تغريدة مثبتة
Flipper Zero eBook
Beginner → advanced made simple
Available at Amazon, Apple and Kobo
amazon.com/Hack-Like-Pro-…
#FlipperZero #Pentesting #Hacking
English
Flipper Zero eBook
445 posts
Flipper Zero eBook
@flipperzerobook
Hack Like A Pro With Flipper Zero. Author Peter Logan. Available at Amazon, Apple and Kobo.
انضم Eylül 2025
4.1K يتبع426 المتابعون
@Cowboycodey Half the fun is learning what it can do. 📡
English
@cattywampus_tot @dexxe @authtevin Cybersecurity starter pack: Flipper Zero, antenna, and curiosity. 📡
English
can this work for the noisy church and club around me? what would be the disadvantage of doing this? nitazima yangu pia ama?
Bulvar Medya@Bulvarpress
Tayland’da su kenarında kafa dinlemek isteyen gençler, yüksek sesle müzik açan mekanın müziğini kapatmak için taşınabilir jammer kullandı
English
@VivekIntel Every wireless signal tells a story if you know how to listen.
English
📡 WireTapper — Wireless OSINT & Signal Intelligence Platform
An interesting OSINT tool that passively discovers and maps wireless devices around you using signal intelligence.
It can identify:
• Wi-Fi networks & leaked credentials
• Bluetooth / BLE devices
• CCTV & IP cameras
• Vehicles broadcasting RF signals
• Smart TVs & IoT devices
• Cell towers & mobile beacons
Integrates with WiGLE, OpenCellID, Shodan, and WPA-sec to provide additional intelligence.
🔗 github.com/h9zdev/WireTap…
#OSINT #CyberSecurity #ThreatIntel #WirelessSecurity #Bluetooth #WiFi #SignalIntelligence #InfoSec #OpenSource #GitHub
English
@0xatharv @GodfatherOrwa Persistence pays off. Sometimes the biggest findings come after hours of digging. 🔍
English
i was doing bug bounty on program and got one subdomain on which IIS Window Server Page and got some shortname
almost 2 days i tested on other things like got open directory and all but nothing now i have this two file to find tried all method but nothing worked @GodfatherOrwa
English
@the_yellow_fall When Cisco says 'actively exploited,' patching moves from optional to urgent.
English
Cisco warns CVE-2026-20262, a Cisco SD-WAN vulnerability enabling arbitrary file write, is exploited in the wild. Patch SD-WAN Manager now.
#Cisco #SDWAN #CVE202620262 #ArbitraryFileWrite #InfoSec
securityonline.info/cisco-sd-wan-v…
English
@The_Cyber_News One click is all it takes when multiple weaknesses align.
English
🚨 Microsoft 365 Copilot Vulnerability Allows Attackers to Steal Data in One Click
Source: cybersecuritynews.com/microsoft-365-…
A critical vulnerability chain in Microsoft 365 Copilot Enterprise that let attackers steal sensitive corporate data, MFA codes, email contents, calendar details, and confidential files with nothing more than a single click on a link pointing to a legitimate Microsoft domain.
Dubbed SearchLeak, is not a single flaw; it is a chained exploit that weaponizes Microsoft 365 Copilot Enterprise Search as a silent data exfiltration engine. Individually, each vulnerability is manageable. Chained together, they create a one-click attack capable of stealing virtually any data.
#cybersecuritynews
English
@0xor0ne @quarkslab Prompt injection is only part of the story—session management and access controls still matter.
English
Chaining insecure LLM output handling, an unprotected JWT cookie, and an IDOR to go from low-priv user to admin takeover (@quarkslab)
blog.quarkslab.com/from-prompt-to…
#infosec
English
@NetworkChuck A VPN is one layer of security—not the entire security stack.
English
@Dinosn Social engineering remains one of the most effective malware delivery methods.
English
Fake Microsoft Alerts Used to Deploy North Korean NarwhalRAT Malware thehackernews.com/2026/06/fake-m…
English
@_JohnHammond Malware analysis is one of the best ways to understand how attackers think.
English
Matthew Nguyen starting the party for ContinuumCon Day 3, walking us through using Malcat (😻), FakeNet, and more for some sweet malware analysis! continuumcon.com
ContinuumCon@_ContinuumCon_
🚨 Workshop Spotlight #8 👉 "How to Analyze Malware" by Matthew Nguyen 📝 Description A practical introduction to malware analysis for beginners, focused on building a foundational workflow rather than diving straight into reverse engineering. You'll cover the key principles of a safe lab setup, basic static analysis, and dynamic analysis using sandbox environments and tools you can run in your own lab (like FlareVM). The session includes a guided walkthrough of a real malware sample pulled from a malware database, with attention to the techniques you'll encounter most often: persistence mechanisms and command-and-control communication. By the end, you'll have a clear framework for analyzing malware, an understanding of the common techniques malicious software uses, and the confidence to begin your own analysis safely. 🎟️ Only at ContinuumCon 2026: June 12-14 Work through it live, or revisit the lab on your own time. Own it forever. The workshop doesn't end when the conference does. Got your ticket yet? 👉 continuumcon.com Hosted by @_JohnHammond, @JustHackingHQ, @AnthonyBendas, and @Level_Effect !
English
@HSC_Consult Security isn't just about stopping attacks—it's about eliminating unauthorized paths of access.
English
The Invisible Entryway: Understanding Backdoors 🚪💥 In cybersecurity, a backdoor isn't just a flaw—it's a deliberate bypass of normal authentication. Whether planted by attackers for persistent access or left behind as a developer oversight, securing these hidden entry points is critical for infrastructure integrity. Don't leave your network exposed—come for your security audit today.
English
@BRuteLogic OAuth misconfigurations continue to be one of the most overlooked attack surfaces.
English
13 Original OAuth Attack Techniques
OAuth is the login layer of the modern web.
Every "Continue with Google." Every "Sign in with GitHub." Every SSO button on every SaaS you've ever tested. All OAuth under the hood.
Most implementations are broken in ways that aren't documented anywhere.
Here's one of 13 original techniques — Grant Type Substitution → MFA Bypass.
MFA bound to the browser flow only. Switch grant type, MFA disappears. CVE-2024-37893.
The password grant being present is itself a finding worth reporting.
MCP is OAuth now and nobody is testing it.
Full breakdown in the replies.
English
@rxerium @DefusedCyber Once active exploitation starts, patching becomes a priority rather than a recommendation.
English
🚨 CVE-2026-53435, a high severity (CVSS 8.8) deserialization vulnerability in Jenkins is now seeing active exploitation as per @DefusedCyber.
Scan your infrastructure: github.com/rxerium/rxeriu…
Patches are available per the vendor advisory: jenkins.io/security/advis…
English
@obscaries Cybersecurity is as much about understanding people as it is understanding technology.
English
Want to understand cyber threats? Read beyond cybersecurity.
Some of the best cybersecurity lessons are hidden in books about espionage, psychology, warfare, and hacker history.
Here are a few worth reading 📚
obscaries ❘ AppSec@obscaries
If you want to get better at cybersecurity, Study: > malware campaigns > cyberwarfare > hacker history > espionage > attacker psychology > underground operations Some of the best cybersecurity lessons are hidden inside books. Here are a few worth reading 🧵
English
@0x0Huda Prompt injection against AI assistants is becoming one of the most interesting attack surfaces in cybersecurity.
English
CVE-2026-42824 (SearchLeak) - Technical Breakdown & Exploitation Mechanics
Exploit Chain:
1. P2P Injection: Weaponized 'microsoft.com' URL injects a hidden prompt into Copilot’s context.
2. Context Abuse: Copilot queries the tenant (SharePoint/Exchange) for sensitive tokens and MFA codes.
3. HTML Injection: Exploits a race condition in the rendering loop to inject an un-sanitized ![]()
tag before guardrails trigger.
4. SSRF Exfiltration: The ![]()
tag forces data exfiltration via the Bing backend to an external listener.
Full Analysis: thehackernews.com/2026/06/one-cl…
English
@SWAROOP9696 HTTP headers often tell a more interesting story than the webpage itself.
English
Don't ignore a 302 redirect. Always inspect the `Location` header and see where it's pointing. Sometimes it leads to exposed internal consoles, admin panels, or internal tools that were never meant to be publicly discoverable. Even identifying internal ip get you bounty.
#hacker
English
@AliceInDisarray That's actually a pretty impressive reverse-engineering accomplishment.
English
@fofabot A CVSS 10.0 on a security platform is about as serious as it gets.
English
⚠️⚠️ GHSA-ff9g-85jq-r3g3 (CVSS 10.0): Wazuh 5.0 beta enrolled agents can smuggle OpenSearch bulk ops to tamper or wipe SIEM indices.
🔗FOFA Link: en.fofa.info/result?qbase64…
🎯25.1K+ Results are found on en.fofa.info in the past year.
FOFA Query: app="Wazuh"
Deep Dive: github.com/wazuh/wazuh/se…
🔖Refer: securityonline.info/wazuh-cvss-10-…
#OSINT #FOFA #CyberSecurity #Vulnerability
English
@luckyhacker43 Email remains one of the most targeted attack surfaces.
English
Critical RCE in Roundcube 🤯🔥
Your inbox could be the attack vector.
CVE-2025-49113 allows Remote Code Execution on vulnerable Roundcube instances, putting countless email servers at risk. 🚨
👨💻 AirCorridor / Hackers-Arise
🔗 hackers-arise.com/critical-remot…
#CyberSecurity #RCE
Sigor, Kenya 🇰🇪 English
@al1enr00t Most people don't realize how much of the internet isn't indexed by search engines.
English
You're 3 clicks away from unlocking 95% of the internet.
1) Download Tor Browser
2) Connect to the network
3) Start exploring what Google can't index
Always disable JavaScript. 🛑
#Tor #Ahmia #HiddenWiki #DeepWeb #Onion
English