Hollow - a shellcode loader generator. You give it a raw shellcode binary and a profile, and it spits out a compiled Windows PE loader with your shellcode encrypted inside. https://t.co/WLvQGyd9Dx
Init1Security will soon be offering Red Team training take a look at our initial access module with our phishing scenario, we will be training fully with Havoc C2 a community favorite anyone can sign up for our newsletter for future announcements.
https://t.co/qOgUyzp2QA
GPOHound v1.1.0 is out! 🎉
This release adds the "sysvol", "ldap", and "parse" modules, along with several bug fixes and improvements.
For more details: https://t.co/BbLSzdinWG
0liverflow/cve2poc: CVE2PoC is a tool that helps penetration testers, bug hunters, and security researchers quickly find public exploits or PoCs related to a CVE ID https://t.co/ggJxFLaMae
⚠️⚠️ CVE-2026-20896 (CVSS 9.8): Gitea Docker images default REVERSE_PROXY_TRUSTED_PROXIES=* — with reverse-proxy auth on, any IP can impersonate any user via X-WEBAUTH-USER.
🔗FOFA Link: https://t.co/w2rhVF9HFa
🎯244.5K+ Results are found on https://t.co/HSOBZfCA2r in the past year.
FOFA Query: app="Gitea"
🔖Refer: https://t.co/64ZP4hKcuj
#OSINT #FOFA #CyberSecurity #Vulnerability
I was playing around AMSI and came up with some interesting bypass techniques.
6 techniques validated with a live reverse shell on a fully patched Windows 11, Defender on. https://t.co/q2Ro0wS7tx
#AMSI#RedTeam#WindowsSecurity#ReverseEngineering#Pentest
EDR has the attention span of a toddler. If it doesn't see the exact pattern it was trained on (sleep, allocate, inject, sleep), it just moves on. Anything else between your calls and it forgets you exist. So I built a library that does exactly that
https://t.co/pZWlTt863l
JWT Auth Bypass TestBed
https://t.co/qoYUYTxduT
Test your skills: 18 main tests with variations.
A proprietary tool with 40+ techniques for Brute One will be available this week to spot all these cases in the wild in a matter of seconds.
https://t.co/ThMs09G3Hp
Want to find active backdoor connections on your Linux system? 🚨
Here’s a one-liner to detect reverse shells and suspicious outbound connections:
netstat -antp | awk ‘$6 == “ESTABLISHED” && $5 !~ /:22$|:80$|:443$/ {print $5, $7}’ | sort -u