Here is a first draft on an NTLM relay mindmap 🙂 from authentication coercion to post-relay exploitation. I'll gladly update/correct it if you think there are things wrong or missing. ➡️Featured on The Hacker Recipes thehacker.recipes/ad-ds/movement…

I created a chatGPT 4 master prompt that focuses on web analysis and security testing (private for now, not that hard to do). I then fed it my target app (a .js file). You can do this by using chatgptsplitter.com

Some big updates coming to ShadowClone pretty soon!

By this tool you can get the real IP address behind the CloudFlare WAF , this really useful for bug hunters . bookmark it , u will use someday github.com/zidansec/Cloud… #infosec #BugBounty #bugbountytips #Hacks #hacking #CyberSecurity

📜 New wordlists alert 📜 We've seen great results from subdomain levels enumeration, so we're taking it a step further. Introducing our latest wordlists generated from the trickest/cloud dataset! github.com/trickest/wordl… More useful resources in the thread 🧵👇"

Tout est prêt, on vous attend pour 21h pétante ! ;)

🛠️Continuing our tool-release series, we're excited to introduce 'cdncheck' to the Library! This utility identifies technology for given IPs and uncovers hosts behind WAFs like Cloudflare. Perfect for enhancing our 'Find a server's origin IP' workflow! github.com/projectdiscove…

Si je gagne je donne tout à Fondation 30 Millions d'Amis. (C’est l’été y’a beaucoup d’abandon d’animaux faut soutenir)

Just pushed a pretty neat update for ShadowClone. In my testing, this change makes it about 25-40% faster that before! Check it out github.com/fyoorer/Shadow…

Yeah, mon workshop a été accepté ! 😎 On couvrira les règles de session pour webapps (cookies) et APIs (headers) 🛠️

🥁 This time we present SQLovin, a new DOJO challenge that will put your SQL injection skills to the test! Top 3 reports win exclusive some swags! 🎁 Submit your solution before 01/09/2023 🗓️ Check it out here 👉 yeswehack.com/programs/dojo #YesWeRHackers #BugBounty

One week remaining until Smashing the state machine: the true potential of web race conditions! Can't wait to see what happens once the community gets their hands on the novel techniques, tooling & labs! portswigger.net/research/talks

[Astuce d'été] Cybermalveillance.gouv.fr recommande le service filigrane.beta.gouv.fr qui permet d'ajouter un #filigrane sur vos documents officiels afin d'éviter qu'ils ne puissent être réutilisés facilement à votre insu (ie. #usurpation d'#identité). dossierfacile.fr/blog/dossierfa…

[NEW-RELEASE] Nuclei Template Editor - AI-powered hub to create, debug, scan, and store templates. Collaborate effortlessly with your team and community. Public signup is open; we're eager to hear your feedback on this early release. - Editor: templates.nuclei.sh - Docs:

Introducing Shambles🎉The ultimate tool for reverse engineering embedded systems. Unpack, decompile, disassemble, emulate, fuzz, pseudo-code, debug, and more! I've personally discovered 100+ 0-days, weaponizing ~45% in <200h 🔥 Get access today! boschko.ca/shambles/

14 credential stuffing nuclei templates for both cloud and self-hosted services! Including login checks for: 🔥 Datadog 🚀 Postman 🔥 Grafana 🚀 Jira 🔥 Github And many more! You can find them all here 👇 🔗 github.com/projectdiscove…

🚩Bravo aux participants du CTF de Barbhack ! Pour ceux qui le souhaitent, voici les sources et les writeups (en mode torchon) de mes 4 challs web : github.com/pun-private/wr… GG à la team Orga pour l'énorme boulot sur l'infra 👏 A très bientôt pour d'autres challs 🤟 !

Rare are the pentesters who have never come across an up-to-date CMS installation during a 3 days audit, wondering what to do next. We are starting a blogpost series covering CMSs and web frameworks internals, with two articles by Antoine Gql synacktiv.com/publications/w…

🚨🚨METTEZ À JOUR VOS APPAREILS APPLE ! !! !!! CitizenLab a trouvé un exploit sur #Apple qui est utilisé et qui pourrait mener à une surveillance totale de votre téléphone, vous voir, vous entendre, vous espionner... Cet exploit inquiète car il ne nécessite aucun clic de

"Hello: I'm your Domain Administrator and I want to authenticate against you". My #SilverPotato is out, check the blog post: decoder.cloud/2024/04/24/hel… 😃