Google Dork - Code Leaks 🔑 site:pastebin. com "example. com" site:jsfiddle. net "example. com" site:codebeautify. org "example. com" site:codepen. io "example. com" Check for code snippets, secrets, configs 👀
You got access to vsphere and want to compromise the Windows hosts running on that ESX? 💡 1) Create a clone into a new template of the target VM 2) Download the VMDK file of the template from the storage 3) Parse it with Volumiser, extract SAM/SYSTEM/SECURITY (1/3)
Dumping LSASS is old school. If an admin is connected on a server you are local admin on, just create a scheduled task asking for a certificate on his behalf, get the cert, get its privs. All automatized in the schtask_as module for NetExec 🥳🥳🥳
Google Dork - XSS Prone Parameters 🔥 site:example[.]com inurl:q= | inurl:s= | inurl:search= | inurl:query= | inurl:keyword= | inurl:lang= inurl:& Test for XSS in param value: '"><img src=x onerror=alert()> Credit: @TakSec #infosec #bugbounty #bugbountytips
![viehgroup's tweet image. Google Dork - XSS Prone Parameters 🔥
site:example[.]com inurl:q= | inurl:s= | inurl:search= | inurl:query= | inurl:keyword= | inurl:lang= inurl:&amp;
Test for XSS in param value:
'"&gt;&lt;img src=x onerror=alert()&gt;
Credit: @TakSec
#infosec #bugbounty #bugbountytips](https://pbs.twimg.com/media/G1TO7a7WEAAiLBH.png)
Google Dork - APIs Endpoints ⚙️ site:example[.]com inurl:api | site:*/rest | site:*/v1 | site:*/v2 | site:*/v3 Find hidden APIs, try techniques 👨💻
![TakSec's tweet image. Google Dork - APIs Endpoints ⚙️
site:example[.]com inurl:api | site:*/rest | site:*/v1 | site:*/v2 | site:*/v3
Find hidden APIs, try techniques 👨💻](https://pbs.twimg.com/media/G1Drt7hbUAAZkAv.png)
real-time cloning of any voice from a few seconds of audio
WOW!!! temp43487580.github.io/intune/bypass-… @TEMP43487580 such a good post!!! it is so well written, interesting research and great results! Thank you! 🤩
#malware "clipup.exe" in System32 is very powerful. It can destroy the executable file of the EDR service 😉. Experimenting with overwriting the MsMpEng.exe file github: /2x7EQ13/CreateProcessAsPPL #redteam #BlueTeam
"Localhost tracking" - How Meta bypassed Android sandboxing to track users browsing other websites with Meta's embedded pixel. Fun fact: 22% of the most visited websites across the world embed Meta's pixel. zeropartydata.es/p/localhost-tr…
Search Engine for pen-testers and bug Hunters
#malware If you use a directory symlink path to create a process, Process Explorer will interpret the Path and Command Line of this process as the path containing the symlink, rather than the location of the executable file 🤔 #redteam #code
Attackers exploit Google Translate to hide their assets from security vendors. securelist.com/new-phishing-a…
#redteam Hey, look! Windows with two "System32" folders.😲 Hey, keep looking at this! A process loads the same DLL twice and keeps both instances in memory.😲 #malware #blueteam
Ohhhh, sneaky masquerading trick found in the wild and noted by @JAMESWT_WT The Threat Actor replaces / with "ん", a Japanese character +2 cat pictures
Windows Fonts Exploitation in 2025 - Bypassing UAC with Eudcedit Check out my recent research about eudcedit and see how it can by used to bypass UAC. medium.com/@matanb707/win… #UserAccountControl #UAC #Bypass #Windows
⚠️⚠️ CVE-2025-54982(CVSS 9.6)Zscaler's server-side SAML authentication mechanism allowed authentication abuse due to improper cryptographic signature verification. 🎯3.6M+Results are found on the en.fofa.info nearly year 🔗FOFA Link:en.fofa.info/result?qbase64… FOFA…
United States Trendler
- 1. Yamamoto 44.4K posts
- 2. #DWTS 42.1K posts
- 3. Brewers 41.1K posts
- 4. Ohtani 13.8K posts
- 5. #TexasHockey 3,166 posts
- 6. Jared Butler N/A
- 7. #Dodgers 16K posts
- 8. Young Republicans 69.3K posts
- 9. halsey 7,663 posts
- 10. #FlyTogether 2,186 posts
- 11. #DWCS 7,932 posts
- 12. Kreider N/A
- 13. Domain For Sale 10.3K posts
- 14. Robert 106K posts
- 15. Shohei 8,821 posts
- 16. Haji Wright 1,153 posts
- 17. Will Richard 2,657 posts
- 18. Carrie Ann 4,907 posts
- 19. Roldan 2,631 posts
- 20. Ayton 2,329 posts
Something went wrong.
Something went wrong.