Kubernetes Goat is an interactive Kubernetes security learning playground. It has intentionally vulnerable by design scenarios to showcase the common misconfigurations, real-world vulnerabilities, and security issues in Kubernetes clusters, containers, and cloud native environments.
🔻 Main page
✏️ MITRE ATT&CK
🏆 Scenarios
See also:
Attacking Kubernetes by Reza, 2025
Red Team Tactics, Techniques, and Procedures for Kubernetes by sneakerhax, 2025
List of all Attack Techniques by Stratus Red Team, 2025
Attacking Kubernetes by HackTricks Cloud
Kubernetes Threat Matrix (interactive!)
#SecDevOps #pentest
🔻 Main page
See also:
Attacking Kubernetes by Reza, 2025
Red Team Tactics, Techniques, and Procedures for Kubernetes by sneakerhax, 2025
List of all Attack Techniques by Stratus Red Team, 2025
Attacking Kubernetes by HackTricks Cloud
Kubernetes Threat Matrix (interactive!)
#SecDevOps #pentest
Please open Telegram to view this post
VIEW IN TELEGRAM
❤8😁2🔥1
Arm Assembly Internals & Reverse Engineering by Maria Markstedter
Welcome to this tutorial series on ARM assembly basics. This is the preparation for the followup tutorial series on ARM exploit development. Before we can dive into creating ARM shellcode and build ROP chains, we need to cover some ARM Assembly basics first.
🛡 Official page
😺 About author
#hardware #reverse
Welcome to this tutorial series on ARM assembly basics. This is the preparation for the followup tutorial series on ARM exploit development. Before we can dive into creating ARM shellcode and build ROP chains, we need to cover some ARM Assembly basics first.
🛡 Official page
#hardware #reverse
Please open Telegram to view this post
VIEW IN TELEGRAM
❤7🔥5😁1
Media is too big
VIEW IN TELEGRAM
Функции:
✅Работа с RFID и NFC: устройство способно считывать, копировать и эмулировать метки, радиопульты, iButton и цифровые ключи доступа.
✅ Работа с инфракрасными сигналами: Flipper Zero оснащён инфракрасным передатчиком и приёмником, что позволяет управлять телевизорами, кондиционерами и другой техникой, захватывать и воспроизводить сигналы ИК-пультов.
✅ Работа с Sub-GHz-частотами (433 МГц, 868 МГц и другие): устройство умеет передавать и принимать сигналы на низких радиочастотах, что позволяет анализировать радиоуправляемые устройства (например, беспроводные звонки, розетки, умные датчики).
✅ Bluetooth-аналитика и взаимодействие с устройствами: Flipper Zero поддерживает Bluetooth, что позволяет подключаться к мобильному приложению Flipper, анализировать активные Bluetooth-устройства вокруг.
#hardware #fun
Please open Telegram to view this post
VIEW IN TELEGRAM
🔥8👍3
🚨 Flipper Zero ‘DarkWeb’ Firmware Bypasses Rolling Code Security on Major Vehicles
A new and custom firmware for the popular Flipper Zero multi-tool device is reportedly capable of bypassing the rolling code security systems used in most modern vehicles, potentially putting millions of cars at risk of theft.
Demonstrations reveal that the firmware, said to be circulating on the dark web, can clone a vehicle’s keyfob with just a single, brief signal capture.
Sources:
❗️ Article (Eng) + Seclab (Rus)
#hardware
A new and custom firmware for the popular Flipper Zero multi-tool device is reportedly capable of bypassing the rolling code security systems used in most modern vehicles, potentially putting millions of cars at risk of theft.
Demonstrations reveal that the firmware, said to be circulating on the dark web, can clone a vehicle’s keyfob with just a single, brief signal capture.
Sources:
#hardware
Please open Telegram to view this post
VIEW IN TELEGRAM
1🔥4👍3
Threat Hunting and Detection by Mehmet E. (Cyb3r-Monk), 2025
Repository for threat hunting and detection queries, etc. for Defender for Endpoint and Microsoft Sentinel in KQL (Kusto Query Language).
🔤 GitHub
See also:
❗️ ATT&CK + D3FEND = D.E.A.T.H
❗️ D3FEND Matrix
#defensive
Repository for threat hunting and detection queries, etc. for Defender for Endpoint and Microsoft Sentinel in KQL (Kusto Query Language).
See also:
#defensive
Please open Telegram to view this post
VIEW IN TELEGRAM
1🔥6
The Threat Hunter Playbook by OTRF, Roberto Rodriguez (Cyb3rWard0g), 2022
A community-driven, open-source project to share detection logic, adversary tradecraft and resources to make detection development more efficient, ll the detection documents in this project follow the structure of MITRE ATT&CK categorizing post-compromise adversary behavior in tactical groups and are available in the form of interactive notebooks.
⚔️ GitHub
📔 The Book
See also:
❗️ Awesome Threat Detection and Hunting by 0x4D31
❗️ The Threat Hunting Project + GitHub
❗️ Malware + DFIR analysis notes by antonyn0p
#defensive
A community-driven, open-source project to share detection logic, adversary tradecraft and resources to make detection development more efficient, ll the detection documents in this project follow the structure of MITRE ATT&CK categorizing post-compromise adversary behavior in tactical groups and are available in the form of interactive notebooks.
See also:
#defensive
Please open Telegram to view this post
VIEW IN TELEGRAM
1🔥5👍2
𝗦𝗲𝗰𝘂𝗿𝗲 𝗯𝘆 𝗗𝗲𝘀𝗶𝗴𝗻 - 𝗪𝗲𝗯 𝗦𝗲𝗿𝘃𝗶𝗰𝗲 & 𝗔𝗣𝗜 𝗦𝗲𝗰𝘂𝗿𝗶𝘁𝘆 by DevSecOps Guides, 2025
𝗧𝗮𝗯𝗹𝗲 𝗼𝗳 𝗰𝗼𝗻𝘁𝗲𝗻𝘁:
🔴 𝗘𝗻𝗱-𝘁𝗼-𝗘𝗻𝗱 𝗘𝗻𝗰𝗿𝘆𝗽𝘁𝗶𝗼𝗻 HTTP exposure → SSL stripping → HSTS with preload → unbreakable TLS tunnels.
🔴 𝗢𝗔𝘂𝘁𝗵 𝟮.𝟬 & 𝗣𝗞𝗖𝗘 Auth code interception → malicious app replay → PKCE enforcement → no token without proof key.
🔴 𝗝𝗪𝗧 𝗟𝗶𝗳𝗲𝗰𝘆𝗰𝗹𝗲 𝗠𝗮𝗻𝗮𝗴𝗲𝗺𝗲𝗻𝘁 HS256 secret theft → forged admin tokens → RS256 + short-lived tokens → revoked refresh tokens.
🔴 𝗠𝘂𝘁𝘂𝗮𝗹 𝗧𝗟𝗦 (𝗺𝗧𝗟𝗦) Stolen static API key → partner impersonation → client certificate auth → cryptographic identity.
🔴 𝗗𝗗𝗼𝗦 & 𝗥𝗮𝘁𝗲 𝗟𝗶𝗺𝗶𝘁𝗶𝗻𝗴 Naive IP limits → low-and-slow scraping → dynamic, user-aware throttling → edge WAF protection.
🔴 𝗜𝗻𝗽𝘂𝘁 𝗩𝗮𝗹𝗶𝗱𝗮𝘁𝗶𝗼𝗻 & 𝗢𝘂𝘁𝗽𝘂𝘁 𝗘𝗻𝗰𝗼𝗱𝗶𝗻𝗴 SQLi & XSS payloads → data exfiltration & session hijacking → parameterized queries & contextual encoding → neutralized threats.
🔴 𝗔𝗣𝗜 𝗚𝗮𝘁𝗲𝘄𝗮𝘆 & 𝗪𝗔𝗙 Inconsistent microservice security → finding the weakest link → centralized WAF at the gateway → uniform defense.
🔴 𝗦𝗲𝗰𝘂𝗿𝗲 𝗦𝗲𝘀𝘀𝗶𝗼𝗻 𝗠𝗮𝗻𝗮𝗴𝗲𝗺𝗲𝗻𝘁 Cookie theft via XSS → session hijacking → HttpOnly, Secure, SameSite=Strict cookies → locked-down sessions.
🔴 𝗔𝗣𝗜 𝗩𝗲𝗿𝘀𝗶𝗼𝗻𝗶𝗻𝗴 & 𝗗𝗲𝗽𝗿𝗲𝗰𝗮𝘁𝗶𝗼𝗻 Zombie v1 API → exploiting old bugs → forced deprecation & brownouts → controlled demolition.
🔴 𝗕𝘂𝘀𝗶𝗻𝗲𝘀𝘀 𝗟𝗼𝗴𝗶𝗰 𝗙𝗹𝗮𝘄𝘀 Price tampering → checkout abuse → server-side re-validation → trust nothing from the client.
🔴 𝗦𝗲𝗿𝘃𝗶𝗰𝗲 𝗠𝗲𝘀𝗵 𝗦𝗲𝗰𝘂𝗿𝗶𝘁𝘆 Lateral movement in-cluster → compromised pod escalates → zero-trust mTLS → granular authorization policies.
🔣 Web page
#AppSec
𝗧𝗮𝗯𝗹𝗲 𝗼𝗳 𝗰𝗼𝗻𝘁𝗲𝗻𝘁:
🔴 𝗘𝗻𝗱-𝘁𝗼-𝗘𝗻𝗱 𝗘𝗻𝗰𝗿𝘆𝗽𝘁𝗶𝗼𝗻 HTTP exposure → SSL stripping → HSTS with preload → unbreakable TLS tunnels.
🔴 𝗢𝗔𝘂𝘁𝗵 𝟮.𝟬 & 𝗣𝗞𝗖𝗘 Auth code interception → malicious app replay → PKCE enforcement → no token without proof key.
🔴 𝗝𝗪𝗧 𝗟𝗶𝗳𝗲𝗰𝘆𝗰𝗹𝗲 𝗠𝗮𝗻𝗮𝗴𝗲𝗺𝗲𝗻𝘁 HS256 secret theft → forged admin tokens → RS256 + short-lived tokens → revoked refresh tokens.
🔴 𝗠𝘂𝘁𝘂𝗮𝗹 𝗧𝗟𝗦 (𝗺𝗧𝗟𝗦) Stolen static API key → partner impersonation → client certificate auth → cryptographic identity.
🔴 𝗗𝗗𝗼𝗦 & 𝗥𝗮𝘁𝗲 𝗟𝗶𝗺𝗶𝘁𝗶𝗻𝗴 Naive IP limits → low-and-slow scraping → dynamic, user-aware throttling → edge WAF protection.
🔴 𝗜𝗻𝗽𝘂𝘁 𝗩𝗮𝗹𝗶𝗱𝗮𝘁𝗶𝗼𝗻 & 𝗢𝘂𝘁𝗽𝘂𝘁 𝗘𝗻𝗰𝗼𝗱𝗶𝗻𝗴 SQLi & XSS payloads → data exfiltration & session hijacking → parameterized queries & contextual encoding → neutralized threats.
🔴 𝗔𝗣𝗜 𝗚𝗮𝘁𝗲𝘄𝗮𝘆 & 𝗪𝗔𝗙 Inconsistent microservice security → finding the weakest link → centralized WAF at the gateway → uniform defense.
🔴 𝗦𝗲𝗰𝘂𝗿𝗲 𝗦𝗲𝘀𝘀𝗶𝗼𝗻 𝗠𝗮𝗻𝗮𝗴𝗲𝗺𝗲𝗻𝘁 Cookie theft via XSS → session hijacking → HttpOnly, Secure, SameSite=Strict cookies → locked-down sessions.
🔴 𝗔𝗣𝗜 𝗩𝗲𝗿𝘀𝗶𝗼𝗻𝗶𝗻𝗴 & 𝗗𝗲𝗽𝗿𝗲𝗰𝗮𝘁𝗶𝗼𝗻 Zombie v1 API → exploiting old bugs → forced deprecation & brownouts → controlled demolition.
🔴 𝗕𝘂𝘀𝗶𝗻𝗲𝘀𝘀 𝗟𝗼𝗴𝗶𝗰 𝗙𝗹𝗮𝘄𝘀 Price tampering → checkout abuse → server-side re-validation → trust nothing from the client.
🔴 𝗦𝗲𝗿𝘃𝗶𝗰𝗲 𝗠𝗲𝘀𝗵 𝗦𝗲𝗰𝘂𝗿𝗶𝘁𝘆 Lateral movement in-cluster → compromised pod escalates → zero-trust mTLS → granular authorization policies.
#AppSec
Please open Telegram to view this post
VIEW IN TELEGRAM
Please open Telegram to view this post
VIEW IN TELEGRAM
1❤6👍2😱1
𝗦𝗲𝗰𝘂𝗿𝗲_𝗯𝘆_𝗗𝗲𝘀𝗶𝗴𝗻_𝗪𝗲𝗯_𝗦𝗲𝗿𝘃𝗶𝗰𝗲_&_𝗔𝗣𝗜_𝗦𝗲𝗰𝘂𝗿𝗶𝘁𝘆.pdf
2.4 MB
𝗦𝗲𝗰𝘂𝗿𝗲 𝗯𝘆 𝗗𝗲𝘀𝗶𝗴𝗻 - 𝗪𝗲𝗯 𝗦𝗲𝗿𝘃𝗶𝗰𝗲 & 𝗔𝗣𝗜 𝗦𝗲𝗰𝘂𝗿𝗶𝘁𝘆 by DevSecOps Guides, 2025
❤4👍2
SANS Linux Incident Response_2025.pdf
2 MB
SANS Linux Incident Response, 2025
Cybersecurity e-learning (courses) by Pentester Academy, 2020/2024
👉 FTP catalog + torrent + Medium
See also:
🛡 INE catalog
🛡 SANS (old courses)
🛡 MEGA PACK of torrents by Mohammed Helal (Google Drive)
#education
See also:
#education
Please open Telegram to view this post
VIEW IN TELEGRAM
1🔥11❤3🤝2👍1🥱1
Diablo – Pentesting, Hacking & Reporting Framework by AnLoMinus, 2023/2025
Tested out Diablo – a full-featured offensive security toolkit for reconnaissance, exploitation, and reporting, all from your terminal ⚔️
💡 Key Features:
✅ Anonymity Surfing
✅ Recon & Vulnerability Scanning (nmap, dirb, whois, etc.)
✅ Gaining & Maintaining Access
✅ Analysis & Reporting (Markdown logs)
❗️GitHub
#hacktool
Tested out Diablo – a full-featured offensive security toolkit for reconnaissance, exploitation, and reporting, all from your terminal ⚔️
💡 Key Features:
✅ Anonymity Surfing
✅ Recon & Vulnerability Scanning (nmap, dirb, whois, etc.)
✅ Gaining & Maintaining Access
✅ Analysis & Reporting (Markdown logs)
❗️GitHub
#hacktool
3👏6
Web Penetration Testing: Advanced Guide | Create 45 Security Assessments | Including OWASP Top 10, Nathan Beckford, 2025
This comprehensive, action-driven manual walks you through 45 real-world security assessments based on modern application architectures and the OWASP Top 10 vulnerabilities—including Broken Access Control, Injection, SSRF, and more. Every chapter bridges theory with practice, giving you step-by-step labs, exploitation techniques, and mitigation strategies to master both the attacker’s and defender’s perspectives.
Inside, you’ll learn how to:
✅ Set up your own safe penetration testing lab using virtual machines and containers
✅ Master the tools of the trade, including Burp Suite, sqlmap, Nmap, and custom noscripts
✅ Identify and exploit vulnerabilities across frontend, backend, APIs, and cloud services
✅ Conduct thorough reconnaissance and map attack surfaces like a professional
✅ Apply real-world testing methodologies from PTES, OWASP, and NIST frameworks
✅ Perform deep-dive assessments across all layers of modern web apps
✅ Build professional-grade reports and remediation plans for stakeholders
#book #web
This comprehensive, action-driven manual walks you through 45 real-world security assessments based on modern application architectures and the OWASP Top 10 vulnerabilities—including Broken Access Control, Injection, SSRF, and more. Every chapter bridges theory with practice, giving you step-by-step labs, exploitation techniques, and mitigation strategies to master both the attacker’s and defender’s perspectives.
Inside, you’ll learn how to:
✅ Set up your own safe penetration testing lab using virtual machines and containers
✅ Master the tools of the trade, including Burp Suite, sqlmap, Nmap, and custom noscripts
✅ Identify and exploit vulnerabilities across frontend, backend, APIs, and cloud services
✅ Conduct thorough reconnaissance and map attack surfaces like a professional
✅ Apply real-world testing methodologies from PTES, OWASP, and NIST frameworks
✅ Perform deep-dive assessments across all layers of modern web apps
✅ Build professional-grade reports and remediation plans for stakeholders
#book #web
👍6
Web Penetration Testing 2025.pdf
3.9 MB
Web Penetration Testing: Advanced Guide | Create 45 Security Assessments | Including OWASP Top 10, Nathan Beckford, 2025
👍5
Среди пакета предложенных мер — запрет на распространение информации, связанной с практикой ИБ. В случае вступления этих мер в силу более половины статей «Хакера» окажется вне закона. Это же касается и Telegram каналов, форумов, сайтов, личных блогов и других ресурсов, где размещаются материалы связанных с ИБ.
Дмитрий Агарунов, основатель «Хакера»:
«Любой запрет на публикации и обмен научно-технической информацией является фактическим запретом на обучение. ИБ-специалистам просто негде будет приобретать знания. С учетом того, что новая информация поступает ежесекундно, такая поправка может парализовать кибербезопасность страны.
Кроме того, данная мера бьет исключительно по своим: запретить можно только легальным, зарегистрированным, официальным ресурсам. Публикации на иностранных сайтах, в чатах, каналах, целенаправленную рассылку враждебных приказов и инструкций такая поправка запретить не может. Специалисты врагов спокойно продолжат обучение».
Призываем читателей «Хакера» и все неравнодушных, поддерживающих нашу точку зрения,
Может мы ничего и не изменим, но мнение свое скажем!
Please open Telegram to view this post
VIEW IN TELEGRAM
👎9🔥7❤🔥4😱1
Cybersecurity Stocks (USA company)
In a digital world, cybersecurity stocks ensure protection. Investing in these firms offers prospective growth tied to our increasing reliance on technology.
👊 Source
⬇️ See also: ⬇️
✅ Investing in Cybersecurity Stocks in 2025
✅ Cybersecurity Stocks Advance In 2025
✅ Trade Tracker: Cybersecurity is going to be bigger than AI (YouTube)
#great
In a digital world, cybersecurity stocks ensure protection. Investing in these firms offers prospective growth tied to our increasing reliance on technology.
#great
Please open Telegram to view this post
VIEW IN TELEGRAM
🔥3👍2
For this tutorial will I use hacker101[.com] CTF for a live demo on how Burp Suite basic tools can be used.
#web
Please open Telegram to view this post
VIEW IN TELEGRAM
Please open Telegram to view this post
VIEW IN TELEGRAM
👍6❤3
2020-09-22-U-BurpSuite-Basic-How-To.pdf
1.4 MB
BurpSuite – Basic Usage by Knoph Consulting, 2020
👍7❤3👎1🙉1