Infosec House

I’ve been getting tagged by @redbubble creators regarding takedowns of their artwork. It seems the word/term “infosec” is getting flagged and taken down with my name as the IP owner. This is false. Please speak with @InfosecEdu infosecinstitute.com/trademarks/

@intigriti @Ch0pin Looks like a tool that needs to be added to our repo! Also check out all these other awesome tools for your mobile hacking/securing quests! 👇 infosec.house/mobile/

Getting started in mobile hacking? 😎 Check out Medusa by @Ch0pin! A framework to help you pentest Android & iOS mobile applications! 🔗 github.com/Ch0pin/medusa

I've recently put more work into my ffuf fork, uff, and I think every ffuf user should at least give it a try - and maybe even switch to it. Here's why, in a #bugbounty 🧵

Stop distro hopping! just use Ubuntu.

@SecSignal @theluemmel 👀 We see you

@theluemmel Hey don’t forget to look at Nimhawk: github.com/hdbreaker/Nimh…

Anyone heard or even tested github.com/Adaptix-Framew… Asking for a friend.

@theluemmel Nope but you did just uncover a tool we are missing on our site! Will get to adding this one! Appreciate it! 🤙

@NahamSec What I can say is, you show the things that most courses never teach us but stop pumping self help. Appreciate it Top 0xG! 😂

There are two types of people in my comments section:

@intigriti 👀 Looks like a new tool we can add to the site. Thanks for sharing!

Subzy is a fast tool to help you spot subdomain takeover vulnerabilities! 😎 GitHub 👇 github.com/PentestPad/sub…

@fr0gger_ This is awesome going to add your site to our tool/resources! 🤙

🤓 A friend of mine shared me an article published today about a clever and interesting concept called LargeLanguageC2. Let me break it down simply 👇 It is a steganographic Command & Control channel that hides commands inside natural language text. Here’s how it works: 👾 Encoding: Each byte becomes two parts. One picks a word, the other repeats it. Filler words make it look natural. 🛸 Decoding: The 13th word gives part of the byte. The 14th word’s repetition gives the rest. 👽 Execution: The server decodes, runs the command, and replies using the same trick. The author claim there is currently no detection. No YARA. No security product to catch this pattern. Until now. 🤓 I reviewed the POC and spotted several detection opportunities: ・Unnatural repetition of specific words ・Predictable placement of dictionary words (13th word) ・Repetitive vocabulary (~40 words) ・No punctuation or casing, looks like a stream ・Consistent three-word filler sequences repeated four times per byte Based on that, I built a simple NOVA rule. NOVA is the open-source prompt pattern matching engine I created (like YARA, but for natural language and LLM content). Guess what, It works well to spot these kinds of text-based C2 channels. Depending on how the attacker implements the C2, you might need to adjust your rule, but the detection logic would still work. ➡️ Blog: @tomer2138/large-language-command-control-8552154fa167" target="_blank" rel="nofollow noopener">medium.com/@tomer2138/lar… ✨ Nova: novahunting.ai

@vxunderground Congrats on the 6 years!

We are now 6 years old. In 6 years this account, and website, went from small and obscure to one of the largest information security related Twitter profiles. Twitter and Telegram combined, vx-underground has over 400,000 people who follow our content and discussions. It is very surreal feeling seeing a small personal project, dedicated to saving stuff that I thought was cool, becoming so large and popular. Sometimes I find it hard to believe what I say matters to anyone, because at the end of the day I'm just some stinky nerd who likes spamming cat pictures. As I've said for the past 6 years: nothing will change. We will continue to provide free malware source, samples, and papers. That's all I've got to say right now. Thank you for all the love and support. I look forward to continually serving all of you. - smelly smellington

@TCMSecurity Here are some additional resources below infosec.house/osint/ I’ll have to add whatever I’m missing from your list! Thanks TCM team!

Looking for quality #OSINT resources? We've put together this handy guide based on the tools we recommend in our OSINT course, organized by category to make things easy, like: ✅ Sock puppet resources ✅ Search engine #OSINT tools ✅ Image analysis tools ✅ Website OSINT tools Whether you're just starting out or sharpening your skills, the selected resources should help you out! Want to go even deeper? Check out our Practical OSINT Research Professional (PORP) certification! tcm.rocks/porp-x

Added a few more C2’s/Agent to the website! infosec.house/c2/ Check out these projects! Sliver by @bishopfox Loki by @0xBoku Thanatos by @M_alphaaa

Turns out not only hosting migration was an issue but also not including a Tab in the .yaml file caused a game of “Why is this not deploying!?!?”

Doing some switch-a-roos on hosting. Expect some 404 errors.

@pdiscoveryio 👀 Adding this to our website/repo 🤘

Detect web technologies directly in terminal using httpX 💥 Tech detect uses Wappalyzer signatures to identify frameworks, CMS, JS libs, and more. Check this out 👇 #httpx #techfingerprinting #bugbounty #recon #infosec

Happy Mother’s Day to the original system architect. All love, no bugs! 💕

@binitamshah 👀

KoviD : Red-Team Linux kernel rootkit : github.com/carloslack/Kov…

@Dinosn 👀👀👀

LEAF: Linux Evidence Acquisition Framework meterpreter.org/leaf-linux-evi…

@vxunderground @RachelTobac Honestly jealous of them pearly whites. 😞

@RachelTobac ive got my setup muted so idk what ur saying but ur teeth are white as cocaine wtf rachel stop being so healthy

Let’s break down 2 types of scams happening to folks right now to help keep your loved ones safe. 1st, scammers are capitalizing on fears of a recession to trick folks into: - Making bogus investments to “get rich quick” - Joining "investment coaching" groups w/ expensive fees

@DarkWebInformer That deskmat needs some cleaning 😮‍💨🥪🍟🍗🍿

📰Nine DDoS Platforms Seized in Global Operation; Four Arrested Across Multiple Countries europol.europa.eu/media-press/ne… web.archive.org/web/2024051715… web.archive.org/web/2024071508…

// Comm silence broken Life.exe crashed. Work spawned endless threads. But the lab lights stayed on — brewing new ops. > New tools added soon > New content creation besides only a website > Maybe... physical drops? Encrypt Everything. Hack the planet.