Heard about WordPress "mu-plugins" being used as a sneaky entry point? Yikes!

Think of 'mu-plugins' – those 'must-use plugins' WordPress *always* loads automatically. Super handy, right? Well, for attackers they are, because let's be real, who actually checks those regularly?

What's wild is that some malicious scripts hidden there even check if they're being scanned by a bot, just to stay under the radar. Talk about sneaky! It almost feels like a professional job... kinda reminds me of when we're pentesting for clients and trying to slip past their defenses.

Usually, the culprits behind these breaches are the usual suspects: outdated plugins or themes, weak or stolen passwords, or maybe server misconfigurations. Seriously people, keeping everything updated is crucial!

Look, automated scans have their place, they're a decent first step. But honestly? A thorough pentest is often what *really* digs up these hidden nasties. So, spill the beans: Anyone else bumped into attacks leveraging mu-plugins or something similar? What tools are your go-to for sniffing them out? Let me know below!

According to the #OVH #tos if I do a #pentest on my infrastructure and services I do have to send them a report with all the vulnerabilities.

https://contract.eu.ovhapis.com/1.0/pdf/contrat_genServices-it.pdf (Article 3.9)

And they are going to fix them for free for me right? /s

Articles and tools related to research in the Apple environment (mainly macOS)

https://github.com/Karmaz95/Snake_Apple

New cheatsheets pushed

https://github.com/r1cksec/cheatsheets

Alright, security pros! Just stumbled upon another article about pentesting, and it really hit home. You know how clients sometimes assume that just having security certificates and a firewall means they're totally secure?

Well, let's be real, that's often far from the truth.

Here's the deal: Real penetration testing is *way* more than just running an automated scan. It actually demands brainpower, a dose of creativity, and the knack for thinking way outside the box. You've gotta get creative!

And yeah, proper security isn't free. But isn't it way better to invest upfront than deal with a potentially massive (and costly) mess later on? Makes sense, right?

So, what have you seen out there? What are the so-called "quick fixes" in security that drive you absolutely nuts? Let me know below!

Seriously, EncryptHub isn't messing around! They've jumped *right* on that Windows bug (CVE-2025-26633) that literally *just* got fixed. Talk about moving fast...

So, the exploit? It involves the Microsoft Management Console (MMC), those MSC files, and something called MUIPath. Sounds pretty techy, right? But basically, it's a clever workaround. EncryptHub crafts two MSC files – same name, one legit, one malicious. Windows doesn't double-check properly and ends up loading the nasty one. Boom!

You see, as a pentester, I constantly witness attackers twisting legitimate system functions just like this. Your automated scanners? Yeah, they'll likely miss it completely. This kind of thing really needs hands-on analysis to catch. And yeah, updates are crucial, folks! Make sure you get CVE-2025-26633 patched ASAP. Oh, and those random MSI installers from sources you don't know? Big nope. Steer clear!

Have you run into attacks like this before? Or maybe you've got some other sneaky Windows tricks up your sleeve? Drop 'em in the comments!

CoffeeLoader? Sounds like some fancy new brew, right? ️ Nope, it's actually some pretty vicious malware.

Seriously, the creativity from attackers lately is something else... using the GPU for obfuscation? That's wild!

Alright, putting my pentester hat on for a sec: Look, automated scans definitely have their place. *But* when you're dealing with tricky stuff like this? You absolutely need a real person digging in, taking it apart piece by piece. It's kinda like making coffee, you know? A machine gets the job done, but a great barista? They craft it with care and uncover all those subtle flavors. Same principle applies here.

So, keep a sharp eye out for any sketchy processes or DLLs hanging around. And seriously people: Patch your systems! Don't sleep on updates!

Speaking of which, what are your favorite tools for hunting down this kind of advanced threat? Let me know below!

Alright folks, just a quick heads-up from your friendly neighborhood pentester: Office docs? Yeah, they're *still* a massive playground for attackers.

Sure, keeping things updated is vital, *but* let's be real: social engineering still wears the crown. Honestly, the least suspecting user often ends up being the biggest security gap in the network.

Just saw this play out at a client's site recently. An employee clicked open a seemingly innocent Word doc... hiding a nasty phishing link. And *poof*, their credentials were gone. Can happen just like that.

Now, AI *can* lend a hand here, but tread carefully. The tech's evolving way faster than most people can adapt. That makes disinformation and manipulation seriously huge threats we need to watch out for.

So, what's the game plan? Awareness training – it's absolutely worth its weight in gold! Plus, fostering a healthy dose of skepticism is key, even when it feels like a drag sometimes. You gotta stay sharp.

How are *you* shielding your users from these kinds of attacks? Let me know!

assume that in a pentest project arrive to a xml file that may leads us to compromised the system so beside of regular attacks what we can do?
#pentest

Learn how to pentest your own network in our new step-by-step guide from Senior Cybersecurity Consultant Bryan Bijonowski Jr. Bryan explains why penetration testing is crucial for identifying weaknesses before attackers do, then guides IT professionals through the process of pentesting their own networks to strengthen their organization's defenses and significantly reduce cybersecurity risks!

Check it out: https://www.lmgsecurity.com/how-to-pentest-your-own-network-a-7-step-guide-for-it-pros/

A proof-of-concept fileless DCOM Lateral Movement technique using trapped COM objects

https://github.com/xforcered/ForsHops

PowerChell is a very cool tool by @itm4n to bypass PowerShell security measures like AMSI, Script Block & Module Logging using ETW, Transcription, Execution Policy and Constrained Language Mode! Nothing fancy and new, but everything in a single unmanaged binary!

- Blog: https://blog.scrt.ch/2025/02/18/reinventing-powershell-in-c-c/
- GitHub: https://github.com/scrt/PowerChell

This made my job much easier in my latest pentest. So, THX!

This whole #FediverseChick thing smells like penetration testing to me.

Chrome *again*? Looks like Google's patching *another* critical flaw (CVE-2025-2783), and yep, attackers are already exploiting it in the wild.

Heads up, Windows users – you're the main target, with Russian orgs specifically in the crosshairs. The vulnerability's lurking in Mojo (Chrome's Inter-Process Communication system). And get this: all it takes is a convincing phishing email. Someone clicks the link, and bam – their system's compromised.

What's really nasty? It cleverly gets around the Chrome sandbox. Kaspersky's already tracking this, calling it 'Operation ForumTroll' and linking it to an APT group. Speaking as a pentester, trust me, finding vulnerabilities this deep isn't easy. Your run-of-the-mill scans just won't cut it here.

So, what's the game plan?
1. Update Chrome NOW! Like, right now.
2. Seriously, double down on training your staff about phishing threats.
3. Keep a close eye on your systems – think SIEM/EDR monitoring.

Curious to know, what are your go-to tools for hunting down threats like this? And how are you folks bracing yourselves against these advanced attacks?

Stay safe out there!

Just published my latest case study on pentesting a Windows application! Discoveries:

Disabled security flags, that lead to uncovering of many high risk vulnerabilities
Plaintext credentials
A backdoor that bypasses authentication

Read more: https://techsplicer.com/career-hub/pentesting-a-windows-application-a-case-study/

@zaproxy release 2.16.1 just landed: https://www.zaproxy.org/blog/2025-03-25-zap-2-16-1/

Proxmark3 v4.20142 "Blue Ice" is live!

With 20,000 commits, this community-driven release brings powerful new features for RFID security.

Huge thanks to all contributors!

#RFIDHacking #OpenSource #PenTest #Proxmark3 #CyberSecurity #RedTeam

https://github.com/RfidResearchGroup/proxmark3/releases

Whoa, things are really popping off! Raspberry Robin's at it again. They've found 200 *new* C2 domains? It's like battling a hydra – chop off one head, and boom, two more appear.

These Initial Access Brokers (IABs) are seriously nasty. They're basically opening the floodgates for other malware. And get this, USB drives are the gateway? Seriously, who still falls for that? But, I guess sometimes the old-school methods are, unfortunately, effective.

It makes you wonder: how many companies *actually* have a clue what's happening on their network? For real, would they even notice this kind of threat spreading?

Here's my take: keep a close eye on network traffic. Plus, it's time to rethink that USB policy, and be extra careful with Discord downloads. And, for crying out loud, stop plugging in every random USB drive you find!

So, what wild IAB stories have *you* encountered? Let's hear 'em!

Whoa, four years inside a telecom's network?! Seriously, that's some next-level APT stuff. It just goes to show how crucial internal security really is. Sure, firewalls are great, but what happens *after* they've already gotten in?

These guys pulled out all the stops: webshells, ETW patching... you name it. No amount of certificates will help if the underlying tech isn't solid! This is why regular, hands-on pentests are a must. Honestly, automated scans just don't cut it.

So, what are your experiences that you encountered with attacks like these? What are your go-to defenses? Let's share some wisdom!

Wow, VanHelsing RaaS is here! It really looks like RaaS is becoming the norm... $5k starting capital? That's insane. The competition is keeping everyone on their toes, huh?

Double Extortion, Dark Mode in the panel, RMM tools in the crosshairs... Sounds like the usual, but let's not overlook the fundamentals! First things first: make sure you're checking your backups. You need to be patching those systems. And, of course, raise awareness. Plus, remember folks, automated scans are *not* the same as a pentest!

We've gotta shift our focus. It's not about "selling a product," it's about "helping customers." Security by Design should be the default, not some optional extra. Let's also give Open Source more of a boost!

So, how are *you* protecting against RaaS? What strategies are you turning to these days?