Es Geeks

¿Listo para actualizar tu arsenal? Analizamos los mejores gadgets para hacking ético de 2026. Del Flipper Zero al Wi-Fi Pineapple, te mostramos el equipo esencial. #HackingEtico #Pentesting #Ciberseguridad esgeeks.com/gadgets-hackin…

Link: github.com/prompt-securit…

ClawSec: la suite de seguridad esencial para tus agentes de IA. Protege contra inyección de prompts y "drift" con auditorías automatizadas y monitoreo en 🤖🛡️🔍 #Ciberseguridad #IA #AISecurity #PromptInjection #OpenClaw #NanoClaw #OpenSource #EthicalHacking #DevSecOps #AIagents

Reversing a Vulnerable Driver: Discovering a Kernel Memory Allocation Primitive New Medium post. Today , we identify a kernel memory allocation vulnerability in a classic vulnerable driver, which allows an attacker to allocate memory space in the kernel @s12deff/reversing-a-vulnerable-driver-discovering-a-kernel-memory-allocation-primitive-6fed8383fefc" target="_blank" rel="nofollow noopener">medium.com/@s12deff/rever…

mstsc /shadow is a built-in Windows feature for RDP session shadowing A technique demonstrated by Slavi Parpulev shows how to attach to a session using its ID and how consent behavior depends on configuration and privileges Learn more: justhacking.com/course/masteri… #cybersecurity #infosec #activedirectory

Abusing Microsoft Outlook 365 to Capture NTLM 🔥 Telegram: t.me/hackinarticles ✴ Twitter: x.com/hackinarticles Attackers can abuse Microsoft Outlook 365 features to capture NTLM hashes, enabling credential theft and potential domain compromise. ⚡ Attack Highlights 📧 Send crafted email/meeting request 🔗 Embed malicious UNC path 📡 Force victim system to authenticate 🎟 Capture Net-NTLMv2 hash 🔄 Relay or crack credentials 🚀 Gain unauthorized access 💡 Outlook can automatically trigger authentication to attacker-controlled servers, leaking NTLM hashes without user interaction in certain scenarios. 📖 Article: hackingarticles.in/abusing-micros… #CyberSecurity #ActiveDirectory #NTLM #RedTeam #Pentesting #PrivilegeEscalation #InfoSec

El lado del mal - Vibe Coding en BASIC para AMSTRAD CPC sale (un poco) más caro elladodelmal.com/2026/04/vibe-c… #VibeCoding #BASIC #TRON #Gaming #Amstrad #Retro #Emuladores #IA #AI #InteligenciaArtificial #LLM

Link: github.com/projectdiscove…

🐦 Katana: el crawler web de nueva generación para pentesting 🔥 Rápido, altamente configurable, con modo estándar y headless, parseo de JavaScript y llenado automático de formularios. Perfecto para descubrir endpoints ocultos. 💥🛠️🔓🛡️ #Pentest #BugBounty #WebSecurity #Seguridad

@Yana_Brianna Для безопасного удаленного подключения можно использовать Supremo.

Почемуууу ? 🥲🥲🥲 Есть айтишники в зале ?

@DrevlPixls un modelo local llamado metatron-qwen, que es una versión entrenada de Qwen 3.5 ejecutado con Ollama

@EsGeeks Y que AI usa ?

¡METATRON es el asistente de pentesting con IA que funciona 100% OFFLINE! Automatiza tu recon con Nmap, Whois, Nikto y analiza los resultados con un LLM local. Ideal para auditar tus sistemas. 🤖🛠️🔍🧠 #ethicalhacking #pentest #ai #cybersecurity #redteam #ia #hacking

@Vicfob No intentes eso :(

@EsGeeks Necesito auditar a mi ex. Cómo hago con esto?

🎉 Hundreds of new malicious browser extensions added to extsentry.github.io !

JS-Tap: Weaponizing JavaScript for Pentesting Blog: trustedsec.com/blog/js-tap-we… #infosec

🚨 M365 Connector for Claude: Who’s Accessing Your Workloads? Using the Defender XDR GraphAPIAuditEvents schema, I built a KQL query to list Entra users accessing Microsoft 365 workloads via the Claude connector and the specific workloads they touch. Once enabled, this connector allows Claude to directly access SharePoint, OneDrive, Outlook, and Teams — a powerful capability that demands governance oversight. For defenders, this query provides actionable visibility into who is using the connector and what information they are accessing, helping SecOps teams monitor adoption pressure, enforce governance policies, and ensure connector risks are managed before they escalate. KQL Code: github.com/SlimKQL/Detect… #Cybersecurity #M365ConnectorClaude #Entra #Governance

Link: github.com/sooryathejas/M…

LinkedIn secretely scans for 6,000+ Chrome extensions, collects data bleepingcomputer.com/news/security/… bleepingcomputer.com/news/security/…

SSH Penetration Testing (Port 22) 🔥 Telegram: t.me/hackinarticles ✴ Twitter: x.com/hackinarticles SSH (Secure Shell) is a cryptographic protocol used for secure remote login and command execution over unsecured networks. During penetration testing, misconfigurations or weak credentials in SSH services can allow attackers to gain unauthorized access. () 📚 Techniques Covered in This Guide 🔎 Enumeration with Nmap 🔐 Password Cracking using Hydra ⚡ Authentication using Metasploit 💻 Running Commands on Remote Machine 🔁 SSH Port Redirection 🧪 Nmap SSH Brute Force Script 🔍 Enumerating SSH Authentication Methods 🔑 Key-Based Authentication 🛠 Key-Based Authentication using Metasploit 📦 Post Exploitation using Metasploit 🌐 Local Port Forwarding (Password Based) 🔐 Local Port Forwarding (Key Based) 📖 Article: hackingarticles.in/ssh-penetratio… #CyberSecurity #EthicalHacking #Pentesting #SSH #RedTeam #InfoSec

🔥🤖 M365 Connector for Claude – Why SecOps Must Care Monitoring the M365 Connector for Claude is critical because when ResultType=0, it means an Entra Global Admin has granted permissions, enabling Claude to directly access SharePoint, OneDrive, Outlook, and Teams—a governance decision with major security implications that SecOps must track closely. Meanwhile, ResultType=90095 shows end users attempting to use the connector without the admin grant, signaling demand, shadow IT risk, and adoption pressure. By watching both signals, defenders gain visibility into where governance decisions meet user behavior, ensuring connector risks are managed before they escalate. KQL Code: github.com/SlimKQL/Detect… #Cybersecurity #M365ConnectorClaude #Entra #Governance

Link: github.com/anchore/grype

Grype: tu escáner de vulnerabilidades esencial para contenedores y sistemas de archivos. Soporta Docker, OCI, paquetes de OS y lenguajes (Go, Python...). Prioriza riesgos con EPSS. ¡Ideal para securizar tus despliegues! 💥🛡️ #devsecops #containers #vulnerabilitymanagement #golang