🔥Telegram İfşa

teaser for next week release 🪂

Just pushed an update for Inline-Execute-PE. You can now load the PE from the target machine instead of sending it remotely; useful for LOLBINs without creating a new process and avoiding versioning issues github.com/Octoberfest7/I…

Red Team Guides A platform that provides red team tutorial and guidance along with cheatsheets. It is aimed at helping security professionals and enthusiasts to learn about red teaming and penetration testing techniques. github.com/redteamguides/… Web… t.me/hackgit/8037

Outflank blog: Attacking Visual Studio for Initial Access. The post shows how viewing source code can lead to compromise of a dev's workstation. A journey into COM, type libraries and the inner workings of VS. Plus practical examples for red team ops. outflank.nl/blog/2023/03/2…

I hacked into a @Bing CMS that allowed me to alter search results and take over millions of Office 365 accounts. How did I do it? Well, it all started with a simple click in Microsoft Azure… 👀 This is the story of #BingBang 🧵⬇️

Docker CLI Cheat Sheet #infosec #cybersecurity #pentesting #redteam #informationsecurity #CyberSec #networking #networksecurity #infosecurity #cyberattacks #security #linux #cybersecurityawareness #bugbounty #bugbountytips

Thanks to everyone who came to my DEF CON talk yesterday. I should have submitted for a 45 minute talk as I didn't have time to cover the DNS update capability of gssapi-abuse tool. DNS mode is super handy if you want to apply instant updates to AD DNS github.com/CCob/gssapi-ab…

Slides of my #DEFCON31 talk available at aadinternals.com/talks/#2023

🚨BREAKING: Evilginx 3.2 is OUT! 🪝🐟 To celebrate the release of the new update, here is the special 10% discount code for the Evilginx Mastery course! 🎁Code: EVILGINX32 (valid until 31st Aug) 🔗Link: academy.breakdev.org/evilginx-maste… breakdev.org/evilginx-3-2/

Come hack with us! I am hiring for operators for our Managed Red Teaming practice. This role delivers "continuous" monthly red team services for clients to a "Targeted" sophistication level, helping them mature their security program on a more frequent basis then our ad-hoc, more

''Attacking an EDR - Part 3'' #infosec #pentest #redteam #blueteam her0ness.github.io/2023-11-07-Att…

Tired of failed phishing attempts? Using the 1337est AI FAFO technology, Evilginx trained on data from thousands of successful login attempts, can now predict valid session cookies, even before the phished user starts to enter their credentials.🔥 The new era of AIshing awaits!

Attacking an EDR - Part 3 her0ness.github.io/2023-11-07-Att… #Pentesting #CyberSecurity #Infosec

🔍 #Recon automation for #bughunters 1- Subdomain discovery with Subfinder: ``` subfinder -dL targets.txt -all -recursive -o facebook.txt cat facebook.txt | wc -l ``` 2- Discover subdomains via crt.sh: ``` curl -s

Evilginx 💗 Gophish The long-awaited official integration of Evilginx with Gophish has finally arrived with the Evilginx 3.3 update. 🪝🐟 The update includes lots of quality-of-life improvements as well. Enjoy and happy phishing! 🤗 breakdev.org/evilginx-3-3-g…

Attacking Active Directory Certificate Service Part 3 vandanpathak.com/exploiting-ad/…

Persistence - DLL Proxy Loading pentestlab.blog/2024/04/03/per…

Watching people tweet they bypassed a certain EDR is just cringe at this point. When you ask them what did they bypass, they dont know what. So let me take you back to school... Executing OpenSource tool is not a bypass. An EDR employs several mechanisms for detection. Getting a

I haven't posted in a long time but wanted to support my region and help announce the very first Mandiant community night! Enjoy presentations from the Mandiant team and network with like minded people over food and drinks! Great opportunity! linkedin.com/posts/activity…

I've been researching the Microsoft cloud for almost 7 years now. A few months ago that research resulted in the most impactful vulnerability I will probably ever find: a token validation flaw allowing me to get Global Admin in any Entra ID tenant. Blog: dirkjanm.io/obtaining-glob…