Ron Twist

WAF bypass 101 #bugbountytips: If the request is a POST/PUT/PATCH, many times the WAF will stop reading the payload after a certain number of characters, which varies from WAF to WAF and by configuration settings. This means you can insert harmless alphanumeric garbage to exceed its read limitation, and then your naughty payloads/injection comes after and will NOT be blocked. YAY So in your payloads, if you add a new parameter as the FIRST parameter in the payload body, such as: {"trash":"value", ... the rest of the payload} or trash=gibberish& ...theRestOfThePayload I use the website below to generate the garbage: onlinefiletools.com/generate-rando… Start with 256KB in file size, copy and paste the text into your parameter, and then add something that would normally cause a WAF block into one of the other parameters. I tried to show an example here but it blocked me from posting the example (LOL). Keep increasing gibberish size up to 2MB. If it doesn't work by then it usually wont on that target. Have fun!

We just open sourced our AI vulnerability scanner 🔥 👉 github.com/0din-ai/ai-sca… Built for the reality that GenAI security isn’t static: • jailbreaks & prompt injections evolve weekly • agents introduce new attack surfaces • most issues aren’t caught until prod The scanner: continuously probes models with real-world attacks tracks vulnerabilities across LLMs + agents turns findings into repeatable security tests Powered by the same pipeline behind 0DIN’s bug bounty + threat intel feed. If you're building with AI, you need adversarial testing not just evals. PRs welcome.

👁️ LOLC2 Collection of C2 frameworks abusing legitimate services to evade detection Major update: new projects tested, enriched data, and deeper insights. site: lolc2.github.io github: github.com/lolc2/lolc2.gi…

🚨BREAKING: This GitHub repo can make money while you sleep. No joke. It's called MoneyPrinter V2. And it's not some vague "passive income" course. It's a full automation system that runs Twitter bots, YouTube Shorts pipelines, affiliate marketing, and cold outreach, all from one Python app. Here's what you actually get: → Twitter bot with built-in CRON scheduler that posts on autopilot → YouTube Shorts automater that generates and uploads videos automatically → Amazon affiliate marketing integration tied directly to Twitter → Local business scraper + automated cold email outreach (built in Go) → Modular architecture -- plug in only the features you need → Uses GPT-4Free + KittenTTS for AI-generated content and voiceovers → One config file setup, runs from a single Python command Here's the wildest part: Most people treat "making money with AI" as a ChatGPT side hustle. Copy paste prompts. Maybe write a blog post. This repo automates the entire pipeline. Content creation. Distribution. Monetization. All running on a schedule while you do literally nothing. 14.9K+ GitHub stars. 1.5K forks. 14 contributors. 107 commits. 100% Open Source. AGPL-3.0 License. (Link in the comments)

AV/EDR Lab Environment Setup A curated list of various resources helpful in building own malware-centric research lab. A post by Udayveer Singh (@m4lici0u5) Source: an0nud4y.notion.site/AV-EDR-Lab-Env… #redteam #blueteam #maldev #malwaredevelopment

LOLFSAAS Living off Free SaaS Hundreds of SaaS platforms with free tiers, documenting abuse surface, opsec risks, authent methods, C2 framework mappings, and operational limits. lolfsaas.github.io

@Jhaddix It's actually warm enough to catch a sunset by the beach this year too! 😎✌️

A lot of people hate on RSA week… and some have fair points. the week is what you make of it. I use it to see and catch up with a ton of people I’ve worked with or admired for years. I do most of this at offsite free events or hangouts. We grab shakes at Mel’s, do an escape room, enjoy the better part of the food scene in and around the city, do a vendor party, or just hotel-lobby-chill. Can’t wait to see my nerds! 🫶

Holy shit... Microsoft open sourced an inference framework that runs a 100B parameter LLM on a single CPU. It's called BitNet. And it does what was supposed to be impossible. No GPU. No cloud. No $10K hardware setup. Just your laptop running a 100-billion parameter model at human reading speed. Here's how it works: Every other LLM stores weights in 32-bit or 16-bit floats. BitNet uses 1.58 bits. Weights are ternary just -1, 0, or +1. That's it. No floats. No expensive matrix math. Pure integer operations your CPU was already built for. The result: - 100B model runs on a single CPU at 5-7 tokens/second - 2.37x to 6.17x faster than llama.cpp on x86 - 82% lower energy consumption on x86 CPUs - 1.37x to 5.07x speedup on ARM (your MacBook) - Memory drops by 16-32x vs full-precision models The wildest part: Accuracy barely moves. BitNet b1.58 2B4T their flagship model was trained on 4 trillion tokens and benchmarks competitively against full-precision models of the same size. The quantization isn't destroying quality. It's just removing the bloat. What this actually means: - Run AI completely offline. Your data never leaves your machine - Deploy LLMs on phones, IoT devices, edge hardware - No more cloud API bills for inference - AI in regions with no reliable internet The model supports ARM and x86. Works on your MacBook, your Linux box, your Windows machine. 27.4K GitHub stars. 2.2K forks. Built by Microsoft Research. 100% Open Source. MIT License.

Today, I'm open-sourcing an extension that I vibe-coded to find callback endpoints in the background while browsing the web. With this, I just pushed 25 new callback endpoints to CSPBypass, including from companies like Dashlane, WhatsApp, RecordedFuture, and more :) github.com/castilho101/Ca…

Le mec qui a créé Claude Code (@bcherny) vient de montrer comment son équipe dresse l’IA. Un fichier. CLAUDE.md. Tu le poses à la racine de ton projet. Dedans : les erreurs passées, les conventions, les règles. Claude le lit à chaque session. Résultat : l’agent s’améliore sans que tu retouches une ligne de code. Chaque bug corrigé devient une règle permanente. Boris Cherny utilise ça tous les jours chez Anthropic. Je vous mets son template ici. Prêt à copier/coller et à adapter à votre guise : ### 1. Plan Mode Default - Enter plan mode for ANY non-trivial task (3+ steps or architectural decisions) - If something goes sideways, STOP and re-plan immediately — don't keep pushing - Use plan mode for verification steps, not just building - Write detailed specs upfront to reduce ambiguity ### 2. Subagent Strategy - Use subagents liberally to keep main context window clean - Offload research, exploration, and parallel analysis to subagents - For complex problems, throw more compute at it via subagents - One task per subagent for focused execution ### 3. Self-Improvement Loop - After ANY correction from the user: update `tasks/lessons. md` with the pattern - Write rules for yourself that prevent the same mistake - Ruthlessly iterate on these lessons until mistake rate drops - Review lessons at session start for relevant project ### 4. Verification Before Done - Never mark a task complete without proving it works - Diff behavior between main and your changes when relevant - Ask yourself: "Would a staff engineer approve this?" - Run tests, check logs, demonstrate correctness ### 5. Demand Elegance (Balanced) - For non-trivial changes: pause and ask "is there a more elegant way?" - If a fix feels hacky: "Knowing everything I know now, implement the elegant solution" - Skip this for simple, obvious fixes — don't over-engineer - Challenge your own work before presenting it ### 6. Autonomous Bug Fixing - When given a bug report: just fix it. Don't ask for hand-holding - Point at logs, errors, failing tests — then resolve them - Zero context switching required from the user - Go fix failing CI tests without being told how ## Task Management 1. **Plan First**: Write plan to `tasks/todo.md` with checkable items 2. **Verify Plan**: Check in before starting implementation 3. **Track Progress**: Mark items complete as you go 4. **Explain Changes**: High-level summary at each step 5. **Document Results**: Add review section to `tasks/todo. md` 6. **Capture Lessons**: Update `tasks/lessons. md` after corrections ## Core Principles - **Simplicity First**: Make every change as simple as possible. Impact minimal code. - **No Laziness**: Find root causes. No temporary fixes. Senior developer standards.

🚨BREAKING: Someone just built a 12MB binary that gives AI agents full browser control. It's called PinchTab. No Playwright. No Puppeteer. No bloated dependencies. Just a plain HTTP request and your agent clicks, types, and navigates like a human. → 13x cheaper than screenshots (uses accessibility tree instead) → Bypasses bot detection out of the box → Runs multiple Chrome instances in parallel with isolated profiles → Works with Python, TypeScript, Go, or any language that speaks HTTP → Installs in one command Most browser automation tools weigh 500MB+ and need Python environments, npm nightmares, and Docker just to say hello. PinchTab is 12MB. One binary. Zero dependencies. This is what the browser control layer for AI agents actually looks like. 100% Open Source. MIT License.

After 5 months of development, I'm releasing EvilWAF v2.4 - a MITM proxy that makes ANY tool bypass WAFs github.com/matrixleons/ev…

今天发现一个有意思的项目：KeygraphHQ/shannon 一个全自主 AI 黑客，专门在 Web 应用里找真实漏洞。在 XBOW Benchmark 上达到了 96.15% 的成功率（无提示、有源码的情况下） 今天涨了 1,854 ⭐️ AI 安全攻防这个方向越来越卷了... 以后安全审计可能真的要被 AI 接管一部分 github.com/KeygraphHQ/sha…

Harvard just made degrees worth $200k obsolete by open-sourcing its Senior AI Engineer roadmap Stop paying for bootcamps. Prof. Vijay Janapa Reddi just put the entire ML Systems (CS249r) curriculum on GitHub. If you master these 6 pillars, you're ahead of 99% of the field: > Architecture > Data Pipelines > Production > MLOps > Edge AI > Privacy This is the "Black Box" of Big Tech infrastructure, open-sourced. Read. Learn. Bookmark. Book - mlsysbook.ai/book/ GitHub Repo -github.com/harvard-edge/c…

🚀 New tool: CSP Bypass Generator Just paste the CSP Policy Header and get an instant analysis of possible vectors + test payload ideas (for learning). obsidianlabs.cloud Perfect for: #CTF #WebSecurity #XSS #CSP #BugBounty

this is a useful repo if you’re starting with Claude Code or Codex. it has a list of: — essential documentations — best practices and workflows — videos you might learn from github.com/shanraisshan/c…

Capture HTTP/HTTPS network traffic from Android & iOS without proxies or certificates. 🙂 2 lines of Kotlin code - ZERO proxy, ZERO certs, ZERO config - OkHttp interceptor magic - Full WebSocket support - GZIP compression for speed - mDNS auto-pairing (no manual IP/port)

@DownWithUpSec This is fucking amazing work downwithup.github.io/blog/post/2023…

Weird graphQL IDOR / access control bypass: In this one, graphQL would check the "tin" (tax identification number), if supplied, against the Bearer token. If the Bearer did not have access to the tin, you would get access denied. Normal stuff there. So my thought was, how could I make the server still lookup the tin value without the access check? It regularly expected: \"tin\" This causes the server, since "tin" is present, to check access control prior to returning data. What worked was: \"tin\\\"\" So adding \\\" after tin bypassed the access control logic (for some reason), meanwhile the graphQl query still ran and sent back the PII for any TIN I sent it. #bugbounty is just strange sometimes. Some of the battle is finding neat endpoints and places, and some of it is endless tinkering.

A few updates! 1. We got rate-limited from too many sign-ups - fixed now ✓ 2. Reconnaissance video is being re-worked for better quality and more relevant methodology (it was recorded originally back in May). Uploading Monday, Jan 26th - text content still applies 3. We're raffling 2x 6-month @CaidoIO subscriptions 🎁 - comment on the original course post with your earned certificate by Monday, Jan 26th to enter! Thank you all for the support - hope you enjoy the course!