Fides Fracta

1. Web Application Hacker’s Handbook 2. The Hackers Playbook 2 3. Hacking: The Art of Exploitation 4. Ghost in the Wires 5. Social Engineering: The Art of Human Hacking 6. Computer Hacking Beginners Guide 7. Kali Linux Revealed : Mastering Pen Testing Distribution 8. The Basics of Hacking and Penetration Testing 9. Nmap Network Scanning 10. Practical Malware Analysis: The Hands-on Guide 11. RTFM: Red Team Field Manual 12. Hash Crack: Password Cracking 13. Mastering Metaspoilt 14. Advanced Penetration Testing 15. Hacking: A Beginners Guide to Your First Computer Hack 16. CISSP All in One Exam Guide 17. Web Hacking 101 18. Blue Team Handbook: Incident Response Edition 19. Black Hat Python: Python 20. Gray Hat Hacking: The Ethical Hacker’s Handbook

Sci-Hub is an evil website that pirated 85M+ research papers and made them freely available And now they've added AI to their database to make Sci-Bot. It answers your questions using latest, full-text articles. But DO NOT use it. We should all try to make billion-dollar academic publishers richer. I'm putting the link below so you know how to avoid it.

Just got my hands on a 3-page "guide to detect starlink terminals" Islamic Regime's security forces are utilizing a specialized software protocol to identify and triangulate Starlink terminals through unique signal signatures, such as high BSSID density and the use of 802.11ac/ax radio types. The tool enables field personnel to physically locate hardware via real-time distance estimation and acoustic tracking that intensifies as they approach the source. People arrested with Starlink possession might face extreme legal consequences, including charges of "sabotage and spying" which may result in execution. #Iran

Software horror: litellm PyPI supply chain attack. Simple `pip install litellm` was enough to exfiltrate SSH keys, AWS/GCP/Azure creds, Kubernetes configs, git credentials, env vars (all your API keys), shell history, crypto wallets, SSL private keys, CI/CD secrets, database passwords. LiteLLM itself has 97 million downloads per month which is already terrible, but much worse, the contagion spreads to any project that depends on litellm. For example, if you did `pip install dspy` (which depended on litellm>=1.64.0), you'd also be pwnd. Same for any other large project that depended on litellm. Afaict the poisoned version was up for only less than ~1 hour. The attack had a bug which led to its discovery - Callum McMahon was using an MCP plugin inside Cursor that pulled in litellm as a transitive dependency. When litellm 1.82.8 installed, their machine ran out of RAM and crashed. So if the attacker didn't vibe code this attack it could have been undetected for many days or weeks. Supply chain attacks like this are basically the scariest thing imaginable in modern software. Every time you install any depedency you could be pulling in a poisoned package anywhere deep inside its entire depedency tree. This is especially risky with large projects that might have lots and lots of dependencies. The credentials that do get stolen in each attack can then be used to take over more accounts and compromise more packages. Classical software engineering would have you believe that dependencies are good (we're building pyramids from bricks), but imo this has to be re-evaluated, and it's why I've been so growingly averse to them, preferring to use LLMs to "yoink" functionality when it's simple enough and possible.