Pentester – Telegram

Pentester

2.79K subscribers

116 photos

3 videos

163 files

2.76K links

- Offensive Security (Red Teaming / PenTesting)
- BlueTeam (OperationSec, TreatHunting, DFIR)
- Reverse Engineering / Malware Analisys
- Web Security

Download Telegram

About

Blog

Apps

Platform

2.79K subscribers

Active Directory reconnaissance and exploitation for Red Teams via the Active Directory Web Services (ADWS).
https://github.com/wh0amitz/SharpADWS

GitHub - wh0amitz/SharpADWS: Active Directory reconnaissance and exploitation for Red Teams via the Active Directory Web Services…

Active Directory reconnaissance and exploitation for Red Teams via the Active Directory Web Services (ADWS). - wh0amitz/SharpADWS

🔥2

1.14K views04:24

Automation for Juniper CVE:2023-36845
https://github.com/ak1t4/CVE-2023-36845

GitHub - ak1t4/CVE-2023-36845: CVES

CVES . Contribute to ak1t4/CVE-2023-36845 development by creating an account on GitHub.

👍3

1.21K views04:35

KernelGPT: Enhanced Kernel Fuzzing via Large Language Models

https://arxiv.org/pdf/2401.00563.pdf

1.18K views04:44

CVE-2024-21413: Microsoft Outlook Leak Hash

https://github.com/duy-31/CVE-2024-21413

GitHub - duy-31/CVE-2024-21413: Microsoft Outlook Information Disclosure Vulnerability (leak password hash) - Expect Script POC

Microsoft Outlook Information Disclosure Vulnerability (leak password hash) - Expect Script POC - duy-31/CVE-2024-21413

🔥1

1.26K views18:05

This Proof-Of-Concept demonstrates the exploitation of CVE-2023-22098 against VirtualBox 7.0.10 r158379

https://github.com/google/security-research/tree/master/pocs/oracle/virtualbox/cve-2023-22098

security-research/pocs/oracle/virtualbox/cve-2023-22098 at master · google/security-research

This project hosts security advisories and their accompanying proof-of-concepts related to research conducted at Google which impact non-Google owned code. - google/security-research

🔥2

1.29K views19:52

Pivoting from Microsoft Cloud to On-Premise Machines
https://whiteknightlabs.com/2024/02/21/pivoting-from-microsoft-cloud-to-on-premise-machines/

White Knight Labs

Pivoting from Microsoft Cloud to On-Premise Machines | White Knight Labs

This article will demonstrate one situation discovered during a recent cloud penetration test that allowed us to pivot from a Microsoft cloud

🔥2

1.15K views08:04

GitHub - xhzeem/toxicache: Go scanner to find web cache poisoning vulnerabilities in a list of URLs

https://github.com/xhzeem/toxicache

GitHub - xhzeem/toxicache: Go scanner to find web cache poisoning vulnerabilities in a list of URLs

Go scanner to find web cache poisoning vulnerabilities in a list of URLs - xhzeem/toxicache

🔥3👍1

1.25K views08:06

Windows Kernel Exploitation Tutorial Part 1: Setting up the Environment

https://rootkits.xyz/blog/2017/06/kernel-setting-up/

Windows Kernel Exploitation Tutorial Part 1: Setting up the Environment - rootkit

Intro Recently, I had the pleasure to attend the training on Windows Kernel Exploitation at nullcon by the HackSysTeam. The training was well executed, and I got the intro into the world of kernel. But, as you know, nobody could teach you internals about…

🔥4

1.15K views04:36

Kali Linux 2024.1 Release (Micro Mirror) | Kali Linux Blog

https://www.kali.org/blog/kali-linux-2024-1-release

Kali Linux 2024.1 Release (Micro Mirror)

Hello 2024! Today we are unveiling Kali Linux 2024.1. As this is our the first release of the year, it does include new visual elements! Along with this we also have some exciting new mirrors to talk about, and of course some package changes - both new tools…

🔥2❤1

993 views19:42

Apache Solr Backup/Restore APIs RCE Poc (CVE-2023-50386)

https://github.com/vvmdx/Apache-Solr-RCE_CVE-2023-50386_POC

GitHub - vvmdx/Apache-Solr-RCE_CVE-2023-50386_POC: Apache Solr Backup/Restore APIs RCE Poc (CVE-2023-50386)

Apache Solr Backup/Restore APIs RCE Poc (CVE-2023-50386) - vvmdx/Apache-Solr-RCE_CVE-2023-50386_POC

🔥3

1.03K views06:57

Nice blog about #Recon Automation using tools like #Subfinder, #Chaos, #Nuclei, #Httpx, Notify, and Anew to find bugs and vulnerabilities.

https://dhiyaneshgeek.github.io/bug/bounty/2020/02/06/recon-with-me/

Recon with Me !!!

Security Through Intelligent Automation

👍2

976 views04:51

#cybercrime_forums

👎1🔥1

1.05K views04:53

This media is not supported in your browser

VIEW IN TELEGRAM

framework for penetration testing

https://github.com/INotGreen/XiebroC2

1.02K views05:00

Static Analysis Automation for Hunting Vulnerable Kernel Drivers

https://speakerdeck.com/takahiro_haruyama/static-analysis-automation-for-hunting-vulnerable-kernel-drivers

Static Analysis Automation for Hunting Vulnerable Kernel Drivers

https://blogs.vmware.com/security/2023/10/hunting-vulnerable-kernel-drivers.html
https://github.com/TakahiroHaruyama/VDR

Microsoft Windows allows lo…

1.2K views05:02

Code injection on Android without ptrace
https://erfur.github.io/blog/dev/code-injection-without-ptrace

erfur's bits and pieces

Code injection on Android without ptrace

🔥3

944 views05:31

APKDeepLens - tool to scan Android applications for security vulnerabilities
https://github.com/d78ui98/APKDeepLens

GitHub - d78ui98/APKDeepLens: Android security insights in full spectrum.

Android security insights in full spectrum. Contribute to d78ui98/APKDeepLens development by creating an account on GitHub.

👍2

926 views12:44

Source Code Disclosure in IIS 10.0! Almost.

There is a method to reveal the source code of some .NET apps. Here's how it works.

https://swarm.ptsecurity.com/source-code-disclosure-in-asp-net-apps/

Source Code Disclosure in ASP.NET apps

Earn $10,000 on bugbounty with this little trick!

🔥2

1.06K views12:45

Experimental Windows x64 Kernel Rootkit.

https://github.com/eversinc33/Banshee

GitHub - eversinc33/Banshee: Experimental Windows x64 Kernel Rootkit with anti-rootkit evasion features.

Experimental Windows x64 Kernel Rootkit with anti-rootkit evasion features. - eversinc33/Banshee

👍1🔥1

940 views04:07

FuncAddressPro
A stealthy, assembly-based tool for secure function address resolution, offering a robust alternative to GetProcAddress.
https://github.com/WKL-Sec/FuncAddressPro

GitHub - WKL-Sec/FuncAddressPro: A stealthy, assembly-based tool for secure function address resolution, offering a robust alternative…

A stealthy, assembly-based tool for secure function address resolution, offering a robust alternative to GetProcAddress. - WKL-Sec/FuncAddressPro

🔥1

1.01K views04:10

WORKSHOP ⧸⧸ Reversing with Ghidra

https://www.youtube.com/watch?v=CO70I0813Gk

WORKSHOP ⧸⧸ Reversing with Ghidra ⧸⧸ Jeremy Blackthorne

Jeremy Blackthorne goes over the major features of Ghidra in his highly interactive 2 hour workshop Reversing with Ghidra.

👍1

1.02K views20:09

Two Bytes is Plenty: FortiGate RCE with CVE-2024-21762

https://www.assetnote.io/resources/research/two-bytes-is-plenty-fortigate-rce-with-cve-2024-21762

www.assetnote.io

Two Bytes is Plenty: FortiGate RCE with CVE-2024-21762

Early this February, Fortinet released an advisory for an "out-of-bounds write vulnerability" that could lead to remote code execution. The issue affected the SSL VPN component of their FortiGate network appliance and was potentially already being exploited…

🔥5

1.01K views17:59