π¨ The Biggest CTF of the Year is HERE! π¨
π₯ Cyber Apocalypse CTF 2025 is coming β and itβs FREE for everyone! Whether youβre a beginner or a seasoned hacker, this is your chance to compete, learn, and win from a massive $90,000 prize pool! π°π»
π οΈ Why Join?
β Open to all skill levels β no prior experience needed!
β Hands-on challenges in web, crypto, forensics, and more!
β Battle it out with the best minds in cybersecurity!
β A chance to grab exclusive HTB swag packs!
π‘ Join the competition now!
π https://hackthebox.com/events/cyber-apocalypse-2025
π₯ Cyber Apocalypse CTF 2025 is coming β and itβs FREE for everyone! Whether youβre a beginner or a seasoned hacker, this is your chance to compete, learn, and win from a massive $90,000 prize pool! π°π»
π οΈ Why Join?
β Open to all skill levels β no prior experience needed!
β Hands-on challenges in web, crypto, forensics, and more!
β Battle it out with the best minds in cybersecurity!
β A chance to grab exclusive HTB swag packs!
π‘ Join the competition now!
π https://hackthebox.com/events/cyber-apocalypse-2025
π±7π1
Forwarded from MR. Z
Hey all Just released New tool Dnsprober v1.0.0 , a tool that helps you for dns reconnaissance and with more concurrent and scalable and easy to install run and ability to make different types of DNS queries efficiently, check it out here:
https://github.com/RevoltSecurities/Dnsprober
https://github.com/RevoltSecurities/Dnsprober
GitHub
GitHub - RevoltSecurities/Dnsprober: dnsprober is a fast and multipurpose DNS reconnaissance tool designed for efficient DNS probingβ¦
dnsprober is a fast and multipurpose DNS reconnaissance tool designed for efficient DNS probing and enumeration. It supports multiple DNS queries, custom resolvers, wildcard filtering, and retryabl...
π₯21
Where is the reactions π§π€¨
Please open Telegram to view this post
VIEW IN TELEGRAM
π₯28π5π2
AllForOne allows bug bounty hunters and security researchers to collect all Nuclei YAML templates from various public repositories.
https://github.com/AggressiveUser/AllForOne
https://github.com/AggressiveUser/AllForOne
π₯32β€8π8π6
Please open Telegram to view this post
VIEW IN TELEGRAM
π8π5π₯5
Want to find the origin IP?
1-Hunt for a subdomain with no WAF
2-extract the ASN
2-check it on bgp.he.net
3- grab the IP range, and verify a live IP.
Welcome to their world!
#bugbountytips #BugBounty
1-Hunt for a subdomain with no WAF
2-extract the ASN
2-check it on bgp.he.net
3- grab the IP range, and verify a live IP.
Welcome to their world!
#bugbountytips #BugBounty
π₯29π3π±1
CVE-2025-1661: Path Traversal in The HUSKY WordPress Plugin, 9.8 rating π₯
The vulnerability allows an attacker to execute arbitrary files on the server, including PHP code.
Search at Netlas.io:
π Link: https://nt.ls/OEg7k
π Dork: http.body:"plugins/woocommerce-products-filter"
Read more: https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/woocommerce-products-filter/husky-products-filter-professional-for-woocommerce-1365-unauthenticated-local-file-inclusion
The vulnerability allows an attacker to execute arbitrary files on the server, including PHP code.
Search at Netlas.io:
π Link: https://nt.ls/OEg7k
π Dork: http.body:"plugins/woocommerce-products-filter"
Read more: https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/woocommerce-products-filter/husky-products-filter-professional-for-woocommerce-1365-unauthenticated-local-file-inclusion
π±6π₯4π2π1
CVE-2025-25291, -25292 and other: Multiple vulnerabilitites in GitLab, 8.8 ratingβοΈ
Traditionally, GitLab publishes information about several vulnerabilities at once. These include Interpretation Conflict, DoS, Credentials Disclose, etc.
Search at Netlas.io:
π Link: https://nt.ls/PDxYA
π Dork: http.favicon.hash_sha256:72a2cad5025aa931d6ea56c3201d1f18e68a8cd39788c7c80d5b2b82aa5143ef OR http.headers.set_cookie:"gitlab" OR http.headers.location:"gitlab"
Vendor's advisory: https://about.gitlab.com/releases/2025/03/12/patch-release-gitlab-17-9-2-released/
Traditionally, GitLab publishes information about several vulnerabilities at once. These include Interpretation Conflict, DoS, Credentials Disclose, etc.
Search at Netlas.io:
π Link: https://nt.ls/PDxYA
π Dork: http.favicon.hash_sha256:72a2cad5025aa931d6ea56c3201d1f18e68a8cd39788c7c80d5b2b82aa5143ef OR http.headers.set_cookie:"gitlab" OR http.headers.location:"gitlab"
Vendor's advisory: https://about.gitlab.com/releases/2025/03/12/patch-release-gitlab-17-9-2-released/
π4π¨βπ»2
Disclosing YouTube Creator Emails for a $20k Bounty
From creator privacy to phishing paradise: How a secret parameter could have exposed the private email addresses of monetized YouTube channels
From creator privacy to phishing paradise: How a secret parameter could have exposed the private email addresses of monetized YouTube channels
brutecat.com
Disclosing YouTube Creator Emails for a $20k Bounty
From creator privacy to phishing paradise: How a secret parameter could have exposed the private email addresses of monetized YouTube channels
π₯10π3πΏ2
π₯9π2
Nightmare
Nightmare is an intro to binary exploitation / reverse engineering course based around ctf challenges.
Nightmare is an intro to binary exploitation / reverse engineering course based around ctf challenges.
guyinatuxedo.github.io
Nightmare - Nightmare
Nightmare: an intro to binary exploitation / reverse engineering course based around CTF challenges.
β€7π1
β€6π1
π― Mastering CRTO? This Resource is Pure Gold!
If you're preparing for Certified Red Team Operator (CRTO) or want to sharpen your adversary emulation skills, Iβve found something invaluable for you!
π Check here : https://m4lici0u5.com/notes/crto-notes/
π Whatβs inside?
π΄ββ οΈ Cobalt Strike β Beacons, pivoting & advanced tactics.
π΄ββ οΈ AD Attacks β Lateral movement, Kerberoasting, DCSync & more.
π΄ββ οΈ Bypassing Defenses β EDR evasion, AMSI bypass, OPSEC tricks.
π΄ββ οΈ Persistence & PrivEsc β Staying stealthy like real APTs.
If you're preparing for Certified Red Team Operator (CRTO) or want to sharpen your adversary emulation skills, Iβve found something invaluable for you!
π Check here : https://m4lici0u5.com/notes/crto-notes/
π Whatβs inside?
π΄ββ οΈ Cobalt Strike β Beacons, pivoting & advanced tactics.
π΄ββ οΈ AD Attacks β Lateral movement, Kerberoasting, DCSync & more.
π΄ββ οΈ Bypassing Defenses β EDR evasion, AMSI bypass, OPSEC tricks.
π΄ββ οΈ Persistence & PrivEsc β Staying stealthy like real APTs.
π₯11π4πΏ4π«‘3
CVE-2024-13918, -13919: XSS in Laravel Framework, 8.0 ratingβοΈ
The vulnerabilities allow an attacker to execute code in the victim's browser via Reflected XSS if the victim clicks on a decoy link.
More then 770k instances at Netlas.io:
π Link: https://nt.ls/95OAY
π Dork: http.headers.set_cookie:"laravel_session="
Read more: https://github.com/sbaresearch/advisories/tree/public/2024/SBA-ADV-20241209-01_Laravel_Reflected_XSS_via_Request_Parameter_in_Debug-Mode_Error_Page
The vulnerabilities allow an attacker to execute code in the victim's browser via Reflected XSS if the victim clicks on a decoy link.
More then 770k instances at Netlas.io:
π Link: https://nt.ls/95OAY
π Dork: http.headers.set_cookie:"laravel_session="
Read more: https://github.com/sbaresearch/advisories/tree/public/2024/SBA-ADV-20241209-01_Laravel_Reflected_XSS_via_Request_Parameter_in_Debug-Mode_Error_Page
π5β€3π±1π¨βπ»1
function rappidns() {
curl -s "https://rapiddns.io/subdomain/$1?full=1" | grep -oE "[\.a-zA-Z0-9-]+\.$1" | tr '[:upper:]' '[:lower:]' | sort -u
}Please open Telegram to view this post
VIEW IN TELEGRAM
rapiddns.io
$1 Subdomain - RapidDNS Rapid DNS Information Collection
RapidDNS is a domain name information query system that supports querying information about websites, subdomains and the same ip website. RapidDNS supports A, AAAA, CNAME, CERTIFICATE and MX types.
π17π’2