Ahmed Jumani
201 posts
Ahmed Jumani
@PromptHex
Bug Hunter 🔍 | CTF & AI Explorer 🤖 | Breaking security before it breaks you 🚨
Katılım Şubat 2025
843 Takip Edilen36 Takipçiler
Ahmed Jumani retweetledi
🔐 Security Takeaways
✔️ Enable disk encryption (BitLocker/FileVault)
✔️ Use strong OS login credentials
✔️ Enable Firefox Master Password
✔️ Keep browser updated
✔️ Monitor for infostealers
The fight isn’t just encryption anymore —
It’s endpoint control.
English
🧵 Chrome & Firefox Password Decryption – 2026 Breakdown
Let’s talk about how browser credential protection evolved over time 👇
English
7️⃣ Cookies Reality
Cookies stored in cookies.sqlite.
Even if encrypted at rest, active session tokens remain high-value targets.
This is why endpoint security > crypto alone.
English
6️⃣ Firefox Password Model
Firefox uses NSS (Network Security Services):
• Credentials → logins.json
• Keys → key4.db
• Optional Master Password adds strong protection
Without master password, OS-level access = risk.
English
5️⃣ Why This Matters
Attackers shifted from:
❌ Simple DPAPI extraction
➡️ To
⚠️ Token hijacking
⚠️ Session replay
⚠️ Infostealer malware
⚠️ Social engineering
Crypto improved. Endpoint attacks evolved.
English
4️⃣ Modern Chrome Hardening (2025+)
Newer builds added:
• Windows CNG integration
• Stronger key isolation
• Context validation
• Hardware-backed protection (where supported)
This significantly raised the bar for commodity malware.
English
3️⃣ Chrome v20+ – App-Bound Encryption (APPB)
Google moved toward app-bound encryption to prevent offline decryption & info-stealer abuse.
Security goals:
• Bind secrets to application context
• Restrict cross-process abuse
• Strengthen OS integration
English
2️⃣ Chrome v80+ (v10–v11 DB format)
Google introduced AES-GCM encryption.
Flow:
• Master key protected by DPAPI
• Passwords encrypted with AES-GCM
• Master key stored in “Local State”
More layered than old DPAPI-only design.
English
1️⃣ Chrome (Pre v80)
Old model = Windows DPAPI
Passwords were tied directly to the logged-in Windows user context using CryptUnprotectData().
If attacker had user-level access → credentials were recoverable.
English
@claudeai > Claude writes vulnerable code
> Anthropic makes money
> Claude reviews vulnerable code > Anthropic makes money > Claude fixes vulnerable code > Anthropic makes money Just unlocked the infinite money glitch !
English
Introducing Claude Code Security, now in limited research preview.
It scans codebases for vulnerabilities and suggests targeted software patches for human review, allowing teams to find and fix issues that traditional tools often miss.
Learn more: anthropic.com/news/claude-co…
English
I’m giving out ten $100 Replit credits gift cards.
Drop your email address below and I’ll have Agent pick at random in the next 2 hours.
If you want to gift others: replit.com/products/giftc…
English
React2Shell (CVE-2025-55182) recon:🔥
subfinder -dL domains.txt -o subs.txt
httpx -l subs.txt | grep -i "rsc"
katana -l tech.txt -jc | grep "_rsc"
nuclei -l clean.txt -t CVE-2025-55182.yaml
FOFA: vul.cve="CVE-2025-55182"
Shodan: http.component:"Next.js"
400+ targets. 👇
English
2025 WAF bypass in one line:
Stack 4 tampers + chunked Base64 + HPP → still owns Cloudflare/Akamai daily 🔥
Your move? 👇 #RedTeam #WAFBypass
English
Kicking off 2025 with some great learning!
Attended:
📌 ISEA’s National Workshop on Social Media Analytics
📌 Google Cloud’s AI Labs ’25
Grateful for the insights & connections.
Ready for what’s next! 🚀
#AI #CyberSecurity #2025
English
@nikhilkamathcio @elonmusk If this is AI then my Zerodha demat account is also AI… because both are giving me unreal gains this week 😭📈
English
Ahmed Jumani retweetledi
A 10-year-old girl, Tanishka Sharma, died under mysterious circumstances at Presidium School, Noida. No FIR for 15 days. No CCTV for 2 months. And now the school says the cameras “weren’t working.” Something is clearly wrong.
Her mother has already lost her husband. Now she’s fighting alone to know what happened to her daughter. Justice is her right, not a favour.
I request @myogioffice, @noidapolice @Uppolice intervene. And I urge @aajtak , @republic @BBCHindi , @ABPNews to cover this case so this mother’s voice is finally heard.
For Context-
English