Continued thread
Where TX shines 
TX outperformed Kali and X on the most relevant real-world hashes:
WPA2
NTLM
SHA2-256
ZIP AES
BitLocker
These are the hashes that matter, and TX crushes them.
No fluff. No noise. Just raw cracking power 
Administered by:
#pentest
7 posts7 participants0 posts today
Thinking your business is safe from cyber threats? Think again. 
Explore the full breakdown: https://www.ecsbiztech.com/vapt-testing-explained-why-business-needs-it-for-cyber-defense/
Seamless remote browser session control demonstrating the impact of XSS without the need for stealing cookies (weaponized adaptation of the OpenReplay project)
GitHubGitHub - EgeBalci/evilreplay: Seamless remote browser session controlSeamless remote browser session control. Contribute to EgeBalci/evilreplay development by creating an account on GitHub.
CORSO "ACTIVE DIRECTORY PENETRATION TEST". APERTE LE PRE ISCRIZIONI E AVVIATA LA PROMO
OFFERTA ESCLUSIVA entro il 31 AGOSTO! -15% sul prezzo già scontato del corso (in quanto è la prima live class su questo argomento) a chi effettua la pre-iscrizione entro l 31 di Agosto!
Informazioni di dettagli del corso: 
Per info e iscrizioni scrivi a formazione@redhotcyber.com oppure su WhatsApp al 393791638765 https://www.redhotcyber.com/servizi/academy/live-class-active-directory-ethical-hacking/
Per info e iscrizioni scrivi a formazione@redhotcyber.com oppure su WhatsApp al 393791638765
Diventa un ethical hacker professionista ora! Non perdere tempo!
Leaked and Loaded: DOGE’s API Key Crisis
One leaked API key exposed 52 private LLMs and potentially sensitive systems across SpaceX, Twitter, and even the U.S. Treasury.
In this episode of Cyberside Chats, @sherridavidoff and @MDurrin break down the DOGE/XAI API key leak. They share how it happened, why key management is a growing threat, and what you should do to protect your organization from similar risks.
Watch the video: https://youtu.be/Lnn225XlIc4
Listen to the podcast: https://www.chatcyberside.com/e/api-key-catastrophe-when-secrets-get-leaked/
Find, analyze, and check for exposed IP cameras with open ports, known vulnerabilities, and weak login credentials
GitHubGitHub - spyboy-productions/CamXploit: Find, analyze, and check for exposed IP cameras with open ports, known vulnerabilities, and weak login credentials.Find, analyze, and check for exposed IP cameras with open ports, known vulnerabilities, and weak login credentials. - spyboy-productions/CamXploit
Lateral Movement as loggedon User via Speech Named Pipe COM & ISpeechNamedPipe + COM Hijacking
GitHubGitHub - rtecCyberSec/SpeechRuntimeMove: Lateral Movement as loggedon User via Speech Named Pipe COM & ISpeechNamedPipe + COM HijackingLateral Movement as loggedon User via Speech Named Pipe COM & ISpeechNamedPipe + COM Hijacking - rtecCyberSec/SpeechRuntimeMove
Наручный деаутентификатор WiFi сетей DSTIKE
#pentest #hacking #wristband #deauthingattack
Гаджет основан на небезызвестной ESP8266 и обвеса в виде дисплея, кнопок, аккумулятора, RGB индикатора режима работы и прочих компонентов. Для тех кто дружит с ардуино, вот [исходники](https://github.com/SpacehuhnTech/esp8266_deauther), а вот [официальный сайт автора](https://spacehuhn.com/#projects).
Этот деаутентификатор работает на программном уровне. Он реализует атаку типа «отказ в обслуживании», отправляя на роутер фрейм деаутентификации от имени подключенных к сети устройств. Поскольку этот фрейм никак не шифруется, устройству достаточно узнать MAC-адреса устройств, поснифав трафик в сети.
Обычно деаутентификация — это часть комплексной атаки на сеть. Она используется при создании «злого двойника» точки доступа либо для перехвата хендшейка, что затем позволяет расшифровать пароль.
An article that describes how access to a Confluence database with read and insert privilege can be used to create a rogue token for any user
https://blog.quarkslab.com/a-story-about-confluence-and-tokens.html
blog.quarkslab.comWhen too much access is not enough: a story about Confluence and tokens - Quarkslab's blogDuring a Red Team engagement, we compromised an AWS account containing a Confluence instance hosted on an EC2 virtual machine. Although we fully compromised the machine hosting the Confluence instance, we did not have valid credentials to log in but were able to interact with the underlying database. This led us to study the structure of the Confluence database and the mechanism for generating API tokens.
Hey folks,
Decided it was time for a fresh alias, so here’s my #introduction. I’m a creatively driven fellow with a passion for privacy, cybersecurity, Linux, and free and open source software. I enjoy gaming, creative writing, and technology—the latter of which inspired me to pursue cybersecurity and system administration.
I embarked on this journey around the start of the pandemic, when the sudden surplus of free time gave me the opportunity to try Manjaro, a distribution of Linux based on Arch. With the release of the Steam Deck, I moved over to NixOS, which I’ve been using ever since while studying cybersecurity in higher education.
The majority of my posts will be set to follower-only, so feel free to throw a follow my way if anything of mine has piqued your curiosity at all.
Look forward to interacting with you all in the future! ^^
Tags: #privacy, #cybersecurity, #cybersec, #hacker, #pentest, #pentester, #infosec, #linux, #foss, #gaming, #creativewriting, #writing, #technology, #sysadmin, #archlinux, #steamdeck, #nix, #nixOS.
Missed one of my past conference talks? Let’s fix that.
I’m sharing my favorites—packed with real-world advice, lessons, and a few laughs.
“DIY Azure Security Assessment" - with Teri Radichel
https://twp.ai/4iodU5
twp.ai- YouTubeEnjoy the videos and music you love, upload original content, and share it all with friends, family, and the world on YouTube.
C2 Agent fully PIC for Mythic with advanced evasion capabilities, dotnet/powershell/shellcode/bof memory executions, lateral movements, pivot and more
GitHubGitHub - MythicAgents/Kharon: C2 Agent fully PIC for Mythic with advanced evasion capabilities, dotnet/powershell/shellcode/bof memory executions, lateral moviments, pivot and more.C2 Agent fully PIC for Mythic with advanced evasion capabilities, dotnet/powershell/shellcode/bof memory executions, lateral moviments, pivot and more. - GitHub - MythicAgents/Kharon: C2 Agent ful...
El lado del mal - Hacking & Pentesting con Inteligencia Artificial. Nuestro nuevo libro en 0xWord https://www.elladodelmal.com/2025/07/hacking-pentesting-con-inteligencia.html #Hacking #Pentesting #Pentest #IA #AI #libro #0xWord
Time for #WednesdayWins. Let's hear your stories everyone. Big or small.
I don't even have one to share right now, so I could really use a pick-me-up from hearing others.
How to use Chrome Remote Desktop for Red Team operations (require local administrator privileges)
https://trustedsec.com/blog/abusing-chrome-remote-desktop-on-red-team-operations-a-practical-guide
TrustedSecAbusing Chrome Remote Desktop on Red Team Operations: A Practical…
Parrot Security released Parrot OS 6.4 – their final release built on Debian 12. Features integrated Sliver/Rocket frameworks, kernel 6.12 hardware boosts, and critical tool updates (Metasploit, Netexec, Caido) for streamlined penetration testing.
#SecurityLand #SkillsLab #ParrotOS #Security #Pentest #RedTeam #Cybersecurity
Read More: https://www.security.land/parrot-os-6-4-security-refined-for-the-modern-ethical-hacker/
Here's a new-to-me password spray tool that looks a hell of a lot more functional that Burp Intruder.
GitHubGitHub - blacklanternsecurity/TREVORspray: TREVORspray is a modular password sprayer with threading, clever proxying, loot modules, and more!TREVORspray is a modular password sprayer with threading, clever proxying, loot modules, and more! - blacklanternsecurity/TREVORspray
How do attackers go from file shares to full domain admin access without ever stealing a password? In this real-world case study, we'll share how a single misconfiguration opened the door to a full network compromise, and how our #pentest team exploited hidden file shares (with that sneaky $ at the end) to uncover sensitive data most IT teams don’t realize is exposed.
We'll share:
• How attackers exploit hidden file shares
• Why misconfigured Windows Deployment Services are a major risk
• The exact relay attack path that led to domain dominance
• What red flags to look for in your environment
Watch: https://youtu.be/78L2Zz2Ttbs
Scan for secrets in dangling commits on GitHub using GH Archive data
GitHubGitHub - trufflesecurity/force-push-scanner: Scan for secrets in dangling commits on GitHub using GH Archive data.Scan for secrets in dangling commits on GitHub using GH Archive data. - trufflesecurity/force-push-scanner
A good overview of windows coercion techniques
RedTeam Pentesting - BlogThe Ultimate Guide to Windows Coercion Techniques in 2025
More from 
RedTeam Pentesting