🧅 TorBot – Open-Source Intelligence Crawler for Tor and Dark Web Investigations
TorBot is an open-source intelligence (OSINT) tool designed to assist security researchers, threat intelligence analysts, digital investigators, and law enforcement professionals in exploring and analyzing Tor hidden services. Built in Python, it automates the discovery and crawling of .onion websites while collecting page titles, descriptions, link relationships, and structural information from accessible Tor services. TorBot supports configurable crawl depth, custom domain crawling, live host verification, HTML retrieval, JSON export, and multiple visualization formats—including tree, table, and graph-based link structures—to help investigators better understand hidden service ecosystems. It can operate through the Tor SOCKS5 proxy for anonymous access or perform standard HTTP crawling for surface web targets when required. Designed as a research-oriented intelligence collection platform rather than an exploitation tool, TorBot provides an efficient way to document, organize, and visualize publicly accessible information across Tor and conventional websites, making it valuable for darknet research, threat hunting, cybercrime investigations, malware infrastructure analysis, and academic security research.
🔗 https://t.co/I0S9zSQQvu
#OSINT #DarkWeb #ThreatIntelligence #CyberSecurity #Tor #ThreatHunting #DigitalForensics #OpenSource #CyberInvestigation #SecurityResearch
Kernel-Exploit-Dojo 📍
Curated archive of 100+ Linux kernel exploitation CTF challenges, organized by bug class, exploitation primitive, final technique, difficulty, and solve count.
The goal is to organize practical kernel pwn techniques such as UAF, heap spraying, pipe_buffer abuse, msg_msg, modprobe_path overwrite, and cred overwrite.
Resource: https://t.co/h1F2CD70Oc
This article is literally wow.
i read it 2 years ago, and coming back to it today, it still feels new.
few tutorials teach computers in a way that permanently changes how you think. this is one of them.
If you've never built a VM before, you're missing one of the biggest "aha" moments in computer science.
We red teamed a frontier model in 3 hours. Zero code.
674 attacks, 573 findings, ~85% success rate. The agent picked the attacks, we just described the objective.
📄 Paper + blog: https://t.co/sNKXNr3PSc
We're going live in <4 hours, walking through the research and how we're redefining AI red teaming in the agentic era.
Tune in at 11 AM PT / 2 PM ET, right here on X!
Recent CVE PoC & reproduction scripts. Focused on high-severity vulnerabilities across Linux kernel, Windows, macOS and more. https://t.co/2CAcx2ojyE
Most people learn security research by reading finished writeups. This one shows the actual process.
The messy, organic, step-by-step reality of reversing an unknown Windows mitigation from scratch. WinDbg. IDA. Hex Rays. Guard page violations. Trap flags. Zero prior knowledge of the target.
If you want to learn how to actually approach unknown Windows internals, start here.
https://t.co/Xq8xbSnG75
Author: @yarden_shafir
#ReverseEngineering #WindowsInternals #InfoSec
Introducing HTTP/2 Bomb: a remote DoS in nginx, Apache httpd, Microsoft IIS, Envoy, and Cloudflare Pingora. A single client pins 32GB of server memory in 10s. Found by Codex.
Blog post: https://t.co/WO9MeExoun
PoCs: https://t.co/NpVgEHBHPl
and the whole reason i even looked at this in the first place was because last month i realized msi vibecoded the drivers for their $5090 usd gpu (horribly, might i add!), and left a whole bunch of internal chat history exports in the asar bundle
@ajaykgp@ChShersh I think it might be something similar to this one
https://t.co/PgN3Trz77u
there is no need to think about whether it should mid + 1 or -1 etc