ch
Feedback
ThreatXEd Security

ThreatXEd Security

前往频道在 Telegram

Welcome to ThreatXEd Security! At ThreatXEd , we don’t just hand you the solutions; we equip you with the skills to solve challenges on your own, for a lifetime. DM us on @threatx_support

显示更多
1 347
订阅者
无数据24 小时
+277
+2930

数据加载中...

吸引订阅者
七月 '26
七月 '26
+44
在0个频道中
六月 '26
+54
在0个频道中
Get PRO
五月 '26
+53
在0个频道中
Get PRO
四月 '26
+11
在0个频道中
Get PRO
三月 '26
+19
在1个频道中
Get PRO
二月 '26
+18
在0个频道中
Get PRO
一月 '26
+49
在3个频道中
Get PRO
十二月 '25
+33
在0个频道中
Get PRO
十一月 '25
+15
在0个频道中
Get PRO
十月 '25
+25
在0个频道中
Get PRO
九月 '25
+49
在2个频道中
Get PRO
八月 '25
+125
在1个频道中
Get PRO
七月 '25
+122
在1个频道中
Get PRO
六月 '25
+51
在0个频道中
Get PRO
五月 '25
+58
在0个频道中
Get PRO
四月 '25
+103
在1个频道中
Get PRO
三月 '25
+219
在0个频道中
Get PRO
二月 '25
+879
在0个频道中
Get PRO
一月 '250
在2个频道中
Get PRO
十二月 '240
在2个频道中
Get PRO
十一月 '24
+10
在1个频道中
日期
订阅者增长
提及
频道
13 七月0
12 七月0
11 七月+2
10 七月+3
09 七月+19
08 七月+7
07 七月+1
06 七月0
05 七月+2
04 七月0
03 七月+5
02 七月+3
01 七月+2
频道帖子
🕥ThreatXEd Friday Challenge: Defeating the "Smart" Rate Limiter 🎯 The Scenario You're testing an admin login panel at /admi
🕥ThreatXEd Friday Challenge: Defeating the "Smart" Rate Limiter 🎯 The Scenario You're testing an admin login panel at /admin/login. The app has a rate limiter: more than 5 failed logins from one IP in 60 seconds → instant HTTP 429 Too Many Requests, connection dropped. You fire up Hydra or Burp Intruder against a weak password list... and get walled on attempt #6. 🔍 The Twist You look closer at the 429 response headers and spot something the app leaks back to you:
X-Forwarded-For: 127.0.0.1
🧠 Think it through 1️⃣ What assumption did the developer make when they wired up the rate-limiter relative to reverse proxies? 2️⃣ How would you manually adjust your brute-force request headers to slip past this limiter — without rotating your public IP? 📣 Your move Drop your conceptual payload logic or Python pseudocode in the comments. No copy-pasted tool syntax — we want to see the structural reasoning behind the bypass.
Most accurate answer gets pinned Monday.
#ThreatXEd#FirdayChallenge

2
Tools like Responder don't succeed because of complex exploit payloads; they succeed by hijacking built-in fallback protocols+6
Tools like Responder don't succeed because of complex exploit payloads; they succeed by hijacking built-in fallback protocols that are left enabled by default #ThreatXEd
237
3
https://t.me/Ethiopiastartup
236
4
🚨 The Excel File That Shook Global 2FA 🧬 Cyber Autopsy: The 2011 RSA SecurID Breach One Excel file. One employee. Millions of authentication tokens put at risk. 🎯 The Bait Attackers skipped the executives and targeted a handful of mid-level employees with a convincing email titled: "2011 Recruitment Plan" and what was attached was an innocent-looking .xls spreadsheet. 💥 The Exploit The spreadsheet secretly contained an embedded Adobe Flash object exploiting the zero-day vulnerability CVE-2011-0609. The moment it was opened: - Flash triggered a buffer overflow - A custom Poison Ivy RAT was executed in memory - The attackers gained a stealthy foothold No password theft. No noisy ransomware. Just quiet access. 🕵️ The Pivot Instead of grabbing credentials, the attackers patiently mapped RSA's internal network. Their real objective? 🔑 The master seed values used to generate RSA SecurID tokens. Once those seeds were compromised, the security of countless 2FA deployments around the world was called into question. The real failure wasn't the phishing email. It was the architecture. Once the endpoint was compromised, the attackers moved laterally with too few barriers in their way. Zero Trust + Strong Network Segmentation > Perimeter-Only Security #CyberSecurity #ThreatXEd #BlueTeam #ZeroTrust #NetworkSegmentation
320
5
Agentic AI + Cybersecurity = The Future of Defense Traditional security tools wait for humans to react. Agentic AI changes that. Agentic AI can autonomously observe, reason, decide, and act helping detect threats, investigate attacks, and respond in real time. Imagine AI agents that hunt threats 24/7, analyze malware, and stop attacks before damage happens. The future of cybersecurity isn’t just automation it’s intelligent autonomous defense. #AI #Cybersecurity #AgenticAI #ThreatXed @ThreatXSecurity
538
6
https://youtu.be/rT2iGGuuorc?si=8cVBVUrBWyHnCOQZ
469
7
🚨 ALERT - A critical Splunk Enterprise flaw can go from “no login required” to remote code execution. Tracked as CVE-2026-20
🚨 ALERT - A critical Splunk Enterprise flaw can go from “no login required” to remote code execution. Tracked as CVE-2026-20253, the bug carries a 9.8 CVSS score and affects vulnerable Splunk Enterprise servers through exposed PostgreSQL sidecar endpoints. The exploit chain is now public. Read the full story: https://thehackernews.com/2026/06/critical-splunk-enterprise-flaw-lets.html
555
8
🛑 Google says a Chinese cybercrime network turned Gemini into a phishing helper. The service, called Outsider, was tied to:
🛑 Google says a Chinese cybercrime network turned Gemini into a phishing helper. The service, called Outsider, was tied to: > 1.59M fraudulent URLs > 9,000 fake websites > 100,000+ victims > $88/week phishing kits sold on Telegram Read: https://thehackernews.com/2026/06/google-sues-chinese-smishing-network.html
495
9
THE INTERVIEW IS OUT! 🔥 My full ... https://vt.tiktok.com/ZSQeWtXVp/
651
10
THE INTERVIEW IS OUT! 🔥 My full ... https://vt.tiktok.com/ZSQeWtXVp/
6
11
https://vt.tiktok.com/ZSQeWtXVp/
1
12
THE INTERVIEW IS OUT! 🔥 My full ... https://vt.tiktok.com/ZSQeWtXVp/
1
13
https://youtu.be/s-D7oPkNf6c
559
14
Hey guys We’re planning to rebrand our community name from “ThreatX Security” to a fresh new name. Please suggest modern, unique and professional names related to cybersecurity, ethical hacking, learning, and technology
746
15
ለመላው የእስልምና እምነት ተከታዮች እንኳን ለ1447ኛው የዒድ አል-አድሃ (አረፋ) በዓል በሰላም አደረሳችሁ ! #ThreatX
ለመላው የእስልምና እምነት ተከታዮች እንኳን ለ1447ኛው የዒድ አል-አድሃ (አረፋ) በዓል በሰላም አደረሳችሁ ! #ThreatX
668
16
🔔INSA Summer Camp Registration Extended! Based on the poll results, many candidates requested additional time for registration. Therefore, the INSA Summer Camp registration deadline has been extended by 7 more days. 🗓 New Deadline: May 24, 2026 This program is designed for students who are ready to grow in technology, innovation, and problem-solving through self-awareness, self-development, and challenge-based mentorship. Participants will gain practical exposure in STEAM fields, guided learning experiences, and hands-on challenges that build real skills. ✅ Free registration ✅ Open for elementary, high school, and university students ✅ Self-awareness & personal development focus ✅ Challenge-based mentorship approach ✅ Skill-building through real-world problems ✅ Networking with talented peers Don’t miss this chance—complete your registration before the new deadline. 👉 More information: https://t.me/insactc 👉 Registration Portal: https://ctc.insa.gov.et/registration
653
17
የ2018 ኢመደአ ሰመር ካምፕ የምዝገባ መስፈርቶች – INSA Cyber Talent Challenge 2026 • ምዝገባ በብሔራዊ መታወቂያ (National ID) ይደረጋል (ከውጪ ዜጎች በስተቀር) • በብሔራዊ መታወቂያ (National ID) ከተመዘገቡ/ማራጋገጫ ከጨረሱ ቡሀላ ወደዋናዉ የምዝገባ ፖርታል ገብተዉ ፎርሙን መሙላት እንዳይረሱ • ከ11 ዓመት ጀምሮ ያለ ማንኛውም ታለንት ያለው ኢትዮጵያዊ መሳተፍ ይችላል • ሰመር ካምፑ በ6 ዩኒቨርሲቲዎች ይካሄዳል፡ 1) አዲስ አበባ ሳይንስ እና ቴክኖሎጂ ዩኒቨርሲቲ 2) ባህርዳር ዩኒቨርሲቲ 3) ሀረሚያ ዩኒቨርሲቲ 4) ጅማ ዩኒቨርሲቲ 5) ደብረብርሀን ዩኒቨርሲቲ 6) ወላይታ ሶዶ ዩኒቨርሲቲ • በሳይበር ደህንነት፣ ዴቨሎፕመንት፣ ኢምቤድድ ሲስተም፣ ኤሮስፔስ እና ኢመርጂንግ ቴክኖሎጂ ላይ ፍላጎት እና ተሰጥኦ (Talent with passion) ያላቸው • የተቋሙን ፈተና/ቻሌንጅ ማለፍ የሚችሉ • አዲስ ነገር የመማር ፍላጎት እና ተግባራዊ ስራ ላይ የመሳተፍ ፈቃደኝነት/ዝግጁነት • ችግር ፈቺ እና በራስ የመስራት/የመማር ማይንድሴት ያላቸው • የስነ-ምግባር ችግር የሌለባቸዉ የስልጠና ዘርፎች • ሳይበር ደህንነት • ሶፍትዌር ልማት • Embedded Systems • Aerospace • Emerging Technologies በምዝገባዉ መሳተፍ የማይችሉ/የማይመለከታቸዉ 1. በሳይበር ደህንነት እና ተዛማጅ ዘርፎች ላይ ፍላጎት እና ታለንት የሌላቸዉ 2. በኢመደአ የ4ዙር የሰመር ካምፕ/ፕሮግራም የተሳተፉ ድጋሜ መመዝገብ አይቻልም ⚠️ ማሳሰቢያ፡ ፎርሙ ስትሞሉ ሙሉ በሙሉ በAI የተፃፈ ይዘት መጠቀም አይፈቀድም። ከአንድ ጊዜ በላይ መሞከር ከምዝገባዉ ሊታገዱ ስለሚችሉ። 🎯 ተሳታፊዎች በINSA የመስራት እድል ፣ የስታርታፕ እድል እና ሌሎች ተጨማሪ እድሎች ተጠቃሚ ይሆናሉ 👉 ተጨማሪ መረጃ: https://t.me/insactc 👉 ለመመዝገብ: https://ctc.insa.gov.et/registration
489
18
Master the Web Proxy. 🖥🔥 A quick carousel guide to Burp Suite architecture, core components, and common vulnerabilities. #C+5
Master the Web Proxy. 🖥🔥 A quick carousel guide to Burp Suite architecture, core components, and common vulnerabilities. #CyberSecurity #BurpSuite #EthicalHacking#ThreatX
630
19
From basic port scans to advanced firewall evasion, here is our 2026 Nmap Cheat Sheet for the community. Essential for every+4
From basic port scans to advanced firewall evasion, here is our 2026 Nmap Cheat Sheet for the community. Essential for every ethical hacker's toolkit. Save this for your next penetration test or CTF! #nmap#ethicalhacking#threatx
0