• Insufficient Security Configuration
• Insecure Data storage
• Insecure Deployment and Configuration Management
• Backdoor Lambda Function Through Resource-Based Policy
• Overwrite Lambda Function Code
• Create an IAM Roles Anywhere trust anchor
• Exfiltrate RDS Snapshot by Sharing
• Backdoor an S3 Bucket via its Bucket Policy
• Exfiltrate an AMI by Sharing It
• Exfiltrate EBS Snapshot by Sharing It
• Execute Discovery Commands on an EC2 Instance
• Download EC2 Instance User Data
• Execute Commands on EC2 Instance via User Data
• Noncompliant Code
• Compliant Code
• Retrieve EC2 Password Data
• Noncompliant Code
• Compliant Code
• Insecure Deployment and Configuration Management
• Local Filesystem
• AWS Security Token
• AWS Security Token Permission enumeration
• ec2:CreateSnapshot and ec2:DescribeVolumes
• Amazon Cognito
• References

Sleak Crypter is a simple obfuscate tool that allows you to encrypt and obfuscate your files.

VERT-STEALER Token Stealer, Discord Token Grabber , Discord Injection , Password Stealer, Cookie Stealer, File Stealer, Crypto wallet Stealer etc.

OpenStack from a penetration tester perspective
Part 1
Part 2
Part 3

This work describes vulnerabilities in the specification of AEAD modes and Key Wrap in two cryptographic message formats. Firstly, this applies to AEAD packets as introduced in the novel LibrePGP specification that is implemented by the widely used GnuPG application. Secondly, we describe vulnerabilities in the AES-based AEAD schemes as well as the Key Wrap Algorithm specified in the Cryptographic Message Syntax (CMS)

A network communication blocker specifically designed to neutralize EDR/AV software by preventing their cloud connectivity using Windows Filtering Platform (WFP). This version focuses solely on network isolation without process termination. Blog

Through DefenseDroid, we tend to gift a machine learning-based system for the detection of malware on android devices. DefenseDroid will effectively identify, detect, categorize apps and safeguard android mobile devices from malicious apps thus avoiding any stealing or misuse of the user’s data by using an easy user interface. In our project, a code behavior signature-based malware detection framework mistreatment associate degree LSTM rule is planned, which might sight malicious code and their variants effectively in runtime and extend malware characteristics information dynamically.

advanced MCP server that lets AI agents (Claude, GPT, Copilot, etc.) autonomously run 150+ cybersecurity tools for automated pentesting, vulnerability discovery, bug bounty automation, and security research. Seamlessly bridge LLMs with real-world offensive security capabilities. www.hexstrike.com/

This book bridges the gap between theoretical foundations and practical engineering, emphasizing the systems perspective required to build effective AI solutions. Unlike resources that focus primarily on algorithms and model architectures, this book highlights the broader context in which ML systems operate, including data engineering, model optimization, hardware-aware training, and inference acceleration