Last week, I was supposed to deliver a talk. Because of personal emergency, I could not. Here are things I wanted to communicate. 5 things every startup should do to avoid data breach A thread. #startup #security #securitybreach

CredMaster 2.0 passspray tool release! New features like notification alerts, advanced SOC evasion techniques, 8 new plugins and an easy config file. S/O to Andy Gill for all his contributions in the rewrite B: whynotsecurity.com/blog/credmaste… G: github.com/knavesec/CredM…

I recently gave a talk on "Automating Reconnaissance Workflows for Effective Penetration Testing" at the Null Mumbai. It was a wonderful experience to share my insights and knowledge with such an enthusiastic audience. Thank you to the Null Community for…lnkd.in/dwM7B7ez

if hiring managers and HR started to realize that they should be hiring new cybersecurity talent based upon someone’s potential instead of solely examining their past, we wouldn’t have a near 3 million person shortage in the field

Last night I had reservations on tweeting this until the GitHub repo was pulled. It contained a binary that would drop onto a system and start exfiltration of info such as private ssh keys. As some newer exploits go public, code should always be reviewed especially from non

The $5 Membership sale is now live! The sale lasts until July 17 23:59 UTC: account.shodan.io/billing/member

Top 50 Techniques & Procedures(RTC0019) Collection: redteamrecipe.com/top-50-ttps/ url > .zip > .js > .dll url > .zip > .lnk > curl > .dll ... HTML Smuggling -> Msiexec - .msi stager -> Rundll32 - .dll loader #redteam #redteamrecipe #mitre #offensivesecurity #privilegeescalation #ttps

Since one of the bugs has been fixed, it's time to confess: I've been tracking and pwning Red Teams and script kiddies using EvilNoVNC and similar shit based on NoVNC and "Browser in Browser".

Dive into the depths of Function Apps package files and Storage Account permission abuse with me and Raunak Parmar in our latest blog post: 3xpl01tc0d3r.blogspot.com/2023/10/explor… #AzureCloud #FunctionApps #StorageAccount #redteam #Pentesting

I love this brave new world where a single leaked or stolen token can significantly impact cloud service providers, their customers, and even their customers' clients #Okta #TokenBinding #DuckingTokens

chomtesh: automate reconnaissance tasks during penetration testing securityonline.info/chomtesh-autom…

Auditor: So do you vulnerability scan your *checks notes* seven /16s networks on a monthly basis? Customer: nightly basis Auditor: *writes down "daily" on form* Me: *don't say anything* ... At the speed of light? Are you scanning your internal network at the speed of light?

We had a great meetup to end the year. Huge thanks to IDfy for hosting us!

Attack Surface Management breachforce.net/external-recon… #redteam #bugbountytip

Exciting lineup of speakers! Join us this month for another exciting FOSS Meetup in Mumbai! 🚀 Embrace the spirit of collaboration and knowledge sharing. See you there! #FOSSMumbai #FOSSMeetupMumbai #UnitedbyFOSS #MeetupJanuary2024

Rizwan bhai with some hacks (actual hacks) 🙌

I wrote this to try to bring some reality to people trying to break into cyber. People will disagree with some (all) of it but hopefully somebody benefits from what I saw when I worked as a pentester. assume-breach.medium.com/im-not-a-pente…

This is the type of stuff that makes current AND future creators tentative to share their tools, videos, content, etc. This is extremely disheartening to see coming out of our community tbh. youtu.be/ZAh21hHJC_s?si…

MindMap Attack Surface Tools Resources v1.2 speakerdeck.com/r12w4n/mindmap… #recon #bugbountytip #redteam #cyberSec #osint #AppSec #NetSec #BugBounty #AttackSurface #Pentesting

If you have VMware ESXi and Active Directory in your environment, take 5 minutes now & create a group in each AD domain called "ESX Admins". Make sure that the "ESX Admins" group is in a top-level administrative OU that only your AD admins manage. #QuickFix