Pak Cyberbot
@PakCyberbot
Followers
273
Following
702
Media
148
Statuses
526
(TΒ³) Technical Thinking Tinkerer
World of Deception
Joined October 2021
Won a π³πΏπ²π² π’π¦ππ£ + PEN-200 bundle from @offsectraining by winning πππ place in their π₯π²π½πΌπΏπ πͺπΏπΆππΆπ»π΄ ππΌπ»ππ²ππ β Alhamdulillah, passed #OSCP with ππ¬π¬/ππ¬π¬ on my first attempt! Check out: https://t.co/Ftvd5SAUXa
3
0
36
0
1
1
Another CVE in the market
A little morning research. New React/Next.js CVE-2025-55183 Source code leakage PoC Bypasses Cloudflare! @FearsOff #react #bypass #cloudflare
0
0
1
Come check out our Educational series! https://t.co/hfSbDeLv3d. We offer badges on our discord. Education is the backbone of OSINT, so give it a try and show off your new badge! https://t.co/GL83l41cc8
#OSINT #Tracelabs #Community
1
2
3
#React2Shell Someone asked which WAFs this bypass technique works on. AWS CloudFront be one answer. AWS recommends a rule that, with a bit of analysis, shows you can bypass using UTF-16 encoding. Hereβs an official AWS link for more details: https://t.co/FmjAuvNL0P
#CVE-2025-55182 #React2Shell Let me walk you through the technical path of the WAF bypass. When a request is sent as multipart/form-data, Next.js hands the raw body stream to Busboy. The bypass comes from Busboyβs charset logic: it cleanly accepts UTFβ16LE (and legacy UCSβ2) and
10
83
357
π¨ WARNING: Fake CVE-2025-55182 (React2Shell) scanner contains MALWARE https://t.co/Q65dFepsOl Hidden payload in code: β mshta.exe https://py-installer[.]cc Targets security researchers hunting this vuln. Always read source before running any "security tool"! #React2Shell
23
95
452
#CVE-2025-55182 #React2Shell Let me walk you through the technical path of the WAF bypass. When a request is sent as multipart/form-data, Next.js hands the raw body stream to Busboy. The bypass comes from Busboyβs charset logic: it cleanly accepts UTFβ16LE (and legacy UCSβ2) and
16
124
561
Errybody screaming about React2Shell so we wanted to give ya something you haven't already heardπ Here's a beast of a blog post on malware we've seen from post-exploitation, detailing a wild Linux backdoor and more -- all from the amazing & incredible @RussianPanda9xx & co.π
Super hyped to share that @HuntressLabs published a Rapid Response blog on the recent #React2Shell post-exploitations observed. We discovered and analyzed a few payloads that were named #PeerBlight, #CowTunnel and #ZinFoq. We also observed a variant of #Kaiji malware. 3 Modelo's
9
69
365
β οΈ #React2Shell (CVE-2025-55182) is actively exploited. Patch now and look for suspicious files or a fake system-update-service. Iβve uploaded the malware found on a friendβs compromised server to my GitHub. https://t.co/mD0e3UOUqG
github.com
Be cautious running any malware, all the malwares that I found in the wild - PakCyberbot/Malware-Found-InThe-WILD
0
0
2
I solved the challenge "FIND THE MASKED MAN" by @OSINTindustries You guys can also join it: https://t.co/de4Hrz9jO8
#OSINTIndustriesCTF
1
0
3
My @YouTube #YouTubeRecap is here, the channel I watched the most this year is @_JohnHammond! Also spent tons of hours with @NahamSec and @fireship_dev. Picked up so many new techniques from John, learned a lot about web from Ben, and relied on Fireship for staying up to date.
2
0
8
π’ I partnered with @13CubedDFIR for another giveaway! π π 1 winner will receive a 13Cubed Investigator T-Shirt + the XPlat Bundle Complete which includes the following four courses: - Investigating Windows Endpoints - Investigating Windows Memory - Investigating macOS
277
287
417
Giveaway time. Our friends at @cyberwarfarelab have gifted us AIO (All In One) Access to ALL of their courses for TWO PEOPLE You'll have access to the following courses (including labs). It is a lot. You're not expected to complete everything. This is valued at over $11,000. If
989
142
1K
Final giveaway for Black Friday! I'll pick two hackers to gift free access to all of our courses by @_JohnHammond, myself and @BuildHackSecure on @hackinghub_io! - Drop a comment & RT to enter You can also purchase them here: The Hackers Arsenal: https://t.co/TwLegdsT1F Bug
311
272
404
Steal my Gemini 3 prompt to generate full n8n workflows. --------------------------------- n8n WORKFLOW GENERATOR --------------------------------- Adopt the role of an expert n8n Workflow Architect, a former enterprise integration specialist who spent 5 years debugging failed
28
166
1K
What is an ASReproasting attack? You can find the full video on Kerberos authentication and its misconfigurations on my channel: https://t.co/9XAl820Lmc
#OSCP #CPTS #Pentesting #ActiveDirectory #Kerberos
0
0
0
2
4
96
fresh proxy lists updated every 5 minutes, includes http, https, socks4, socks5
3
127
853
An idea I had some time ago was to create an open-source project with community contributions to centralize different social engineering lure techniques & native GUI tools that could be leveraged for ClickFix... a LOLBins-style site w/ mitigations. Video: https://t.co/uAFMm2qkXn
5
36
234
Data Exfiltration & Delivery via #Brave Browser Sync Chain Medium Article: https://t.co/Za1r8nhK26 BrosyncDelivery Tool GitHub: https://t.co/JsYVV5D7FP YT Video: https://t.co/Jl1EOaa4Pg
#bravebrowser #browsersyncexfiltration #redteaming #browersync #pentesting #hacking
0
0
0