Parrot 7.1 is now rolling out 🥁
This release brings:
✔ MCPwn for LLM security tools execution
✔ New Community Spins: MATE, LXQt, Enlightenment
✔ Rocket 1.5.0 with a brand-new UI
✔ Bug fixes + smoother daily experience
Available now on the download page 🦜
Click the link and read more on our latest article 🔗
https://parrotsec.org/blog/2026-02-11-parrot-7.1-release-notes/
#ParrotSec #ParrotOS #linux #linuxdistro #cybersecurity #cybersecuritynews #debian #pentest #pentesting #hacking #hacker
Ax Framework is a free and open-source tool utilized by Bug Hunters and Penetration Testers to efficiently operate in multiple cloud environments. It helps build and deploy repeatable infrastructure tailored for offensive security purposes
The project also contains a tool to manipulate the msDS-KeyCredentialLink LDAP attribute in order to register KeyCredentialLinks in Active Directory environments
El lado del mal - LLM-Guardian: Sistema Multi-Agente de Defensa LLM con Red Team Adversarial Inteligente https://elladodelmal.com/2026/02/llm-guardian-sistema-multi-agente-de.html #LLM #Guardrails #Pentest #Pentesting #IA #AI #Jailbreak #PromptInjection #Unalignment #Hardening
VulNyx Hosting Writeup
A Step-by-Step Guide to Exploiting SMB and WinRM Services on the VulNyx Hosting Machine:
https://medium.com/@thecybercraft/vulnyx-hosting-writeup-fa1bf2aa3825
#pentest #cybersecurity #infosec #winrm #vulnyx #smb #writeup
Ever think about penetration testers? People who test the physical security of sites for companies? Now, have you ever wondered what happens if they accidentally penetrate test the wrong site?
This guy did that.
https://darknetdiaries.com/episode/6/
The Beirut bank job
#penTest #hacking #podcast
A powershell tool to enumerate all SharePoint sites/drives that a user can access via Microsoft Graph, recursively downloads files, and logs every Graph/SharePoint HTTP request for SIEM correlation
Le pentest est-il mort ? — Nous voici en 2026 : à l'ère des LLM et du presque AGI … #pentest #security #threats [ https://y0no.fr/posts/le-pentest-est-il-mort/ ] #informatique ( via Yoann Ono / Biot )
BOF to perform stealthy LDAP queries over AD WS
VulNyx Misconfigured Writeup
A Step-by-Step Walkthrough of Enumerating AD Services and Gaining Administrator Access on the Misconfigured Machine
https://thecybercraft.medium.com/vulnyx-misconfigured-writeup-f3f35cb52673
Сканер для обнаружения уязвимостей (NTLM relay)
#infosec #software #git #ad #pentest #relay
https://github.com/depthsecurity/RelayKing-Depth/
* Сканирует по SMB, LDAP/S, MSSQL, HTTP/S, RPC, WinRM;
* Находит WebDAV WebClient, CVE-2025-33073 (NTLM reflection), NTLMv1 + PrinterBug, PetitPotam и т.п.;
* Поддерживает аудит всего домена;
* Составляет список таргетов для `ntlmrelayx` и другого ПО;
* Сохраняет отчет в plaintext/JSON/CSV/Markdown.
Статья в блоге: https://www.depthsecurity.com/blog/introducing-relayking-relay-to-royalty/
Et si 2026 sonnait la mort du pentest ? Ça m'embêterait parce que c'est mon métier...
Depuis le début de l'année, je me suis penché sur son avenir. Entre les outils IA qui promettent des pentests automatisés, l'inquiétude pour les juniors qui arrivent sur le marché, et les outils qui vont potentiellement me faciliter la vie, j'ai posé mes réflexions dans un article.
Spoiler : le pentest n'est pas mort. Mais il va changer.
🔎 Một kỹ sư backend muốn thực hành phân tích bảo mật ứng dụng (web/mobile) miễn phí! 🎯 Cần 2‑3 dự án có môi trường test, không phải production. Ưu tiên phương pháp black‑box, cung cấp báo cáo rủi ro chi tiết, sau đó xoá mọi dữ liệu. DM nếu quan tâm! #cybersecurity #pentest #securitytesting #bảo_mật #kiểm_thử #ứng_dụng
https://www.reddit.com/r/SaaS/comments/1qt2ijs/im_looking_for_projects_to_perform_security/
El lado del mal - Cyphering Prompts & Answers para evadir Guardarraíles https://elladodelmal.com/2026/01/cyphering-prompts-para-evadir.html #PromptInjection #Jailbreak #Guardrails #IA #AI #Pentest #Hacking #Criptografía #Ofuscación #Cifrado
Как я создал свой сканер и пришёл к выплатам на багбаунти
Привет, Хабр! Сегодня хочу поделиться историей о том, как желание автоматизировать рутинную работу привело меня к созданию собственного инструмента FullMute и, как следствие, к первым серьезным выплатам на платформах bug bounty. Как многие начинающие исследователи, я начал с хаотичного ручного поиска уязвимостей: проверял заголовки, искал известные пути к админкам, пытался угадать версии CMS. Это было неэффективно, медленно и сильно зависело от везения. Мне нужен был «компас», который бы проводил первоначальную разведку за меня и давал четкие цели для атаки. Так родилась идея FullMute.
📢 Affaire Coalfire: 600 000 $ pour deux pentesters arrêtés à tort en Iowa
📝 Selon Ars Technica (Dan Goodin), Dallas County (Iowa) a accepté, cinq jours avant l’ouverture d’un procès, de verse...
📖 cyberveille : https://cyberveille.ch/posts/2026-01-31-affaire-coalfire-600-000-pour-deux-pentesters-arretes-a-tort-en-iowa/
🌐 source : https://arstechnica.com/security/2026/01/county-pays-600000-to-pentesters-it-arrested-for-assessing-courthouse-security/
#Iowa #pentest #Cyberveille
RE: https://mastodon.bsd.cafe/@stefano/115984116493117731
Luckily, many of my clients are intelligent and well-prepared people. Needless to say, that email, before making me laugh, had already made the client laugh. He immediately thought he was dealing with people who were great at marketing but had little technical skill.
I presented my theory on software engineering, but he immediately tore it apart, declaring himself extremely skeptical. In his opinion, it is more likely to be a technique to lower our defenses and then try to sell us "security products" after a "pentest full of flaws". Or simply sheer incompetence.
Anyway, their connection hasn't any open ports. So they can pentest anything they want to, as long as they want to.
GC2 is a Command and Control application that allows an attacker to execute commands on the target machine using Google Sheet or Microsoft SharePoint List and exfiltrate files using Google Drive or Microsoft SharePoint Document.
https://github.com/looCiprian/GC2-sheet
#infosec #cybersecurity #redteam #pentest #threatintel #dfir
