🚀 𝗙𝗹𝗮𝘀𝗵𝗙𝘂𝘇𝘇 – Una herramienta rápida y ligera para investigadores y pentesters. 🕵🏽♂️
Fuzzear URLs y detectar secretos directamente desde tu navegador nunca fue tan fácil.
Explora endpoints ocultos y claves sensibles en segundos, sin usar la terminal.
- Ideal para quienes buscan reconocimiento inmediato y eficiencia.
🔗 https://github.com/Ademking/FlashFuzz
#FlashFuzz #Pentesters #Fuzzing #Pentesting #EthicalHacking #CyberSecurity
😱 In just one week, over 500,000 people learned how to use #OSINT to prepare for physical #intrusions!
⛓️💥 With several years of experience in physical security audits, Sylvain Hajri, CEO of Epieos, shared his expertise during his interview on #Underscore_ , the leading French #IT and #hacking talk show hosted by #Micode.
Watch the full video here ( 🇨🇵 and 🇺🇲 versions available):
👉 https://www.youtube.com/watch?v=L7dnmHnJbww&t=2008s&ab\_channel=Underscore\_
🥷 This video, it’s an excellent way for #pentesters and #cybersecurity professionals to educate those around them, both individuals and organizations, about what #redteams are and how they operate.
El lado del mal - The Hacker Labs: Aprender a ser Pentester haciendo retos CTF https://www.elladodelmal.com/2025/05/the-hacker-labs-aprender-ser-pentester.html #CTF #hacking #Pentest #Pentesting #Pentesters #CON
#pentesters : What are some gripes you have with Burp and/or Caido?
Really excited to be presenting Faction at @phreaknic 25! If you're tired of writing
#pentest
reports and wish to collaborate more with your fellow
#pentesters
then check out my talk 5:00pm - 5:30pm on Friday Nov. 8 🚀
ran ptf on the kali ai lab box after inaging and doing timeshift incremental backups - the python venv is kind of confusing, it used to be basic and straightforward, now it is a bit more involved #ptf #install it all #standards committee #pentesters framework github
#Hacking is not just #OldSchool tooling and techniques. Modern #MobileApps are a fun target for #ReverseEngineers and #Pentesters alike. A fundamental tool to properly hack mobile apps is @fridadotre by @oleavr.
We continue our tour of my @github projects with my humble contributions to this field:
https://github.com/0xdea/frida-scripts
For a well-maintained project that includes some of my #Frida scripts, check out #Brida by @apps3c and Piergiovanni Cipolloni:
https://github.com/federicodotta/Brida
And even after many years, if you search for well-crafted Frida scripts to bypass certificate pinning or root detection, there’s a very good chance that you’ll stumble upon the work of some of my colleagues… Very proud of my team at @hnsec!
I'm happy to be here and after thinking about attending a security test course I decided to focus on creating a #GNU #Linux #Debian #distro which is focused on #security for #sysadmins #developers #pentesters and #artists called #procyberian #ProcyberianSystemsDistribution and then now let's say #happhacking !
https://github.com/procyberian is our home for our projects ! #github
Thanks !
@yawnbox there's a reason why @nitrokey does offer the entire fulfillment and logistics of their tokens, because these #SupplyChain & #TokenSwap attacks are known to #Pentesters for a decade...
With the new #opensource tool Swagger Jacker, #pentesters can automate analysis of response codes for each #API defined route, streamline manual testing capabilities with #curl command creation, and gather #endpoint routes.
Hey, #appsec and #pentesters ! how many of you use automated report-writing tools for security assessments and what do you use?
Auditing #API endpoints after discovering a public hosted specification file is no small feat for #pentesters. Enter the new #opensource tool from Tony West (@un4gi_io), Swagger Jacker. He’ll walk you through how to use this new #pentesting tool in our next #BFLive training session. 🔨
And afterwards, we’ll be doing a quick #AMA with Tony in our #Discord server, which you can join at the link! It’s an active group consisting of 1600+ #infosec community members.
#pentesters when ever an inconvenience happens #hacking #infosec meme
Question for all #pentesters : Assume you have got access to user's Home directory via a exploit which allows you to read the file if you know the file name. What files would you like to read?
SliverC2 Test + old code which still working...
this C# code was for 2019-2020 and i talked about that in my ebook "Bypassing AVs by C#.NET Programming v1.0" (Published in 2016 up to 2020 , free) but code still working on Windows Defender with (update 2023/08/28) , a little bit code changed by me which you can see in video , VirtualProtectEx added for changing RWX to X...
but in this new test, as you can see "Sliver-C2" (which i still think is much better than CobaltStrike) changed X Protection Mode to RW "in-Memory" by itself (not by my code), yeah Sliver-c2 done it and this will help you as penteser/redteamer to bypass almost all Avs and you as Blue teamer should learn how Attackers will bypass your defensive tools by these Simple/Advanced techniques... these things are very important for Defenders and in my new ebook "Bypassing AVs By C# Programming v2.0" , i will talk about these things to defenders/blue teamers also #redteamers and #pentesters or #SecurityResearchers etc.
btw this code is old and available in my github for ebook v1.0
also you can see Cobaltstrike test video here: https://lnkd.in/eCyxjN6m
#blueteam #pentester #redteam #offensivesecurity #defensivesecurity #ebook #av #protectionmode #inmemory #sliverc2
Here is #Arsenal, a useful #commandline #cheatsheet created by Orange Cyberdefense.
Arsenal is just a quick #inventory, #reminder and #launcher for #pentest #commands.
This project written by #pentesters for pentesters simplify the use of all the hard-to-remember commands
Lots of useful information in this article for both #researchers and #pentesters (and #defenders of course)
#mTLS: When certificate authentication is done wrong
https://github.blog/2023-08-17-mtls-when-certificate-authentication-is-done-wrong/
After Lunch we have @Jhaddix session planned "Easy EASM - the zero dollar attack surface management tool". Would be interesting talk for #bugbountyhunters #pentesters and even #productsecurityengineers
PowerShell commands, scripts and payloads to Enumerate, Edit and manipulate Windows Systems: https://github.com/Whitecat18/Powershell-Scripts-for-Hackers-and-Pentesters
I actually did useful #InfoSec work today. Picked apart a “Free Security Scan!” report tossed at us by an irate client.
I really wish cheap-ass “#pentesters” would learn to recognize distro-maintained versions of major packages. I do not need a list of the scores of CVE’s for httpd that have been mitigated by ASF since RedHat bumped the nominal version of their custom-patched package. Scans like that just make people angry at their lazy sysadmins. Who are not in fact being lazy.
