jr0l1v4

''GitHub - Maldev-Academy/ExecutePeFromPngViaLNK: Extract and execute a PE embedded within a PNG file using an LNK file.'' #infosec #pentest #redteam #blueteam github.com/Maldev-Academy…

Red Teaming 101 : FUD Reverse Shell and Advanced Social Engineering on Windows (Part 4) : osintteam.blog/red-teaming-10… Privilege Escalation on Windows Using LNK Files (Part 3) : osintteam.blog/red-teaming-10… Part 2 : Bypass Mark of the Web (MotW) on Windows : osintteam.blog/red-teaming-10… Part 1 : Using LNK Files for Initial Access : osintteam.blog/red-team-tips-…

10 Hand picked Docker & K8s Courses for Beginners (Enroll Fast) 1. Linux Tutorials and Projects 🔗 technologytothepoint.com/2024/10/linux-… 2. Docker for the Absolute Beginner 🔗technologytothepoint.com/2024/10/docker… 3. Kubernetes: Getting Started 🔗technologytothepoint.com/2024/10/kubern… 4. DEMO - Docker & Kubernetes 🔗technologytothepoint.com/2024/10/demo-d… 5. Docker for beginners: Build and Dockerize a basic nodejs app 🔗technologytothepoint.com/2024/10/docker… 6. Practical Docker For Frontend Developers 🔗technologytothepoint.com/2024/10/practi… 7. MySQL on Docker 🔗technologytothepoint.com/2024/10/mysql-… 8. Building Docker & Kubernetes Network & Security Lab 🔗technologytothepoint.com/2024/10/buildi… 9. DevOps Deployment Techniques with Docker, Kubernetes & AWS 🔗technologytothepoint.com/2024/10/devops… 10. Learn Docker Quickly: A Hands-on approach to learning docker 🔗technologytothepoint.com/2024/10/learn-…

GitLab Authentication Bypass (CVE-2024-45409) : blog.projectdiscovery.io/ruby-saml-gitl… credits @rootxharsh @iamnoooob

Pentesting 101: Kubernetes Pentesting Complete Guide for Beginners Guide: cloud.hacktricks.xyz/pentesting-clo… #infosec #cloud

RCE on Xiaomi 13 Pro (CVE-2023-26324) 👉Exploitation: 1) Open URL in WebView 2) Inject JavaScript 3) Execute JavaScript Interface functions from vulnerable GetApps to install & launch payload 4) Get shell Slides with PoC: media.defcon.org/DEF%20CON%2032… by @Yogehi @040xZx at #DEFCON23

Active Directory OSCP Edition 🚨 Source: xmind.app/m/vQuTSG

𝗫𝗦𝗦 𝗕𝘆𝗽𝗮𝘀𝘀 𝗣𝗮𝘆𝗹𝗼𝗮𝗱: javascript​:var a="ale";var b="rt";var c="()";decodeURI("<button popovertarget=x>Click me</button><cybertix onbeforetoggle​="+a+b+c+" popover id=x>CYBERTIX</cybertix>") By:@thecybertix #bugbountytips

Bambda @Burp_Suite script searches through Burp history for JavaScript files, extracts hidden endpoints, and outputs the discovered endpoints to a text file. The script supports three different regex modes for discovery: High, Deep, and Custom, allowing you to add your own regex. Additionally, you can highlight high-value words (e.g., debug, admin) in red within Burp history if found inside any JavaScript file. The script automatically removes duplicate results. Access the code here: github.com/BugBountyzip/B… #bugbountytips #BugBounty #burpsuite #bambda #bambdas

After some time, I wrote a blog post. It’s nothing new, but I’m switching to learn about Linux/*OS exploitation, and this method could be used in CTF. It's old but still works. También escribí la versión en español. I hope you like it. blog.rop.la/en/exploiting/…

Really excited to announce the release of Kali Linux 2024.2! kali.org/blog/kali-linu… A lot in this release, including the t64 transition, which is a really big deal and has been a lot of work. Special shout out to Arnaud for leading that effort. We also have Gnome 46 desktop, updates to XFCE and the beloved kali-undercover, and a bunch of new tools. NetHunter was updated with support for Android 14 and new devices. Lots of updates to our documentation, and so much more!

See what the ZAP team got up to last month: zaproxy.org/blog/2024-06-0…

5 Tips for API Hackers on Picking Your First Target👇 danaepp.com/5-tips-for-api… #bugbountytips #bugbounty #cybersecurity

Is Nuclei any good for API hacking? Let's find out... danaepp.com/is-nuclei-any-…

Want to use millions of payloads in Intruder without impacting performance? Here's how! #BurpSuiteShorts

v17.0.0 has just been released, bringing you the following (and more) 🎯 new "Security Advisory" challenge 🎨 removing the legacy Score Board 🕵️ enhanced cheat detection 🐳 even smaller Docker images See full release notes at github.com/juice-shop/jui… for details!

Build a local Nmap Dashboard with Grafana hackertarget.com/nmap-dashboard…

I've always been amazed by the wealth of data SMART provides about disks—it can be overwhelming... But with a good LLM, interpreting this data just got simpler!

🎉 Well done to @ElS1carius for discovering an SSRF on a public program using @dorkipty here is his write up. blog.dorki.io/how-i-found-a-… #bugbountytips #BugBounty #infosec #Hacking