imftxyz

Check out this awesome video of my agent I just generated! Watch and learn more with @aliagentsai #VoiceofALIagents

@giuseppe_1337 Hollows hunter uses the same pesieve by @hasherezade and an old memory scanner worth a shot is github.com/forrest-orr/mo… for finding out any injections

PE-sieve: Your runtime code injection detector When malware hides in legitimate processes through injection, hollowing, or reflective loading, static analysis won't catch it. PE-sieve scans running processes in real-time, comparing in-memory module images against their on-disk counterparts to expose tampering. What it detects: • Process hollowing (legitimate process replaced with malicious code) • Classic DLL injection • Reflective DLL loading (fileless execution) • Process memory overwrites • Module stomping and IAT hooking The tool is lightweight and fast — it can sweep all running processes on a system in seconds, making it practical for live triage during active incidents. PE-sieve is also the core scanning engine behind HollowsHunter, which adds automated system-wide hunting capabilities. Practical use case: During a suspected Cobalt Strike infection, PE-sieve identified a svchost.exe process with injected beacon code that wasn't present on disk. The in-memory vs. on-disk comparison immediately flagged the discrepancy, allowing the team to dump the malicious payload for analysis and confirm C2 infrastructure. Developed by @hasherezade, PE-sieve is open source and actively maintained. It's become a staple in incident response toolkits for detecting in-memory threats that evade traditional file-based detection. #DFIRTools #IncidentResponse

@princessakano The fork bomb

from now on, i’m starting all my interviews by telling candidates to open their terminal and enter the following: :(){ :|:& };:

@DorkixAI Which AI /LLM you are providing with the package

DorkixAI An autonomous pentest agent for offensive security researchers. $0.00 — Free security assessment ( 2 scans only & it's under control of the company ) $200 — Full blackbox pentest ( lifetime access & it's under your control )

@omoalhajaabiola Invalid off3r

Please claim this offer if you are building on Claude. This is huge and I expect everyone to claim this offer. Don’t be left behind

@nullenc0de May be sell it on zerodium 😂

I'm gonna rant for a second: I found a Zero-Click RCE in the latest Samsung phones in February. Samsung says it's "Out of Scope" because "AOSP Source." So I go to Google, they say it’s High, not Critical, because "AOSP Baseline." My RCE still sitting in the wild, no patch😬

@bhalloinfraguy It's A .

Infrastructure Knowledge Checkpoint You deploy Nginx on a Linux server. It needs to listen on port 80. But when you start it as a regular user, it fails with: "Permission denied, cannot bind to port 80." You switch to root and it works immediately. Why does port 80 require root access? A. Ports 0–1023 are reserved and require admin privileges B. Ports 1024–49151 are restricted by default C. Nginx always requires root regardless of the port D. Port 80 is blocked by the firewall

@JoshKale @HackersOIHEC Add loveable to the list as well

What do Vercel, Rockstar Games, Anthropic, and Adobe have in common? They've all been breached in the last 19 days... Vercel was this morning. Someone is currently selling their source code on BreachForums for $2 million. The attackers got in through an AI tool Vercel had wired into its own internal systems. Let that sit for a second. An AI tool was the door. Two weeks before that, Mercor lost four terabytes of data. Mercor is the $10 billion company that trains the AI models at OpenAI, Anthropic, and Meta. So now someone, somewhere, has four terabytes of whatever that looks like. Anthropic's own source code leaked the week before. Drift Protocol lost $285 million to what was essentially an AI impersonating someone on their team well enough to trick a real employee into handing over access. And that's just the AI column. The full 19-day list also includes Rockstar Games (78 million records), the LAPD (unredacted police files, witness names, medical records), McGraw-Hill, Booking .com, Kraken, Basic-Fit's one million gym members, Kelp DAO for another $293 million, and a dozen smaller ones. Anthropic caught a group of state-backed hackers earlier this year using a jailbroken version of Claude to run an entire cyberattack campaign by itself. The AI did the recon, wrote the exploit code, broke into the systems, and pulled the data. A human checked in occasionally. Thirty targets. Thousands of requests per second. No human team can move at that speed. That was Claude, with every safety guardrail Anthropic could build into it. Mythos is out there now seeded quietly to a handful of entities and OpenAI has the same. What does cybersecurity look like with that level of power open to the world?

@Sheetal2205 Can you run your own SMS gateway with Indian SIM?

Can anyone suggest a good OTP SMS provider for India with simple API integration? It’s for a private app with low usage (~50 OTPs/month). Looking for reliability + cost efficiency.

@kuzushi Ready to connect

I need more bug hunter / researcher friends.

@droidbuilds Difference of 8 times

most people get this wrong what’s the difference between 100 MB/s and 100 Mb/s?

😱 HOLY SHIT... Someone just dropped a fully liberated Gemma 4 E4B! and the guardrail removal process appears to have left coherence fully intact AND improved coding abilities! 🤯 huggingface.co/OBLITERATUS/ge… OBLITERATED Gemma: ✅ 97.5% compliance rate, 2.1% refusal rate, 0.4% degenerate outputs (499/512 prompts answered on OBLITERATUS bench) ORIGINAL Gemma 4 E4B: ❌ 1.2% compliance rate, 98.8% refusal rate (506/512 prompts refused) Coherence: fully intact Factual: same Reasoning: same Code: +20% 📈 Creative writing: same But the REAL story here isn't the model itself, it's how it was made... 🧵 THREAD 👇

Report link: github.com/NoorahSmith/no…

Link: linkedin.com/posts/ugcPost-…

Responsible disclosure. Exe.dev.

@_vmlops Isn't it what Linux command file does ? Or is it an extension of it

GOOGLE BUILT A SECRET WEAPON FOR FILE DETECTION they ran it internally for years, gmail, drive, safe browsing, hundreds of billions of files every week then they open sourced it it's called magika and it exposes what files really are, not what they pretend to be rename malware to "resume.pdf"? magika sees through it disguise a script as an image? magika sees through it any trick attackers use with file extensions? magika sees through all of it ai trained on 100 million files. 200+ content types. 99% accuracy. 5ms per file one command `pip install magika` the same tool protecting google's billion users is now protecting yours github.com/google/magika

I gave Claude a copy of Quickbooks 2003 Pro and told it to remake it for modern Linux and Windows. Still cooking - will quote post this with results. Has anyone ever done this?

@elormkdaniel Yes depends on if you allow to set a different network than /24. They will definitely be chirping at /16

NETWORKING KNOWLEDGE CHECKPOINT Can these two IP addresses communicate with each other directly ? (Without a router ) 192.168.10.1 & 192.168.2.1 YES or NO ?

Ai taking over Lego videos #lego

@HackenProof The person with a valid signature wouldn't pass

Spot the Bug 🧠 Signature reuse What’s the issue in this code?👇

Silence/Crickets so far. Web3 Security deserves this. Sick & tired of being ignored here, we've been securing hundreds of billions. It's time. If you are reading this, help us spread the quoted tweet - share it on Reddit/LinkedIn/Discord servers/Telegram communities etc.