Pentester – Telegram

Pentester

2.95K subscribers

120 photos

3 videos

163 files

2.77K links

- Offensive Security (Red Teaming / PenTesting)
- BlueTeam (OperationSec, TreatHunting, DFIR)
- Reverse Engineering / Malware Analisys
- Web Security

Download Telegram

About

Blog

Apps

Platform

2.95K subscribers

snek : PowerShell wrapper around Python for .NET to invoke Python from PowerShell : https://t.co/lJz1fHcmgU

More : https://t.co/vvjVukTwD8

adamdriscoll/snek

PowerShell wrapper around Python for .NET to invoke Python from PowerShell - adamdriscoll/snek

109 views04:12

https://portswigger.net/research/cracking-recaptcha-turbo-intruder-style

PortSwigger Research

Cracking reCAPTCHA, Turbo Intruder style

Tired of proving you're not a robot? In this post, I'll show how you can partially bypass Google reCAPTCHA by using a new Turbo Intruder feature to trigger a race condition. This vulnerability was rep

102 views20:47

https://unit42.paloaltonetworks.com/docker-patched-the-most-severe-copy-vulnerability-to-date-with-cve-2019-14271/

Docker Patched the Most Severe Copy Vulnerability to Date With CVE-2019-14271

Unit 42 researchers share details on a severe Docker container breakout vulnerability and outline a proof-of-concept that demonstrates how it can be exploited if a container has been compromised by a previous attack.

124 views04:34

WinPwn : Automation for internal Windows Penetrationtest / AD-Security : https://t.co/KrF6NMmuG4

S3cur3Th1sSh1t/WinPwn

Automation for internal Windows Penetrationtest / AD-Security - S3cur3Th1sSh1t/WinPwn

105 views04:18

Introducing the fzero fuzzer! A target-architecture-agnostic grammar-based fuzzer (inspired by F1). With no input size constraints, multi-thread support, and all Rust code for no corruption bugs. 5x faster than the worlds fastest grammar-based fuzzer https://t.co/THfpliGou4

gamozolabs/fzero_fuzzer

A fast Rust-based safe and thead-friendly grammar-based fuzz generator - gamozolabs/fzero_fuzzer

105 views08:06

10 years ago @achillean launched the Shodan website! To celebrate a decade of discovery and growth we're going to offer the membership for $1 (marked down from $49) for the next 24 hours (0:00 UTC to 24:00 UTC): https://t.co/e6mRc8kQGt

91 views08:09

https://medium.com/@tomac/building-up-a-basic-physical-red-team-toolkit-and-skillset-81670a2dd454

Building up a basic Physical Red Team toolkit and skillset.

As the cybersecurity industry moves from the traditional network vulnerability assessment services to replicating attacks from advanced…

93 views09:14

Blog post on CVE-2019-2215, the Android binder bug that was exploited in-the-wild and affected most Android devices manufactured prior to Fall 2018.

https://t.co/guN9P0sXj4

Bad Binder: Android In-The-Wild Exploit

Posted by Maddie Stone, Project Zero Introduction On October 3, 2019, we disclosed issue 1942 (CVE-2019-2215), which is a use-afte...

88 views09:15

https://medium.com/@cyb3rops/the-problems-with-todays-red-teaming-7b8ed1e735c9

The Problems With Today's Red Teaming

Just recently I stumbled over a Twitter poll created by Andrew Thompson asking if defenders (blue team) should show the simulated…

97 views09:21

Kubernetes Pentest Methodology :-

Part 1:-
https://t.co/dEMDs8nTfH

Part 2:-
https://t.co/MvhDBBBqw2

Part 3:-
https://t.co/ZkaQyai53W

Kubernetes Pentest Methodology Part 1 | CyberArk

As the pace of life accelerates, we spend less time waiting or in downtime. Kubernetes offers something similar for our life with technology. It is a container orchestration platform that offers an easy, automated way...

99 views03:46

https://ics-cert.kaspersky.com/reports/2019/11/22/vnc-vulnerability-research/

112 views04:08

127 views04:21

Learn_Kali_Linux_2019__Perform_Powerful.pdf

233 views04:22

Automated Docker TCP Socket Host Takeover : https://t.co/k45lyTaMi3

AbsoZed/DockerPwn.py

Python automation of Docker.sock abuse. Contribute to AbsoZed/DockerPwn.py development by creating an account on GitHub.

116 views04:38

https://medium.com/dragonfly-research/breaking-mimblewimble-privacy-model-84bcd67bfe52

Breaking Mimblewimble’s Privacy Model

TL;DR: Mimblewimble’s privacy is fundamentally flawed. Using only $60/week of AWS spend, I was able to uncover the exact addresses of…

128 views04:41

https://medium.com/@curtbraz/getting-malicious-office-documents-to-fire-with-protected-view-4de18668c386

Getting Malicious Office Documents to Fire with Protected View Enabled

A Potential Bypass Technique

123 views04:43

MySQL on OSS-Fuzz!
https://t.co/qgN0Qb8u2v

google/oss-fuzz

OSS-Fuzz - continuous fuzzing of open source software. - google/oss-fuzz

103 views04:58

https://medium.com/@Ne0nd0g/introducing-merlin-645da3c635a

Introducing Merlin — A cross-platform post-exploitation HTTP/2 Command & Control Tool

tl;dr Evade network detection during a penetration test/red team exercise by using a protocol that existing tools aren’t equipped to…

107 views05:26

https://www.kali.org/news/kali-linux-2019-4-release/

Kali Linux 2019.4 Release (Xfce, Gnome, GTK3, Kali-Undercover, Kali-Docs, KeX, PowerShell & Public Packaging)

Time to grab yourself a drink, this will take a while! We are incredibly excited to announce our fourth and final release of 2019, Kali Linux 2019.4, which is available immediately for download. 2019.4 includes some exciting new updates: A new default desktop…

103 views18:43

https://medium.com/@klockw3rk/privilege-escalation-leveraging-misconfigured-systemctl-permissions-bc62b0b28d49

Privilege Escalation: Systemctl (Misconfigured Permissions — sudo/SUID)

The binary, systemctl, is a process that exists in linux operating systems that is used to start different services, such as apache…

109 views03:47

https://medium.com/@ismailtasdelen/xml-external-entity-xxe-injection-payload-list-937d33e5e116

XML External Entity (XXE) Injection Payload List

127 views03:48