Jamal

🔥 Web Application Security Collection (Web Hacking • OWASP Top 10 • Bug Bounty • Pentesting) Inside the collection: • Information Gathering • Web Security Fundamentals • SQL Injection • Authentication Bypass • JWT Security • CSRF • SSRF • XSS • XXE • IDOR • Path Traversal • File Upload Vulnerabilities • OWASP ZAP • Bug Bounty Methodology Topics Covered: • Reconnaissance • Attack Surface Mapping • SQLi Exploitation • Authentication Flaws • Session Management • JWT Attacks • CSRF Attacks • SSRF Exploitation • XSS Testing • XXE Exploitation • IDOR Discovery • File Upload Abuse • Path Traversal • Browser Security • Web Exploitation Workflow • OWASP Top 10 Effective web hacking is mostly reconnaissance, logic analysis, and understanding how applications work. 📥 Drive Folder: https://t.co/GDwxdRFuL3 #WebSecurity #WebHacking #OWASP #BugBounty #Pentesting #XSS #SSRF #CSRF #XXE #IDOR #CyberSecurity #EthicalHacking

Burp Suite Professional costs 475 dollars a year per seat. A senior software engineer in Amsterdam built the open source replacement as a side project. He put it on GitHub for free. It has 10,569 stars. His name is David Stotijn. The software is Hetty. Here is what Hetty is. An HTTP toolkit for security research. A machine-in-the-middle proxy that sits between your browser and the target. Every request and every response flows through Hetty. You can read them, search them, intercept them, edit them, replay them, and send them again. This is the core loop of every web application security test ever performed. Burp Suite charges 475 dollars a year for it. Hetty does the same job for zero. Here is the feature set. A machine-in-the-middle HTTP proxy with full logs and advanced search. An HTTP client for manually creating and editing requests, and replaying any request you already proxied. Request and response interception for manual review, with full edit, send, receive, and cancel control. Scope support to keep your work organized to a single target. A web-based admin interface that runs in your browser. Project-based database storage so multiple engagements stay separate. A GraphQL service for programmatic access. The installer is a single Go binary. Works on macOS, Linux, and Windows. No Java runtime, no enterprise license server, no machine fingerprinting, no telemetry. Here is the price ladder. Burp Suite Professional: 475 dollars a year per seat. Burp Suite Enterprise: thousands per year, contact sales for a quote. Burp Suite Community Edition: free, but throttled, no scanner, no project save, no intruder rate. OWASP ZAP: free and open source, now owned by Checkmarx after a 2024 acquisition. Hetty: zero. Forever. One binary. No account. A pentester working full time pays Burp 475 dollars a year. A team of 10 pentesters pays 4,750 dollars a year. A bug bounty hunter who finds one vulnerability has already paid for Burp twice over. Or they download a 30 MB Go binary written by a freelancer in Amsterdam and keep every dollar they earn. David has not pushed a new commit in 16 months. The last commit was January 13, 2025. That is normal for a tool that is feature-complete. HTTP has not changed. The proxy still proxies. The intercept still intercepts. MIT licensed code does not expire when the maintainer takes a break. Buy a domain. Find a bug. Cash a bounty. PortSwigger took a free industry tool and put it behind a 475 dollar paywall. A freelancer in Amsterdam gave it back. On every platform. For zero dollars. Your proxy. Your binary. Your bounties. (Link in the comments)

Rustscan Network Scanner: Detailed Guide 🔥 Telegram: https://t.co/upuP8k8ckB ✴ Twitter: https://t.co/Za7rYILz6E RustScan is a modern high-speed port scanner written in Rust that helps penetration testers quickly discover open ports and automatically pipe results into Nmap for deeper enumeration. 📚 What You’ll Learn in This Guide ⚡ What Sets RustScan Apart 🚀 Advantages of RustScan over Nmap 🐳 Using RustScan with Docker ⚙️ Installation & Standalone Usage 🎯 RustScan Flags & Options 📖 Article: https://t.co/xsGVEF1SO1 #CyberSecurity #EthicalHacking #Pentesting #RustScan #NetworkSecurity #InfoSec

SOC ANALYST ROADMAP (Step by Step). Step 1: Operating System Fundamentals (Windows & Linux) Step 2: Networking Fundamentals (TCP/IP, DNS, HTTP, Ports) Step 3: Security Fundamentals (CIA Triad, Attacks, Controls) Step 4: SIEM Basics (Splunk, Sentinel, Log collection) Step 5: Log Analysis (Windows, Linux, Web logs) Step 6: Network Traffic Analysis (Wireshark, packets, anomalies) Step 7: Alert Monitoring & Triage (False positives vs real threats) Step 8: Endpoint Security (EDR tools, process monitoring) Step 9: Incident Response Basics (Detect → Contain → Recover) Step 10: Threat Intelligence (IOCs, MITRE ATT&CK) Step 11: Hands-on Practice (TryHackMe, Blue Team Labs) Step 12: Certifications (Security+, SC-200, BTL1) Step 13: Job Entry (SOC Analyst Tier 1 / Junior IR).

🚨 Anonymous Logins for Pentesters 🔥 Telegram: https://t.co/upuP8k7Ev3 ✴ Twitter: https://t.co/Za7rYIL1h6 Anonymous logins allow users to access certain network services without providing valid credentials. During penetration testing, identifying services that allow anonymous access can expose sensitive files, misconfigurations, or data leakage. ⚡ Key Services & Tools Used for Anonymous Access Testing 📡 Nmap – Identify services with anonymous login enabled 📂 FTP – Access files using anonymous credentials 🗄️ SMB – Enumerate shared resources anonymously 🧰 smbclient – Connect to SMB shares without credentials 💻 Kali Linux – Perform enumeration and exploitation 📖 Article: https://t.co/06QcLAorKC #CyberSecurity #Pentesting #EthicalHacking #RedTeam #InfoSec #KaliLinux #NetworkSecurity

🛡️ CompTIA Security+ Study Notes & Training Material 📚 Topics Covered: • Security Fundamentals • Threats, Attacks & Vulnerabilities • Network Security • Identity & Access Management (IAM) • Cryptography & PKI • Security Architecture • Secure Network Design • Risk Management & Governance • Incident Response • Security Operations • Compliance & Policies • Security Tools & Technologies CompTIA Security+ is one of the most recognized entry-level cybersecurity certifications and provides the foundation for SOC Analyst, Security Analyst, Network Security, and Blue Team roles. It focuses on practical security concepts, threat detection, risk management, and incident response. 📥 Drive Folder: https://t.co/1kBcTMZOGt #CompTIA #SecurityPlus #cybersecurity #infosec #BlueTeam #NetworkSecurity #securityanalyst #RiskManagement #IncidentResponse

Wireless Penetration Testing: PMKID Attack 🔥 Telegram: https://t.co/upuP8k8ckB ✴ Twitter: https://t.co/Za7rYILz6E PMKID attacks revolutionized Wi-Fi security testing by allowing attackers to capture authentication hashes without needing a connected client ⚠️ 📚 What You'll Learn in This Guide 📡 Understanding WPA/WPA2 Authentication 🔍 Introduction to PMKID Attacks ⚙️ Setting Up a Wireless Pentesting Lab 🛠️ Capturing PMKID Hashes with hcxdumptool 📋 Extracting Hashes Using hcxpcapngtool 🔓 Cracking PMKID Hashes with Hashcat 🎯 Identifying Vulnerable Wireless Networks 🚀 Clientless Wi-Fi Password Attacks 📂 Analyzing Captured Wireless Traffic 🧠 Wireless Enumeration & Assessment Tips 🛡️ Securing WPA/WPA2 Networks ⚠️ Detection & Mitigation Strategies 💡 Unlike traditional WPA handshakes that require a connected client, PMKID attacks allow security professionals to capture authentication data directly from vulnerable access points, making wireless security assessments faster and more efficient. 📖 Article: https://t.co/moKpgC2xAl #WiFi #PMKID #Hashcat #WirelessSecurity #Pentesting #RedTeam #CyberSecurity #EthicalHacking #InfoSec #WPA2

10 WEBSITES THAT FEEL ILLEGAL TO KNOW ABOUT Bookmark every single one. Free textbooks, full courses, and paywalled research most people pay hundreds for. 1. https://t.co/Jeku0H9ObG MIT's entire curriculum online for free. Every lecture, every problem set, every exam from 2,500+ courses. 2. https://t.co/OJmX9qD3pm Free peer-reviewed textbooks from Rice University. Math, science, business, social sciences. Used by 3 million students. 3. https://t.co/u7SNGHjNBU Harvard's most famous course. Full lectures, problem sets, and a real certificate of completion for $0. 4. https://t.co/onFc8V0qms Free access to 2.4 million research papers in physics, math, computer science, and biology. Updated daily. 5. https://t.co/C4ZsjSprP1 Catalogs 200,000+ free online courses from Harvard, Stanford, MIT, Yale, and every major university. 6. https://t.co/V57ExBxD60 Mirror of Z-Library. 22 million books and 84 million research articles. Almost every textbook ever written. 7. https://t.co/Qp8DjB7RSv Free K-12 through college courses. Math, science, economics, and test prep used by 150 million students globally. 8. https://t.co/XRN9jpDoLl TU Delft's free engineering courses. The school that produces some of the best engineers in Europe. 9. https://t.co/v2QNvSXdX2 AI-powered search across 200 million academic papers. Pulls citations, summaries, and related work instantly. 10. https://t.co/T8z2raaHQW Hidden filter on Coursera that shows every free course from Stanford, Yale, Princeton, and Google. Most people miss it. A degree used to be the only way to access this knowledge. Now it costs $0 and an internet connection.

If you want to get ahead of 99% of software engineers, then read these 12 books: 1 Designing Data-Intensive Applications 2 Clean Code 3 The Pragmatic Programmer 4 The Mythical Man-Month 5 Introduction to Algorithms 6 Code Complete 7 The C Programming Language 8 Refactoring 9 The Art of Computer Programming 10 Structure and Interpretation of Computer Programs 11 Peopleware 12 Design Patterns What else should make this list?

10 Books that will make you a 10x AI engineer: 1 Building LLMs for Production 2 AI Engineering 3 Designing Machine Learning Systems 4 Build a Large Language Model 5 Designing Data-Intensive Applications 6 LLM Engineer's Handbook 7 Deep Learning 8 Hands-On Machine Learning with Scikit-Learn, Keras, and TensorFlow 9 Prompt Engineering for LLMs 10 Introduction to Statistical Learning What else should make this list?

Learn the Language of Cybersecurity. Every industry has its own vocabulary, and cybersecurity is no different. Start learning terms like: SIEM, EDR, IDS/IPS, CVE, CVSS, MFA, Zero-Day,Threat Intelligence etc.. Understanding the terminology will help you communicate confidently during interviews and on the job.

Train your own LLM from scratch! A step-by-step repo that walks you through building and training a transformer model from scratch using PyTorch. From downloading training data all the way to generating text. The architecture is built from the ground up following the original "Attention is All You Need" paper. MLP, single head attention, multi-head attention, transformer blocks, and the full transformer model - all coded and explained with detailed diagrams at each step. Training data comes from The Pile - a diverse 825GB open-source dataset covering books, articles, code, websites, and more. The repo includes scripts to download it, preprocess and tokenize it using tiktoken, store it in HDF5 format, and feed it into training batches. You can train a 13M parameter model on a single Colab T4 GPU. At 13M parameters the model starts generating proper grammar and coherent short sentences. For billion-parameter training you need at least an A100 or RTX 4090. The repo includes a full GPU compatibility table so you know exactly what's possible on your hardware. Includes a complete SFT and RLHF guide as a separate notebook for taking your trained model further. Key capabilities: • End-to-end pipeline: data download → preprocessing → training → text generation • Full transformer implementation from scratch with PyTorch • Trains models from 13M to 2B+ parameters on a single GPU • Training data from The Pile (825GB, 22 diverse datasets) • Tokenization via tiktoken (r50k_base) • SFT and RLHF guide included 100% open source. I've shared the link in the replies!

Alguien acaba de descubrir una herramienta de comprobación de sitios web súper genial llamada Web-Check. Tiene un rollo hacker muy potente. Te permite comprobar casi toda la información de un sitio web: detalles de IP, SSL, registros DNS, cookies, información de dominio, reglas de rastreo, ubicación del servidor, historial de redirecciones, puertos abiertos, rastreo de rutas, DNSSEC, rendimiento del sitio web, nombres de host asociados, etc.