AD operations, Kerberos workflows, ADCS abuse, credential access, lateral movement & attack-path analysis. ⚡ 🔥 58 interactive modules 🛡️ Kerberos-aware workflows 🤖 AI-assisted operator agent 📊 HTML / JSON / Markdown reporting ⚔️ BloodHound, Impacket, Certipy, NetExec integration Built for professional red team operations & authorized security testing. 📌 Credit: @tmrswrr 🔗 github.com/capture0x/adst… #ActiveDirectory #RedTeam #CyberSecurity #Pentesting #ADSecurity #OffensiveSecurity

Quake III Arena was one of the only video games ever released for Linux.

keyboard_arrow_left Previous keyboard_arrow_right Next