AKMD

How to Hack AI Agents & Application by @NahamSec, inspired by @rez0__ (Follow Them for more) 📍 🧵 👇🏻

Bash scripting crash course

Bug bounty is not just about finding bugs You need to understand what’s not meant to be seen. Here’s a usefull JS ENUMERATION to break into buried endpoints, logic, and secrets. 👇 A thread for the bug-bounty hunters #BugBounty #JavaScript #Recon #BurpSuite #websecurity

After today’s talk at #TROOPERS25 I’m releasing BitlockMove, a PoC to execute code on remote systems in the context of a loggedon user session 🔥 github.com/rtecCyberSec/B… No need to steal credentials, no impersonation, no injection needed 👌

A bit late, but I just published my blog post on bypassing Ubuntu’s sandbox! Hope you enjoy it! u1f383.github.io/linux/2025/06/…

Run a Linux virtual machine in your browser,no server needed

They call it troubleshooting. We call it divine intervention.

🔧 What is CrackMapExec (CME)? CrackMapExec is a powerful post-exploitation tool built to automate Active Directory (AD) assessments. It allows red teamers and pentesters to perform user enumeration, credential validation, command execution, hash dumping, and lateral movement

Just launched Code Auditor CTF — auditor.codes A web platform to practice finding real-world C/C++ vulnerabilities • 8000+ challenges • Progress tracking + leaderboard • Beginner-friendly • Fully open source (beta): github.com/20urc3/auditor…

Multiple Critical, High and Medium Severity Vulnerabilities have been discovered in #Jenkins. Users are advised to follow OEM Security Advisories to remain safe! jenkins.io/security/advis…

This @bishopfox tool is next level! 🚀 Eyeballer uses AI to analyze screenshots and sorts them into categories based on appearance, including: 👀 Old-looking pages, 👀 Login pages, 👀 404 responses 👀 Web apps 👀 Parked domains Get your eyeballs around this👇

An Introduction to using Artificial Intelligence (AI) for Vulnerability Research x.com/i/broadcasts/1…

Penetration Testing For - Web | Mobile | API | Thick Client | Source Code Review | DevSecOps | Wireless | Network Pentesting, etc... Credit URL: github.com/m14r41/Pentest…

My little sister just surprised me with this amazing homemade sticker of the @CarHackVillage ☠️ #HomemadeArt

🧙‍♀️ CISO Story Time This is not exaggeration. I have a good friend. He's a CISO of a multinational organization in the technology sector. We talk often. Market trends, sales, and business regulations had the business decide to open an facility in China. a 🧵 👇

Top 4 Forms of Authentication Mechanisms 1. SSH Keys: Cryptographic keys are used to access remote systems and servers securely 2. OAuth Tokens: Tokens that provide limited access to user data on third-party applications 3. SSL Certificates: Digital certificates ensure secure and encrypted communication between servers and clients 4. Credentials: User authentication information is used to verify and grant access to various systems and services Over to you: How do you manage those security keys? Is it a good idea to put them in a GitHub repository? — Subscribe to our weekly newsletter to get a Free System Design PDF (158 pages): bit.ly/3KCnWXq

Recording of my and @SravanAkkaram's @BlackHatEvents #BHASIA talk "Abusing Azure Active Directory" is out now! Slide deck and link to YouTube at aadinternals.com/talks

@RobertMi81 @itsfoss That's my list ! 🫰🏼

@itsfoss vim screen grep awk sed zless zgrep dd ps ip

Comment Below! 🐧 #linux

Rooting Wi-Fi routers! Julien and Marin investigated Xiaomi routers and identified a few vulnerabilities along the way, leading to RCE on several models. Read more about their approach on our blog : blog.thalium.re/posts/rooting-…

🌟 Today, we're delving deep into OAuth 2.0! Expanding on our previous OAuth flyer, let's dissect the core of OAuth - the four pivotal authorization flows and their intricacies. 💡 Ever pondered over the gears that drive secure app access? The choice of OAuth flow is crucial! 1️⃣ Authorization Code Flow: Pros - Highly secure, allows for token refresh, and doesn't expose tokens. Cons - Slightly complex, requires a backend server. 2️⃣ Implicit Flow: Pros - Simple for client-side apps, no token exchange, and faster. Cons - Not suitable for sensitive data, no token refresh. 3️⃣ Password Flow: Pros - Simplicity, suitable for trusted apps, no need for redirects. Cons - Highly sensitive, not recommended due to security risks. 4️⃣ Client Credentials Flow: Pros - Simplicity, suitable for machine-to-machine communication. Cons - No user involvement, not for accessing user-specific data. Each has its strengths and trade-offs, balancing security and user experience. Stay tuned for our upcoming flyer, where we'll decode these OAuth flows, giving you a technical perspective and helping you choose the right flow for your app's security needs! 🛡️💻 #OAuthFlows #AppSecurity #TechInnovation