reverse engineering
Be careful ! about what you are clicking these days Don't click any usernames from untrusted sources because one click can expose your IP address to the attackers servers via a fake proxy initialized before by the attacker Shared from https://www.faceboo…
The Proof of Concept (PoC)
https://github.com/g0vguy/Telegram_1-Click_Vulnerability
Thanks for RHine for sharing ❤️
https://github.com/g0vguy/Telegram_1-Click_Vulnerability
Thanks for RHine for sharing ❤️
GitHub
GitHub - g0vguy/Telegram_1-Click_Vulnerability: A proof-of-concept exploit for Telegram's proxy validation vulnerability that leaks…
A proof-of-concept exploit for Telegram's proxy validation vulnerability that leaks users' real IP addresses, bypassing VPNs and proxy settings. - g0vguy/Telegram_1-Click_Vulnerability
❤6👏3😁1🤬1
Claude AI is down
After what we saw from cloudflare at the end of 2025 will Claude be the same 😂
As some people say DaaS (Downtime As A Service)
Be updated on https://status.claude.com/
After what we saw from cloudflare at the end of 2025 will Claude be the same 😂
Be updated on https://status.claude.com/
❤6😁5👎1
This must be a joke 😂
How to say our app can be a Trojan without saying 😁
Anyway that is why I always advise you not to install anything on your device
I don't have any personal issues with the app manufacture, but I had say my opinion from a security perspective
#stay_safe_stay_secure
@reverseengineer101
How to say our app can be a Trojan without saying 😁
Anyway that is why I always advise you not to install anything on your device
I don't have any personal issues with the app manufacture, but I had say my opinion from a security perspective
#stay_safe_stay_secure
@reverseengineer101
❤9😁2🤣1
HackerAI is now available on Mac, Linux, and Windows.
hackerai.co/download
Github
https://github.com/hackerai-tech/hackerai
Shared by @reverseengineer101
hackerai.co/download
Github
https://github.com/hackerai-tech/hackerai
Shared by @reverseengineer101
hackerai.co
Download HackerAI Desktop | HackerAI
Download HackerAI desktop app for macOS, Windows, and Linux. AI-powered penetration testing at your fingertips.
❤11👎2
BITNET an AI model can run locally introduced by Microsoft and it can run with limited resources (cpu, ram,...) people say you can run it using your old PC
https://github.com/microsoft/BitNet
Shared by @reverseengineer101
https://github.com/microsoft/BitNet
Shared by @reverseengineer101
GitHub
GitHub - microsoft/BitNet: Official inference framework for 1-bit LLMs
Official inference framework for 1-bit LLMs. Contribute to microsoft/BitNet development by creating an account on GitHub.
👍7❤4👎1
Chinese hackers have hacked American Telecommunications Companies
In a process called Salt Typhoon, Chinese Hackers has intercepted some calls and compromised millions of metadata records after hacking the American Telecommunications Companies from 2 years before now unnoticed which make it one of the biggest security flaws have occurred.
Experts say it's mostly sponsored by the Chinese Government for spying and politics related reasons
Salt Typhoon Hacks of Telecommunications Companies and Federal Response Implications (American Congress)
@reverseengineer101
In a process called Salt Typhoon, Chinese Hackers has intercepted some calls and compromised millions of metadata records after hacking the American Telecommunications Companies from 2 years before now unnoticed which make it one of the biggest security flaws have occurred.
Experts say it's mostly sponsored by the Chinese Government for spying and politics related reasons
Salt Typhoon Hacks of Telecommunications Companies and Federal Response Implications (American Congress)
@reverseengineer101
www.congress.gov
Salt Typhoon Hacks of Telecommunications Companies and Federal Response Implications
❤11
New Critical WhatsApp Vulnerability
Immediately stop WhatsApp automatic media download, Google wars users that their devices can be hacked through WhatsApp with a 0-click Vulnerability discovered in WhatsApp
Resources:
Forbes:
https://www.forbes.com/sites/zakdoffman/2026/01/26/google-issues-whatsapp-attack-warning-for-all-android-users/
Malwarebytes:
https://www.malwarebytes.com/blog/news/2026/01/a-whatsapp-bug-lets-malicious-media-files-spread-through-group-chats
@reverseengineer101
Immediately stop WhatsApp automatic media download, Google wars users that their devices can be hacked through WhatsApp with a 0-click Vulnerability discovered in WhatsApp
Resources:
Forbes:
https://www.forbes.com/sites/zakdoffman/2026/01/26/google-issues-whatsapp-attack-warning-for-all-android-users/
Malwarebytes:
https://www.malwarebytes.com/blog/news/2026/01/a-whatsapp-bug-lets-malicious-media-files-spread-through-group-chats
@reverseengineer101
Forbes
WhatsApp Confirms Update After Google Issues ‘Attack Surface’ Warning
Why you should change your WhatsApp settings — here's what to know.
❤7
I have hit one of the dangerous mistakes a Developer can do
As you see here the API is rejecting all the requests without Authorization header but after adding a fake one it returns the data
This vulnerability is classified as BFLA/BOLA API1:2023
(Broken Function/Object Level Authorization) or a Broken Access Control (BAC) issue at all
You can read more about it on OWASP API Top 10
API1:2023 Broken Object Level Authorization
#API_Security
@reverseengineer101
As you see here the API is rejecting all the requests without Authorization header but after adding a fake one it returns the data
This vulnerability is classified as BFLA/BOLA API1:2023
(Broken Function/Object Level Authorization) or a Broken Access Control (BAC) issue at all
You can read more about it on OWASP API Top 10
API1:2023 Broken Object Level Authorization
#API_Security
@reverseengineer101
❤8👍3😢3🤯2😁1
a Threat Actor called "quellostanco" claims that he has stolen a full EgyptAir database.
The database mentioned has 104K records related to HR section including sensitive employees data as he say
@reverseengineer101
The database mentioned has 104K records related to HR section including sensitive employees data as he say
@reverseengineer101
❤6🤯5🤔4🤩1
Intigriti Challenge 0226
CTF solved ✓
The write up will be disclosed ASAP the challenge finishes 🏁
@reverseengineer101
CTF solved ✓
The write up will be disclosed ASAP the challenge finishes 🏁
@reverseengineer101
❤8🔥1👏1
Now The Challenge Is Finished ! 🔥
You Can Watch The Full Walkthrough Video on YouTube
https://youtu.be/fDLTvOayNEk
Or You Can Read The Writeup On Medium
https://medium.com/@mohamedabozaid961/intigriti-challenge-0226-write-up-dbf9146dc1f4
#CTF #Cybersecurity #intigriti
@reverseengineer101
You Can Watch The Full Walkthrough Video on YouTube
https://youtu.be/fDLTvOayNEk
Or You Can Read The Writeup On Medium
https://medium.com/@mohamedabozaid961/intigriti-challenge-0226-write-up-dbf9146dc1f4
#CTF #Cybersecurity #intigriti
@reverseengineer101
YouTube
Intigriti Challenge 0226 Walkthrough Video @intigriti
Intigriti Challenge 0226 Full Walkthrough Video
Write Up on Medium https://medium.com/@mohamedabozaid961/intigriti-challenge-0226-write-up-dbf9146dc1f4
Write Up on Medium https://medium.com/@mohamedabozaid961/intigriti-challenge-0226-write-up-dbf9146dc1f4
❤8
reverse engineering
Now The Challenge Is Finished ! 🔥 You Can Watch The Full Walkthrough Video on YouTube https://youtu.be/fDLTvOayNEk Or You Can Read The Writeup On Medium https://medium.com/@mohamedabozaid961/intigriti-challenge-0226-write-up-dbf9146dc1f4 #CTF #Cybersecurity…
Happy to say that I have won 🎉 🥳
My write-up came as the second best write-up
Check the post comments on X
https://x.com/i/status/2026660723707855146
Check all the write-ups here (mine is the 5th)
https://bugology.intigriti.io/intigriti-monthly-challenges/0226
@reverseengineer101
My write-up came as the second best write-up
Check the post comments on X
https://x.com/i/status/2026660723707855146
Check all the write-ups here (mine is the 5th)
https://bugology.intigriti.io/intigriti-monthly-challenges/0226
@reverseengineer101
👏11❤7🔥4👍2
SaveAny-Bot 🗃️
Save Any Telegram File to Anywhere 📂 (Alist, Disk, Webdav, S3, Rclone...) . Support restrict saving content and files beyond telegram.
https://github.com/krau/SaveAny-Bot
Shared by @reverseengineer101
Save Any Telegram File to Anywhere 📂 (Alist, Disk, Webdav, S3, Rclone...) . Support restrict saving content and files beyond telegram.
🎯 Features
1- Support documents / videos / photos / stickers… and even Telegraph
2- Bypass "restrict saving content" media
3- Batch download
4- Streaming transfer
5- Multi-user support
6- Auto organize files based on storage rules
7- Watch specified chats and auto-save messages, with filters
8- Transfer files between different storage backends
9- Integrate with yt-dlp to download and save media from 1000+ websites
10- Aria2 integration to download files from URLs/magnets and save to storages
11- Write JS parser plugins to save files from almost any website
12- Storage backends:
- Alist
- S3
- WebDAV
- Local filesystem
- Rclone (via command line)
- Telegram (re-upload to specified chats)
https://github.com/krau/SaveAny-Bot
Shared by @reverseengineer101
GitHub
GitHub - krau/SaveAny-Bot: Save Any Telegram File to Anywhere 📂 (Alist, Disk, Webdav, S3, Rclone...) . Support restrict saving…
Save Any Telegram File to Anywhere 📂 (Alist, Disk, Webdav, S3, Rclone...) . Support restrict saving content and files beyond telegram. - krau/SaveAny-Bot
🔥5❤4
We are now in the age of Vibe Coding, it's great and everyone in tech feild should use AI in his work and if not he will not equalify his mates in the field or lose his job
But, when it comes to security concerns every developer or organization shall not relay on the AI code generated because it really can cause massive damages or manipulations on their business logic or lose thousands of dollars
The screenshots here is showing a real case found on the wild (my own security researchs) where the developer stored AES Encryption Keys in different places in the code without obfuscation which are responsible to encrypt and decrypt sensitive information like PIN used to unlock users' wallets and other storage that shall be secure by encryption algorithms but unfortunately the keys are exposed
Usually when I see emojis inside a code (like ✅ and ❌❎) I understand it was written by AI or this code wasn't written by a professional developer so I start my investigations from that point
@reverseengineer101
But, when it comes to security concerns every developer or organization shall not relay on the AI code generated because it really can cause massive damages or manipulations on their business logic or lose thousands of dollars
The screenshots here is showing a real case found on the wild (my own security researchs) where the developer stored AES Encryption Keys in different places in the code without obfuscation which are responsible to encrypt and decrypt sensitive information like PIN used to unlock users' wallets and other storage that shall be secure by encryption algorithms but unfortunately the keys are exposed
Usually when I see emojis inside a code (like ✅ and ❌❎) I understand it was written by AI or this code wasn't written by a professional developer so I start my investigations from that point
@reverseengineer101
❤5🔥4🤣4👍3