Okla.Social

100 Days of Red TeamDemonstration of couple of UAC bypass methods using Havoc C2.<a href="https://100daysofredteam.medium.com/using-havoc-c2-to-bypass-uac-b3a93c33442a" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://100daysofredteam.medium.com/using-havoc-c2-to-bypass-uac-b3a93c33442a</a><a href="https://infosec.exchange/tags/RedTeam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#RedTeam</a> <a href="https://infosec.exchange/tags/OffensiveSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#OffensiveSecurity</a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cybersecurity</a>

pentest-tools.comWe tested 15 HTML sanitizers and managed to break 3 of them! How We Found XSS in Odoo & GiteaLast December two of our security researchers - Alex & Catalin - put 15 HTML sanitizers to the test across Python, Go, JavaScript, and Ruby. The result? Three critical vulnerabilities that impact major platforms used by millions!Key findings: ✅ Python (lxml.html.clean) – Vulnerability found in Odoo (5M+ users) ✅ Go (BlueMonday) – XSS in Gitea (used by Google, MasterCard, OpenStack)👉 The research exposed how sanitizers fail to handle edge cases, leading to security risks in chat systems, forums, and self-hosted git platforms.🎥 Watch the full keynote for more insights: <a href="https://youtu.be/0M4e347tMds" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://youtu.be/0M4e347tMds</a> <a href="https://infosec.exchange/tags/pentesting" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#pentesting</a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cybersecurity</a> <a href="https://infosec.exchange/tags/ethicalhacking" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ethicalhacking</a> <a href="https://infosec.exchange/tags/offensivesecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#offensivesecurity</a>

0x40kOkay, so AI in Pentesting, huh? 🤖 It's definitely a hot topic! A lot of folks instantly worry about losing their jobs, but let's be real: aren't we pentester basically problem-solvers?Thing is, AI *can* actually help us speed up the simpler stuff. Think OSINT, CVE checks, and even report writing – AI could give us a boost there. And that would give us *more* time to focus on the really tricky hacks.But hey, a word of caution: AI is just a tool, folks. It's not a magic bullet. Creativity and solid experience *still* matter big time! And let's not forget, security *solely* reliant on AI is just plain wrong. Seriously, certificates or no certificates, a company is NOT secure without good old-fashioned manual pentesting.What are your thoughts? 🤔 <a href="https://infosec.exchange/tags/Pentesting" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Pentesting</a> <a href="https://infosec.exchange/tags/AISecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#AISecurity</a> <a href="https://infosec.exchange/tags/OffensiveSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#OffensiveSecurity</a>

G :donor: :Tick:A very different Monday from my usual, let the learning begin! <a href="https://infosec.exchange/tags/InsomniHack" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#InsomniHack</a> <a href="https://infosec.exchange/tags/INS2025" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#INS2025</a> <a href="https://infosec.exchange/tags/OffensiveSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#OffensiveSecurity</a> <a href="https://infosec.exchange/tags/Entra" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Entra</a> <a href="https://infosec.exchange/tags/AD" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#AD</a>

0x40kAI in security? Yeah, it *can* be helpful, BUT... Automated tools just aren't a substitute for a real-deal penetration tester with brains and experience, ya know? And honestly, blindly relying on AI? Yikes, that's risky! Those things can straight-up hallucinate information sometimes. We're much better off sticking with good ol' brainpower and a solid team, wouldn't you agree? So, what do *you* think are the biggest risks when it comes to AI in the security landscape? Let me know what you think!<a href="https://infosec.exchange/tags/Pentesting" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Pentesting</a> <a href="https://infosec.exchange/tags/AISecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#AISecurity</a> <a href="https://infosec.exchange/tags/OffensiveSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#OffensiveSecurity</a>

0x40kJust stumbled across a report about Microsoft taking down some seriously bad actors who were hijacking Azure accounts for AI abuse. LLMjacking – sounds like something straight out of a cyberpunk novel, but it's actually happening! 🤦‍♂️Honestly, it reminds me of so many conversations I've had with clients. They're like, "Yeah, we've got a firewall, we're all good." Uh, no? Security's way more than just a product you buy. It's a process that needs to be baked in right from the start of development. And let's be real, automated scans *definitely* don't cut it as a pentest!So, what's your take on AI security? Is it just overhyped, or is it a legitimate concern? 🤔 Keen to hear your thoughts!<a href="https://infosec.exchange/tags/AISecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#AISecurity</a> <a href="https://infosec.exchange/tags/Pentest" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Pentest</a> <a href="https://infosec.exchange/tags/OffensiveSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#OffensiveSecurity</a>

0x40kWhoa, malware trends in Q1/25 are getting seriously wild! 🤯 AsyncRAT via TryCloudflare, Lynx Ransomware, Lumma Stealer popping up on GitHub... it's just escalating.Here's the deal: tons of companies *think* their security is rock solid, but attackers are constantly leveling up their social engineering game – just look at InvisibleFerret. And then, bam! "Oh no, we've been hacked!" rings alarmingly too often.Frankly, we need more pentests and proactive threat hunting. Automated scans? Sure, they're useful, but they're no substitute for experienced pros. What's your take on these new malware campaigns? What actually works for you? 🤔<a href="https://infosec.exchange/tags/offensiveSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#offensiveSecurity</a> <a href="https://infosec.exchange/tags/ThreatHunting" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ThreatHunting</a> <a href="https://infosec.exchange/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Cybersecurity</a>

0x40k"Winnti? Ach, das betrifft mich nicht!" – Denkste! 🤨 Die sind wieder da und ihre Supply Chain Attacken? Mega gefährlich! Ja, Japan steht im Fokus, aber die Methoden können *jeden* treffen.SQL Injection in ERP-Systemen ist leider immer noch ein Thema und MSP-Kompromittierungen sind der absolute Horror. Und Winnti nutzt das knallhart aus. Stell dir das mal vor: Die Hacker kommen über deinen Dienstleister rein und räumen alles leer! 😱Also, was tun? Wir müssen unsere ERP-Systeme absichern, unsere MSPs genau unter die Lupe nehmen, das Netzwerk segmentieren, das Monitoring scharf stellen und Winnti auf dem Schirm behalten. Open Source Tools können uns dabei echt helfen.Habt ihr schon mal so eine Situation erlebt? Welche Security-Maßnahmen haben bei euch wirklich was gebracht? Erzählt mal, bin gespannt!<a href="https://infosec.exchange/tags/offensiveSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#offensiveSecurity</a> <a href="https://infosec.exchange/tags/Pentest" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Pentest</a> <a href="https://infosec.exchange/tags/SupplyChain" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#SupplyChain</a>

Tedi HeriyantoBuild Your Own Offensive Security Lab A Step-by-Step Guide with Ludus: <a href="https://xphantom.nl/posts/Offensive-Security-Lab/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://xphantom.nl/posts/Offensive-Security-Lab/</a><a href="https://infosec.exchange/tags/ludus" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ludus</a> <a href="https://infosec.exchange/tags/offensivesecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#offensivesecurity</a> <a href="https://infosec.exchange/tags/lab" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#lab</a>

MSimple Go lang bot maze trap<a href="https://codeberg.org/matthewjharmon/go-bot-trap.git" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://codeberg.org/matthewjharmon/go-bot-trap.git</a><a href="https://threat.theater/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#infosec</a> <a href="https://threat.theater/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cybersecurity</a> <a href="https://threat.theater/tags/offensivesecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#offensivesecurity</a>

100 Days of Red Team<a href="https://infosec.exchange/tags/100DaysOfRedTeam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#100DaysOfRedTeam</a> <a href="https://infosec.exchange/tags/Day" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Day</a> 10 - Know the pros and cons of unannounced and announced red team assessments.<a href="https://100daysofredteam.com/p/unannounced-vs-announced-red-team-assessments" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://100daysofredteam.com/p/unannounced-vs-announced-red-team-assessments</a><a href="https://infosec.exchange/tags/RedTeam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#RedTeam</a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cybersecurity</a> <a href="https://infosec.exchange/tags/OffensiveSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#OffensiveSecurity</a>

100 Days of Red Team<a href="https://infosec.exchange/tags/100DaysOfRedTeam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#100DaysOfRedTeam</a> <a href="https://infosec.exchange/tags/Day" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Day</a> 9 -Learn differences between a red team assessment and a penetration test with a simple analogy.<a href="https://100daysofredteam.com/p/red-teaming-vs-penetration-testing" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://100daysofredteam.com/p/red-teaming-vs-penetration-testing</a><a href="https://infosec.exchange/tags/RedTeam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#RedTeam</a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cybersecurity</a> <a href="https://infosec.exchange/tags/OffensiveSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#OffensiveSecurity</a>

100 Days of Red Team<a href="https://infosec.exchange/tags/100DaysOfRedTeam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#100DaysOfRedTeam</a> <a href="https://infosec.exchange/tags/Day" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Day</a> 8 -Learn what is Process Doppelgänging and how to abuse it for red team trade-craft.<a href="https://100daysofredteam.com/p/what-is-process-doppelganging" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://100daysofredteam.com/p/what-is-process-doppelganging</a><a href="https://infosec.exchange/tags/RedTeam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#RedTeam</a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cybersecurity</a> <a href="https://infosec.exchange/tags/OffensiveSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#OffensiveSecurity</a>

100 Days of Red Team<a href="https://infosec.exchange/tags/100DaysOfRedTeam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#100DaysOfRedTeam</a> <a href="https://infosec.exchange/tags/Day7" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Day7</a> -Learn what is Process Hollowing and how to abuse it for red team trade-craft.<a href="https://100daysofredteam.com/p/what-is-process-hollowing" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://100daysofredteam.com/p/what-is-process-hollowing</a><a href="https://infosec.exchange/tags/RedTeam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#RedTeam</a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cybersecurity</a> <a href="https://infosec.exchange/tags/OffensiveSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#OffensiveSecurity</a>

100 Days of Red Team<a href="https://infosec.exchange/tags/100DaysOfRedTeam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#100DaysOfRedTeam</a> Day6 -Is there a method to the madness of conducting a red team engagement?<a href="https://100daysofredteam.com/p/what-is-a-red-team-methodology" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://100daysofredteam.com/p/what-is-a-red-team-methodology</a><a href="https://infosec.exchange/tags/RedTeam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#RedTeam</a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cybersecurity</a> <a href="https://infosec.exchange/tags/OffensiveSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#OffensiveSecurity</a>

100 Days of Red Team<a href="https://infosec.exchange/tags/100DaysOfRedTeam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#100DaysOfRedTeam</a> <a href="https://infosec.exchange/tags/Day3" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Day3</a> - Learn what is COM and how red teams can use it as part of their trade-craft.<a href="https://www.100daysofredteam.com/p/what-is-com-hijacking" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.100daysofredteam.com/p/what-is-com-hijacking</a><a href="https://infosec.exchange/tags/redteam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#redteam</a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cybersecurity</a> <a href="https://infosec.exchange/tags/offensivesecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#offensivesecurity</a>

100 Days of Red Team<a href="https://infosec.exchange/tags/100DaysOfRedTeam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#100DaysOfRedTeam</a> <a href="https://infosec.exchange/tags/Day2" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Day2</a> - Learn how session sharing feature became a norm in command and control infrastructure.<a href="https://www.100daysofredteam.com/p/the-origin-of-session-sharing-in" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.100daysofredteam.com/p/the-origin-of-session-sharing-in</a><a href="https://infosec.exchange/tags/redteam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#redteam</a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cybersecurity</a> <a href="https://infosec.exchange/tags/offensivesecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#offensivesecurity</a>

Recent searches

Search options

Administered by:

Server stats:

#offensivesecurity