lingo.lol is one of the many independent Mastodon servers you can use to participate in the fediverse.
A place for linguists, philologists, and other lovers of languages.

Server stats:

66
active users

#ctf

0 posts0 participants0 posts today

New Open-Source Tool Spotlight 🚨🚨🚨

Scrapling is redefining Python web scraping. Adaptive, stealthy, and fast, it can bypass anti-bot measures while auto-tracking changes in website structure. A standout: 4.5x faster than AutoScraper for text-based extractions. #Python #WebScraping

🔗 Project link on #GitHub 👉 github.com/D4Vinci/Scrapling

#Infosec #Cybersecurity #Software #Technology #News #CTF #Cybersecuritycareer #hacking #redteam #blueteam #purpleteam #tips #opensource #cloudsecurity

✨
🔐 P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking 💻🏴‍☠️

🏴‍☠️ CTF ANNOUNCEMENT: Maritime Hacking Village at DEF CON 33 🏴‍☠️

Join the fight to lift the digital blockade on Isla Hexa in MHV's premiere CTF featuring real AI-controlled unmanned watercraft, port crane systems, a narco-smuggling vessel confiscated by the feds, and much more!

Come test your skills in the most ambitious, cross-domain village CTF at DEF CON yet.

📖 Details: maritimehackingvillage.com/ctf

#DEFCON #DC33 #MaritimeSecurity #CTF #DEFCONVillages #Hacking #Cybersecurity @defcon

🏴‍☠️ CTF ANNOUNCEMENT: Maritime Hacking Village at DEF CON 33 🏴‍☠️

Join the fight to lift the digital blockade on Isla Hexa in MHV's premiere CTF featuring real AI-controlled unmanned watercraft, port crane systems, a narco-smuggling vessel confiscated by the feds, and much more!

Come test your skills in the most ambitious, cross-domain village CTF at DEF CON yet.

📖 Details: maritimehackingvillage.com/ctf

#DEFCON #DC33 #MaritimeSecurity #CTF #DEFCONVillages #Hacking #Cybersecurity @defcon

Hey, I'd like to share the best talks/papers/videos/tools/CTF challenges I encountered in 2025 H1.

This is the official "Cryptax Award 2025 H1" (lol). Congratulations to those of you on the list!

cryptax.github.io/nomination-2

@radareorg @elbsides @NorthSec

My cool site · Cryptax Nomination Awards 2025 H1Cryptax Nomination Awards. Lol. In other words, I’m listing my favorite talks, papers, challenges (etc) for the first half of 2025. Nothing more than that. Okay? H1 2025 Category Nominated Best cybercrime talk Tammy Harper, Persona theory, infiltration and deception of emerging threat groups at NorthSec Best malware research paper ThreatLabz, DanaBleed: DanaBot C2 server memory leak bug, June 9 2025 :(fa-solid fa-file-pdf): Best academic AI paper I read Xinyi Hou, Yanjie Zhao, Shenao Wang, Haoyu Wang, Model Context Protocol (MCP): Landscape, Security Threats and Future Research Directions :(fa-solid fa-file-pdf): Most funny talk Jasmin Mair and Lukas Mika, SBOMs – A Tragicomedy in Three Acts at Elbsides Best new tool for reverse engineering :(fa-solid fa-wrench): R2ai :(fa-solid fa-link): Best old tool I learned to use during H1 2025 :(fa-solid fa-wrench): Fzf :(fa-solid fa-link): Best twitch sessions I started following in H1 2025 thelaluka :(fa-solid fa-video): Best conference food :(fa-solid fa-utensils): BSides Kristiansand Best CTF challenge Quantum Kraken Device - the Skeleton Key :(fa-solid fa-file-lines): at NorthSec CTF Personal achievements I’d like to highlight:

medium.com/@txrattler/dont-cal

Grinding CTFs lately. Here's the truth:

If I'm trying to get into cyber to make a living, the keys shouldn't be hidden.

CTFs aren't training—they're filtering. No hints, no structure, just “guess what I’m thinking.”

That’s not teaching. That’s gatekeeping.

Medium · Don’t Call It Training If You’ve Hidden the Keys - TxRattler - MediumBy TxRattler

New Open-Source Tool Spotlight 🚨🚨🚨

Kubernetes History Inspector (KHI) is an agentless log viewer built for visualizing Kubernetes audit logs. Its timeline-based log analysis and resource relationship diagrams simplify cluster troubleshooting—no complex setups or commands required. #Kubernetes #Observability

🔗 Project link on #GitHub 👉 github.com/GoogleCloudPlatform

#Infosec #Cybersecurity #Software #Technology #News #CTF #Cybersecuritycareer #hacking #redteam #blueteam #purpleteam #tips #opensource #cloudsecurity

✨
🔐 P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking 💻🏴‍☠️

New Open-Source Tool Spotlight 🚨🚨🚨

Pocket ID is an OIDC provider simplifying authentication with passkeys. No passwords. Think secure logins using Yubikeys or biometrics. Lightweight compared to Keycloak or Hydra and ideal for focused use cases. Built for Docker setups. #Passkeys #OIDC

🔗 Project link on #GitHub 👉 github.com/pocket-id/pocket-id

#Infosec #Cybersecurity #Software #Technology #News #CTF #Cybersecuritycareer #hacking #redteam #blueteam #purpleteam #tips #opensource #cloudsecurity

✨
🔐 P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking 💻🏴‍☠️

New Open-Source Tool Spotlight 🚨🚨🚨

tfmcp simplifies Terraform management by letting AI assistants like Claude Desktop handle config, plans, and state via the Model Context Protocol (MCP). Built with Rust, it offers robust security, Docker support, and detailed analysis. ⚙️ #Terraform #DevOps

🔗 Project link on #GitHub 👉 github.com/nwiizo/tfmcp

#Infosec #Cybersecurity #Software #Technology #News #CTF #Cybersecuritycareer #hacking #redteam #blueteam #purpleteam #tips #opensource #cloudsecurity

✨
🔐 P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking 💻🏴‍☠️

Still finding my footing in this space.

Been working through high-difficulty geolocation challenges solo — learning a lot, failing a lot, tracking until something clicks.

Not sure who else works like this — patient, slow, detail-first.

If you're out there, I’d value knowing. Even just to follow along.

medium.com/@txrattler/from-han

🛰️ Weekly OSINT Download – May 27
Signals tracked. Tools tested. Gaps closed.

📍 Applied Recon:

Practiced identity profiling from minimal data: usernames, metadata, old accounts.

Refined solo background check flow — efficient, client-ready, no fluff.

Geolocation drills: worked image verification and failed trails to sharpen instinct and exit discipline.

Began longform narrative analysis — tracking how pacing and structure shape viewer retention and emotional targeting.

🗂️ Signal Shaping:

Studied why 20-min, 3-arc formats dominate high-retention media.

Logged passive audio elements as ambient framing tools.

Tuned voice delivery for clarity and precision — applied to case narration and info drops.

🛠️ In Progress:

CTF prep: US Cyber Games open soon.

Building quiet authority — showing work through process, not hype.

Laying down content as proof-of-skill, not just noise.

Medium · From Handle to Human: Solo OSINT Profiling with Free ToolsBy TxRattler

OSIRIS, the student-run #cybersecurity research lab at NYU, is seeking #challenge writers for our upcoming CSAW #CTF later this year! (For those who don't know CSAW, it's one of the largest student-run #cybersec events in the world: csaw.io ) Web, #ReverseEngineering, #pwn, and #cryptography challenges are prioritized, and all experience levels welcome. Interested? Shoot me a DM or email osiris@osiris.cyber.nyu.edu.

CSAWHome | CSAWCSAW is the most comprehensive student-run cyber security event in the world, featuring 8 cyber competitions, workshops, and industry events. Final events are hosted by 5 global academic centers.

New Open-Source Tool Spotlight 🚨🚨🚨

CVEMap by ProjectDiscovery simplifies vulnerability intelligence with a CLI tool that maps CVEs to EPSS, KEV, CPE, GitHub PoCs, and more. Customizable filters, JSON output, and integration-ready. Requires Go 1.21. #cybersecurity #opensource

🔗 Project link on #GitHub 👉 github.com/projectdiscovery/cv

#Infosec #Cybersecurity #Software #Technology #News #CTF #Cybersecuritycareer #hacking #redteam #blueteam #purpleteam #tips #opensource #cloudsecurity

✨
🔐 P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking 💻🏴‍☠️

What happens when a single Go module can wipe your entire Linux system? 🧨💻

Researchers have uncovered three malicious Go packages that, once installed, can render a Linux machine completely unbootable. These modules—`prototransform`, `go-mcp`, and `tlsproxy`—were hosted on GitHub and disguised as legitimate open-source tools. What sets them apart isn’t just the malware, but how it’s delivered: hidden in obfuscated code that quietly checks if the OS is Linux, then downloads a shell script using `wget`. That script doesn’t just corrupt the system—it zeroes out `/dev/sda`, the primary disk, erasing all data beyond recovery.

These aren't isolated incidents. A parallel wave of threats has hit JavaScript and Python ecosystems too. Several npm packages—such as `crypto-encrypt-ts` and `userbridge-paypal`—were found stealing cryptocurrency wallet seed phrases and exfiltrating private keys. Meanwhile, other PyPI packages like `web3x` and `herewalletbot` targeted similar data and have already been downloaded over 6,800 times.

More concerning, another group of seven PyPI packages communicated through Gmail’s SMTP servers and WebSockets to exfiltrate data and enable remote command execution. Using hardcoded Gmail credentials, they sent success notifications back to attackers and opened persistent channels for control. Since Gmail traffic often bypasses scrutiny from corporate firewalls and endpoint protection systems, these packages operated with minimal detection.

The recurring theme here is trust—developers importing open-source packages assume some degree of safety if a library has been around or appears well-maintained. But attackers are exploiting that assumption, embedding silent functionality behind familiar names and benign-looking codebases.

Defensive practices matter. Teams should scrutinize dependency trees, validate GitHub sources, monitor for unusual outbound connections—including SMTP—and treat every third-party library as a potential threat vector, regardless of its age or download count. Ignoring this risk is no longer viable.

#Infosec #Cybersecurity #Software #Technology #News #CTF #Cybersecuritycareer #hacking #redteam #blueteam #purpleteam #tips #opensource #cloudsecurity

✨
🔐 P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking 💻🏴‍☠️

New Open-Source Tool Spotlight 🚨🚨🚨

Scopify is a Python-based recon tool for pentesters, leveraging `netify.ai` to analyze CDNs, hosting, and SaaS infra of target companies. Optional OpenAI integration adds AI-guided insights for deeper testing. Built by @Jhaddix & Arcanum-Sec. #CyberSecurity #BugBounty

🔗 Project link on #GitHub 👉 github.com/Arcanum-Sec/Scopify

#Infosec #Cybersecurity #Software #Technology #News #CTF #Cybersecuritycareer #hacking #redteam #blueteam #purpleteam #tips #opensource #cloudsecurity

✨
🔐 P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking 💻🏴‍☠️