Do you want to trigger shellcode only when: - Certain DNS resolution happens? - Certain servers are reached out to? - When you get a 112 byte long response? ...etc Meet InternetSetStatusCallback() for fine tuning execution (or if you are just bored): gist.github.com/whokilleddb/59…

🤖 HexStrike AI MCP Agents Automating Cybersecurity with AI ⚡ HexStrike AI MCP Agents is a powerful Model Context Protocol (MCP) server that links AI agents (Claude, GPT, Copilot, and more) with 150+ cybersecurity tools.

5 stages of hacking: - This is impossible. - Why am I even doing this? - Wait... what if I try this? - holy sh*t it worked - I am a genius.

Hello, Are you a nerd who likes malware reverse engineering or detection? Are you a nerd who wants to study Yara rule stuff (including for iPhones)? Cool! Thanks to t-tani we've added 28,805 Yara rules. They're online now. ./Papers/Malware Defense/Yara Rules

Today I got my 4th valid security vulnerability at Meta Bug Bounty 🥳🥳🥳 WhatsApp is my fav target out there. Try to break the apps logic you may find something #BugBounty #bugbountytip #Bugcrowd

Thread: 1/4 Bug Bounty Tip 🧵: Your next critical finding might be hiding in a publicly exposed .git directory. It's a common misconfiguration that leaks the entire code history, including secrets, old endpoints, and unpatched vulns. #bugbountytips #infosec

Permission hierarchies hide more than just IDORs. Keep an eye out for complexion hierarchies and surface IDORs, understanding those levels is how you land the big finds 🤑 🎥: Katie Paxton-Fear youtube.com/watch?v=-MsjH-…

Subdomain Takeover: Beyond Basics (From a Bug Bounty Hunter’s Perspective) sukhveersingh97997.medium.com/subdomain-take… #bugbounty #bugbountytips #bugbountytip

Also recommend watching this Black Hat talk to see how, with long-term storage and ability to communicate with an external server, an adversary can continuously remote control and provide new instructions to an agent. The ZombAIs are coming! m.youtube.com/watch?v=84NVG1…

After reporting a $1.2M bug, I confirmed a pattern: newly deployed contracts often hide more issues. I upgraded BugChain.xyz to hunt them faster—search by address/name, deployed time, and funds to prioritize targets. Try it: bugchain.xyz

DIY or outsourced bug bounty programs: what’s best for your business? intigriti.com/blog/business-… Intigriti #bugbounty

Thank you. Just wrote a quick blogpost and added some detection steps into ELEGANTBOUNCER msuiche.com/posts/detectin…

OSINT-Advanced Searching🔍📝 github.com/The-Osint-Tool…

First YouTube Comment Finder Free online tool, show exact time and author nickname. tubepilot.ai/tools/first-co… *The first comments on posts and videos are often left by the author's close friends. Therefore, finding them can be useful for investigations on all social networks.

''What Comes After Detection Rules? Smarter Detection Strategies in ATT&CK'' #infosec #pentest #redteam #blueteam medium.com/mitre-attack/s…

🛏️ From Naptime to Big Sleep: Using LLMs To Catch Vulnerabilities In Real-World Code Blog: googleprojectzero.blogspot.com/2024/10/from-n… author: Google Project Zero / The Big Sleep Team #infosec

Good one on "Web Cache Poisoning" youtube.com/playlist?list=…

How process hollowing works #ThreatHunting #DFIR

GraphApiAuditEvents: The new Graph API Logs kqlquery.com/posts/graphapi…

How to spot IDOR opportunities without using a second account👇 (🔗 link to this IDOR hub in the comments)