El lado del mal - The Hacker Labs: Aprender a ser Pentester haciendo retos CTF https://www.elladodelmal.com/2025/05/the-hacker-labs-aprender-ser-pentester.html #CTF #hacking #Pentest #Pentesting #Pentesters #CON
#pentesters
#pentesters : What are some gripes you have with Burp and/or Caido?
Really excited to be presenting Faction at @phreaknic 25! If you're tired of writing
#pentest
reports and wish to collaborate more with your fellow
#pentesters
then check out my talk 5:00pm - 5:30pm on Friday Nov. 8 🚀
ran ptf on the kali ai lab box after inaging and doing timeshift incremental backups - the python venv is kind of confusing, it used to be basic and straightforward, now it is a bit more involved #ptf #install it all #standards committee #pentesters framework github
#Hacking is not just #OldSchool tooling and techniques. Modern #MobileApps are a fun target for #ReverseEngineers and #Pentesters alike. A fundamental tool to properly hack mobile apps is @fridadotre by @oleavr.
We continue our tour of my @github projects with my humble contributions to this field:
https://github.com/0xdea/frida-scripts
For a well-maintained project that includes some of my #Frida scripts, check out #Brida by @apps3c and Piergiovanni Cipolloni:
https://github.com/federicodotta/Brida
And even after many years, if you search for well-crafted Frida scripts to bypass certificate pinning or root detection, there’s a very good chance that you’ll stumble upon the work of some of my colleagues… Very proud of my team at @hnsec!
I'm happy to be here and after thinking about attending a security test course I decided to focus on creating a #GNU #Linux #Debian #distro which is focused on #security for #sysadmins #developers #pentesters and #artists called #procyberian #ProcyberianSystemsDistribution and then now let's say #happhacking !
https://github.com/procyberian is our home for our projects ! #github
Thanks !
@yawnbox there's a reason why @nitrokey does offer the entire fulfillment and logistics of their tokens, because these #SupplyChain & #TokenSwap attacks are known to #Pentesters for a decade...
With the new #opensource tool Swagger Jacker, #pentesters can automate analysis of response codes for each #API defined route, streamline manual testing capabilities with #curl command creation, and gather #endpoint routes.
Hey, #appsec and #pentesters ! how many of you use automated report-writing tools for security assessments and what do you use?
Auditing #API endpoints after discovering a public hosted specification file is no small feat for #pentesters. Enter the new #opensource tool from Tony West (@un4gi_io), Swagger Jacker. He’ll walk you through how to use this new #pentesting tool in our next #BFLive training session. 🔨
And afterwards, we’ll be doing a quick #AMA with Tony in our #Discord server, which you can join at the link! It’s an active group consisting of 1600+ #infosec community members.
#pentesters when ever an inconvenience happens #hacking #infosec meme
Question for all #pentesters : Assume you have got access to user's Home directory via a exploit which allows you to read the file if you know the file name. What files would you like to read?
SliverC2 Test + old code which still working...
this C# code was for 2019-2020 and i talked about that in my ebook "Bypassing AVs by C#.NET Programming v1.0" (Published in 2016 up to 2020 , free) but code still working on Windows Defender with (update 2023/08/28) , a little bit code changed by me which you can see in video , VirtualProtectEx added for changing RWX to X...
but in this new test, as you can see "Sliver-C2" (which i still think is much better than CobaltStrike) changed X Protection Mode to RW "in-Memory" by itself (not by my code), yeah Sliver-c2 done it and this will help you as penteser/redteamer to bypass almost all Avs and you as Blue teamer should learn how Attackers will bypass your defensive tools by these Simple/Advanced techniques... these things are very important for Defenders and in my new ebook "Bypassing AVs By C# Programming v2.0" , i will talk about these things to defenders/blue teamers also #redteamers and #pentesters or #SecurityResearchers etc.
btw this code is old and available in my github for ebook v1.0
also you can see Cobaltstrike test video here: https://lnkd.in/eCyxjN6m
#blueteam #pentester #redteam #offensivesecurity #defensivesecurity #ebook #av #protectionmode #inmemory #sliverc2
Here is #Arsenal, a useful #commandline #cheatsheet created by Orange Cyberdefense.
Arsenal is just a quick #inventory, #reminder and #launcher for #pentest #commands.
This project written by #pentesters for pentesters simplify the use of all the hard-to-remember commands
Lots of useful information in this article for both #researchers and #pentesters (and #defenders of course)
#mTLS: When certificate authentication is done wrong
https://github.blog/2023-08-17-mtls-when-certificate-authentication-is-done-wrong/
After Lunch we have @Jhaddix session planned "Easy EASM - the zero dollar attack surface management tool". Would be interesting talk for #bugbountyhunters #pentesters and even #productsecurityengineers
PowerShell commands, scripts and payloads to Enumerate, Edit and manipulate Windows Systems: https://github.com/Whitecat18/Powershell-Scripts-for-Hackers-and-Pentesters
I actually did useful #InfoSec work today. Picked apart a “Free Security Scan!” report tossed at us by an irate client.
I really wish cheap-ass “#pentesters” would learn to recognize distro-maintained versions of major packages. I do not need a list of the scores of CVE’s for httpd that have been mitigated by ASF since RedHat bumped the nominal version of their custom-patched package. Scans like that just make people angry at their lazy sysadmins. Who are not in fact being lazy.
Building detailed maps of web applications and their supporting #JavaScript code and files is paramount to #vulnerability discovery in #offensivesecurity testing.
But for #pentesters, discovering the deepest, darkest secrets in JavaScript can be like mining for gold, sifting through copious amounts of extraneous information to find the smallest bits of criticality that expose weak points in applications. Knowing where to turn for the latest and greatest JavaScript mining tool developments is worth its weight in gold for #offsec practitioners needing to constantly increase efficiency and efficacy in web application penetration testing.
See how the #opensource tool jsluice can help during the next #BFLive #ToolTalk, featuring @tomnomnom.
bfx.social/3PQ85I2
Jsluice is the newest tool from Tom Hudson, and in this month's #ToolTalk #BFLive event, he'll show you how to get the most from this #opensource, Go package and command-line tool used for extracting URLs, paths, secrets, and other interesting data from #JavaScript source code. This is a must-watch for #pentesters.
Client Info
Server: https://mastodon.social
Version: 2025.04
Repository: https://github.com/cyevgeniy/lmst