Catakan
@0x00Armageddon
Followers
13
Following
71
Media
7
Statuses
33
#1337lulz I'm in your infra laughing at your session history. God has forsaken us a long time ago.
Joined February 2022
Doing an internal pentest in an unpatched Windows environment.
3
37
270
Raccoon π¦ stealer exfiltrating credentials over the network while avoiding detection by modern EDR solutions
3
12
107
Before anyone objects, I am not saying these are not valuable. My point is all though these are time saving tools, they can also make you blindsided and give a false sense of security.
0
0
0
ADFS-LDAP connected outdated systems, password reuse, service account with the name as password or a sensitive share that contains every credentials on domain to get 15 min DA. Penetration testing is not about automated reporting or running scripts on environment.
How to make pentesters cry... Run PingCastle/PurpleKnight, Locksmith, and ScriptSentry in your environment and fix all the critical issues before your next pentest. I promise you...they will be weep
1
0
0
My trust in Ubiquiti just doubled just because of this single person
1
0
0
This fucking hustlers lmao. - If the firmware ships with /etc/shadow credentials then it is hardcoded thus applicable for a CVE. - If the firmware ships without any credentials in /etc/shadow then it has no pass thus it is hardcoded and a CVE. π€‘π€‘π€‘π€‘π€‘π€‘π€‘
0
0
0
Pretty sure this guys says he is a senior hardware hacker on his resume and acts as the manager that lists his daughters name under his fucking mail signature
0
0
0
OH WOW WHO COULD HAVE GUESSED RIGHT? My man so smart it finds vulnerabilities before a fucking electron touches the circuit on IoT devices π€‘π€‘π€‘π€‘π€‘
0
0
0
The person who applied for this CVE can you reach to this post please. I want to hear about your childhood traumas.
0
0
0
My man even posted his high value notion notes that shows 0 value. Just use binwalk on downloaded firmware and here you have a CVE? Do you guys have mental issues that you are so confident you can classify and even report this as a vuln?
1
0
0
What the fuck does 'hardcoded password vulnerability in /etc/shadow' means for CVE-2024-54750 and CVE-2024-54749? Most of these stuff create a random root passwd on first boot sequence. The person applied for these CVEs is stupid as fuck.
4
0
1
bu arada bu arkadas gercekten profesorse ben bu egitim sisteminin amk, yazΔ±k yetistirdigin ogrencilere uahahhashahah
4
3
305
Does anyone have experience with pentesting Adobe Experience Manager (AEM) - Java Content Repository (JCR)? Any tips? We have access to querybuilder but can not read any files (have access to their some properties but can not directl read txt files.).
1
0
1
My man gonna pay NCA 10 mil just for the lulz
A leader of what was once the worldβs most harmful cyber crime group has been unmasked and sanctioned by the UK, US and Australia, following an NCA-led international disruption campaign. #Cronos @FBI @Europol Full story β‘οΈ https://t.co/ECxlgOTH5E
0
0
2
Is this a sockpuppet account establishing lore in order to push a backdoored libc patch in a few months? π
11
38
730
How can i read properties i set that is available by design?
If this demo still cannot convince you that using Linux C main() is natively risky and you should take care of your envvars seriously by clearenv() or other methods, I'd say, OK, wish you do not receive unexpected bills.
0
0
1
My man burning IoC's for fun lmao
Found a funny way to detect Rubeus. There's a typo in the process name used when calling LsaRegisterLogonProcess, which shows up in the Windows audit logs. Not sure if that was intentional given the code comment right next to it.
0
0
0
VirtualBox, a $15 subscription to TryHackMe, and an hour a day to study is enough to get you a job imo.
22
109
958