#pentesting — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #pentesting, aggregated by home.social.
-
🍵 HTB Support Walkthrough 🍵
Learn how to perform:
- LDAP Enumeration
- .NET Reverse Engineering
- Bloodhound Enumeration
- Resource Based Constraint Delegation🎬️Watch it here:
https://www.youtube.com/watch?v=VIgskjoELo0#HTB #HackTheBox #OSCP #Pentesting #EthicalHacking #Cybersecurity #RedTeam #CTF
-
🍵 HTB Support Walkthrough 🍵
Learn how to perform:
- LDAP Enumeration
- .NET Reverse Engineering
- Bloodhound Enumeration
- Resource Based Constraint Delegation🎬️Watch it here:
https://www.youtube.com/watch?v=VIgskjoELo0#HTB #HackTheBox #OSCP #Pentesting #EthicalHacking #Cybersecurity #RedTeam #CTF
-
Alguien construyó 35 agentes de pentesting de IA para Claude Code... y es honestamente una locura.
Ataques AD, explotación web, pentests en la nube, análisis de malware, ingeniería inversa, operaciones C2, incluso red teaming de LLM — todo dentro de un solo marco.
Este es uno de los proyectos de IA de seguridad ofensiva más avanzados que he visto en GitHub últimamente.
-
El lado del mal - Foro Público de Ciberseguridad de Chema Alonso "old school" sobre lo que pasa cada día https://www.elladodelmal.com/2026/05/foro-publico-de-ciberseguridad-de-chema.html #Foro #Ciberseguridad #Actualidad #hacking #ciberdefensa #CISO #cibercrimen #hacking #pentesting #MyPublicInbox
-
El lado del mal - Foro Público de Ciberseguridad de Chema Alonso "old school" sobre lo que pasa cada día https://www.elladodelmal.com/2026/05/foro-publico-de-ciberseguridad-de-chema.html #Foro #Ciberseguridad #Actualidad #hacking #ciberdefensa #CISO #cibercrimen #hacking #pentesting #MyPublicInbox
-
El lado del mal - Foro Público de Ciberseguridad de Chema Alonso "old school" sobre lo que pasa cada día https://www.elladodelmal.com/2026/05/foro-publico-de-ciberseguridad-de-chema.html #Foro #Ciberseguridad #Actualidad #hacking #ciberdefensa #CISO #cibercrimen #hacking #pentesting #MyPublicInbox
-
El lado del mal - Foro Público de Ciberseguridad de Chema Alonso "old school" sobre lo que pasa cada día https://www.elladodelmal.com/2026/05/foro-publico-de-ciberseguridad-de-chema.html #Foro #Ciberseguridad #Actualidad #hacking #ciberdefensa #CISO #cibercrimen #hacking #pentesting #MyPublicInbox
-
El lado del mal - Foro Público de Ciberseguridad de Chema Alonso "old school" sobre lo que pasa cada día https://www.elladodelmal.com/2026/05/foro-publico-de-ciberseguridad-de-chema.html #Foro #Ciberseguridad #Actualidad #hacking #ciberdefensa #CISO #cibercrimen #hacking #pentesting #MyPublicInbox
-
🍵 HTB Sauna Walkthrough 🍵
Learn how to perform:
- Username Enumeration
- AS-REP Roasting
- BloodHound Enumeration
- DCSync Attack🎬️Watch it here:
https://www.youtube.com/watch?v=WsBBGzcq0nI#HTB #HackTheBox #OSCP #Pentesting #EthicalHacking #Cybersecurity #RedTeam #CTF
-
🍵 HTB Sauna Walkthrough 🍵
Learn how to perform:
- Username Enumeration
- AS-REP Roasting
- BloodHound Enumeration
- DCSync Attack🎬️Watch it here:
https://www.youtube.com/watch?v=WsBBGzcq0nI#HTB #HackTheBox #OSCP #Pentesting #EthicalHacking #Cybersecurity #RedTeam #CTF
-
El lado del mal - El impacto de Mythos en concreto y la IA en general en el trabajo de los CISOs https://elladodelmal.com/2026/05/el-impacto-de-mythos-en-concreto-y-la.html #Mythos #IA #AI #Mythos #InteligenciaArtificial #Bugs #Bug #Exploit #Exploiting #Hacking #CISO #pentesting
-
Spoofing attacks manipulate identity or trust signals across network layers to deceive systems and redirect or disrupt legitimate communication.
Here are different types of spoofing attacks across OSI layers 😎👇
Find high-res pdf ebooks with all my cybersecurity infographics at https://study-notes.org
#cybersecurity #infosec #pentesting #informationsecurity #ethicalhacker
-
Spoofing attacks manipulate identity or trust signals across network layers to deceive systems and redirect or disrupt legitimate communication.
Here are different types of spoofing attacks across OSI layers 😎👇
Find high-res pdf ebooks with all my cybersecurity infographics at https://study-notes.org
#cybersecurity #infosec #pentesting #informationsecurity #ethicalhacker
-
Linux Privilege Escalation Cheat Sheet: Techniques and Prevention.
In this cheat sheet, I break down essential enumeration commands, common escalation paths, and practical techniques every security professional should know.
https://denizhalil.com/2025/06/30/linux-privilege-escalation-cheat-sheet/#CyberSecurity #LinuxSecurity #PrivilegeEscalation #Pentesting #RedTeam #BlueTeam #InfoSec #ethicalhacking #SecurityEngineering #itsecurity
-
New blog post!
This time I talk about my new favorite evasive shellcode loader, Charon. I give a brief overview about what it does, how it works and which techniques it uses.
Also a brief addendum for enjoyers of bloated Implants such as Sliver.
https://ti-kallisti.com/general/ms/descending-into-hades.html
#InfoSec #Malware #Shellcode #RedTeam #RedTeaming #Pentesting #Charon #Sliver #Merlin #Mythic
-
🍵 HTB Sau Walkthrough 🍵
Learn how to:
- Perform SSRF in request-baskets
- Exploit Command Injection in Maltrail🎬️Watch it here:
https://www.youtube.com/watch?v=wNkrm_PSsQU#HTB #HackTheBox #OSCP #Pentesting #EthicalHacking #Cybersecurity #RedTeam #CTF
-
DATE: April 29, 2026 at 08:33AM
SOURCE: HEALTHCARE INFO SECURITYDirect article link at end of text block below.
How is #AI changing #cybersecurity #pentesting? https://t.co/PNkTXCtLm5
Here are any URLs found in the article text:
Articles can be found by scrolling down the page at https://www.healthcareinfosecurity.com/ under the title "Latest"
-------------------------------------------------
Private, vetted email list for mental health professionals: https://www.clinicians-exchange.org
Healthcare security & privacy posts not related to IT or infosec are at @HIPAABot . Even so, they mix in some infosec with the legal & regulatory information.
-------------------------------------------------
#security #healthcare #doctors #itsecurity #hacking #doxxing #psychotherapy #securitynews #psychotherapist #mentalhealth #psychiatry #hospital #socialwork #datasecurity #webbeacons #cookies #HIPAA #privacy #datanalytics #healthcaresecurity #healthitsecurity #patientrecords @infosec #telehealth #netneutrality #socialengineering
-
Day 2/60 #Pentesting challenge -- lab setup
The whole lab runs on VirtualBox host-only networking:
```
VBoxManage hostonlyif create
VBoxManage hostonlyif ipconfig vboxnet0 --ip 192.168.56.1
```Kali at 192.168.56.10, Metasploitable 2 grabs DHCP. They talk to each other but cannot reach the internet or your LAN.
Biggest gotcha: VirtualBox DHCP server dies after host reboot. Fix:
VBoxManage dhcpserver modify --netname HostInterfaceNetworking-vboxnet0 --enableSnapshot before exploiting. Always.
-
Spoofing Packets with Scapy: A Comprehensive Guide
In this article, I cover how packet spoofing works with Scapy, practical use cases, and key security implications.
https://denizhalil.com/2025/07/22/spoofing-packets-with-scapy-a-comprehensive-guide/#CyberSecurity #Scapy #PacketSpoofing #NetworkSecurity #Python #EthicalHacking #RedTeam #BlueTeam #Pentesting #InfoSec #SecurityEngineering #denizhalil
-
Python C2 Server for Red Teaming: A Comprehensive Hands-On Guide
In this guide, I walk through building a Python-based C2 server, covering its architecture, encrypted communication, and real-world operational workflow.
https://denizhalil.com/2025/12/15/python-c2-server-red-teaming-guide/#CyberSecurity #RedTeam #C2 #commandandcontrol #Python #offensivesecurity #Pentesting #infosec #threatdetection #blueteam #securityengineering #ethicalhacking
-
NoSQL Injection Attacks: MongoDB, CouchDB, and More – NoSQL injection
In this article, I cover how NoSQL injection works, common attack vectors, and practical mitigation techniques.
https://denizhalil.com/2025/12/23/nosql-injection-attacks-mongodb-couchdb/#CyberSecurity #NoSQL #MongoDB #CouchDB #WebSecurity #AppSec #Injection #InfoSec #Pentesting #RedTeam #BlueTeam #securecoding
-
The sentencing of Nicholas Moore (one-year probation) serves as a case study in credential-based breaches. By compromising one set of credentials, Moore gained access to the U.S. Supreme Court, AmeriCorps, and the VA."
This highlights the persistent danger of "low-effort" entry points into high-value targets.
How are your organizations hardening against credential stuffing and lateral movement in the public sector?Engage with us in the thread. Follow for more technical breakdowns and vulnerability news.
-
The sentencing of Nicholas Moore (one-year probation) serves as a case study in credential-based breaches. By compromising one set of credentials, Moore gained access to the U.S. Supreme Court, AmeriCorps, and the VA."
This highlights the persistent danger of "low-effort" entry points into high-value targets.
How are your organizations hardening against credential stuffing and lateral movement in the public sector?Engage with us in the thread. Follow for more technical breakdowns and vulnerability news.
-
The sentencing of Nicholas Moore (one-year probation) serves as a case study in credential-based breaches. By compromising one set of credentials, Moore gained access to the U.S. Supreme Court, AmeriCorps, and the VA."
This highlights the persistent danger of "low-effort" entry points into high-value targets.
How are your organizations hardening against credential stuffing and lateral movement in the public sector?Engage with us in the thread. Follow for more technical breakdowns and vulnerability news.
-
The sentencing of Nicholas Moore (one-year probation) serves as a case study in credential-based breaches. By compromising one set of credentials, Moore gained access to the U.S. Supreme Court, AmeriCorps, and the VA."
This highlights the persistent danger of "low-effort" entry points into high-value targets.
How are your organizations hardening against credential stuffing and lateral movement in the public sector?Engage with us in the thread. Follow for more technical breakdowns and vulnerability news.
-
The sentencing of Nicholas Moore (one-year probation) serves as a case study in credential-based breaches. By compromising one set of credentials, Moore gained access to the U.S. Supreme Court, AmeriCorps, and the VA."
This highlights the persistent danger of "low-effort" entry points into high-value targets.
How are your organizations hardening against credential stuffing and lateral movement in the public sector?Engage with us in the thread. Follow for more technical breakdowns and vulnerability news.
-
What are Pass-the-Hash and Pass-the-Ticket Attacks: A Comprehensive Guide
In this article, I cover how these attacks work, their differences, and how to detect and mitigate them.
https://denizhalil.com/2026/01/05/pass-the-hash-pass-the-ticket-attacks-guide/#cybersecurity #ActiveDirectory #PassTheHash #PassTheTicket #credentialaccess #RedTeam #BlueTeam #Pentesting #InfoSec #WindowsSecurity #EthicalHacking #ITSecurity #denizhalil
-
What are Pass-the-Hash and Pass-the-Ticket Attacks: A Comprehensive Guide
In this article, I cover how these attacks work, their differences, and how to detect and mitigate them.
https://denizhalil.com/2026/01/05/pass-the-hash-pass-the-ticket-attacks-guide/#cybersecurity #ActiveDirectory #PassTheHash #PassTheTicket #credentialaccess #RedTeam #BlueTeam #Pentesting #InfoSec #WindowsSecurity #EthicalHacking #ITSecurity #denizhalil
-
The pentest professionals at #usdHeroLab identified a vulnerability in #EntraID during a cloud #pentest that allows the circumvention of conditional access policies for privileged identities.
Two additional vulnerabilities were identified during a web application pentest of #Tenable Nessus Manager, which allow low-privileged users to read arbitrary files at the operating system level.
All #vulnerabilities were reported to the vendors as part of our Responsible Disclosure policy.
🔎 You can find detailed information on the #SecurityAdvisories here: https://www.usd.de/en/security-advisories-entra-id-tenable-nessus-manager/
#SecurityResearch #SecurityAdvisory #moresecurity #NessusManager #Pentesting #Hacking #CVE_2026_3493 #AppSec #InfoSec #CyberSecurity
-
What is NetBIOS and SMB Exploitation Techniques: A Practical Guide
In this article, I cover key exploitation techniques, real-world attack scenarios, and how to secure these services effectively.
https://denizhalil.com/2026/01/15/netbios-smb-exploitation-techniques-guide/
#CyberSecurity #SMB #NetBIOS #NetworkSecurity #ActiveDirectory #RedTeam #BlueTeam #Pentesting #InfoSec #WindowsSecurity #EthicalHacking #ITSecurity #DenizHalil
-
What is NetBIOS and SMB Exploitation Techniques: A Practical Guide
In this article, I cover key exploitation techniques, real-world attack scenarios, and how to secure these services effectively.
https://denizhalil.com/2026/01/15/netbios-smb-exploitation-techniques-guide/
#CyberSecurity #SMB #NetBIOS #NetworkSecurity #ActiveDirectory #RedTeam #BlueTeam #Pentesting #InfoSec #WindowsSecurity #EthicalHacking #ITSecurity #DenizHalil
-
What is NetBIOS and SMB Exploitation Techniques: A Practical Guide
In this article, I cover key exploitation techniques, real-world attack scenarios, and how to secure these services effectively.
https://denizhalil.com/2026/01/15/netbios-smb-exploitation-techniques-guide/
#CyberSecurity #SMB #NetBIOS #NetworkSecurity #ActiveDirectory #RedTeam #BlueTeam #Pentesting #InfoSec #WindowsSecurity #EthicalHacking #ITSecurity #DenizHalil
-
What is SNMP Security and Exploitation: A Comprehensive Guide
In this article, I cover how SNMP exploitation works, common vulnerabilities, and how to properly secure it.
https://denizhalil.com/2026/01/21/snmp-security-exploitation-guide#CyberSecurity #SNMP #NetworkSecurity #InfoSec #InfrastructureSecurity #BlueTeam #RedTeam #Pentesting #ITSecurity #SecurityEngineering #DenizHalil
-
SSH Tunneling and Port Forwarding Techniques: A Comprehensive Guide
In this article, I cover:
* How SSH tunneling works under the hood
* Local, remote, and dynamic port forwarding techniques
* Real-world use cases (databases, internal services, pivoting)
* Security risks and hardening recommendationshttps://denizhalil.com/2026/02/02/ssh-tunneling-port-forwarding-guide/
#CyberSecurity #sshtunneling #portforwarding #NetworkSecurity #Linux #RedTeam #BlueTeam #Pentesting #InfoSec #securityengineering #EthicalHacking #ITSecurity
-
What is DCSync Attack and Mimikatz Usage in Active Directory
One of the most critical attacks in Active Directory environments, DCSync, allows attackers to impersonate a Domain Controller and extract password hashes through replication abuse.
#CyberSecurity #ActiveDirectory #DCSync #RedTeam #BlueTeam #InfoSec #Pentesting #SOC #ThreatDetection #WindowsSecurity #EthicalHacking #ITSecurity #NetworkSecurity #SecurityOperations #DenizHalil
https://denizhalil.com/2026/03/27/dcsync-attack-active-directory-guide/
-
What is DCSync Attack and Mimikatz Usage in Active Directory
One of the most critical attacks in Active Directory environments, DCSync, allows attackers to impersonate a Domain Controller and extract password hashes through replication abuse.
#CyberSecurity #ActiveDirectory #DCSync #RedTeam #BlueTeam #InfoSec #Pentesting #SOC #ThreatDetection #WindowsSecurity #EthicalHacking #ITSecurity #NetworkSecurity #SecurityOperations #DenizHalil
https://denizhalil.com/2026/03/27/dcsync-attack-active-directory-guide/
-
RE: https://chaos.social/@alexglow/116290732583697250
Going #live with @alexglow in about two hours! In #DayGlow Episode 9, we will be #hacking on Pocket #PenTesting Platforms, including the #DevKitty #CutieCat, the #FlipperZero, the #M5Stack #Cardputer, and the #LILYGO T-embed. Alex Lynd from DevKitty will also be giving away a free CutieCat to one lucky winner! Join the chaos at 3pm Eastern! 🤘🐬🤘
https://www.youtube.com/watch?v=M9a5mjuKl4c -
This Thursday: #DayGlowShow Ep. 9 – Pocket #Pentesting Platforms! Multi-hour live-build with @ishotjr & myself (plus some cool extras from @alexlynd ) 🛠️✨
#DevKitty, #FlipperZero, LILYGO T-Embed, M5Stack #Cardputer, and more... plenty to dig into! See you in the chat :)
Mar. 26, noon PDT / 8pm UTC:
▶️ https://www.youtube.com/watch?v=gqbiKvXl_7s&list=PLwWiFinxwDlgomKdWjfaavDbMRdhHhfqQ&index=1
▶️ https://www.linkedin.com/events/7442331052607430656
▶️ https://www.twitch.tv/glowascii -
#OSINT, #BugBounty, #Pentesting, #CyberSecurity, #Infosec, #OriginServer, #CDNDetection, #DNSHistory, #SSLForensics, #FaviconFingerprinting, #AttackSurface, #InfrastructureAnalysis, #WebSecurity, #NetworkReconnaissance, #ThreatIntelligence, #SecurityResearch, #CloudSecurity, #ServerDiscovery, #DigitalForensics, #VulnerabilityAssessment
-
#OSINT, #BugBounty, #Pentesting, #CyberSecurity, #Infosec, #OriginServer, #CDNDetection, #DNSHistory, #SSLForensics, #FaviconFingerprinting, #AttackSurface, #InfrastructureAnalysis, #WebSecurity, #NetworkReconnaissance, #ThreatIntelligence, #SecurityResearch, #CloudSecurity, #ServerDiscovery, #DigitalForensics, #VulnerabilityAssessment
-
#OSINT, #BugBounty, #Pentesting, #CyberSecurity, #Infosec, #OriginServer, #CDNDetection, #DNSHistory, #SSLForensics, #FaviconFingerprinting, #AttackSurface, #InfrastructureAnalysis, #WebSecurity, #NetworkReconnaissance, #ThreatIntelligence, #SecurityResearch, #CloudSecurity, #ServerDiscovery, #DigitalForensics, #VulnerabilityAssessment
-
#OSINT, #BugBounty, #Pentesting, #CyberSecurity, #Infosec, #OriginServer, #CDNDetection, #DNSHistory, #SSLForensics, #FaviconFingerprinting, #AttackSurface, #InfrastructureAnalysis, #WebSecurity, #NetworkReconnaissance, #ThreatIntelligence, #SecurityResearch, #CloudSecurity, #ServerDiscovery, #DigitalForensics, #VulnerabilityAssessment
-
#OSINT, #BugBounty, #Pentesting, #CyberSecurity, #Infosec, #OriginServer, #CDNDetection, #DNSHistory, #SSLForensics, #FaviconFingerprinting, #AttackSurface, #InfrastructureAnalysis, #WebSecurity, #NetworkReconnaissance, #ThreatIntelligence, #SecurityResearch, #CloudSecurity, #ServerDiscovery, #DigitalForensics, #VulnerabilityAssessment
New Product
https://shoppy.gg/product/PvKQaT9
To fix this, the origin server should be restricted to accept traffic only from Cloudflare IP ranges.
Real log
-
I spent 25+ years writing software inside corporate America. Fortune 500s, FANG companies, the whole thing. The priority was never the user — it was the quarterly earnings call.
Late 2024, I snapped. Quit my "dream job" after realizing it was a steaming pile of crap.
Now I'm building the software I wish existed: privacy-first, no telemetry, no tracking, no bloat.
Open source tools, pentesting apps, educational resources, desktop apps — all built by one dev who actually gives a damn.
Just launched a Patreon to keep it going. Think of it like supporting your favorite indie game dev, except I make SDR dashboards and Flipper Zero compatible tools.
Full details here: https://www.patreon.com/superbasicstudio
#opensource #indiedev #infosec #pentesting #privacy #hackrf #flipperzero #rustlang #cybersecurity #smallbusiness
-
HackTheBox. Прохождение Falafel. Уровень — Сложный
Прохождение сложной Linux машины на платформе HackTheBox под названием Falafel . Предварительно нужно подключиться к площадке HackTheBox по VPN . Желательно использовать отдельную виртуальную машину. Учимся работать с готовыми эксплоитами и metasploit -ом. Разбираем SQLi (Boolean-based Blind), PHP Type Juggling Attack (Magic Hashes), Filename Truncation Attack to Upload a PHP Script.
-
HackTheBox. Прохождение HackTheBox — Chatterbox. Уровень — Средний
Прохождение средней Windows машины на платформе HackTheBox под названием Chatterbox . Предварительно нужно подключиться к площадке HackTheBox по VPN . Желательно использовать отдельную виртуальную машину. Учимся работать с готовыми эксплоитами и metasploit -ом.
-
HackTheBox. Прохождение CrimeStoppers. Уровень — Сложный
Прохождение сложной Linux машины на платформе HackTheBox под названием CrimeStoppers . Предварительно нужно подключиться к площадке HackTheBox по VPN . Желательно использоваться отдельную виртуальную машину. Реверсим приложение c помощью IDA PRO , потрошим Thunderbird, находим RCE на портале.
-
HackTheBox. Прохождение FluxCapacitor. Уровень — Средний
Прохождение средней Linux машины на платформе HackTheBox под названием FluxCapacitor . Предварительно нужно подключиться к площадке HackTheBox по VPN . Желательно использоваться отдельную виртуальную машину. Будет рассмотрен WAF и попытки его обойти.
-
Active exploitation is being observed via misconfigured security testing applications, enabling attackers to move from exposed training tools into cloud environments.
The issue centers on excessive IAM permissions, default credentials, and poor isolation between test and sensitive systems - not novel malware.
This reinforces the need to treat non-production assets as part of the threat surface.
Follow @technadu for neutral, research-driven security reporting.
#CloudSecurity #IAM #Pentesting #Infosec #AttackSurface #TechNadu
-
Active exploitation is being observed via misconfigured security testing applications, enabling attackers to move from exposed training tools into cloud environments.
The issue centers on excessive IAM permissions, default credentials, and poor isolation between test and sensitive systems - not novel malware.
This reinforces the need to treat non-production assets as part of the threat surface.
Follow @technadu for neutral, research-driven security reporting.
#CloudSecurity #IAM #Pentesting #Infosec #AttackSurface #TechNadu