Pentester
@news4hack
2.94K subscribers
120 photos
3 videos
163 files
2.77K links
- Offensive Security (Red Teaming / PenTesting)
- BlueTeam (OperationSec, TreatHunting, DFIR)
- Reverse Engineering / Malware Analisys
- Web Security
Download Telegram
About
Blog
Apps
Platform
Join
Pentester
2.94K subscribers
Pentester
https://medium.com/@geminiimatt/creating-an-online-persona-deb4cd8c7f46
Medium
PRIVACY RECIPE: Creating an online persona
How To Create a Private Online Identity with An Anonymous Email Address and a Virtual Phone.
67 views
Pentester
https://medium.com/@osamaavvan/json-csrf-to-formdata-attack-eb65272376a2
Medium
JSON CSRF To FormData Attack
So you guys must be aware of CSRF attack, if not then here is a short intro:
60 views
Pentester
gophish: Open-source phishing toolkit designed for businesses and penetration testers. It provides the ability to quickly and easily setup and execute phishing engagements and security awareness training.

https://t.co/socwoZRCPq
GitHub
gophish/gophish
Open-Source Phishing Toolkit. Contribute to gophish/gophish development by creating an account on GitHub.
65 views
Pentester
Hiding in plain sights with rogue/fake computer accounts:

1/2) https://t.co/qmoAW70RFz
2/2) https://t.co/E57cqSzKom
blog.menasec.net
Threat Hunting #6 - Hiding in plain sights with real or rogue computer accounts - Part 1/2
Every Windows computer that joins a domain has a computer account. Similar to user accounts, computer accounts provide a means for authentic...
70 views
Pentester
Quick Tip: While you are trying to find more subdomains and you use the Google Dork: site:*.example.com, NEVER forget to check
site:*.*.example.com and
site:*.*.*.example.com
74 views
Pentester
https://posts.specterops.io/offensive-lateral-movement-1744ae62b14f
Medium
Offensive Lateral Movement
Lateral movement is the process of moving from one compromised host to another. Penetration testers and red teamers alike commonly used to…
81 views
Pentester
https://brutelogic.com.br/blog/xss-via-http-headers/
84 views
Pentester
https://blog.cobaltstrike.com/2019/08/21/cobalt-strikes-process-injection-the-details/amp/?__twitter_impression=true
Strategic Cyber LLC
Cobalt Strike’s Process Injection: The Details
Cobalt Strike 3.14 finally delivered some of the process injection flexibility I’ve long wanted to see in the product. In this post, I’d like to write about my thoughts on process injection, and sh…
78 views
Pentester
https://github.com/nahamsec/lazyrecon
GitHub
GitHub - nahamsec/lazyrecon: This script is intended to automate your reconnaissance process in an organized fashion
This script is intended to automate your reconnaissance process in an organized fashion - nahamsec/lazyrecon
69 views
Pentester
CVE-2019-12527: Code Execution on Squid Proxy Through a Heap Buffer Overflow - the Trend Micro Research team provides details about this recently patched vuln. https://t.co/9G2nBaU4kx
Zero Day Initiative
Zero Day Initiative — CVE-2019-12527: Code Execution on Squid Proxy Through a Buffer Overflow
In this excerpt of a Trend Micro Vulnerability Research Service report, Saran Neti and Sivathmican Sivakumaran of the Trend Micro Research Team detail a recent buffer overflow vulnerability in the Squid web proxy. A remote, unauthenticated attacker could…
61 views
Pentester
https://medium.com/mitre-attack/attack-sub-techniques-preview-b79ff0ba669a
Medium
ATT&CK Sub-Techniques Preview
ATT&CK Sub-Techniques Preview
71 views
Pentester
https://gist.github.com/nstarke/ed0aba2c882b8b3078747a567ee00520
Gist
Reversing Cisco IOS Raw Binary Firmware Images with Ghidra
Reversing Cisco IOS Raw Binary Firmware Images with Ghidra - 01-reversing-cisco-ios-raw-binary-firmware-images-with-ghidra.md
64 views
Pentester
https://medium.com/@yogendra_h1/ios-application-security-jailbreak-12-4-5e3fc0dc0726
Medium
[iOS Application Security] Jailbreak 12.4
Hello Everyone — Long time no see!
68 views
Pentester
https://www.blackhillsinfosec.com/how-to-hack-websockets-and-socket-io/
Black Hills Information Security, Inc.
How to Hack WebSockets and Socket.io - Black Hills Information Security, Inc.
Ethan Robish // WebSockets Overview WebSockets is a technology to allow browsers and servers to establish a single TCP connection and then asynchronously communicate in either direction. This is great […]
58 views
Pentester
LinkDumper TabView: https://t.co/hqgOGqaeb4
GitHub
arbazkiraak/LinksDumper
Extract (links/possible endpoints) from responses & filter them via decoding/sorting - arbazkiraak/LinksDumper
55 views
Pentester
https://osandamalith.com/2019/08/26/converting-an-exe-to-a-dll/amp/?__twitter_impression=true
🔐Blog of Osanda
Converting an EXE to a DLL | 🔐Blog of Osanda
I’ve been doing some crazy experiments on running an EXE as a DLL. Here are some parts of my research. Case #1 Let’s take a simple example like a MessageBox. [crayon-6005ebcab5257530159844/] After …
67 views
Pentester
https://iwantmore.pizza/posts/dnscat2-over-doh.html
63 views
Pentester
https://gist.github.com/TarlogicSecurity/2f221924fef8c14a1d8e29f3cb5c5c4a
Gist
A cheatsheet with commands that can be used to perform kerberos attacks
A cheatsheet with commands that can be used to perform kerberos attacks - kerberos_attacks_cheatsheet.md
56 views
Pentester
https://googleprojectzero.blogspot.com/2019/08/a-very-deep-dive-into-ios-exploit.html?m=1
Blogspot
A very deep dive into iOS Exploit chains found in the wild
Posted by Ian Beer, Project Zero Project Zero’s mission is to make 0-day hard. We often work with other companies to find and report se...
54 views
Pentester
https://adapt-and-attack.com/2019/08/29/proxying-com-for-stable-hijacks/amp/?__twitter_impression=true
Adapt and Attack
Proxying COM For Stable Hijacks
COM hijacking presents a unique way to load your rogue DLL into another process. In a post-PowerShell world with increasing optics into in-memory tactics, COM hijacking may provide an alternative t…
63 views
Pentester
Open Source C++ Crypter. AES-256 Bit Encryption, Virtual Machine Detection and Almost FUD https://t.co/Fp5ogdSja9
GitHub
Include-sys/hCrypt
Open Source C++ Crypter. AES-256 Bit Encryption, Virtual Machine Detection and Almost FUD - Include-sys/hCrypt
66 views