styl3

GitHub - S3N4T0R-0X0/BEAR: Bear C2 is a compilation of C2 scripts, payloads, and stagers used in simulated attacks by Russian APT groups, Bear features a variety of encryption methods, including AES, XOR, DES, TLS, RC4, RSA and ChaCha github.com/S3N4T0R-0X0/BE…

I missed many bugs because I didn't have good wordlists. This repo contains curated wordlists to fuzz smarter. github.com/0xPugal/fuzz4b…

Silent Push threat analysts have uncovered threat actors abusing AdaptixC2 - a free and open-source command-and-control (C2) framework commonly used by penetration testers - to deliver malicious payloads. silentpush.com/blog/adaptix-c…

GitHub - Matrix-Community-ORG/SSHCracker: A powerful (SSH Cracker) and efficient SSH connection testing tool written in Go. Features include multi-threaded testing, real-time progress monitoring, Discord webhook integration, and a robust license system. github.com/Matrix-Communi…

A python tool to map the access rights of network shares into a BloodHound OpenGraphs easily github.com/p0dalirius/Sha…

Our Apriso RCE path (unauth SOAP → auth upload → web-shell) is now in CISA's KEV. If you run DELMIA Apriso 2020–2025, patch now & hunt for new privileged users / rogue files. Details + templates: projectdiscovery.io/blog/remote-co… #KEV #AppSec #OTsecurity

My first bounty on @Bugcrowd full writeup: brbr0s.medium.com/broken-oauth-l… #Bugcrowd #BugBounty #bugbountytips

Evading Elastic Security: Linux Rootkit Detection Bypass | 0xMatheuZ matheuzsecurity.github.io/hacking/bypass…

"Endpoints" for adding your wordlist

Daily Security Writeups 🔗securitycipher.com/bounty-writeup…

SHELLSILO is a new tool that converts C syntax into direct syscall assembly and shellcode, streamlining low-level operations for security professionals. meterpreter.org/shellsilo-the-…

Compact OSCP command & workflow reference👾 🔗it.connect4techs.com/oscp-cheat-she…

NTLM Password Changer - A PowerShell utility that changes Windows account passwords through the native Samlib.dll API, the same low-level library used by Windows itself for SAM and NTLM account management. github.com/kfallahi/NTLMP…

CVE-2025-55752 - exploit poc for the Apache Tomcat Rewrite Valve Relative Path Traversal, no RCE (for now) #pruva tried to fake it playing witht he rewrite, relaxing it a lot, but after some pass was able to reproduce. gist.github.com/N3mes1s/013061…

Cloudflare WAF Bypass → XSS 💡 The vulnerability occurred because the URL was being printed directly in JavaScript. Used this payload to achieve reflected XSS: --'<00 foo="<a%20href="javascript​:prompt(404)">XSS-Click</00>--%20// #BugBounty #XSS #infosec #bugbountytips

Lateral movement across server room? Steven Flores (@0xthirteen) of @SpecterOps describes a new fancy WMI class that can be used to move laterally between Windows server boxes. Also, mentions methods of extending this tactic to workstations. Post: specterops.io/blog/2025/09/1… #redteam #blueteam #maldev #malwaredevelopment

Good news: EDR-Redir "bind" mode now can work with Windows 10 🤓 github.com/TwoSevenOneT/E…