Seamless remote browser session control demonstrating the impact of XSS without the need for stealing cookies (weaponized adaptation of the OpenReplay project)
CORSO "ACTIVE DIRECTORY PENETRATION TEST". APERTE LE PRE ISCRIZIONI E AVVIATA LA PROMO
OFFERTA ESCLUSIVA entro il 31 AGOSTO! -15% sul prezzo già scontato del corso (in quanto è la prima live class su questo argomento) a chi effettua la pre-iscrizione entro l 31 di Agosto!
Informazioni di dettagli del corso: 
Per info e iscrizioni scrivi a formazione@redhotcyber.com oppure su WhatsApp al 393791638765 https://www.redhotcyber.com/servizi/academy/live-class-active-directory-ethical-hacking/
Per info e iscrizioni scrivi a formazione@redhotcyber.com oppure su WhatsApp al 393791638765
Diventa un ethical hacker professionista ora! Non perdere tempo!
Leaked and Loaded: DOGE’s API Key Crisis
One leaked API key exposed 52 private LLMs and potentially sensitive systems across SpaceX, Twitter, and even the U.S. Treasury.
In this episode of Cyberside Chats, @sherridavidoff and @MDurrin break down the DOGE/XAI API key leak. They share how it happened, why key management is a growing threat, and what you should do to protect your organization from similar risks.
Watch the video: https://youtu.be/Lnn225XlIc4
Listen to the podcast: https://www.chatcyberside.com/e/api-key-catastrophe-when-secrets-get-leaked/
Find, analyze, and check for exposed IP cameras with open ports, known vulnerabilities, and weak login credentials
Lateral Movement as loggedon User via Speech Named Pipe COM & ISpeechNamedPipe + COM Hijacking
An article that describes how access to a Confluence database with read and insert privilege can be used to create a rogue token for any user
https://blog.quarkslab.com/a-story-about-confluence-and-tokens.html
Hey folks,
Decided it was time for a fresh alias, so here’s my #introduction. I’m a creatively driven fellow with a passion for privacy, cybersecurity, Linux, and free and open source software. I enjoy gaming, creative writing, and technology—the latter of which inspired me to pursue cybersecurity and system administration.
I embarked on this journey around the start of the pandemic, when the sudden surplus of free time gave me the opportunity to try Manjaro, a distribution of Linux based on Arch. With the release of the Steam Deck, I moved over to NixOS, which I’ve been using ever since while studying cybersecurity in higher education.
The majority of my posts will be set to follower-only, so feel free to throw a follow my way if anything of mine has piqued your curiosity at all.
Look forward to interacting with you all in the future! ^^
Tags: #privacy, #cybersecurity, #cybersec, #hacker, #pentest, #pentester, #infosec, #linux, #foss, #gaming, #creativewriting, #writing, #technology, #sysadmin, #archlinux, #steamdeck, #nix, #nixOS.
Missed one of my past conference talks? Let’s fix that.
I’m sharing my favorites—packed with real-world advice, lessons, and a few laughs.
“DIY Azure Security Assessment" - with Teri Radichel
https://twp.ai/4iodU5
C2 Agent fully PIC for Mythic with advanced evasion capabilities, dotnet/powershell/shellcode/bof memory executions, lateral movements, pivot and more
El lado del mal - Hacking & Pentesting con Inteligencia Artificial. Nuestro nuevo libro en 0xWord https://www.elladodelmal.com/2025/07/hacking-pentesting-con-inteligencia.html #Hacking #Pentesting #Pentest #IA #AI #libro #0xWord
Time for #WednesdayWins. Let's hear your stories everyone. Big or small.
I don't even have one to share right now, so I could really use a pick-me-up from hearing others.
How to use Chrome Remote Desktop for Red Team operations (require local administrator privileges)
https://trustedsec.com/blog/abusing-chrome-remote-desktop-on-red-team-operations-a-practical-guide
Here's a new-to-me password spray tool that looks a hell of a lot more functional that Burp Intruder.
How do attackers go from file shares to full domain admin access without ever stealing a password? In this real-world case study, we'll share how a single misconfiguration opened the door to a full network compromise, and how our #pentest team exploited hidden file shares (with that sneaky $ at the end) to uncover sensitive data most IT teams don’t realize is exposed.
We'll share:
• How attackers exploit hidden file shares
• Why misconfigured Windows Deployment Services are a major risk
• The exact relay attack path that led to domain dominance
• What red flags to look for in your environment
Watch: https://youtu.be/78L2Zz2Ttbs
Scan for secrets in dangling commits on GitHub using GH Archive data
A good overview of windows coercion techniques
Kingfisher is a fast tool for scanning secrets (forked from Nosey Parker - extends with live secret validation via cloud APIs, augments regex detection and adds GitLab support)
El lado del mal - Código de Rebajas de Verano 2025 en 0xWord: Cupón VERANO2025 (más lo que tengas en Tempos) https://www.elladodelmal.com/2025/07/codigo-de-rebajas-de-verano-2025-en.html #Libros #Hacking #ciberseguridad #Pentest #IoT #Pentesting #Hardening #0xWord
A friend is looking for an ICS pentesting gig in the UK. He has lots of experience in maritime, power, water, gas OT & SCADA.
He's also excellent on internal inf / red team especially when there's an OT element to the org and you need a safe pair of hands.
If you have any leads please message me and I'll hook you up.
ParrotOS 6.4 is out now! 
This release sets the stage for Parrot 7 with upgraded tools, security fixes, and system improvements 
Upgrade via sudo parrot-upgrade or grab a fresh install from the official site 
Click the link down below and read more on the changelog 
https://parrotsec.org/blog/2025-07-07-parrot-6.4-release-notes
