Forwarded from 卩ro 爪Cracker
Shadow Workers
Shadow Workers is a free and open source C2 and proxy designed for penetration testers to help in the exploitation of XSS and malicious Service Workers (SW).
A successful exploitation allows you to browse on the targeted application as the victim(s), as long as the SW (agent) is active. A victim does not have to have a browser tab open in the application for the agent to be active.
https://github.com/shadow-workers/shadow-workers
Shadow Workers Site:
https://shadow-workers.github.io/
Shadow Workers is a free and open source C2 and proxy designed for penetration testers to help in the exploitation of XSS and malicious Service Workers (SW).
A successful exploitation allows you to browse on the targeted application as the victim(s), as long as the SW (agent) is active. A victim does not have to have a browser tab open in the application for the agent to be active.
https://github.com/shadow-workers/shadow-workers
Shadow Workers Site:
https://shadow-workers.github.io/
Forwarded from 卩ro 爪Cracker
Active Directory Pentest Mindmap.
https://orange-cyberdefense.github.io/ocd-mindmaps/img/pentest_ad_dark_2022_11.svg
#mindmap #ad #pentesting
https://orange-cyberdefense.github.io/ocd-mindmaps/img/pentest_ad_dark_2022_11.svg
#mindmap #ad #pentesting
Forwarded from 卩ro 爪Cracker
DroneSploit
Easily pentest drones!
This CLI framework is based on sploitkit and is an attempt to gather hacking techniques and exploits especially focused on drone hacking. For the ease of use, the interface has a layout that looks like Metasploit.
https://github.com/dhondta/dronesploit
Details:
https://hakin9.org/dronesploit-a-pentesting-console-framework-dedicated-to-drones/
Easily pentest drones!
This CLI framework is based on sploitkit and is an attempt to gather hacking techniques and exploits especially focused on drone hacking. For the ease of use, the interface has a layout that looks like Metasploit.
https://github.com/dhondta/dronesploit
Details:
https://hakin9.org/dronesploit-a-pentesting-console-framework-dedicated-to-drones/
Forwarded from 卩ro 爪Cracker
Stealing passwords from infosec Mastodon - without bypassing CSP
https://ift.tt/hRDE0m7
Submitted November 15, 2022 at 08:17PM by albinowax
via reddit https://ift.tt/voIhqLH
https://ift.tt/hRDE0m7
Submitted November 15, 2022 at 08:17PM by albinowax
via reddit https://ift.tt/voIhqLH
PortSwigger Research
Stealing passwords from infosec Mastodon - without bypassing CSP
The story of how I could steal credentials on Infosec Mastodon with a HTML injection vulnerability, without needing to bypass CSP. Everybody on our Twitter feed seemed to be jumping ship to the infose