bigJ

Cool series to learn IoT/embedded devices reverse engineering (credits @Palantir555) Debug Ports: buff.ly/3WGw513 Firmware: buff.ly/3WHNOFo Data: buff.ly/3WRz5r4 Flash: buff.ly/3WKnhay Digging the Firmware: buff.ly/3WUY50u #iot

Me at the start of every red team: * I will report as I go * I will take the most comprehensive notes ever seen * I will not rely on C2 logs * screen cap all the things ..... Me at the end of every red team: * well shit

Getting an extra laptop power adapter to keep at the office is the best quality of life improvement I have made in a long time

The Protected Users Group is one of the most OP Active Directory security protections I wish I knew about earlier🧵 What does it do? Glad you asked: - Disables NTLM Authentication - Disables usage of DES or RC4 encryption for Kerberos tickets - Restricts delegation + Much more!

5head is a pentest automation toolset I wrote to help you speed up those repeatable tasks you might perform on any given network pentest. We've just made v1.0 public, with lots of plans for future functionality and releases. Check it out⤵️: github.com/Renegade-Labs/…

Finished Offshore from @hackthebox_eu :) Review soon.

@_mostwanted002_ OSCP is the bachelor's degree of pentesting certs. You don't need it to get hired, but it sure as hell helps.

@DavidAlvesWeb @_rybaz I am about to go through the mobile challenges on HTB. Can't say how good it is, but HTB hasn't disappointed me yet. Also, John Hammond recently live streamed a Mobile pentest workshop last week if you want to check that out: youtube.com/watch?v=OscXnj…

@DavidAlvesWeb @_rybaz owasp.org/www-project-mo… - Can't go wrong with OWASP testing guidelines

Anyone here enjoys doing Mobile Pentesting? #Android #ios #Pentesting #Infosec

Want to highlight text in a file but still see the rest of the file contents? Very helpful grep command: grep --color 'LOOKFORME\|$' file.log

Ever come across a file running on a Linux box that was deleted from the disk? Did you know you can likely use DD to recover the file without any non-standard tools?

LAPSU$ extortion group, the South American group who recently claimed to exfiltrate 1TB of data from NVIDIA and also claimed to have been "hacked back" by NVIDIA, has addressed the rumors and speculation. Initially LAPSU$ claimed NVIDIA deployed ransomware, here is the truth

403 Forbidden - Game Over? 🕹 Not today, we are having some extra coins to play with 💰 @hasanakajan is not holding back his secrets for you 🕵️‍♂️ #bugbounty #bugbountytips 👇

@Rhynorater Yes, Scope Monitor.

@frycos/searching-for-deserialization-protection-bypasses-in-microsoft-exchange-cve-2022-21969-bfa38f63a62d" target="_blank" rel="nofollow noopener">medium.com/@frycos/search… Blog post published with my special guest "Microsoft Exchange (CVE-2022-21969)"

Windows Defender AV allows Everyone to read the configured exclusions on the system 🤦 reg query "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions" /s

#MalwareAnalysis Tip: Why some windows APIs end in "Ex" and "A" or "W" i.e. CreateWindowExA Ex Suffix = Microsoft has updated the function and the new function has the Ex suffix ;) A / W Suffix = Function takes a str as a parameter (A/W depends on ANSI or unicode)

Detection Lab Collection of Packer & Vagrant scripts that quickly bring a Windows AD online, complete with a collection of endpoint security tooling & logging best practices 😎 WriteUp @clong/introducing-detection-lab-61db34bed6ae" target="_blank" rel="nofollow noopener">medium.com/@clong/introdu… Code github.com/clong/Detectio… #infosec #pentest #blueteam #redteam

Always test JSON body parameters. In my case I bypassed email verification. #bugbountytips