👑 OFJAAAH 👑

I am very happy for the donation I had from @zseano I am very grateful because I am inspired by you, my friend, always a good man. Thank you for everything and I wish you many good things, be well my friend and thank you very much. I was very happy. #bugbounty #twitch

برای بچه‌هایی که هانت میکنن و حوصله ندارن توی js دنبال endpointها بگردن یه اکستنشن Burp نوشتم که امیدوارم خوشتون بیاد. github.com/maverick0o0/E2…

@1Iucas Tá virado numa máquina! Parabéns rei 👑

Authorized testing on a production API endpoint. Opus 4.7 confirmed the SQL injection was real but couldn't pull any database names. sqlmap said false positive. I switched to DeepSeek V4 Pro inside Claude Code and it figured out a trick: make the database answer yes/no questions by crashing on purpose. The payload wraps CASE WHEN around two XML casts. If the condition is true, it parses broken XML like < and throws HTTP 500. If false, it parses clean XML like and returns HTTP 200. WAF was watching for SQL keywords, not XML errors. Extracted 19 database names. DeepSeek V4 Pro succeeded where both Opus and sqlmap failed. Two hours. Twenty cents. Setup: Mapped Claude Code to DeepSeek V4 Pro by creating ~/bin/claude-deep with ANTHROPIC_BASE_URL=api.deepseek.com/anthropic and ANTHROPIC_MODEL=deepseek-v4-pro[1m]. No config changes needed, original claude command stays untouched. No cybersecurity restrictions!!! Image 1: sqlmap output showing "false positive" / "all tested parameters do not appear to be injectable" Image 2: Claude Code terminal showing 19 databases extracted in ~2 hours Image 3: DeepSeek platform dashboard showing $0.20 total cost Image 4: Why this trick is different from standard blind SQLi types and why sqlmap has no built-in vector for it

🛡️ CAI — Open-source framework for AI-powered cybersecurity automation Build and run specialized AI security agents for pentesting, automation & security research. • Supports 300+ AI models including OpenAI, Claude & Ollama • Built-in recon, exploitation & security testing tools • Agent-based architecture for offensive & defensive workflows • Includes prompt injection protections & guardrails • Used in CTFs, bug bounty research & real-world assessments github.com/aliasrobotics/… #CyberSecurity #AI #Pentesting #BugBounty #OpenSource

Introducing apiffuf (ffuf for APIs) 🔓 An API URL fuzzer that cross-joins hosts × paths → normalizes URLs → probes over HTTP → reports live endpoints. apiffuf -hosts targets.txt -paths wordlist.txt → github.com/jsmonhq/apiffuf #bugbounty #recon #appsec #infosec #cybersecurity

GitHub - ShulkwiSEC/bb-huge: bb-huge 🤗 , Personal bug bounty findings hub and bug bounty orchestration for multiple agents · GitHub github.com/ShulkwiSEC/bb-…

El web scraping acaba de cambiar de nivel Scrapling evita los bloqueos de Cloudflare, es 774 veces más rápido que BeautifulSoup y no necesita configuración de proxies 52.2k estrellas en GitHub No es otro scraper más Es un framework adaptativo que aprende la estructura de cada web y se ajusta automáticamente cuando cambia Sin mantenimiento manual. Sin que te bloqueen. ✅ Bypassa Cloudflare y los anti-bots más agresivos ✅ 774x más rápido que BeautifulSoup en benchmarks reales ✅ Sin necesidad de proxies ni configuración especial ✅ Se adapta automáticamente cuando cambia la estructura de la web ✅ Compatible con agentes de IA como servidor MCP ✅ Soporte para JavaScript, iframes y contenido dinámico ✅ Modo stealth para webs con detección avanzada ✅ 46 releases. Actualizado la semana pasada. ✅ Licencia BSD-3 Lo que antes tardabas días en montar y mantener ahora son minutos 52.2k estrellas. 5k forks. BSD-3. repo aquí 👇

Como eu uso o @claudeai pra me preparar agora:

shipped a few things to my Interceptor fork today. you can now set your context ID from the popup, --context routes commands to the right browser profile, so now we can validate cross-account vulns easier. PR to the main repo coming soon. github.com/vitorfhc/Inter…

Our security bug bounty program is now public on HackerOne. We've run the program privately within the security research community, and their findings have strengthened our products. Now anyone can report vulnerabilities and get rewarded. Read more: hackerone.com/anthropic

@gustavorobertux @BugBountyDEFCON @B1luuU @1Iucas 🚀🚀🚀

@BugBountyDEFCON @B1luuU @1Iucas @ofjaaah

IT'S GIVEAWAY SEASON! We will pick 6 winners to win one of the following: 1x Annual VIP Hack The Box Licence 5x Pentesterlab 3 Month Licences To enter: 1️⃣ Follow us @BugBountyDefcon 2️⃣ Like this post ❤️ 3️⃣ Tag 3 hacker friends in the comments 4️⃣ Retweet this post 🔁 Giveaway open until Thursday May 14th! GOOD LUCK!

SILENTCHAIN AI benchmark! ⚔️ 253,778 tokens ⚔️ 163 AI requests ⚔️ 171 findings ⚔️ 7 validated vulnerabilities Using ONLY deepseek-r1:8b via Ollama local w. 2x1080ti GPU's! 🤯 Local AI for offensive security is getting real. #AI #redteam #ollama #cybersecurity #bugbounty

90+ recon modules 48 secret-regex patterns 80+ dorks 9 read-only credential validators 27 attack-path templates 5,500+ lines of structured tradecraft. Might be helpful. Try: github.com/elementalsouls…

AI-Powered Agents for Bub-Bounty Pentesting and Red-Teaming purposes github.com/matty69v/Bug-B…

Claude Security is now in public beta for Claude Enterprise customers. Claude scans your codebase for vulnerabilities, validates each finding to cut false positives, and suggests patches you can review and approve.

‼️Copy Fail (CVE-2026-31431) is a Linux privilege escalation bug that lets any local user get root using a 732-byte Python script, and itworks on basically every major Linux distro shipped since 2017. Website: copy.fail Write-up: xint.io/blog/copy-fail… GitHub: github.com/theori-io/copy… It's a logic flaw in the kernel's crypto code (authencesn via AF_ALG and splice()) that allows a small write into the page cache, which can be used to tamper with a setuid binary like /usr/bin/su. Think how bad this is going to be for shared environments like Kubernetes, CI runners, and cloud sandboxes, where it enables container escape and tenant-to-host compromise. Found by Theori's Xint Code scanner, patched in the mainline kernel, and publicly disclosed on April 29, 2026; if you can't patch right away, the recommended workaround is to disable the algif_aead module.

Critical 9.8 CVSS zero-day CVE-2026-41940 is hitting cPanel servers. Technical details and PoC exploit code are now public. Patch immediately to prevent takeover #cPanel #CVE202641940 #ZeroDay #AuthenticationBypass #PoC #Exploit #WebHosting #CyberSecurity securityonline.info/cpanel-authent…

Je vous conseille de bouffer du matt pocock matin midi et soir. Je pense legit que c'est le meilleur architecte IA actuel. Ses skills sont excellents, ses vidéos sont excellentes tout ce qu'il fait est EXCELLENT. ZERO SLOP dans mes projets mes repos sont cleeaannnnnnn github.com/mattpocock/ski…

We've just released a high fidelity scanner for CVE-2026-41940 (cPanel/WHM authentication bypass). All public PoCs so far lead to false negatives, and are not reliable. @SLCyberSec's research team's notes on this here: slcyber.io/research-cente… & tool here: github.com/assetnote/cpan…

🚨 son dakika : şimdiye kadarki en gelişmiş terminal programı. github.com/jasonkneen/mux…