worldkey.io is one of the many independent Mastodon servers you can use to participate in the fediverse.
Discussion of Disney history, theme parks, music, movies, and related topics.

Administered by:

Server stats:

130
active users

#pentesting

3 posts3 participants0 posts today
Tinker ☀️<p>Also why am I pentesting today?!</p><p>I should have never looked for this in the first place.</p><p>It was because my mom was watching The Price is Right and I got bored but still wanted to be next to my mom and I got a hunch and pulled out my laptop and sat next to my mom while she watched Drew Carey and we just parallel played for a bit and then I found it!!!! And I told my mom about it! She said "That's nice dear but I'm watching my shows" and I think that technically violated my NDAs but she wasn't really listening so a tree in the forest and all of that. Anyhoo.... not sure what to do with this finding... </p><p><a href="https://infosec.exchange/tags/Thanksgiving" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Thanksgiving</span></a> <a href="https://infosec.exchange/tags/Family" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Family</span></a> <a href="https://infosec.exchange/tags/Pentesting" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Pentesting</span></a> <a href="https://infosec.exchange/tags/infoSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>infoSec</span></a> <a href="https://infosec.exchange/tags/ThePriceIsRight" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ThePriceIsRight</span></a> <a href="https://infosec.exchange/tags/drewCarey" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>drewCarey</span></a></p>
Tinker ☀️<p>Soooooo I found a massive vulnerability today, the day before Thanksgiving. </p><p>Buuuuuuut it's looks like its existed for a couple of years.</p><p>So, should I report it RIGHT NOW!!!! The day before thanksgiving? Or wait until next week.</p><p>On one hand, they'll have to react to it as its huge. And it could interrupt their time with family and a major holiday.</p><p>On the other hand, it's been around for so long, what's another couple of days going to change anything?</p><p>On the third hand, if this gets exploited over the holiday weekend, it's on me and could affect even more people.</p><p>Hmmmmmmm.... choices choices. </p><p><a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>infosec</span></a> <a href="https://infosec.exchange/tags/pentesting" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>pentesting</span></a> <a href="https://infosec.exchange/tags/risk" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>risk</span></a></p>
FXBG Hackers<p><strong>FXBG Hackers - 0x1B - Nov 6th 2024 @ 7pm</strong></p> November 6, 2024, 7:00:00 PM EST - GMT-5 - Red Dragon Bewery, 22401, Fredericksburg, United States <p><a href="https://meetups.infosec.exchange/events/eff4ac94-c888-4cb6-8276-6c1caa196bf5" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">meetups.infosec.exchange/event</span><span class="invisible">s/eff4ac94-c888-4cb6-8276-6c1caa196bf5</span></a></p>
Mike Sheward<p>Mini Pen Test Diaries Story:</p><p>The target of the test was an enterprise web app, designed to be hosted and accessed from within a trusted network - like an enterprise LAN. Most customers would login to the app with SSO, or AD-integrated authentication, but it also supported a local login mechanism, so it could have its own accounts.</p><p>Although this app was designed to never go near the dirty dirty internet, we all know how companies be, so as part of the test, I decided to go looking around for any instances of it that may be out there. Plan wasn't to test them of course, not in scope, but I was curious to see how this software was actually being deployed in the real world.</p><p>After about 15 seconds on Shodan, I found dozens of instances of this thing out there on the Internet. From the screenshots of the login page, I could see that all of them were in local authentication mode - meaning, no third party or federated auth was being used.</p><p>I raised this as a finding in the report, mentioning that, "hey, although this isn't directly your issue, there are plenty of examples of your customers using your app like this, so...perhaps consider adding MFA to the local authentication provider, to add that layer of protection to the app? Lest one of your customers expose themselves in the same way that so many apparently have done so."</p><p>At report review time, the dev team was furious about this finding - "why, would you put this finding in our pentest report? It's not our issue whatsoever!"</p><p>So I calmly explained to them, "you're correct, not your direct issue, but you're the folks in the best position to fix it, right? The customers can't add MFA to your code, and clearly theres a reason your customers keep putting these things on the Internet? Have you asked them about it?" </p><p>They still weren't convinced at all. </p><p>Now, I've been doing this for a while, so used to push back from dev teams on certain things occasionally, but you know, this one seemed like a no-brainer, really.</p><p>I asked, who's gonna get the blame when these things get compromised by cred stuffing?</p><p>Who's IP is out there for other malicious actors to find and play with?</p><p>But still, they weren't having it.</p><p>There's no real magical ending to this one unfortunately. The software sits out there to this day, no MFA to be seen. But this one is a perfect example of why we often find ourselves in the situations we do in this industry.</p><p>An unwillingness to just do the right thing, simply because doing that thing doesn't exactly fall within your direct purview. </p><p>Even if, in this example, you didn't want to do MFA - just take the finding, and go ask your customers to take their instances of the internet. Be proactive. It would give your account execs a reason to talk to customers - they'd love it. </p><p>It's not always this way, but when it is, you can very easily understand the chain of decisions that lead to a number of the major breaches we seen on a daily basis. Don't be like these devs, think outside of the box. Or LAN, I suppose.</p><p>Want to read more, slightly less mini stories like this: <a href="https://infosecdiaries.com" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">infosecdiaries.com</span><span class="invisible"></span></a></p><p><a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>infosec</span></a> <a href="https://infosec.exchange/tags/pentest" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>pentest</span></a> <a href="https://infosec.exchange/tags/pentesting" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>pentesting</span></a> <a href="https://infosec.exchange/tags/redteam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>redteam</span></a></p>
Bill<p>"The limitations of traditional security tools stem from their dependency on historical data and static detection mechanisms."</p><p>You betcha.</p><p><a href="https://thehackernews.com/2024/10/rise-of-zero-day-vulnerabilities.html?m=1" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">thehackernews.com/2024/10/rise</span><span class="invisible">-of-zero-day-vulnerabilities.html?m=1</span></a></p><p><a href="https://infosec.exchange/tags/0day" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>0day</span></a> <a href="https://infosec.exchange/tags/pentesting" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>pentesting</span></a></p>
Chirael (Anthony) :donor: :ferdiverified: 🇺🇦 :rainbow_flag:<p>I’ll stick with my Devious Decoder Card (from <span class="h-card" translate="no"><a href="https://defcon.social/@deviantollam" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>deviantollam</span></a></span>) but this is still cool and better than nothing, something else to try besides taking a picture of the key and trying to decode with a line/depth overlay.</p><p>Kwikset as shown in the video is pretty easy to almost sight read anyway but I wonder if the Flipper app would be harder to use with finer depth increments like Schlage or Best SFIC.</p><p>Still cool to think they could add many more key depths over time though.</p><p><a href="https://www.youtube.com/watch?v=RPrd-S5Cmxo" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">youtube.com/watch?v=RPrd-S5Cmx</span><span class="invisible">o</span></a> <a href="https://infosec.exchange/tags/FlipperZero" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>FlipperZero</span></a> <a href="https://infosec.exchange/tags/locksport" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>locksport</span></a> <a href="https://infosec.exchange/tags/locksmith" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>locksmith</span></a> <a href="https://infosec.exchange/tags/keys" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>keys</span></a> <a href="https://infosec.exchange/tags/pentesting" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>pentesting</span></a></p>
Clément Labro<p>🆕 New blog post! "The PrintNightmare is not Over Yet"</p><p>ℹ️ In this article, I take a look back at a previous post I wrote earlier this year about PrintNightmare. It turns out the Point and Print configuration I recommended at the end is still prone to Man-in-the-Middle attacks. So, I discuss that here, as well as additional mitigation I considered.</p><p>Props to <span class="h-card" translate="no"><a href="https://chaos.social/@parzel" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>parzel</span></a></span> and <span class="h-card" translate="no"><a href="https://bird.makeup/users/l4x4" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>l4x4</span></a></span> who both reported this issue to me.</p><p>👉 <a href="https://itm4n.github.io/printnightmare-not-over/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">itm4n.github.io/printnightmare</span><span class="invisible">-not-over/</span></a></p><p><a href="https://infosec.exchange/tags/printnightmare" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>printnightmare</span></a> <a href="https://infosec.exchange/tags/windows" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>windows</span></a> <a href="https://infosec.exchange/tags/privesc" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>privesc</span></a> <a href="https://infosec.exchange/tags/pentesting" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>pentesting</span></a> <a href="https://infosec.exchange/tags/pentest" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>pentest</span></a></p>
Vasileiadis A. (Cyberkid) 🛡<p>The Ultimate OSINT Cheat Sheet 🔎</p><p>🔖<a href="https://defcon.social/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>infosec</span></a> <a href="https://defcon.social/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cybersecurity</span></a> <a href="https://defcon.social/tags/hacking" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>hacking</span></a> <a href="https://defcon.social/tags/pentesting" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>pentesting</span></a> <a href="https://defcon.social/tags/security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>security</span></a></p>
Vasileiadis A. (Cyberkid) 🛡<p>⚡️DorkGPT - Generate Google Dorks with AI</p><p>🔗dorkgpt.com</p><p>⚠️Disclaimer : We don't verify tools for malware. Use in VM or sandbox. We're not responsible for damages. Tools are for educational purposes only. Use at your own risk.</p><p>🔖<a href="https://defcon.social/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>infosec</span></a> <a href="https://defcon.social/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cybersecurity</span></a> <a href="https://defcon.social/tags/hacking" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>hacking</span></a> <a href="https://defcon.social/tags/pentesting" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>pentesting</span></a> <a href="https://defcon.social/tags/security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>security</span></a></p>
mdalin<p>Just finished up another fun SE/physical onsite pentest. </p><p>Physical security at this location was TIGHT. Some of the best I've ever seen. iClass SEOS with Elite Keys; downgrade disabled, Mantrap-style turnstiles with reverse-tailgate detection, ADA doors require manual unlock from security (Is that even legal? 🤔). Two layers of 8 foot high anti-trespass fencing around the whole perimeter. Mirrored windows. Security cameras everywhere with 24-7 on-site monitoring. </p><p>ESPKey was basically my only shot at a technical/physical bypass. I couldn't get them to agree to let me try it, but I honestly wouldn't be surprised if they were actually using OSDP.</p><p>So I showed up carrying a cardboard box and security just buzzed me in. 🙄 🤣 🥺</p><p><a href="https://infosec.exchange/tags/pentesting" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>pentesting</span></a> <a href="https://infosec.exchange/tags/physec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>physec</span></a> <a href="https://infosec.exchange/tags/onsite" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>onsite</span></a> <a href="https://infosec.exchange/tags/socialengineering" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>socialengineering</span></a> <a href="https://infosec.exchange/tags/metalgearbox" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>metalgearbox</span></a></p>
OWASP Foundation<p>Tick-tock! ⏰ Only 3 WEEKS left until <a href="https://infosec.exchange/tags/OWASP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OWASP</span></a> Global <a href="https://infosec.exchange/tags/AppSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AppSec</span></a> SF kicks off! Grab your tickets now before they're gone. Secure your spot at the event by registering here: <a href="https://sf.globalappsec.org/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">sf.globalappsec.org/</span><span class="invisible"></span></a></p><p><a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cybersecurity</span></a> <a href="https://infosec.exchange/tags/AI" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AI</span></a> <a href="https://infosec.exchange/tags/threatmodeling" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>threatmodeling</span></a> <a href="https://infosec.exchange/tags/devsecops" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>devsecops</span></a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>infosec</span></a> <a href="https://infosec.exchange/tags/API" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>API</span></a> <a href="https://infosec.exchange/tags/pentesting" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>pentesting</span></a></p>
FXBG Hackers<p>FXBG Hackers - 0x1A - Oct 2nd 2024 @ 7pm</p><p>October 2, 2024, 7:00:00 PM EDT - GMT-4 - Red Dragon Bewery, 22401, Fredericksburg, United States</p><p><a href="https://meetups.infosec.exchange/events/95baa898-87c5-417f-a170-1c72a1e03af1" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">meetups.infosec.exchange/event</span><span class="invisible">s/95baa898-87c5-417f-a170-1c72a1e03af1</span></a></p>
Mänu<p>Nice, the <a href="https://infosec.exchange/tags/Troopers" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Troopers</span></a> 2024 conference talks are online: <a href="https://www.youtube.com/playlist?list=PL1eoQr97VfJlYX4dCDdvHk3QLJCEnKw6c" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">youtube.com/playlist?list=PL1e</span><span class="invisible">oQr97VfJlYX4dCDdvHk3QLJCEnKw6c</span></a> <span class="h-card" translate="no"><a href="https://infosec.exchange/@WEareTROOPERS" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>WEareTROOPERS</span></a></span> <a href="https://infosec.exchange/tags/security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>security</span></a> <a href="https://infosec.exchange/tags/pentesting" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>pentesting</span></a></p>
Vasileiadis A. (Cyberkid) 🛡<p>🔥Firewall explained to Kids… and Adults.</p><p>📌Firewalls have several types, each designed for specific security needs:</p><p>1. Packet Filtering Firewalls: Examines packets of data, accepting or rejecting based on source, destination, or protocols.</p><p>2. Circuit-level Gateways: Monitors TCP handshake between packets to determine session legitimacy.</p><p>3. Application-level Gateways (Proxy Firewalls): Filters incoming traffic between your network and traffic source, offering a protective shield against untrusted networks.</p><p>4. Stateful Inspection Firewalls: Tracks active connections to determine which packets to allow, analyzing in the context of their place in a data stream.</p><p>5. Next-Generation Firewalls (NGFWs): Advanced firewalls that integrate traditional methods with functionalities like intrusion prevention systems, deep packet analysis, and application awareness.</p><p>Over to you: Do you know what firewalls your company uses?</p><p>🔖<a href="https://defcon.social/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>infosec</span></a> <a href="https://defcon.social/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cybersecurity</span></a> <a href="https://defcon.social/tags/hacking" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>hacking</span></a> <a href="https://defcon.social/tags/pentesting" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>pentesting</span></a> <a href="https://defcon.social/tags/security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>security</span></a></p>
OWASP Foundation<p>Global AppSec San Francisco 2024 </p><p>Join Sven Schleier for his training, The Mobile Playbook: A guide for iOS and Android App Security.</p><p>This three-day hands-on course teaches pen testers and developers how to analyse Android and iOS applications for security vulnerabilities by going through the different phases of testing.</p><p>Learn more and register for training sessions by following the link below 👇</p><p><a href="https://www.eventbrite.com/e/owasp-global-appsec-san-francisco-2024-tickets-723699172707?aff=oddtdtcreator" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">eventbrite.com/e/owasp-global-</span><span class="invisible">appsec-san-francisco-2024-tickets-723699172707?aff=oddtdtcreator</span></a></p><p><a href="https://infosec.exchange/tags/AppSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AppSec</span></a> <a href="https://infosec.exchange/tags/SanFran" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SanFran</span></a> <a href="https://infosec.exchange/tags/pentesting" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>pentesting</span></a> <a href="https://infosec.exchange/tags/developers" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>developers</span></a></p>
Tinker ☀️<p>There is something so satisfying in kicking off an entire RFC1918 scan.</p><p>Doing a single port at a brisk but safe (for my environment) pace.</p><p>~/# nmap -Pn -n -p &lt;single port number&gt; -T4 --open 10.0.0.0/8</p><p>~/# nmap -Pn -n -p &lt;single port number&gt; -T4 --open 172.16.0.0/12</p><p>~/# nmap -Pn -n -p &lt;single port number&gt; -T4 --open 192.168.0.0/16</p><p>(command broken out for dramatic effect - also note that I break out each of those CIDRs into /24's so that if anything breaks, I can pick up easier where the last known good ended. It's scripted and I prefer it this way.)</p><p>I am not doing a ping sweep or a DNS resolution. I'm assuming all hosts are up. And I'm looking for every host with a single port open. So even if they dont respond to pings (or something is preventing pings), I should get an answer back.</p><p>Note, I could certainly do faster (T5 or masscan, gawd) - but this is about as fast as I'm going to do in my environment and still be safe.</p><p>Also, only looking for open ports right now - no fingerprinting yet.</p><p>A cool thing about this approach is many intrusion detection still will only look for multiple ports on a single host to trigger an alert. Some still ignore many hosts / single port scans (to their detriment). </p><p>We've long sense purple teamed this, so I sent a notification to SOC letting them know my actions and asking them nicely (I bribed them last week) to not stop me, lol.</p><p>Should take a couple weeks to a month at this pace and in my environment to hit every single one of the just shy of 18,000,000 hosts 😂 </p><p><a href="https://infosec.exchange/tags/pentesting" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>pentesting</span></a> <a href="https://infosec.exchange/tags/hacking" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>hacking</span></a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>infosec</span></a> <a href="https://infosec.exchange/tags/penetrationtesting" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>penetrationtesting</span></a> <a href="https://infosec.exchange/tags/blueteam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>blueteam</span></a> <a href="https://infosec.exchange/tags/redteam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>redteam</span></a> <a href="https://infosec.exchange/tags/intrusionDetection" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>intrusionDetection</span></a></p>
Tinker ☀️<p>Ok. I think I've given them enough of a rest...</p><p>The greater security team asked me to chill for a bit because they were overloaded with findings. That makes perfect sense. I gave them enough to chew on and I try to rotate findings that various teams can work on.</p><p>This one specific team remediated a lot of my findings. It took a long time and they worked very hard and worked with multiple multiple multiple ops teams to get it done. </p><p>And I gave them ample time to rest afterwards. I announced their success to the CISO and give them major kudos.</p><p>But I'm about to be that guy who rewards good work with more work.</p><p>I'm going to do the dreaded "Full Security Audit".</p><p>I think I'll stretch before I send off these initial enumeration scans. I've got my custom scripts ready. I might step out to buy an energy drink.</p><p>Eris damned, even the anticipation has my dopamine and adrenaline flowing.</p><p><a href="https://infosec.exchange/tags/hacking" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>hacking</span></a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>infosec</span></a> <a href="https://infosec.exchange/tags/redTeam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>redTeam</span></a> <a href="https://infosec.exchange/tags/penetrationTesting" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>penetrationTesting</span></a> <a href="https://infosec.exchange/tags/penTesting" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>penTesting</span></a></p>
Vasileiadis A. (Cyberkid) 🛡<p>🕵️Recon Tools For Web Application PenTesting</p><p>🔖<a href="https://defcon.social/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>infosec</span></a> <a href="https://defcon.social/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cybersecurity</span></a> <a href="https://defcon.social/tags/hacking" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>hacking</span></a> <a href="https://defcon.social/tags/pentesting" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>pentesting</span></a> <a href="https://defcon.social/tags/security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>security</span></a> </p><p>📱My Social Accounts: <a href="https://beacons.ai/cyberkid1987" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">beacons.ai/cyberkid1987</span><span class="invisible"></span></a><br>👤t.me/VasileiadisAnastasis<br>👥t.me/infosec101<br>👤medium.com/@redfanatic7</p><p>🪙<a href="https://www.paypal.com/donate/?hosted_button_id=5LXFEXUPS8BKE" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">paypal.com/donate/?hosted_butt</span><span class="invisible">on_id=5LXFEXUPS8BKE</span></a><br>🥃<a href="https://www.buymeacoffee.com/cyberkid1987" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="">buymeacoffee.com/cyberkid1987</span><span class="invisible"></span></a></p>
Vasileiadis A. (Cyberkid) 🛡<p>🤖Mr. Robot - Hacking Tools</p><p>🔹Elpscrk - Mr.Robot Password Generator &amp; Brute Force Program<br>- <a href="https://github.com/RussianOtter/elpscrk" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">github.com/RussianOtter/elpscr</span><span class="invisible">k</span></a></p><p>🔹fsociety-ransomware-MrRobot<br>- <a href="https://github.com/graniet/fsociety-ransomware-MrRobot" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">github.com/graniet/fsociety-ra</span><span class="invisible">nsomware-MrRobot</span></a></p><p>🔹fsociety Hacking Tools Pack – A Penetration Testing Framework<br>- <a href="https://github.com/Manisso/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">github.com/Manisso/</span><span class="invisible"></span></a> fsociety</p><p>🔹An advanced memory forensics framework <br>- <a href="https://github.com/volatilityfoundation/volatility" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">github.com/volatilityfoundatio</span><span class="invisible">n/volatility</span></a></p><p>🔹rwwwshell: Getting a reverse shell with Mr. Robot ;)<br>- <a href="https://github.com/DtxdF/rwwwshell" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">github.com/DtxdF/rwwwshell</span><span class="invisible"></span></a></p><p>🔹Mr Robot CTF<br>- <a href="https://github.com/noondi/Mr-Robot-CTF" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">github.com/noondi/Mr-Robot-CTF</span><span class="invisible"></span></a></p><p>🔹Block excessive crawlers, bots and spiders traffic on your web site space_invader<br>- <a href="https://github.com/flydev-fr/Blackhole" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">github.com/flydev-fr/Blackhole</span><span class="invisible"></span></a></p><p>🔹Payload for teensy like a rubber ducky but the syntax is different. this Human interfaes device ( HID attacks ). <br>- <a href="https://github.com/Screetsec/Brutal" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">github.com/Screetsec/Brutal</span><span class="invisible"></span></a></p><p>🔹Honey Unix Encryptor (HUE)<br>- <a href="https://github.com/entynetproject/honey" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">github.com/entynetproject/hone</span><span class="invisible">y</span></a></p><p>🔹Email-Mr.Robot<br>- <a href="https://github.com/3x9l0itDZ/Email-Mr.Robot" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">github.com/3x9l0itDZ/Email-Mr.</span><span class="invisible">Robot</span></a></p><p>🔹Mr. Robot's EvilCorp Terminal style for your shell<br>- <a href="https://github.com/marcorosa/eterm" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">github.com/marcorosa/eterm</span><span class="invisible"></span></a></p><p>🔖<a href="https://defcon.social/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>infosec</span></a> <a href="https://defcon.social/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cybersecurity</span></a> <a href="https://defcon.social/tags/hacking" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>hacking</span></a> <a href="https://defcon.social/tags/pentesting" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>pentesting</span></a> <a href="https://defcon.social/tags/security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>security</span></a></p>
Zanidd<p>Alrighty, thanks for joining in on this thread! We will see us in the next one - I'll be spending the next hour trying to move my old notes to my public notes 🌟 </p><p><a href="https://infosec.exchange/tags/xss" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>xss</span></a> <a href="https://infosec.exchange/tags/csrf" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>csrf</span></a> <a href="https://infosec.exchange/tags/hacking" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>hacking</span></a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cybersecurity</span></a> <a href="https://infosec.exchange/tags/crosssiterequestforgery" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>crosssiterequestforgery</span></a> <a href="https://infosec.exchange/tags/crosssitescripting" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>crosssitescripting</span></a> <a href="https://infosec.exchange/tags/pentesting" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>pentesting</span></a></p>