Abu

搞黑客的、搞红队的，这仓库你不存就亏了 GitHub 上有人把 150+ 个红队工具和资源全堆一块了，从信息收集、子域名爆破、payload 生成到绕 EDR、骗 Windows Defender 的骚操作，分门别类摆得明明白白： 1️⃣ 侦察阶段：spiderfoot、nuclei、Shodan 这些一个不落 2️⃣ 初始访问：密码喷洒、钓鱼 PoC 直接安排 3️⃣ 还有 19 条实战小技巧，全是老手攒的私货 说白了，攻防这玩意儿不分黑白，蓝队的也该点进去看看对面手里都有啥牌。声明归声明，仅供学习，别真去干坏事。 🔗 https://t.co/uza4hSoj4K

MICROSOFT OPEN-SOURCED A PII DETECTION SDK presidio detects and anonymizes sensitive data before it ever touches your model the problem is real: names, emails, SSNs, credit cards, medical records all flowing through LLM pipelines unfiltered presidio stops that ▫️ detects PII in text, images, and structured data ▫️ redacts, masks, or anonymizes before it hits the model ▫️ supports NLP, regex, rule-based, and transformer detection ▫️ runs on Python, PySpark, Docker, and Kubernetes ▫️ even handles DICOM medical images in an era of GDPR, HIPAA, and AI compliance audits, this is infrastructure not optional https://t.co/pcEkm4mMt7

‼️🚨 BREAKING: 320,000 Fortinet firewall devices have been targeted in a campaign that has been dubbed 'FortiBleed'. Attackers were able to confirm 75,000 working credentials against the admin and SSL VPN interfaces. The victims include really big names like Samsung, Oracle, Spotify, Sony, and more. The data was first surfaced by researcher Volodymyr "Bob" Diachenko and analyzed by Hudson Rock and SOCRadar. The operation runs as a self-feeding loop. Attackers scan the internet for exposed Fortinet devices, then test each one against a curated list of passwords leaked from earlier Fortinet breaches and infostealer logs. Every successful login gets recorded into a verified database. They then turn each compromised box into a listening post, sniffing the traffic passing through the firewall to harvest fresh credentials, which go straight back into the scanner. The scale is large. The group ran an estimated 1.16 billion credential attempts against more than 320,000 FortiGate targets, plus 2.1 billion brute-force tries against 160,000 MSSQL servers. In the deeper intrusions they intercept SSL VPN authentication hashes, crack them on a dedicated 45-GPU cluster, and move into internal Active Directory. Diachenko confirmed full network compromises in Japan, Taiwan, Vietnam, Iraq, and Turkey, including a Turkish NATO defense contractor that had classified defense documents stolen. If you run Fortinet, act now: rotate every VPN and admin credential, enforce MFA on all external gateways, restrict management access to approved sources, segment internal networks, and audit gateway logs for unusual logins. Hudson Rock has a free domain lookup at https://t.co/KLv2YiMtpm. Data surfaced via the Hunt Intelligence, Inc. feed.

🦅 Claude-OSINT: Give Claude 90+ Recon Capabilities and Turn It Into an OSINT Operator A powerful collection of Claude skills designed for authorized red-team, ASM, and bug bounty reconnaissance. What's inside? 🔹 90+ Recon Modules 🔹 48 Secret Detection Regex Patterns 🔹 80+ Google Dorks 🔹 9 Read-Only Credential Validators 🔹 27 Attack Path Templates 🔹 4,600+ Lines of Structured OSINT Tradecraft Covers: ✅ Asset Discovery ✅ Cloud & Kubernetes Recon ✅ Secret Hunting ✅ Identity & SSO Mapping ✅ Email Security Analysis ✅ Vendor Fingerprinting ✅ Supply Chain Intelligence ✅ Bug Bounty Reporting 🔗 https://t.co/8ciUJsrjbX #OSINT #ThreatIntelligence #CyberSecurity #BugBounty #RedTeam #ClaudeAI #Recon #InfoSec

Awesome Security Lists: A Goldmine for SOC Analysts, DFIR Investigators & Threat Hunters 🤖💀 🔍 Looking for detection and threat hunting resources? This repository contains YARA rules, IOC feeds, ransomware indicators, suspicious domains, TOR nodes, threat hunting lists, and SOC-focused detection content. 🔗 https://t.co/hMK8RFKLRx #DFIR #ThreatHunting #SOC #BlueTeam #YARA #ThreatIntel #CyberSecurity

Anthropic Cybersecurity Skills 🤖💀 754 production-grade cybersecurity skills for AI agents. 📌 Covers 26 security domains: • Threat Intelligence • OSINT • DFIR • Threat Hunting • Malware Analysis • Red Teaming • Pentesting • Cloud Security • SOC Operations • Mobile Security • And more... ⚡ Mapped to 5 major frameworks: • MITRE ATT&CK • NIST CSF 2.0 • MITRE ATLAS • MITRE D3FEND • NIST AI RMF Compatible with Claude Code, GitHub Copilot, Codex CLI, Cursor, Gemini CLI, and 20+ AI platforms. 🔗 https://t.co/SfV3E8nI0G A massive open-source knowledge base designed to give AI agents the workflows and decision-making process of experienced security analysts. #CyberSecurity #AIAgents #ThreatIntelligence #OSINT #DFIR #ThreatHunting #MITREATTACK #InfoSec

Claude-Red — Turn Claude Into a Specialized Red Team Operator 💀💥 A massive library of offensive security skills for Claude. • 50+ specialized security skills • Auto-loaded based on conversation context • Web, AD, Cloud, Mobile, Wireless & Exploit Dev • Structured SKILL .md methodology system • Zero context waste — only relevant skills load Categories: → Web Application Security → Active Directory → Cloud Security → Wireless Attacks → Mobile Pentesting → OSINT & Recon → Exploit Development → AI Security → Red Team Operations Highlights: • SQLi, XSS, SSRF, SSTI, XXE, IDOR • Kerberoasting, ADCS, NTLM Relay • AWS, Azure & GCP attack paths • WPA2/WPA3, BLE, Zigbee, LoRaWAN • EDR Evasion & Shellcode Development • Fuzzing & Vulnerability Research Built for: • Red Teamers • Bug Bounty Hunters • Pentesters • Security Researchers • CTF Players 🔗 https://t.co/QraHdkdU0A #ArtificialIntelligence #RedTeam #Pentesting #CyberSecurity #bugbounty #OSINT #CloudSecurity #InfoSec

Claude-BugHunter — Turn Claude Code into a Senior Bug Hunter & Red Team Operator 🤖💀 A powerful skill bundle built for bug bounty hunters and external red teams. • 51 specialized security skills • 15 slash commands for automated workflows • 681 real disclosed report patterns • Coverage across Web, API, Cloud, OAuth, SAML, GraphQL, SSRF, IDOR, XSS, RCE & more • Enterprise attack paths for M365, Okta, VPNs, SharePoint & VMware • Built-in triage, validation, reporting & evidence hygiene workflows • Burp MCP integration and engagement tracking From recon and vulnerability discovery to validation and report writing, Claude automatically loads the right skills based on what you're testing. 🔗 https://t.co/89R7Cx20oz #BugBounty #RedTeam #Pentesting #CyberSecurity #InfoSec #OSINT #ClaudeCode #AppSec

📌 أداة flowsint اداة (OSINT) لجمع المعلومات عن اي شخص بضغطة زر واحدة سواء معرفة حساباته على مواقع التواصل الأجتماعي او ارقام الهواتف المرتبطة به وحتى البريد الألكتروني وتجميع البيانات المتناثرة تحتوي على أكثر من 30 أداة لجمع المعلومات في اداة واحدة يمكنك فحص وتوسيع البيانات الخاصة بـ (أسماء الـ Domains وعناوين الـ IP وأرقام الهواتف والبريد الإلكتروني وأسماء المستخدمين والمواقع وحتى محافط العملات الرقمية Crypto Wallets) باختصار: بمجرد امتلاكك لنقطة انطلاق واحدة (سواء كانت بريد إلكتروني او اسم مستخدم او الـ IP أو الأسم) ستساعدك الأداة على كشف شيء عن الشخص والروابط المخفية وبناء مخطط تحقيقي متكامل خلال دقائق 👇 رابط الأداة

AI-Powered Red Team — 28 Specialized Agents for Offensive Security 🤖🔥 Turn Claude into a full pentesting team. • 28 agents (Recon, AD, Web, Cloud, Mobile) • Auto task routing → correct agent • Real tools support (nmap, sqlmap, nuclei, BloodHound) • Recon → Exploit → Report 🔗 https://t.co/DvJVKM2hY9 #artificialintelligence #RedTeam #Pentesting #cybersecurity #infosec

10 LINKS THAT WILL CHANGE HOW YOU LOOK AT THE INTERNET FOREVER. Save this list. Most people will never see it. 1. https://t.co/UnDnW16EM2 Shows every data breach your email has ever leaked in. 2. https://t.co/DWPtjQdmaY Reveals every social profile and login tied to any email address. 3. https://t.co/b0di40J0mR Tells you how trackable your browser fingerprint really is. 4. https://t.co/3oOgXHyaCp Checks if your VPN is actually working or silently exposing your real IP. 5. https://t.co/M49l1nqMGf Direct links to delete your account from any major service. 6. https://t.co/s6MXurFwoY Scans any file or link against 70+ antivirus engines in seconds. 7. https://t.co/LHTmczBjTS Shows if your face was used to train AI models without consent. 8. https://t.co/rF6OanX5a0 Exposes every piece of data your browser leaks to websites. 9. https://t.co/2AUNi4oSDr Tells you which apps on your PC are bloatware or spyware. 10. https://t.co/7SLjuIK4GR Removes paywalls from news sites so reading stays free. Thanks me later.

the engineer who built Claude Code just dropped a 28-minute video on how to write prompts that actually work I've seen $300 courses that don't cover what he shows in the first 10 minutes CLAUDE.md files, memory shortcuts, parallel sessions, prompting patterns all in one video and completely free works whether you're a developer, a beginner, or someone who's been using Claude for months based on this, I put together 18 things you can copy and use in Claude today full guide in the article below

Yes. Attackers can create hidden admin accounts on Windows that fly completely under the radar. The most common method is registry manipulation. By modifying a specific key under HKLM\SAM, they can create an account that doesn’t appear on the login screen or in normal user management tools. It shows up nowhere a regular user would look. Another approach is cloning an existing account. Attackers copy the RID of a legitimate admin account onto a low-privilege or guest account. On the surface it looks harmless. Under the hood it has full admin rights. Net user commands can also create accounts that blend in with system defaults, especially if named something generic like $ appended accounts, which Windows hides from standard directory listings by design. How to actually catch it: Run net user and wmic useraccount list full and compare results. Discrepancies are a red flag. Check the SAM registry directly or use tools like Autoruns and GMER. Review Event ID 4720 (account created) and 4728/4732 (group membership changes) in the Security event log. Most people never check. That’s exactly why it works.

🧙‍♂️Email Bombing and Teams Impersonation Detection Since early 2026, eSentire has observed a rise in Microsoft Teams–based phishing campaigns in which threat actors impersonate IT support or helpdesk personnel to deceive users into granting remote access to their devices. These attacks are frequently preceded by email bombing, after which the attackers contact users under the pretense of assisting with a reported issue. Now you have a KQL detection to correlate these two attacks together in a single query and move swiftly to mitigation.🫡 https://t.co/aDAj2uhwwI #ThreatHunting #DefenderXDR #KQLWizard #DetectionEngineering

Amazingly, this needs to be said continually, but stop using Global Admin for everyday tasks! You should have no more than 4 Global admins. Here is why > https://t.co/6eq6Hp9VjV Here is a hot take... You don't need a Global Admin account just because: • You are head of IT • To setup the platform initially • You are responsible for the product internally • You might need it • You think PIM is slow • You are too busy • You are always running complex scripts You might need it, if: • You are responsible for major infrastructure changes • You are responsible for responding to severe security breaches • You are responsible for granting tenant-wide consent for new products • You are responsible for managing the emergency access accounts • You are responsible for managing privileged role access You want a high-impact, quick win for security this week? Audit and remove standing and extended Global Admin access. #Entra #Microsoft #Security

‼️🚨 BREAKING: Microsoft Exchange Server CVE-2026-42897 lets an attacker execute arbitrary JavaScript in a victim's browser just by getting them to open an email in Outlook Web Access. It is being exploited in the wild. Microsoft classified it as... "spoofing." 🤔 Affected: on-premises Exchange Server 2016, 2019 and SE. Exchange Online is not impacted.