I published a blog article detailing a phishing technique I called Browser in the Browser (BITB) Attack. It's very simple but can be very effective. I also published templates on my Github feel free to test them out. mrd0x.com/browser-in-the…

Thanks for this great lab Hack The Box !

[#thread 🧵] #Protip: When you're playing a #CTF, take the time to copy all the challenges and their files locally. It will save you time later, and you can work on the challenges even if the CTF is down!🚩 I've released a CTFD #parser to do exactly this! github.com/p0dalirius/ctf…

Thanks to the amazing work of Cooper, (almost) all Insomni'hack 2022's talks are now available on our Youtube channel. Enjoy ! youtube.com/playlist?list=… #INS22 #INSO22

Bientôt les grandes vacances, j'aimerai beaucoup trouver un stage en cyber-sécurité, j'ai 17 ans et je suis passionné. Ce serai pour moi un moyen d'apprendre un peu plus et de rencontrer des personnes dans le milieu. 1/2

Pour célébrer les nouveaux sous-titres en Français sur 99% de nos videos, nous allons donner un coupon d'un an à une personne (tirée au hazard) qui retweet ce message!

Today in #AwesomeRCEs, I present a technique to achieve remote code execution on #Moodle servers by uploading a #plugin as admin. In order to do this, I wrote a #PHP module for Moodle exposing a JSON API to execute code on the server and download files: github.com/p0dalirius/Moo…

Giveaway time! To celebrate 60k followers! We are going to send our new socks and few goodies to one person who follows PentesterLab and likes this tweet !! And we are going to give a 1-month voucher to **60** people who RT this tweet!

Check out my blog! It's a quick read. Solving the 2022 Payment Village challenges. If you're interested in banking-specific vulnerabilities - rounding attacks, scientific notation bugs, kiosk bypasses, and simulated ATM hacking you'll enjoy it ❤️ boschko.ca/atm-kiosk-hack…

I'm proud to be invited by HACK2G2 at #HitchHack2022 to give a #talk this Friday in Vannes, FRANCE about How to create #reverse #shells! 🥳🎉 In this talk I will present what we need to create a reverse shell, and how to create one from scratch using #LivingOffTheLand programs

Heard of #Printerbug, #PetitPotam, #ShadowCoerce and #DFSCoerce ? These are only the tip of the Iceberg and there is probably many more to find. 👀 Want to find a new call ? Here is 242 probable #RPC calls with python poc ready to be triaged! 🎉 github.com/p0dalirius/win…

Ever wanted to trigger a #NTLM authentication to a machine using every possible RPC call ? You can do this using #Coercer 🥳🎉 This tool automatically detects available pipes and protocols and call every possible functions to trigger an #authentication. github.com/p0dalirius/Coe…

DeathSleep: A PoC implementation for an evasion technique to terminate the current thread and restore it before resuming execution, while implementing page protection changes during no execution. github.com/janoglezcampos…

[#thread 🧵] I am very proud to announce that I will be giving a talk at Black Hat Europe 2022 (#BHEU) in London 7-8 December 🥳🎉 In this #talk, I'll demonstrate how to automate the search of Remote Procedure Calls (#RPC) to #coerce authentications on Windows machines.

Just published a writeup containing 10 CVEs for Tenda's W15Ev2 AC1200 SOHO router. If you like bug-bounty blogs with meat on the bone you'll enjoy the read ❤️ boschko.ca/tenda_ac1200_r…

🇫🇷🎙️ Nouvel épisode du podcast Hack'n Speak accompagné de Swissky pour parler bien évidement de PayloadsAllTheThings & SSRFmap 🔥 Un épisode tout en légèreté pour débuter novembre 🌧️ Bonne écoute à toutes et à tous 🎶 anchor.fm/hacknspeak

Outflank Nice! I published a tool doing exactly this, called Coercer this year. github.com/p0dalirius/Coe…

Ever wanted to learn more about GraphQL hacking? it's time for a free giveaway of two Black Hat GraphQL books by No Starch Press No Starch Press. All you gotta do is RT :) Nick Aleks Ben Sadeghipour hAPI_hacker #hacking #bugbounty #infosec #free

DLS 2024 - RedTeam Fails - "Oops my bad I ruined the operation", a story on how to fail a red team assessment 🦖 swisskyrepo.github.io/Drink-Love-Sha…