🔰 8000+ XSS Payloads
#bugbounty #Infosec

Git Ripo : https://github.com/Aacle/xss_payload

Check This Out : 👆

🔰All Google Dorks
#bugbounty #infosec

• Operators
• Purposes
• Can be Mixed with other operators ?
• Can be used alone ?
• Does Search Work in ? : Web, Image, Groups, News

Download In More Clarity : https://bugbountyguide.org/index.php/mindmaps-cheatsheets/

Check this Out : 👆

Awesome Hacker Search Engines
https://github.com/edoardottt/awesome-hacker-search-engines
// Repo containing search engines and online services useful for pentesting, general security, red team, bug bounty etc

●▬۩❁ credits:@geeekgirls ❁۩▬●

Wi-Fi Exploitation Framework
https://github.com/D3Ext/WEF
Stealer + Clipper + Keylogger
https://github.com/Stealerium/Stealerium
JavaScript file crawler and secret finder
https://github.com/oppsec/Pinkerton
Reveals invisible links within JavaScript files
https://github.com/riza/linx
A simple CLI for converting WARC to Parquet
https://github.com/maxcountryman/warc-parquet
Web-See is Tool For Checkout Status Of Urls in Mass Its For Bug Bounty Hunters And Black Hat Hackers
https://github.com/indiancybertroops/Web-See

#Python Ethical Hacking, published by Packt
https://github.com/PacktPublishing/Python-Ethical-Hacking

 A pure #Python Network Packet Sniffing tool
 https://github.com/EONRaider/Packet-Sniffer

#Python Script to access ATT&CK content available in STIX via a public TAXII server
https://github.com/OTRF/ATTACK-Python-Client

#Python Scripts for Hacking
https://github.com/Adastra-thw/pyHacks

#Red_Team_Tactics
1. Method of dumping LSASS by abusing the Windows Error Reporting service
https://github.com/deepinstinct/Lsass-Shtinkering
2. Bypass MS Graph API paging limitation and dump all user's objects using Graph API token (Illicit Grant Phishing Attack)
https://github.com/lutzenfried/OffensiveCloud/blob/4de3846faffa13d813872ffae6b990fa670dae6e/Azure/Tools/graphAPIDump.py

#Offensive_security
"Sandboxing V8", Dec 2022.

]-> High-Level Design: https://docs.google.com/document/u/0/d/1FM4fQmIhEqPG8uGp5o9A-mnPB5BOeScZYpkHjo0KKA8/mobilebasic
]-> V8 Sandbox - External Pointer Sandboxing: https://docs.google.com/document/u/0/d/1V3sxltuFjjhp_6grGHgfqZNK57qfzGzme0QTk0IXDHk/mobilebasic

#tools
#Cloud_Security
Kubeshark - API traffic viewer for Kubernetes providing deep visibility into all API traffic/payloads going in, out and across containers and pods inside a Kubernetes cluster
https://github.com/kubeshark/kubeshark

#exploit
1. CVE-2022-46169:
Critical vulnerability affects Cacti network graphing solution
https://securityonline.info/cve-2022-46169-critical-vulnerability-affects-cacti-network-graphing-solution

2. Linux PrivEsc(2) - Scheduled Tasks (cron)
https://medium.com/@tinopreter/linux-privesc-2-scheduled-tasks-cron-b23c4c4df152

3. CVE-2022-45313/45315:
Mikrotik RouterOs <7.5/7.6 was discovered to contain an OOB R/ in the hotspot vuln/snmp process
https://github.com/cq674350529/pocs_slides/tree/master/advisory/MikroTik/CVE-2022-45313
https://github.com/cq674350529/pocs_slides/tree/master/advisory/MikroTik/CVE-2022-45315

#Research
#5G_Network_Security
"A Stealthy Location Identification Attack Exploiting Carrier Aggregation in Cellular Networks", 2021.

#Malware_analysis
1. PrideLocker - a new fork of Babuk ESX Encryptor
https://www.synacktiv.com/publications/pridelocker-a-new-fork-of-babuk-esx-encryptor.html
2. Defcon Skimming: A new batch of Web Skimming attacks
https://blog.jscrambler.com/defcon-skimming-a-new-batch-of-web-skimming-attacks
3. AndroxGh0st python malware
https://www.lacework.com/blog/androxghost-the-python-malware-exploiting-your-aws-keys