I know WAFs can get annoying during pen tests and CTFs. So I built a WAF evasion engine. It mutates and persists, allowing you to even use it as a proxy. It's meant to be chained with other tools like Nuclei or SQLmap. I thought it might be useful.
Happy Hacking!
We're looking for a DDoS pentesting/simulation service.
Any recs? We're with Akamai + have our own WAF exposed so we'd like to stress test this.
Some of our IPs are also exposed via our ISP.
Hi to all pentesters and security consultants,
I have a question regarding security hardening projects for network devices such as firewalls, switches, and proxy devices.
I’m facing difficulties explaining to upper management that CIS Benchmark is a guideline and not every device must achieve 100% compliance on all checks. From their perspective, every item in the CIS Benchmark should pass completely.
From the security perspective, we already perform assessments using automated tools like Nipper, combined with manual reviews of security configurations, password policies, exposed services, and other hardening checks. Some CIS recommendations are not always applicable due to operational, compatibility, or business requirements.
How do you usually handle this kind of situation professionally with management or clients? How do you explain the balance between practical security and strict benchmark compliance?
i’m a dev engineer and slowly getting into the telecom world, especially mobile networks. I’ve read a couple of articles and it seems like their infrastructure is quite outdated and with a lot of vulnerabilities. probably because of all the interconnect they have to satisfy connectivity.
i guess my question is - sure they are insecure, but to what point? should i stop using voice call and switch to whastapp call?
are they actively trying to stay on top of their infra or are they the ones selling the data… ?
quite a broad topic.. but just a thought i had..
Cyber security has sparkled my interest in 2016, back then i installed Kali Linux and played a little with SE toolkit, terminal, Metasploit etc. i used to watch videos and tutorials from NullByte website and YT channel, i heard of bug bounty in 2018 but really had no idea where to start, i heard of TryHackMe in late 2021 and done The complete beginner learning path but after that i got a little busy and didn't continue with other tracks
However with the evolution of AI and that the pentesting field has got very saturated, even hiring companies require tons of skills and experience to land a junior level position, they require Web, API, network, and AD experience to land a junior position, I'm wondering is it too late to get into this field?
writeup for CVE-2026-34474. On affected ZTE H298A / H108N builds, hitting an old ETHCheat path makes the router return credential fields in the HTML before login.
The returned markup included things like the admin password, ESSID, and WLAN PSK on the tested builds. There is also a related wizard endpoint leaking serial info. The writeup has the redacted captures, affected versions, and disclosure timeline.
Hi, it’s been a little while since I’ve been working as a web penetration tester. So far the websites I had to test did not use CloudFlare. Now I was given a website that does use CloudFlare. I am totally confused how to approach this as using automated tools might get my IP blocked. Manual enumeration did not yield any great results to work with. Since its CloudFlare, no ports are open as such. I don’t know how do I approach this. I would greatly appreciate some help!
Hello all, new user here. I graduated from college last year and have been trying to get a pentesting position with no luck. Pentesting has been my dream job since middle school. I played CTFs and got OSCP in high school which really helped me develop my methodology for HTB which I worked on through college where I also worked at university tech support for a few months. I got OSEP after I graduated and started grinding linkedin which hit me with a reality check. I was naive and thought my certs would be enough to get me a junior role. To me the certs aren't just letters as I know how much I learned from the work I put into getting them, but now I see how much experience and public projects matter.
I regret quitting my job in tech support despite how miserable I was since I don't even have a year of IT work experience to my name. I regret not creating writeups for the HTB labs I did and all the other personal work I've done, but now is the time to move forward. I will most likely not be able to go straight into pentesting as I wished, and honestly now I hope I can even get an IT role since I'm running out of time.
I've heard projects are good on resumes and I think I have a great idea for a project that would help me understand AD attacks at a much deeper level than I currently do, but I'm not sure how to market it on a resume. Does anyone have any advice for how to write about a project you did on a resume?
I've looked at so many resources about job searching and getting into pentesting/cybersecurity so I know this might be a pretty generic post. I'm not sure what I hope to get from posting this, but anything might help me figure out what to do and keep going. Thank you
Title says it all. Tech literacy is going down. I am losing hope. :,)
https://minanagehsalalma.github.io/cve-2026-34472-auth-bypass-zte-h188a-router/
I wrote up CVE-2026-34472, an authentication bypass in the ZTE H188A V6 router.
The interesting pentest angle is that the issue was not a classic brute-force/default-password case. The router exposed sensitive setup-wizard data before authentication because of a routing flaw. That leaked enough information to cross into the authenticated management interface.
The post covers:
Hey
Recently, my school has asked me to see if I can find vulnerabilities in their network, as I made malware that ended up being flagged, and they ended up banning me from the network.
They said if I can find any holes, then they would be happy and I could potentially be rewarded, and this could be something to put on my CV. I'm really passionate about cybersecurity and think this could be a great way to advance my skills.
My findings so far are that ive managed to locate an easy networking patch panel. I think they have a few scattered around, but I can potentially plug anything into that or monitor traffic with a man in the middle.
potentially
Does anyone have any ideas or suggestions on what I could try and how I could dig deeper into the network?
Thanks heaps
Hi, I'm a final year student who want to become a penetration tester from my secondary school, for the past 2 years of college I've done multiple things, participated in national and international competitions, built backends, frontends, AI pipelines, cloud infrastructure etc but I didn't got the time to actually pentest some stuff or websites. I have the basics of networking, linux, python etc everything I just wanna get fully involved into the security domain now.
I am currently doing a practical ethical Hacking course by Heath Adams(it won't have a cert coz I got it thru 😜).
My question is can I get a full time job after 9 months and if yes, do I need some certification?
I have certs in mind but I don't have money, I can ask my parents but I need some actual advice on which certifications is the best for money and what are the free alternatives to actually boost my skills to become an actual security engineer rather than a larper or script kiddy...
Built this self-hosted workspace for fun, sharing it in case it helps the next person prepping!
https://github.com/Poellie01/PentestCompanion
After doing the OSCP exam and thinking / prepping for OSEP, I wondered what my biggest bottlenecks were during the exam. Most of the issues I had was that all of my information was all over the place, screenshots, logs, files, all in folders and separate note files. That's why I started this project, Pentest-Companion. It can be used for regular pentesting engagements / OSCP- style exams. etc.
Currently it has the following features:
Engagements:
Run engagements end-to-end. Targets, ports, attack steps, credentials, loot, checklists, timeline — all in one place. Auto-seeded phase checklists for recon, web, AD, post-ex, and pivoting. Archive completed engagements, link them to clients.
Findings & Reporting
Findings with interactive CVSS v3.1 calculator, severity workflow, comments, evidence files, and CVE auto-lookup. A 24-template library (need to add way more).. Generate branded DOCX and PDF reports with cover pages, executive summaries, and per-finding walkthroughs. Per-engagement toggles for redacting credentials on client-shareable copies.
Built-In Web Scanner
Passive security analysis: TLS, HTTP security headers, cookies, CORS, exposed files, HTTP methods, and tech fingerprinting. Deep mode adds directory enumeration and JavaScript endpoint extraction. Scan results auto-promote into a linked engagement's findings. Compare any two scans to see what changed.
Terminal Session Logging
Pipe any shell command into the app via a simple bash helper. Output streams in live with ANSI colors preserved. Personal API tokens for authentication. View any session per engagement.
Tools
Hash identifier with hashcat-mode reference table · Base64 encoder/decoder · Exam timer · Command renderer with placeholder substitution · Nmap output parser · Tool-output scratchpad that auto-detects what tool produced the output · Markdown notes with autosave.
Data portability
Importers for Nessus, Burp Suite, Nmap XML, bulk host lists, and Obsidian vaults. Exporters for findings as JSON, the full engagement as a .zip bundle (data + evidence files), and the finding library as a JSON bundle for sharing between teams. The full export → import round-trip works, so you can wipe the testing box after the engagement.
Teams & Multi-tenancy
Self-service registration creates an isolated team workspace. Roles (viewer / operator / owner / admin), single-use invite links, audit log, per-team branding settings (logo, color, footer that appear on every report). Cross-team isolation enforced on every endpoint and proven by tests.
Authentication
Password reset flow, CSRF protection on every form, HttpOnly + SameSite session cookies, SSRF guards on the scanner, strict path containment on file operations, structured request logging, friendly error pages. 24 automated tests including cross-team leakage proofs.
Deployment
One command (docker compose up -d) gets you a production-ready instance with a persistent volume, healthcheck, gunicorn, and a non-root user. SQLite by default.
Hi everyone, I want to start learning to do real pen testing to kick off my cyber career. I am about to graduate from my community college with an associates in Cybersecurity. I’m currently working to take my Security+ exam and PenTest+ exam by the end of the summer and I’m debating if I should do a couple things. I’m torn between going out in my own and starting from scratch by learning to do bug bounties and freelance work or should I transfer to a four year college to finish a bachelors in cybersecurity. I feel like I have no idea where to start and I keep seeing how bad the job market is getting that I want to know what can I do to at least keep up with the current market. Thank you for reading.
As title, in consulting perspective, with how advance and fast growing AI/LLM has progress, how did it change your workplace ?
Did it result in hiring freeze when management expect to bring in more project with lesser people ?
Did management expect and dictate specific direction of company developed tools that are against your personal belief ?
Curious to see what other place is facing in this time of LLM.
Hello can you guys rate my CV please & Is my CV eligible for an internship?
Hello Anyone have solution to save requests in Burp Community edition ?
If different testers are writing sections of the same report, how do you keep the final output cohesive?
Is there a strong internal review process, or does it mostly come down to experience and shared standards?