@HackingTutors profile picture
Hacking tutorials @HackingTutors

#OSCP | Increasing security awareness, teaching the basics of security, pentesting and ethical hacking. #hacking #infoSec hackingtutorials.org

Joined April 2015
  • Tweets 9,925
  • Following 9,691
  • Followers 47,811
73 Photos and videos
Hacking tutorials retweeted
Virtual Hacking Labs@vhackinglabs
20 Mar 2025
🚀 Exciting News! The VHL IoT Penetration Testing Essentials course is launching before the end of the month! Are you ready to dive deep into the world of IoT security and penetration testing? Sign up for our newsletter and get an exclusive discount! 💰 virtualhackinglabs.com/iot-p…
3
12
1,937
SniffROM: A tool for passive data capture and reconnaissance of serial flash chips. It is used in conjunction with a Saleae logic analyzer to reconstruct flash memory contents and extract contextual information about device operations. github.com/alainiamburg/snif…

GitHub - alainiamburg/sniffROM: A tool for passive data capture and reconnaissance of serial flash...

A tool for passive data capture and reconnaissance of serial flash chips. It is used in conjunction with a Saleae logic analyzer to reconstruct flash memory contents and extract contextual informat...

github.com
1
3
10
2,027
A Comprehensive Guide on Android Penetration Testing with Frida. pawanjswal.medium.com/androi…

Android Penetration Testing with Frida: A Comprehensive Guide with Examples

As mobile devices become increasingly integral to our daily lives, securing Android applications against potential vulnerabilities is of…

pawanjswal.medium.com
5
6
2,324
RT @vhackinglabs: New course launch soon! virtualhackinglabs.com/news/…

Soon: IoT Penetration Testing Essentials | Virtual Hacking Labs

We are an e-learning company for penetration testers and ethical hackers offering access to virtual training labs and a full course.

virtualhackinglabs.com
5
curl - SOCKS5 heap buffer overflow - CVE-2023-38545 Affected versions: libcurl 7.69.0 to and including 8.3.0 Not affected versions: libcurl < 7.69.0 and >= 8.4.0 Solution: upgrade to curl 8.4.0 curl.se/docs/CVE-2023-38545.…

5
4
20
9,343
Very clear explanation of the issue: daniel.haxx.se/blog/2023/10/…

How I made a heap overflow in curl

In association with the release of curl 8.4.0, we publish a security advisory and all the details for CVE-2023-38545. This problem is the worst security problem found in curl in a long time. We set...

daniel.haxx.se
1
2
6
7,226
Severity HIGH security problem to be announced with curl 8.4.0 on Oct 11 · curl/curl · Discussion #12026 · GitHub github.com/curl/curl/discuss…

Severity HIGH security problem to be announced with curl 8.4.0 on Oct 11 · curl curl · Discussion...

We are cutting the release cycle short and will release curl 8.4.0 on October 11, including fixes for a severity HIGH CVE and one severity LOW. The one rated HIGH is probably the worst curl securit...

github.com
1
5
6,816
Hacking tutorials retweeted
Bert-Jan 🛡️@BertJanCyber
9 Oct 2023
🚨 In two days the high severity curl vulnerability (CVE-2023-38545) will be disclosed. The #KQL queries below create an inventory of all systems that run curl. This will allow you to react quickly once a patch has been pushed, to prevent exploitation. github.com/Bert-JanP/Hunting…

1
37
135
27,114
Hacking tutorials retweeted
Germán Fernández
@1ZRR4H
10 Oct 2023
🚨 Hundreds of Citrix VPN instances exploited via CVE-2023-3519 are harvesting corporate credentials in cleartext. At this time, Shodan shows 406 compromised instances with malicious JavaScript code injected into the login page: shorturl.at/qQVX4 (URL shortener because Twitter didn't like my direct links). Also, I noticed that there is a relatively new and active domain, which is not mentioned in the X-Force report on this campaign (securityintelligence.com/x-f…). C2/Exfil domain: cloud-js[.]cloud
12
238
582
157,590
Hacking tutorials retweeted
inversecos
@inversecos
25 Sep 2023
1\ How to prove an iphone was wiped 🔎👇 #dfir #mobileforensics When a user wipes their phone, it generally results in the creation of a file ".obliterated". This file is located: /private/var/root This isn't enough to identify the timestamp of when the wipe occurred (...cont)
43
443
3,039
514,726
Red Wizard is an open-source tool designed to provide repeatable, OPSEC-safe infrastructure for Red Teaming operations. secura.com/blog/red-wizard-1

Red Wizard - User friendly, automated infrastructure for Red Team - Part 1 | Secura - Inzicht in uw...

Explore Red Wizard, a tool for Red Teaming operations, in our blog. Part 1 focuses on its user-friendly design and features.

cybersecurity.bureauveritas.com
3
3
10
5,050
Hackers compromise 3CX desktop app in a supply chain attack bleepingcomputer.com/news/se…

Hackers compromise 3CX desktop app in a supply chain attack

A digitally signed and trojanized version of the 3CX Voice Over Internet Protocol (VOIP) desktop client is reportedly being used to target the company's customers in an ongoing supply chain attack.

bleepingcomputer.com
5
9
22
9,987
Penetration Testing REST APIs Using Burp Suite - Part 2 mindpointgroup.com/blog/rest…

Penetration Testing REST APIs Using Burp Suite - Part 2

Penetration Testing REST APIs Using Burp Suite - the fun part - actual testing! Check out this guide for how to test your REST API.

mindpointgroup.com
3
7
15
9,638
Penetration Testing REST APIs Using Burp Suite - Part 1 mindpointgroup.com/blog/rest…

Penetration Testing REST APIs Using Burp Suite - Part 1

The first in our series of how to Pen Test your REST API with Burp Suite, including an introduction to APIs, Burp Suite, and some standard configurations.

mindpointgroup.com
4
8
17
9,384
Hacking tutorials retweeted
Intigriti
@intigriti
15 Dec 2022
Can you spot the vulnerability? 🔎 This is docker-compose file for the infra of an application The application allows users to sign up and log in Show us how you'd take over a victim's account in the comments 👇 The best explanation gets a 25€ SWAG voucher!🎫
65
64
456
Hacking tutorials retweeted
Intigriti
@intigriti
8 Dec 2022
Can you spot the vulnerability? 🔎 Show us how you'd get the flag from the server in the comments 👇 The best explanation gets a 25€ SWAG voucher! 👕
42
73
529
GitHub - madhuakula/kubernetes-goat: Kubernetes Goat is a "Vulnerable by Design" cluster environment to learn and practice Kubernetes security using an interactive hands-on playground 🚀 github.com/madhuakula/kubern…

GitHub - madhuakula/kubernetes-goat: Kubernetes Goat is a "Vulnerable by Design" cluster environm...

Kubernetes Goat is a "Vulnerable by Design" cluster environment to learn and practice Kubernetes security using an interactive hands-on playground 🚀 - madhuakula/kubernetes-goat

github.com
1
4
8
GitHub - OWASP/crAPI: completely ridiculous API (crAPI) github.com/OWASP/crAPI

GitHub - OWASP/crAPI: completely ridiculous API (crAPI)

completely ridiculous API (crAPI). Contribute to OWASP/crAPI development by creating an account on GitHub.

github.com
2
5
Hacking (with) Grafana, the most widely used solution for monitoring linkedin.com/pulse/hacking-g…

Hacking (with) Grafana, the most widely used solution for monitoring

Nowadays, networks, systems and automation simply need monitoring. It should protect against failures, alert the administrators or make general misbehavior more recognizable.

linkedin.com
1
7
7
Penetration Testing REST APIs Using Burp Suite - Part 1 mindpointgroup.com/blog/rest…

Penetration Testing REST APIs Using Burp Suite - Part 1

The first in our series of how to Pen Test your REST API with Burp Suite, including an introduction to APIs, Burp Suite, and some standard configurations.

mindpointgroup.com
1
6
Load more