R.I.P. rebuilding your GTM stack from scratch every session.
A complete Claude Skill Library can replace a $15,000/month agency retainer.
It is not as easy as hiring someone else to do it.
But if you start today, you can have 56 skills loaded into Claude covering SEO, content, outbound, sales, growth, analytics, strategy, ads, social, and CRM by end of this week.
I usually charge $299 for access to this library but today, it's free.
Like this post + comment 'Agents' and I'll DM you the entire skill library for free.
(Must be following, or I can't message.)
Taking this down in 48 hours.
This is true and not sure how Meta is leading a round
It seems Indian startups is all about gimmicks! What Kunal has taught is if you have right connections and start from a right place you can get a good payout (I have got 3 credit cards but never used CRED) @kunalb11
@kunalb11 Kunal Shah spent 7 years teaching India to pay credit card bills through a separate app to earn coins worth nothing.
Now he runs WhatsApp.
Brace yourselves. Soon you’ll pay ₹99 to send a ❤️ and earn 5,000 WhatsApp Coins™, redeemable for absolutely nothing.
Anthropic engineers just showed how they build a full app from scratch, using a loop of agents
40 minutes from the team behind Claude Code
they used three agents: one to plan, one to build, one to judge, cycling until the app actually works
the winners won't have the smartest model, they'll have the best loop
watch it, then read the full guide on how to actually use loops below
I genuinely don't understand why everyone isn't using this yet
Andrej Karpathy, a co-founder of OpenAI, posted a simple idea that hit 16 million views: stop using AI to write code, use it to build a second brain.
You point Claude Code at a folder, drop in any source, an article, a transcript, a PDF, and Claude reads it, links it, and files it into a living wiki of everything you know. It compounds like interest, the more you feed it, the smarter it gets.
Here's the whole thing:
> Install Obsidian, create a vault, open it in Claude Code
> Paste Karpathy's wiki idea file and tell Claude to build it
> Claude makes three folders: raw for sources, wiki for its pages, a CLAUDE.md that runs it
> Drop any source into raw and say "ingest this"
> Ask questions across everything, forever
Five minutes to set up, and you never start from a blank chat again.
Full step-by-step guide with Claude and Obsidian, link below.
Bookmark this
Let me blow your mind real quick:
When you use Remote Desktop (RDP), Windows secretly takes screenshots of what you are doing.
It’s called the RDP Bitmap Cache.
To make the connection faster, Windows saves small tiles (images) of the remote screen to your hard drive in a bin file.
Even if the session is over and the remote server is destroyed... your laptop still holds the cache files.
Forensics teams use tools like BMCViewer to stitch those tiles back together.
They won't just see logs but the literal email, document, or picture you were looking at.
💀
@ni5arga The problem with Telegram channel is not sharing of leaked paper, there are many other ways of doing it, rather that it can be used to spread fake news of leak that appears genuine. It was done by someone during JEE Advanced. It causes unnessecary confusion.
Indian telecom Reliance is sabotaging access to Telegram for millions of users OUTSIDE India (including the UAE) via a rogue method called BGP hijacking.
The sabotage seems intentional, as Reliance has ignored multiple reports.
This may be part of a competitive war, as Reliance is partially owned by Meta — the company behind WhatsApp.
Network operators are advised to reject unauthorized BGP announcements from Reliance (AS18101) to prevent route hijacks and ensure stable Internet access for their users.
Such abuse of global Internet routing is alarming. I wouldn’t be surprised if Reliance/WhatsApp were also behind the recent lobbying effort to ban Telegram in India.
@Iyervval “Put the financial loss aside. That place was built stitch by stitch. We spent years pushing the government to change policies, to develop the sector." - That means there were kickbacks made to Govt to change the policies? Praful Patel was the aviation minister during that time!
Burp Suite Professional costs 475 dollars a year per seat.
A senior software engineer in Amsterdam built the open source replacement as a side project. He put it on GitHub for free. It has 10,569 stars.
His name is David Stotijn. The software is Hetty.
Here is what Hetty is.
An HTTP toolkit for security research. A machine-in-the-middle proxy that sits between your browser and the target. Every request and every response flows through Hetty. You can read them, search them, intercept them, edit them, replay them, and send them again.
This is the core loop of every web application security test ever performed. Burp Suite charges 475 dollars a year for it. Hetty does the same job for zero.
Here is the feature set.
A machine-in-the-middle HTTP proxy with full logs and advanced search. An HTTP client for manually creating and editing requests, and replaying any request you already proxied. Request and response interception for manual review, with full edit, send, receive, and cancel control. Scope support to keep your work organized to a single target. A web-based admin interface that runs in your browser. Project-based database storage so multiple engagements stay separate. A GraphQL service for programmatic access.
The installer is a single Go binary. Works on macOS, Linux, and Windows. No Java runtime, no enterprise license server, no machine fingerprinting, no telemetry.
Here is the price ladder.
Burp Suite Professional: 475 dollars a year per seat.
Burp Suite Enterprise: thousands per year, contact sales for a quote.
Burp Suite Community Edition: free, but throttled, no scanner, no project save, no intruder rate.
OWASP ZAP: free and open source, now owned by Checkmarx after a 2024 acquisition.
Hetty: zero. Forever. One binary. No account.
A pentester working full time pays Burp 475 dollars a year. A team of 10 pentesters pays 4,750 dollars a year. A bug bounty hunter who finds one vulnerability has already paid for Burp twice over.
Or they download a 30 MB Go binary written by a freelancer in Amsterdam and keep every dollar they earn.
David has not pushed a new commit in 16 months. The last commit was January 13, 2025. That is normal for a tool that is feature-complete. HTTP has not changed. The proxy still proxies. The intercept still intercepts. MIT licensed code does not expire when the maintainer takes a break.
Buy a domain. Find a bug. Cash a bounty.
PortSwigger took a free industry tool and put it behind a 475 dollar paywall. A freelancer in Amsterdam gave it back. On every platform. For zero dollars.
Your proxy. Your binary. Your bounties.
(Link in the comments)
Phishing and social engineering are getting more sophisticated at an exponential rate due to AI.
Proton just let a phishing email go through to my inbox that I think will compromise tens of thousands of folks.
How it seems to work: someone added my email to a real Google Group. They then sent out a message to all members of the group with subject line "Your Google data has been exported."
Obviously this will cause many people to panic. The email went through to my inbox because it came from a legit google group from a legit Google URL.
All links in the email look totally normal – unless you look at the link for "Cancel request" button. But amazingly this one also seems to come from a genuine Google URL – a URL shortener from Google! goo[dot]gl/XXXXX (not putting the real URL here).
Then it takes you to (1) a Recaptcha screen and then (2) a genuine looking Google account login screen. It's hosted on a Google site (sites[dot]google[dot]com) so everything looks legit.
Because all links are technically hosted by Google, this is very very bad.
@narendramodi / @dpradhanbjp - ff corrective actions are not taken then these 17 lakh people will vote against BJP in the next elections and this could be a deciding factor! Dismiss the entire CBSE board! (including SANYAM BHARDWAJ).,
Well done @sidhant_sarthak! Whoever allowed the vendor to favor Coempt Eduteck for CBSE Screen Marking should spend rest of the days behind jail! How the heck they can play with lives of 17 lakh students!
Howdy folks! Taking a break from my twitter break to let yall know that we released a new @GreyNoiseIO product yesterday. It's called Project Swarm. We've been quietly not-so-quietly working on it for a few years. You can buy it now. It costs $1.
There are lots of vulnerabilities on edge-facing apps. To catch in-the-wild exploitation of them, we @ GreyNoise run sensors on the internet. New AI models means more vulnerabilities being identified and exploited, and FASTER. Long term, software and hardware will probably get better, but in the meantime we're gonna have to deal with A LOT of vulnerabilities.
At GreyNoise, the sensors we run are basically honeypots- we bait attackers to scan and exploit them which enables us to learn where the attackers are, which vulnerabilities they are exploiting, what it drops, and what it looks like on the wire. From ~2020-now it took us years to build up our fleet. Now anyone can use our new product to deploy their own sensors on their own networks, or an entire fleet of any size, in a day. You can rip back the data and do whatever you want with it. You can resell it, put it into your product, or just stare at it- whatever you want! On our side, we aggregate the data and pour it into a community dataset that everyone shares. As more people join, the data gets bigger and better.
Couple neat features:
- Sensor deployment is a single bash command on any modern linux distro that supports iptables and wireguard.
- Sensors and vulnerable software (profiles) are abstracted into different logical concepts, which means the "what" and "where" are different things, and the sensor is not constrained by the compute required to run the vulnerable software. Also, no matter how hacked the profile (honeypot) gets, it can't touch your host sensor or the rest of your network.
- Sensors can run fake honeypots, real software, or even real hardware (bridged with a raspberry pi) like old crappy routers and modems (or expensive firewalls and VPN gateways 👀)
- You can create dynamic blocklists that block IPs sourced from your own sensors in real time, so if a remote IP address *looks at your network* the wrong way, you block them instantly.
- All the PCAP data is available to you in a gorgeous and intuitive interface at near real time and fully enriched against all of our (thousands of) rules. We're working on the host metadata (malware, syscalls, host behaviors) as well, but this will come later.
- If we don't tag a CVE that's interesting to you, you can write a Suricata rule to tag it yourself once and your data gets tagged with it in real time forever.
- You can instantly download PCAPs of any exploits that hit your sensors.
- If you don't want your data shared with the community dataset, you can talk to our team and we'll work out rights to make it private.
Check it out! There's a lot of moving pieces to make this work and we expect bugs, but it's available right now. Join the fight!
https://t.co/erAWtX1l7B