HackTheBox. Прохождение FluxCapacitor. Уровень — Средний
Прохождение средней Linux машины на платформе HackTheBox под названием FluxCapacitor . Предварительно нужно подключиться к площадке HackTheBox по VPN . Желательно использоваться отдельную виртуальную машину. Будет рассмотрен WAF и попытки его обойти.
🏋️ 𝗡𝗼𝗿𝘁𝗵𝗦𝗲𝗰 𝟮𝟬𝟮𝟲 𝗙𝗼𝗿𝗺𝗮𝘁𝗶𝗼𝗻𝘀/𝗧𝗿𝗮𝗶𝗻𝗶𝗻𝗴𝘀 (10/12): "Offensive GCP Operations & Tactics Certification (OGOTC)" 𝗽𝗮𝗿/𝗯𝘆 Chirag Savla & Jay Pandya
📅 Dates: May 11, 12 and 13, 2026 (3 days)
📊 Difficulty: Medium
🖥️ Mode: Hybrid (on-site & remote)
Description: "𝘖𝘧𝘧𝘦𝘯𝘴𝘪𝘷𝘦 𝘎𝘊𝘗 𝘖𝘱𝘦𝘳𝘢𝘵𝘪𝘰𝘯𝘴 & 𝘛𝘢𝘤𝘵𝘪𝘤𝘴 𝘊𝘦𝘳𝘵𝘪𝘧𝘪𝘤𝘢𝘵𝘪𝘰𝘯 (𝘖𝘎𝘖𝘛𝘊) 𝘪𝘴 𝘢𝘯 𝘩𝘢𝘯𝘥𝘴-𝘰𝘯 𝘤𝘰𝘶𝘳𝘴𝘦 𝘥𝘦𝘴𝘪𝘨𝘯𝘦𝘥 𝘵𝘰 𝘦𝘲𝘶𝘪𝘱 𝘴𝘦𝘤𝘶𝘳𝘪𝘵𝘺 𝘱𝘳𝘰𝘧𝘦𝘴𝘴𝘪𝘰𝘯𝘢𝘭𝘴 𝘸𝘪𝘵𝘩 𝘵𝘩𝘦 𝘴𝘬𝘪𝘭𝘭𝘴 𝘵𝘰 𝘢𝘴𝘴𝘦𝘴𝘴 𝘢𝘯𝘥 𝘦𝘹𝘱𝘭𝘰𝘪𝘵 𝘷𝘶𝘭𝘯𝘦𝘳𝘢𝘣𝘪𝘭𝘪𝘵𝘪𝘦𝘴 𝘪𝘯 𝘎𝘰𝘰𝘨𝘭𝘦 𝘊𝘭𝘰𝘶𝘥 𝘗𝘭𝘢𝘵𝘧𝘰𝘳𝘮 (𝘎𝘊𝘗) 𝘦𝘯𝘷𝘪𝘳𝘰𝘯𝘮𝘦𝘯𝘵𝘴. 𝘛𝘩𝘪𝘴 𝘤𝘰𝘶𝘳𝘴𝘦 𝘤𝘰𝘷𝘦𝘳𝘴 𝘵𝘩𝘦 𝘧𝘶𝘭𝘭 𝘢𝘵𝘵𝘢𝘤𝘬 𝘭𝘪𝘧𝘦𝘤𝘺𝘤𝘭𝘦, 𝘧𝘳𝘰𝘮 𝘪𝘯𝘪𝘵𝘪𝘢𝘭 𝘢𝘤𝘤𝘦𝘴𝘴 𝘢𝘯𝘥 𝘦𝘯𝘶𝘮𝘦𝘳𝘢𝘵𝘪𝘰𝘯 𝘵𝘰 𝘱𝘳𝘪𝘷𝘪𝘭𝘦𝘨𝘦 𝘦𝘴𝘤𝘢𝘭𝘢𝘵𝘪𝘰𝘯, 𝘭𝘢𝘵𝘦𝘳𝘢𝘭 𝘮𝘰𝘷𝘦𝘮𝘦𝘯𝘵, 𝘢𝘯𝘥 𝘱𝘰𝘴𝘵-𝘦𝘹𝘱𝘭𝘰𝘪𝘵𝘢𝘵𝘪𝘰𝘯 𝘵𝘦𝘤𝘩𝘯𝘪𝘲𝘶𝘦𝘴. 𝘗𝘢𝘳𝘵𝘪𝘤𝘪𝘱𝘢𝘯𝘵𝘴 𝘸𝘪𝘭𝘭 𝘭𝘦𝘢𝘳𝘯 𝘵𝘰 𝘢𝘣𝘶𝘴𝘦 𝘮𝘪𝘴𝘤𝘰𝘯𝘧𝘪𝘨𝘶𝘳𝘦𝘥 𝘐𝘈𝘔 𝘳𝘰𝘭𝘦𝘴, 𝘦𝘹𝘱𝘰𝘴𝘦𝘥 𝘈𝘗𝘐𝘴, 𝘢𝘯𝘥 𝘮𝘦𝘵𝘢𝘥𝘢𝘵𝘢 𝘴𝘦𝘳𝘷𝘪𝘤𝘦𝘴, 𝘢𝘴 𝘸𝘦𝘭𝘭 𝘢𝘴 𝘦𝘹𝘱𝘭𝘰𝘪𝘵 𝘸𝘦𝘢𝘬 𝘱𝘦𝘳𝘮𝘪𝘴𝘴𝘪𝘰𝘯𝘴 𝘢𝘯𝘥 𝘥𝘦𝘧𝘢𝘶𝘭𝘵 𝘤𝘰𝘯𝘧𝘪𝘨𝘶𝘳𝘢𝘵𝘪𝘰𝘯𝘴. 𝘛𝘩𝘦 𝘤𝘰𝘶𝘳𝘴𝘦 𝘢𝘭𝘴𝘰 𝘪𝘯𝘤𝘭𝘶𝘥𝘦𝘴 𝘢 𝘥𝘦𝘦𝘱 𝘥𝘪𝘷𝘦 𝘪𝘯𝘵𝘰 𝘒𝘶𝘣𝘦𝘳𝘯𝘦𝘵𝘦𝘴 𝘢𝘵𝘵𝘢𝘤𝘬𝘴, 𝘩𝘪𝘨𝘩𝘭𝘪𝘨𝘩𝘵𝘪𝘯𝘨 𝘩𝘰𝘸 𝘵𝘰 𝘤𝘰𝘮𝘱𝘳𝘰𝘮𝘪𝘴𝘦 𝘢𝘯𝘥 𝘮𝘰𝘷𝘦 𝘸𝘪𝘵𝘩𝘪𝘯 𝘒𝘶𝘣𝘦𝘳𝘯𝘦𝘵𝘦𝘴 𝘤𝘭𝘶𝘴𝘵𝘦𝘳𝘴. 𝘙𝘦𝘢𝘭-𝘸𝘰𝘳𝘭𝘥 𝘴𝘤𝘦𝘯𝘢𝘳𝘪𝘰𝘴, 𝘪𝘯𝘤𝘭𝘶𝘥𝘪𝘯𝘨 𝘤𝘳𝘦𝘥𝘦𝘯𝘵𝘪𝘢𝘭 𝘵𝘩𝘦𝘧𝘵, 𝘱𝘩𝘪𝘴𝘩𝘪𝘯𝘨, 𝘢𝘯𝘥 𝘴𝘦𝘳𝘷𝘪𝘤𝘦 𝘢𝘤𝘤𝘰𝘶𝘯𝘵 𝘩𝘪𝘫𝘢𝘤𝘬𝘪𝘯𝘨, 𝘸𝘪𝘭𝘭 𝘣𝘦 𝘦𝘹𝘱𝘭𝘰𝘳𝘦𝘥. 𝘋𝘦𝘧𝘦𝘯𝘴𝘪𝘷𝘦 𝘴𝘵𝘳𝘢𝘵𝘦𝘨𝘪𝘦𝘴 𝘢𝘯𝘥 𝘮𝘪𝘵𝘪𝘨𝘢𝘵𝘪𝘰𝘯 𝘵𝘦𝘤𝘩𝘯𝘪𝘲𝘶𝘦𝘴 𝘸𝘪𝘭𝘭 𝘣𝘦 𝘱𝘳𝘰𝘷𝘪𝘥𝘦𝘥 𝘵𝘰 𝘩𝘦𝘭𝘱 𝘴𝘦𝘤𝘶𝘳𝘦 𝘎𝘊𝘗 𝘦𝘯𝘷𝘪𝘳𝘰𝘯𝘮𝘦𝘯𝘵𝘴 𝘢𝘨𝘢𝘪𝘯𝘴𝘵 𝘵𝘩𝘦𝘴𝘦 𝘵𝘩𝘳𝘦𝘢𝘵𝘴."
About the trainers:
Chirag Savla is a cyber security professional with 10+ years of experience. His areas of interest include penetration testing, red teaming, azure and active directory security, and post-exploitation research. For fun, he enjoys creating open-source tools and exploring new attack methodologies in his leisure. Chirag has worked extensively on Azure, Active Directory attacks and defense, and bypassing detection mechanisms. He is the author of multiple open source tools such as Process Injection, Callidus, and others. He has presented at many conferences and local meetups and has trained people in international conferences like Blackhat, BSides Milano, Wild West Hackin’ Fest, HackSpaceCon, VulnCon and NorthSec.
🔗 Training details: https://nsec.io/training/2026-offensive-gcp-operations--tactics-certification-ogotc/
if you're using Burp for web app testing, you can benefit from the added productivity provided by the Burp Variables extension. this extension lets you reference reusable variables in your requests, similar to environment variables in Postman and Insomnia
additionally, new with v1.2.0, Burp Variables now supports auto-updating variable values from response content via a regex with a capture group, allowing you to automatically update tokens, session data, and other dynamic values
https://github.com/0xceba/burp_variables
#cybersecurity #infosec #hacking #bugbounty #pentest #pentesting
An entertaining post on how TaskHound was refactored to fix real‑world issues
HackTheBox. Прохождение Bashed. Для новичков. Ультра-легкий
Прохождение одной из самой легкой машины на платформе HackTheBox под названием Bashed . Предварительно нужно подключиться к площадке HackTheBox по VPN . Желательно использоваться отдельную виртуальную машину.
A Bloodhound alternative. BloodBash will ingest the same files bloodhound does but no server is required to use this tool. It's great for quick AD enumeration
KI-Framework Zen-AI-Pentest vereint 20 Sicherheitstools unter einem Dach
Das von SHAdd0WTAka in Zusammenarbeit mit Kimi AI (Moonshot AI) entwickelte Framework richtet sich an Sicherheitsfachleute, Bug-Bounty-Jäger und Unternehmenssicherheitsteams.
Autonomes Pentest-Framework kombiniert etablierte Sicherheitswerkzeuge mit Sprachmodellen
We are proud to have worked with Open Technology Fund (OTF) and @EngageMedia to help secure Cinemata, an open source video platform for communities that operate in politically sensitive environments. Of 26 identified vulnerabilities, all have been verified fixed.
#pentest #cybersecurity #privacy
https://www.assured.se/posts/pentest-report-cinemata
Organize. Focus. Achieve.
Juggling certifications, labs, and deadlines kills productivity. This Notion template consolidates everything: weekly planners, Pomodoro timers, habit trackers, deadline databases, and lo-fi radio.
Stay organized and focused for just $2.99. Stop scattered chaos, start systematic progress.
https://cybercraftstore.gumroad.com/l/notion-cybersecurity-study-planner-template
#cybersecurity #llm #ai #notion #focus #pomodoro #skills #job #pentest #security
El lado del mal - "GRP-Obliteration: Fine-Tunnig de (in)seguridad para LLMs y que sean más inseguros frente a Jailbreak" https://www.elladodelmal.com/2026/02/grp-obliteration-fine-tunnig-de.html #LLM #Hacking #Pentesting #RedTeam #IA #AI #Jailbreak #Pentest
Parrot 7.1 is now rolling out 🥁
This release brings:
✔ MCPwn for LLM security tools execution
✔ New Community Spins: MATE, LXQt, Enlightenment
✔ Rocket 1.5.0 with a brand-new UI
✔ Bug fixes + smoother daily experience
Available now on the download page 🦜
Click the link and read more on our latest article 🔗
https://parrotsec.org/blog/2026-02-11-parrot-7.1-release-notes/
#ParrotSec #ParrotOS #linux #linuxdistro #cybersecurity #cybersecuritynews #debian #pentest #pentesting #hacking #hacker
Ax Framework is a free and open-source tool utilized by Bug Hunters and Penetration Testers to efficiently operate in multiple cloud environments. It helps build and deploy repeatable infrastructure tailored for offensive security purposes
The project also contains a tool to manipulate the msDS-KeyCredentialLink LDAP attribute in order to register KeyCredentialLinks in Active Directory environments
El lado del mal - LLM-Guardian: Sistema Multi-Agente de Defensa LLM con Red Team Adversarial Inteligente https://elladodelmal.com/2026/02/llm-guardian-sistema-multi-agente-de.html #LLM #Guardrails #Pentest #Pentesting #IA #AI #Jailbreak #PromptInjection #Unalignment #Hardening
VulNyx Hosting Writeup
A Step-by-Step Guide to Exploiting SMB and WinRM Services on the VulNyx Hosting Machine:
https://medium.com/@thecybercraft/vulnyx-hosting-writeup-fa1bf2aa3825
#pentest #cybersecurity #infosec #winrm #vulnyx #smb #writeup
Ever think about penetration testers? People who test the physical security of sites for companies? Now, have you ever wondered what happens if they accidentally penetrate test the wrong site?
This guy did that.
https://darknetdiaries.com/episode/6/
The Beirut bank job
#penTest #hacking #podcast
A powershell tool to enumerate all SharePoint sites/drives that a user can access via Microsoft Graph, recursively downloads files, and logs every Graph/SharePoint HTTP request for SIEM correlation
Le pentest est-il mort ? — Nous voici en 2026 : à l'ère des LLM et du presque AGI … #pentest #security #threats [ https://y0no.fr/posts/le-pentest-est-il-mort/ ] #informatique ( via Yoann Ono / Biot )
BOF to perform stealthy LDAP queries over AD WS
