Bug bounty Tips

Open in Telegram

🛡️ Cybersecurity enthusiast | 💻 Helping secure the digital world | 🌐 Web App Tester | 🕵️‍♂️ OSINT Specialist Admin: @laazy_hack3r

India58 680 Technologies & Applications17 583

5 779

Subscribers

+1024 hours

+887 days

+41930 days

459

Post views

~ 21924 hours

~ 26848 hours

7.94%

Engagement rate

~ 4

Posts per day

Ads index

beta

Posts Archive

5 780

How I track the latest CVEs — top 20, fast 🔥 curl -s 'https:/ /cvedb.shodan.io/cves' \ | jq -r '.cves[:20][]?.cve_id' ==> Want id+summary? curl -s 'https:/ /cvedb.shodan.io/cves' \ | jq '[.cves | sort_by(.published? // .Published? // .modified? // "1970-01-01") | reverse | .[:20][]? | {cve_id, summary}]' Note : Make sure you remove the space between https:/ and /cvedb before using the command must be https:// Tool: cvedb.shodan.io

5 780

#tools #DFIR #Malware_analysis 1⃣ Official IOCX Project // An extensible IOC extraction engine for PE binaries and text, built for SOC automation and modern threat‑analysis pipelines 2⃣ Crow Eye - Windows Forensics Engine // Comprehensive Windows forensics tool 3⃣ Microsoft Sentinel SIEM Log Source Analyzer // PowerShell module that connects to your MS Sentinel workspace (and Defender XDR), pulls every log table you’re ingesting

5 780

#AIOps "The Blind Spot of Agent Safety: How Benign User Instructions Expose Critical Vulnerabilities in Computer-Use Agents", Apr. 2026. ]-> Code ]-> Dataset // a benchmark that evaluates CUAs under unintended attack conditions, comprising 300 human-crafted tasks across 12 categories, 8 apps, and 2 threat clusters: environment-embedded threats and agent-initiated harms

5 780

#exploit #Kernel_Security 1⃣ Multiple vulnerabilities in AppArmor https://cdn2.qualys.com/advisory/2026/03/10/crack-armor.txt // AppArmor + Sudo + Postfix = root 2⃣ CVE-2026-29923: LPE Attack via pstrip64.sys https://github.com/athenasec16/CVE-2026-29923 // pstrip64.sys - legacy kernel-mode component. While its legitimate purpose is to enable advanced graphics card display tweaking, its deep system privileges make it a highly attractive target for attackers.. // Disclaimer

5 780

#MLSecOps "Unreal Thinking: Chain-of-Thought Hijacking via Two-stage Backdoor", Apr 2026. ]-> Repo // Attackers can compromise LLMs by hijacking the Chain-of-Thought process to hide malicious behaviors within seemingly logical reasoning. To address data scarcity and instability in such attacks, the researchers introduced tools and mitigations for generating synthetic malicious CoTs

5 780

#Malware_analysis 1⃣ VIPERTUNNEL Python Backdoor https://labs.infoguard.ch/posts/slithering_through_the_noise 2⃣ We Dumped a Live Kimsuky C2 and Recovered Every Stage of the Kill Chain: CHM Dropper, VBScript Stager, PowerShell Keylogger https://intel.breakglass.tech/post/kimsuky-chm-nidlog-c2-dump-full-payload-recovery 3⃣ Inside an AI‑enabled device code phishing campaign https://www.microsoft.com/en-us/security/blog/2026/04/06/ai-enabled-device-code-phishing-campaign-april-2026

5 780

#Kernel_Security #Sec_code_review Security Checklist for C/C++ Programs ]-> Bug classes ]-> Linux usermode ]-> Linux Kernel ]-> Windows usermode ]-> Windows kernel ]-> Seccomp/BPF // This security checklist, written for security auditors and secure development practitioners, provides a wide range of security issues to look for when reviewing C/C++ code. It covers both language-specific bug classes and environment-specific security issues spanning the Linux and Windows operating systems, including usermode applications and kernelmode drivers

5 780

#NetSec #Tech_book "Wireshark Essentials: Simplifying Network Security and Troubleshooting", 2026. // Throughout this book, we delve into the practical applications of Wireshark, with a special focus on crafting effective filters that serve both security and troubleshooting purposes. Each chapter is structured to build your skills progressively, starting from basic concepts and moving toward complex scenarios

5 780

#MLSecOps #Whitepaper "System Card: Claude Mythos Preview", April 8 2026. // Claude Mythos Preview - new LLM from Anthropic. In particular, it has demonstrated powerful cybersecurity skills, which can be used for both defensive purposes (finding and fixing vulnerabilities in software code) and offensive purposes (designing sophisticated ways to exploit those vulnerabilities)

5 780

#Analytics #Threat_Research An analytical review of the main cybersecurity events for the week (Apr.4-11, 2026) 1⃣ OpenSSL maintenance releases // OpenSSL 3.6.2, 3.5.6, 3.4.5, 3.3.7, which fix 7 vulnerabilities, incl. CVE-2026-31790 2⃣ GlassWorm goes native: New Zig dropper infects every IDE on your machine // Extension impersonates WakaTime, popular developer time-tracking tool, and ships a Zig-compiled native binary alongside its JavaScript code 3⃣ Claude Mythos - new LLM from Anthropic // Assessing Claude Mythos cybersecurity capabilities 4⃣ Node.js Trust Falls: Dangerous Module Resolution on Windows // Node.js on Windows defaults to insecure module resolution in C:\node_modules, enabling privilege escalation, with major vendors dismissing the security risk despite longstanding awareness since 2013... 5⃣ High-tech vulnerability in PDF files // Such a mechanism allows the threat actor to collect user information, steal local data, perform advanced fingerprinting, and launch future attacks: if the target meets the attacker's conditions, the attacker may deliver additional exploit to achieve RCE/SBX 6⃣ Apache Solr Path Traversal RCE Attack // CVE-2024-52012 is a Zip Slip vulnerability in Apache Solr’s ConfigSet Upload API allowing unauthenticated RCE via crafted ZIP files with path traversal sequences 7⃣ Microsoft Speech // SpeechRuntime.exe can be exploited for lateral movement through COM hijacking and session enumeration ]-> Analytical review (Mar.28-Apr.4, 2026)

5 780

#Whitepaper #Cloud_Security "Zero Trust Security Architecture for Cloud-Native Applications: Complete Enterprise Implementation Guide", Jan. 2026. // Code examples target Kubernetes 1.28+ with AWS EKS as the reference platform, though principles apply across cloud providers. The service mesh examples focus on Istio as the most widely deployed option, with additional coverage of Cilium for eBPF-based approaches. By the end of this guide, you will have a comprehensive understanding of how to design, implement, and operate Zero Trust security architectures for cloud-native applications, along with concrete implementation patterns that can be applied to your own environments

5 780

#AIOps "SkillTrojan: Backdoor Attacks on Skill-Based Agent Systems", Apr.2026. // SkillTrojan - backdoor attack that targets skill implementations rather than model parameters or training data

5 780

#WLAN_Security #Mobile_Security "LightGuard: Transparent WiFi Security via Physical-Layer LiFi Key Bootstrapping", Apr. 2026. ]-> https://github.com/Dorian47/Lightguard // cryptographic key establishment can be offloaded from WiFi to a physically confined LiFi channel to mitigate the risk of key exposure over RF

5 780

#tools #AIOps #MLSecOps #Offensive_security Recursive Autonomous Penetration Testing and Observation Robot https://github.com/gadievron/raptor // Autonomous Offensive/Defensive Security Research Framework, based on Claude Code

5 780

#Analytics #Threat_Research 2026 Radware Global Threat Analysis Report

5 780

#Tech_book #Blue_Team_Techniques "Blue Team Handbook: Incident Response", 2026. ]-> Code from book chapters, commands, and manuals // This trusted and widely used f ield guide for cybersecurity incident responders, SOC analysts, and defensive security professionals distills incident response essentials into a concise, field-ready format

5 780

Most beginners don’t fail at bug bounty because it’s “too hard.” They fail because they jump between tools, watch random tutorials, and call that learning. No structure = no results. You don’t need more tools. You need a path. Something that shows: what to learn → what to practice → how to actually find bugs. That’s where these come in: * https://resources.codelivly.com/product/bug-bounty-beginner-editions/ * https://resources.codelivly.com/product/the-ultimate-bug-bounty-starter-pack/ They’re not theory dumps. It’s the stuff you actually use—recon, XSS, SQLi, reporting—step by step. If you’re tired of “learning” but not earning, this might fix that. Check it out if it clicks.

5 780

#tools #AIOps "Evaluating Privilege Usage of Agents on Real-World Tools", Mar. 2026. // GrantBox - security evaluation framework designed to systematically assess how autonomous agents handle privilege usage when interacting with real-world tools and services

5 780

#NetSec #Threat_Research "Policy-Guided Threat Hunting: An LLM enabled Framework with Splunk SOC Triage", Mar. 2026. // By integrating Agentic AI with Splunk SIEM, we developed a unique threat hunting framework. The framework systematically and seamlessly integrates different threat hunting modules together, ranging from traffic ingestion to anomaly assessment using a reconstruction-based autoencoder, deep reinforcement learning with two layers for initial triage, and a LLM for contextual analysis

5 780

#Whitepaper #Threat_Research #WebApp_Security "OWASP Automated Threats Handbook: Web Applications", Version 1.3, Mar. 2026. // OWASP Automated Threat Handbook remains the definitive resource for security professionals seeking actionable information to defend against the abuse of valid web application functionality. Despite the ever-shifting threat landscape, the handbook’s core framework of twenty-one unique, unordered OWASP Automated Threats has proven remarkably resilient. This latest update, ver.1.3, ensures the project stays ahead of the curve as automated attacks continue to evolve