👁 Automated decryption tool powered by artificial intelligence. - Ciphey uses a custom AI engine (AuSearch) with a cipher detection interface to roughly determine what something is encrypted with. It then uses its own custom natural language processing interface that can

TGSCAN Streamline Your Telegram Searches: Find Channels, Groups, and Chat History Effortlessly. tgscan.xyz #cybersecurity #OSINT

I wrote a new tool to extract all the Bitlocker recovery keys of computers enrolled in a Windows domain 🥳 This is really useful in postexploitation or system administration (to backup keys for example). Export in XLSX, SQLITE, JSON github.com/p0dalirius/Ext… Here is an example:

Carnage - File Upload (Extension Bypass) - Using various techniques, this tool will try to bypass file upload restrictions. See video below for more information. - Repo: github.com/sAjibuu/upload… - Video: youtube.com/watch?v=quFoDy… - - #cybersecurity #bugbountytips #CTF #infosecurity

VcenterKit Vcenter Comprehensive Penetration and Exploitation Toolkit github.com/W01fh4cker/Vce… #infosec #pentesting #redteam

CVE-2023-43770 mail server Roundcube * usage: python cve-2023-43770.py -e [email protected] -p Attack3rPwd -t [email protected] * POC exploit github.com/s3cb0y/CVE-202… 👀 Check Out Old Tweets Of Today Cyber News #cybersecurity #BugBounty #infosec #CVE

Pinkerton - An JavaScript File Crawler And Secret Finder Developed In Python dlvr.it/SwjlTY

AD: Local Admin to Domain Admin It doesn't matter if you don't see active sessions, always look in the Kerberos cache. query session VS klist sessions Don't attempt an LSASS DUMP, move on! GIUDA 2023090500 Now FUD again github.com/foxlox/GIUDA #redteam #adprivesc #kerberos

Here are top 3 most popular tools for RCE vulnerabilities! 😎️ A thread! 🧵👇

Our team at Assetnote has published the blog post on the Progress WS_FTP RCE (CVE-2023-40044). It was fun to find an RCE in the middleware layer (IIS HTTP Module), and it was also quite surprising that the exploit did not require authentication: assetnote.io/resources/rese…

How to enumerate hosts using WordPress with ProjectDiscovery's httpx 👇

Crawl every SMB shares on every target system for juicy information with MANSPIDER! File types supported: ✅ PDF ✅ DOCX ✅ XLSX ✅ PPTX ✅ any text-based format ✅ and many more! Install today 👇 github.com/blacklanternse…

A new container escape vulnerability just dropped. It gives an attacker the ability to hop from container to host OS via runc.

These demos show a container being able to read /etc/shadow via docker run or docker build commands. They're pulling specifically crafted images with the exploit preloaded

“Fully automated windows credentials dumper, from SAM (classic passwords) and WINHELLO (pins)1️⃣. Runs from a linux machine with a mounted win drive.” 1️⃣ Doesn’t work if system’s TPM protects the keys. hashcat -m 1000 <sam> hashcat -m 28100 <pin> #hashes #hashcat

big vuln!!! Grafana backend sql injection affected all versions🤡🤡🤡 fdlucifer.github.io/2024/04/22/gra…

Use NextJS? Recon ✨ A quick way to find "all" paths for Next.js websites: DevTools->Console console.log(__BUILD_MANIFEST.sortedPages) javascript​:console.log(__BUILD_MANIFEST.sortedPages.join('\n')); Cred = linkedin.com/in/0xsojalsec?… #infosec #cybersec #bugbountytips

Run apps made for .NET Framework 2.0 and 3.x in Windows 11 Version 26H1 (down to Windows 8.x) without installing .NET 3.5. Copy this below into a text editor and save as a .reg file then open it, if successful .NET framework 2.0 and 3.x apps should open without issue: Windows