If you are looking for privilege escalation on a
https://swisskyrepo.github.io/PayloadsAllTheThings/Methodology%20and%20Resources/Linux%20-%20Privilege%20Escalation/
https://book.hacktricks.wiki/en/linux-hardening/privilege-escalation/index.html
If you have some binaries like SUID bins and you don't know what to do, then search in GTFOBins
https://gtfobins.github.io/
Linux machine, then this is your guidehttps://swisskyrepo.github.io/PayloadsAllTheThings/Methodology%20and%20Resources/Linux%20-%20Privilege%20Escalation/
https://book.hacktricks.wiki/en/linux-hardening/privilege-escalation/index.html
If you have some binaries like SUID bins and you don't know what to do, then search in GTFOBins
https://gtfobins.github.io/
swisskyrepo.github.io
Linux - Privilege Escalation - Payloads All The Things
Payloads All The Things, a list of useful payloads and bypasses for Web Application Security
❤5👍1
NSO Group has been acquired by U.S. investors, ending Israeli control
NSO Group is the company that develops every smart phone's nightmare Pegasus, the know Spyware
In my opinion it will still be used by Americans and Israelis for the same reasons they used before or the Israelis are developing something new
You can read the article: https://techcrunch.com/2025/10/10/spyware-maker-nso-group-confirms-acquisition-by-us-investors/
NSO Group is the company that develops every smart phone's nightmare Pegasus, the know Spyware
In my opinion it will still be used by Americans and Israelis for the same reasons they used before or the Israelis are developing something new
You can read the article: https://techcrunch.com/2025/10/10/spyware-maker-nso-group-confirms-acquisition-by-us-investors/
TechCrunch
Spyware maker NSO Group confirms acquisition by US investors | TechCrunch
NSO Group confirmed to TechCrunch that an unnamed group of American investors has taken “controlling ownership” of the surveillance tech maker.
❤5👀2🤬1
AWS is suffering from a huge technical problem that makes it almost down
Google services are affected as well as Preplexity AI also Chatgpt is affected
Really hard time for huge tech companies and other companies that use their services like hosting, this news is enough to make companies think twice before fully relying on a third-party or think about self hosting
Google services are affected as well as Preplexity AI also Chatgpt is affected
Really hard time for huge tech companies and other companies that use their services like hosting, this news is enough to make companies think twice before fully relying on a third-party or think about self hosting
❤8🤪2🥰1
reverse engineering
AWS is suffering from a huge technical problem that makes it almost down Google services are affected as well as Preplexity AI also Chatgpt is affected Really hard time for huge tech companies and other companies that use their services like hosting, this…
Docker and postman are down
There are some news says it's because of Russian cyber attacks
https://www.euronews.com/next/2025/10/20/huge-internet-outage-hits-mobile-apps-and-websites-such-as-amazon-heres-what-we-know
There are some news says it's because of Russian cyber attacks
https://www.euronews.com/next/2025/10/20/huge-internet-outage-hits-mobile-apps-and-websites-such-as-amazon-heres-what-we-know
😁4❤2
Hetty is an open-source and free HTTP toolkit designed for security research, useful to be a powerful alternative to commercial tools like Burp Suite Pro. It offers features specifically tailored for the needs of the infosec community
▲ For Linux:
https://github.com/dstotijn/hetty
▲ For Linux:
sudo snap install hetty
https://github.com/dstotijn/hetty
GitHub
GitHub - dstotijn/hetty: An HTTP toolkit for security research.
An HTTP toolkit for security research. Contribute to dstotijn/hetty development by creating an account on GitHub.
❤8👍2
Swift Announcing the Swift SDK for Android !
Swift now is available for android and can be used on windows, Linux and MacOS. really big news that might change the world of android development
https://www.swift.org/blog/nightly-swift-sdk-for-android/
Swift now is available for android and can be used on windows, Linux and MacOS. really big news that might change the world of android development
https://www.swift.org/blog/nightly-swift-sdk-for-android/
Swift.org
Announcing the Swift SDK for Android
Swift has matured significantly over the past decade — extending from cloud services to Windows applications, browser apps, and microcontrollers. Swift powers apps and services of all kinds, and thanks to its great interoperability, you can share code across…
🔥4
Next.js pentesting guide by Mr. Daoud Youssef
Really a very good and advanced article
https://deepstrike.io/blog/nextjs-security-testing-bug-bounty-guide
Really a very good and advanced article
https://deepstrike.io/blog/nextjs-security-testing-bug-bounty-guide
DeepStrike
Next.js Security Testing Guide for Bug Hunters and Pentesters
Learn how to assess Next.js apps for SSRF, XSS, CSTI, SSTI, CSRF, cache issues, and data leaks. Practical tips, checks, and tools for bug bounty and pentesting.
❤2
CVE-2025-59287
⚠️🚨CVSS: Critical 9.8
ဗ Affected: Windows Server Update Service (WSUS)
▲Description: Deserialization of untrusted data in Windows Server Update Service allows an unauthorized attacker to execute code over a network.
https://nvd.nist.gov/vuln/detail/CVE-2025-59287
⚠️🚨CVSS: Critical 9.8
ဗ Affected: Windows Server Update Service (WSUS)
▲Description: Deserialization of untrusted data in Windows Server Update Service allows an unauthorized attacker to execute code over a network.
https://nvd.nist.gov/vuln/detail/CVE-2025-59287
❤3🥰1🤣1
reverse engineering
AWS is suffering from a huge technical problem that makes it almost down Google services are affected as well as Preplexity AI also Chatgpt is affected Really hard time for huge tech companies and other companies that use their services like hosting, this…
After AWS outage problem many signs are saying that Azure is down in many places of the world, here in Egypt many people/companies claim that they are suffering with Azure services or they can't reach it
There is an opinion says all tech companies should think again about the infrastructure they are based on or they are providing with, and I go with this opinion
Btw, this meme is going viral saying that the next turn will be for GCP or Google's cloud
There is an opinion says all tech companies should think again about the infrastructure they are based on or they are providing with, and I go with this opinion
Btw, this meme is going viral saying that the next turn will be for GCP or Google's cloud
❤5
If you are managing to do a cert in cyber security specially like OSCP, then Linux privilege escalation is a crucial skill you have to learn. I found this flow diagram is a great one to follow during your hunting for privilege escalation
a great way as well to do a basic enumeration using automated tools like:
1- linPEAS
https://github.com/peass-ng/PEASS-ng/tree/master/linPEAS
2- LinEnum
https://github.com/rebootuser/LinEnum
3- Linux Exploit Suggester
https://github.com/The-Z-Labs/linux-exploit-suggester
➜ finally keep your notes updated and up to date 😉
ⓘ @reverseengineer101
a great way as well to do a basic enumeration using automated tools like:
1- linPEAS
https://github.com/peass-ng/PEASS-ng/tree/master/linPEAS
2- LinEnum
https://github.com/rebootuser/LinEnum
3- Linux Exploit Suggester
https://github.com/The-Z-Labs/linux-exploit-suggester
➜ finally keep your notes updated and up to date 😉
ⓘ @reverseengineer101
❤9
fridahandbook.pdf
4.9 MB
Frida hand book
ⓘ All you need to know about Frida
Online version: https://learnfrida.info/
⊷ Shared by @reverseengineer101
ⓘ All you need to know about Frida
Online version: https://learnfrida.info/
⊷ Shared by @reverseengineer101
❤14🤝1
CharlotteOS - Catten
catten is an operating system kernel developed as a key component of the CharlotteOS project but it is designed to be flexible enough that we hope it can also find use in many other places.
So we have a kernel built in rust, I heard that Ubuntu are willing to do the same. Seems there are no more buffer over flows 👀
What do you see about this share us in comments 👇
Source code https://github.com/charlotte-os/Catten
@reverseengineer101
catten is an operating system kernel developed as a key component of the CharlotteOS project but it is designed to be flexible enough that we hope it can also find use in many other places.
So we have a kernel built in rust, I heard that Ubuntu are willing to do the same. Seems there are no more buffer over flows 👀
What do you see about this share us in comments 👇
Source code https://github.com/charlotte-os/Catten
@reverseengineer101
GitHub
GitHub - charlotte-os/Catten: The Kernel of CharlotteOS, An Experimental Modern Operating System
The Kernel of CharlotteOS, An Experimental Modern Operating System - charlotte-os/Catten
❤2
Balancer Protocol (web3 Ethereum DeFi Protocol) got hacked due to a bug in their code allows attackers to steal +70M $ or 110M $ (as some news says) which is the biggest breach in the world till now
▲In my point of view (or a security researcher point of view), code reviewing -by security experts not for regular code bugs but for vulnerabilities- isn't a critical step to take nowadays not just a routine also internal pentesting -not for one time- is another crucial step to do
ⓘ The obvious classification of this vulnerability is A01:2021-Broken Access Control which is already categorized in OWASP top 10 as a growing issue
reference from CoinDesk: https://www.coindesk.com/markets/2025/11/03/balancer-hit-by-apparent-exploit-as-usd70m-in-crypto-moves-to-new-wallets
@reverseengineer101
▲In my point of view (or a security researcher point of view), code reviewing -by security experts not for regular code bugs but for vulnerabilities- isn't a critical step to take nowadays not just a routine also internal pentesting -not for one time- is another crucial step to do
ⓘ The obvious classification of this vulnerability is A01:2021-Broken Access Control which is already categorized in OWASP top 10 as a growing issue
reference from CoinDesk: https://www.coindesk.com/markets/2025/11/03/balancer-hit-by-apparent-exploit-as-usd70m-in-crypto-moves-to-new-wallets
@reverseengineer101
Coindesk
Balancer Hacked? Ethereum DeFi Powerhouse Sees $110M in Crypto Moved
The affected funds include 6,850 osETH, 6,590 WETH, and 4,260 wstETH, blockchain data analyzed by CoinDesk showed.
❤5✍2🤔1
DockMon
A comprehensive Docker container monitoring and management platform with real-time monitoring, intelligent auto-restart, multi-channel alerting, and complete event logging.
https://github.com/darthnorse/dockmon/
A comprehensive Docker container monitoring and management platform with real-time monitoring, intelligent auto-restart, multi-channel alerting, and complete event logging.
https://github.com/darthnorse/dockmon/
GitHub
GitHub - darthnorse/dockmon: DockMon - Modern Docker container monitoring with auto-restart and alerts
DockMon - Modern Docker container monitoring with auto-restart and alerts - darthnorse/dockmon
Tiktok android application RCE Vulnerability (local)
I know it's old but it worth to read and investigate
Explanation:
https://dphoeniixx.medium.com/practical-android-pentesting-a-case-study-on-tiktok-rce-4a82e79cc7c6
Orgininal report:
https://hackerone.com/reports/1065500
@reverseengineer101
I know it's old but it worth to read and investigate
Explanation:
https://dphoeniixx.medium.com/practical-android-pentesting-a-case-study-on-tiktok-rce-4a82e79cc7c6
Orgininal report:
https://hackerone.com/reports/1065500
@reverseengineer101
Medium
Practical Android Pentesting: A Case Study on TikTok RCE
From Universal XSS to native library hijacking: A comprehensive guide to Android exploitation using WebViews, Intent abuse, and Zip Slip.
❤8😴2
Forwarded from Android Security & Malware
LANDFALL: New Android commercial-grade spyware targeted Samsung Galaxy devices via a WhatsApp zero-click exploit in image parsing (CVE-2025-21042)
https://unit42.paloaltonetworks.com/landfall-is-new-commercial-grade-android-spyware/
https://unit42.paloaltonetworks.com/landfall-is-new-commercial-grade-android-spyware/
❤5👍4
OWASP TOP 10
The new release 2025
https://owasp.org/Top10/2025/0x00_2025-Introduction/
The new release 2025
If you don't know what is owasp top 10 then let's explain it, owasp is a foundation aims to help security researchers and companies/organizations to secure their products also to help devs to write a secure code to avoid vulnerable codes. Owasp also provides with some learning materials as the challenges we solved before here for android also they have a vulnerable web app called juice shop to learn web vulnerabilities. The owasp top 10 is a list published by owasp.org every few years about the most found vulnerabilities by security researchers during that period
https://owasp.org/Top10/2025/0x00_2025-Introduction/
❤3👏2👍1