Lmst
Login
Lenin alevski πŸ•΅οΈπŸ’»

#security Eng @google β™₯️ To Build and Break Stuff. Wannabe #Hacker. Personal opinions, review my PR please

Blog
alevsk.com
PGP/MIT
0x67BA54C7DE3DD14A
Link
linktr.ee/alevsk
Twitter
twitter.com/alevsk
Lenin alevski πŸ•΅οΈπŸ’»alevsk@infosec.exchange
2025-12-01

Ever wished for a tool that simplifies endpoint discovery? πŸ”βœ¨

Hakrawler is a blazingly fast web crawler built with Go, ideal for pentesting and reconnaissance. It extracts URLs, assets, and JavaScript files effortlessly, and its command-line optionsβ€”like proxy support, JSON output, or subdomain crawlingβ€”offer flexibility for advanced workflows. Combine it with tools like Haktrails for robust OSINT.

#cybersecurity #pentesting #opensource

πŸ”— Project link on #GitHub πŸ‘‰ github.com/hakluke/hakrawler

#Infosec #Cybersecurity #Software #Technology #News #CTF #Cybersecuritycareer #hacking #redteam #blueteam #purpleteam #tips #opensource #cloudsecurity

β€” ✨
πŸ” P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking πŸ’»πŸ΄β€β˜ οΈ

Lenin alevski πŸ•΅οΈπŸ’»alevsk@infosec.exchange
2025-11-28

Ever wished LLMs could drive your computer? πŸ€–πŸ’»

Open Interface combines GPT-4V/Gemini with simulated keyboard & mouse inputs. Request anythingβ€”generate code, play games, or edit docs. It even course-corrects using live screenshots. Truly autonomous UI automation. #AI #opensource #automation

πŸ”— Project link on #GitHub πŸ‘‰ github.com/AmberSahdev/Open-In

#Infosec #Cybersecurity #Software #Technology #News #CTF #Cybersecuritycareer #hacking #redteam #blueteam #purpleteam #tips #opensource #cloudsecurity

β€” ✨
πŸ” P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking πŸ’»πŸ΄β€β˜ οΈ

Lenin alevski πŸ•΅οΈπŸ’»alevsk@infosec.exchange
2025-11-26

Why struggle with stale environment variables? πŸŒπŸ”

Envilder streamlines .env management by syncing secrets directly with AWS SSM. Automate updates, maintain consistency across teams, and eliminate risky manual sharing of sensitive data. Ideal for cloud-native workflows and CI/CD setups.

#DevOps #AWS #SecOps

πŸ”— Project link on #GitHub πŸ‘‰ github.com/macalbert/envilder

#Infosec #Cybersecurity #Software #Technology #News #CTF #Cybersecuritycareer #hacking #redteam #blueteam #purpleteam #tips #opensource #cloudsecurity

β€” ✨
πŸ” P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking πŸ’»πŸ΄β€β˜ οΈ

Lenin alevski πŸ•΅οΈπŸ’»alevsk@infosec.exchange
2025-11-24

Can AI really pair program effectively? πŸ€–πŸ’»

Aider brings LLMs like GPT-4 and Claude 3.7 directly into your terminal. It maps your entire codebase, supports 100+ languages, and even integrates with Git for seamless commits. A true collaborator, not just a chatbot. #AI #CodingTools #GitHub

πŸ”— Project link on #GitHub πŸ‘‰ github.com/Aider-AI/aider

#Infosec #Cybersecurity #Software #Technology #News #CTF #Cybersecuritycareer #hacking #redteam #blueteam #purpleteam #tips #opensource #cloudsecurity

β€” ✨
πŸ” P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking πŸ’»πŸ΄β€β˜ οΈ

Lenin alevski πŸ•΅οΈπŸ’»alevsk@infosec.exchange
2025-11-21

Why use a CLI for VirusTotal? πŸ€”πŸ’»

VirusTotal's `vt-cli` gives power users full VirusTotal access right from the terminal: fetch file/URL reports, launch YARA RetroHunts, search with advanced filters, or download files securely. All it needs is an API key. #Cybersecurity #CommandLine

πŸ”— Project link on #GitHub πŸ‘‰ github.com/VirusTotal/vt-cli

#Infosec #Cybersecurity #Software #Technology #News #CTF #Cybersecuritycareer #hacking #redteam #blueteam #purpleteam #tips #opensource #cloudsecurity

β€” ✨
πŸ” P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking πŸ’»πŸ΄β€β˜ οΈ

Lenin alevski πŸ•΅οΈπŸ’»alevsk@infosec.exchange
2025-11-19

Why run AI tools on cluttered setups? πŸ³πŸ€”

ClaudeBox offers a fully containerized dev environment for Claude AI. Each project gets isolated Docker images, persistent data (auth, shell history), and pre-configured profiles for languages like Python or Rust. Perfect for reproducibility and multi-instance workflows. #Docker #AI #DevTools

πŸ”— Project link on #GitHub πŸ‘‰ github.com/RchGrav/claudebox

#Infosec #Cybersecurity #Software #Technology #News #CTF #Cybersecuritycareer #hacking #redteam #blueteam #purpleteam #tips #opensource #cloudsecurity

β€” ✨
πŸ” P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking πŸ’»πŸ΄β€β˜ οΈ

Lenin alevski πŸ•΅οΈπŸ’»alevsk@infosec.exchange
2025-11-18

Why is OpenCode gaining traction among developers? πŸ€”πŸ’»

An AI coding agent built for the terminal, OpenCode is open-source, provider-agnostic, and supports LSP out of the box. Plus, its TUI focus enables seamless terminal integration, appealing to power users. #OpenSource #AI

πŸ”— Project link on #GitHub πŸ‘‰ github.com/sst/opencode

#Infosec #Cybersecurity #Software #Technology #News #CTF #Cybersecuritycareer #hacking #redteam #blueteam #purpleteam #tips #opensource #cloudsecurity

β€” ✨
πŸ” P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking πŸ’»πŸ΄β€β˜ οΈ

Lenin alevski πŸ•΅οΈπŸ’»alevsk@infosec.exchange
2025-11-17

🐾 What if AI agents could mimic real hackers to secure your apps?

Strix is an open-source system where autonomous AI agents dynamically test your code for vulnerabilities. Unlike static analysis, it validates findings with real proof-of-conceptsβ€”making security testing faster and more precise. #CyberSecurity #OpenSource

πŸ”— Project link on #GitHub πŸ‘‰ github.com/usestrix/strix

#Infosec #Cybersecurity #Software #Technology #News #CTF #Cybersecuritycareer #hacking #redteam #blueteam #purpleteam #tips #opensource #cloudsecurity

β€” ✨
πŸ” P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking πŸ’»πŸ΄β€β˜ οΈ

Lenin alevski πŸ•΅οΈπŸ’»alevsk@infosec.exchange
2025-11-14

Are MCP tools as secure as you think? πŸ€”πŸ”’

The GitHub repo by `invariantlabs-ai` highlights experiments exposing vulnerabilities in MCP servers. From direct file exfiltration attacks (`direct-poisoning.py`) to email interception (`shadowing.py`), these snippets showcase how agents can get manipulated. A chilling example: `whatsapp-takeover.py` changes behavior stealthily to leak sensitive WhatsApp messages.

#Cybersecurity #Python

πŸ”— Project link on #GitHub πŸ‘‰ github.com/invariantlabs-ai/mc

#Infosec #Cybersecurity #Software #Technology #News #CTF #Cybersecuritycareer #hacking #redteam #blueteam #purpleteam #tips #opensource #cloudsecurity

β€” ✨
πŸ” P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking πŸ’»πŸ΄β€β˜ οΈ

Lenin alevski πŸ•΅οΈπŸ’»alevsk@infosec.exchange
2025-11-13

How does an MCP server manipulate a trusted agent? πŸ› οΈπŸ“‚


The `mcp-injection-experiments` repo shows multiple MCP tool poisoning techniques.
- **Direct Poisoning**: Manipulates the agent to leak files like SSH keys (`direct-poisoning.py`).
- **Shadowing**: Hijacks tools (e.g., `send_email`) to redirect sensitive data (`shadowing.py`).
- **WhatsApp Takeover**: Alters interface mid-use, leaking chat logs stealthily (`whatsapp-takeover.py`).

#cybersecurity #MCP

πŸ”— Project link on #GitHub πŸ‘‰ github.com/invariantlabs-ai/mc

#Infosec #Cybersecurity #Software #Technology #News #CTF #Cybersecuritycareer #hacking #redteam #blueteam #purpleteam #tips #opensource #cloudsecurity

β€” ✨
πŸ” P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking πŸ’»πŸ΄β€β˜ οΈ

Lenin alevski πŸ•΅οΈπŸ’»alevsk@infosec.exchange
2025-11-12

How do you simplify MCP server deployment? πŸ€”πŸš€


ToolHive streamlines MCP server operations with instant setup, containers for security, and Kubernetes scaling. It supports CLI, GUI, and Kubernetes Operator while ensuring secure secret management. With features like protocol proxying and auto-service discovery, it's your all-in-one solution for MCP servers.

#DevOps #Kubernetes

πŸ”— Project link on #GitHub πŸ‘‰ github.com/stacklok/toolhive

#Infosec #Cybersecurity #Software #Technology #News #CTF #Cybersecuritycareer #hacking #redteam #blueteam #purpleteam #tips #opensource #cloudsecurity

β€” ✨
πŸ” P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking πŸ’»πŸ΄β€β˜ οΈ

Lenin alevski πŸ•΅οΈπŸ’»alevsk@infosec.exchange
2025-11-11

Why does `kubectl exec` lack audits? πŸ€”

Most Kubernetes clusters offer no built-in logging for container commands executed with `kubectl exec`. Adyen's `kubectl-rexec` fixes this by adding an auditable layer to monitor these actions. Designed for Kubernetes 1.30+ (or 1.29 with specific flags), it simplifies compliance without compromising utility. #Kubernetes #AuditLogs

πŸ”— Project link on #GitHub πŸ‘‰ github.com/adyen/kubectl-rexec

#Infosec #Cybersecurity #Software #Technology #News #CTF #Cybersecuritycareer #hacking #redteam #blueteam #purpleteam #tips #opensource #cloudsecurity

β€” ✨
πŸ” P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking πŸ’»πŸ΄β€β˜ οΈ

Lenin alevski πŸ•΅οΈπŸ’»alevsk@infosec.exchange
2025-11-10

Why is server management for LLMs so challenging? πŸ€”πŸ› οΈ

MCP Guardian simplifies the process by letting you manage, proxy, and secure MCP servers in real time. From approving tool calls to automated safety checks (coming soon), it’s designed to keep your AI's activity in check. Built with Rust and TypeScript, it's efficient and robust.

#LLM #ServerManagement #RustLang

πŸ”— Project link on #GitHub πŸ‘‰ github.com/eqtylab/mcp-guardian

#Infosec #Cybersecurity #Software #Technology #News #CTF #Cybersecuritycareer #hacking #redteam #blueteam #purpleteam #tips #opensource #cloudsecurity

β€” ✨
πŸ” P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking πŸ’»πŸ΄β€β˜ οΈ

Lenin alevski πŸ•΅οΈπŸ’»alevsk@infosec.exchange
2025-11-07

Why does Gato-X matter for GitHub Actions security? πŸ”’πŸ€”

Gato-X pushes static analysis to the next level for GitHub Actions. Handling 35-40k repositories in hours with a single API token, it identifies issues like TOCTOU vulnerabilities, Pwn Requests, and self-hosted runner attacksβ€”often missed by typical tools. #GitHubActions #Security

πŸ”— Project link on #GitHub πŸ‘‰ github.com/AdnaneKhan/Gato-X

#Infosec #Cybersecurity #Software #Technology #News #CTF #Cybersecuritycareer #hacking #redteam #blueteam #purpleteam #tips #opensource #cloudsecurity

β€” ✨
πŸ” P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking πŸ’»πŸ΄β€β˜ οΈ

Lenin alevski πŸ•΅οΈπŸ’»alevsk@infosec.exchange
2025-11-06

Is remembering complex pentest commands slowing you down? πŸ§ πŸ’»

Arsenal simplifies the process by letting you search and auto-fill pentest commands directly in your terminalβ€”shell agnostic, with support for variables like `ip=10.10.10.10`. Perfect for fast, efficient workflows. #Pentesting #CyberSecurity #DevTools

πŸ”— Project link on #GitHub πŸ‘‰ github.com/Orange-Cyberdefense

#Infosec #Cybersecurity #Software #Technology #News #CTF #Cybersecuritycareer #hacking #redteam #blueteam #purpleteam #tips #opensource #cloudsecurity

β€” ✨
πŸ” P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking πŸ’»πŸ΄β€β˜ οΈ

Lenin alevski πŸ•΅οΈπŸ’»alevsk@infosec.exchange
2025-11-05

Ever thought of tunneling traffic over Azure Blob Storage? πŸ€”β˜οΈ

ProxyBlob lets you run a SOCKS5 proxy using Azure Storage as the communication channel. Useful in restrictive networks where only `*.blob.core.windows.net` is accessible. #Azure #Proxy #Networking

---

Why does ProxyBlob need Azure Storage? πŸ’‘πŸ“¦

It creates a clever detour: Agents in target networks poll Azure Blob for tasks, while the proxy writes requests there. This avoids direct network connections for environments with strict rules. #Tech #CloudComputing

---

Missing direct network access but have Azure? Try Azurite! πŸ–₯οΈπŸ”¨

ProxyBlob's agent also supports testing with Azurite, an open-source Azure Storage emulator. Use Docker or a VS Code extension to simulate an Azure Blob environment locally. #DevOps #Testing

---

How do SOCKS proxies over Azure even work? Let's simplify: 🎯

1. Proxy writes packets to Blob Storage.
2. Agent polls Blob, handles requests, and writes responses back.
3. Proxy retrieves responses, keeping the SOCKS5 flow alive. Smart and efficient. #Networking #Azure

---

Using ProxyBlob on-prem? Here's an essential setup note:

Test with `Azurite` before deploying on actual Azure. It emulates storage accounts with default credentials, helping validate configurations without cloud costs or risks. #CloudTools

πŸ”— Project link on #GitHub πŸ‘‰ github.com/quarkslab/proxyblob

#Infosec #Cybersecurity #Software #Technology #News #CTF #Cybersecuritycareer #hacking #redteam #blueteam #purpleteam #tips #opensource #cloudsecurity

β€” ✨
πŸ” P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking πŸ’»πŸ΄β€β˜ οΈ

Lenin alevski πŸ•΅οΈπŸ’»alevsk@infosec.exchange
2025-11-04

Why do devs love zerolog for JSON logging? πŸ› οΈπŸ’‘


Zerolog nails performance with zero allocations and sub-20ns for logging empty events. Plus, its chaining API simplifies structured logging without reflection overhead. Need pretty logs? There's `ConsoleWriter`, though it trades efficiency for viewability. Not just fast; it's thoughtful design.

#golang #logging

πŸ”— Project link on #GitHub πŸ‘‰ github.com/rs/zerolog

#Infosec #Cybersecurity #Software #Technology #News #CTF #Cybersecuritycareer #hacking #redteam #blueteam #purpleteam #tips #opensource #cloudsecurity

β€” ✨
πŸ” P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking πŸ’»πŸ΄β€β˜ οΈ

Lenin alevski πŸ•΅οΈπŸ’»alevsk@infosec.exchange
2025-11-03

Why does Privacy Badger matter? πŸ¦‘πŸ”’

Developed by the EFF, Privacy Badger is a browser extension that blocks hidden trackers. It learns as you browse, leveraging Global Privacy Control and Do Not Track signals to stop companies from invading your data privacy.

#privacy #tracking #browserextensions

πŸ”— Project link on #GitHub πŸ‘‰ github.com/EFForg/privacybadger

#Infosec #Cybersecurity #Software #Technology #News #CTF #Cybersecuritycareer #hacking #redteam #blueteam #purpleteam #tips #opensource #cloudsecurity

β€” ✨
πŸ” P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking πŸ’»πŸ΄β€β˜ οΈ

Lenin alevski πŸ•΅οΈπŸ’»alevsk@infosec.exchange
2025-10-31

Why does cybersecurity need AI-powered tools? πŸ€”πŸ€–

Cyber threats are evolving rapidly, outpacing traditional defense methods. Enter Cybersecurity AI (CAI)β€”an open-source framework packed with 300+ AI models, offering automated vulnerability scanning, mitigation, and more. Think reconnaissance tools, guardrail protections, and modular agents for tackling even the most sophisticated exploits.

#Cybersecurity #AI

πŸ”— Project link on #GitHub πŸ‘‰ github.com/aliasrobotics/cai

#Infosec #Cybersecurity #Software #Technology #News #CTF #Cybersecuritycareer #hacking #redteam #blueteam #purpleteam #tips #opensource #cloudsecurity

β€” ✨
πŸ” P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking πŸ’»πŸ΄β€β˜ οΈ

Lenin alevski πŸ•΅οΈπŸ’»alevsk@infosec.exchange
2025-10-29

How is HTTP probing made smarter with `httpx`? πŸŒπŸš€

httpx leverages the retryablehttp library to run multiple probes concurrently. It supports HTTPS fallback to HTTP, customizable ports, and even advanced probes like JARM or CDN detection. Designed for efficiency and flexibility, it’s ideal for large-scale scanning.

#opensource #cybersecurity #http

πŸ”— Project link on #GitHub πŸ‘‰ github.com/projectdiscovery/ht

#Infosec #Cybersecurity #Software #Technology #News #CTF #Cybersecuritycareer #hacking #redteam #blueteam #purpleteam #tips #opensource #cloudsecurity

β€” ✨
πŸ” P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking πŸ’»πŸ΄β€β˜ οΈ

Client Info

Server: https://mastodon.social
Version: 2025.07
Repository: https://github.com/cyevgeniy/lmst