12 hours of testing on VirtualBox on my poor old PC.
Zero crashes. BashCoreX is stable, fast, ready.

Debian-based, XFCE-powered, loaded with essential tools for ethical hacking.
Minimalism meets performance.

Just a reminder to always lock your door!
#LatchSlipping #Pentesting #PhysicalPentesting #Security

An excellent and especially thorough list of bypasses available to just about any bad actor that can reach a shell on a misconfigured UNIX system.

https://gtfobins.github.io/

(Thanks to one of my students, Susana, for sending this in)

Ok, so it's a pentera ad, but the research is sound. And yeah, 75 security products and still 67% biannual breach rate? Christ on a cracker.

https://thehackernews.com/2025/05/the-crowded-battle-key-insights-from.html?m=1

DNS cache poisoning is a security attack that corrupts a DNS resolver’s cache by injecting false records, causing users to be redirected to fake IP addresses instead of the legitimate domain

Here is how the attack works and how to protect from it #infosec #dns #pentesting

Find pdf books with all my #cybersecurity related infographics at https://study-notes.org

El lado del mal - Entre Marilyn & Manson: Vulnerando IPv6 con Man-in-the-middle usando NDP en la red de tu casa con Kali Linux https://www.elladodelmal.com/2025/05/entre-marilyn-manson-vulnerando-ipv6.html #Hacking #IPV6 #Mitm #redes #Wireshark #Kali #pentest #pentesting

Happy to see things finally falling into place!
SLiM is running smoothly on the live system, and BashCoreX (the GUI evolution of BashCore) is starting to take shape!

I'm now installing the CLI toolset via apt inside the chroot.

Next up: testing everything, then bringing in tools from GitHub, GitLab, and the rest of the wild.

Let’s push it further!

Nmap, Metasploit, Hydra, Mimikatz, Netcat: Overview & Uses

#CyberSecurity #PenTesting #EthicalHacking #Nmap #Metasploit #Hydra #Netcat

Neue Veranstaltung: Capture The Flag Training mit Kali Linux am 26. Mai um 19 Uhr:
https://technikkultur-erfurt.de/2025/05/18/veranstaltung-capture-the-flag-training/
#Hackspace #Erfurt #Pentesting #Kali

El lado del mal - ¿Se puede reemplazar a un Pentester con un Agente de IA basado en LLMs? Cómo realizar ataques completos a redes complejas con agentes de Inteligencia Artificial https://www.elladodelmal.com/2025/05/se-puede-reemplazar-un-pentester-con-un.html #AI #IA #Pentesting #Hacking #LLM #Pentester #MCP #AgenticAI #RedTeam

My favorite pentesting setup.

Today i'm setting up the #KaliLinux #Docker #container for my #ansible #playbook. This setup has some pretty cool advantages for me.

I can:

• access the shell and files using #SSH and #SFTP.
• customize the installation to the fullest extend using the #Dockerfile.
• easily route the #networktraffic through a #vpn using #gluetun.
• reproduce the setup (i love Docker).
• use GUI apps from that container using X11Forwarding or by installing a #vnc server.

This has been my favorite #pentesting setup so far for obvious reasons. I can access a fully configured pentesting environment on all my devices, always accessible and ready to go.

In case anyone is interested in the setup, it will be included in my ansible playbook, which will be published on this repository.

Here is a preview of the next release of Car Arsenal for Kali Linux 2025.2!

Renamed from CAN Arsenal to Car Arsenal to cover more car hacking stuff.

Added a lot of tools, feature and code rewrite! And im not even done!

Music used : @LinkinPark Lost in the Echo

https://youtube.com/shorts/iSm9BuxZ6HQ?si=-ma3bDIMr3-5Gd9o

@kimocoder @yesimxev @kalilinux @kalilinux@bird.makeup @davidbombal @androidmalware2

AI-powered features are the new attack surface! Check out our new blog in which LMG Security’s Senior Penetration Tester Emily Gosney @baybedoll shares real-world strategies for testing AI-driven web apps against the latest prompt injection threats.

From content smuggling to prompt splitting, attackers are using natural language to manipulate AI systems. Learn the top techniques—and why your web app pen test must include prompt injection testing to defend against today’s AI-driven threats.

Read now: https://www.lmgsecurity.com/are-your-ai-backed-web-apps-secure-why-prompt-injection-testing-belongs-in-every-web-app-pen-test/