Pentester
@news4hack
2.95K subscribers
120 photos
3 videos
163 files
2.77K links
- Offensive Security (Red Teaming / PenTesting)
- BlueTeam (OperationSec, TreatHunting, DFIR)
- Reverse Engineering / Malware Analisys
- Web Security
Download Telegram
About
Blog
Apps
Platform
Join
Pentester
2.95K subscribers
Pentester
Finding the real IP behind Cloudflare has never been so easy. Here you are a tool to search on @shodanhq starting from a simple favicon

https://t.co/HAGJo6fuWi
GitHub
pielco11/fav-up
IP lookup by favicon using Shodan. Contribute to pielco11/fav-up development by creating an account on GitHub.
102 views
Pentester
https://github.com/threat9/routersploit
GitHub
GitHub - threat9/routersploit: Exploitation Framework for Embedded Devices
Exploitation Framework for Embedded Devices. Contribute to threat9/routersploit development by creating an account on GitHub.
92 views
Pentester
Updated course for reverse engineering iOS applications for iOS 12 and added a new .epub file for you to read on your tablet or eReader:

https://t.co/reioa3YglN
GitHub
ivRodriguezCA/RE-iOS-Apps
A completely free, open source and online course about Reverse Engineering iOS Applications. - ivRodriguezCA/RE-iOS-Apps
88 views
Pentester
If you love Android security, you will love these 8 new vulnerabilities in Android's VoIP components found by Daoyuan Wu and his team https://t.co/fKupSDh7Xt

He is a very good researcher and his others papers are definitely worth looking https://t.co/7j4LwFN6q8
97 viewsedited  
Pentester
https://awakened1712.github.io/hacking/hacking-whatsapp-gif-rce/
Home
How a double-free bug in WhatsApp turns to RCE
In this blog post, I’m going to share about a double-free vulnerability that I discovered in WhatsApp for Android, and how I turned it into an RCE. I informed this to Facebook. Facebook acknowledged and patched it officially in WhatsApp version 2.19.244.…
103 views
Pentester
https://www.vdalabs.com/2019/10/01/phishing-users-using-evilginx-and-bypassing-2fa/
VDA Labs
From the Experts
Stay up-to-date on the latest cybersecurity trends with this Cyber Security Blog. Learn how to improve your online security today!
106 views
Pentester
https://amp.kitploit.com/2019/07/hiddeneye-modern-phishing-tool-with.html?amp=1&m=1
KitPloit
HiddenEye - Modern Phishing Tool With Advanced Functionality (Android-Support-Available)
95 views
Pentester
https://www.kitploit.com/2019/10/subsh-online-subdomain-detect-script.html?m=1
KitPloit - PenTest & Hacking Tools
Sub.Sh - Online Subdomain Detect Script
97 views
Pentester
https://medium.com/bugbountywriteup/sql-injection-to-lfi-to-rce-536bed29a862
Medium
SQL injection to RCE
In the next lines I will expose a curious case that I experimented in a customer penetration testing days ago…
97 views
Pentester
https://bugs.chromium.org/p/project-zero/issues/detail?id=1942
99 views
Pentester
poc.c
9.2 KB
197 views
Pentester
Mobile Pentesting with FRIDA
[SLIDES] https://t.co/APhEluWkYa
Google Docs
frida_nn2019.pdf
105 views
Pentester
https://www.hahwul.com/p/ssrf-open-redirect-cheat-sheet.html?m=1
103 views
Pentester
TotalRecon installs all the recon tools you need.

https://t.co/cxAuN7oqkU
GitHub
vitalysim/totalrecon
TotalRecon installs all the recon tools you need. Contribute to vitalysim/totalrecon development by creating an account on GitHub.
108 views
Pentester
https://www.exploit-db.com/exploits/47465
Exploit Database
Joomla! 3.4.6 - 'configuration.php' Remote Code Execution
Joomla! 3.4.6 - 'configuration.php' Remote Code Execution.. webapps exploit for PHP platform
87 views
Pentester
Multiple D-Link Routers Found Vulnerable To Unauthenticated Remote Code Execution (will remian unpatched due to EOL) : https://t.co/RC9UAZIV1M
Fortinet Blog
Multiple D-Link Routers Found Vulnerable To Unauthenticated Remote Code Execution
FortiGuard Labs has discovered an unauthenticated command injection vulnerability in D-Link products that could lead to Remote Code Execution (RCE) upon successful exploitation. Learn more.…
95 views
Pentester
https://www.preempt.com/blog/drop-the-mic-2-active-directory-open-to-more-ntlm-attacks/
88 views
Pentester
WhatsApp GIF RCE on #android ---> https://t.co/ufQBRi6yMw (poc code in c)

note you will need memory leak vuln in order to have a full remote exploit. This is a local exploit where you have to figure out the address manually.
GitHub
dorkerdevil/CVE-2019-11932
double-free bug in WhatsApp exploit poc. Contribute to dorkerdevil/CVE-2019-11932 development by creating an account on GitHub.
105 views
Pentester
https://medium.com/@maverickNerd/recon-everything-48aafbb8987
Medium
Recon Everything
Bug Bounty Hunting Tip #1- Always read the Source Code
107 views
Pentester
https://secrary.com/Random/RedTeamTrick/
secrary[dot]com::blog
Simple Trick For Red Teams
https://secrary.com - Does it matter?
92 views
Pentester
This aggressor script adds three UAC bypass techniques to Cobalt Strike's interface + beacon console. These include:

https://t.co/zX43xhDGlX
GitHub
RhinoSecurityLabs/Aggressor-Scripts
Aggregation of Cobalt Strike's aggressor scripts. Contribute to RhinoSecurityLabs/Aggressor-Scripts development by creating an account on GitHub.
87 views