digitalcourage.social

maschmiLearning about <a href="https://mastodon.social/tags/pentesting" class="mention hashtag" rel="nofollow noopener" target="_blank">#pentesting</a> had a nice side effect: Keeping logs of what I do and have done is now basically second nature. This also helps in my dayjob and creates documentation basically as I go.Did you know you can log your terminal with <a href="https://mastodon.social/tags/tmux" class="mention hashtag" rel="nofollow noopener" target="_blank">#tmux</a> <a href="https://github.com/tmux-plugins/tmux-logging" rel="nofollow noopener" translate="no" target="_blank">https://github.com/tmux-plugins/tmux-logging</a>? Or by using `script` and `scriptreplay` <a href="https://www.geeksforgeeks.org/linux-unix/script-command-in-linux-with-examples/" rel="nofollow noopener" translate="no" target="_blank">https://www.geeksforgeeks.org/linux-unix/script-command-in-linux-with-examples/</a>When using script, do not wonder about the color-code-chars in the log :)<a href="https://mastodon.social/tags/linux" class="mention hashtag" rel="nofollow noopener" target="_blank">#linux</a> <a href="https://mastodon.social/tags/terminal" class="mention hashtag" rel="nofollow noopener" target="_blank">#terminal</a>

Mike ShewardMini Pen Test Diaries story, happened in the last couple of years. The debrief meeting went like this:“In your report you said you we’re able to crack the domain admin account instantly because the password was stored using the LM hash?”“That’s right, yes.”“But we’ve had LM hashing disabled for like 15 years, that can’t be possible?!”“When was the last time that password was changed?”“Well it’s been the same since I got here, 20 years ago.”“And what hashing mechanism do you think was used back then?”“Oh no."For more, less mini stories like this, check out <a href="https://infosecdiaries.com" rel="nofollow noopener" translate="no" target="_blank">https://infosecdiaries.com</a>.<a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#infosec</a> <a href="https://infosec.exchange/tags/pentest" class="mention hashtag" rel="nofollow noopener" target="_blank">#pentest</a> <a href="https://infosec.exchange/tags/pentesting" class="mention hashtag" rel="nofollow noopener" target="_blank">#pentesting</a> <a href="https://infosec.exchange/tags/redteam" class="mention hashtag" rel="nofollow noopener" target="_blank">#redteam</a>

nickbearded🌍 BashCore is spreading: 10 downloads this week from every corner of the globe! 🚀 *** Both CLI & GUI builds on Debian 13 Trixie have been available in non-stable form, but this week I’m replacing them with fresh stable builds, released just 3 days ago (Aug 9). ***Minimalism goes global, now with LTS power! 👊<a href="https://mastodon.social/tags/BashCore" class="mention hashtag" rel="nofollow noopener" target="_blank">#BashCore</a> <a href="https://mastodon.social/tags/Linux" class="mention hashtag" rel="nofollow noopener" target="_blank">#Linux</a> <a href="https://mastodon.social/tags/Trixie" class="mention hashtag" rel="nofollow noopener" target="_blank">#Trixie</a> <a href="https://mastodon.social/tags/MinimalOS" class="mention hashtag" rel="nofollow noopener" target="_blank">#MinimalOS</a> <a href="https://mastodon.social/tags/Pentesting" class="mention hashtag" rel="nofollow noopener" target="_blank">#Pentesting</a>

nickbeardedIt all works 😳 the last hurdle with Metasploit is gone.BashCoreT build is complete, ISO ready to roll 🤟First distro in the world on Debian 13 “Trixie” stable, just two days after release.<a href="https://mastodon.social/tags/BashCoreT" class="mention hashtag" rel="nofollow noopener" target="_blank">#BashCoreT</a> <a href="https://mastodon.social/tags/Linux" class="mention hashtag" rel="nofollow noopener" target="_blank">#Linux</a> <a href="https://mastodon.social/tags/Pentesting" class="mention hashtag" rel="nofollow noopener" target="_blank">#Pentesting</a> <a href="https://mastodon.social/tags/Debian" class="mention hashtag" rel="nofollow noopener" target="_blank">#Debian</a> <a href="https://mastodon.social/tags/Trixie" class="mention hashtag" rel="nofollow noopener" target="_blank">#Trixie</a> <a href="https://mastodon.social/tags/OpenSource" class="mention hashtag" rel="nofollow noopener" target="_blank">#OpenSource</a>

nickbeardedIf I’ve solved all the issues, everything should now be working as intended. That means tonight or tomorrow I’ll drop the atomic bomb ---> BashCoreT, the first distro in the world built on Debian 13 “Trixie” stable, just two days after its official release. It features Linux Kernel 6.12 💪Precision, speed, and a little madness. 💻💥<a href="https://mastodon.social/tags/BashCoreT" class="mention hashtag" rel="nofollow noopener" target="_blank">#BashCoreT</a> <a href="https://mastodon.social/tags/Linux" class="mention hashtag" rel="nofollow noopener" target="_blank">#Linux</a> <a href="https://mastodon.social/tags/Pentesting" class="mention hashtag" rel="nofollow noopener" target="_blank">#Pentesting</a> <a href="https://mastodon.social/tags/Debian" class="mention hashtag" rel="nofollow noopener" target="_blank">#Debian</a> <a href="https://mastodon.social/tags/Trixie" class="mention hashtag" rel="nofollow noopener" target="_blank">#Trixie</a>

nickbeardedMetasploit on BashCoreT: LoadError - cannot load such file: parallel.Translation: “Nice build you have there… shame if something happened to it.” 😅Time to tear it down and start over...<a href="https://mastodon.social/tags/BashCoreT" class="mention hashtag" rel="nofollow noopener" target="_blank">#BashCoreT</a> <a href="https://mastodon.social/tags/Linux" class="mention hashtag" rel="nofollow noopener" target="_blank">#Linux</a> <a href="https://mastodon.social/tags/Pentesting" class="mention hashtag" rel="nofollow noopener" target="_blank">#Pentesting</a> <a href="https://mastodon.social/tags/Metasploit" class="mention hashtag" rel="nofollow noopener" target="_blank">#Metasploit</a> <a href="https://mastodon.social/tags/DevLife" class="mention hashtag" rel="nofollow noopener" target="_blank">#DevLife</a>

nickbeardedBenchmarking hashcat -b on BashCoreT from BashCoreX via SSH, both running inside VirtualBox, just because we can 😎Yes, the numbers are irrelevant (VM overhead galore), but the stability test matters 💪📸 htop says: “I’m fine.” 👊<a href="https://mastodon.social/tags/BashCoreT" class="mention hashtag" rel="nofollow noopener" target="_blank">#BashCoreT</a> <a href="https://mastodon.social/tags/Linux" class="mention hashtag" rel="nofollow noopener" target="_blank">#Linux</a> <a href="https://mastodon.social/tags/Pentesting" class="mention hashtag" rel="nofollow noopener" target="_blank">#Pentesting</a> <a href="https://mastodon.social/tags/Hashcat" class="mention hashtag" rel="nofollow noopener" target="_blank">#Hashcat</a> <a href="https://mastodon.social/tags/SSH" class="mention hashtag" rel="nofollow noopener" target="_blank">#SSH</a> <a href="https://mastodon.social/tags/VirtualBox" class="mention hashtag" rel="nofollow noopener" target="_blank">#VirtualBox</a> <a href="https://mastodon.social/tags/BecauseWeCan" class="mention hashtag" rel="nofollow noopener" target="_blank">#BecauseWeCan</a>

Simon Roses FemerlingI loved when I see web shells challenges (Red or Blue) in CTF games. Reminds me of my web shells research I did years ago, paper: <a href="https://vulnex.com/data/VULNEX_VB2017_ShellInTheWeb.pdf" rel="nofollow noopener" translate="no" target="_blank">https://vulnex.com/data/VULNEX_VB2017_ShellInTheWeb.pdf</a> <a href="https://infosec.exchange/tags/WebShell" class="mention hashtag" rel="nofollow noopener" target="_blank">#WebShell</a> <a href="https://infosec.exchange/tags/pentesting" class="mention hashtag" rel="nofollow noopener" target="_blank">#pentesting</a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#cybersecurity</a> <a href="https://infosec.exchange/tags/APT" class="mention hashtag" rel="nofollow noopener" target="_blank">#APT</a> <a href="https://infosec.exchange/tags/AppSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#AppSec</a>

Pen Test PartnersYou’re security testing AWS infrastructure. You’ve done the work and need to exfiltrate the evidence files. But there's no internet access and no inbound ports... 🤔 Here’s how to use AWS Services Systems Manager (SSM) to create a port forwarding session, access what you need, and securely exfiltrate data with a simple Python web server. 📌 Read the blog post here: <a href="https://www.pentestpartners.com/security-blog/how-to-transfer-files-in-aws-using-ssm/" rel="nofollow noopener" translate="no" target="_blank">https://www.pentestpartners.com/security-blog/how-to-transfer-files-in-aws-using-ssm/</a> <a href="https://infosec.exchange/tags/AWS" class="mention hashtag" rel="nofollow noopener" target="_blank">#AWS</a> <a href="https://infosec.exchange/tags/CloudSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#CloudSecurity</a> <a href="https://infosec.exchange/tags/PenTesting" class="mention hashtag" rel="nofollow noopener" target="_blank">#PenTesting</a> <a href="https://infosec.exchange/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#CyberSecurity</a> <a href="https://infosec.exchange/tags/SSM" class="mention hashtag" rel="nofollow noopener" target="_blank">#SSM</a> <a href="https://infosec.exchange/tags/Infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#Infosec</a> <a href="https://infosec.exchange/tags/Python" class="mention hashtag" rel="nofollow noopener" target="_blank">#Python</a> <a href="https://infosec.exchange/tags/RedTeam" class="mention hashtag" rel="nofollow noopener" target="_blank">#RedTeam</a>

SPARK42AI Agents in Penetration Testing

Konstantin :C_H:Two criticals. Two known exploited. One a zero-day. July saw a spike in high-severity vulnerabilities.Here are CVE Crowd's Top 3 from the 624 CVEs discussed across the Fediverse last month. For each CVE, I've included a standout post from the community. Enjoy exploring! 👇<a href="https://infosec.exchange/tags/Pentesting" class="mention hashtag" rel="nofollow noopener" target="_blank">#Pentesting</a> <a href="https://infosec.exchange/tags/AppSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#AppSec</a> <a href="https://infosec.exchange/tags/InfoSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#InfoSec</a> <a href="https://infosec.exchange/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#CyberSecurity</a> <a href="https://infosec.exchange/tags/BugBounty" class="mention hashtag" rel="nofollow noopener" target="_blank">#BugBounty</a> <a href="https://infosec.exchange/tags/Hacking" class="mention hashtag" rel="nofollow noopener" target="_blank">#Hacking</a> <a href="https://infosec.exchange/tags/CVE" class="mention hashtag" rel="nofollow noopener" target="_blank">#CVE</a> <a href="https://infosec.exchange/tags/CveCrowd" class="mention hashtag" rel="nofollow noopener" target="_blank">#CveCrowd</a>

Lenin alevski 🕵️💻New Open-Source Tool Spotlight 🚨🚨🚨Pivotnacci is a toolkit for network pivoting in pentesting. It automates SOCKS proxies, SSH tunnels, and port forwards, making lateral movement more efficient during red team operations. Great for complex multi-hop environments. <a href="https://infosec.exchange/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#CyberSecurity</a> <a href="https://infosec.exchange/tags/PenTesting" class="mention hashtag" rel="nofollow noopener" target="_blank">#PenTesting</a>🔗 Project link on <a href="https://infosec.exchange/tags/GitHub" class="mention hashtag" rel="nofollow noopener" target="_blank">#GitHub</a> 👉 <a href="https://github.com/blackarrowsec/pivotnacci" rel="nofollow noopener" translate="no" target="_blank">https://github.com/blackarrowsec/pivotnacci</a><a href="https://infosec.exchange/tags/Infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#Infosec</a> <a href="https://infosec.exchange/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#Cybersecurity</a> <a href="https://infosec.exchange/tags/Software" class="mention hashtag" rel="nofollow noopener" target="_blank">#Software</a> <a href="https://infosec.exchange/tags/Technology" class="mention hashtag" rel="nofollow noopener" target="_blank">#Technology</a> <a href="https://infosec.exchange/tags/News" class="mention hashtag" rel="nofollow noopener" target="_blank">#News</a> <a href="https://infosec.exchange/tags/CTF" class="mention hashtag" rel="nofollow noopener" target="_blank">#CTF</a> <a href="https://infosec.exchange/tags/Cybersecuritycareer" class="mention hashtag" rel="nofollow noopener" target="_blank">#Cybersecuritycareer</a> <a href="https://infosec.exchange/tags/hacking" class="mention hashtag" rel="nofollow noopener" target="_blank">#hacking</a> <a href="https://infosec.exchange/tags/redteam" class="mention hashtag" rel="nofollow noopener" target="_blank">#redteam</a> <a href="https://infosec.exchange/tags/blueteam" class="mention hashtag" rel="nofollow noopener" target="_blank">#blueteam</a> <a href="https://infosec.exchange/tags/purpleteam" class="mention hashtag" rel="nofollow noopener" target="_blank">#purpleteam</a> <a href="https://infosec.exchange/tags/tips" class="mention hashtag" rel="nofollow noopener" target="_blank">#tips</a> <a href="https://infosec.exchange/tags/opensource" class="mention hashtag" rel="nofollow noopener" target="_blank">#opensource</a> <a href="https://infosec.exchange/tags/cloudsecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#cloudsecurity</a>— ✨ 🔐 P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking 💻🏴‍☠️

HiSolutions🛡️ Red-Teaming: Mehr als nur ein Penetrationstest! 🔍 Sie wollen wissen, wie gut Ihre Sicherheitsmaßnahmen wirklich sind? Dann ist ein echtes Red-Team-Assessment genau das Richtige!📄 In unserem neuen Website-Artikel erklären wir die Unterschiede zu einem klassischen Pentest oder Schwachstellenscan, zeigen typische Missverständnisse auf und geben einen praxisnahen Leitfaden zur Auswahl der richtigen Methodik: 👉 <a href="https://www.hisolutions.com/detail/redteam" rel="nofollow noopener" translate="no" target="_blank">https://www.hisolutions.com/detail/redteam</a>💼 Sie wollen direkt loslegen? Unser Beratungsbudget für Red- und Purple-Teaming bietet maximale Flexibilität und volle Kostenkontrolle – ideal für gezielte Tests und Tabletop-Übungen: 👉 <a href="https://www.hisolutions.com/detail/redteam-beratungsbudget" rel="nofollow noopener" translate="no" target="_blank">https://www.hisolutions.com/detail/redteam-beratungsbudget</a>🔗 Gemeinsam analysieren wir Ihre IT-Umgebung, simulieren realistische Angriffe und helfen Ihre Resilienz zu steigern, bevor es echte Angreifende tun.<a href="https://infosec.exchange/tags/RedTeaming" class="mention hashtag" rel="nofollow noopener" target="_blank">#RedTeaming</a> <a href="https://infosec.exchange/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#CyberSecurity</a> <a href="https://infosec.exchange/tags/PurpleTeaming" class="mention hashtag" rel="nofollow noopener" target="_blank">#PurpleTeaming</a> <a href="https://infosec.exchange/tags/Pentesting" class="mention hashtag" rel="nofollow noopener" target="_blank">#Pentesting</a>

DIGITAL PRIVACYIs anyone successfully running <a href="https://fosstodon.org/tags/GrapheneOS" class="mention hashtag" rel="nofollow noopener" target="_blank">#GrapheneOS</a> (latest version/android 16) and <a href="https://fosstodon.org/tags/frida" class="mention hashtag" rel="nofollow noopener" target="_blank">#frida</a> (v16.7.19)?Currently setting up the Pixel 8a for testing purposes.No issues with frida (v16.7.19) on Xiaomi Poco X3 (latest lineageos/android15).Found this <a href="https://github.com/frida/frida/issues/2743" rel="nofollow noopener" translate="no" target="_blank">https://github.com/frida/frida/issues/2743</a> . Doesn't seem to be solved though.<a href="https://fosstodon.org/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#cybersecurity</a> <a href="https://fosstodon.org/tags/pentesting" class="mention hashtag" rel="nofollow noopener" target="_blank">#pentesting</a>

testssl.sh :verified:testssl.sh 3.3dev got a bit snappier, most notably for Macs:<a href="https://infosec.exchange/tags/TLS" class="mention hashtag" rel="nofollow noopener" target="_blank">#TLS</a> <a href="https://infosec.exchange/tags/SSL" class="mention hashtag" rel="nofollow noopener" target="_blank">#SSL</a> <a href="https://infosec.exchange/tags/pentesting" class="mention hashtag" rel="nofollow noopener" target="_blank">#pentesting</a>

DEF CONAll signs point to <a href="https://defcon.social/tags/DEFCONTraining" class="mention hashtag" rel="nofollow noopener" target="_blank">#DEFCONTraining</a> Las Vegas 2025…Think you have what it takes? If you recognize qrspba, unpxre, or onqtryvsr then follow the trail to Z2VudmF2YXQucXJzcGJhLmJldAo= to learn more. There’s still time to sign up!<a href="https://defcon.social/tags/defcon" class="mention hashtag" rel="nofollow noopener" target="_blank">#defcon</a> <a href="https://defcon.social/tags/defcon33" class="mention hashtag" rel="nofollow noopener" target="_blank">#defcon33</a> <a href="https://defcon.social/tags/cybertraining" class="mention hashtag" rel="nofollow noopener" target="_blank">#cybertraining</a> <a href="https://defcon.social/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#infosec</a> <a href="https://defcon.social/tags/cyberdefense" class="mention hashtag" rel="nofollow noopener" target="_blank">#cyberdefense</a> <a href="https://defcon.social/tags/pentesting" class="mention hashtag" rel="nofollow noopener" target="_blank">#pentesting</a> <a href="https://defcon.social/tags/IoT" class="mention hashtag" rel="nofollow noopener" target="_blank">#IoT</a> <a href="https://defcon.social/tags/AI" class="mention hashtag" rel="nofollow noopener" target="_blank">#AI</a> <a href="https://defcon.social/tags/training" class="mention hashtag" rel="nofollow noopener" target="_blank">#training</a>

dan_nanniA reverse shell is a stealthy connection that lets an attacker remotely control a target system by having it initiate the connection, often bypassing firewalls to run commands and exploit weaknessesHere is how a reverse shell works 😎👇 <a href="https://mastodon.social/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#infosec</a> <a href="https://mastodon.social/tags/linux" class="mention hashtag" rel="nofollow noopener" target="_blank">#linux</a> <a href="https://mastodon.social/tags/pentesting" class="mention hashtag" rel="nofollow noopener" target="_blank">#pentesting</a>Find high-res pdf books with all my <a href="https://mastodon.social/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#cybersecurity</a> related infographics at <a href="https://study-notes.org" rel="nofollow noopener" translate="no" target="_blank">https://study-notes.org</a>

Pen Test PartnersMost Android apps don’t expose much through services. But system apps? That’s where things get interesting...This blog post by David Lodge explains how Android services work and looks into the security risks of AIDL (Android Interface Definition Language) services.They’re often used by OEMs to expose system-level functionality, sometimes without proper permission checks. That makes them a worthwhile attack surface if you’re testing vendor builds or reviewing apps with elevated privileges.📌Learn more here: <a href="https://www.pentestpartners.com/security-blog/android-services-101/" rel="nofollow noopener" translate="no" target="_blank">https://www.pentestpartners.com/security-blog/android-services-101/</a><a href="https://infosec.exchange/tags/AndroidSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#AndroidSecurity</a> <a href="https://infosec.exchange/tags/MobileSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#MobileSecurity</a> <a href="https://infosec.exchange/tags/AIDL" class="mention hashtag" rel="nofollow noopener" target="_blank">#AIDL</a> <a href="https://infosec.exchange/tags/PenTesting" class="mention hashtag" rel="nofollow noopener" target="_blank">#PenTesting</a> <a href="https://infosec.exchange/tags/ReverseEngineering" class="mention hashtag" rel="nofollow noopener" target="_blank">#ReverseEngineering</a> <a href="https://infosec.exchange/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#CyberSecurity</a>

mkj<a href="https://infosec.exchange/@aria" class="u-url mention" rel="nofollow noopener" target="_blank">@aria</a> I haven't looked at it in detail but I'm pretty sure you want to check out <a href="https://www.humblebundle.com/books/pentesting-hacking-toolkit-packt-books" rel="nofollow noopener" translate="no" target="_blank">https://www.humblebundle.com/books/pentesting-hacking-toolkit-packt-books</a><a href="https://social.mkj.earth/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#cybersecurity</a> <a href="https://social.mkj.earth/tags/EthicalHacking" class="mention hashtag" rel="nofollow noopener" target="_blank">#EthicalHacking</a> <a href="https://social.mkj.earth/tags/PenTesting" class="mention hashtag" rel="nofollow noopener" target="_blank">#PenTesting</a> <a href="https://social.mkj.earth/tags/BlueTeam" class="mention hashtag" rel="nofollow noopener" target="_blank">#BlueTeam</a>

Nightfighter 🛡️Hiding in the Shadows: Covert <a href="https://social.tchncs.de/tags/Tunnels" class="mention hashtag" rel="nofollow noopener" target="_blank">#Tunnels</a> via <a href="https://social.tchncs.de/tags/QEMU" class="mention hashtag" rel="nofollow noopener" target="_blank">#QEMU</a> Virtualization<a href="https://social.tchncs.de/tags/blueteam" class="mention hashtag" rel="nofollow noopener" target="_blank">#blueteam</a> <a href="https://social.tchncs.de/tags/redteam" class="mention hashtag" rel="nofollow noopener" target="_blank">#redteam</a> <a href="https://social.tchncs.de/tags/pentesting" class="mention hashtag" rel="nofollow noopener" target="_blank">#pentesting</a> <a href="https://social.tchncs.de/tags/vulnerability" class="mention hashtag" rel="nofollow noopener" target="_blank">#vulnerability</a> <a href="https://social.tchncs.de/tags/security" class="mention hashtag" rel="nofollow noopener" target="_blank">#security</a> <a href="https://trustedsec.com/blog/hiding-in-the-shadows-covert-tunnels-via-qemu-virtualization" rel="nofollow noopener" translate="no" target="_blank">https://trustedsec.com/blog/hiding-in-the-shadows-covert-tunnels-via-qemu-virtualization</a>

Recent searches

Search options

Administered by:

Server stats:

#pentesting