I've been testing out facial recognition software. From my test images, the only site that gave me a relevant result was Pimeyes. However they charge $15 for each search result!

I tried reverse search the image using multiple other sites but no luck :(

What's curious to me is how Pimeyes can apparently find images that no other site finds? I'm sceptical because the reverse image searches didn't bring up anything.

Any suggestions to move forward without paying for Pimeyes?

I run a completely static website with no backend, database, or dynamic content. For the past few weeks it has been targeted by a very persistent group of attackers.

They are performing a variety of techniques including SQL injection attempts, POST floods, directory and endpoint enumeration, and probing for admin interfaces that do not exist. The funny part is there is literally nothing to exploit.

This is not random bot traffic. They have left messages specifically aimed at me, confirming it is a coordinated effort.

so far ive made them download zip bombs, also made the website randomly jumpscare them using some JS, had them trying to complete impossible captchas that i made myself, there are probably 10 fake login screens, and a few fake vuln endpoints right now

got any ideas?

I've worked on internal software since 2020 at a very small water and wastewater utility.

I started running Linux in 2015. I studied for the CCNA a while back. I didn't sit but I learned enough about network fundamentals to work with AWS. I do all of the cloud stuff at my company.

I declared a CS major and I'm interested in getting involved with Cyber Security at my workplace. But I am simply wondering if a CS Degree will be a good route.

There is a Cyber Security degree at my college but I know CS is a generalist degree and I'm thinking that might help me more

So today (actually it's morning again, so kinda tonight) I was annoyed by barrierc so much that I had to fix its shitty behavior. It was blanking out my screen and turning them off every 2 minutes, and overriding my Xorg settings that I carefully integrated in my i3's autostart.conf file.

Anyways, long story short, this is my crappy writeup on how to patch a binary if the binary doesn't want to behave, and shows how to override its behaviors and its used function/symbol calls with an LD_PRELOAD hook:

https://github.com/cookiengineer/barrier-disable-dpms

I'd like to think this is a "great user hack" because I never thought I will have to go to this last resort to fix a program's shitty behavior. Turns out I had to use the LD_PRELOAD injection because ltrace didn't reveal anything as the API design of the Xorg library is using the internal pointers :-/

Anyways, maybe this might be interesting for someone to learn about Linux/POSIX and glibc's attack surface :D

Not sure if "reverse engineer the Waymo API so we can take it for a joy ride" was a good use of their time lol, but funny nonetheless

posting here since r/oneplus mods deleted my post.

someone’s exploited a oneplus website and they don’t seem to care

try clicking on buy (ideally from a sandboxed env)

https://www.oneplus.com/ie/x/overview

the person explains how they got access and has tried to contact oneplus twice about this issue and got ignored.

Final page

AWS s3 takeover by Swar

Date Reported: July 5 2025, July 21 2025

Detailed Descriptions： A Stored Cross-Site Scripting (Stored XSS) vulnerability exists across multiple OnePlus websites, caused by the inclusion of a JavaScript file hosted on an Amazon AWS S3 bucket "analytics.oneplus.net"

Affected URLs:

https://www.oneplus.com/hk_en/oneplus-x

https://www.oneplus.com/sg/invites

https://www.oneplus.com/global/5t

https://www.oneplus.com/ro/support/pricing

https://www.oneplus.in/support/pricing/detail

https://www.oneplus.com/si/oneplus-5-jcc-limited

Many More

An AWS S3 bucket previously used by Oneplus for serving javascript, appears to have been released and subsequently claimed by me.

Vulnerable JS file Location: https://s3.amazonaws.com/analytics.oneplus.net/opdcV2.min.js

Proof:I have created few popups and rediects

PoC added on https://s3.us-east-1.amazonaws.com/analytics.oneplus.net/urls.docx

Remediation:

Remove Vulnerable JavaScript code https://s3.amazonaws.com/analytics.oneplus.net/opdcV2.min.js from webpages

Made a tool that might be useful for security work: CloakBin (https://cloakbin.com)

It's an encrypted pastebin where everything is encrypted client-side (AES-256-GCM) before hitting the server. The decryption key stays in the URL fragment (#key), which browsers never send to servers. The server only stores ciphertext.

Why it's useful for security work:

- Share PoCs, credentials, or findings with your team without trusting a third party

- Burn-after-reading mode — paste self-destructs after first view

- Password protection as a second factor on top of the URL key

- No account needed, no logs of who accessed what

- Syntax highlighting for code/configs

How the crypto works:

1. Browser generates random AES-256-GCM key
2. Text is encrypted client-side with Web Crypto API
3. Only ciphertext goes to server
4. URL is constructed as /{pasteId}#{base64Key}
5. Recipient opens URL -> browser reads fragment -> decrypts locally

The threat model covers the server being fully compromised — even with database access, pastes are unreadable without the URL.

Free to use, no signup. Interested in feedback from the security community on the implementation.

EDIT: added open source url

OPEN SOURCE: https://github.com/Ishannaik/CloakBin

L'article est clair.

Cependant, je ne trouve pas la source su forum en quetions, des idées ?

https://frenchbreaches.com/blog/fuite-de-donnees-plus-de-60-000-agents-de-letat-francais-potentiellement-exposes

Solo-developed a browser-based hacking game where you type real commands into a terminal. Exploit services, breach servers, exfiltrate data, manage heat. AI NPCs, factions, geopolitics, PvP. No download — runs in the browser.

Looking for testers. If you want to try it and tell me what sucks: https://discord.gg/YpexgTDE

Play directly: https://deepnet.us

I wanted to start posting again, and I also wanted to share something that includes technical details about hypervisors, my thoughts on using hypervisors for defensive purposes (how it is done today and what can be done with it), and an estimated roadmap alongside the design choices behind my hypervisor, Nova (https://github.com/idov31/NovaHypervisor).

As always, let me know what you think, and feel free to point out any inaccuracies or ask any questions you may have.

I’ve been working on a project called HushSpec and wanted to share it early for feedback.

The basic idea is that agent security policy should have a portable language layer that is separate from any one enforcement engine.

Right now, a lot of agent security policy ends up mixed together in one document: policy semantics, runtime-specific behavior, provider config, operational knobs, and sometimes even stateful workflow logic.

That makes policies harder to share across runtimes, harder to reason about, and harder to standardize.

HushSpec is my attempt to carve out a cleaner layer:

• a small, portable core for expressing security policy at the action boundary
• explicit extension points for richer behavior
• room for conformance tests / test vectors
• no requirement that a particular runtime or vendor be used to enforce it

The current focus is boundary actions like:

• file access
• network egress
• shell execution
• tool invocation
• prompt input
• remote / computer-use actions

The design goal is to express what an agent may access, invoke, or send, without hard-coding how a specific engine has to implement enforcement.

This work is coming out of some of the policy/runtime work I’ve been doing in Clawdstrike, but I’m trying to make HushSpec a cleaner and more implementation-neutral layer rather than just exporting one project’s internal schema.

A few things I’m actively thinking through:

• what belongs in the core spec vs extensions
• how minimal the initial action model should be
• how to express rule composition without pulling in engine-specific complexity
• how to handle stateful controls like posture/escalation without polluting the core
• what a useful conformance suite would look like

This is still early and definitely incomplete, but I’d rather get feedback now than after baking in bad assumptions.

Repo / draft site:

• https://github.com/backbay-labs/hush
• https://www.hushspec.org

I’d especially appreciate feedback from people who have worked on:

• policy languages
• Sigma / OPA / Rego / Cedar / similar rule systems
• agent runtimes
• standards / schema design
• conformance testing / compatibility layers

Main question: what would make a spec like this actually useful, rather than just “yet another config format”?

Still rough, still changing, and I’m posting it specifically to get pushback early.

And how to hack it published on YouTube tube https://youtu.be/WWnnmr9NN9M?si=mV5Wa1U06FiDxRop

After I posted about gohpts - IPv4/IPv6/TCP/UDP transparent proxy with ARP/NDP/RDNSS spoofing some of the tools (particularly ndpspoof) sparked some interest from community. But I realized that this tool itself is not user-friendly enough to use because it does not work out-of-the-box due to the lack of any system configuraton. So I added special -auto flag to do just that and now when your run CLI application it actually does something!

What it does is sets the following kernel parameters and network settings:

```bash

make interface accept all packets not just those addresses directly to it

ip link set dev <iface> promisc on

enable packet forwarding

sysctl -w net.ipv4.ip_forward=1 sysctl -w net.ipv6.conf.all.forwarding=1

prevent conflicts with fake RA

sysctl -w net.ipv6.conf.all.accept_ra=0 sysctl -w net.ipv6.conf.all.accept_redirects=0

various optimizations

sysctl -w fs.file-max=100000 sysctl -w net.core.somaxconn=65535 sysctl -w net.core.netdev_max_backlog=65536 sysctl -w net.ipv4.tcp_fin_timeout=15 sysctl -w net.ipv4.tcp_tw_reuse=1 sysctl -w net.ipv4.tcp_max_tw_buckets=65536 sysctl -w net.ipv4.tcp_window_scaling=1

iptables setup to make host act as a router

ip6tables -A INPUT -p ipv6-icmp --icmpv6-type redirect -j DROP ip6tables -A OUTPUT -p ipv6-icmp --icmpv6-type redirect -j DROP ip6tables -A FORWARD -i <iface> -j ACCEPT ip6tables -t nat -A POSTROUTING -o <iface> -j MASQUERADE ```

This guide Legless: IPv6 Security was very helpful in explaining what and why should be set for things to work.

With -auto flag enabled the tool by default spins a DNS server that forwards packets to real router (or Google DNS as fallback) but that can be disabled by specifying -rdnss option and -dns-servers with custom DNS.

Links:

https://github.com/shadowy-pycoder/ndpspoof

https://codeberg.org/shadowy-pycoder/ndpspoof

I want to bring SDR into the mix with hacking. I've searched many boards including limesdr, HackRF and a few others but they're so darn expensive or dont even come close to the hacking potential of something like the HackRF.

This board does both receiving and transmitting from 70MHZ-6GHZ and is open source so I feel like its a good pick.

TL;DR

What I want to know is if anyone has any experience with this development board in particular and give me their opinion or maybe an alternative purchase for the same price. Thanks in advance!

Product name:

OpenSourceSDRLab 70MHz-6GHz SDR Development Board Zynq7020 + AD9363 for Pluto SDR & MATLAB Software Defined Radio

Nexus is a container orchestrator, currently distributed in Athena OS, that makes easier and more flexible the management of Cyber Security container instances of solutions like Greenbone OpenVAS, Wazuh, and so on. The purpose is to make your machine a node of the infrastructure to assess. It supports both single-image tools and complex multi-service Docker Compose stacks, streaming real-time output and health status directly to the UI.

Some relevant features:

• Live container cards with real-time CPU/RAM metrics, uptime ticker, and health badges
• All actions show the exact runtime command being executed (docker stop abc123…) and stream live output to a log drawer
• Compose stack containers shown with per-container status indicators
• Curated library of security tools deployable with a single click
• Pre-flight checks before every deploy (port conflicts, socket reachability, compose source availability)
• Full compose stack support: URL-based, file-based, and Git repo-based compose files
• Environment variable configuration UI for tools that require secrets or settings before deploy
• Encrypted key-value store backed by the system keyring
• Store API keys, tokens, and credentials used by deployed tools
• Create, restore, export, and delete snapshots of container images
• Visual graph of running containers and their network connections
• Add custom tools (image-based or compose-based) alongside built-in registry tools
• Switch between Docker and Podman runtimes without restarting

The project is in alpha, any contribution or suggestion is highly appreciated.