François Reynaud

🎙 La conférence @_leHACK_ se tiendra du 27 -29/06 à @citedessciences #leHACK 🛡 Retrouvez les talks de nos 3 collaborateurs ⤵ 🔸 vendredi @Defte_ de 14h à 14h45 et Geoffrey Sauvageot Berland de 17h15 à 18h 🔸 samedi @d3lb3_ de 10h45 à 11h30 👉 ow.ly/pxEm50WfTjN

@JenMsft Essentially the CTRL + Z of Web browsing 😅

CTRL + SHIFT + T to the rescue to reopen the browser tab you just closed

@synbyte @Defte_ output is not so nice with responder, though

@Defte_ Can you not just run responder in a analyzer mode? I am sure you can see all the dns or other traffice, which will help you see all (I think) active hosts.

During internal assessments I realized that the most difficult part is to detect all subnets. Running nmap is good but long . So what if we let computers and servers talk to us instead and monitor incoming packets ? (1/2)

@DanielMiessler wouldn't piping to xargs work ? something like <stuff> | xargs nmap <stuff>

I need to be able to pipe into my portscanner. Hence Naabu. github.com/projectdiscove…

@Jhaddix And then alias it for convenience !

Web Hacking Tip: When using ffuf change the user agent string as the default one "Fuzz Faster U Fool" is commonly blocked. -H "User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36"

@TomNomNom guess it has its own musical tastes 😂

Made some improvements to Impacket's version enumeration for Windows. Now you have a much better idea of which Windows versions you are dealing with. Already available in NetExec, PR to the Fortra repository is open. Here is a before and after example:

@al3x_n3ff @_zblurx Neat !

@bettersafetynet @0xTib3rius why not egg day, then ?

@0xTib3rius I mean just look at it... 0 is an oval. Why are we arguing this? If it were "Δ day" we'd call it triangle day. But it's "0 day". The oval is right there.

Damn it flare4869, don't ruin the fun.

@ArchbishopBased @Glm18893 @mattwensing AFAIK, it doesn't

@Glm18893 @mattwensing if the resources cost too much to fulfill the prompt of a paid user, how does AI make money?

GPT has definitely gotten more resistant to doing tedious work. Essentially giving you part of the answer and then telling you to do the rest. Imagine your database only giving you the first 10 rows when you run a query. The tide is going back in.

@Waltuuh @ZephrFish tbf, they're not supposed to, cuz they're supposed to be aware that a pentest is going on. That's one of the main differences between a red team and a pentest

Now and again it’s good to have fun

@Iinux oddly specific 🤣

Are you new or getting started in pentesting? Is it hard to come by AD environments to practice on except when on an engagement? Check out: Game of Active Directory (GOAD): A vulnerable Active Directory environment for penetration testing practice. (link below)

Dammit, It's ACTUALLY always DNS

@_dev_ice @vim_tricks You can use visual mode mappings for this: vnoremap <C-j> :m '>+1<CR>'<V'> vnoremap <C-k> :m '>-2<CR>'<V'>

@vim_tricks I would be great if visual move can move whole block selected

You can use ddp to move the current line down in Vim. But I use mappings for Ctrl-j and Ctrl-k to move one or more lines up or down quickly... 👉 Read the tip: bit.ly/3dhJuqn ✉️ Free weekly tips: bit.ly/vimtricks

@0xTib3rius What's the app for ? What's are its most critical functionalities ? Is there a WAF ?

Web #AppSec interview questions! Reply with your best answer (and/or share this post!), I'll post mine tomorrow. Question 45: What are some questions you would ask a customer during a web app pentest scoping call? #InfoSec #Cybersecurity #BugBounty #Hacking

@mpgn_x64 Also, it saves results in cmedb 😊 But is the administrator password 'October2022' or 🦄🦄🦄🦄🦄🦄🦄🦄 ? xD

A new module just landed on CrackMapExec called WCC by @__fpr 🚀 This module checks various configuration items on Windows machines, such as LSA cache, hash storage format, etc 🤿 You can also export the results for your pentest report ✍ Available on github.com/mpgn/CrackMapE…

@rez0__ What do you look for when reading the Javascriot ?

1/ Read the javascript 2/ Be quick to collaborate 3/ Read new vulnerability reports 4/ Impact over argument 5/ Respectfully push back (against downgrading severities)

10 (very) short tips for bug bounty:

🎁 JEU CONCOURS 🎁 C'est l'événement à ne pas rater 🔥 Vous avez envie d'y participer ? Tentez de gagner 2️⃣ places pour vivre les Jeux Olympiques de Paris 2024 🤩 Pour participer : ✅ Follow @energiedusport ✅ RT ce tweet

@DanielMiessler @AndrewMohawk

A truly human and awesome use of AI! Great work @AndrewMohawk !