ToxSec

Every “no” is just getting you closer to the “yes.” #bugbounty #grind

Been seeing more API bugs pop up on bounty reports lately; feels like the real gold is still in logic flaws.

nobody scans ports to hack an AI agent. one poisoned document in the RAG pipeline and the model does the rest. NVIDIA and MITRE ATLAS mapped 66+ #AISecurity attack techniques. here's where the chain breaks. #PromptInjection #MLSec toxsec.com/p/ai-kill-chai…

Before you pop a box, you pop a scan. Wide → deep → focused recon. That’s the playbook for finding the weird staging site or dusty API everyone forgot. The bounties start here: toxsec.com/p/web-enum #bugbounty #cybersecurity #websecurity

That moment when grep finds the secret in node_modules—and you can’t decide whether to celebrate or cry. #infosec

sometimes i think i’m just a professional 404 collector. #bugbounty

The Pringles Can Antenna (early 2000s) – Wardrivers discovered a perfectly sized Pringles tube could focus Wi-Fi signals for miles. Security researchers still call it the “cantenna.” #HackerHistory

when burp’s history tab looks like a conspiracy wall. #bugbounty

Blue Box Symphony – In the 1970s, phone phreak “Captain Crunch” discovered that a toy whistle from a Cap’n Crunch cereal box emitted the 2600 Hz tone needed to seize long-distance phone trunks. #Hackers

Probe every parameter. Don’t just test id=. Try integer fuzzing, negative numbers, encoded payloads, and nested JSON keys. Even “read-only” params can hide IDOR or injection bugs.

parked curbside. one command. AI agent cloned the WiFi, ran the deauth flood, bypassed client isolation, and got root on the NAS in 20 minutes. no pentester required. #AIHacking #WiFiSecurity full chain: toxsec.com/p/zero-trust-h…

Which takes longer: a Burp active scan or a bounty payout? #BugBounty

Which offers more benefit this quarter—public or private initiatives? #CyberSecurity #BugBounty

that moment when a payload works in repeater but dies in intruder—pure betrayal. #bugbounty

ny bill would prohibit ai #chatbots from giving legal advice. a new york state bill, sb 7263, which passed the internet and technology committee, states that chatbots can’t provide substantive legal responses or advice that would count as practicing law if done by a person.

@LangChain @hwchase17 This is nice. Lang Chain has been super good for building agents. It's definitely my go-to right now.

🚀 New LangChain Academy Course: Building Reliable Agents 🚀 Shipping agents to production is hard. Traditional software is deterministic – when something breaks, you check the logs and fix the code. But agents rely on non-deterministic models. Add multi-step reasoning, tool use, and real user traffic, and building reliable agents becomes far more complex than traditional system design. The goal of this course is to teach you how to take an agent from first run to production-ready system through iterative cycles of improvement. You’ll learn how to do this with LangSmith, our agent engineering platform for observing, evaluating, and deploying agents. Enroll for free ➡️ academy.langchain.com/courses/buildi…

@techyoutbe Yes that definitely is

100 DevOps Terms & Services

@hackinarticles Really nice little cheat sheet

File Upload Cheat Sheet 🔥 Telegram: t.me/hackinarticles #CyberSecurity #InfoSec #PenetrationTesting #EthicalHacking #BugBounty #ThreatIntelligence #RedTeam #BlueTeam #CloudSecurity #DataSecurity #CyberSecurityAwareness #AI

@aastha_mhaske I've been a pretty big fan of Co-Work. It's a really powerful tool in my opinion

Difference Explained Well 📚📘

@iyoushetwt I'm pretty sure most of us are going to agree on the left one but I could be wrong

delete one forever