Pentester

Reminder for those asking me how to get started, this is one of the repos you will find a lot of info you need. It's overwhelming. Make a list of skills you want to learn and focus on one each. https://t.co/Dnhng9e4Kk

list of ctf sites on my site here:

https://t.co/9YboEtLmz2

GitHub

Hack-with-Github/Awesome-Hacking

A collection of various awesome lists for hackers, pentesters and security researchers - Hack-with-Github/Awesome-Hacking

102 views05:13

Pentester

POC, RemoteViewing, to demo RDP credential theft (adapted from @0x09AL post => https://t.co/sUhkZ7asOR) using EasyHook and Donut ☠️🖥️. More details on GitHub => https://t.co/bRXrFOR7Zu

www.mdsec.co.uk

RdpThief: Extracting Clear-text Credentials from Remote Desktop Clients – MDSec

113 views05:19

Pentester

Extracting cipher key from WhatsApp on Android >= 7 without root

https://t.co/TGiyX8lpyt

Plain Security

Extracting cipher key from WhatsApp on Android >= 7 without root - Plain Security

Introducing WhatsDump, a software which allows you to extract the cipher key to decrypt msgstore.db.crypt12 databases on latest Android devices.

114 views19:29

Pentester

https://www.hahwul.com/2019/10/find-subdomain-takeover-with-amass-and-subjack.html?m=1

119 views19:42

Pentester

Sn1per v7.4 Released! New exploits (shoutout @D0rkerDevil), virtual host scanning, several new OSINT checks, various fixes + more! https://t.co/Z4NUaXRieP

GitHub

1N3/Sn1per

Automated pentest framework for offensive security experts - 1N3/Sn1per

129 views04:27

Pentester

Open sourced legal documentation used for physical penetration tests.

The purpose is to help the community and organizations protect their employees when conducting testing.

Includes three docs:

MSA
SOW
Authorization Letter

https://t.co/Tco6WuuuaU

GitHub

trustedsec/physical-docs

This is a collection of legal wording and documentation used for physical security assessments. The goal is to hopefully allow this as a template for other companies to use and to protect themselve...

115 views04:31

Pentester

Helpful info on making Firefox stop polluting your Burp session with superfluous requests:
https://t.co/93MP5jRH2s

Black Hills Information Security

Towards a Quieter Firefox - Black Hills Information Security

Brian King // On a recent webapp test, I got a little frustrated with all the extra HTTP requests showing up in my Burpsuite Proxy History from connections that Firefox was making on its own. I was having to scroll around way more than I used to while trying…

97 views04:32

Pentester

CVE-2019-12409: Apache Solr RCE vulnerability due to bad config default (JMX ) https://t.co/xQCOw10eD0

jython https://t.co/vkuiUeaCT2 xxx 18983 command super_secret "ls -la"

https://t.co/WkAdM31DMz

MOGWAI LABS GmbH web site

Attacking RMI based JMX services

An attack primer on how to hack into RMI based JMX services

114 viewsedited 04:34

Pentester

Beginner Network Penetration Testing : https://t.co/w31CGxiQoC

Repo : https://t.co/n1mT7ehwS3

YouTube

Full Ethical Hacking Course - Beginner Network Penetration Testing (2019)

25 Hour Practice Ethical Hacking Course:
https://www.udemy.com/course/practical-ethical-hacking/?referralCode=4A7D5EE973AFBCAD11C6
90% Discount Code (valid through 2019): THECYBERMENTOR

GitHub repo (for homework): https://github.com/hmaverickadams/Beginner…

150 views03:55

Pentester

snek : PowerShell wrapper around Python for .NET to invoke Python from PowerShell : https://t.co/lJz1fHcmgU

More : https://t.co/vvjVukTwD8

GitHub

adamdriscoll/snek

PowerShell wrapper around Python for .NET to invoke Python from PowerShell - adamdriscoll/snek

109 views04:12

Pentester

https://portswigger.net/research/cracking-recaptcha-turbo-intruder-style

PortSwigger Research

Cracking reCAPTCHA, Turbo Intruder style

Tired of proving you're not a robot? In this post, I'll show how you can partially bypass Google reCAPTCHA by using a new Turbo Intruder feature to trigger a race condition. This vulnerability was rep

102 views20:47

Pentester

https://unit42.paloaltonetworks.com/docker-patched-the-most-severe-copy-vulnerability-to-date-with-cve-2019-14271/

Unit 42

Docker Patched the Most Severe Copy Vulnerability to Date With CVE-2019-14271

Unit 42 researchers share details on a severe Docker container breakout vulnerability and outline a proof-of-concept that demonstrates how it can be exploited if a container has been compromised by a previous attack.

124 views04:34

Pentester

WinPwn : Automation for internal Windows Penetrationtest / AD-Security : https://t.co/KrF6NMmuG4

GitHub

S3cur3Th1sSh1t/WinPwn

Automation for internal Windows Penetrationtest / AD-Security - S3cur3Th1sSh1t/WinPwn

105 views04:18

Pentester

Introducing the fzero fuzzer! A target-architecture-agnostic grammar-based fuzzer (inspired by F1). With no input size constraints, multi-thread support, and all Rust code for no corruption bugs. 5x faster than the worlds fastest grammar-based fuzzer https://t.co/THfpliGou4

GitHub

gamozolabs/fzero_fuzzer

A fast Rust-based safe and thead-friendly grammar-based fuzz generator - gamozolabs/fzero_fuzzer

105 views08:06

Pentester

10 years ago @achillean launched the Shodan website! To celebrate a decade of discovery and growth we're going to offer the membership for $1 (marked down from $49) for the next 24 hours (0:00 UTC to 24:00 UTC): https://t.co/e6mRc8kQGt

91 views08:09

Pentester

https://medium.com/@tomac/building-up-a-basic-physical-red-team-toolkit-and-skillset-81670a2dd454

Medium

Building up a basic Physical Red Team toolkit and skillset.

As the cybersecurity industry moves from the traditional network vulnerability assessment services to replicating attacks from advanced…

93 views09:14

Pentester

Blog post on CVE-2019-2215, the Android binder bug that was exploited in-the-wild and affected most Android devices manufactured prior to Fall 2018.

https://t.co/guN9P0sXj4

Blogspot

Bad Binder: Android In-The-Wild Exploit

Posted by Maddie Stone, Project Zero Introduction On October 3, 2019, we disclosed issue 1942 (CVE-2019-2215), which is a use-afte...

88 views09:15

About

Blog

Apps

Platform