New blog post!
This is the longest one in quite a while.

Last year, I held a presentation about the basics of Active Directory pentesting, focusing on "quick-wins", easy to exploit vulnerabilities with huge impact.
I turned that presentation into a blog post.

The result is a surface-level overview of some of the most severe Active Directory vulnerabilities.

I hope it can be useful for aspiring pentesters and Active Directory admins alike.

https://ti-kallisti.com/general/ms/ad-basics.html

#redteam #pentesting #infosec #ActiveDirectory #sysadmin #Microsoft #Windows

@cR0w The ATMs rebooted every day at 5:00am. The AUTOEXEC.BAT had like 5 instances of HIDESTART.EXE trying to hide the start menu during boot.

These machines had dozens of plaintext files with the full, raw, magnetic stripe track data from every card it had handled in the last 30 days.

My contact told me that one day, some drunk was walking past one of these and saw it reboot. He caught the start menu and started exploring. Did he open notepad and start perusing credit card and debit card data?

No. He opened up MS paint, made it full screen, drew a crude penis using the touch screen, and walked off.

@RickiTarr

#pentesting #pentest

NetExec Lab is a set of hands-on labs used in the NetExec workshop and CTF to help you mastering NetExec for your next pentest engagement.

https://github.com/Pennyw0rth/NetExec-Lab

#infosec #pentesting

Caido v0.55.1 released

https://secburg.com/posts/caido-v0551-released/

#caido #web #webapp #pentesting #tools #tool

AI Automated Pentesting: The Good, The Bad, The Ugly

https://alexmacra.com/career-hub/ai-automated-pentesting-the-good-the-bad-the-ugly/

#cybersecurity #pentesting #AI #ethicalhacking

If you know how a program is laid out in memory, it becomes much easier to see where attacks can land and why certain defenses succeed or fail.

This is what the memory layout of a typical 64-bit Linux process looks like 😎👇

Find high-res pdf books with all my Linux related infographics from https://study-notes.org

#linux #cybersecurity #infosec #kalilinux #pentesting

From pentesting tips to cloud defense, today’s curated cyber playlist has it all. 🎥 https://www.youtube.com/playlist?list=PLXqx05yil_meK3JY13vS19X9vB-O6AyOH
#PenTesting #AppSec #CyberSecurity #ThreatIntelligence #IncidentResponse

I Hacked VulNyx for 7 Days — Here’s What I Learned
https://medium.com/@thecybercraft/i-hacked-vulnyx-for-7-days-heres-what-i-learned-f56f32d59fea

#ctf #cybersecurity #pentesting #infosec

Active exploitation is being observed via misconfigured security testing applications, enabling attackers to move from exposed training tools into cloud environments.

The issue centers on excessive IAM permissions, default credentials, and poor isolation between test and sensitive systems - not novel malware.

This reinforces the need to treat non-production assets as part of the threat surface.

Source: https://www.bleepingcomputer.com/news/security/hackers-exploit-security-testing-apps-to-breach-fortune-500-firms/

Follow @technadu for neutral, research-driven security reporting.

#CloudSecurity #IAM #Pentesting #Infosec #AttackSurface #TechNadu

El lado del mal - Sólo hasta el Domingo 25 de Enero. Código de Rebajas de Enero 2026 en 0xWord: Cupón REBAJAS2026 y descuentos con Tempos de MyPublicInbox https://elladodelmal.com/2026/01/solo-hasta-el-domingo-25-de-enero.html #0xWord #Ciberseguridad #Libros #CálicoElectrónico #HAcking #Pentesting #IA

I just pwned Offlinea on Hack The Box! https://labs.hackthebox.com/achievement/challenge/2026525/1108 #HackTheBox #HTB #CyberSecurity #EthicalHacking #InfoSec #PenTesting

Android apps give pentesters a portable, always-on toolkit that enables real-time reconnaissance, traffic analysis, and on-the-spot testing directly from the field without needing a full laptop setup.

Here are some of Android apps that are useful for pentesting 😎👇

Find high-res pdf books with all my cybersecurity related infographics from https://study-notes.org

#cybersecurity #infosec #android #pentesting #ethicalhackers

Extracts browser-stored data such as refresh tokens, cookies, saved credentials and more from modern Chromium-based and Gecko-based browsers (Chrome, Microsoft Edge, Firefox, Opera, Opera GX and Vivaldi).

https://github.com/Maldev-Academy/DumpBrowserSecrets

#infosec #pentesting #redteam

Here are the top 10 ways you can stop findings from slipping through the cracks with Pentest-Tools.com :

1️⃣ Keep every finding in one place (from automated scans + manual tests)
2️⃣ Mark findings as "Open", "Fixed", "Accepted", or "False positive" to keep them accurate
3️⃣ Get automatic proof for every finding (and add more manually if you need it)
4️⃣ Track fixes with scan diffs and validate remediation
5️⃣ Use workspaces to keep findings grouped automatically, then report fast and avoid data spills
6️⃣ Filter out informational findings and focus on high-risk issues to make your time count
7️⃣ Push findings to Jira, Nucleus, or your CI/CD workflow without copy-paste pain
8️⃣ Get technical details, remediation steps, evidence, and attack replay in every finding
9️⃣ Import Burp results and add manual findings to keep reports comprehensive
🔟 Re-test fixes and catch regression before attackers do

#offensivesecurity #cybersecurity #infosec #pentesting

Track every finding from discovery to fix:

https://pentest-tools.com/features/findings-management

messing around with this tired #dell #tablet to see how useful can it be for "hacking".

I recently revived my blog if you are curious for more details https://rux.one/2026/01/18/pentesting-on-Dell-Venue-11-Pro-7140/

#pentesting #security #linux #intel

Physical penetration testing highlights a growing overlap between human behavior, AI capabilities, and access control weaknesses.

A seasoned pentester explains how publicly available audio, voice cloning tools, and social engineering can bypass service desks and building security - often without exploiting software vulnerabilities.

The discussion raises an important question for defenders: are awareness programs designed to be memorable and practical, or simply compliant?

Source: https://cybernews.com/ai-news/physical-hacker-ai-is-making-job-easier/

Follow TechNadu for continued cybersecurity reporting and practitioner insights.

Engage in the discussion below.

#InfoSec #Pentesting #AIThreats #SocialEngineering #SecurityTraining #PhysicalSecurity #CyberDefense

Endlich ist er da: Mein 𝗪𝗶𝗙𝗶 𝗣𝗶𝗻𝗲𝗮𝗽𝗽𝗹𝗲 𝗣𝗮𝗴𝗲𝗿 📦 ist angekommen! Die neue WLAN und Bluetooth Hackign Hardware.

Ich verfolge die Entwicklung der 𝗛𝗮𝗸𝟱-Tools schon lange und bin extrem gespannt darauf, wie sich der neue Pager im Feld schlägt. Der Formfaktor ist genial – ein bisschen Retro-Vibes gepaart mit moderner Pentesting-Hardware.

In der nächsten Zeit werde ich das Device auf Herz und Nieren prüfen und schauen, wie es sich in mein bestehendes Setup integriert. Besonders bin ich auf den 6GHz gespannt. Natürlich werde ich meine Erfahrungen und ersten Eindrücke sicher bald dokumentieren.

Hat von euch schon jemand den Pager im Einsatz?

#ITSecurity #Pentesting #Hak5 #WiFiPineapple #NetworkSecurity #Gadgets #TechReview #HackingHardware

A new bad boy is in town, oh yeah. Lets hack 😉 #hak5 @hak5 #wifi #Bluetooth #pentesting #cybersecurity #HackThePlanet

TaskHound – Privileged Scheduled Task Enumerator

Tool that enumerates privileged Windows Scheduled Tasks remotely, analyzes XML/task credentials and integrates with BloodHound for attack path insights.

https://github.com/1r0BIT/TaskHound

#WindowsAD #pentesting

I just pwned Steel Mountain on Hack The Box! https://labs.hackthebox.com/achievement/challenge/2026525/1111 #HackTheBox #HTB #CyberSecurity #EthicalHacking #InfoSec #PenTesting