pentest-tools.comFeb 20

Are your pentest reports DDoS-ing your stakeholders with huge reports they don't have time to read?

It's 2026, AI is everywhere, but reporting is still a grind. Here's how we help:

🗂️ Centralize data & keep it organized: automated scans, manual findings, risk level tweask - all live in a unified workspace.

📸 Get automatic proof for PoCs: screenshots, request/response logs, attack replays, list of users, etc. - they're all part of scan results.

🚀 Ship reports that reflect your expertize: it takes minutes (yes, seriously) to generate editable DOCX or G Docs reports which you can brand before sending.

See how our reporting feature handles the heavy lifting: https://pentest-tools.com/features/pentest-reporting

#offensivesecurity #cybsersecurity #infosec

Show threadRohini LakshanéDec 14

7. Who asked for this? (Yes, I ask that question everywhere. What is the demand to which all this is the supply? Please don't say 'supply creates demand' unless you are the narcos.)

8. What is the threat model that the system in the Rules addresses? Is that the threat model for the most significant quantum of fraud in India as the source & destination of fraud?

#digitalrights #cybsersecurity #fraudprevention #womenssafety

Shecky - Third WheelFeb 26, 2025
Complexity is the enemy of Security. Why can this be true when Defense in depth is a big thing? Well, complexity allows for more bugs/vulns. Defense layers do not need to be complex. Each layer should be simple.
Am I wrong?
#infosec #cybsersecurity
LibbyJan 29, 2025

Remember to say stay online. This is an overview of a deceptive scam known as Sextortion. #staysafeonline #cybsersecurity #scamalert

http://smartiebytes.com/2025/01/30/image-based-abuse-sextorton/

Image-based abuse: Sextorton

Warning: The following blog post contains information related to image-based abuse which some readers may find upsetting and distressing. Viewer discretion is advised. Image-based abuse, often refe…

Smartie Bytes
0xor0neDec 15, 2024

Analysis of capabilities and communication channels used by IOCONTROL IoT/OT malware

https://claroty.com/team82/research/inside-a-new-ot-iot-cyber-weapon-iocontrol

#cybsersecurity

Inside a New OT/IoT Cyberweapon: IOCONTROL

Team82 has researched a malware sample called IOCONTROL linked to an Iran-based attack group used to target IoT and OT civilian infrastructure in the U.S. and Israel.

Claroty
Marcus AdamsNov 16, 2024

There is no such thing as a back door that only the good guys can use. Eventually, somebody else "will" find and exploit it without your knowledge or consent.

Headline: T-Mobile Hacked in Massive Chinese Breach of Telecom Networks

Subtitle: Carrier joins growing list of known victims, including AT&T and Verizon, of the major Chinese spying operation

Source: https://www.wsj.com/politics/national-security/t-mobile-hacked-in-massive-chinese-breach-of-telecom-networks-4b2d7f92

#TMobile #Hack #Security #CybserSecurity #Privacy

0xor0neAug 21, 2024

Useful guide on Linux page cache, memory management, mmap and cgroups

https://biriukov.dev/docs/page-cache/0-linux-page-cache-for-sre/

#Linux #cybsersecurity

Linux Page Cache for SRE

SRE deep dive into Linux Page Cache # Last updated: Oct 2025 Contents Prepare environment for experiments Essential Page Cache theory Page Cache and basic file operations Page Cache eviction and page reclaim More about mmap() file access cgroup v2 and Page Cache How much memory my program uses or the tale of working set size Direct IO (DIO) Advanced Page Cache observability and troubleshooting tools In this series of articles, I would like to talk about Linux Page Cache. I believe that the following knowledge of the theory and tools is essential and crucial for every SRE. This understanding can help both in usual and routine everyday DevOps-like tasks and in emergency debugging and firefighting. Page Cache is often left unattended, and its better understanding leads to the following:

Viacheslav Biriukov
0xor0neAug 11, 2024

N-days exploits chaining

Chrome RCE: https://blog.theori.io/chaining-n-days-to-compromise-all-part-1-chrome-renderer-rce-1afccf56721b

Windows LPE 1: https://blog.theori.io/chaining-n-days-to-compromise-all-part-2-windows-kernel-lpe-a-k-a-chrome-sandbox-escape-44cb49d7a4f8

Windows LPE 2: https://blog.theori.io/chaining-n-days-to-compromise-all-part-2-windows-kernel-lpe-a-k-a-chrome-sandbox-escape-44cb49d7a4f8

Information leakage: https://blog.theori.io/chaining-n-days-to-compromise-all-part-4-vmware-workstation-information-leakage-44476b05d410

Guest-to-Host Escape: https://blog.theori.io/chaining-n-days-to-compromise-all-part-5-vmware-workstation-host-to-guest-escape-5a1297e431b5

#exploit #cybsersecurity

Chaining N-days to Compromise All: Part 1 — Chrome Renderer RCE

This post begins our series on the 1-day exploit chain demoed on X, focusing on a Chrome renderer exploit, CVE-2023-3079, a type confusion bug in V8.

Theori BLOG
0xor0neJul 10, 2024

Well written guide on Linux page cache, memory management, mmap and cgroups

https://biriukov.dev/docs/page-cache/0-linux-page-cache-for-sre/

#Linux #cybsersecurity

Linux Page Cache for SRE

SRE deep dive into Linux Page Cache # Last updated: Oct 2025 Contents Prepare environment for experiments Essential Page Cache theory Page Cache and basic file operations Page Cache eviction and page reclaim More about mmap() file access cgroup v2 and Page Cache How much memory my program uses or the tale of working set size Direct IO (DIO) Advanced Page Cache observability and troubleshooting tools In this series of articles, I would like to talk about Linux Page Cache. I believe that the following knowledge of the theory and tools is essential and crucial for every SRE. This understanding can help both in usual and routine everyday DevOps-like tasks and in emergency debugging and firefighting. Page Cache is often left unattended, and its better understanding leads to the following:

Viacheslav Biriukov
0xor0neJul 10, 2024

Deep dive into Cross-Silicon UEFI security

https://www.binarly.io/blog/the-dark-side-of-uefi-a-technical-deep-dive-into-cross-silicon-exploitation

#uefi #cybsersecurity

Cross-Silicon Exploitation in UEFI: A Deep Dive Analysis

Uncover the UEFI's dark side with a groundbreaking study on Cross-Silicon Exploitation. Explore ARM's impact on UEFI security in this technical dive.