Every SOC team should read this repo before building any LLM-powered security tool
https://t.co/3L4zH8f31p
The failure modes of LLMs in security contexts are well documented in academic literature
They are almost completely ignored in product development
Introducing: https://t.co/FOcfQGdxtg ! 🛜🤖😂
A free prompt injection wargame to troubleshoot your local network with an AI assistant; and a challenge to have it leak some secrets!
Brought to you by @JustHackingHQ, @_ContinuumCon_, @d1gitalandrew Andrew Bellini & Eva Benn.
We offer a free and simple API endpoint to grab all the hostnames for a domain based on the certificate transparency logs: https://t.co/xAuMunXvYM
Sample Python code available in the Shodan book: https://t.co/36mxTrS2QS
Claude-OSINT — Turn Claude into an Elite OSINT & Recon Operator 🤖💀
Most AI assistants answer questions. Claude-OSINT teaches Claude how to investigate.
Built by ElementalSoul, this project adds 90+ reconnaissance modules, 80+ OSINT dorks, secret-hunting workflows, cloud discovery techniques, identity mapping, attack-surface analysis, and reporting methodologies directly into Claude through custom skills.
🔍 Covers OSINT, bug bounty, attack surface management, cloud recon, secret hunting, breach intelligence, and supply-chain research
⚡ 90+ recon modules across 12 security domains
🧠 5,500+ lines of structured tradecraft packed into reusable Claude skills
☁️ Includes cloud, Kubernetes, CI/CD, GitHub, API, and SaaS reconnaissance workflows
🎯 Designed for authorized red teaming, attack surface mapping, and bug bounty investigations
A fascinating example of how domain-specific skills can transform an LLM from a chatbot into a specialized security research assistant.
🔗 https://t.co/8ciUJsrjbX
#OSINT #ThreatIntelligence #BugBounty #CyberSecurity #RedTeam #ClaudeAI #InfoSec
claude-red is a curated library of offensive security skills designed for the Claude skills system. Each skill is a structured SKILL.md file that primes Claude with expert-level methodology https://t.co/7toLXC7wZT
Block High Risk AI Agents in Microsoft 365!
So many AI Agents are available to use in your Microsoft tenant without you even knowing.
More and more agents are becoming available, and this trend will continue.
The first thing you should do is block the high-risk AI agents from accessing your organization's resources.
Read more: https://t.co/6ixle7ED96
#Microsoft365 #EntraID #Cybersecurity
10 LINKS THAT WILL CHANGE HOW YOU LOOK AT THE INTERNET FOREVER.
Save this list. Most people will never see it.
1. https://t.co/UnDnW16EM2
Shows every data breach your email has ever leaked in.
2. https://t.co/DWPtjQdmaY
Reveals every social profile and login tied to any email address.
3. https://t.co/b0di40J0mR
Tells you how trackable your browser fingerprint really is.
4. https://t.co/3oOgXHyaCp
Checks if your VPN is actually working or silently exposing your real IP.
5. https://t.co/M49l1nqMGf
Direct links to delete your account from any major service.
6. https://t.co/s6MXurFwoY
Scans any file or link against 70+ antivirus engines in seconds.
7. https://t.co/LHTmczBjTS
Shows if your face was used to train AI models without consent.
8. https://t.co/rF6OanX5a0
Exposes every piece of data your browser leaks to websites.
9. https://t.co/2AUNi4oSDr
Tells you which apps on your PC are bloatware or spyware.
10. https://t.co/7SLjuIK4GR
Removes paywalls from news sites so reading stays free.
Thanks me later.
AI-Powered Red Team — 28 Specialized Agents for Offensive Security 🤖🔥
Turn Claude into a full pentesting team.
• 28 agents (Recon, AD, Web, Cloud, Mobile)
• Auto task routing → correct agent
• Real tools support (nmap, sqlmap, nuclei, BloodHound)
• Recon → Exploit → Report
🔗 https://t.co/DvJVKM2hY9
#artificialintelligence #RedTeam #Pentesting #cybersecurity #infosec
Instead of watching an hour of Netflix, watch this 2 hour hour Stanford lecture will teach you more about how LLMs like ChatGPT and Claude are built than most people working at top AI companies learn in their entire careers.
🚨Detecting🐧LPE associated with either DirtyFrag or CopyFail
Microsoft Defender has observed threat actors exploiting DirtyFrag and CopyFail to achieve local code execution via privilege escalation with su, using intrusion paths such as compromised SSH accounts, web‑shells on exposed applications, container escapes, abuse of low‑privileged service accounts, and post‑phishing or remote access compromises. I’ve prepared a KQL detection to flag LPE activity tied to either exploit.
https://t.co/eF7mOWxypD
KQL Code:
https://t.co/nsgRTegNHV
#Cybersecurity #DefenderXDR #DirtyFrag #CopyFail
LDAP Nom Nom. Quietly and anonymously bruteforce Active Directory usernames at insane speeds from Domain Controllers by (ab)using LDAP Ping requests (cLDAP), by @lkarlslund
https://t.co/1cAVKqEf9R
Threat Actors are "Bringing Their Own Forensics"
In a recent ClickFix campaign, we saw threat actors likely related to Interlock Ransomware, running Volatility (https://t.co/Vq0vkvWutb) directly on victim machines.
Commonly a tool for defenders, the TAs are using it to:
Who knew a really long string could make an Entra ID login disappear from the logs entirely? In our #blog, @nyxgeek breaks down how overflowing #Azure's sign-in logging mechanism allowed access tokens to be issued without a single log entry. Read it now! https://t.co/2joOibx3Ia