Honestly, 50 tools should be more than enough.
Who really tests all 600+ tools in Kali or the 2,500+ in BlackArch?
I tried... but some BlackArch tools didn’t even run properly...

In BashCore and BashCoreX, every app works.
No duplicates. No junk. Just tools that actually run.

Yes, the ISOs are ~7GB,
but we’ve got Metasploit, Searchsploit, and especially SecLists (which weighs a ton) 🤷🏻‍♂️

#BashCore #BashCoreX #Debian #Pentesting #NoBloat #BlackArch #KaliLinux #SecLists #Metasploit

Tutorial Hacking Servidores
https://wiki.acosadores.net/doku.php?id=tutorial:hacking-servidores
#hacking #redes #informática #fuzzing #nmap #curl #seclists #ffuf #feroxbuster #cewl #searchsploit #wpscan #metasploit #grep

Anyone know if there is a version of the "rockyou" password list where each entry is already hashed with sha256? I'm attacking a toy hashing scheme for a #ctf and it would be useful to have it precomputed.

I'm running a script to compute it now but it would be nice if I could use someone else's hard work

#ctf #seclists

Does anyone actually use the User-Agent wordlists from SecLists that are grouped by OS/platform? Some of these files only contain a single User-Agent (lol) because apparently LG adds a random string to their UAs. /cc @danielmiessler https://github.com/danielmiessler/SecLists/blob/master/Fuzzing/User-Agents/operating-platform/
#wordlists #seclists

The leaked files from the disclosure https://seclists.org/fulldisclosure/2024/Jun/7 have since been removed from https://developercommunity.visualstudio.com/t/Incorrect-code-generation-on-warbirded-b/10680249. Someone on Reddit (https://www.reddit.com/user/TapAppropriate1458/) posted a direct link to a download from azurewebsites.net that's been taken down now too. The #InternetArchive has the files still at:
https://web.archive.org/web/20240624211440/https://sendvsfeedback2-download.azurewebsites.net/api/fileBlob/file?name=B0cde770200a945109437927ba3fe4d67638537352993712632_ICE_REPRO.zip&tid=0cde770200a945109437927ba3fe4d67638537352993712632

Unfortunately I cannot verify whether those files/the link was the original file or a re-upload. But at least all files within `ICE REPRO.zip/Linker/linkrepro.zip' match the size (in bytes) of the originals as given in the listing on seclists.

The file download from there has the sha256 hash:

d4c1a74f81e5259596466027ebac9f7eb026931c7cef02e5c37d884bbbb7f96f ICE_REPRO.zip

---

In addition, the disclosure notes that the MS symbol server does (STILL ONLINE!) leak the PDB of warbird.dll if requested. A backup has been re-upped here: https://files.catbox.moe/8iz2qk.pdb

Again, the sha256 hash. This has been matched against the original served by the MS symbol server:

2e8b5e0c17b4a4693ed494444f347f22a2eed15bcade18a5ac25d370011f8aa5 warbird.dll.pdb

---

I provide those hashes just for people to be on the safe side while analyzing the files. Keep in mind that accessing those files may be illegal.

#MSRP #leak #SecLists #Microsoft #WarBird #PlayReady #DRM #PDB #Widevine #PlayFair #Piracy

Defense in depth -- the #Microsoft way (part 87): shipping more rotten software to billions of unsuspecting customers https://seclists.org/fulldisclosure/2024/Apr/28

#seclists

@lattera
#SecLists has a secret-keywords wordlist.

https://github.com/danielmiessler/SecLists/blob/master/Discovery/Variables/secret-keywords.txt

Are you allowed to be proud when your work is included in SecLists? 🥲

#SecLists #pentesting #RedTeam #BugBounty #wordlist #DNS #subdomains #hacking #recon

OWASP Juice Shop - I have just completed this room! Check it out: https://tryhackme.com/room/owaspjuiceshop #tryhackme #juiceshop #burp #OWASP #web #seclists #XSS #SQLi #owaspjuiceshop via @RealTryHackMe