SSH_pentesting.pdf
2.1 MB
#Whitepaper
"SSH Penetration Testing", 2022.
"SSH Penetration Testing", 2022.
Scapolite.pdf
1.3 MB
#hardening
"Hardening with Scapolite: a DevOps-based Approach for Improved Authoring and Testing of Security-Configuration Guides in Large Scale Organizations", 2022.
"Hardening with Scapolite: a DevOps-based Approach for Improved Authoring and Testing of Security-Configuration Guides in Large Scale Organizations", 2022.
UAV_security.pdf
1005.8 KB
#Research
"UAV Traffic Management: A Survey On Communication Security", 2022.
"UAV Traffic Management: A Survey On Communication Security", 2022.
TLB_DR.pdf
245.1 KB
#reversing
"TLB;DR: Enhancing TLB-based Attacks with TLB Desynchronized Reverse Engineering", 2022.
]-> https://github.com/vusec/tlbdr
"TLB;DR: Enhancing TLB-based Attacks with TLB Desynchronized Reverse Engineering", 2022.
]-> https://github.com/vusec/tlbdr
Forwarded from Bug Bounty
Offensive Security Approved OSCP Notes
Link : https://oscpnotes.infosecsanyam.in/My_OSCP_Preparation_Notes.html
#bugbounty #OSCP #infosec #pentest
Link : https://oscpnotes.infosecsanyam.in/My_OSCP_Preparation_Notes.html
#bugbounty #OSCP #infosec #pentest
🔰 8000+ XSS Payloads
#bugbounty #Infosec
Git Ripo : https://github.com/Aacle/xss_payload
Check This Out : 👆
#bugbounty #Infosec
Git Ripo : https://github.com/Aacle/xss_payload
Check This Out : 👆
GitHub
GitHub - aacle/xss_payload
Contribute to aacle/xss_payload development by creating an account on GitHub.
Forwarded from Bug Bounty
🔰All Google Dorks
#bugbounty #infosec
• Operators
• Purposes
• Can be Mixed with other operators ?
• Can be used alone ?
• Does Search Work in ? : Web, Image, Groups, News
Download In More Clarity : https://bugbountyguide.org/index.php/mindmaps-cheatsheets/
Check this Out : 👆
#bugbounty #infosec
• Operators
• Purposes
• Can be Mixed with other operators ?
• Can be used alone ?
• Does Search Work in ? : Web, Image, Groups, News
Download In More Clarity : https://bugbountyguide.org/index.php/mindmaps-cheatsheets/
Check this Out : 👆
Awesome Hacker Search Engines
https://github.com/edoardottt/awesome-hacker-search-engines
// Repo containing search engines and online services useful for pentesting, general security, red team, bug bounty etc
●▬۩❁ credits:@geeekgirls ❁۩▬●
https://github.com/edoardottt/awesome-hacker-search-engines
// Repo containing search engines and online services useful for pentesting, general security, red team, bug bounty etc
●▬۩❁ credits:@geeekgirls ❁۩▬●
GitHub
GitHub - edoardottt/awesome-hacker-search-engines: A curated list of awesome search engines useful during Penetration testing,…
A curated list of awesome search engines useful during Penetration testing, Vulnerability assessments, Red/Blue Team operations, Bug Bounty and more - edoardottt/awesome-hacker-search-engines
Wi-Fi Exploitation Framework
https://github.com/D3Ext/WEF
Stealer + Clipper + Keylogger
https://github.com/Stealerium/Stealerium
JavaScript file crawler and secret finder
https://github.com/oppsec/Pinkerton
Reveals invisible links within JavaScript files
https://github.com/riza/linx
A simple CLI for converting WARC to Parquet
https://github.com/maxcountryman/warc-parquet
Web-See is Tool For Checkout Status Of Urls in Mass Its For Bug Bounty Hunters And Black Hat Hackers
https://github.com/indiancybertroops/Web-See
https://github.com/D3Ext/WEF
Stealer + Clipper + Keylogger
https://github.com/Stealerium/Stealerium
JavaScript file crawler and secret finder
https://github.com/oppsec/Pinkerton
Reveals invisible links within JavaScript files
https://github.com/riza/linx
A simple CLI for converting WARC to Parquet
https://github.com/maxcountryman/warc-parquet
Web-See is Tool For Checkout Status Of Urls in Mass Its For Bug Bounty Hunters And Black Hat Hackers
https://github.com/indiancybertroops/Web-See
GitHub
GitHub - D3Ext/WEF: Wi-Fi Exploitation Framework
Wi-Fi Exploitation Framework. Contribute to D3Ext/WEF development by creating an account on GitHub.
#Python Ethical Hacking, published by Packt
https://github.com/PacktPublishing/Python-Ethical-Hacking
A pure #Python Network Packet Sniffing tool
https://github.com/EONRaider/Packet-Sniffer
#Python Script to access ATT&CK content available in STIX via a public TAXII server
https://github.com/OTRF/ATTACK-Python-Client
#Python Scripts for Hacking
https://github.com/Adastra-thw/pyHacks
https://github.com/PacktPublishing/Python-Ethical-Hacking
A pure #Python Network Packet Sniffing tool
https://github.com/EONRaider/Packet-Sniffer
#Python Script to access ATT&CK content available in STIX via a public TAXII server
https://github.com/OTRF/ATTACK-Python-Client
#Python Scripts for Hacking
https://github.com/Adastra-thw/pyHacks
GitHub
GitHub - PacktPublishing/Python-Ethical-Hacking: Python Ethical Hacking, published by Packt
Python Ethical Hacking, published by Packt. Contribute to PacktPublishing/Python-Ethical-Hacking development by creating an account on GitHub.
#Red_Team_Tactics
1. Method of dumping LSASS by abusing the Windows Error Reporting service
https://github.com/deepinstinct/Lsass-Shtinkering
2. Bypass MS Graph API paging limitation and dump all user's objects using Graph API token (Illicit Grant Phishing Attack)
https://github.com/lutzenfried/OffensiveCloud/blob/4de3846faffa13d813872ffae6b990fa670dae6e/Azure/Tools/graphAPIDump.py
1. Method of dumping LSASS by abusing the Windows Error Reporting service
https://github.com/deepinstinct/Lsass-Shtinkering
2. Bypass MS Graph API paging limitation and dump all user's objects using Graph API token (Illicit Grant Phishing Attack)
https://github.com/lutzenfried/OffensiveCloud/blob/4de3846faffa13d813872ffae6b990fa670dae6e/Azure/Tools/graphAPIDump.py
GitHub
GitHub - deepinstinct/Lsass-Shtinkering
Contribute to deepinstinct/Lsass-Shtinkering development by creating an account on GitHub.
Sandboxing_V8.pdf
224.4 KB
#Offensive_security
"Sandboxing V8", Dec 2022.
]-> High-Level Design: https://docs.google.com/document/u/0/d/1FM4fQmIhEqPG8uGp5o9A-mnPB5BOeScZYpkHjo0KKA8/mobilebasic
]-> V8 Sandbox - External Pointer Sandboxing: https://docs.google.com/document/u/0/d/1V3sxltuFjjhp_6grGHgfqZNK57qfzGzme0QTk0IXDHk/mobilebasic
"Sandboxing V8", Dec 2022.
]-> High-Level Design: https://docs.google.com/document/u/0/d/1FM4fQmIhEqPG8uGp5o9A-mnPB5BOeScZYpkHjo0KKA8/mobilebasic
]-> V8 Sandbox - External Pointer Sandboxing: https://docs.google.com/document/u/0/d/1V3sxltuFjjhp_6grGHgfqZNK57qfzGzme0QTk0IXDHk/mobilebasic
#tools
#Cloud_Security
Kubeshark - API traffic viewer for Kubernetes providing deep visibility into all API traffic/payloads going in, out and across containers and pods inside a Kubernetes cluster
https://github.com/kubeshark/kubeshark
#Cloud_Security
Kubeshark - API traffic viewer for Kubernetes providing deep visibility into all API traffic/payloads going in, out and across containers and pods inside a Kubernetes cluster
https://github.com/kubeshark/kubeshark
GitHub
GitHub - kubeshark/kubeshark: eBPF-powered network observability for Kubernetes. Indexes L4/L7 traffic with full K8s context, decrypts…
eBPF-powered network observability for Kubernetes. Indexes L4/L7 traffic with full K8s context, decrypts TLS without keys. Queryable by AI agents via MCP and humans via dashboard. - kubeshark/kubes...