❓How secure are your Google Workspace groups? 🤔🔒

Gubble audits Google Groups settings to uncover risky configurations like "Anyone Can Join" or "External Members Allowed." Misconfigurations like these can expose sensitive data or enable phishing scenarios. Automate the checks before risks arise!

#GoogleWorkspace #SecOps #Cybersecurity

🔗 Project link on #GitHub 👉 https://github.com/LowOrbitSecurity/gubble

#Infosec #Cybersecurity #Software #Technology #News #CTF #Cybersecuritycareer #hacking #redteam #blueteam #purpleteam #tips #opensource #cloudsecurity

— ✨
🔐 P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking 💻🏴‍☠️

Why do LLM-based agents need a dedicated security benchmark? 🤖⚔️

The Agent Security Bench (ASB) formalizes and evaluates attacks (like prompt injections, PoT backdoors) and defenses on AI agents in 10 real-world scenarios, from legal to investment advice. A deep dive into threats beyond the surface. #AI #Cybersecurity #LLM

🔗 Project link on #GitHub 👉 https://github.com/agiresearch/ASB

#Infosec #Cybersecurity #Software #Technology #News #CTF #Cybersecuritycareer #hacking #redteam #blueteam #purpleteam #tips #opensource #cloudsecurity

— ✨
🔐 P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking 💻🏴‍☠️

How does CAI handle 300+ AI models 🤖?

Cybersecurity AI (CAI) integrates a vast array of AI models, including OpenAI's GPT-4o, Anthropic's Claude 3, and custom ones like Qwen2.5. It achieves this through LiteLLM, a lightweight library supporting modular multi-model use, making AI-powered security testing efficient for diverse scenarios.

#CyberSecurity #AI #PenTesting

🔗 Project link on #GitHub 👉 https://github.com/aliasrobotics/cai

#Infosec #Cybersecurity #Software #Technology #News #CTF #Cybersecuritycareer #hacking #redteam #blueteam #purpleteam #tips #opensource #cloudsecurity

— ✨
🔐 P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking 💻🏴‍☠️

How does RAPTOR make AI-driven security smarter? 🦖🤖

RAPTOR fuses Claude Code with advanced tools like Semgrep, CodeQL, and AFL to create an autonomous security agent. It scans code, fuzzes binaries, analyzes vulnerabilities, and even generates patches or exploits—all while orchestrating defensive and offensive workflows. #CyberSecurity #AI

🔗 Project link on #GitHub 👉 https://github.com/gadievron/raptor

#Infosec #Cybersecurity #Software #Technology #News #CTF #Cybersecuritycareer #hacking #redteam #blueteam #purpleteam #tips #opensource #cloudsecurity

— ✨
🔐 P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking 💻🏴‍☠️

Ever wished for a tool that simplifies endpoint discovery? 🔍✨

Hakrawler is a blazingly fast web crawler built with Go, ideal for pentesting and reconnaissance. It extracts URLs, assets, and JavaScript files effortlessly, and its command-line options—like proxy support, JSON output, or subdomain crawling—offer flexibility for advanced workflows. Combine it with tools like Haktrails for robust OSINT.

#cybersecurity #pentesting #opensource

🔗 Project link on #GitHub 👉 https://github.com/hakluke/hakrawler

#Infosec #Cybersecurity #Software #Technology #News #CTF #Cybersecuritycareer #hacking #redteam #blueteam #purpleteam #tips #opensource #cloudsecurity

— ✨
🔐 P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking 💻🏴‍☠️

Ever wished LLMs could drive your computer? 🤖💻

Open Interface combines GPT-4V/Gemini with simulated keyboard & mouse inputs. Request anything—generate code, play games, or edit docs. It even course-corrects using live screenshots. Truly autonomous UI automation. #AI #opensource #automation

🔗 Project link on #GitHub 👉 https://github.com/AmberSahdev/Open-Interface

#Infosec #Cybersecurity #Software #Technology #News #CTF #Cybersecuritycareer #hacking #redteam #blueteam #purpleteam #tips #opensource #cloudsecurity

— ✨
🔐 P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking 💻🏴‍☠️

Why struggle with stale environment variables? 🌍🔐

Envilder streamlines .env management by syncing secrets directly with AWS SSM. Automate updates, maintain consistency across teams, and eliminate risky manual sharing of sensitive data. Ideal for cloud-native workflows and CI/CD setups.

#DevOps #AWS #SecOps

🔗 Project link on #GitHub 👉 https://github.com/macalbert/envilder

#Infosec #Cybersecurity #Software #Technology #News #CTF #Cybersecuritycareer #hacking #redteam #blueteam #purpleteam #tips #opensource #cloudsecurity

— ✨
🔐 P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking 💻🏴‍☠️

Can AI really pair program effectively? 🤖💻

Aider brings LLMs like GPT-4 and Claude 3.7 directly into your terminal. It maps your entire codebase, supports 100+ languages, and even integrates with Git for seamless commits. A true collaborator, not just a chatbot. #AI #CodingTools #GitHub

🔗 Project link on #GitHub 👉 https://github.com/Aider-AI/aider

#Infosec #Cybersecurity #Software #Technology #News #CTF #Cybersecuritycareer #hacking #redteam #blueteam #purpleteam #tips #opensource #cloudsecurity

— ✨
🔐 P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking 💻🏴‍☠️

Why use a CLI for VirusTotal? 🤔💻

VirusTotal's `vt-cli` gives power users full VirusTotal access right from the terminal: fetch file/URL reports, launch YARA RetroHunts, search with advanced filters, or download files securely. All it needs is an API key. #Cybersecurity #CommandLine

🔗 Project link on #GitHub 👉 https://github.com/VirusTotal/vt-cli

#Infosec #Cybersecurity #Software #Technology #News #CTF #Cybersecuritycareer #hacking #redteam #blueteam #purpleteam #tips #opensource #cloudsecurity

— ✨
🔐 P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking 💻🏴‍☠️

Why run AI tools on cluttered setups? 🐳🤔

ClaudeBox offers a fully containerized dev environment for Claude AI. Each project gets isolated Docker images, persistent data (auth, shell history), and pre-configured profiles for languages like Python or Rust. Perfect for reproducibility and multi-instance workflows. #Docker #AI #DevTools

🔗 Project link on #GitHub 👉 https://github.com/RchGrav/claudebox

#Infosec #Cybersecurity #Software #Technology #News #CTF #Cybersecuritycareer #hacking #redteam #blueteam #purpleteam #tips #opensource #cloudsecurity

— ✨
🔐 P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking 💻🏴‍☠️

Why is OpenCode gaining traction among developers? 🤔💻

An AI coding agent built for the terminal, OpenCode is open-source, provider-agnostic, and supports LSP out of the box. Plus, its TUI focus enables seamless terminal integration, appealing to power users. #OpenSource #AI

🔗 Project link on #GitHub 👉 https://github.com/sst/opencode

#Infosec #Cybersecurity #Software #Technology #News #CTF #Cybersecuritycareer #hacking #redteam #blueteam #purpleteam #tips #opensource #cloudsecurity

— ✨
🔐 P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking 💻🏴‍☠️

🐾 What if AI agents could mimic real hackers to secure your apps?

Strix is an open-source system where autonomous AI agents dynamically test your code for vulnerabilities. Unlike static analysis, it validates findings with real proof-of-concepts—making security testing faster and more precise. #CyberSecurity #OpenSource

🔗 Project link on #GitHub 👉 https://github.com/usestrix/strix

#Infosec #Cybersecurity #Software #Technology #News #CTF #Cybersecuritycareer #hacking #redteam #blueteam #purpleteam #tips #opensource #cloudsecurity

— ✨
🔐 P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking 💻🏴‍☠️

Are MCP tools as secure as you think? 🤔🔒

The GitHub repo by `invariantlabs-ai` highlights experiments exposing vulnerabilities in MCP servers. From direct file exfiltration attacks (`direct-poisoning.py`) to email interception (`shadowing.py`), these snippets showcase how agents can get manipulated. A chilling example: `whatsapp-takeover.py` changes behavior stealthily to leak sensitive WhatsApp messages.

#Cybersecurity #Python

🔗 Project link on #GitHub 👉 https://github.com/invariantlabs-ai/mcp-injection-experiments

#Infosec #Cybersecurity #Software #Technology #News #CTF #Cybersecuritycareer #hacking #redteam #blueteam #purpleteam #tips #opensource #cloudsecurity

— ✨
🔐 P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking 💻🏴‍☠️

How does an MCP server manipulate a trusted agent? 🛠️📂

The `mcp-injection-experiments` repo shows multiple MCP tool poisoning techniques.
- **Direct Poisoning**: Manipulates the agent to leak files like SSH keys (`direct-poisoning.py`).
- **Shadowing**: Hijacks tools (e.g., `send_email`) to redirect sensitive data (`shadowing.py`).
- **WhatsApp Takeover**: Alters interface mid-use, leaking chat logs stealthily (`whatsapp-takeover.py`).

#cybersecurity #MCP

🔗 Project link on #GitHub 👉 https://github.com/invariantlabs-ai/mcp-injection-experiments

#Infosec #Cybersecurity #Software #Technology #News #CTF #Cybersecuritycareer #hacking #redteam #blueteam #purpleteam #tips #opensource #cloudsecurity

— ✨
🔐 P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking 💻🏴‍☠️

How do you simplify MCP server deployment? 🤔🚀

ToolHive streamlines MCP server operations with instant setup, containers for security, and Kubernetes scaling. It supports CLI, GUI, and Kubernetes Operator while ensuring secure secret management. With features like protocol proxying and auto-service discovery, it's your all-in-one solution for MCP servers.

#DevOps #Kubernetes

🔗 Project link on #GitHub 👉 https://github.com/stacklok/toolhive

#Infosec #Cybersecurity #Software #Technology #News #CTF #Cybersecuritycareer #hacking #redteam #blueteam #purpleteam #tips #opensource #cloudsecurity

— ✨
🔐 P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking 💻🏴‍☠️

Why does `kubectl exec` lack audits? 🤔

Most Kubernetes clusters offer no built-in logging for container commands executed with `kubectl exec`. Adyen's `kubectl-rexec` fixes this by adding an auditable layer to monitor these actions. Designed for Kubernetes 1.30+ (or 1.29 with specific flags), it simplifies compliance without compromising utility. #Kubernetes #AuditLogs

🔗 Project link on #GitHub 👉 https://github.com/adyen/kubectl-rexec

#Infosec #Cybersecurity #Software #Technology #News #CTF #Cybersecuritycareer #hacking #redteam #blueteam #purpleteam #tips #opensource #cloudsecurity

— ✨
🔐 P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking 💻🏴‍☠️

Why is server management for LLMs so challenging? 🤔🛠️

MCP Guardian simplifies the process by letting you manage, proxy, and secure MCP servers in real time. From approving tool calls to automated safety checks (coming soon), it’s designed to keep your AI's activity in check. Built with Rust and TypeScript, it's efficient and robust.

#LLM #ServerManagement #RustLang

🔗 Project link on #GitHub 👉 https://github.com/eqtylab/mcp-guardian

#Infosec #Cybersecurity #Software #Technology #News #CTF #Cybersecuritycareer #hacking #redteam #blueteam #purpleteam #tips #opensource #cloudsecurity

— ✨
🔐 P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking 💻🏴‍☠️

Why does Gato-X matter for GitHub Actions security? 🔒🤔

Gato-X pushes static analysis to the next level for GitHub Actions. Handling 35-40k repositories in hours with a single API token, it identifies issues like TOCTOU vulnerabilities, Pwn Requests, and self-hosted runner attacks—often missed by typical tools. #GitHubActions #Security

🔗 Project link on #GitHub 👉 https://github.com/AdnaneKhan/Gato-X

#Infosec #Cybersecurity #Software #Technology #News #CTF #Cybersecuritycareer #hacking #redteam #blueteam #purpleteam #tips #opensource #cloudsecurity

— ✨
🔐 P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking 💻🏴‍☠️

Is remembering complex pentest commands slowing you down? 🧠💻

Arsenal simplifies the process by letting you search and auto-fill pentest commands directly in your terminal—shell agnostic, with support for variables like `ip=10.10.10.10`. Perfect for fast, efficient workflows. #Pentesting #CyberSecurity #DevTools

🔗 Project link on #GitHub 👉 https://github.com/Orange-Cyberdefense/arsenal

#Infosec #Cybersecurity #Software #Technology #News #CTF #Cybersecuritycareer #hacking #redteam #blueteam #purpleteam #tips #opensource #cloudsecurity

— ✨
🔐 P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking 💻🏴‍☠️

Ever thought of tunneling traffic over Azure Blob Storage? 🤔☁️

ProxyBlob lets you run a SOCKS5 proxy using Azure Storage as the communication channel. Useful in restrictive networks where only `*.blob.core.windows.net` is accessible. #Azure #Proxy #Networking

---

Why does ProxyBlob need Azure Storage? 💡📦

It creates a clever detour: Agents in target networks poll Azure Blob for tasks, while the proxy writes requests there. This avoids direct network connections for environments with strict rules. #Tech #CloudComputing

---

Missing direct network access but have Azure? Try Azurite! 🖥️🔨

ProxyBlob's agent also supports testing with Azurite, an open-source Azure Storage emulator. Use Docker or a VS Code extension to simulate an Azure Blob environment locally. #DevOps #Testing

---

How do SOCKS proxies over Azure even work? Let's simplify: 🎯

1. Proxy writes packets to Blob Storage.
2. Agent polls Blob, handles requests, and writes responses back.
3. Proxy retrieves responses, keeping the SOCKS5 flow alive. Smart and efficient. #Networking #Azure

---

Using ProxyBlob on-prem? Here's an essential setup note:

Test with `Azurite` before deploying on actual Azure. It emulates storage accounts with default credentials, helping validate configurations without cloud costs or risks. #CloudTools

🔗 Project link on #GitHub 👉 https://github.com/quarkslab/proxyblob

#Infosec #Cybersecurity #Software #Technology #News #CTF #Cybersecuritycareer #hacking #redteam #blueteam #purpleteam #tips #opensource #cloudsecurity

— ✨
🔐 P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking 💻🏴‍☠️