PowerShell collector for adding SCCM attack paths to BloodHound with OpenGraph🕵️‍♂️

https://github.com/SpecterOps/ConfigManBearPig

#infosec #cybersecurity #redteam #pentest #opensource

https://netaskari.substack.com/p/chinas-digital-defense-drills

Pause for a second to imagine the ungodly mess that must be the interconnected information systems of all the public entities in #china . Just thinking about it makes me shiver...

I'm impressed the way they seem to have enacted some kind of perpetual #pentest at the scale of all their institutions. This is clearly NOT the way it works in my country.

The approach of the pentester to security initially made me smile : let's improve our security by pentesting more pedagogically. But after some thought, it could actually be very efficient. If you give information systems a grade depending on how easy it was to pop them, managers can use it to suck up to their superiors, justify promotion etc...

This COULD actually have a positive impact... or trigger the most absurd behaviors, hard to say.

Making Dynamic Instrumentation Accessible with Frida UI

https://adityatelange.in/blog/ui-for-frida/

#android #pentest #infosec #frida

Vertraut ihr einem Staat der Redundanzkabel über dieselbe Strecke führt?

Sorry, aber man fragt sich echt ob es nicht besser ist, wenn #Vulkangruppe`n Lücken aufdecken, statt das irgendwann mal ECHTE Terroristen dieser Dilettantismus an Sicherheitsarchitektur in Deutschland ausnutzen ...

#Kritis #Pentest #RedTeaming

El lado del mal - Código de Rebajas de Enero 2026 en 0xWord: Cupón REBAJAS2026 y descuentos con Tempos de MyPublicInbox https://www.elladodelmal.com/2026/01/codigo-de-rebajas-de-enero-2026-en.html #Rebajas #0xWord #Libros #CálicoElectrónico #Ciberseguridad #Hacking #Forensic #Pentest #Pentesting

🔌 Did you know? RF Swift can run totally disconnected! Perfect for classified environments 🔒 https://rfswift.io/docs/air-gapped-installation/ 🚀
#RF #Hacking #pentest #lab #disconnected #air-gapped #classified

EDRStartupHinder: A red team tool to prevent Antivirus and EDR from running🕵️‍♂️

https://github.com/TwoSevenOneT/EDRStartupHinder

#infosec #cybersecurity #redteam #pentest #edr #opensource

🤯🎊 RF Swift v0.6.5-rc4 is HERE!

🔥 Dynamic container management
📹 Session recording
⚙️ Live bindings/caps/cgroups/ports
🐳 Container upgrade system

PLUS: Complete docs for ALL commands! 📖

🌐 https://rfswift.io
📚 https://rfswift.io/docs/commands/

🚀🎉 #RFSwift #SDR #Radio #Hacking #pentest #ham #pro

"Phát hiện lỗ hổng bảo mật nghiêm trọng tại lab Pentest: Endpoint GraphQL lộ thông tin nhạy cảm do introspection được bật công khai. Kẻ tấn công có thể truy vấn trường username/password qua getUser(id) mà không cần xác thực. Demo: Truy vấn id=1 thu được thông tin admin → chiếm quyền điều khiển & xóa người dùng. Cảnh báo rủi ro khi triển khai GraphQL thiếu kiểm soát!

#GraphQL #Security #Pentest #WebSecurity #BảoMật #BảoMậtMạng #LỗHổng"

https://dev.to/travondatrack/lab-accidental-exposure-of-pri

🛜🍍📟

new toy arrived today, the hak5 wifi pineapple pager. of course i had to get it in yellow!

#hacktheplanet #wifipineapple #wifipineapplepager #security #pentest #hacking

An explanation on how inconsistencies in SAML XML parsers enable signature-wrapping and canonicalization attacks that let attackers bypass authentication in Ruby and PHP libraries🕵️‍♂️

https://portswigger.net/research/the-fragile-lock

#infosec #cybersecurity #pentest #redteam #web #xml #bugbounty

El lado del mal - Máster Online de Inteligencia Artificial Aplicada a la Ciberseguridad: 3 de Marzo 2026 https://www.elladodelmal.com/2026/01/master-online-de-inteligencia.html #IA #AI #Master #Ciberseguridad #InteligenciaArtificial #Pentest #hardening #Formación #Curso #Online

PH4NTXM 1.4 — “Event Horizon” summary!

• 🧨 Nuke kernel enforces irreversible shutdown
• 🧠 Active RAM seeding poisons memory analysis
• 🎙️ Kernel-level mic, camera & audio lockdown
• 🌐 Live TCP timing & network behavior randomization
• 🧬 Continuous fingerprint instability across boots
• 🌑 Midnight theme + ISO slimmed to ~1.7 GB

Direct Download:
🔗 https://sourceforge.net/projects/ph4ntxm/

#PH4NTXM #Linux #Privacy #Freedom #Pentest #Security #CyberSecurity #Hacking #FOSS #OpenSource #Tech #Technology

PH4NTXM 1.4 — “Event Horizon” is LIVE.

This release eliminates the idea of a safe boundary.
Memory is actively corrupted, shutdown paths collapse into destruction, and no execution state is allowed to survive its own observation.

Cross the horizon and causality breaks:
no persistence, no recovery, no proof.

Download: https://ph4ntxmproject.github.io/

#PH4NTXM #Linux #Privacy #Freedom #Debian #Pentest #Security #CyberSecurity #Hacking #FOSS #OpenSource #Tech #Technology

A small python script to extract all related domains for a specific Office 365 tenant🕵️‍♂️

https://github.com/r1cksec/corptrace/blob/master/ressources/modules/ms_get_rootdomains_from_tenant.py

#infosec #cybersecurity #redteam #pentest #osint #azure #entra #cloud #opensource

PH4NTXM 1.4 is in final stress testing — and it’s holding strong.

Right now the system is being pushed through hostile conditions:
identity rotation, network mutation, panic reboots, RAM-only services, and kernel-level hardening under load.

So far, it’s behaving exactly how it was designed to:
stable, disposable, and hard to pin down.
We’re on track for a release tomorrow.

#PH4NTXM #Linux #Privacy #Freedom #Debian #Pentest #Security #CyberSecurity #Hacking #FOSS #OpenSource #Tech #Technology

PH4NTXM 1.4

This is the shell.
Everything else is an illusion.

What would you type first?
If you know the commands, you know what to do.

#PH4NTXM #Linux #Privacy #Freedom #Debian #Pentest #Security #CyberSecurity #Hacking #FOSS #OpenSource #Tech #Technology

PH4NTXM 1.4 — EVENT HORIZON

One frame from the next generation.
In a while will be released, get ready to put your hands on the most ghost-like operating system!

#PH4NTXM #Linux #Privacy #Freedom #Debian #Pentest #Security #CyberSecurity #Hacking #FOSS #OpenSource #Tech #Technology

Пентест сетевых протоколов и Wi-Fi и защита. 3 полезных совета.

#pentest #scan #waybackMachine #burp

- Обнаружить скрытые эндпоинты и параметры через Wayback Machine + автокраулинг: найти старые версии страниц, API-эндпоинты, бэкапы и забытые параметры.

```sh
waybackurls https://target.example.com | grep "?" | sort -u | tee params.txt
gf xss params.txt | anew potential_xss.txt # httpx + nuclei для проверки
```

- Автопроверка IDOR/BOLA с заменой параметров в Burp Suite: перехват запросов, смена ID/токенов на значения из других аккаунтов и проверка доступа.

- Burp: Send to Intruder → Positions на ID/user_id → Payloads: список ID из reconnaissance → Attack (Sniper) → Сортировка по Length/Status - поиск различий.

- Поиск уязвимостей в JS-файлах + извлечение секретов: парсинг JavaScript на эндпоинты, секреты (API-ключи, токены) и потенциальные XSS/SSTI.

```sh
cat app.js | jsluice urls | sort -u
cat app.js | secretfinder -reg "AKIA[0-9A-Z]{16}" # LinkFinder + grep
```

This is probably the easiest way to perform reverse DNS lookups over IP address ranges using the built-in tool getent and bash brace expansion:

getent hosts 130.59.{20,31}.{0..255}

Useful if you are on a system/container with limited tools.

#pentest #dns #linux