🧠💥 99% of hackers QUIT when they see a 403… But the 1%? They try this: 👇 I found a 403 Forbidden on /admin. But then I tried: •POST /admin •X-Original-URL: /admin •/admin..;/ •%2e/admin •X-Rewrite-URL: /admin •/ADMIN (yes, just caps) •/;/admin •/..;/admin 👇👇👇

🚨 ¡Ya están aquí! Las entradas para #secadmin2025 ya están a la venta en nuestro sitio web 👉 secadmin.es ⏰ Precio actual de las entradas limitado. ⚠️ Se agotan rápido… ¡Corre por la tuya!

How to recon like 👇 Find subs > assetfinder Find alive hosts > httprobe Fetch paths for hosts > meg Check this out 👇 #BugBounty

🎟️ ¡Entradas ya a la venta! Vuelve SecAdmin, el evento de referencia en #ciberseguridad. 📅 28 y 29 de noviembre 2025. Aprende, conecta y prepárate para los desafíos de la seguridad digital. 🎫 Compra tu entrada hoy 👉 secadmin.es/tienda-secadmi…

Ever thought your kitchen appliance could harbor a persistent threat? We reverse-engineered the Thermomix TM5 and uncovered vulnerabilities allowing arbitrary code execution, persistence, and secure boot bypass. Discover our step-by-step breakdown! synacktiv.com/en/publication…

OJO!! porque... ¡VUELVE la #BitUP25 el 8 de noviembre!!! Reservad ese día, porque este año volvemos siendo más y con muchas ganas de volver a liarla! Desde hoy ya están abiertos el #CallforPapers y #CallforSponsors! bitupalicante.com #ciberseguridad #CyberSecurity

🚨 Vulnerabilidad crítica de inyección SQL en FortiWeb de Fortunet ⚠️ CVE-2025-25257 Gravedad CVSS 9.6 fortiguard.fortinet.com/psirt/FG-IR-25…

HExHTTP: A tool designed to perform tests on HTTP headers and analyze the results to identify vulnerabilities and interesting behaviors GitHub: github.com/c0dejump/HExHT…

Their only weakness...

Hit Recent Files. You don’t need to guess what they opened. Windows logs it for you: C:\Users\%USERNAME%\AppData\Roaming\Microsoft\Windows\Recent You can find: – Internal docs – Secret presentations – Vault exports – "DO NOT SHARE" PDFs You're welcome 👊🏾

🚨 New Write-up - I recently found another interesting SQLi - this time in a cookie banner. It escalated to full RCE on a live target via PostgreSQL injection. Here’s the article on how the magic of simple recon turned into critical impact: nav1n.medium.com/from-cookie-co… #bugbounty

Think your browser autofill is harmless? Check this file: %LocalAppData%/Microsoft/Edge/User Data/Default/Web Data Inside: – Emails – Names – Company info – Sometimes card details Stored in plain SQLite. For red teamers? Easy recon. For users? Big Privacy risk.

A lightweight tool that injects a custom assembly proxy into a target process to silently bypass ETW scanning by redirecting ETW calls to custom proxy github.com/EvilBytecode/E…

📢 Calling all #CTF (Capture the Flag) Organizers and Competitors! Hex-Rays is now accepting applications for our Sponsorship Program—and we want to hear from you. Perks include FREE #IDA licenses, exclusive swag, and travel support. For more info, visit: eu1.hubs.ly/H0lZbN20

Rtpengine RTP Injection and Media Bleed Vulnerabilities (CVE-2025-53399) enablesecurity.com/blog/rtpengine… Sandro Gauci is the same problem described in rtpbleed.com ?

🚨Alert🚨 :CVE-2025-54253(CVSS 10.0): Misconfiguration Allowing Arbitrary Code Execution. CVE-2025-54254:Improper Restriction of XML External Entity Reference (XXE) Allowing Arbitrary File System Read. 🧐Deep Dive : slcyber.io/assetnote-secu… 📊11.6K Services are found on the

Session enumeration is only possible with admin privileges? That is a problem of the past thanks to the new --reg-sessions core functionality of NetExec, made by Toffy🔥

I've just added a new PR to impacket to add to secretsdump the "Shadow Snapshot Method via WMI" also for NTDS.dit. This way, NTDS.dit can be downloaded directly from disk without code execution. github.com/fortra/impacke…

Reading Impacket merges: BadSuccessor is now in examples. GetST now has -dmsa github.com/fortra/impacke… github.com/fortra/impacke… Secretsdump also got a patch to not crash w2019 DCs. NetExec removed the warning that --ntds can crash 2019.