BrainEternal

13 Original OAuth Attack Techniques OAuth is the login layer of the modern web. Every "Continue with Google." Every "Sign in with GitHub." Every SSO button on every SaaS you've ever tested. All OAuth under the hood. Most implementations are broken in ways that aren't documented anywhere. Here's one of 13 original techniques — Grant Type Substitution → MFA Bypass. MFA bound to the browser flow only. Switch grant type, MFA disappears. CVE-2024-37893. The password grant being present is itself a finding worth reporting. MCP is OAuth now and nobody is testing it. Full breakdown in the replies.

C̶l̶a̶u̶d̶e̶ ̶B̶u̶g̶ ̶H̶u̶n̶t̶e̶r̶ is now BUG HUNTER. We changed the name because it is no longer limited to Claude Code. Now it is a standalone open-source CLI that runs from any terminal. Use Ollama, Groq, DeepSeek, Claude, OpenAI or Grok. Built for the bug bounty community. Run it locally with Ollama - no paid AI subscription required. We are very close to 2.5K GitHub stars. Let’s make it happen, guys. More updates coming soon. #OpenSource #BugBounty #CyberSecurity #AI #EthicalHacking #Ollama #GitHub #SecurityTools #BugHunter

家人们，今天给你们扒10个GitHub上免费到离谱的仓库，每一个都能干掉你正在按月交钱的软件，看完别说鸟哥没提醒你。 1️⃣ TradingAgents 一整支AI分析师团队在你电脑里吵架做单。基本面、情绪、新闻、技术分析师同时开工，最后风险经理和执行代理拍板。等于把一支华尔街团队7×24小时塞进你笔记本，还不要工资。 🔗 https://t.co/kwYRkz5PuO 2️⃣ LibreChat 一个界面把ChatGPT、Claude、Gemini、DeepSeek等20多个模型全收了，支持自托管和原生MCP。数据是你的，基础设施是你的。能自己跑，凭啥还交月费？ 🔗 https://t.co/V3iCwASOCA 3️⃣ HyperFrames HeyGen把自家视频引擎开源了。写个HTML就能产出生产级MP4，原生支持GSAP、Lottie、Three.js，同样输入永远同样输出。 🔗 https://t.co/6Gp8NAb38O 4️⃣ Fincept Terminal 笔记本上跑的彭博终端平替，AI投资代理灵感来自传奇投资人。深度财报分析、市场情报、几十个数据源，企业级的钱一分不用掏。 🔗 https://t.co/e0Fgr7sK1S 5️⃣ MoneyPrinterTurbo 丢个关键词，脚本、画面、字幕、音乐、成片一条龙。横屏竖屏随便选，基本不用动手剪。 🔗 https://t.co/yFPFib4nBr 6️⃣ Agentic Inbox Cloudflare开源的AI邮件客户端，AI帮你读收件箱、起草回复，全程数据不出你的地盘。没有外部服务器，没有订阅费。 🔗 https://t.co/tbEaZSfis8 7️⃣ VoxCPM 几秒音频就能克隆声音，几十种语言高质量输出，还能凭一句文字描述捏出定制嗓音。 🔗 https://t.co/SlEimVxLez 8️⃣ Flowsint 输个域名，关联的IP、子域名、邮箱、加密钱包、社交账号全给你画成图。纯本地跑，做私密调查和OSINT情报的神器。 🔗 https://t.co/5UguHbZpwx 9️⃣ agent-skills 谷歌工程师Addy Osmani放出了他生产环境验证过的Claude Code技能库，API设计、调试、代码审查、CI/CD、前端工程全覆盖。 🔗 https://t.co/52Ef6XqvAz 🔟 Nango 企业每年砸几千刀的集成层，几百个预置API、托管OAuth、AI生成集成代码，一堆高速创业公司和企业团队都在用。 🔗 https://t.co/tlv7hGZZs1 这些可不是练手的玩具项目，每一个都能替掉你还在月月付费的软件。 挑一个，装上，塞进你的工作流。100%免费，100%开源。 省下的钱，记得请鸟哥喝杯咖啡。

Holy sht.. Hackers are going to love this. Someone open sourced an all-in-one hacking toolkit that bundles every major pentesting tool into a Single CLI menu. You install it once and get instant access to tools across every category from anonymity, info gathering, wireless attacks, password cracking, web scanning, exploit frameworks, payload GENERATION, and more. It's called HackingTool. → One menu launches Tor, Anonsurf, Macchanger, and proxy chains in seconds → Bundles Nmap, Dracnmap, RED HAWK, and ReconSpider for full network recon → Ships SQLMap, XSStrike, WPScan, and SecretFinder for web exploitation → Includes John the Ripper, Hashbuster, and BruteX for password attacks 51K stars. Runs on any Linux distro. 100% open source.

🕸️ Flowsint: Next-Gen Graph-Based OSINT Investigation Platform 🔥 Features: • Visual Graph Exploration • Domain, IP & ASN Intelligence • WHOIS & DNS Enrichment • Subdomain Discovery • Email & Breach Analysis • Username Enumeration (Maigret) • Organization Intelligence • Website Crawling & Tracker Detection • Crypto Wallet & NFT Analysis • Neo4j-Powered Relationship Mapping • Self-Hosted & Privacy-Focused Built for OSINT Investigators, Threat Intelligence Analysts, Journalists, DFIR Teams, and Cybersecurity Researchers. 🔗 https://t.co/EIi6lKPx7S 💡 Everything stays on your machine. No cloud dependency. #OSINT #ThreatIntelligence #CyberSecurity #DFIR #Investigation #OSINTTools

‼️ Lancement de notre Projet - NEXUS_OSINT V1 🌐Une plateforme dédiée à la visualisation et à l'analyse de données en sources ouvertes intégrant : • 🌍 Cartographie interactive Mondiale • 📡 Flux OSINT géolocalisés • 🎥 Live Cams synchronisées • ⏪ Frise temporelle avancée • ✏️ Outils d'analyse intégrés 💻Les visuels ci-dessous présentent de manière simplifiée les principales fonctionnalités de la plateforme. 👉 Disponible maintenant : https://t.co/vWqIUg0wxv

A scientist in Denmark figured out how to make Claude prepare his job applications. He open-sourced the whole thing. His name is Mads Lorentzen. He is a PhD geophysicist. He built it on top of Claude Code and released it under MIT license. Here is what it does. You fork the repo, fill in your background once, and it runs a five-step pipeline for every job you want to apply to. Step 1. It reads the job posting and scores how well you fit. Step 2. It drafts a tailored CV in LaTeX, picking only the experience that matches. Step 3. It writes a cover letter framed around what you would bring to the role. Step 4. A second AI agent reviews the first agent's work, points out weaknesses, and the first agent revises. Step 5. It compiles both into clean PDFs you can send. The whole thing is a folder of markdown files. The candidate profile, the writing style rules, the CV templates, the interview prep notes. Every step is plain text you can read and change. The job portal search is built for Danish boards. The application workflow itself works for any country. 489 stars. 270 forks. A fork-to-star ratio that high means people are using it, not only bookmarking. Mads is not a startup founder. He built this because he needed it for himself, then shared it. This is the future of job hunting. Not a service you pay for. A workflow you own. (Link in the comments)

Korea’s #1-ranked hacker on HackerOne is back with a follow-up post! 👀 Hyunseo Shin (KU, 4th year) previously shared how he uncovered open-source 0-days using LLM agents. Now, he breaks down the AI-based vulnerability detection workflow behind those findings. Full post below 🔥 🔗 https://t.co/6UodzgY5tN #CyKor #AI #hackerone

If you’re not using https://t.co/QzZGLOjipz for your bug bounty hunting, you’re probably leaving money on the table 💸 A lot of impactful vulnerabilities (SSRF, Host Header Injection, Blind XXE, Webhooks, async callbacks…) need reliable OOB interaction detection. https://t.co/QzZGLOjipz gives you that for free. 👀 #BugBounty #AppSec #CyberSecurity #Hacking #Pentest #BugBountyTips

The 10 fastest growing GitHub repos this week: 1. codegraph (+14.1K stars) Pre-indexed code knowledge graph for Claude Code, Codex, Cursor, OpenCode, and Hermes Agent — fewer tokens, fewer tool calls, 100% local https://t.co/PmnpMlGC3r 2. openhuman (+17.1K stars) Your Personal AI super intelligence. Private, Simple and extremely powerful. https://t.co/mrpvMxUFwe 3. academic-research-skills (+11.6K stars) Academic Research Skills for Claude Code: research → write → review → revise → finalize https://t.co/dek8R1gZIu 4. RuView (+6.8K stars) π RuView turns commodity WiFi signals into real-time spatial intelligence, vital sign monitoring, and presence detection — all without a single pixel of video. https://t.co/UILhiVpLyX 5. agentmemory (+6.9K stars) #1 Persistent memory for AI coding agents based on real-world benchmarks https://t.co/KttGKncznV 6. supertonic (+3.6K stars) Lightning-Fast, On-Device, Multilingual TTS — running natively via ONNX. https://t.co/LA0oJzR5Hf 7. CloakBrowser (+7.0K stars) Stealth Chromium that passes every bot detection test. Drop-in Playwright replacement with source-level fingerprint patches. 30/30 tests passed. https://t.co/smRQh0wY3u 8. ViMax (+2.7K stars) "ViMax: Agentic Video Generation (Director, Screenwriter, Producer, and Video Generator All-in-One)" https://t.co/Jp53BzC0rK 9. 12-factor-agents (+1.9K stars) What are the principles we can use to build LLM-powered software that is actually good enough to put in the hands of production customers? https://t.co/qMqRwXa7iu 10. bun (+2.0K stars) Incredibly fast JavaScript runtime, bundler, test runner, and package manager – all in one https://t.co/UAtNVbQlBd The theme this week: agent memory, context efficiency, and on-device intelligence are making AI infrastructure the hottest build category. Bookmark this. Next week's list will look completely different.

هناك العديد من الأكواد السرية (غير الرسمية) التي يكتشفها مستخدمو نموذج كلود وخبراء الذكاء الاصطناعي باستمرار ويشاركونها عبر منصات التواصل الاجتماعي، وهي أكواد تستفيد من أسلوب البرمجة والتدريب في النموذج.. فعندما يرى النموذج النصوص المكتوبة بعينها بالطريقة ذاتها يغير مباشرة طريقة استجابته للأوامر وتقديم إجابات أفضل وأكثر جودة.. فما أبرز تلك الأكواد؟