PentestSky

Penetration Testing Tools Cheatsheet Credit : @compasssecurity #infosec #cybersecurity #pentesting #oscp #cheatsheet #vulnerabilities #informationsecurity #networking #hacking #nmap #metasploit #tools

Have you every wanted to get into Windows Kernel Exploitation but don't know where to start? I'm going be releasing a series to get you from Windows 7 (x86) to Windows 11 (x64). You can find the first tutorial here: wetw0rk.github.io/posts/0x00-int…

I have put together a list of publicly known IOC for impacket. Thanks to @Octoberfest73 and others on the awesome research. n7wera.notion.site/Modifing-Impac…

Our public tools list is growing: maldev.com/tools

Executing Mimikatz and bypassing memory scans from PE-sieve and Moneta using PeFluctuation from update 6.

Checkout my phishing infrastructure setup guide notes, which i recently published on github. It contains tips and tricks along with some IOC removal for evilginx3.3 and GoPhish. Thanks to @mrgretzky for integrating Gophish with evilginx. github.com/An0nUD4Y/Evilg… #evilginx

flutter-spy - explore, analyze, and gain valuable data & insights from reverse engineered Flutter apps #MobileSecurity by anasfik github.com/anasfik/flutte…

🚀I'm finally releasing GraphSpy to the public!🕵️ A powerful offensive security tool focused on making initial access and post-compromise enumeration in Microsoft Entra and M365 much more convenient during penetration tests and red team assessments! github.com/RedByte1337/Gr…

CVE-2024-1086 (Local Privilege Escalation) - While the xz backdoor was all over the place, this incredible exploit seemed to "slip" by! - This is working on most Linux kernels from 5.14 to v6.6 - Repo: github.com/Notselwyn/CVE-… - Creator: @notselwyn

[Announcement] April 2024 - Month of Azure Red Teaming. 20% OFF on our Azure Red Team classes. Use Azure20OFF coupon (with Stripe). alteredsecurity.com #redteam #Pentesting #Azure

Tired of failed phishing attempts? Using the 1337est AI FAFO technology, Evilginx trained on data from thousands of successful login attempts, can now predict valid session cookies, even before the phished user starts to enter their credentials.🔥 The new era of AIshing awaits!

@trouble1_raunak & I wrote a blog post on an attack path discovered during the recent Cloud Pentest that allowed us to gain Command Execution on the On-Prem machines. Feel free to provide feedback if any. whiteknightlabs.com/2024/02/21/piv… #redteam #Azure #pentest #cloudsecurity

Did a little writeup of the CSP bypass I reported to PortSwigger. It might be interesting to anyone who saw the disclosed report and wonders if CSP bypasses are the new ripe low-hanging fruit! joaxcar.com/blog/2024/02/1…

@RenwaX23 This hits hard auchhhh....

CTF Player vs Bug Bounty Hunter

Maldev Academy Code Search: We’re very happy to announce the creation of a new code search service that will ease the learning and maldev experience for users. The site currently has over 7000+ lines, 300+ snippets in total with new snippets being added every month. All snippets were rewritten from scratch and are modular. Not all snippets overlap with the Maldev Academy course. Snippets reference Maldev Academy modules, where applicable, in order to aid learning. You will be able to create a personalized list of snippets that you use frequently. We’re in the QA stages right now and the launch date will be some time this month. Any user with a Maldev Academy lifetime plan will be eligible for a discount. Finally, we will be doing several giveaways during launch so stay tuned!

Reading up on CVE-2024-0204: > Using "Advanced tooling" > findstr /s "InitialAccount" .\* 💀

AnyDesk Breach 2024: Dark Web Sale of 18,317 Credentials securityonline.info/anydesk-breach…

New blog by @itm4n is a must read for blue and red alike: itm4n.github.io/printnightmare… Quality stuff as always. Thanks I updated my Client-Checker to evaluate the affected reg keys so you can quickly check on your own if you might be affected or not: github.com/LuemmelSec/Cli…

🛡️ Unleash your inner hacker! 🕵️‍♂️ Dive into the fascinating world of Active Directory with @infosecn1nja's AD-Attack-Defense repo. 💻 Strengthen your cybersecurity skills, one attack and defense at a time. Check it out: github.com/infosecn1nja/A… 🔒 #CyberSecurity #InfoSec 🚀

🚀 Check out this repo for Jenkins security testing - "pwn_jenkins" by gquere. Strengthen your Jenkins server's defenses and ensure airtight security. Explore the GitHub repo here: github.com/gquere/pwn_jen… #Jenkins #CyberSecurity #DevOps 🔐💻

Annoucing GRROXY! 2 years back I had a thought that we can have *BURP* alt. by simply using #proxify to capt. traffic, #ffuf as intruder, & so on... So I created one. grroxy.com [Go+Js] Inviting you all to join me for beta testing and exploring ideas together. Thx!