''GitHub - nikaiw/VMkatz: Extract Windows credentials directly from VM memory snapshots and virtual disks''
#infosec#pentest#redteam#blueteam
https://t.co/XzKe9I5h68
10 WEBSITES EVERY INTERNET USER SHOULD CHECK TONIGHT.
Bookmark all of them. Most people don't know half of these exist.
1. https://t.co/zwR28T6wZa
Shows every data breach your email is in and what got leaked.
2. https://t.co/3c9sMcOYLH
Shows every social profile, photo, and login tied to an email address.
3. https://t.co/MOsvtupjHn
Free disposable email for any signup you don't trust.
4. https://t.co/t6W6t9kzvQ
Burner inbox that self-destructs in 10 minutes.
5. https://t.co/lHWq4ZeJXH
A directory of direct links to delete your account from any major service.
6. https://t.co/vpVXkaS6Uc
Check if your face was used to train AI image models without consent.
7. https://t.co/cC7q3S3Uui
Tells you if your VPN is actually hiding your real location or leaking it.
8. https://t.co/1Q31VRhSQ6
Shows how trackable your browser fingerprint is, even in incognito mode.
9. https://t.co/TVtBWcv6Sw
Tells you which programs on your PC are useless bloatware or spyware.
10. https://t.co/yvtYh3ade9
Drop any file or link. It scans against 70+ antivirus engines instantly.
The internet is hostile by default. These websites are your free defense.
A dev open-sourced a VPN that smuggles your internet through port 53.
It's called MasterDnsVPN. It hides your traffic inside DNS queries, the one packet type no firewall on earth can block without breaking the internet itself.
MIT License. 100% Open Source.
Did You Know?
Deleting an app doesn’t erase the evidence you used it.
Windows keeps a ghost file for every program you run called a Prefetch file.
Stored in C:\Windows\Prefetch, it records:
• The exact time you launched it
• Where it ran from
• How many times you opened it
Forensic teams use this to prove you executed anything even after you “cleaned” your system. 💀
During pentests we often have to deal with tasks that can be automated. Some of the best tools for this are ADScan and ADPulse.
ADScan performs both enumeration and attack and is capable of analyzing BloodHound data to guide you through the pentest. It works with and without AD creds and can compromise some labs in just 3-5 minutes
https://t.co/r6qq1YRvOP
@three_cube@_aircorridor #pentesting #redteam
🚨 OSINT ve siber güvenlik dünyasına dev bir kaynak:
16.443.023.451 satır veri
1.343 farklı veritabanı
Tek arayüzden kapsamlı database araması yapabiliyorsunuz.
E-posta, telefon, kimlik bilgisi, sızıntı kayıtları ve daha fazlasını hızlıca sorgulayabileceğiniz güçlü bir araç.
🔗 Database Search Engine:
https://t.co/HAGh6cfVpi
Bu tür araçlar, pentest, threat intelligence ve açık kaynak istihbarat çalışmalarında ne kadar kritik bir rol oynuyor?
Sizce bu ölçekte bir veritabanı arama motoru OSINT ekosistemini nasıl etkiler?
Yorumlarda görüşlerinizi paylaşın.
#OSINT #Cybersecurity #Infosec #Hacking #Pentesting #DataLeak #ThreatIntelligence #YapayZeka
pfft guys don't take nmap seriously it's is nothing compared to my new vibecoded RUST BASED nmap called NMAP RUST because of its IN RUST and IT uses AI!! (and RUST!!!!!)
If you like BloodHound and AD Hacking let me introduce you to BloodBash
No web front end
No neo4j
No complexity
Collect your AD artifacts with Sharphound
Run `BloodBash ./pathToSharphoundOutput`
That's it!
https://t.co/9b6EBfeiVP
"I don't have a GPU" is officially dead 🤯
You can now run 70B model on a single 4GB GPU and it even scales up to the colossal Llama 3.1 405B on just 8GB of VRAM.
AirLLM uses "Layer-wise Inference." Instead of loading the whole model, it loads, computes, and flushes one layer at a time
→ No quantization needed by default
→ Supports Llama, Qwen, and Mistral
→ Works on Linux, Windows, and macOS
100% Open Source.
Quick and dirty way to find parameters vulnerable to LFI & Path Traversal & SSRF & Open Redirect:
Burp Search > Regex
\?.*=(\/\/?\w+|\w+\/|\w+(%3A|:)(\/|%2F)|%2F|[\.\w]+\.\w{2,4}[^\w])
And find potentially vulnerable SSRF params
- https://t.co/6cfBPVn0FM
#SSRF#cybersec
A new module just got merged into NetExec: raisechild🔥
Made by azoxlpf to automatically abuse domain trust to pivot to other domains.
It will:
- Dump the krbtgt hash of the child domain
- Enumerate trusted domains
- Craft a TGT for trusted/parent domain