Hey everyone,

I work in music promotion and have ways to help artists get real reach and exposure. Everything I do is 100% legit (no bots, no fake plays). Think playlist pitching, organic marketing, and connecting music to the right audiences.

If you’re an artist or manager looking to boost your releases and want to explore some solid promo options, feel free to DM me for more info.

I tried using osint tools but it didn't take me anywhere. Is there a data breach or smth

Hi, I would like to let you know about this free and very practical cybersecurity course with both red and blue teaming classes done by Czech Technical University. The course is in English and registrations are opened - the semester starts at the end of September. Feel free to find more information including the complete syllabus and references from more than 1500 alumni students from last year at the shared link! Thanks

So i’ve noticed recently on live there’s a large amount of people using the exact same looped video of a guy giving away money. What i noticed is these guys don’t get banned because they do some trick where they have a landscape part of their stream that when u click on this button it changes their audio and visual of their stream to something like a minecraft video to mask it. What is it they are doing ??

how to spy when connected to same wifi

Many network-exploitable vulnerabilities, such as CVE-2025-47188, remains delayed, poorly documented and lack meaningful enrichment. Despite being actively exploited since May 2025, this vulnerability is still not enriched by NVD, EPSS or proprietary vulnerability databases.

VEDAS (https://vedas.arpsyndicate.io) can be used for Mining Exploit Intelligence linked to vulnerability identifiers like CVE, EUVD, CNNVD, and BDU and can be helpful in developing custom Nuclei templates and extending its coverage, supporting the growing community of security teams, researchers, and ASM providers.

Read More: https://www.osintteam.com/mining-exploit-intelligence-to-develop-custom-nuclei-templates-for-cve-euvd-cnnvd-bdu/

Anyone attending the Blackhat 2025 conference this year? I haven’t been in a couple years, and I know everyone’s budgets are getting cut but this year seems underwhelming compared to past conferences. Thoughts?

Hello, friends. I have a general and simple question for you. Once you have successfully logged into a website's admin panel, what do you do next? Where do you attack, and what information or databases are more critical to you? I have a portfolio website with an admin panel. I want to protect my site, so I wanted to ask you this question.

Please give me an example of your entire process.

I was wondering how will it work getting the Defcon badge after purchasing one via BlackHat. The instructions are these:

DEF CON badges purchased through Black Hat will be available for pick-up at the Mandalay Bay Convention Center, Mandalay Bay Ballroom Foyer, Level 2 on Thursday, August 7, 2025 at 7:00 AM – 4:00 PM.

• Step 1: Attendees will present their Black Hat badge with DEF CON symbol to staff.
• Step 2: Your badge will be hole punched as proof of pick-up.
• Step 3: Staff will hand you your badge.

Does that mean that we are going to miss LineCon because of this? Or is it an advantage?

Thanks

Hey, there. I'm using the ROG Strix G15 2022 laptop for pentesting lessons. The laptop is great, but the wifi isn't.

1. Issue: WiFi card undetected from time to time. Very Annoying.
2. Current card: MediaTek Wi-Fi 6E MT7922 (RZ616) 160MHz Wireless LAN Card -- WORST.
3. What I'm looking for: A Good wifi card that supports:
   • Both 2.4 GHz and 5 GHz (must).
   • monitor & packet injection modes.
   • at least WiFi 6E if possible (if possible).

Hi fellows, I am looking for peer who want to learn towards OSCP, I will be going through a learning pathway those who are interested and ready to learn. I will be teaching it.

It's for beginner only, coz I will be going in a chronological order from Basics to Advance.

For those who are willing to join me.

Dm me.

ProjectD is a proof-of-concept that demonstrates how attackers could leverage Google Drive as both the transport channel and storage backend for a command-and-control (C2) infrastructure.

Main C2 features:

• Persistent client ↔ server heartbeat;
• File download / upload;
• Remote command execution on the target machine;
• Full client shutdown and self-wipe;
• End-to-end encrypted traffic (AES-256-GCM, asymmetric key exchange).

Code + full write-up:
GitHub: https://github.com/BernKing/ProjectD
Blog: https://bernking.xyz/2025/Project-D/

Saw a movie where a guy was manipulating those arcade slot machines all electronic ones like ultimate fire link it made me Curious if anybody has ever manipulated these and hypothetically how could the character in the movie have done that?

I've just created a repo for a log parser that works on almost all infostealer logs. It's developed with python and some bash, give an opinion.

While researching manufacturing software online, I found a Chinese automotive factory with their production system completely exposed to the internet. This should NEVER happen - manufacturing execution systems should stay on internal networks only.

Out of curiosity (and 10 years experience with this software), I tried logging in. Default passwords were changed, but there's a forgotten technical service account that admins always overlook. Got right in and could see live production, work orders, operators working - basically could shut down their entire factory.

Now I'm torn. I want to tell them about this massive security hole, but I'm scared to use my real email. Should I make a throwaway email to contact them? What if they think it's spam or get me in trouble somehow?

How do you responsibly disclose something like this while staying anonymous? This is a serious vulnerability that could destroy their business if the wrong person finds it.

TL;DR: Found Chinese factory's production system wide open on the internet, got in easily, want to warn them but don't know how to do it safely.

I saw that there was a new CVE(CVE-2025-32462) for sudo that allowed privesc using the --host flag, but no website explains how to use it(obviously). Is it really complicated in that it's tailored per computer, or is there a relatively simple command or set of commands that work for most computer. If it is the latter, what are those commands?

I had a person who came to me for work who was getting a URL deindexed for 30 days at a time with a vendor they found online. After about 30 days, the URL would reappear.

The GSC temporary removal tool says it should last "about six months." Is it now refreshing much faster?

Is there some shortcut that is being exploited?

I’m looking for someone with experience in black hat SEO, specifically in the travel domain, who can generate calls through Google and Bing without using a website—using third-party platforms like forums, classifieds, etc. Must also know how to index on Google and Bing.