10u战神挑战，挑战10u到1000u需要多久！ 第一天：被狗庄做局 #web3 #炒币 #币圈 #BTC #USDT #Ethereum #ETH

昨天测了三个网贷，发现现在还是那么奇葩。总结一下思路： 现在很多网贷都用的云服务但是云安全没做好以及还有aksk的泄漏； 还有很多都是用的供应链的crm系统并且都是通过手机号登陆，但是某些供应链的开发很抽象，遇到了不知道是不是开发留的后门，只要固定这个手机号和固定验证码直接能登录；

Automate asset discovery and data collection with Photon’s modular crawling engine⚡ https://t.co/9awSlJZ5S6

I have released the first half of "Binary Exploitation 101", a beginner-friendly guide to binary exploitation. You can learn from classic buffer overflow to ret2dlresolve through CTF-like challenges. I am working on the second half now. Stay tuned🔥 https://t.co/Oy4P8l4plk

I successfully discovered vulnerabilities in MacOS applications through AI analysis. https://t.co/VUbYrIvJv2 #0day #BugBounty #Apple #MACOS

通过这些方法，可以很轻松的窃取钱包，窃取数据等等！搞web3的要注意别开人脸识别了 https://t.co/EPKF2nDKbz #web3 #web #security #AI #CyberSec #CyberSecurity

New tool drop by @marcolivermunz! 🛠️ SQLTimer is a simple, blazing-fast tool to scan for time-based SQL injections! 😎 Check it out! https://t.co/TsyL719yCX

AdaptixC2 v0.4 is out https://t.co/mL8AAS7w4c * New Linux/MacOS "gopher" agent * TCP/mTLS external listener for "gopher" agent * New internal TCP listener for "beacon" agent * Screenshot storage Changelog: https://t.co/JYbNxekZM6

Use Burp Suite's match and replace to replace payloads in the request's body, this easily bypasses client-side validation and saves a lot of time while testing #bugbountytips

Added peeko to #C2Matrix a browser-based XSS C2 for stealthy internal network exploration via infected browser:

AdaptixC2 v0.3 is out https://t.co/mL8AAS7w4c New: * Linking Agents (eg SMB) * Sessions Graph * Agent marker * Health checker And more in the changelog: https://t.co/8DEwfxB7YP

Hackers are using Gamma AI to create phishing page redirectors. To make things worse, the URL of these AI assisted webpages is on https://t.co/wRSGUybUIH domain itself, making it challenging for vendors to detect. The phishing makes you solve cloudflare style captcha, and will

Telegram has a super serious bug, click on the file is hacked https://t.co/4fVCRu9EKa #telegram #web3 @telegram #0day

Got an XSS? Try to 'upgrade' it to SSRF to get a bigger #BugBounty. Thanks for the #BugBountyTip, @georgeomnet! ❓Never head of ESI Injection before? Check out this @defcon talk: https://t.co/ltXGAuP6AZ #BugBountyTips #HackWithIntigriti

🛠️ Rogue - An open source web app vulnerability scanner that uses LLM Agents Cool, isn't it? #infosec #bugbounty #cybersecurity

they don’t fix it and just let it keep spamming duplicates in triage… A MESS!!! payload XSS: /*-/*`/*\`/*%27/*%22/**/(/*%20*/oNcliCk=alert()%20)//%0D%0A%0d%0a//%3C/stYle/%3C/titLe/%3C/teXtarEa/%3C/scRipt/--!%3E\x3csVg/%3CsVg/oNloAd=alert()//%3E\x3e #bugbountytips #bugbounty

Top places to find PDF generators potentially vulnerable to SSRF: 🤑 • Reports (for example, analytics reports or any other report types) • Receipts & invoices (especially in e-commerce targets) • Account archives/statistics • Bank and account balance statements •

I've uploaded recordings of two talks I gave in OnlyMalware last year 🧐 Getting Started with Windows Malware Development https://t.co/9khXmyk4LH Random Malware Techniques - Static evasion - ETW TI evasion - Usermode evasion (DLL callbacks/VEH/HWBPs) https://t.co/H6mn189F1K

Manus has a serious overreach vulnerability, and you can use Manus even if you don't have an invite code #Manus #AI

Read " Uncovering zero click Account takeover" https://t.co/kR7hKyn26q