StriveBen @striveben
small white of cyber security Joined March 2017-
Tweets1K
-
Followers75
-
Following2K
-
Likes1K
How to use LLMs for vulnerability research by @0xAsm0d3us devansh.bearblog.dev/needle-in-the-… #infosec #llm
Welcome to Burp Extensibility Month! #BurpExtensibility #BurpSuite #BApps
Today we're open-sourcing Bumblebee, a read-only scanner for macOS and Linux. It checks developer machines for risky packages, extensions, and AI tool configs. Connected to Computer, it can trigger deeper scans whenever a new supply-chain risk emerges. github.com/perplexityai/b…
🚀 Claude 用户狂喜!Anthropic 黑客马拉松冠军直接甩出「Everything Claude Code」——38个专业子代理 + 156个技能 + 72个斜杠命令! 把 Claude Code 直接变成你的资深工程团队: ✅ 一键 TDD / 代码审查 / 安全扫描 ✅ 自动持续学习,越用越聪明 ✅ 生产级钩子 + 记忆持久化
AI 换脸门槛降到零了 一个开源项目,只要一张照片,就能实时换脸做视频 deepfake 不需要训练,不需要技术,下载就能用 #AI #视频生成 87k star,这玩意传播速度比我想象的快 仓库地址: github.com/hacksider/Deep…
GitHub repos for bug bounty hunters: 1. github.com/0xmaximus/Gala… 2. github.com/coffinxp/nucle… 3. github.com/0xKayala/Custo… 4. github.com/HackTricks-wik… 5. github.com/cipher387/Dork… 6. github.com/techgaun/githu… 7. github.com/s0md3v/Awesome… 8. github.com/TakSec/google-… 9. github.com/arainho/awesom… 10. github.com/0xInfection/Aw… 11. github.com/0xMrNiko/Aweso… 12. github.com/Lissy93/web-ch… 13. github.com/jakejarvis/awe… 14. github.com/swisskyrepo/Pa… 15. github.com/m14r41/Pentest… 16. github.com/ayoubfathi/lea… 17. github.com/streaak/keyhac… 18. github.com/devanshbatham/… 19. github.com/SecShiv/OneDor… 20. github.com/Hari-prasaanth… 21. github.com/djadmin/awesom… 22. github.com/Az0x7/vulnerab… 23. github.com/nahamsec/Resou… 24. github.com/daffainfo/AllA… 25. github.com/fuzzdb-project… 26. github.com/qazbnm456/awes… 27. github.com/infoslack/awes… 28. github.com/enaqx/awesome-… 29. github.com/reddelexc/hack… 30. github.com/tomnomnom/hacks 31. github.com/danielmiessler… Drop the ones I'm missing or the ones you find most useful in your hunting workflow. #BugBounty #BugBountyTips #WebSec
发了个新 release,整了个能用 eBPF 技术来动态调试的 mcp 工具,理论上可以给大模型一个轻量化的 不需要大战反调试的 动态分析的能力,欢迎试用喵⭐ github.com/ShinoLeah/eDBG
JWT Security Resources 1. JWT Introduction - jwt.io/introduction 2. JWT Attacks - portswigger.net/web-security/j… 3. OWASP JWT Cheat Sheet - cheatsheetseries.owasp.org/cheatsheets/JS… 4. JWT Vulnerabilities Guide - pentesterlab.com/blog/jwt-vulne… 5. JWT Best Practices - curity.io/resources/lear… 6. Exploiting JWT - intigriti.com/researchers/bl… 7. JWT Attacks Writeup - infosecwriteups.com/attacks-on-jso… #CyberSecurity #JWT #WebSecurity #BugBounty
how to set up live Chrome sessions: 1️⃣ open chrome://inspect/#remote-debugging 2️⃣ toggle it on 3️⃣ that's it. your agent can now see your tabs, cookies, logins — everything uses Chrome DevTools MCP under the hood, no extensions needed 📖 developer.chrome.com/blog/chrome-de… 📖 docs.openclaw.ai/tools/browser#…
XIAOMI BootLoader Unlock Leak (XIAOMI 17 Series) 只需要您在MT管理器终端输入"su", 以及输入以下命令即可解锁小米设备的bl adb shell service call miui.mqsas.IMQSNative 21 i32 1 s16 "dd" i32 1 s16 "if=/data/local/tmp/gbl of=/dev/block/by-name/efisp" s16 "/data/mqsas/log.txt" i32 60
我基于过去差不多一个月和 OpenClaw 的安全对话、相关漏洞挖掘与验证、几百个已披露的有关漏洞的学习,我们 @SlowMist_Team 的历史安全实践经验,结合我自己的使用场景,输出了这个: OpenClaw 极简安全实践指南(Root 权限 + 最大能力场景) 我的场景:OpenClaw 拥有目标机器的 Root 权限,会安装各种 Skills/MCP,追求能力最大化。 核心原则:不限制能力,只守住三道关卡——事前确认、事中拦截、事后巡检。 这个安全实践内部已经在使用验证了,舒服后再公开。因为如果不舒服,可能会带来安全与体验冲突的问题,严重的可能导致你的 OpenClaw 被束手束脚。当然,你其实也可以自己打造适合自己的,不管是一个 Skill 还是插件还是可能就我说这这句提示词: “嘿,记住,执行一切风险命令之前,问我是不是我期望的。” 只要开心就好😌
群友期待 OpenClaw 版黑手册,说文件夹建好了,就等 Skill 了。Skill 先等等,你只要这样给你的🦞说就可以挡住不少风险了: “嘿,记住,执行一切风险命令之前,问我是不是我期望的。” 😏试试看。对之后不小心注入的恶意提示词也有效。当然,你最好选一个聪明的模型来对话。
GitLab deserializes session data from Redis using Marshal.load without integrity verification. If an attacker can write to Redis, they can achieve RCE on the Gittlab instance. - Tested on CE 18.8.4 github.com/CsEnox/Gitlab-…
昨天,网易有道悄悄开源了一个非常有意思的国产 AI Agent —— LobsterAI 。 体验完后最大的感慨:这简直就是带 GUI 的中国版 OpenClaw,但门槛被拉低到了普通人也能轻松把玩的程度。 现在的 AI 产品有两个痛点:要么纯云端(常遇延迟和断网),要么纯聊天(没法进行深度的交互和操作)。而 LobsterAI 是一个基于 Electron + React 的本地优先 Agent。你只需用自然语言聊天,它就能直接在本地电脑上操作你的文件系统和终端, 同时支持最全的主流国内外的聊天软件(飞书,钉钉,Telegram,Discord)去远程控制,比别的工具都丰富,内置 memory 长记忆,会记住你的偏好,跨 session 自动复用。 这是官网,可以试试: lobsterai.youdao.com/#/index 结合我自己的需求,直接用它跑通了 3 个刚需场景: 1 每天手动刷 HackerNews 并且找有趣的内容比较浪费时间,我让它给我每天早上九点精选 HackerNews 上有趣的十篇文章进行摘要和翻译,生成 Word 文档,然后每天定时发送到我的指定邮箱,这样吃早餐的时候就可以浏览汇总的文章了。 2 简单简历一直在更新最新的简历范本,也是网站 SEO 很重要的一部分,之前需要脚本的方式,经常会出现问题,现在我让它按照每天一次按照热度生成不同的简历职位,然后生成这些职位的简历范本数据,用文件持久化进度,同时将简历数据直接插入到本地数据库中,在我确认之后直接推送到线上数据库。 3 我用手机钉钉上让它调研了一个出行计划并且保存在我本地的 Obsidian。它在家里电脑上自动:浏览器搜索攻略/比价 → 整理成表格 → 生成Obsidian笔记 → 同步给我手机。手机随时指挥电脑,真正的跨端私人助理。 远程控制做的比较好:支持飞书、钉钉、Telegram、Discord 远程操控,手机随时指挥电脑。 内置长记忆 (Memory):能记住你的已有信息和偏好,跨 session 自动复用,越用越顺手。 定时任务 & 沙盒环境:支持每天定点执行(极其实用);对数据敏感可以开启沙盒,防止 AI 暴走破坏本地数据。 多模型兼容:支持市面上所有主流 Provider,跑本地模型(比如 Ollama)也没问题;内置丰富的 Skills,做视频、幻灯片、写文档全包揽。 大年初三刚开源,整体体验下来完成度挺高,集齐了各种功能,本地化做得极其贴心。受够了纯聊天 AI、想让 AI 真正帮你操作电脑“干活”的,强烈建议体验一下。 #AI #LobsterAI #Agent #youdao #netease
你的 WAF 到底行不行,测了才知道。WAF-Checker 是由 Mickael Asseline 开发的一款全能 WAF 测试平台和防火墙检测工具,评估 WAF 保护效果。 🔥 19+ 攻击类别:SQL 注入、XSS、SSRF、XXE、SSTI... 你能想到的 OWASP Top 10 全都有 🔥 344+ 载荷:从 GitHub 实时拉取,跟病毒库一样自动更新 🔥 15+WAF 指纹识别:Cloudflare、AWS WAF、Imperva、ModSecurity... 一扫就知道你在用啥 免费,开源,部署在 Cloudflare Worker 上。 github.com/PAPAMICA/waf-c…
新梯子?把流量伪装成一封电子邮件,走的是 SMTP 587 端口,正经得不能再正经。甚至还模仿了 Postfix 的握手协议,就问你怕不怕。 SMTP Tunnel Proxy 一个“高速隐蔽隧道”,将任意 TCP 流量伪装成普通的 SMTP(电子邮件)通信,从而欺骗防火墙放行流量。 github.com/x011/smtp-tunn…
GitHub - yashab-cyber/HackGpt: HackGPT Enterprise is a production-ready, cloud-native AI-powered penetration testing platform designed for enterprise security teams. github.com/yashab-cyber/H…
推荐一款 开源全能视频下载工具 Hitomi Downloader 是一款基于 yt-dlp(基于 youtube-dl)的在线视频下载工具,也继承了 1200+ 在线视频网站的解析支持,拥有简洁的图形界面,即开即用。甚至还支持 M3U8、BT 种子和磁力链接。 主要用来下片太好使了。 github.com/KurtBestor/Hit…
GitHub 上有位开发者整理了 ChinaTextbook 项目,收录了国内小学、初中、高中到大学的教材合集。 全部为高清无水印 PDF,可直接免费下载,目的就是替代某宝上那些带水印的付费教材资源。 github:github.com/TapXWorld/Chin…
陆陆续续花了几个星期的时间自己搭建了一套指纹浏览器: ▅ 不依赖任何第三方软件,只用纯净的Chrome实例 ▅ 各个Chrome实例通过不同的用户数据目录实现目录 ▅ 安装这个我自己写的这个浏览器插件进行混淆,开源给大家自取 手搓才是最不怕被市面上的指纹浏览器盗密码的 github.com/juu17/browser-…
🐝 T3xy45 @RegisDeldicque
948 Followers 2K Following GIAC : GPEN|GWAPT|GOSI|Security Enthusiast|Bug Bounties Hunter #bugbounty #pentester ------------------------------ My motto: "Think outside of the box"
Darcy Santiago @darcy_sant72301
0 Followers 167 Following Recruiting webshell engineers to penetrate w ebsites, with a monthly salary of up to $100,000. If interested, please contact https://t.co/EVbRbOniYk
Ryel @RyelHunter
69 Followers 740 Following
Tom Huang @tuturetom
38K Followers 7K Following Co-founder & CEO @OpenDesignHQ — building Open Design, the open-source Claude Design alternative. → https://t.co/J2erf2l0vF
Tesheigh @tesheigh77304
14 Followers 929 Following Follow me, maybe it's the beginning of our fate, we can talk
雅静cos线下丨「... @Marjori67628589
37 Followers 4K Following 阿威十八式😈全活不打折🏩是否想体验下么❓请联系您的专属客服🉐专属活动🉑支持加密货币 📺电报频道:https://t.co/tNd4fcGQjB 📢客服热线: https://t.co/dC23ADu5KG
Tony.wang @Slmc2fCWD4JONA6
203 Followers 5K Following
Ratan Jyoti @reach2ratan
27K Followers 13K Following #CyberSecurity & #Privacy Leader, Award-winning #CISO helping organizations in #digitalinnovation through #Web3, #AI, #ML
HCLSoftware @HCLSoftware
39K Followers 16K Following We develop, market, sell, and support software for AI and Automation, Data, Analytics and Insights, Digital Transformation, and Enterprise Security.
Cyber Threat Hub @CyberThreatHub
7K Followers 4K Following Providing the Latest #Infosec #News, #Tools, and #Exploits #BugBounty
IriusRisk @IriusRisk
2K Followers 1K Following Automate Threat Modeling to fit your existing SDLC. Secure design right from the start.
Cyber Sorcerer @Cyber_Sorcery
205 Followers 2K Following Former SysAdmin that switched to Cybersecurity Detection Engineering, Incident Response, Pentest, Purple Team, etc... OSCP | GWAPT | GCSA | CCNP | MCSA
rapiddns @rapiddns
4K Followers 3K Following Founder of RapidDNS 🌐 | Building the ultimate recon database with 9 Billion+ records. Empowering Bug Bounty Hunters & Red Teams with lightning-fast APIs & CLI.
Kawsu @Kawsu54307514
3 Followers 259 Following ow lord please safe the world and bless those who willing to share heart wit poor ones to grow life better mercifully kind soul lord bless me good friend,,!
Information Managemen... @infomgmttoday
467 Followers 376 Following Insights your peers are reading. We bring together the best #InfoSec and #RIM content from the widest variety of industry thought leaders.
Zhang Cheng @a3100372738
16 Followers 1K Following
PR Growth Hacking @PrGrowthHacker
814 Followers 3K Following #growthhacking with #PR at its core. All the tips and tricks you need to make waves in #publicrelations.
Gary Rafferty @garyhak2009
174 Followers 5K Following
John Graham @securingreality
324 Followers 439 Following Securing Reality is derived from the philosophy of integrating controls in line with business need, no more & no less. Information is the key to any business.
PlugBounty @PlugBounty
81 Followers 293 Following SIGN UP NOW FOR EARLY ACCESS! Bug Bounty Platform for Plugins - Themes - Extensions - Libraries
glzjin @glzjin
4K Followers 3K Following InfoSec enthusiast | Developer | OSCP | OSWE | OSEP | OSED | OSCE3 | OSWA | OSWP | OSDA | OSMR | KLCP | CISSP | ASCP | S+ | PMP | Fighting for the better future
Israel G @ipartner_
639 Followers 5K Following . ..: I love solve problems for which there is no obvious answer
Simple Vulnerability ... @SimpleVulnManag
339 Followers 2K Following Programa que genera reportes de Vulnerabilidades en Word y Ejecuta Scanner de Vulnerabilidades en Linux 🐧
Pwn School @SchoolPwn
7K Followers 2K Following The Pwn School Project is an organization that provides free ethical training. YouTube: https://t.co/DHZ8YGD9AM
tal0n @moong1ider
883 Followers 2K Following @SentinelOne Co-founder, love Porsches, music and coding.
Get Oureach For Your ... @outreachgb
171 Followers 2K Following We leverage our long-standing relationships across industries to ensure we are ahead of the changing media landscape. We're committed to getting you your next b
The Outreach Experts @outreachgp
297 Followers 3K Following We are expert storytellers who thrive on securing placements across publications. It's time to get your brand story heard.
Press Outreach Servic... @pressoutreach
158 Followers 2K Following Outreach is our craft and press is the result. We enliven brands by distributing their brand story to the right publications.
Hoàng Cường @hoangcuongflp
239 Followers 3K Following @Security Research, Malware Analysis, Reverse Enginnering.
Angie Zhang @amiangie42
62 Followers 232 Following
omet hasan @omethasan
607 Followers 2K Following
Startup Articles Crea... @Startup__Notes
684 Followers 4K Following All the best information available directly from the sources you trust in creating killer #articlecontent for #startups.
Elyes Chemengui @ElyesChemengui
70 Followers 336 Following Info Sec Enthusiast | App Sec Engineer | Gamer
🅙ose. @_austral_
2K Followers 1K Following Gdo. en Criminología y en Seguridad. Mtr. Dº Penal y Crimi. Experto en nada. Analizo cosas. Un fallo en Matrix. Lector de biografías. @australk.bsky.social
Mark Minervini @markminervini
745K Followers 161 Following Author Trade Like A Stock Market Wizard and Think & Trade Like a Champion. Featured in Stock Market Wizard by Jack Schwager. Before following read disclosure.
OPPO Security @OSRC_Official
2K Followers 439 Following Official Twitter for OPPO Security Response Center. Submit your report⌨️: https://t.co/TDArf2ZYyr Contact Us📧 : [email protected]
Mistery @Mimiwftt
27K Followers 290 Following 德充符 姐不建群,姐不收费,谨慎骗子! 股市按摩师,修的是心法。 不执着涨跌,不沉迷情绪,在市场中修心,在波动中成长。 看盘,更看人性;交易,更修内心。
Fear_Nation_世界苦... @Ansel_Flipradio
39K Followers 188 Following 打算在Twitter尽量述而不做,更多提供事实(twitter上可能最缺乏的东西) CHINA OSINT 欢迎关注Youtube视频频道:https://t.co/qX3eju8LqY 查看所有服務:https://t.co/eoNiTaFr5N
Shay Boloor @StockSavvyShay
420K Followers 312 Following Chief Market Strategist @FuturumEquities | Regular on @Reuters, @YahooFinance, @Bloomberg, @FoxBusiness, @SchwabNetwork & @Forbes | NIA
Serenity @aleabitoreddit
851K Followers 174 Following I only use X, beware of imposters. AI/Semi Supply Chain Analyst Not investment advice, DYODD. Now publishing free research on AI chokepoints.
Leopold Stock Tracker @LeopoldATracker
72K Followers 4 Following @leopoldasch portfolio tracker. An industry leading commentary on AI infrastructure. Follow for early stock alerts and market insights.
Nebula Security @nebusecurity
3K Followers 3 Following AI research and tooling that finds vulnerabilities before attackers do
The White House @WhiteHouse
4.8M Followers 6 Following Welcome to The Golden Age of America. 📱 Text USA to 45470 to receive alerts.
CryptoAmsterdam @damskotrades
138K Followers 8K Following fighting doomerism flipping shitcoins bitcoin to 1m life is beautiful
LO0 @loopPoly
659 Followers 398 Following Cryptography researcher | SageMath Enhanced developer | Kimi CLI co-author | Hello-CTF / CTF Wiki contributor | Founder of 正规子群 | ex @Sider_AI @Kimi_Moonshot
孙宇晨(去过太... @sunyuchentron
417K Followers 282 Following 👨💻 企业家 | 🤵♂️ 外交官 | 👨🚀 宇航员 #712 | 🍌 艺术收藏家 | 创始人 @trondaoCN | 顾问 https://t.co/UaNI0eB7Vc https://t.co/KLklaEG0qB https://t.co/Hkyam1WH8d | 英文@justinsuntron
Claude @claudeai
1.5M Followers 2 Following Claude is an AI assistant built by @anthropicai to be safe, accurate, and secure. Talk to Claude on https://t.co/ZhTwG8d1e5 or download the app.
huangserva @servasyy_ai
34K Followers 648 Following 古早程序员 | AI出海 | 自由职业 机车游侠&机速购&骑享租创始人 15年前 freelance 起步 → 连续创业者 → 亏过1个亿,逆风翻盘中 分享创业,AI,读书,生活,健身 Official X channel of SERVASYY LLC
OpenClaw🦞 @openclaw
540K Followers 24 Following The AI that does things. Emails, calendar, home automation, from your favorite chat app. Your machine, your rules. New shell, same lobster soul. 🦞
Peter Steinberger �... @steipete
547K Followers 2K Following Polyagentmorous ClawFather. Came back from retirement to mess with AI and help a lobster take over the world. @OpenClaw🦞 + @OpenAI
H.E. Justin Sun 👨�... @justinsuntron
4.0M Followers 4K Following 👨💻 Entrepreneur | 🤵♂️ Diplomat | 👨🚀 Astronaut #712 | 🍌 Art Collector | Founder @trondao | Advisor https://t.co/o9xGaETpdH https://t.co/Y1UfwSJ8ko https://t.co/GSEqOn3haH | Chinese @sunyuchentron
Antkites @actkites
4K Followers 346 Following 💻 独立开发 | 📈 金融投资 | 🎙️ 自媒体 | 🤖 AI 探索。热衷分享技术、投资见解、AI 应用和生活感悟。这里有我的碎碎念,还有各种好玩有趣的发现,欢迎一起交流!✨
🐝 T3xy45 @RegisDeldicque
948 Followers 2K Following GIAC : GPEN|GWAPT|GOSI|Security Enthusiast|Bug Bounties Hunter #bugbounty #pentester ------------------------------ My motto: "Think outside of the box"
高手验证大赛 @gaoshouyanzheng
2K Followers 159 Following 投资是信仰之战,信仰大概率事件 /真金不怕火炼,真神不怕我验/每日更新高胜率博主关注方向(https://t.co/oeuc92nx3j ) 研究创造价值,费用仅视为对胜率、收益率研究结果的对价,不构成任何投资建议。
红透江山 @ScottZabloudil
23K Followers 37 Following 前知名券商分析师 金融博士 主做短线…盘中给票…跟上赚钱就行… 免责声明:推文均为个人见解,个人实际操作,涉及的股票只作参考不作推荐,任何投资者若以此操作盈亏自负! 月卡付费链接👇
A股短线小富婆 @dcidwso
39K Followers 0 Following 实战股手,百家之长,明察情绪,审时度势,决策而上,技法佑之,量价势全,精准出击,买无恐惧,卖不贪婪,只喜三甲,管好仓位,纪律规则,知行合一,短线必胜!
A 股-雷.所罗门�... @Abkcqb
15K Followers 143 Following 普通股市投资者要永远明白:在股市中慢就是稳,稳就是快!主要是做趋势长线,偶尔也会短线打野。不浪费时间在无用功上!进群有门槛,不要来问免费进群了。在公推上白嫖炒股思路吧。广告一律拉黑
Faav @efaav
1K Followers 229 Following Hacker & Developer. Hunting bugs. Building https://t.co/qiMEJOUaRf & NameMC Extras.
Crypto/戒色交易�... @snake_w
28K Followers 872 Following 交易是修行,心稳则盈。波段趋势交易者,不打板,不追高,不“抄底”,右侧交易坚持阴线买入。 解盘术数,探命之源。 所有推文中的内容,都是自己复盘,不构成投资建议。 粉丝群:https://t.co/azmo0Q5Zez
Bug Bounty Village @BugBountyDEFCON
9K Followers 610 Following Official X account for the Bug Bounty Village @DEFCON. Founded by @infinitelogins and @arl_rose.
曾哥 @AabyssZG
12K Followers 1K Following 渊龙Sec安全团队(AabyssTeam)创始人 国际云安全联盟(CSA)渗透测试工作组成员 渗透测试 | 造轮达人 | 追洞达人|RedTeam | IOT安全|业余无线电| SecTools | Misc业余选手 | Exploits
qwq @weiqa2
2K Followers 209 Following
Michael麦克尔 @sunnyjo37189654
17K Followers 2K Following 种一棵树最好的时间一个是十年前,还有一个是现在。 https://t.co/2sWXhBfuOs,进群无门槛,不收费!
Kle0z @Kle0z
674 Followers 129 Following Security Researcher | Part-time bug bounty hunter | Building automation tools for Bug Bounty | https://t.co/IzMYJTVaH1Trends for United States
You might like
