Practical Android Software Protection in the Wild: An Appetizer
In which @Farenain analyzes 2.5 million Android apps to identify and classify the obfuscators, packers and code protectors they use:
https://t.co/xKQGrK2qxI
26 LLM routers are secretly injecting malicious tool calls and stealing creds. One drained our client $500k wallet.
We also managed to poison routers to forward traffic to us. Within several hours, we can directly take over ~400 hosts.
Check our paper: https://t.co/zyWz25CDpl
someone built an entire AI RED TEAM - multiple agents that coordinate HACKING ATTACKS together, ZERO human input
PentAGI, open source, one agent does recon, another scans, another exploits, another writes the report. they talk to each other and adapt based on what they find
it ships as one docker container with nmap, metasploit, sqlmap, hydra preinstalled. the AI decides which tool to use and when. you point it at a target and walk away
a red team engagement costs $30-50k and takes weeks. this is one docker command and API tokens
I built an open-source library of 700+ cybersecurity skills for AI coding agents -- covers DFIR, threat hunting, cloud security, and more https://t.co/vM5SgmXCrO
Bug hunters: small Chrome DevTools tip that saved me a lot of time.
took me way too long to notice the Network → “Preserve log” checkbox in Chrome DevTools.
Static JS analysis just got smarter.
jsluice is a Go-based tool that parses JavaScript using ASTs to extract endpoints, secrets, and interesting artifacts — no noisy regex scraping.
🔗source: https://t.co/7eyaQjt337
Perfect for bug bounty hunters who actually read JS instead of just grepping it. 🔎⚡
If you’re serious about client-side recon, this deserves a spot in your toolkit.
#BugBounty #AppSec #JavaScript #Recon
The Art of Pivoting - Techniques for Intelligence Analysts to Discover New Relationships in a Complex World
This book explores how intelligence and cyber-security analysts can uncover hidden links between threat actor infrastructure and ongoing investigations by pivoting on both classic and unconventional indicators — many of which are often overlooked.
The material is grounded in empirical, field-tested strategies used in cyber-security, digital forensics, cyber threat intelligence, and intelligence analysis more broadly.
Our goal is to provide analysts with a practical toolkit of analytical methods, supported by real-world examples, to enhance investigative workflows without locking them into a single mindset, strict model, or overly rigid technical strategy.
Instead, the book encourages creative exploration, data-driven reasoning, and the use of diverse data points — from traditional IOCs to subtle metadata traces — as part of a flexible and repeatable analytical process.
#threathunting
https://t.co/IiXTV6p2yY
WebRecon from @D4rk_Intel is another OSINT multi-tool worth knowing about. 🧠
It automates web crawling, tech stack detection, DNS & WHOIS intel, email harvesting, Wayback lookups, and exports clean JSON reports.
Try it here: https://t.co/6inbXMqnsZ
Use NextJS? Recon ✨
A quick way to find "all" paths for Next.js websites:
DevTools->Console
console.log(__BUILD_MANIFEST.sortedPages)
javascript:console.log(__BUILD_MANIFEST.sortedPages.join('\n'));
Cred = https://t.co/4hiJXDNlmU
#infosec#cybersec#bugbountytips
There are so many match & replace rules out there to automate:
• XXEs
• SSRFs
• CORS misconfigurations
• Blind XSS
• Access controls
What else are we missing? 🤔
reading Js >> found an endpoint file inclusion >> LFI >> RCE :D
Write-up will be published after fix on:
https://t.co/Fv3iTBWcfH
#BugBounty
I found a new (?) CSP bypass after solving web/git in corCTF 2025.
If you can control the *response* header `Content-Length`, maybe through CRLF injection, you might able to bypass CSP `script-src 'self';` and get rid of the junk response text.