Frida Script Runner - Versatile web-based tool designed for Android and iOS penetration testing purposes
https://github.com/z3n70/Frida-Script-Runner
https://github.com/z3n70/Frida-Script-Runner
Pentester
@news4hack
- Offensive Security (Red Teaming / PenTesting)
- BlueTeam (OperationSec, TreatHunting, DFIR)
- Reverse Engineering / Malware Analisys
- Web Security
Telegram Channel Promotional Article (English)
Are you interested in the world of cybersecurity? Do you want to stay up-to-date with the latest news, techniques, and trends in offensive and defensive security? Look no further than the 'Pentester' Telegram channel! Run by the username '@news4hack', this channel is the go-to place for everything related to offensive security (Red Teaming/PenTesting), BlueTeam operations (including OperationSec, Threat Hunting, DFIR), Reverse Engineering, Malware Analysis, and Web Security. Whether you are a seasoned professional in the cybersecurity field or just starting out, this channel has something for everyone. Stay informed about the latest cyber threats, learn about new tools and techniques used by hackers, and discover ways to protect yourself and your organization from cyber attacks. Join the 'Pentester' Telegram channel today and take your cybersecurity knowledge to the next level!
Pentester
30 Oct, 07:29
Analysis of CVE-2024-26926
A Linux kernel bug in the Binder component primarily affecting Android devices labeled as EoP
https://github.com/MaherAzzouzi/LinuxKernel-nday/blob/main/CVE-2024-26926/CVE_2024_26926_Analysis.pdf
A Linux kernel bug in the Binder component primarily affecting Android devices labeled as EoP
https://github.com/MaherAzzouzi/LinuxKernel-nday/blob/main/CVE-2024-26926/CVE_2024_26926_Analysis.pdf
Pentester
30 Oct, 05:06
ChatGPT-4o Guardrail Jailbreak:
Hex Encoding for Writing CVE Exploits
https://0din.ai/blog/chatgpt-4o-guardrail-jailbreak-hex-encoding-for-writing-cve-exploits
Hex Encoding for Writing CVE Exploits
https://0din.ai/blog/chatgpt-4o-guardrail-jailbreak-hex-encoding-for-writing-cve-exploits
Pentester
30 Oct, 05:04
#Offensive_security
"Generative AI for pentesting: the good, the bad, the ugly", 2024.
https://github.com/TheR1D/shell_gpt
https://github.com/morpheuslord/GPT_Vuln-analyzer
"Generative AI for pentesting: the good, the bad, the ugly", 2024.
https://github.com/TheR1D/shell_gpt
https://github.com/morpheuslord/GPT_Vuln-analyzer
Pentester
20 Oct, 10:22
Latest Nuclei Release v3.3.5!
https://github.com/projectdiscovery/nuclei/releases/tag/v3.3.5
https://github.com/projectdiscovery/nuclei/releases/tag/v3.3.5
Pentester
19 Oct, 21:37
Streaming vulnerabilities from Windows Kernel - Proxying to Kernel
Part 1 (CVE-2024-30084, CVE-2024-35250):
https://devco.re/blog/2024/08/23/streaming-vulnerabilities-from-windows-kernel-proxying-to-kernel-part1-en
Part 2 (CVE-2024-30090):
https://devco.re/blog/2024/10/05/streaming-vulnerabilities-from-windows-kernel-proxying-to-kernel-part2-en
https://github.com/Dor00tkit/CVE-2024-30090
Part 1 (CVE-2024-30084, CVE-2024-35250):
https://devco.re/blog/2024/08/23/streaming-vulnerabilities-from-windows-kernel-proxying-to-kernel-part1-en
Part 2 (CVE-2024-30090):
https://devco.re/blog/2024/10/05/streaming-vulnerabilities-from-windows-kernel-proxying-to-kernel-part2-en
https://github.com/Dor00tkit/CVE-2024-30090
Pentester
14 Oct, 11:54
Silently Install Chrome Extension For Persistence
https://syntax-err0r.github.io/Silently_Install_Chrome_Extension.html
https://syntax-err0r.github.io/Silently_Install_Chrome_Extension.html
Pentester
12 Oct, 17:44
Finding #TeamViewer 0days
Part 1 - The story begins
https://pgj11.com/posts/Finding-TeamViewer-0days-Part-1
Part 2 - Reversing the Authentication Protocol
https://pgj11.com/posts/Finding-TeamViewer-0days-Part-2
Part 3 - Putting it all together. PARTY TIME
https://pgj11.com/posts/Finding-TeamViewer-0days-Part-3
Part 1 - The story begins
https://pgj11.com/posts/Finding-TeamViewer-0days-Part-1
Part 2 - Reversing the Authentication Protocol
https://pgj11.com/posts/Finding-TeamViewer-0days-Part-2
Part 3 - Putting it all together. PARTY TIME
https://pgj11.com/posts/Finding-TeamViewer-0days-Part-3
Pentester
10 Oct, 10:08
SIMurai is software that emulates a SIM card, which helps in fuzzing modem firmware for vulnerabilities or testing SIM spyware
Github: https://github.com/tomasz-lisowski/simurai
Paper: https://www.usenix.org/system/files/usenixsecurity24-lisowski.pdf
Presentation: https://www.usenix.org/system/files/usenixsecurity24_slides-lisowski.pdf
Github: https://github.com/tomasz-lisowski/simurai
Paper: https://www.usenix.org/system/files/usenixsecurity24-lisowski.pdf
Presentation: https://www.usenix.org/system/files/usenixsecurity24_slides-lisowski.pdf
Pentester
06 Oct, 15:11
Bounty Security Releases GBounty: Our Web Scanning Tools Are Now Open Source
https://bountysecurity.ai/blogs/news/bounty-security-releases-gbounty-our-web-scanning-tools-are-now-open-source
https://bountysecurity.ai/blogs/news/bounty-security-releases-gbounty-our-web-scanning-tools-are-now-open-source
Pentester
05 Oct, 15:50
CVE-2024-7479 & CVE-2024-7481: TeamViewer User to Kernel LPE
PoC: https://youtu.be/lUkAMAK-TPI
exploit: https://github.com/PeterGabaldon/CVE-2024-7479_CVE-2024-7481
PoC: https://youtu.be/lUkAMAK-TPI
exploit: https://github.com/PeterGabaldon/CVE-2024-7479_CVE-2024-7481
Pentester
30 Sep, 14:57
Iconv, set the charset to RCE: Exploiting the glibc to hack the PHP engine
Part 1
https://www.ambionics.io/blog/iconv-cve-2024-2961-p1
Part 2
https://www.ambionics.io/blog/iconv-cve-2024-2961-p2
Part 3
https://www.ambionics.io/blog/iconv-cve-2024-2961-p3
Part 1
https://www.ambionics.io/blog/iconv-cve-2024-2961-p1
Part 2
https://www.ambionics.io/blog/iconv-cve-2024-2961-p2
Part 3
https://www.ambionics.io/blog/iconv-cve-2024-2961-p3
Pentester
28 Sep, 08:31
CVE-2024-47176, CVE-2024-47076, CVE-2024-47175, CVE-2024-47177: Linux OpenPrinting CUPS RCE
blog: https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I/
PoC: https://github.com/RickdeJager/cupshax
patch:
sudo systemctl stop cups-browsed
sudo systemctl disable cups-browsed
blog: https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I/
PoC: https://github.com/RickdeJager/cupshax
patch:
sudo systemctl stop cups-browsed
sudo systemctl disable cups-browsed
Pentester
28 Sep, 08:07
Zimbra - Remote Command Execution (CVE-2024-45519)
https://blog.projectdiscovery.io/zimbra-remote-code-execution/
https://blog.projectdiscovery.io/zimbra-remote-code-execution/
Pentester
27 Sep, 09:55
How hackers can exploit Wi-Fi Captive Portals to distribute Android malware all from a smartphone using WifiPumpkin on NetHunter
https://www.mobile-hacker.com/2024/09/27/wifipumpkin3-integrated-into-nethunter-powerful-duo-allows-malware-distribution-via-captive-portal/
https://www.mobile-hacker.com/2024/09/27/wifipumpkin3-integrated-into-nethunter-powerful-duo-allows-malware-distribution-via-captive-portal/
Pentester
27 Sep, 04:59
ATTACKING UNIX SYSTEMS VIA CUPS, PART I
https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I/
https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I/
Pentester
26 Sep, 20:44
A step-by-step guide to writing an iOS kernel exploit
https://alfiecg.uk/2024/09/24/Kernel-exploit.html
https://alfiecg.uk/2024/09/24/Kernel-exploit.html
Pentester
22 Sep, 13:16
Bypass #LSA protection using the BYODLL technique
https://github.com/itm4n/PPLrevenant
https://github.com/itm4n/PPLrevenant
Pentester
21 Sep, 18:35
#AI has potential to automate threat detection, transform cybersecurity
https://siliconangle.com/2024/09/20/red-teaming-google-mwise2024/
https://siliconangle.com/2024/09/20/red-teaming-google-mwise2024/
Pentester
21 Sep, 18:20
Splinter: New Post-Exploitation Red Team Tool
https://unit42.paloaltonetworks.com/analysis-pentest-tool-splinter
https://unit42.paloaltonetworks.com/analysis-pentest-tool-splinter
Pentester
20 Sep, 08:23
Exploiting Android Client WebViews with Help from HSTS
1-click account takeover vulnerability discovered in a popular Indonesian Android Tokopedia app
https://seanpesce.blogspot.com/2024/09/exploiting-android-client-webviews-with.html
1-click account takeover vulnerability discovered in a popular Indonesian Android Tokopedia app
https://seanpesce.blogspot.com/2024/09/exploiting-android-client-webviews-with.html
Pentester
20 Sep, 08:19
Using AI-assisted decompilation of Radare2
https://cryptax.medium.com/using-ai-assisted-decompilation-of-radare2-e81a882863c9
https://cryptax.medium.com/using-ai-assisted-decompilation-of-radare2-e81a882863c9
2,458
subscribers
102
photos
2
videos
