Pentester – Telegram

Pentester

2.96K subscribers

120 photos

3 videos

163 files

2.77K links

- Offensive Security (Red Teaming / PenTesting)
- BlueTeam (OperationSec, TreatHunting, DFIR)
- Reverse Engineering / Malware Analisys
- Web Security

Download Telegram

About

Blog

Apps

Platform

2.96K subscribers

127 views04:21

Learn_Kali_Linux_2019__Perform_Powerful.pdf

233 views04:22

Automated Docker TCP Socket Host Takeover : https://t.co/k45lyTaMi3

AbsoZed/DockerPwn.py

Python automation of Docker.sock abuse. Contribute to AbsoZed/DockerPwn.py development by creating an account on GitHub.

116 views04:38

https://medium.com/dragonfly-research/breaking-mimblewimble-privacy-model-84bcd67bfe52

Breaking Mimblewimble’s Privacy Model

TL;DR: Mimblewimble’s privacy is fundamentally flawed. Using only $60/week of AWS spend, I was able to uncover the exact addresses of…

128 views04:41

https://medium.com/@curtbraz/getting-malicious-office-documents-to-fire-with-protected-view-4de18668c386

Getting Malicious Office Documents to Fire with Protected View Enabled

A Potential Bypass Technique

123 views04:43

MySQL on OSS-Fuzz!
https://t.co/qgN0Qb8u2v

google/oss-fuzz

OSS-Fuzz - continuous fuzzing of open source software. - google/oss-fuzz

103 views04:58

https://medium.com/@Ne0nd0g/introducing-merlin-645da3c635a

Introducing Merlin — A cross-platform post-exploitation HTTP/2 Command & Control Tool

tl;dr Evade network detection during a penetration test/red team exercise by using a protocol that existing tools aren’t equipped to…

107 views05:26

https://www.kali.org/news/kali-linux-2019-4-release/

Kali Linux 2019.4 Release (Xfce, Gnome, GTK3, Kali-Undercover, Kali-Docs, KeX, PowerShell & Public Packaging)

Time to grab yourself a drink, this will take a while! We are incredibly excited to announce our fourth and final release of 2019, Kali Linux 2019.4, which is available immediately for download. 2019.4 includes some exciting new updates: A new default desktop…

103 views18:43

https://medium.com/@klockw3rk/privilege-escalation-leveraging-misconfigured-systemctl-permissions-bc62b0b28d49

Privilege Escalation: Systemctl (Misconfigured Permissions — sudo/SUID)

The binary, systemctl, is a process that exists in linux operating systems that is used to start different services, such as apache…

109 views03:47

https://medium.com/@ismailtasdelen/xml-external-entity-xxe-injection-payload-list-937d33e5e116

XML External Entity (XXE) Injection Payload List

127 views03:48

Frida/QBDI Android API Fuzzer
https://t.co/t0X9hIIhcI

andreafioraldi/frida-fuzzer

This experimetal fuzzer is meant to be used for API in-memory fuzzing. - andreafioraldi/frida-fuzzer

117 views04:08

https://github.com/In3tinct/See-SURF

GitHub - In3tinct/See-SURF: Security tool to find potential vulnerable Server Side Request Forgery (SSRF) parameters.

Security tool to find potential vulnerable Server Side Request Forgery (SSRF) parameters. - In3tinct/See-SURF

115 views04:12

New release dirsearch
https://t.co/XL5DXIuyIR

Release v0.3.9 · maurosoria/dirsearch

Added default extensions argument (-E).
Added suppress empty responses.
Recursion max depth.
Exclude responses with text and regexes.
Multiple fixes.

104 views04:33

Presentation of HTTP Desync Attacks will be at Black Hat Europe next week. New content includes a novel desync technique, major automation improvements, a defensive case-study, and updated bounty figures https://t.co/QCKbOqg1aZ

Black Hat Europe 2019

113 views04:43

Check if a server is running any vulnerable services

wget https://raw(.)githubusercontent(.)com/vulnersCom/nmap-vulners/master/vulners.nse -O /usr/share/nmap/scripts/vulners.nse && nmap --script-updatedb

All done, now you can do a scan with

nmap -sV --script vulners <target>

115 viewsedited 20:52

https://medium.com/swlh/hacking-websocket-25d3cba6a4b9

Hacking WebSocket

With Cross-Site WebSocket Hijacking attacks

120 views05:11

https://blog.usejournal.com/bug-hunting-methodology-part-1-91295b2d2066

Bug Hunting Methodology (part-1)

I am Shankar R from Tirunelveli (India). I am a security researcher from the last one year. Yes absolutely am doing bug bounty in the…

121 views17:59

https://blog.usejournal.com/bug-hunting-methodology-part-2-5579dac06150

Bug Hunting Methodology(Part-2)

Hi I am Shankar R from Tirunelveli (India). I hope you all doing good. I am a security researcher from the last one year. Yes absolutely…

126 views18:00

https://medium.com/@trapp3rhat/bug-hunting-methodology-part-3-457eaf9768a5

Bug Hunting Methodology(Part-3)

Hi I am Shankar R ( @trapp3r_hat) from Tirunelveli (India). I hope you all doing good. I am a security researcher from the last one year…

152 views18:00

https://medium.com/@rudrasarkar/how-i-hacked-92k-users-information-using-open-s3-bucket-6471b30c1cf5

How I hacked 92k users Information using open s3 bucket

First of all this is my biggest hack I did in my life.The website I found few day ago while I am looking for bus ticket.After booking Bus…

109 views04:09

https://www.cybereason.com/blog/operation-soft-cell-a-worldwide-campaign-against-telecommunications-providers

Operation Soft Cell: A Worldwide Campaign Against Telecommunications Providers

In 2018, the Cybereason Nocturnus team identified Operation Soft Cell, an advanced, persistent attack targeting global telecommunications providers.

125 views05:58