PoC: https://github.com/chebuya/Havoc-C2-SSRF-poc Your browser does not support the video tag. Summary Havoc C2 is a modern and malleable post-exploitation command and control framework targetting windows systems utilized by red teamers and threat actors…

ESET researchers discovered a zero-day Telegram for Android exploit that allows sending malicious files disguised as videos.

In this video, I'm talking about deploying a self hosted dark net search engine including crawler, indexer and a web UI. I have used the repository by NexvisionLab named DarkWeb Search Engine available at this link:
https://github.com/NexvisionLab/Darkweb…

Contribute to nirajkharel/AD-Pentesting-Notes development by creating an account on GitHub.

While exploring the DCOM objects for the “SilverPotato” abuse, I stumbled upon the “ShellWindows” DCOM application. This, along with “ShellBrowserWindows”, is we…

DISCLAIMER: Using these tools and methods against hosts that you do not have explicit permission to test is illegal. You are responsible…

Thomas White ran the Silk Road 2.0 drug marketplace and was convicted of child abuse imagery-related crimes. He was also a co-founder of transparency activist organization Distributed Denial of Secrets.

HTTP/2 Last Frame Synchronization (also known as Single Packet Attack) low Level Library / Tool based on Scapy‌ + Exploit Timing Attacks - nxenon/h2spacex

Apparently, you can crash your iPhone Springboard pretty easily:

On your iPhone, swipe left past all your Home Screen pages to get to App Library. Then search for ""::

Do at your own risk :blobupsidedown:

Credit: Somewhere on the bird site