never mind - popped back up

@ExploitDB hi guys, getting a 502 for a while now when trying to visit you..

Bytedesk has about 405 GitHub stars. The public issues show stored XSS via uploaded SVG and DNS-confirmed SSRF via /openrouter/api/v1/models and /gitee/api/v1/models. Full report: x.com/zast_ai/status/2064167… @fofabot @zoomeye_team @HunterMapping @ExploitDB @oss_security @OpenSecurity_IN

The repo has about 405 GitHub stars. The public issues show stored XSS from uploaded SVG and DNS-confirmed SSRF from /openrouter/api/v1/models and /gitee/api/v1/models. Full report: x.com/zast_ai/status/2064167… @fofabot @zoomeye_team @HunterMapping @ExploitDB @oss_security @OpenSecurity_IN

[webapps] OpenEMR 7.0.2 - Arbitrary File Read dlvr.it/TSx7mk

40 Advanced Pentesting & Red Team Tools 🔥 1.👁️ Nmap 2.⚡ Masscan 3.🔍 Amass 4.🎯 Subfinder 5.🛰️ Assetfinder 6.🛡️ Nessus 7.🟢 OpenVAS 8.🌐 Nikto 9.⚛️ Nuclei 10.🕷️ Wapiti 11.🚀 Metasploit Framework 12.📚 SearchSploit 13.💉 SQLMap 14.💥 ExploitDB 15.⚙️ Commix 16.🔑 Hashcat 17.🪓 John the Ripper 18.🐉 Hydra 19.🎯 Medusa 20.💀 CrackMapExec 21.🌎 Burp Suite 22.🛡️ OWASP ZAP 23.📂 Gobuster 24.🔎 Dirsearch 25.⚡ XSStrike 26.📶 Aircrack-ng 27.📡 Kismet 28.🔐 Reaver 29.📲 Wifite 30.🕸️ Bettercap 31.🐧 LinPEAS 32.🪟 WinPEAS 33.☠️ BeRoot 34.🔍 Watson 35.📖 GTFOBins 36.🎭 Mimikatz 37.🩸 BloodHound 38.👑 Empire 39.🐶 Pupy 40.🔌 Netcat (NC) #CyberSecurity #Pentesting #RedTeam #EthicalHacking #InfoSec #BugBounty #SecurityTools #KaliLinux

40 Advanced Pentesting & Red Team Tools ⚔️ 1.👁️ Nmap 2.⚡ Masscan 3.🔍 Amass 4.🎯 Subfinder 5.🛰️ Assetfinder 6.🛡️ Nessus 7.🟢 OpenVAS 8.🌐 Nikto 9.⚛️ Nuclei 10.🕷️ Wapiti 11.🚀 Metasploit Framework 12.📚 SearchSploit 13.💉 SQLMap 14.💥 ExploitDB 15.⚙️ Commix 16.🔑 Hashcat 17.🪓 John the Ripper 18.🐉 Hydra 19.🎯 Medusa 20.💀 CrackMapExec 21.🌎 Burp Suite 22.🛡️ OWASP ZAP 23.📂 Gobuster 24.🔎 Dirsearch 25.⚡ XSStrike 26.📶 Aircrack-ng 27.📡 Kismet 28.🔐 Reaver 29.📲 Wifite 30.🕸️ Bettercap 31.🐧 LinPEAS 32.🪟 WinPEAS 33.☠️ BeRoot 34.🔍 Watson 35.📖 GTFOBins 36.🎭 Mimikatz 37.🩸 BloodHound 38.👑 Empire 39.🐶 Pupy 40.🔌 Netcat (NC) #CyberSecurity #Pentesting #RedTeam #EthicalHacking #InfoSec #BugBounty #SecurityTools #KaliLinux

Today everything became branding, visibility, monetization and consultant posture. Now #AI is about to reshape the entire research ecosystem once again. Interesting times ahead.

Back then, the scene still had soul. People took risks, researchers openly supported each other, platforms like @ExploitDB defended disclosure under pressure: The ecosystem felt raw, technical and alive... real and human !

Thread: Back in 2014, I publicly disclosed a few vuln affecting FireEye appliances during the peak of FireEye/Mandiant era. At the time FireEye was 1 of the most influential cybersec companies in the world. I was just an unknown researcher posting offensive stuff on @ExploitDB

Top Cybersecurity Tools Every Security Professional Should Know 🛡️🔥 🔐 Social Engineering Tools 1.🎣 GoPhish 2.👁️ HiddenEye 3.🐟 SocialFish 4.🔗 EvilURL 5.🎭 Evilginx 6.🛠️ SET Toolkit 🔑 Password Cracking Tools 1.⚡ Hashcat 2.🗝️ John The Ripper 3.🚪 Hydra 4.🐍 Medusa 5.💀 Cain & Abel 6.🔓 Ophcrack 🌐 Web Application Testing Tools 1.⚔️ OWASP ZAP 2.🧪 Burp Suite 3.🕷️ Nikto 4.🔍 WPScan 5.🎯 Acunetix 6.🛡️ Arachni ☁️ Cloud Security Tools 1.☁️ AWS GuardDuty 2.🔷 Azure Security Center 3.🌍 Google Cloud Security Command Center 4.🛡️ Prisma Cloud 5.🕸️ Lacework 6.👁️ Wiz 📶 Wireless Security Tools 1.📡 Aircrack-ng 2.📲 Wifite 3.🛰️ Kismet 4.📥 TCPDump 5.📶 Reaver 6.🦈 Wireshark 💣 Exploitation Tools 1.💥 Metasploit Framework 2.🧪 Burp Suite 3.💉 SQLMap 4.📂 ExploitDB 5.🎯 Core Impact 6.🔴 Cobalt Strike 7.☠️ Empire 🔍 Vulnerability Scanning Tools 1.🛡️ Nessus 2.🧪 OpenVAS 3.⚡ Nexpose 4.🌐 Qualys 5.🎯 Acunetix 6.🐧 Lynis 🧠 Digital Forensics Tools 1.🦈 Wireshark 2.📂 Autopsy 3.🧬 Volatility 4.🔬 Sleuth Kit 5.📦 Binwalk 6.🧾 Foremost 7.🔐 EnCase 🛡️ Network Defense Tools 1.🚨 Snort 2.🛰️ Suricata 3.🔥 pfSense 4.🧅 Security Onion 5.👽 AlienVault OSSIM 💻 Endpoint Security Tools 1.🦅 CrowdStrike Falcon 2.🛡️ SentinelOne 3.⚫ Carbon Black 4.🔒 Symantec Endpoint Protection 5.🪟 Microsoft Defender for Endpoint 🌍 Threat Intelligence Tools 1.🧠 ThreatConnect 2.📡 Recorded Future 3.👽 AlienVault OTX 4.⚔️ IBM X-Force Exchange 5.📂 MISP 🕵️ Information Gathering Tools 1.🌐 Nmap 2.🔎 Shodan 3.🕸️ Maltego 4.🌾 theHarvester 5.🛠️ Recon-ng 6.🕷️ Amass 7.📡 Censys 8.🧩 OSINT Framework 9.📂 Gobuster 10.🕸️ SpiderFoot #CyberSecurity #EthicalHacking #BlueTeam #RedTeam #InfoSec

40 Red Team & Pentesting Tools You Should Know In 2026 ☠️🔴 1.🌐 Nmap 2.⚡ Masscan 3.🕸️ Amass 4.🔎 Subfinder 5.📡 Assetfinder 6.🛡️ Nessus 7.🧪 OpenVAS 8.🕷️ Nikto 9.⚛️ Nuclei 10.🔍 Wapiti 11.💣 Metasploit Framework 12.📚 SearchSploit 13.💉 SQLMap 14.📂 ExploitDB 15.💻 Commix 16.🔐 Hashcat 17.🗝️ John The Ripper 18.🚪 Hydra 19.🐍 Medusa 20.🖥️ CrackMapExec 21.🌍 Burp Suite 22.⚔️ OWASP ZAP 23.📁 Gobuster 24.🔦 Dirsearch 25.🎯 XSStrike 26.📶 Aircrack-ng 27.📡 Kismet 28.📲 Reaver 29.📡 Wifite 30.🕶️ Bettercap 31.🐧 LinPEAS 32.🪟 WinPEAS 33.🔓 BeRoot 34.🧠 Watson 35.⚙️ GTFOBins 36.👻 Mimikatz 37.🩸 BloodHound 38.☠️ Empire 39.🐀 Pupy 40.🔌 Netcat (nc) #CyberSecurity #EthicalHacking #Pentesting #RedTeam

☠️⚔️ 40 Advanced Red Team & Pentesting Tools Used In Real Assessments 1.🌐 Nmap 2.⚡ Masscan 3.🕸️ Amass 4.🔎 Subfinder 5.📡 Assetfinder 6.🛡️ Nessus 7.🧪 OpenVAS 8.🕷️ Nikto 9.⚛️ Nuclei 10.🔍 Wapiti 11.💣 Metasploit Framework 12.📚 SearchSploit 13.💉 SQLMap 14.📂 ExploitDB 15.💻 Commix 16.🔐 Hashcat 17.🗝️ John The Ripper 18.🚪 Hydra 19.🐍 Medusa 20.🖥️ CrackMapExec 21.🌍 Burp Suite 22.⚔️ OWASP ZAP 23.📁 Gobuster 24.🔦 Dirsearch 25.🎯 XSStrike 26.📶 Aircrack-ng 27.📡 Kismet 28.📲 Reaver 29.📡 Wifite 30.🕶️ Bettercap 31.🐧 LinPEAS 32.🪟 WinPEAS 33.🔓 BeRoot 34.🧠 Watson 35.⚙️ GTFOBins 36.👻 Mimikatz 37.🩸 BloodHound 38.☠️ Empire 39.🐀 Pupy 40.🔌 Netcat (nc) #CyberSecurity #EthicalHacking #Pentesting #RedTeam

Cybersecurity Tools By Category Information Gathering: >Nmap >Shodan >Maltego >TheHavester >Recon-NG >Amass >Censys >OSINT Framework >Gobuster Exploitation: >Burp Suite >Metasploit Framework >SQL Map >ZAP >ExploitDB >Core Impact >Cobalt Strike Password Cracking: >John The Ripper >Hydra >Hashcat >OPHCrack >Medusa >THC-Hydra >Cain & Abel Vulnerability Scanning: >OpenVAS >Nessus >AppScan >LYNIS >Retina >Nexpose Software Engineering: >GoPhish >HiddenEye >SocialFish >EvilURL >Evilginx Forensics: >SluethKit >Autopsy >Volatility >Guymager >Foremost >Binwalk >Wireshark Wireless Hacking: >Aircrack-NG >Wifite >Kismet >TCPDump >Airsnort >Netstumbler >Reaver Web Application Assessment: >OWASP ZAP >Burp Suite >Nikto >ZAP >WPScan >Gobuster >App Spider Follow @Hamzaonchain for more

AIによるサイバー攻撃の加速によって人の手では運用が回らなくなってきていると感じますが、今後AI Agentを活用したセキュリティ運用についてチャッピー先生とディスカッションしたところ、面白い整理ができたのでシェア！ まだきっちりここに運用を当てはめるのは難しい状況もありそうですが、現実的にこういう方向になる気がします。 AI時代の防御アーキテクチャ案 実務モデルとする5層。 Layer 1: Intelligence Fabric ※脅威情報の整理 CVE、KEV、EPSS、PoC、ExploitDB、GitHub、ダークウェブ、ベンダーアドバイザリ、メール脅威、DNS/Proxy、EDR、SIEMを統合。 AIは要約だけでなく、「自社に関係あるか」を判断。 Layer 2: Exposure Graph ※資産情報の整理 資産、脆弱性、公開状態、ID権限、データ重要度、業務重要度をグラフ化。 「このCVEはあるが、外部公開なし・補完防御あり・低権限」なのか、「外部公開・管理者権限・重要DB接続あり」なのかで対応を変える。 Layer 3: AI Triage & Decision Support ※AIによる自動対応 AIが以下を出す。 影響資産 悪用可能性 既存防御の有無 推奨アクション 代替緩和策 ハンティングクエリ 経営向け説明 Layer 4: Guardrailed Automation ※製品間連携と自動処理 SOAR/XDR/M365/EDR/Firewall/WAF/Email Securityと連携。ただし権限を分ける。 操作 | 自動化レベル IOC enrichment | 完全自動 チケット作成 | 完全自動 ハンティングクエリ生成 | 自動、実行は承認付き ユーザー警告 | 条件付き自動 メール隔離 | 条件付き自動 端末隔離 | 承認付き 本番FWブロック | 原則承認付き パッチ適用 | 変更管理連携 Layer 5: Continuous Validation ※監視と監査 AI自身の判断も検証する。 攻撃シミュレーション、BAS、Purple Team、検知テスト、誤検知レビュー、インシデント後レビューを回す。

𝗖𝗬𝗕𝗘𝗥𝗦𝗘𝗖𝗨𝗥𝗜𝗧𝗬 — 𝟳𝟬 𝗖𝗼𝗺𝗽𝗿𝗲𝗵𝗲𝗻𝘀𝗶𝘃𝗲 𝗖𝘆𝗯𝗲𝗿𝘀𝗲𝗰𝘂𝗿𝗶𝘁𝘆 𝗧𝗼𝗼𝗹𝘀 𝗳𝗼𝗿 𝗠𝗼𝗱𝗲𝗿𝗻 𝗧𝗵𝗿𝗲𝗮𝘁 𝗗𝗲𝗳𝗲𝗻𝘀𝗲 🔥 🔎 𝗜𝗻𝗳𝗼𝗿𝗺𝗮𝘁𝗶𝗼𝗻 𝗚𝗮𝘁𝗵𝗲𝗿𝗶𝗻𝗴 • Nmap • Shodan • Maltego • theHarvester • Recon-ng • Amass • Censys • OSINT Framework • Gobuster • SpiderFoot 📡 𝗪𝗶𝗿𝗲𝗹𝗲𝘀𝘀 𝗛𝗮𝗰𝗸𝗶𝗻𝗴 • Aircrack-ng • Wifite • Kismet • tcpdump • Reaver • Wireshark 🎭 𝗦𝗼𝗰𝗶𝗮𝗹 𝗘𝗻𝗴𝗶𝗻𝗲𝗲𝗿𝗶𝗻𝗴 • GoPhish • HiddenEye • SocialFish • EvilURL • Evilginx • SET Toolkit 💥 𝗘𝘅𝗽𝗹𝗼𝗶𝘁𝗮𝘁𝗶𝗼𝗻 • Metasploit Framework • Burp Suite • SQLMap • ExploitDB • Core Impact • Cobalt Strike • Empire 🔑 𝗣𝗮𝘀𝘀𝘄𝗼𝗿𝗱 𝗖𝗿𝗮𝗰𝗸𝗶𝗻𝗴 • Hashcat • John the Ripper • Hydra • Medusa • Cain & Abel • Ophcrack 🛡️ 𝗩𝘂𝗹𝗻𝗲𝗿𝗮𝗯𝗶𝗹𝗶𝘁𝘆 𝗦𝗰𝗮𝗻𝗻𝗶𝗻𝗴 • Nessus • OpenVAS • Nexpose • Qualys • Acunetix • Lynis 🧪 𝗙𝗼𝗿𝗲𝗻𝘀𝗶𝗰𝘀 • Wireshark • Autopsy • Volatility • Sleuth Kit • Binwalk • Foremost • EnCase 🌐 𝗪𝗲𝗯 𝗔𝗽𝗽𝗹𝗶𝗰𝗮𝘁𝗶𝗼𝗻 𝗔𝘀𝘀𝗲𝘀𝘀𝗺𝗲𝗻𝘁 • OWASP ZAP • Burp Suite • Nikto • WPScan • Acunetix • Arachni 🛰️ 𝗡𝗲𝘁𝘄𝗼𝗿𝗸 𝗗𝗲𝗳𝗲𝗻𝘀𝗲 • Snort • Suricata • pfSense • Security Onion • AlienVault OSSIM 💻 𝗘𝗻𝗱𝗽𝗼𝗶𝗻𝘁 𝗦𝗲𝗰𝘂𝗿𝗶𝘁𝘆 • CrowdStrike Falcon • SentinelOne • Carbon Black • Symantec Endpoint Protection • Microsoft Defender for Endpoint ☁️ 𝗖𝗹𝗼𝘂𝗱 𝗦𝗲𝗰𝘂𝗿𝗶𝘁𝘆 • AWS GuardDuty • Azure Security Center • Google Cloud Security Command Center • Prisma Cloud • Lacework 🧠 𝗧𝗵𝗿𝗲𝗮𝘁 𝗜𝗻𝘁𝗲𝗹𝗹𝗶𝗴𝗲𝗻𝗰𝗲 • ThreatConnect • Recorded Future • AlienVault OTX • IBM X-Force Exchange • MISP #CyberSecurity #EthicalHacking #OSINT #SOC #DFIR

unsigned char malicious_ptr[] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }; What am I missing here? This gets appened to null?