penteststuff

@wh1t3h4ts Personnally? I aliased "DIDIFUCKINSTUTTER" to "sudo !!"

protip: alias sudo to "please" for a much more wholesome linux experience

@vibingmonk That's... Unironicly very readable ?

Personally, I prefer to increase the spacing for each successive indent according to the Fibbonaci sequence:

@sweis Thanks, I hate it xD

In Germany, everyone uses `ßh` instead of `ssh`.

Getting a lot of responses on my Tor/VPN/Anonymity comments. I'll just explain my reasoning and background in a quick vid vs. responding to all the doubters and haters. Believe what you want, but being anonymous on the Internet is very hard.

@graninas Agree to all of the above, would also add "Stop auto-extending ongoing text selections to arbitrary uncancellable boundaries like whole paragraphs or lines". And then I'd start my rant about unreadable delimitation-less flat design. 🙃

Sending messages by 'Enter' is idiotic. You can't change my mind on this. It's one of the most dangerous UI/UX misfeatures that have taken over our tools in the last decade, all in favor of misconceptions about "stupid users" who supposedly need care from patronizing corps. Fire all UI/UX designers. They are useless. They are dangerous. Bring back non-moving, non-behaving fixated and stable UIs we had in the 90's and 00's. Stop shuffling things right under my cursor when I least expect this. Things on the screen must not shuffle and jump randomly. They just mustn't. Stop shuffling things I carefully arranged for myself. No UI should change unless I explicitly allow this. Stop all the animations. They only consume my attention and time. Stop non-idempotent undo actions. If I typed 3 characters "wor", backspace should remove them one-by-one in reverse order, exactly as they were typed. Not the whole word, and not what was added by autocompletion I never asked for. If I type, I erase exactly what I typed, in exact order, and nothing more, and nothing less. Stop accelerating text deletions in mobile UIs when backspace is held down. I want to erase my latest characters, not entire paragraphs you stupid UI (or rather that terrorist who invented this). Stop loading websites as ever-changing, two-dimensional ribbons that jump around the screen before they’ve even finished loading. You won't believe how much of this drains brainpower and produces unhealthy frustrations worldwide. This frustration then channels itself in unexpected ways we, as a society, don’t really want. We need to rebuild everything in IT that was corrupted during these misguided years, with the principle that software should fit the user like normal clothing, not like ever-changing BDSM gear the user must fit into.

Anyone who tests AI on their area of expertise rapidly realizes that AI is an idiot. Unfortunately, it is becoming clear to me that many humans do not have an area of expertise.

Vids from @radareorg con are up Chameleon, polymorphic shell engine | gum3t youtu.be/qQpk0XpQkGw via @YouTube github.com/gum3t/chameleon

@Flangvik A couple viable alternatives to AWS API Gateway detailed here github.com/ZephrFish/Omni… and github.com/synacktiv/IPSp…

@Jhaddix Even better, il you use the "llm" command (github.com/simonw/llm) , you can tie it to a variety of different ai providers both cloud and local, and quickly recall manners of presets, system prompts or other confs... Have your logs analyzed, captchas solved, videos summarized...

🧠 Did you know you can pipe into Claude Code? Like: cat logs.txt | claude -p "analyze for..." strings bin.bin | claude -p "explain X" etc...

dear diary, it’s been 12 hours since aws-us-east-1 vanished into the void half the internet apparently shares one data center lease and none of their computers are answering calls iʼm starting to think the that cloud was just someone else’s basement all along

Service triggers can be a pentester’s secret weapon, letting low-priv users quietly fire up powerful services. In our new blog, @freefirex2 breaks down the types of service triggers that exist and how they can be activated with little to no code required. trustedsec.com/blog/theres-mo…

@tritlo Gotta defeat time correlation attacks somehow don't ya? :P

has security gone too far?

@haydendevs You paid for access to the whole Internet, you can use the whole Internet 😤

they cut my internet access today.

@struppigel A bit on the other side of the coin (if there is such a thing), but tmpout.sh has very interesting articles about the techniques you might encounter used.

I am looking for good resources for Linux malware analysis, including books and courses. If you have any recommendations please let me know.

@GrahamHelton3 How about Gron? github.com/tomnomnom/gron

I have a confession to make I would rather use grep on json files over JQ

Are you in charge of writing Cybersecurity incident reports and need to spice up the language so the report isn’t so boring?? Try this, instead of saying we suffered a breach due to the compromise of a 3rd party: > we got fucked in the aaS Follow me for more pro writing tips

They took this from us, now things are dumber and harder to use? Why? We need to go back to Windows 2000.

Pretty solid offensive #Linux combo: ptrace-inject for proc injection + Sneaky_remap for hiding from /proc/pid/maps + TLS callback shared object for encrypted reverse shell with silly process masquerading as "ps aux". I am just connecting the dots, huge thanks to Artemis21 and @magisterquis github.com/magisterquis/s… / gist.github.com/cr0nx/d444e94f… / github.com/Artemis21/ptra… It would be awesome to have similar injector capability available as BOF in bof-launcher or any other C2 framework supported on Linux github.com/The-Z-Labs/bof… LET'S GO!

@GrahamHelton3 I'm more surprised that AI is of any use for actual offensive work at all 😅

I'm seeing a LOT of reckless uses of AI for offensive security work. Ill be releasing a series of blog posts soon that I've been working on for ~4 months. I hope it will help red teams contextualize how to use AI during assessments in a way that isnt borderline negligent.