Pentester
@news4hack
2.96K subscribers
120 photos
3 videos
163 files
2.77K links
- Offensive Security (Red Teaming / PenTesting)
- BlueTeam (OperationSec, TreatHunting, DFIR)
- Reverse Engineering / Malware Analisys
- Web Security
Download Telegram
About
Blog
Apps
Platform
Join
Pentester
2.96K subscribers
Pentester
Swrort PowerShell Stager Analysis : https://t.co/DGDdCE23W6 (pdf)
GitHub
itsKindred/malware-analysis-writeups
A repository of my completed writeups, along with the samples themselves. - itsKindred/malware-analysis-writeups
158 views
Pentester
django PoC for CVE-2019-19844

Affected supported versions
Django master branch
Django 3.0
Django 2.2
Django 1.11
https://t.co/SfvOh6xnFd
GitHub
GitHub - ryu22e/django_cve_2019_19844_poc: PoC for CVE-2019-19844(https://www.djangoproject.com/weblog/2019/dec/18/security-releases/)
PoC for CVE-2019-19844(https://www.djangoproject.com/weblog/2019/dec/18/security-releases/) - ryu22e/django_cve_2019_19844_poc
180 views
Pentester
Resources about network security (including: Proxy/GFW/ReverseProxy/Tunnel/VPN/Tor/I2P, and MiTM/PortKnocking/NetworkSniff/NetworkAnalysis/etc) More than 1700 open source tools for now : https://t.co/eeHXUVnaVv
GitHub
awesome-network-stuff/Readme_en.md at master · alphaSeclab/awesome-network-stuff
Resources about network security, including: Proxy/GFW/ReverseProxy/Tunnel/VPN/Tor/I2P, and MiTM/PortKnocking/NetworkSniff/NetworkAnalysis/etc。More than 1700 open source tools for now. Post incomin...
162 views
Pentester
Mobile Application Pentesting :

Part 1:-
https://t.co/2JNzRqGiC9

Part 2:-
https://t.co/CjwHrnbLzX

Part 3:-
https://t.co/95qTKLXB2u

Part 4:-
https://t.co/DYon15FDwr

Part 5:-
https://t.co/ED3ZHZm9w0

Part 6:-
https://t.co/fsgF4ZcReE
184 views
Pentester
How to build a TCP proxy (Part 1) : Intro : https://t.co/BuiM18u66w

Fake DNS Server (Part 2) : https://t.co/K6pGHupmTq

Proxy Server (Part 3) : https://t.co/Lcp11C8VLB

Fake Certificate Authority (Part 4) : https://t.co/jG6sb1RHUp
Robert Heaton
How to build a TCP proxy #1: Intro | Robert Heaton
It was a weird and smoky afternoon in San Francisco. My downstairs neighbors had apparently never heard of vaporizers, and the Sierra Nevada was on fire. I had planned to spend the rest of the day attacking the user-location features of popular dating apps.…
174 views
Pentester
Best firefox addons for Hacking:
-HackBar
-Cookies Manager+
-User-Agent Switcher
-Tamper Data
-FoxyProxy Standard
-Wappalyzer:
-HttpRequester
-RESTClient:
-Tampermonkey
-XSS Me
-SQL Inject Me
-iMacros
-FirePHP
192 views
Pentester
Just posted Low-Hanging Apples: Hunting Credentials and Secrets in iOS Apps https://t.co/GNQ6sY4IeA
spaceraccoon.dev
Low-Hanging Apples: Hunting Credentials and Secrets in iOS Apps — spaceraccoon.dev
Motivation Diving straight into reverse-engineering iOS apps can be daunting and time-consuming. While wading into the binary can pay of...
170 views
Pentester
https://github.com/aas-n/spraykatz/
GitHub
GitHub - aas-n/spraykatz: Credentials gathering tool automating remote procdump and parse of lsass process.
Credentials gathering tool automating remote procdump and parse of lsass process. - aas-n/spraykatz
141 views
Pentester
lsassy 1.0.0 is finally out !
🔸 Remotely dump lsass with built-in Windows tools only, procdump is no longer necessary
🔸 Remotely parse lsass dumps to extract credentials
🔸 Link to Bloodhound to detect compromised users with path to Domain Admin
https://t.co/NxIFkc2DUk
GitHub
GitHub - Hackndo/lsassy: Extract credentials from lsass remotely
Extract credentials from lsass remotely. Contribute to Hackndo/lsassy development by creating an account on GitHub.
141 views
Pentester
CVE-2019-10758 post-auth Remote Code Execution in mongo-express < 0.54.0 via endpoints that uses the toBSON method

however there are lots of no-auth mongo-express ...

shodan: https://t.co/9J4qhXL1Im

poc: https://t.co/mtChbxVDrw
GitHub
GitHub - masahiro331/CVE-2019-10758
Contribute to masahiro331/CVE-2019-10758 development by creating an account on GitHub.
135 views
Pentester
https://hipotermia.pw/bb/http-desync-account-takeover
hipotermia.pw
hipotermia - Account takeover via HTTP Request Smuggling
A bug chain of HTTP Request Smuggling that led to account takeover
121 views
Pentester
https://blog.jmpesp.org/2020/01/fuzzing-php-with-domato.html?m=1
blog.jmpesp.org
Fuzzing PHP with Domato
For clarity and brevity, the code referenced below has been distilled to simplest form.  The complete versions which were actually used for...
128 views
Pentester
https://community.turgensec.com/ssh-hacking-guide/
134 views
Pentester
Resources-for-Beginner-Bug-Bounty-Hunters : A list of resources for those interested in getting started in bug bounties https://t.co/OiU5febmIl
GitHub
nahamsec/Resources-for-Beginner-Bug-Bounty-Hunters
A list of resources for those interested in getting started in bug bounties - nahamsec/Resources-for-Beginner-Bug-Bounty-Hunters
128 views
Pentester
Awesome mobile security - one place to find all android and ios security related stuffs like labs, talks, papers, courses, and tools : https://t.co/4pyUYjAeoe
GitHub
vaib25vicky/awesome-mobile-security
An effort to build a single place for all useful android and iOS security related stuff. All references and tools belong to their respective owners. I'm just maintaining it. - vaib25vicky/a...
133 views
Pentester
One of the scarier bugs: with Microsoft’s go-ahead & after many hours spent, I’m excited to finally publish this writeup and PoC! https://t.co/suHzsgtfd9
allysonomalley.com
Saying Goodbye to my Favorite 5 Minute P1
In this post, I’m going to reveal the fastest, easiest P1 that I’ve ever reported – multiple times! It’s the sort of oversight that seems so simple to avoid, but surprisingl…
123 views
Pentester
https://www.ambionics.io/blog/php-mt-rand-prediction
Ambionics
Breaking PHP's mt_rand() with 2 values and no bruteforce
We demonstrate how one can recover mt_rand()'s seed with only two outputs and without any bruteforce.
121 views
Pentester
https://blog.trendmicro.com/trendlabs-security-intelligence/first-active-attack-exploiting-cve-2019-2215-found-on-google-play-linked-to-sidewinder-apt-group/
Trend Micro
First Binder Exploit Linked to SideWinder APT Group
We found malicious apps that work together to compromise devices and collect user data. One of the apps, called Camero, exploits CVE-2019-2215, a flaw that exists in Binder. This is the first instance in the wild that exploits said UAF vulnerability.
130 views
Pentester
https://medium.com/@89berner/building-your-own-web-application-firewall-as-a-service-and-forgetting-about-false-positives-fb52fa9a2148
Medium
Building Your Own Web Application Firewall as a Service And Forgetting about False Positives
The following post is a reproduction of a paper of mine which was included in the In Depth Security Vol. III book which is compiled by the…
131 views
Pentester
https://medium.com/@terjanq/blind-sql-injection-without-an-in-1e14ba1d4952
Medium
Blind SQL Injection without an “in”
Alternative ways to retrieve table names in MySQL — without information_schema.
137 views
Pentester
How-to-exit-Vim — A comprehensive guide to exiting Vim.

It’s 11x more glorious than you’re thinking right now.

https://t.co/7CHolSSBGx
GitHub
hakluke/how-to-exit-vim
Below are some simple methods for exiting vim. Contribute to hakluke/how-to-exit-vim development by creating an account on GitHub.
130 views