Wireless pentesting is about finding weak spots in Wi-Fi and other wireless networks by capturing traffic, analyzing signals, and testing how well authentication holds up against real-world attacks.
Here are popular wireless pentest tools 😎👇
Find high-res pdf ebooks with all my Linux and cybersecurity related infographics at https://study-notes.org
#cybersecurity #wifi #wifihacking #pentesting #networksecurity
Mini Pen Test Diaries Story:
The year was 2010, and I was onsite at a UK local authority doing an internal network assessment.
One of the tasks was - if given a standard, non-privileged, domain user account, with minimal access afforded to it - what could I do? Could I access sensitive documents? Could I login to systems I shouldn't be able to? Could I elevate myself. Standard stuff.
I got my account, and immediately started fishing around the main file share with the users home directories on it. To my immense surprise, I found out that I was able to access the content of every single users home directory. Including all the top level folks.
They must've accidentally given me some account in an IT group or something, so I check it out. Nope - groups look normal.
The permissions on the share look pretty normal too.
I play around with the account more and more and encounter zero resistance to anything, access wise.
Something must be very wrong - but what?
Finally I go over and speak to the IT people who I'd been working with.
"So," I said. "This account, it's supposed to have a very minimal permissions set right?"
"Yes, the lowest of the low." They reply.
"So how come I can get into all these files?" I ask, and show them my rummaging around the very senior peoples confidential files.
"You shouldn't be able to do that!!"
Now, the three of us are rapidly trying to figure out what the heck is going on. It's surprisingly difficult to figure out.
Eventually, I make what to this day remains one of my all time favorite pen testing discoveries.
This organisation, had somehow, managed to add the entire "Domain Users" group to the "Domain Admins" group!
All 1,500 people who worked there, had domain admin access. And after investigation, we found out it had been like that for 10 months.
Someone couldn't get something working, until they found this "fix".
Amazing.
For more, slightly less mini pen test diaries stories, check out https://infosecdiaries.com.
Alguien construyó 35 agentes de pentesting de IA para Claude Code... y es honestamente una locura.
Ataques AD, explotación web, pentests en la nube, análisis de malware, ingeniería inversa, operaciones C2, incluso red teaming de LLM — todo dentro de un solo marco.
Este es uno de los proyectos de IA de seguridad ofensiva más avanzados que he visto en GitHub últimamente.
Seven FuelCMS CVEs documented. XSS callbacks now show IP and headers. Website Scanner detects exposed private keys passively. Scheduled scan exports. API risk filtering.
Also: free scanner for CVE-2026-41940, the cPanel auth bypass exploited for 64 days before a patch existed. No account needed.
Mythos for Offensive Security: XBOW's Evaluation
Anthropic의 Mythos Preview 모델은 소스 코드 분석과 취약점 탐지에서 기존 모델 대비 큰 진전을 보였다. 특히 소스 코드 기반 취약점 발견과 네이티브 코드 분석, 리버스 엔지니어링에서 뛰어난 성능을 보였으나, 라이브 사이트 상호작용이 제한되면 성능이 저하되는 한계가 있다. XBOW의 평가에 따르면 Mythos Preview는 코드 읽기 능력이 매우 뛰어나며, 라이브 사이트와 결합할 때 최적의 취약점 탐지가 가능하다. 다만, 판단력은 다소 보수적이고 문자 그대로 해석하는 경향이 있어 정밀한 프롬프트와 검증 인프라가 필요하다.
https://xbow.com/blog/mythos-offensive-security-xbow-evaluation
#llm #security #vulnerabilitydetection #sourcecodeanalysis #pentesting
Pi Slate – A Raspberry Pi 5 handheld Linux cyberdeck with a 5-inch 1280×720 touchscreen display
We previously wrote about Carbon’s CyberT, a Blackberry-style Raspberry Pi CM4 handheld Linux cyberdeck designed for Kali Linux and penetration testing. The company, now operating under the CyberArch/Carbon Computers brand, has introduced the Pi Slate, a more powerful handheld cyberdeck designed for portable computing and security-focused applications. Built around the Raspberry Pi 5, the Pi Slate integrates a 5-inch 1280×720 touchscreen, a backlit RGB keyboard with an integrated cursor, and a 10,000 mAh battery for 3–5 hours of portable use in a compact enclosure. It supports modular expansion for HATs such as LoRa, SDR, AI accelerators, and M.2 storage, and includes cooling support, antenna mounts, and an optional modular back with a kickstand. It targets penetration testers, IT professionals, and field technicians needing a compact, preconfigured system for cybersecurity and field work. Pi Slate specifications: SBC – Raspberry Pi 5 with 2GB, 4GB, 8GB, or 16GB LPDDR4X RAM options Storage
For those of you working with Android emulators and wondering why Burp isn't proxying anything, but you have everything setup properly (Proxy settings, CA cert in system, etc.), make sure wi-fi is disabled in the simulator, i.e. force it to use the "mobile" network.
It's been too long, and it was a long Sunday when I figured this out. Yes, Wireshark got involved....
dan_nanni
Mike Sheward
CAPETOX
pentest-tools.com
sayzard
KOREONE
Chema Alonso 
cnx-software.com [Unofficial]
JohnsNotHere