DATA SURGEON A tool for extracting various sensitive data from text files and web pages. For example: - emails - phone numbers - API keys - URLs - MAC addresses - Hashes - Bitcoin wallets and more. #rust #osint

I hacked into a @Bing CMS that allowed me to alter search results and take over millions of Office 365 accounts. How did I do it? Well, it all started with a simple click in Microsoft Azure… 👀 This is the story of #BingBang 🧵⬇️

n0kovo_subdomains Wordlist for subdomain enumeration of 3,000,000 lines, crafted by harvesting SSL certificates from the entire IPv4 space. Shortened versions of the list are also available: 1 000 000, 500 000, 200000 and 50000 lines github.com/n0kovo/n0kovo_… Contributor @[email protected]

FUZZ4BOUNTY Wordlists for BugBounty Hunting: Wordpress Drupal PhpUnit Apache Tomcat Nginx CGI and more. github.com/0xPugazh/fuzz4… Contributor @0xPugazh

Whoop! Here we are again with another episode of Week in #OSINT! H/T: Haris GOΠZO Ginger T Locate International sector035.nl/articles/2023-…

Google Dork - SSRF Prone Parameters inurl:http | inurl:url= | inurl:path= | inurl:dest= | inurl:html= | inurl:data= | inurl:domain= | inurl:page= inurl:& site:example[.]com Find endpoints for SSRF testing #bugbountytips

I asked Midjourney v5 to '/describe' some logos, to see how it would create prompts for them, and to see what it would create in response. Starbucks

ALERTX Very fast #go tool for search subdomains. For example, it fin 111 tesla.com subdomains in 0.003 seconds. github.com/projectdiscove… Creator ProjectDiscovery

My #socmint tools threads: Reddit x.com/cyb_detective/… Twitch x.com/cyb_detective/… Github x.com/cyb_detective/… Facebook x.com/cyb_detective/… Telegram x.com/cyb_detective/… YouTube x.com/cyb_detective/…

This is an absolutely dope mindmap for attacking AD. orange-cyberdefense.github.io/ocd-mindmaps/i… Source: github.com/Orange-Cyberde…

OSCP-Reporting Offensive Security OSCP, OSWE, OSCE, OSEE, OSWP Exam and Lab Reporting / Note-Taking Tool github.com/Syslifters/OSC… #cybersecurity #infosec #pentesting

Don't @ Me: URL Obfuscation Through Schema Abuse | Mandiant mandiant.com/resources/blog…

🤘 SCOOP: QR codes on festival wristbands introduce risks of theft and privacy exposure. Full article at the end of this thread! 🧵

The owner of this account never interned with us. This is probably the 3rd time we saw people doing this.

Our team members have spotted another fake account imposing as our team member. This is the fake account: linkedin.com/in/%E6%8C%AF%E… This one belongs to our team member. linkedin.com/in/zhenpeng-pa…

🔔 New topic alert: Web LLM attacks 🔔 Stay ahead in application security - dive into the world of LLMs to discover their weaknesses and understand how to exploit them. Read our latest learning materials and try your hand at the new interactive labs. portswigger.net/web-security/l…

DNS History A tool to track the history of DNS servers associated with a particular domain. Data since 2002 year for 2.2 billion nameservers. completedns.com/dns-history/

TweetFeed List of IOCs shared today by the #infosec community at Twitter: - domains - URLs - IPs - SHA256/MD5 hashes tweetfeed.live Creator Daniel López

APIs for #OSINT Automate gathering info about: - phone numbers - address/zip codes - leaks - crypto wallets/transactions - emails/nicknames - vulnerabilities (new section, tip by Francisco Dubois) and more. github.com/cipher387/API-…

Please be careful of fake STAR Labs SG employee. Another one spotted again linkedin.com/in/milton-das-…