Pentester
@news4hack
2.94K subscribers
120 photos
3 videos
163 files
2.77K links
- Offensive Security (Red Teaming / PenTesting)
- BlueTeam (OperationSec, TreatHunting, DFIR)
- Reverse Engineering / Malware Analisys
- Web Security
Download Telegram
About
Blog
Apps
Platform
Join
Pentester
2.94K subscribers
Pentester
More C# utility. WMI utility allow you to run WMI query directly in C#. Can be used with execute-assembly.

https://t.co/dU4XzZxGTS
GitHub
Mr-Un1k0d3r/RedTeamCSharpScripts
C# Script used for Red Team. Contribute to Mr-Un1k0d3r/RedTeamCSharpScripts development by creating an account on GitHub.
103 views
Pentester
https://www.bleepingcomputer.com/news/security/vbulletin-zero-day-exploited-for-years-gets-unofficial-patch/
BleepingComputer
vBulletin Zero-Day Exploited for Years, Gets Unofficial Patch
A zero-day exploit for the vBulletin forum platform was publicly disclosed and quickly used to attack affected versions of the forum software. It turns out, though, that this exploit has been known, utilized, and sold by researchers and attackers for years.
98 views
Pentester
https://github.com/Team-Firebugs/Burp-LFI-tests
GitHub
GitHub - Team-Firebugs/Burp-LFI-tests: Fuzzing for LFI using Burpsuite
Fuzzing for LFI using Burpsuite. Contribute to Team-Firebugs/Burp-LFI-tests development by creating an account on GitHub.
96 views
Pentester
http://verneet.com/fuzzing-77-till-p1/
{err0rr}
Fuzzing {{7*7}} Till {{P1}} | {err0rr}
In this methodology I've specified a way to exploit SSTI where traditional methods of exploitation failed.
93 views
Pentester
SSRF(Server Side Request Forgery) writeups:-

https://t.co/RQrtL8ls2L
https://t.co/mbK0sW69m8
https://t.co/XAhD0T5DEe
https://t.co/HucqY77XyQ
https://t.co/jCWXUIuAHi
https://t.co/458Z62gsOb
https://t.co/guRJy9rKwD
https://t.co/D0BsTYiupz https://t.co/7pUpI4aozV
Medium
SSRF(Server Side Request Forgery)
Server Side Request Forgery (SSRF) is a type of attack that can be carried out to compromise a server. The exploitation of an SSRF…
101 views
Pentester
https://vavkamil.cz/2019/09/15/how-to-bypass-android-certificate-pinning-and-intercept-ssl-traffic/
Kamil Vavra @vavkamil
How to bypass Android certificate pinning and intercept SSL traffic
Offensive website security Bug bounty Ethical hacking
111 views
Pentester
https://github.com/Frint0/mass-pwn-vbulletin
107 views
Pentester
Simple Webserver with ncat

ncat --keep-open -l -p 1337 -c "printf 'HTTP/1.1 200 OK\r\n\r\n'; cat ~/evil.html"
109 views
Pentester
https://portswigger.net/web-security/cross-site-scripting/cheat-sheet
portswigger.net
Cross-Site Scripting (XSS) Cheat Sheet - 2026 Edition | Web Security Academy
Interactive cross-site scripting (XSS) cheat sheet for 2026, brought to you by PortSwigger. Actively maintained, and regularly updated with new vectors.
148 views
Pentester
https://0xpatrik.com/subdomain-enumeration-smarter/
92 views
Pentester
Nmap-cheatsheet: Reference guide for mapping networks. https://t.co/58e3Ef5Wkg
GitHub
jasonniebauer/Nmap-Cheatsheet
Reference guide for scanning networks with Nmap. Contribute to jasonniebauer/Nmap-Cheatsheet development by creating an account on GitHub.
99 views
Pentester
SharpDoor is alternative RDPWrap written in C# to allowed multiple RDP (Remote Desktop) sessions by patching termsrv.dll file.
https://t.co/OGLdX5FeAD
GitHub
infosecn1nja/SharpDoor
SharpDoor is alternative RDPWrap written in C# to allowed multiple RDP (Remote Desktop) sessions by patching termsrv.dll file. - infosecn1nja/SharpDoor
118 views
Pentester
https://frederik-braun.com/firefox-ui-xss-leading-to-rce.html
Frederik Braun
Frederik Braun - Remote Code Execution in Firefox beyond memory corruptions
Click to view Frederik's blog post
103 views
Pentester
MobileApp-Pentest-Cheatsheet:-
The Mobile App Pentest cheat sheet was created to provide concise collection of high value information on specific mobile application penetration testing topics:-

https://t.co/uTnySvb81o
GitHub
tanprathan/MobileApp-Pentest-Cheatsheet
The Mobile App Pentest cheat sheet was created to provide concise collection of high value information on specific mobile application penetration testing topics. - tanprathan/MobileApp-Pentest-Chea...
110 views
Pentester
Re: [exim] [oss-security] Exim CVE-2019-16928 RCE using a heap-based buffer overflow
https://lists.exim.org/lurker/message/20190928.232024.589b2ef5.en.html
101 views
Pentester
Spartan: Recon Automation.

https://t.co/5GYZkoXFrf
GitHub
Mad-robot/Spartan
My Recon Automation. Contribute to Mad-robot/Spartan development by creating an account on GitHub.
109 views
Pentester
https://www.hackingarticles.in/web-application-pentest-lab-setup-using-docker/
Hacking Articles
Web Application Pentest Lab setup Using Docker
Learn how to set up a web application pentest lab using Docker, and understand the benefits of containerization for security testing now.
108 views
Pentester
Finding the real IP behind Cloudflare has never been so easy. Here you are a tool to search on @shodanhq starting from a simple favicon

https://t.co/HAGJo6fuWi
GitHub
pielco11/fav-up
IP lookup by favicon using Shodan. Contribute to pielco11/fav-up development by creating an account on GitHub.
102 views
Pentester
https://github.com/threat9/routersploit
GitHub
GitHub - threat9/routersploit: Exploitation Framework for Embedded Devices
Exploitation Framework for Embedded Devices. Contribute to threat9/routersploit development by creating an account on GitHub.
92 views
Pentester
Updated course for reverse engineering iOS applications for iOS 12 and added a new .epub file for you to read on your tablet or eReader:

https://t.co/reioa3YglN
GitHub
ivRodriguezCA/RE-iOS-Apps
A completely free, open source and online course about Reverse Engineering iOS Applications. - ivRodriguezCA/RE-iOS-Apps
88 views
Pentester
If you love Android security, you will love these 8 new vulnerabilities in Android's VoIP components found by Daoyuan Wu and his team https://t.co/fKupSDh7Xt

He is a very good researcher and his others papers are definitely worth looking https://t.co/7j4LwFN6q8
97 viewsedited