#offensivesecurity — Public Fediverse posts

World Password Day. The finding that should sting: roughly 60% of credential issues from real pentests this year came from factory defaults still running. FTP, RDP, Redis, Telnet. No brute-forcing needed.

Dragos Sandu, Product Manager at Pentest-Tools.com, shared the data with IT Security Guru. Full piece: https://www.itsecurityguru.org/2026/05/07/world-password-day-2026-the-credential-crisis-hasnt-gone-away-its-just-got-more-dangerous/

#offensivesecurity #penetrationtesting

World Password Day. The finding that should sting: roughly 60% of credential issues from real pentests this year came from factory defaults still running. FTP, RDP, Redis, Telnet. No brute-forcing needed.

Dragos Sandu, Product Manager at Pentest-Tools.com, shared the data with IT Security Guru. Full piece: https://www.itsecurityguru.org/2026/05/07/world-password-day-2026-the-credential-crisis-hasnt-gone-away-its-just-got-more-dangerous/

#offensivesecurity #penetrationtesting

World Password Day. The finding that should sting: roughly 60% of credential issues from real pentests this year came from factory defaults still running. FTP, RDP, Redis, Telnet. No brute-forcing needed.

Dragos Sandu, Product Manager at Pentest-Tools.com, shared the data with IT Security Guru. Full piece: https://www.itsecurityguru.org/2026/05/07/world-password-day-2026-the-credential-crisis-hasnt-gone-away-its-just-got-more-dangerous/

#offensivesecurity #penetrationtesting

World Password Day. The finding that should sting: roughly 60% of credential issues from real pentests this year came from factory defaults still running. FTP, RDP, Redis, Telnet. No brute-forcing needed.

Dragos Sandu, Product Manager at Pentest-Tools.com, shared the data with IT Security Guru. Full piece: https://www.itsecurityguru.org/2026/05/07/world-password-day-2026-the-credential-crisis-hasnt-gone-away-its-just-got-more-dangerous/

#offensivesecurity #penetrationtesting

World Password Day. The finding that should sting: roughly 60% of credential issues from real pentests this year came from factory defaults still running. FTP, RDP, Redis, Telnet. No brute-forcing needed.

Dragos Sandu, Product Manager at Pentest-Tools.com, shared the data with IT Security Guru. Full piece: https://www.itsecurityguru.org/2026/05/07/world-password-day-2026-the-credential-crisis-hasnt-gone-away-its-just-got-more-dangerous/

#offensivesecurity #penetrationtesting

📰 Accenture Invests in AI-Powered Offensive Security Platform XBOW

Accenture invests in AI-powered offensive security firm XBOW. 🤖 The partnership aims to bring autonomous, continuous penetration testing to clients, fighting AI-driven threats with AI-driven defense. #CyberSecurity #AI #OffensiveSecurity #Accenture

🔗 https://cyber.netsecops.io

Viele denken, der Übergang vom Penetrationstest ins Red Teaming sei eine logische, graduelle Weiterentwicklung. In der Praxis zeigt sich schnell: Es ist ein echter Perspektivwechsel.
Die größten Unterschiede liegen nicht in den Tools, sondern im Mindset:
🔹 OPSEC first – Jede Aktion wird hinterfragt: Welche Spuren hinterlasse ich? Wie reagiert der Verteidiger?
🔹 Realismus vor Geschwindigkeit – Es geht nicht darum, möglichst schnell ans Ziel zu kommen, sondern einen echten Angreifer abzubilden.
🔹 Kontinuierliches Lernen – Standard-Tools werden zunehmend erkannt. Wer sich nicht weiterentwickelt, wird sichtbar.
🔹 Fehler als Lernmoment – Der Moment, in dem man erkannt wird, verändert die eigene Denkweise nachhaltig.
In unserem neuen Blogartikel beschreibt Marcel Heisel, wie wir neue Mitarbeitende auf genau diesen Wechsel vorbereiten – und was dabei wirklich den Unterschied macht.
👉 https://research.hisolutions.com/2026/05/vom-pentester-zum-red-teamer-wie-wir-neue-mitarbeitende-fit-machen/
#RedTeaming #Pentesting #CyberSecurity #OffensiveSecurity #OPSEC #InfoSec #ActiveDirectory

Most tools added AI and called it a feature. We kept asking whether it actually makes results more reliable.

Session two of Office Hours is recorded. Jan covers the ML classifier, the authentication layer, and the MCP integration that won't act without your explicit go-ahead.

45 minutes. Q&A included.

Recording: https://www.youtube.com/watch?v=abGruzf2pPk

#penetrationtesting #offensivesecurity #vulnerabilitymanagement

Most tools added AI and called it a feature. We kept asking whether it actually makes results more reliable.

Session two of Office Hours is recorded. Jan covers the ML classifier, the authentication layer, and the MCP integration that won't act without your explicit go-ahead.

45 minutes. Q&A included.

Recording: https://www.youtube.com/watch?v=abGruzf2pPk

#penetrationtesting #offensivesecurity #vulnerabilitymanagement

Most tools added AI and called it a feature. We kept asking whether it actually makes results more reliable.

Session two of Office Hours is recorded. Jan covers the ML classifier, the authentication layer, and the MCP integration that won't act without your explicit go-ahead.

45 minutes. Q&A included.

Recording: https://www.youtube.com/watch?v=abGruzf2pPk

#penetrationtesting #offensivesecurity #vulnerabilitymanagement

Most tools added AI and called it a feature. We kept asking whether it actually makes results more reliable.

Session two of Office Hours is recorded. Jan covers the ML classifier, the authentication layer, and the MCP integration that won't act without your explicit go-ahead.

45 minutes. Q&A included.

Recording: https://www.youtube.com/watch?v=abGruzf2pPk

#penetrationtesting #offensivesecurity #vulnerabilitymanagement

Most tools added AI and called it a feature. We kept asking whether it actually makes results more reliable.

Session two of Office Hours is recorded. Jan covers the ML classifier, the authentication layer, and the MCP integration that won't act without your explicit go-ahead.

45 minutes. Q&A included.

Recording: https://www.youtube.com/watch?v=abGruzf2pPk

#penetrationtesting #offensivesecurity #vulnerabilitymanagement

CVE-2026-40321: stored XSS in DNN (DotNetNuke) prior to v10.2.2 chains to full RCE.

Any authenticated user can upload a crafted SVG with embedded JavaScript. If a power user opens it, the payload calls DNN's own config endpoint to drop an ASPX backdoor in the server root.

One file. One click. Full RCE. CVSS 8.1, patched, fully documented.

Write-up + PoC payloads: https://pentest-tools.com/blog/dotnetnuke-xss-to-rce

More research from our team: https://pentest-tools.com/research

#offensivesecurity #penetrationtesting #infosec

CVE-2026-40321: stored XSS in DNN (DotNetNuke) prior to v10.2.2 chains to full RCE.

Any authenticated user can upload a crafted SVG with embedded JavaScript. If a power user opens it, the payload calls DNN's own config endpoint to drop an ASPX backdoor in the server root.

One file. One click. Full RCE. CVSS 8.1, patched, fully documented.

Write-up + PoC payloads: https://pentest-tools.com/blog/dotnetnuke-xss-to-rce

More research from our team: https://pentest-tools.com/research

#offensivesecurity #penetrationtesting #infosec

CVE-2026-40321: stored XSS in DNN (DotNetNuke) prior to v10.2.2 chains to full RCE.

Any authenticated user can upload a crafted SVG with embedded JavaScript. If a power user opens it, the payload calls DNN's own config endpoint to drop an ASPX backdoor in the server root.

One file. One click. Full RCE. CVSS 8.1, patched, fully documented.

Write-up + PoC payloads: https://pentest-tools.com/blog/dotnetnuke-xss-to-rce

More research from our team: https://pentest-tools.com/research

#offensivesecurity #penetrationtesting #infosec

CVE-2026-40321: stored XSS in DNN (DotNetNuke) prior to v10.2.2 chains to full RCE.

Any authenticated user can upload a crafted SVG with embedded JavaScript. If a power user opens it, the payload calls DNN's own config endpoint to drop an ASPX backdoor in the server root.

One file. One click. Full RCE. CVSS 8.1, patched, fully documented.

Write-up + PoC payloads: https://pentest-tools.com/blog/dotnetnuke-xss-to-rce

More research from our team: https://pentest-tools.com/research

#offensivesecurity #penetrationtesting #infosec

CVE-2026-40321: stored XSS in DNN (DotNetNuke) prior to v10.2.2 chains to full RCE.

Any authenticated user can upload a crafted SVG with embedded JavaScript. If a power user opens it, the payload calls DNN's own config endpoint to drop an ASPX backdoor in the server root.

One file. One click. Full RCE. CVSS 8.1, patched, fully documented.

Write-up + PoC payloads: https://pentest-tools.com/blog/dotnetnuke-xss-to-rce

More research from our team: https://pentest-tools.com/research

#offensivesecurity #penetrationtesting #infosec

False positives in web scans often aren't wrong detections. They're unfiltered responses: soft 404s, error pages, and redirect chains that look like findings until someone checks.

We added an ML classifier that catches those before they ever surface as results. Fewer findings to re-validate, cleaner reports, less explaining to developers.

Full breakdown: https://pentest-tools.com/usage/minimize-false-positives

#pentesting #offensivesecurity

🚨 Most people think red teaming is about exploits.

It’s not.

The most effective attacks today don’t start with vulnerabilities —
they start with **trust**.

Modern environments are cloud-heavy, identity-driven, and full of SaaS integrations. In these systems, attackers don’t always need to “break in.”

They move quietly through:

• Over-permissioned identities
• Weak approval workflows
• Misconfigured cloud roles
• OAuth tokens and API access
• Human behavior under pressure
• Business processes no one questions

This is what I’ve been studying and calling the **Quiet Kill Chain** —
a sequence of legitimate-looking actions that, when chained together, become an attack path.

No loud exploits.
No obvious malware.
Just normal activity… used the wrong way.

## What changes at an advanced level?

You stop asking:
“What exploit should I use?”

And start asking:

• Where does this system trust too easily?
• Which action would look completely normal?
• What would defenders ignore?
• How can I blend into business operations?

Because the strongest intrusion today is not the one that is invisible.

It’s the one that looks **legitimate**.

## My takeaway

Offensive security is shifting from breaking systems
to understanding them deeply enough to move inside them unnoticed.

I’ve written a full deep-dive on this concept here 👇

🔗 https://dev.to/blackcipher/the-quiet-kill-chain-how-modern-red-teamers-break-organizations-without-exploits-1ell

Curious to hear your thoughts —
Is detection today ready for this level of subtlety?

#CyberSecurity #RedTeam #OffensiveSecurity #ThreatIntel #CloudSecurity #IdentitySecurity #EthicalHacking #BlackCipher

Python C2 Server for Red Teaming: A Comprehensive Hands-On Guide

In this guide, I walk through building a Python-based C2 server, covering its architecture, encrypted communication, and real-world operational workflow.
https://denizhalil.com/2025/12/15/python-c2-server-red-teaming-guide/

#CyberSecurity #RedTeam #C2 #commandandcontrol #Python #offensivesecurity #Pentesting #infosec #threatdetection #blueteam #securityengineering #ethicalhacking

FuelCMS doesn't validate the Host header on password reset requests.

Spoof it, trigger a reset for a valid user, and the app sends them a legitimate-looking email with your server in the link. They click. You get the token.

PTT-2025-029 / CVE-2026-30459, CVSS 7.1 High. No fix coming (vendor's been quiet for ~4 years).
Full PoC: https://pentest-tools.com/research

#penetrationtesting #offensivesecurity

Genuinely wigging out about AI taking my job. Like, actually losing sleep over it.

My grand strategy: pivot to OT/ICS and hardware. Hardware because AI doesn't have hands (yet?). OT/ICS because I assume people still prefer their facilities/cars/planes to not explode when the AI goes the extra mile.

Is it a good plan? Probably no. Do I have a backup? Also no.

Looking for some assurance I’m crazy and wrong or correct and doing the right thing.

#infosec #icssecurity #hardwarehacking #careeradvice #offensivesecurity

The cybersecurity certification landscape
https://negativepid.blog/the-cybersecurity-certification-landscape/

#defensiveSecurity #threatHunting #forensics #offensiveSecurity #ethicalHacking #cybersecurityCareers #cybersecurityCerts #certifications #Cybersecurity #ITcareers #onlineSecurity #negativepid

"It's just dev mode."

PTT-2025-028 / CVE-2026-30461 disagrees. Any authenticated user on a FuelCMS dev instance can drop a PHP shell via git submodule and call it from the browser. One HTTP request. Full RCE. CVSS 8.8 High.

No patch coming. Project's been dormant for almost 4 years.
Found by Raul Bledea and Matei "Mal" Bădănoiu.

Full PoC: https://pentest-tools.com/research

#offensivesecurity #vulnerabilityresearch

🏴‍☠️ Least privilege? FuelCMS didn't get the memo.

Any authenticated user (regardless of role) can call the Blocks module endpoint. Pair that with PTT-2025-026 and a low privilege (one could even say zero-permission) account becomes full RCE. CVSSv3 goes from 5.4 to 8.8 faster than you can say "access denied."

No patch. ~4 years of unmaintained software. You know the drill.

Matei "Mal" Bădănoiu and Raul Bledea found the gap. Full PoC can be found in our Offensive Security Research Hub: https://pentest-tools.com/research

#offensivesecurity #vulnerabilityresearch #infosec #RCE

The cybersecurity certification landscape
https://negativepid.blog/the-cybersecurity-certification-landscape/

#defensiveSecurity #threatHunting #forensics #offensiveSecurity #ethicalHacking #cybersecurityCareers #cybersecurityCerts #certifications #Cybersecurity #ITcareers #onlineSecurity #negativepid

Breaking into offensive security

https://negativepid.blog/breaking-into-offensive-security/

#OffSec #offensiveSecurity #ethicalHacking #redTeam #Cybersecurity #cyberattacks #cyberThreats #onlineSecurity #negativepid

Breaking into offensive security

https://negativepid.blog/breaking-into-offensive-security/

#OffSec #offensiveSecurity #ethicalHacking #redTeam #Cybersecurity #cyberattacks #cyberThreats #onlineSecurity #negativepid

One does not simply exfiltrate a reset token using an email array.

And yet, Frodo (Matei "Mal" Bădănoiu) and Samwise (Raul Bledea) from Pentest-Tools.com did exactly that in FuelCMS.

Know someone's email? That's enough. Slip your address alongside theirs in a “forgot password” request and the token lands in your inbox. Their account is yours. You shall not (safely) parse!🧙

Chain it with PTT-2025-026 and you're looking at a 9.8 Critical unauthenticated RCE. One array to rule them all! 💍

Full PoC here: https://pentest-tools.com/research

#offensivesecurity #vulnerabilityresearch #infosec #accounttakeover

"Accuracy" gets thrown around a lot. But for practitioners doing the actual work, it means something specific.
Not a buzzword. A daily constraint.
So what does it translate to for you?

#offensivesecurity #ethicalhacking #vulnerabilityassessment

When you need accuracy, what does that actually mean for your work?

Vote below 👇

Open security and OffSec projects

https://negativepid.blog/open-security-and-offsec-projects/

#OpenSource #OffSec #OffensiveSecurity #Cybersecurity #onlineSecurity #Internet #tech #IT #science #STEM #computing #AI #innovation #negativepid

🏴‍☠️ One backslash. Full RCE. That's PTT-2025-026 in a nutshell. Discovered by our Pentest-Tools.com team

FuelCMS uses Dwoo to keep PHP code out of templates. Turns out, it forgot about “\”.

Escape the string. Inject the code. Own the server.

CVSSv3 8.8 High or 9.8 Critical if you chain it with our previous FuelCMS finding (PTT-2025-025 - unauthenticated account takeover). No patch coming either. The project's been on fumes for almost 4 years.

Our colleagues Matei "Mal" Bădănoiu and Raul Bledea did the digging. Full PoC and exploit is added here: https://pentest-tools.com/research

#offensivesecurity #vulnerabilityresearch #infosec

This Startup’s AI Beat 99% Of Humans In Six Elite Hacking Competitions https://www.forbes.com/sites/thomasbrewster/2026/03/17/ai-beat-most-humans-in-elite-hacking-competitions/ #cybersecurity #AI #AIHacking #OffensiveSecurity #AIAgent #AgenticAI #Tenzai #CTF

Open security and OffSec projects

https://negativepid.blog/open-security-and-offsec-projects/

#OpenSource #OffSec #OffensiveSecurity #Cybersecurity #onlineSecurity #Internet #tech #IT #science #STEM #computing #AI #innovation #negativepid

Forgot your password? No worries, we attackers can reset even the admin's. 🔑

PTT-2025-030: Matei "Mal" Bădănoiu and Raul Bledea from our team found SQL injection hiding inside the password reset flow of FuelCMS v1.5.2.

The parameters meant to verify your reset token and email? Both injectable.

So a valid reset token becomes a master key to:
🗄️ Dump the entire database
🔑 Reset any account's password, not just yours
✍️ Modify or delete content across the site as the admin

CVSS: 7.7 High. No fix is coming, the FuelCMS master branch hasn't seen a commit in ~4 years. We emailed the vendor. They're as quiet as an unmonitored server at 3am.

See the full technical breakdown in the comments. 👇

#offensivesecurity #vulnerabilityresearch #infosec

Just published my research paper on Basilisk an open-source AI red-teaming framework that uses genetic
algorithms to evolve adversarial prompts automatically. Instead of static jailbreak lists, Basilisk breeds attacks.

Paper: https://doi.org/10.5281/zenodo.18909538

Code: https://github.com/regaan/basilisk

pip install basilisk-ai

#LLMSecurity #AIRedTeaming #OffensiveSecurity #InfoSec
#RedTeam #OWASP #CyberSecurity #OpenSource #Research

Seven bugs. One unauthenticated RCE chain. Zero clicks.

This original research by our offensive security team into FuelCMS (v1.5.2) uncovered seven new vulnerabilities. By chaining some of them, we achieved Remote Code Execution (RCE).

The root causes? A *12-year-old Dwoo templating engine* and *outdated CodeIgniter3 code* still lurking in production systems.

The exploit chain combines:

🔓 Account takeover (PTT-2025-025): reset password tokens leaked by sending them to the attacker's inbox

💉 SQL injection (PTT-2025-030): usernames extracted during password reset (optional step)

⚡ PHP code execution (PTT-2025-026): unsanitized backslashes in the Dwoo parser resulting in RAW PHP CODE EXECUTION

Result: full web app compromise.

We published the full exploit chain on our blogpost so practitioners can reproduce and validate the findings. Read the detailed research here: https://pentest-tools.com/blog/throwing-a-spark-in-fuelcms

Many thanks to Matei Badanoiu, Raul Bledea and Eusebiu Boghici for their contributions.

#offensivesecurity #vulnerabilityresearch #pentesting #infosec

Out of curiosity: how often do you still run into 10+ year-old libraries during engagements?

We just launched the Offensive Security Research Hub on Pentest-Tools.com!
This isn’t a CVE recap page.

Our #offensivesecurity team - led by Matei Badanoiu (CVE Jesus) - publishes original research: newly discovered vulnerabilities, deep technical write-ups, and full exploit chains built from real-world investigation.

You’ll see:

🛠️ Working PoCs and reproducible exploit paths

🧠 The exact reasoning that turned strange behavior into confirmed impact

⚖️ Field-tested analysis of edge cases, constraints, and trade-offs

No summaries. No recycled advisories.

This is practitioner-grade research from people who _actively_ hunt and validate vulnerabilities.

If you want to understand how experienced attackers approach complex targets, start here.

Bookmark this link, we're going to update it frequently with new learnings: https://pentest-tools.com/research

#vulnerabilityresearch #ethicalhacking #infosec

El lado del mal - Máster Online en Seguridad Ofensiva del Campus Internacional de Seguridad 2026: Comienzo el 24 de Marzo https://www.elladodelmal.com/2026/02/master-online-en-seguridad-ofensiva-del.html #Master #Cibersegurida #OCSP #Formación #OffensiveSecurity

🏋️ 𝗡𝗼𝗿𝘁𝗵𝗦𝗲𝗰 𝟮𝟬𝟮𝟲 𝗙𝗼𝗿𝗺𝗮𝘵𝗶𝗼𝗻𝘴/𝗧𝗿𝗮𝗶𝗻𝗶𝗻𝗴 (7/12): "Offensive Development Practitioner Certification (ODPC)" 𝗽𝗮𝗿/𝗯𝘆 Munaf Shariff (White Knight Labs)

📅 Dates: May 11, 12 and 13, 2026 (3 days)
📊 Difficulty: Medium
🖥️ Mode: Hybrid (on-site & remote)

Description: "𝘛𝘩𝘦 𝘖𝘧𝘧𝘦𝘯𝘴𝘪𝘷𝘦 𝘋𝘦𝘷𝘦𝘭𝘰𝘱𝘮𝘦𝘯𝘵 𝘗𝘳𝘢𝘤𝘵𝘪𝘵𝘪𝘰𝘯𝘦𝘳 𝘊𝘦𝘳𝘵𝘪𝘧𝘪𝘤𝘢𝘵𝘪𝘰𝘯 (𝘖𝘋𝘗𝘊) 𝘪𝘴 𝘥𝘦𝘴𝘪𝘨𝘯𝘦𝘥 𝘵𝘰 𝘵𝘢𝘬𝘦 𝘺𝘰𝘶 𝘥𝘦𝘦𝘱 𝘪𝘯𝘵𝘰 𝘵𝘩𝘦 𝘳𝘦𝘢𝘭𝘪𝘵𝘪𝘦𝘴 𝘰𝘧 𝘮𝘰𝘥𝘦𝘳𝘯 𝘥𝘦𝘧𝘦𝘯𝘴𝘦 𝘦𝘷𝘢𝘴𝘪𝘰𝘯 𝘢𝘯𝘥 𝘰𝘧𝘧𝘦𝘯𝘴𝘪𝘷𝘦 𝘵𝘰𝘰𝘭𝘪𝘯𝘨, 𝘱𝘳𝘰𝘷𝘪𝘥𝘪𝘯𝘨 𝘵𝘩𝘦 𝘩𝘢𝘯𝘥𝘴-𝘰𝘯 𝘦𝘹𝘱𝘦𝘳𝘪𝘦𝘯𝘤𝘦 𝘯𝘦𝘦𝘥𝘦𝘥 𝘵𝘰 𝘰𝘱𝘦𝘳𝘢𝘵𝘦 𝘢𝘵 𝘢𝘯 𝘢𝘥𝘷𝘢𝘯𝘤𝘦𝘥 𝘭𝘦𝘷𝘦𝘭. 𝘛𝘩𝘳𝘰𝘶𝘨𝘩 𝘭𝘪𝘷𝘦, 𝘪𝘯𝘴𝘵𝘳𝘶𝘤𝘵𝘰𝘳-𝘴𝘶𝘱𝘱𝘰𝘳𝘵𝘦𝘥 𝘭𝘢𝘣𝘴, 𝘺𝘰𝘶’𝘭𝘭 𝘭𝘦𝘢𝘳𝘯 𝘩𝘰𝘸 𝘵𝘰 𝘰𝘷𝘦𝘳𝘤𝘰𝘮𝘦 𝘳𝘦𝘢𝘭-𝘸𝘰𝘳𝘭𝘥 𝘴𝘦𝘤𝘶𝘳𝘪𝘵𝘺 𝘮𝘦𝘤𝘩𝘢𝘯𝘪𝘴𝘮𝘴 𝘣𝘺 𝘸𝘰𝘳𝘬𝘪𝘯𝘨 𝘥𝘪𝘳𝘦𝘤𝘵𝘭𝘺 𝘸𝘪𝘵𝘩 𝘛𝘦𝘳𝘳𝘢𝘧𝘰𝘳𝘮-𝘥𝘦𝘱𝘭𝘰𝘺𝘦𝘥 𝘦𝘯𝘷𝘪𝘳𝘰𝘯𝘮𝘦𝘯𝘵𝘴, 𝘱𝘦𝘳𝘧𝘰𝘳𝘮𝘪𝘯𝘨 𝘗𝘌 𝘧𝘪𝘭𝘦 𝘤𝘰𝘯𝘷𝘦𝘳𝘴𝘪𝘰𝘯𝘴, 𝘢𝘯𝘥 𝘦𝘹𝘦𝘤𝘶𝘵𝘪𝘯𝘨 𝘢𝘥𝘷𝘢𝘯𝘤𝘦𝘥 𝘱𝘳𝘰𝘤𝘦𝘴𝘴-𝘪𝘯𝘫𝘦𝘤𝘵𝘪𝘰𝘯 𝘴𝘵𝘳𝘢𝘵𝘦𝘨𝘪𝘦𝘴.

𝘛𝘩𝘦 𝘤𝘰𝘶𝘳𝘴𝘦 𝘵𝘩𝘦𝘯 𝘦𝘹𝘱𝘢𝘯𝘥𝘴 𝘪𝘯𝘵𝘰 𝘦𝘹𝘱𝘦𝘳𝘵-𝘭𝘦𝘷𝘦𝘭 𝘰𝘧𝘧𝘦𝘯𝘴𝘪𝘷𝘦 𝘥𝘦𝘷𝘦𝘭𝘰𝘱𝘮𝘦𝘯𝘵, 𝘪𝘯𝘤𝘭𝘶𝘥𝘪𝘯𝘨 𝘪𝘯-𝘥𝘦𝘱𝘵𝘩 𝘦𝘹𝘱𝘭𝘰𝘳𝘢𝘵𝘪𝘰𝘯 𝘰𝘧 𝘊𝘰𝘣𝘢𝘭𝘵 𝘚𝘵𝘳𝘪𝘬𝘦 𝘤𝘰𝘮𝘮𝘢𝘯𝘥-𝘢𝘯𝘥-𝘤𝘰𝘯𝘵𝘳𝘰𝘭 𝘧𝘳𝘢𝘮𝘦𝘸𝘰𝘳𝘬𝘴, 𝘴𝘢𝘯𝘥𝘣𝘰𝘹 𝘥𝘦𝘵𝘦𝘤𝘵𝘪𝘰𝘯 𝘦𝘷𝘢𝘴𝘪𝘰𝘯, 𝘢𝘯𝘥 𝘴𝘰𝘱𝘩𝘪𝘴𝘵𝘪𝘤𝘢𝘵𝘦𝘥 𝘌𝘋𝘙 𝘣𝘺𝘱𝘢𝘴𝘴 𝘵𝘦𝘤𝘩𝘯𝘪𝘲𝘶𝘦𝘴. 𝘠𝘰𝘶’𝘭𝘭 𝘢𝘭𝘴𝘰 𝘥𝘦𝘷𝘦𝘭𝘰𝘱 𝘵𝘩𝘦 𝘢𝘣𝘪𝘭𝘪𝘵𝘺 𝘵𝘰 𝘥𝘦𝘴𝘪𝘨𝘯 𝘢𝘯𝘥 𝘥𝘦𝘱𝘭𝘰𝘺 𝘤𝘶𝘴𝘵𝘰𝘮 𝘱𝘢𝘺𝘭𝘰𝘢𝘥𝘴, 𝘣𝘶𝘪𝘭𝘥𝘪𝘯𝘨 𝘳𝘦𝘧𝘭𝘦𝘤𝘵𝘪𝘷𝘦 𝘋𝘓𝘓 𝘭𝘰𝘢𝘥𝘦𝘳𝘴, 𝘦𝘯𝘨𝘪𝘯𝘦𝘦𝘳𝘪𝘯𝘨 𝘈𝘔𝘚𝘐 𝘢𝘯𝘥 𝘌𝘛𝘞 𝘣𝘺𝘱𝘢𝘴𝘴𝘦𝘴, 𝘢𝘯𝘥 𝘤𝘳𝘢𝘧𝘵𝘪𝘯𝘨 𝘵𝘢𝘪𝘭𝘰𝘳𝘦𝘥 𝘰𝘧𝘧𝘦𝘯𝘴𝘪𝘷𝘦 𝘵𝘰𝘰𝘭𝘪𝘯𝘨 𝘧𝘳𝘰𝘮 𝘵𝘩𝘦 𝘨𝘳𝘰𝘶𝘯𝘥 𝘶𝘱. 𝘉𝘺 𝘣𝘭𝘦𝘯𝘥𝘪𝘯𝘨 𝘥𝘦𝘦𝘱 𝘵𝘦𝘤𝘩𝘯𝘪𝘤𝘢𝘭 𝘪𝘯𝘴𝘵𝘳𝘶𝘤𝘵𝘪𝘰𝘯 𝘸𝘪𝘵𝘩 𝘱𝘳𝘢𝘤𝘵𝘪𝘤𝘢𝘭, 𝘪𝘯𝘵𝘦𝘳𝘢𝘤𝘵𝘪𝘷𝘦 𝘭𝘢𝘣𝘴, 𝘖𝘋𝘗𝘊 𝘨𝘪𝘷𝘦𝘴 𝘺𝘰𝘶 𝘵𝘩𝘦 𝘬𝘯𝘰𝘸𝘭𝘦𝘥𝘨𝘦, 𝘴𝘬𝘪𝘭𝘭𝘴, 𝘢𝘯𝘥 𝘤𝘰𝘯𝘧𝘪𝘥𝘦𝘯𝘤𝘦 𝘵𝘰 𝘶𝘯𝘥𝘦𝘳𝘴𝘵𝘢𝘯𝘥—𝘢𝘯𝘥 𝘰𝘶𝘵𝘮𝘢𝘯𝘦𝘶𝘷𝘦𝘳—𝘮𝘰𝘥𝘦𝘳𝘯 𝘥𝘦𝘧𝘦𝘯𝘴𝘪𝘷𝘦 𝘵𝘦𝘤𝘩𝘯𝘰𝘭𝘰𝘨𝘪𝘦𝘴."

About the trainer:
Munaf Shariff is an offensive development specialist with deep expertise in bypassing modern security mechanisms and building custom offensive tooling that operates effectively in real-world environments.

🔗 Training details: https://nsec.io/training/2026-offensive-development-practitioner-certification-odpc/

#NorthSec #cybersecurity #offensivesecurity #malware #evasion

#CallForSponsors
We are currently open for sponsors and partners for Adversary Village at RSAC 2026, San Francisco.

This is an opportunity to collaborate with one of the leading communities focused on #AdversarySimulation and #OffensiveSecurity, and to engage directly with practitioners, researchers, and industry leaders shaping modern security operations.
If you are interested in partnering with us for RSAC 2026, feel free to reach out: https://adversaryvillage.org/sponsors/

#AdversaryVillage #RSAConference #PurpleTeam

🚨 Supply Chain Attack Simulation on Drupal (PoC, not a CVE)

What if a malicious actor hijacked the update server for your favorite CMS?
I built a full lab scenario to demonstrate how it could happen — and how to defend against it.

🔬 Techniques covered:

MITM + rogue CA, fake update feeds, trojanized package → RCE & persistence.
Full doc + PDF PoC.

Full documentation: attack steps, scripts (in PDF), hardening tips

⚠️ Not a Drupal 0-day — this is a controlled, educational simulation for awareness and training.

💡 Why it matters

Supply chain attacks are no longer theoretical.
This demo helps Blue Teams, Red Teams, developers, and trainers strengthen detection, review processes, and update security.

👉 Repo :
https://github.com/privlabs/-Supply-Chain-Attack-Simulation-on-Drupal-RCE-via-Malicious-Update-Server-PoC-not-a-CVE-

Questions or feedback?
DM me or email me (contact in README).

All in lab, all safe

#cybersecurity #infosec #securityresearch #offensivesecurity #blueteam
#redteam #supplychainsecurity #drupal #websecurity #devsecops
#softwaresecurity #rce #mitm

DefCamp 2025, you were so awesome! ⚡️

Another year, another incredible edition in the books. We are so proud to have been part of this event once again and to see the community showing up in full force in Bucharest.

Huge kudos to the organizers for pulling off such a great gathering. It was a blast seeing so many familiar faces and meeting so many new people who share our passion for breaking things (for the right reasons).

A few highlights from our team:

🎤 The talks: It was a big year for our research team on stage!

Our Founder & CEO, Adrian Furtuna, explored how LLMs are changing the game in "VIBE Pentesting" (enhancing the human hacker, not replacing them!).

Our Offensive Security Research Lead, Matei "CVE Jesus" Bădănoiu, took us deep into the "Nightmare Factory," breaking down the process behind the 15 fresh 0-days the team found this year.

📺 Missed them live? Don't worry, we'll be sharing the recordings on our YouTube channel soon, so keep an eye out!

👕 The swag: We knew our new merch was cool, but that line?! Seeing so many of you waiting to grab a Pentest-Tools.com T-shirt was a massive compliment. We hope you wear them while you hunt your next bug.

We’re already looking forward to the next one!

#DefCamp2025 #OffensiveSecurity #InfosecCommunity #Cybersecurity #Pentesting

👻 This Halloween, make sure *you* haunt vulnerabilities - not the other way around. 😈

October updates are here, and they’re a real treat for security teams.

Check out the new powers you can use to keep monsters out:
🕸️ Catch 2 new RCEs before attackers do (Fortra GoAnywhere & SolarWinds).
🎯 Validate #SessionReaper safely with Sniper: Auto-Exploiter.
☁️ Scan private Azure environments securely with our new VPN Agent.
📁 Download multiple reports in one go (no more manual horrors).
📚 See how we help MSPs, consultants & internal teams - and hear it from them if we do a good job (or not).

https://youtu.be/F8E5H0oO-pk

🍭 Check the changelog for the full basket: https://pentest-tools.com/change-log

#cybersecurity #vulnerabilitymanagement #offensivesecurity #azure

🐌 Manual effort slows you down. Here’s how we sped things up this September ⚡

🔹 Sniper: Auto-Exploiter 👉 4 new modules for Fortinet (CVE-2025-25256), SharePoint (CVE-2025-53771 & 49704), FreePBX (CVE-2025-57819), and OpenSSH (CVE-2018-15473)
🔹 Network Scanner 👉 Targeted detection for SonicWall SonicOS (CVE-2024-40766).
🔹 Vanta integration 👉 Automatic vulnerability syncing. 32 mapped tests, daily updates, zero manual uploads.
🔹 Azure internal scans 👉 Run internal vulnerability scans directly in Azure.
🔹 Customer Story 👉 Learn how Chill IT, a security-driven MSP, uses Pentest-Tools.com to qualify clients and strengthen proposals.

👀 Check the video for the full details: https://youtu.be/1kNX9IsQg1o

#cybersecurity #vulnerabilitymanagement #offensivesecurity #vanta #azure

👨‍💻 Want to work at Epieos?
Meet us at Hexacon 2025!

🛡️ Hexacon is a world-class event for enthusiasts of #OffensiveSecurity and #ReverseEngineering.

🤝 We’ll be there to meet exceptional talents, curious, rigorous, and driven by the desire to use their technical #skills, particularly in reverse engineering, to help us develop #OSINT 0days that protect and save human lives.

📍Hexacon in Paris, October 10–11.

📮 And if you can’t attend in person, feel free to send us your #CV for a #ReverseEngineer position or to learn more about our needs at: contact[at]epieos[dot]com.

We’re at IT-SA 2025 in Nuremberg with our partner Allnet, starting today through Oct 9 🚀

👋🏼 Find us at Booth 6-432 and come say hi to Robert (Product Manager) and Jan (Channel Account Manager).

Stop by for a live demo to see how Pentest-Tools.com helps you:
• Simplify assessments by scanning network, web, and API in one toolkit
• Prove real-world impact with automatically validated findings and actionable PoCs
• Save hours with client-ready, customizable reports

More info about the event ➡️ https://www.itsa365.de/en/it-sa-expo-congress/exhibition-info

🎟️ We still have a small batch of tickets available. First-come, first-served. DM us and we’ll share a code 🤫

#ITSA2025 #offensivesecurity #informationsecurity

🎤 NightmareFactory drops at #DefCamp 2025 😱
Live from Bucharest, on Nov 13–14.

After digging into Odoo, Gitea, and FileCloud in 2024, Matei Badanoiu and Catalin Iovita from our team at Pentest-Tools.com leveled up their 0-day hunting game.

🚨 In 2025 alone:
🧩 they reported ~15 new 0-days
⚙️ Built fresh vulnerability chains
💥 And got one-click RCE from seemingly “low” bugs

Their talk breaks down:
🔍 How the team evolved their approach
🧠 Why chaining bugs changes the impact game
🚀 What they learned about turning niche findings into real-world exploitation paths

If you’re into #offensivesecurity, vuln research, or just love a good “wait… that worked?!” moment →

📍 Don’t miss NightmareFactory at DefCamp! --> https://def.camp/

#vulnerabilityresearch #cybersecurity #infosec

🐧 100 Offensive Linux Security Tools — Awareness & Research (Authorized Use Only) ⚔️

#OffensiveSecurity #RedTeam #PenTesting #Infosec #CyberSecurity #KaliLinux #EthicalHacking #BlueTeam #ThreatHunting #SecurityTools

Nach einer betriebsbedingten Kündigung bin ich derzeit auf Jobsuche im Bereich #itsecurity / #offensivesecurity / #penetrationtest

Ihr kennt jemanden, der jemanden kennt? Gern teilen, danke!

Verfügbarkeit: 01.01.2026
Modalitäten: ca. 32h/Woche, Remote bzw. im Raum Magdeburg