Pentester
@news4hack
2.81K subscribers
117 photos
3 videos
163 files
2.76K links
- Offensive Security (Red Teaming / PenTesting)
- BlueTeam (OperationSec, TreatHunting, DFIR)
- Reverse Engineering / Malware Analisys
- Web Security
Download Telegram
About
Blog
Apps
Platform
Join
Pentester
2.81K subscribers
Pentester
How the "initial access brokers" scene works and its role in recent ransomware attacks.

#ransomware

https://go.recordedfuture.com/hubfs/reports/cta-2022-0802.pdf
633 views
Pentester
👍1
767 views
Pentester
RTFM - Red Team Field Manual v2.epub
247.4 KB
#book
🔥6
881 viewsedited  
Pentester
CVE-2022-35405:
Zoho Password Manager Pro XML-RPC RCE
https://xz.aliyun.com/t/11578
👍1
529 views
Pentester
A Hidden and Undetectable Remote Access Tool written in C++ and Server in Python3
https://github.com/anonlo99/Windows-Backdoor
GitHub
GitHub - ryanwe1ss/Remote-Access-Tool: A Hidden and Undetectable Remote Access Tool written in C++ and Server in Python3.
A Hidden and Undetectable Remote Access Tool written in C++ and Server in Python3. - ryanwe1ss/Remote-Access-Tool
539 views
Pentester
MITRE ATT&CK Matrix for Kubernetes
Tactics & Techniques
Part 1: https://www.weave.works/blog/mitre-att-ck-matrix-for-kubernetes-tactics-techniques-explained-part-1
Part 2: https://www.weave.works/blog/mitre-att-ck-matrix-for-kubernetes-tactics-techniques-explained-part-2
Part 3: https://www.weave.works/blog/mitre-att-ck-matrix-for-kubernetes-tactics-techniques-explained-part-3
547 views
Pentester
Elastic Security detection content for Endpoint
https://github.com/elastic/protections-artifacts
GitHub
GitHub - elastic/protections-artifacts: Elastic Security detection content for Endpoint
Elastic Security detection content for Endpoint. Contribute to elastic/protections-artifacts development by creating an account on GitHub.
565 views
Pentester
NETGEAR R6700v3: 1day Analysis (CVE-2021-34982) Buffer Overflow RCE Vulnerability
https://blog.viettelcybersecurity.com/netgear-r6700v3-1day-analysis-cve-2021-34982-buffer-overflow-rce-vulnerabiliy-2
605 views
Pentester
A static code analysis for WordPress (and PHP)
https://github.com/webarx-security/wpbullet
GitHub
GitHub - webarx-security/wpbullet: A static code analysis for WordPress (and PHP)
A static code analysis for WordPress (and PHP). Contribute to webarx-security/wpbullet development by creating an account on GitHub.
653 views
Pentester
Fuzzable - Framework for Automating Fuzzable Target Discovery with Static Analysis
https://github.com/ex0dus-0x/fuzzable
GitHub
GitHub - ex0dus-0x/fuzzable: Framework for Automating Fuzzable Target Discovery with Static Analysis.
Framework for Automating Fuzzable Target Discovery with Static Analysis. - ex0dus-0x/fuzzable
🔥2
664 views
Pentester
Backdooring Office Structures
Part 1 - The Oldschool
https://mgeeky.tech/backdooring-office-structures-part-1-oldschool
Part 2 - Payload Crumbs In Custom Parts
https://mgeeky.tech/payload-crumbs-in-custom-parts
665 views
Pentester
The cloud has an isolation problem: PostgreSQL vulnerabilities affect multiple cloud vendors
https://wiz.io/blog/the-cloud-has-an-isolation-problem-postgresql-vulnerabilities
wiz.io
The cloud has an isolation problem: PostgreSQL vulnerabilities affect multiple cloud vendors | Wiz Blog
How Wiz Research uncovered multiple related vulnerabilities in PostgreSQL-as-a-Service offerings from GCP, Azure, and others.
646 views
Pentester
This is a pre-authenticated #RCE exploit for VMware vRealize Operations Manager (vROPS) that impacts versions <= 8.6.3.19682901.

https://github.com/sourceincite/DashOverride
GitHub
GitHub - sourceincite/DashOverride: This is a pre-authenticated RCE exploit for VMware vRealize Operations Manager
This is a pre-authenticated RCE exploit for VMware vRealize Operations Manager - sourceincite/DashOverride
715 views
Pentester
CVE-2022-37393:
Privilege escalation in Zimbra Collaboration Suite
https://attackerkb.com/topics/92AeLOE1M1/cve-2022-37393/rapid7-analysis
AttackerKB
CVE-2022-37393 | AttackerKB
Zimbra's sudo configuration permits the zimbra user to execute the zmslapd binary as root with arbitrary parameters. As part of its intended functionality, zms…
558 views
Pentester
628 views
Pentester
The Nmap cookbook Beat the Beast.epub
10.3 MB
#book #nmap
661 viewsedited  
Pentester
The Cisco Hack - Learning from the Cisco Hack, Trail of Evidence Found in Logs
https://trunc.org/learning/cisco-hack-tracks-left-in-the-logs
Report: https://blog.talosintelligence.com/2022/08/recent-cyber-attack.html
Trunc Logging
The Cisco Hack - Tracking the Attack Through your Logs
Cisco Compromise - Insights from Cisco and the trails the attackers can leave in your logs.
518 views
Pentester
1day to 0day (CVE-2022-30024) on TP-Link TL-WR841N
https://blog.viettelcybersecurity.com/1day-to-0day-on-tl-link-tl-wr841n
534 views
Pentester
Bypass phishing detections with Google Translate
https://certitude.consulting/blog/en/bypass-phishing-detections-with-google-translate-2
508 views
Pentester
CVE-2022-27255 - Realtek eCos SDK SIP ALG buffer overflow
https://github.com/infobyte/cve-2022-27255
GitHub
GitHub - infobyte/cve-2022-27255
Contribute to infobyte/cve-2022-27255 development by creating an account on GitHub.
515 views
Pentester
CVE-2022-36446 - Webmin-Software-Package-Updates-RCE
A Python script to exploit CVE-2022-36446 Software Package Updates RCE (Authenticated) on Webmin < 1.997
https://github.com/p0dalirius/CVE-2022-36446-Webmin-Software-Package-Updates-RCE
GitHub
GitHub - p0dalirius/CVE-2022-36446-Webmin-Software-Package-Updates-RCE: A Python script to exploit CVE-2022-36446 Software Package…
A Python script to exploit CVE-2022-36446 Software Package Updates RCE (Authenticated) on Webmin < 1.997. - p0dalirius/CVE-2022-36446-Webmin-Software-Package-Updates-RCE
549 views