Pentester – Telegram

Pentester

2.94K subscribers

120 photos

3 videos

163 files

2.77K links

- Offensive Security (Red Teaming / PenTesting)
- BlueTeam (OperationSec, TreatHunting, DFIR)
- Reverse Engineering / Malware Analisys
- Web Security

Download Telegram

About

Blog

Apps

Platform

2.94K subscribers

Better API Penetration Testing with Postman:-

Part 1:-
https://t.co/Xeb5rT0pYW

Part 2:-
https://t.co/IXKVcK8HjY

Part 3:-
https://t.co/uUsDxNlsFi

Part 4:-
https://t.co/O0zlGzEF9v

115 views18:15

https://medium.com/@ryanwendel/https-medium-com-ryan-wendel-burp-suite-tips-volume-1-3a37f49f8931

Burp Suite Tips — Volume 1

Compilation of basic Burp Suite tips to utilize when assessing the security posture of web applications.

109 views19:56

More C# utility. WMI utility allow you to run WMI query directly in C#. Can be used with execute-assembly.

https://t.co/dU4XzZxGTS

Mr-Un1k0d3r/RedTeamCSharpScripts

C# Script used for Red Team. Contribute to Mr-Un1k0d3r/RedTeamCSharpScripts development by creating an account on GitHub.

103 views06:03

https://www.bleepingcomputer.com/news/security/vbulletin-zero-day-exploited-for-years-gets-unofficial-patch/

BleepingComputer

vBulletin Zero-Day Exploited for Years, Gets Unofficial Patch

A zero-day exploit for the vBulletin forum platform was publicly disclosed and quickly used to attack affected versions of the forum software. It turns out, though, that this exploit has been known, utilized, and sold by researchers and attackers for years.

98 views12:36

https://github.com/Team-Firebugs/Burp-LFI-tests

GitHub - Team-Firebugs/Burp-LFI-tests: Fuzzing for LFI using Burpsuite

Fuzzing for LFI using Burpsuite. Contribute to Team-Firebugs/Burp-LFI-tests development by creating an account on GitHub.

96 views04:05

http://verneet.com/fuzzing-77-till-p1/

Fuzzing {{7*7}} Till {{P1}} | {err0rr}

In this methodology I've specified a way to exploit SSTI where traditional methods of exploitation failed.

93 views04:06

SSRF(Server Side Request Forgery) writeups:-

https://t.co/RQrtL8ls2L
https://t.co/mbK0sW69m8
https://t.co/XAhD0T5DEe
https://t.co/HucqY77XyQ
https://t.co/jCWXUIuAHi
https://t.co/458Z62gsOb
https://t.co/guRJy9rKwD
https://t.co/D0BsTYiupz https://t.co/7pUpI4aozV

SSRF(Server Side Request Forgery)

Server Side Request Forgery (SSRF) is a type of attack that can be carried out to compromise a server. The exploitation of an SSRF…

101 views04:07

https://vavkamil.cz/2019/09/15/how-to-bypass-android-certificate-pinning-and-intercept-ssl-traffic/

Kamil Vavra @vavkamil

How to bypass Android certificate pinning and intercept SSL traffic

Offensive website security Bug bounty Ethical hacking

111 views04:08

https://github.com/Frint0/mass-pwn-vbulletin

107 views04:18

Simple Webserver with ncat

ncat --keep-open -l -p 1337 -c "printf 'HTTP/1.1 200 OK\r\n\r\n'; cat ~/evil.html"

109 views05:50

https://portswigger.net/web-security/cross-site-scripting/cheat-sheet

portswigger.net

Cross-Site Scripting (XSS) Cheat Sheet - 2026 Edition | Web Security Academy

Interactive cross-site scripting (XSS) cheat sheet for 2026, brought to you by PortSwigger. Actively maintained, and regularly updated with new vectors.

148 views05:51

https://0xpatrik.com/subdomain-enumeration-smarter/

92 views05:16

Nmap-cheatsheet: Reference guide for mapping networks. https://t.co/58e3Ef5Wkg

jasonniebauer/Nmap-Cheatsheet

Reference guide for scanning networks with Nmap. Contribute to jasonniebauer/Nmap-Cheatsheet development by creating an account on GitHub.

99 views05:16

SharpDoor is alternative RDPWrap written in C# to allowed multiple RDP (Remote Desktop) sessions by patching termsrv.dll file.
https://t.co/OGLdX5FeAD

infosecn1nja/SharpDoor

SharpDoor is alternative RDPWrap written in C# to allowed multiple RDP (Remote Desktop) sessions by patching termsrv.dll file. - infosecn1nja/SharpDoor

118 views05:19

https://frederik-braun.com/firefox-ui-xss-leading-to-rce.html

Frederik Braun - Remote Code Execution in Firefox beyond memory corruptions

Click to view Frederik's blog post

103 views05:20

MobileApp-Pentest-Cheatsheet:-
The Mobile App Pentest cheat sheet was created to provide concise collection of high value information on specific mobile application penetration testing topics:-

https://t.co/uTnySvb81o

tanprathan/MobileApp-Pentest-Cheatsheet

The Mobile App Pentest cheat sheet was created to provide concise collection of high value information on specific mobile application penetration testing topics. - tanprathan/MobileApp-Pentest-Chea...

110 views17:52

Re: [exim] [oss-security] Exim CVE-2019-16928 RCE using a heap-based buffer overflow
https://lists.exim.org/lurker/message/20190928.232024.589b2ef5.en.html

101 views17:59

Spartan: Recon Automation.

https://t.co/5GYZkoXFrf

Mad-robot/Spartan

My Recon Automation. Contribute to Mad-robot/Spartan development by creating an account on GitHub.

109 views04:18

https://www.hackingarticles.in/web-application-pentest-lab-setup-using-docker/

Hacking Articles

Web Application Pentest Lab setup Using Docker

Learn how to set up a web application pentest lab using Docker, and understand the benefits of containerization for security testing now.

108 views04:53

Finding the real IP behind Cloudflare has never been so easy. Here you are a tool to search on @shodanhq starting from a simple favicon

https://t.co/HAGJo6fuWi

pielco11/fav-up

IP lookup by favicon using Shodan. Contribute to pielco11/fav-up development by creating an account on GitHub.

102 views05:21

https://github.com/threat9/routersploit

GitHub - threat9/routersploit: Exploitation Framework for Embedded Devices

Exploitation Framework for Embedded Devices. Contribute to threat9/routersploit development by creating an account on GitHub.

92 views19:40