Lynis : Security auditing tool for Linux, macOS, and UNIX-based systems (Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional ) : https://t.co/JKnJuZXJ2d

Repo : https://t.co/MBl98ddJ4b

CVE-2019-0211 Apache Root Privilege Escalation

https://t.co/oxVzvX6BX7

0day Alert: Bypassing CVE-2019-10875 or, Xiaomi's Mint Browser's URL Spoofing patch: Discovered by Renwa - Andmp | A blog about infosec, bug hunting and more!
https://www.andmp.com/2019/04/bypassing-cve-2019-10875-or-xiaomis.html?m=1

A Pentester’s Guide – Part 1 (OSINT – Passive Recon and Discovery of Assets) : https://t.co/JrGxbI6Wew

Part 2 : (OSINT – LinkedIn is Not Just for Jobs) : https://t.co/llKKseBYV4

How regular expression and fuzzing change my approach for finding vulnerabilities (Series part 1.)
http://securityviacode.in/view_article/How%20regular%20expression%20and%20fuzzing%20change%20my%20approach%20for%20finding%20vulnerabilities%20(Series%20part%201.)

How to do mobile application penetration testing:-

Part I:-
https://t.co/8J6ouL9Quk
Part 2:-
https://t.co/HzvijVY8oH
Part 3:-
https://t.co/vnaXsfPAcY

Researcher publishes Google Chrome exploit | ZDNet
https://www.zdnet.com/article/researcher-publishes-google-chrome-exploit/

A Pentester's Guide - Part 3 (OSINT, Breach Dumps, & Password Spraying)
https://delta.navisec.io/osint-for-pentesters-part-3-password-spraying-methodology/

GitHub - cujanovic/SSRF-Testing: SSRF (Server Side Request Forgery) testing resources
https://github.com/cujanovic/SSRF-Testing

GodOfWar - Malicious Java WAR Builder With Built-In Payloads
http://amp.kitploit.com/2019/04/godofwar-malicious-java-war-builder.html?amp=0

GitHub - nongiach/sudo_inject: [Linux] Two Privilege Escalation techniques abusing sudo token
https://github.com/nongiach/sudo_inject

Release 2.2.0 20190411 Chrome database · gentilkiwi/mimikatz · GitHub
https://github.com/gentilkiwi/mimikatz/releases/tag/2.2.0-20190411

Bug Bounty Methodology · 0xhelloworld/public Wiki · GitHub
https://github.com/0xhelloworld/public/wiki/Bug-Bounty-Methodology

Chaining Multiple Vulnerabilities + WAF bypass to Account Takeover in almost all Alibaba’s websites
https://medium.com/@y.shahinzadeh/chaining-multiple-vulnerabilities-waf-bypass-to-account-takeover-in-almost-all-alibabas-websites-f8643eaa2855

Need to escalate privs? Have access to PowerShell? Pull the command history. PS v5 now logs everything!

cat (Get-PSReadlineOption).HistorySavePath
or
cat (Get-PSReadlineOption).HistorySavePath | sls password
or
cat (Get-PSReadlineOption).HistorySavePath | sls accountpassword

My Journey Writing A Post Exploitation Tool for macOS
https://medium.com/red-teaming-with-a-blue-team-mentaility/my-journey-writing-a-post-exploitation-tool-for-macos-d8293d51244f

My Personal OSINT Techniques, Part 1 of 2: Key & Layer, Contingency Seeding - Reconnaissance - 0x00sec - The Home of the Hacker
http://0x00sec.org/t/my-personal-osint-techniques-part-1-of-2-key-layer-contingency-seeding/13033

Emotet malware analysis. Part 1. | Persianov on Security
https://persianov.net/emotet-malware-analysis-part-1

File path traversal
https://portswigger.net/web-security/file-path-traversal