Pentester – Telegram

Pentester

2.92K subscribers

119 photos

3 videos

163 files

2.77K links

- Offensive Security (Red Teaming / PenTesting)
- BlueTeam (OperationSec, TreatHunting, DFIR)
- Reverse Engineering / Malware Analisys
- Web Security

Download Telegram

About

Blog

Apps

Platform

2.92K subscribers

Channel created

10:01

http://blog.vulspy.com/2017/11/09/Wordpress-4-8-2-SQL-Injection-POC/

55 views10:12

http://www.hackingarticles.in/exploiting-windows-machine-dde-exploit/

Hacking Articles

Exploiting Windows Machine with DDE Exploit - Hacking Articles

DDE stands for “Dynamic Data Exchange”, this is a method used by windows to facilitate one program being able to subscribe to an item made

57 views10:12

https://embedi.com/blog/skeleton-closet-ms-office-vulnerability-you-didnt-know-about

54 views19:36

https://github.com/theori-io/pwnjs

GitHub - theori-io/pwnjs: A Javascript library for browser exploitation

A Javascript library for browser exploitation. Contribute to theori-io/pwnjs development by creating an account on GitHub.

49 views04:40

https://jesux.es/exploiting/blueborne-android-6.0.1-english/

BlueBorne RCE on Android 6.0.1 (CVE-2017-0781) [English]

A few days ago, the company Armis published a proof of concept (PoC) of a remote code execution vulnerability in Android via Bluetooth (CVE-2017-0781), known as BlueBorne. Although BlueBorne refers to a set of 8 vulnerabilities, this PoC uses only 2 of them…

50 views04:51

https://github.com/ScottyBauer/Android_Kernel_CVE_POCs/commit/4ed3e7dd2ca6e68247ab5323fbf49340c02a4f8f

Added Pocs fore Remote Kernel WIFI bugs · ScottyBauer/Android_Kernel_CVE_POCs@4ed3e7d

Signed-off-by: Scott Bauer

45 views05:42

Посмотрите, о чем твитнул(а) @0ang3el: https://twitter.com/0ang3el/status/931245931483287554?s=09

Some neat tricks to bypass CSRF-protection from #ZeroNights https://t.co/6sD580hSMq

47 views05:43

https://github.com/wavestone-cdt/hadoop-attack-library

GitHub - wavestone-cdt/hadoop-attack-library: A collection of pentest tools and resources targeting Hadoop environments

A collection of pentest tools and resources targeting Hadoop environments - wavestone-cdt/hadoop-attack-library

47 views05:44

https://github.com/V1V1/Sleight

GitHub - V1V1/Sleight: Empire HTTP(S) C2 redirector setup script

Empire HTTP(S) C2 redirector setup script. Contribute to V1V1/Sleight development by creating an account on GitHub.

52 views06:47

https://www.tarlogic.com/en/blog/exploiting-word-cve-2017-11826/

Tarlogic Security

Exploiting Word: CVE-2017-11826

Tarlogic Security's Red Team shows how to exploit the CVE-2017-11826 vulnerabilities that affected MS Office

52 views17:53

https://github.com/Arno0x/PowerShellScripts/tree/master/MacroCreator

PowerShellScripts/MacroCreator at master · Arno0x/PowerShellScripts

Collection of PowerShell scripts. Contribute to Arno0x/PowerShellScripts development by creating an account on GitHub.

47 views17:58

http://blog.trendmicro.com/trendlabs-security-intelligence/untangling-the-patchwork-cyberespionage-group/?platform=hootsuite

Untangling the Patchwork Cyberespionage Group - TrendLabs Security Intelligence Blog

Patchwork is a cyberespionage group known for targeting diplomatic and government agencies that has since added businesses to their list of targets.

43 views05:35

https://devco.re/blog/2017/12/11/Exim-RCE-advisory-CVE-2017-16943-en/

DEVCORE 戴夫寇爾

Road to Exim RCE - Abusing Unsafe Memory Allocator in the Most Popular MTA | DEVCORE 戴夫寇爾

On 23 November, 2017, we reported two vulnerabilities to Exim. These bugs exist in the SMTP daemon and attackers do not need to be authenticated, including CVE-2017-16943 for a use-after-free (UAF) vulnerability, which leads to Remote Code Execution (RCE);…

50 views05:40

https://xorl.wordpress.com/2017/12/16/trick-for-quick-reverse-engineering-of-javascript-malware/amp/?__twitter_impression=true

xorl %eax, %eax

Trick for quick reverse engineering of JavaScript malware

Most JavaScript malware authors try to obfuscate their code by adding a lot of unused code as well as randomized variable names and simple encoding and decoding fucntions. Lastly, they typically re…

50 views05:21

https://securityonline.info/nmap-vulners-nse-script-based-on-vulners-com-api/

Penetration Testing

nmap-vulners: NSE script based on Vulners.com API • Penetration Testing

nmap-vulners is an Nmap NSE script using some well-known service to provide info on vulnerabilities. The only thing you should always keep in mind is that the script depends on having software versions at hand, so it only works with -sV flag.

50 views05:24

Посмотрите, о чем твитнул(а) @FlatL1ne: https://twitter.com/FlatL1ne/status/945963549742043136?s=09

Empire Cheat Sheet https://t.co/Np49CYHQJx

45 views05:30

https://github.com/codewatchorg/sqlipy

GitHub - codewatchorg/sqlipy: SQLiPy is a Python plugin for Burp Suite that integrates SQLMap using the SQLMap API.

SQLiPy is a Python plugin for Burp Suite that integrates SQLMap using the SQLMap API. - codewatchorg/sqlipy

40 views16:09

https://github.com/rxwx/CVE-2017-11882/blob/master/packager_exec_CVE-2017-11882.py

CVE-2017-11882/packager_exec_CVE-2017-11882.py at master · rxwx/CVE-2017-11882

Proof-of-Concept exploits for CVE-2017-11882. Contribute to rxwx/CVE-2017-11882 development by creating an account on GitHub.

41 views13:06

https://pastebin.com/4nzunPB5

huawei 0day - Pastebin.com

Pastebin.com is the number one paste tool since 2002. Pastebin is a website where you can store text online for a set period of time.

53 views13:08