Just a reminder to always lock your door!
#LatchSlipping #Pentesting #PhysicalPentesting #Security
#PenTesting
An excellent and especially thorough list of bypasses available to just about any bad actor that can reach a shell on a misconfigured UNIX system.
(Thanks to one of my students, Susana, for sending this in)
Ok, so it's a pentera ad, but the research is sound. And yeah, 75 security products and still 67% biannual breach rate? Christ on a cracker.
https://thehackernews.com/2025/05/the-crowded-battle-key-insights-from.html?m=1
Debugging Win32 binaries in Ghidra via Wine
For my link archive: [Wayback/Archive] Debugging Win32 binaries in Ghidra via Wine
[Wayback/Archive] Ghidra is a cross-platform reverse-engineering and binary analysis tool, with recent versions including support for dynamic analysis. I want to try using it as a replacement for IDA Pro in reverse-engineering of Win32 binaries, but hit bugs related to address space detection when running gdbserver with Wine ([Wayback/Archive] ghidra#4534).
This post contains custom GDB commands that allow Ghidra to query the Linux process ID and memory maps of a Win32 target process running in 32-bit Wine on a 64-bit Linux host.
Via [Wayback/Archive] Ptrace Security GmbH on Twitter: “Debugging Win32 binaries in Ghidra via Wine #Pentesting #Debugging #CyberSecurity #Infosec”.
--jeroen
I'm sick and tired of waiting 30 minutes for a simple rsync -a of 2GB and over an hour to build a live ISO... (mi sono rotto i coglioni, in 🇮🇹)
I got a used #MSI #Katana #GF66 for €700 with 32GB of RAM — it'll run #Parrot Security and host the full lab for #BashCore and #BashCoreX.
Time to get serious.
DNS cache poisoning is a security attack that corrupts a DNS resolver’s cache by injecting false records, causing users to be redirected to fake IP addresses instead of the legitimate domain
Here is how the attack works and how to protect from it 😎👇 #infosec #dns #pentesting
Find pdf books with all my #cybersecurity related infographics at https://study-notes.org
El lado del mal - Entre Marilyn & Manson: Vulnerando IPv6 con Man-in-the-middle usando NDP en la red de tu casa con Kali Linux https://www.elladodelmal.com/2025/05/entre-marilyn-manson-vulnerando-ipv6.html #Hacking #IPV6 #Mitm #redes #Wireshark #Kali #pentest #pentesting
Happy to see things finally falling into place!
SLiM is running smoothly on the live system, and BashCoreX (the GUI evolution of BashCore) is starting to take shape!
I'm now installing the CLI toolset via apt inside the chroot.
Next up: testing everything, then bringing in tools from GitHub, GitLab, and the rest of the wild.
Let’s push it further! 🍻
#BashCoreX #BashCore #Linux #MinimalistOS #Pentesting #XFCE #chroot
🛡️ Nmap, Metasploit, Hydra, Mimikatz, Netcat: Overview & Uses 🔍
#CyberSecurity 🛡️ #PenTesting 🎯 #EthicalHacking 💻 #Nmap 🔍 #Metasploit #Hydra 🔑 #Netcat 🌐
Neue Veranstaltung: Capture The Flag Training mit Kali Linux am 26. Mai um 19 Uhr:
https://technikkultur-erfurt.de/2025/05/18/veranstaltung-capture-the-flag-training/
#Hackspace #Erfurt #Pentesting #Kali
El lado del mal - ¿Se puede reemplazar a un Pentester con un Agente de IA basado en LLMs? Cómo realizar ataques completos a redes complejas con agentes de Inteligencia Artificial https://www.elladodelmal.com/2025/05/se-puede-reemplazar-un-pentester-con-un.html #AI #IA #Pentesting #Hacking #LLM #Pentester #MCP #AgenticAI #RedTeam
My favorite pentesting setup.
Today i'm setting up the #KaliLinux #Docker #container for my #ansible #playbook. This setup has some pretty cool advantages for me.
I can:
- access the shell and files using #SSH and #SFTP.
- customize the installation to the fullest extend using the #Dockerfile.
- easily route the #networktraffic through a #vpn using #gluetun.
- reproduce the setup (i love Docker).
- use GUI apps from that container using X11Forwarding or by installing a #vnc server.
This has been my favorite #pentesting setup so far for obvious reasons. I can access a fully configured pentesting environment on all my devices, always accessible and ready to go.
In case anyone is interested in the setup, it will be included in my ansible playbook, which will be published on this repository.
Here is a preview of the next release of Car Arsenal for Kali Linux 2025.2!
Renamed from CAN Arsenal to Car Arsenal to cover more car hacking stuff.
Added a lot of tools, feature and code rewrite! And im not even done!
Music used : @LinkinPark Lost in the Echo
https://youtube.com/shorts/iSm9BuxZ6HQ?si=-ma3bDIMr3-5Gd9o
@kimocoder @yesimxev @kalilinux @kalilinux@bird.makeup @davidbombal @androidmalware2
#kalilinux #kali #carhacking #canbus #car #cybersecurity #nethunter #kalinethunter #canarsenal #cararsenal #hack #hacking #cyber #linux #android #pentest #pentesting #security
Password Sniffing with Msfconsole: An In-Depth Guide
https://denizhalil.com/2025/05/15/msfconsole-password-sniffing/
#cybersecurity #ethicalhacking #pentesting #networksecurity #msfconsole
🖥️ VNC might be convenient for legacy systems, but it's just as convenient for attackers...
Unencrypted traffic makes it easy to intercept credentials. Some setups don’t require a password at all. And even when passwords are used, they’re often weakly stored and easily cracked.
Attackers might not even need to log in, just sniff the traffic and capture screens or keystrokes without being noticed.
To prove the point, our Kieran built a Python script (VncCrack.py) that cracks VNC passwords in plaintext using intercepted traffic.
📌Check it out in action in our latest blog post: https://www.pentestpartners.com/security-blog/vnc-rdp-for-all-to-see/
#CyberSecurity #PenTesting #VNC #LegacySecurity #DFIR #NetworkSecurity #CredentialTheft
AI-powered features are the new attack surface! Check out our new blog in which LMG Security’s Senior Penetration Tester Emily Gosney @baybedoll shares real-world strategies for testing AI-driven web apps against the latest prompt injection threats.
From content smuggling to prompt splitting, attackers are using natural language to manipulate AI systems. Learn the top techniques—and why your web app pen test must include prompt injection testing to defend against today’s AI-driven threats.
#CyberSecurity #PromptInjection #AIsecurity #WebAppSecurity #PenetrationTesting #LLMvulnerabilities #Pentest #DFIR #AI #CISO #Pentesting #Infosec #ITsecurity
Caido v0.48.0 released, now including guest sessions
#bugbounty / #pentesting folks - is there a good tool to use for mapping out _and documenting_ APIs?
The idea is you are exploring a target website, clicking through all the functionality, and produce a spec that is exportable as OpenAPI, list of URLs, etc.
Basically something like Burp's Site Map, but living outside of Burp to integrate with other tools. Attack Surface Documentation, perhaps
A recent report reveals that experts are leveraging the Mythic framework agent to enhance penetration testing, emphasizing proactive defense and the development of tailored tools to stay ahead of evolving cyber threats. #CyberSecurity #Pentesting
https://securelist.com/agent-for-mythic-c2-with-beacon-object-files/115259/
[WEBINAR] On the state of modern Web Application Security
• May 13 2025, 6:00pm CEST
• Register now: https://www.brighttalk.com/webcast/18820/640148
Whether you're facing time constraints, budget limitations, or the need for more robust security measures, this webinar will provide valuable insights to enhance your web application security in 2025.
🎙️ Laura Enríquez — Product Manager Application Security at Outpost24
🎙️ Mykhailo Shtepa — Junior Application Security Auditor at Outpost24
Client Info
Server: https://mastodon.social
Version: 2025.04
Repository: https://github.com/cyevgeniy/lmst