Pentester
@news4hack
2.96K subscribers
120 photos
3 videos
163 files
2.77K links
- Offensive Security (Red Teaming / PenTesting)
- BlueTeam (OperationSec, TreatHunting, DFIR)
- Reverse Engineering / Malware Analisys
- Web Security
Download Telegram
About
Blog
Apps
Platform
Join
Pentester
2.96K subscribers
Pentester
Kubernetes Pentest Methodology :-

Part 1:-
https://t.co/dEMDs8nTfH

Part 2:-
https://t.co/MvhDBBBqw2

Part 3:-
https://t.co/ZkaQyai53W
CyberArk
Kubernetes Pentest Methodology Part 1 | CyberArk
As the pace of life accelerates, we spend less time waiting or in downtime.  Kubernetes offers something similar for our life with technology. It is a container orchestration platform that offers an easy, automated way...
99 views
Pentester
https://ics-cert.kaspersky.com/reports/2019/11/22/vnc-vulnerability-research/
112 views
Pentester
127 views
Pentester
Learn_Kali_Linux_2019__Perform_Powerful.pdf
84.7 MB
233 views
Pentester
Automated Docker TCP Socket Host Takeover : https://t.co/k45lyTaMi3
GitHub
AbsoZed/DockerPwn.py
Python automation of Docker.sock abuse. Contribute to AbsoZed/DockerPwn.py development by creating an account on GitHub.
116 views
Pentester
https://medium.com/dragonfly-research/breaking-mimblewimble-privacy-model-84bcd67bfe52
Medium
Breaking Mimblewimble’s Privacy Model
TL;DR: Mimblewimble’s privacy is fundamentally flawed. Using only $60/week of AWS spend, I was able to uncover the exact addresses of…
128 views
Pentester
https://medium.com/@curtbraz/getting-malicious-office-documents-to-fire-with-protected-view-4de18668c386
Medium
Getting Malicious Office Documents to Fire with Protected View Enabled
A Potential Bypass Technique
123 views
Pentester
MySQL on OSS-Fuzz!
https://t.co/qgN0Qb8u2v
GitHub
google/oss-fuzz
OSS-Fuzz - continuous fuzzing of open source software. - google/oss-fuzz
103 views
Pentester
https://medium.com/@Ne0nd0g/introducing-merlin-645da3c635a
Medium
Introducing Merlin — A cross-platform post-exploitation HTTP/2 Command & Control Tool
tl;dr Evade network detection during a penetration test/red team exercise by using a protocol that existing tools aren’t equipped to…
107 views
Pentester
https://www.kali.org/news/kali-linux-2019-4-release/
Kali Linux
Kali Linux 2019.4 Release (Xfce, Gnome, GTK3, Kali-Undercover, Kali-Docs, KeX, PowerShell & Public Packaging)
Time to grab yourself a drink, this will take a while! We are incredibly excited to announce our fourth and final release of 2019, Kali Linux 2019.4, which is available immediately for download. 2019.4 includes some exciting new updates: A new default desktop…
103 views
Pentester
https://medium.com/@klockw3rk/privilege-escalation-leveraging-misconfigured-systemctl-permissions-bc62b0b28d49
Medium
Privilege Escalation: Systemctl (Misconfigured Permissions — sudo/SUID)
The binary, systemctl, is a process that exists in linux operating systems that is used to start different services, such as apache…
109 views
Pentester
https://medium.com/@ismailtasdelen/xml-external-entity-xxe-injection-payload-list-937d33e5e116
Medium
XML External Entity (XXE) Injection Payload List
PayloadBox
127 views
Pentester
Frida/QBDI Android API Fuzzer
https://t.co/t0X9hIIhcI
GitHub
andreafioraldi/frida-fuzzer
This experimetal fuzzer is meant to be used for API in-memory fuzzing. - andreafioraldi/frida-fuzzer
117 views
Pentester
https://github.com/In3tinct/See-SURF
GitHub
GitHub - In3tinct/See-SURF: Security tool to find potential vulnerable Server Side Request Forgery (SSRF) parameters.
Security tool to find potential vulnerable Server Side Request Forgery (SSRF) parameters. - In3tinct/See-SURF
115 views
Pentester
New release dirsearch
https://t.co/XL5DXIuyIR
GitHub
Release v0.3.9 · maurosoria/dirsearch
Added default extensions argument (-E).
Added suppress empty responses.
Recursion max depth.
Exclude responses with text and regexes.
Multiple fixes.
104 views
Pentester
Presentation of HTTP Desync Attacks will be at Black Hat Europe next week. New content includes a novel desync technique, major automation improvements, a defensive case-study, and updated bounty figures https://t.co/QCKbOqg1aZ
Blackhat
Black Hat Europe 2019
113 views
Pentester
Check if a server is running any vulnerable services

wget https://raw(.)githubusercontent(.)com/vulnersCom/nmap-vulners/master/vulners.nse -O /usr/share/nmap/scripts/vulners.nse && nmap --script-updatedb

All done, now you can do a scan with

nmap -sV --script vulners <target>
115 viewsedited  
Pentester
https://medium.com/swlh/hacking-websocket-25d3cba6a4b9
Medium
Hacking WebSocket
With Cross-Site WebSocket Hijacking attacks
120 views
Pentester
https://blog.usejournal.com/bug-hunting-methodology-part-1-91295b2d2066
Medium
Bug Hunting Methodology (part-1)
I am Shankar R from Tirunelveli (India). I am a security researcher from the last one year. Yes absolutely am doing bug bounty in the…
121 views
Pentester
https://blog.usejournal.com/bug-hunting-methodology-part-2-5579dac06150
Medium
Bug Hunting Methodology(Part-2)
Hi I am Shankar R from Tirunelveli (India). I hope you all doing good. I am a security researcher from the last one year. Yes absolutely…
126 views
Pentester
https://medium.com/@trapp3rhat/bug-hunting-methodology-part-3-457eaf9768a5
Medium
Bug Hunting Methodology(Part-3)
Hi I am Shankar R ( @trapp3r_hat) from Tirunelveli (India). I hope you all doing good. I am a security researcher from the last one year…
152 views