Web Security Academy Series Course.zip.001
1.9 GB
Web Security Academy Series Course.zip.001Web Security Academy Series Course.zip.002
1.9 GB
Web Security Academy Series Course.zip.002Web Security Academy Series Course.zip.003
1.9 GB
Web Security Academy Series Course.zip.003Web Security Academy Series Course.zip.004
955.3 MB
Web Security Academy Series Course.zip.004#Threat_Research
1. OAuth Account Takeover:
exploitation of OAuth account affecting providers and TikTok/Reddit/Samsung Mail
https://blog.ostorlab.co/one-scheme-to-rule-them-all.html
2. WPS WebShape vulnerability and exploitation analysis
https://paper.seebug.org/3055
1. OAuth Account Takeover:
exploitation of OAuth account affecting providers and TikTok/Reddit/Samsung Mail
https://blog.ostorlab.co/one-scheme-to-rule-them-all.html
2. WPS WebShape vulnerability and exploitation analysis
https://paper.seebug.org/3055
an_ace_up_the_sleeve.pdf
5.7 MB
#Offensive_security
"An ACE Up the Sleeve: Designing Active Directory DACL Backdoors", 2018.
"An ACE Up the Sleeve: Designing Active Directory DACL Backdoors", 2018.
CVE-2023-34051 : VMware Aria Operations for Logs - Authentication Bypass
POC : https://github.com/horizon3ai/CVE-2023-34051
Technical Analysis : https://www.horizon3.ai/vmware-aria-operations-for-logs-cve-2023-34051-technical-deep-dive
Indicators of Compromise : https://www.horizon3.ai/vmware-vrealize-cve-2022-31706-iocs/
POC : https://github.com/horizon3ai/CVE-2023-34051
Technical Analysis : https://www.horizon3.ai/vmware-aria-operations-for-logs-cve-2023-34051-technical-deep-dive
Indicators of Compromise : https://www.horizon3.ai/vmware-vrealize-cve-2022-31706-iocs/
#OpSec
#Red_Team_Tactics
1. Stealth redirector for red team operation security
https://github.com/D00Movenok/BounceBack
2. Collection of OPSEC Tradecraft/TTPs for Red Team Ops
https://github.com/WesleyWong420/OPSEC-Tradecraft
#Red_Team_Tactics
1. Stealth redirector for red team operation security
https://github.com/D00Movenok/BounceBack
2. Collection of OPSEC Tradecraft/TTPs for Red Team Ops
https://github.com/WesleyWong420/OPSEC-Tradecraft
#exploit
1. CVE-2023-34051:
VMware Aria Operations for Logs - authentication bypass
https://github.com/horizon3ai/CVE-2023-34051
2. CVE-2023-28432:
MinIO information disclosure
https://github.com/yTxZx/CVE-2023-28432
1. CVE-2023-34051:
VMware Aria Operations for Logs - authentication bypass
https://github.com/horizon3ai/CVE-2023-34051
2. CVE-2023-28432:
MinIO information disclosure
https://github.com/yTxZx/CVE-2023-28432
bruteratel_1.3.tar.gz
103.8 MB
Bruteratel Release v1.3 (Resurgence)
Cisco_Firepower_Hardening.pdf
1.8 MB
#hardening
"Cisco Firepower Hardening Guide", 2023.
"Cisco Firepower Hardening Guide", 2023.
Forwarded from CyberShieldX ๐ฎ๐ณ
Media is too big
VIEW IN TELEGRAM
DogeRat v5 Demo
- Added
โข Locker - Lock/Unlock Device
โข Open link in browser directly
โข Auto Permission Like CraxRat
โข Bypass all antivirus
โข Crypto exchange Injection
โข Banking Injection
โข Custom phishing
โข Stable in All Android versions
โขAnd All old features ....
Know more :
https://github.com/shivaya-dav/DogeRat-Premium
Buy now @shivaya_dav
Request: please share this in your channel, I will bring free version update soon ๐
- Added
โข Locker - Lock/Unlock Device
โข Open link in browser directly
โข Auto Permission Like CraxRat
โข Bypass all antivirus
โข Crypto exchange Injection
โข Banking Injection
โข Custom phishing
โข Stable in All Android versions
โขAnd All old features ....
Know more :
https://github.com/shivaya-dav/DogeRat-Premium
Buy now @shivaya_dav
Request: please share this in your channel, I will bring free version update soon ๐
๐ XSStrike ๐
Advanced XSS Detection Suite
๐
XSStrike is a Cross Site Scripting detection suite equipped with four hand written parsers, an intelligent payload generator, a powerful fuzzing engine and an incredibly fast crawler.
Instead of injecting payloads and checking it works like all the other tools do, XSStrike analyses the response with multiple parsers and then crafts payloads that are guaranteed to work by context analysis integrated with a fuzzing engine. Here are some examples of the payloads generated by XSStrike:
Main Features
โช๏ธReflected and DOM XSS scanning
โช๏ธMulti-threaded crawling
โช๏ธContext analysis
โช๏ธConfigurable core
โช๏ธWAF detection & evasion
โช๏ธOutdated JS lib scanning
โช๏ธIntelligent payload generator
โช๏ธHandmade HTML & JavaScript parser
โช๏ธPowerful fuzzing engine
โช๏ธBlind XSS support
โช๏ธHighly researched work-flow
โช๏ธComplete HTTP support
โช๏ธBruteforce payloads from a file
โช๏ธPayload Encoding
๐ธ Github
Advanced XSS Detection Suite
๐
XSStrike is a Cross Site Scripting detection suite equipped with four hand written parsers, an intelligent payload generator, a powerful fuzzing engine and an incredibly fast crawler.
Instead of injecting payloads and checking it works like all the other tools do, XSStrike analyses the response with multiple parsers and then crafts payloads that are guaranteed to work by context analysis integrated with a fuzzing engine. Here are some examples of the payloads generated by XSStrike:
}]};(confirm)()//\
<A%0aONMouseOvER%0d=%0d[8].find(confirm)>z
</tiTlE/><a%0donpOintErentER%0d=%0d(prompt)``>z
</SCRiPT/><DETAILs/+/onpoINTERenTEr%0a=%0aa=prompt,a()//
Apart from that, XSStrike has crawling, fuzzing, parameter discovery, WAF detection capabilities as well. It also scans for DOM XSS vulnerabilities.Main Features
โช๏ธReflected and DOM XSS scanning
โช๏ธMulti-threaded crawling
โช๏ธContext analysis
โช๏ธConfigurable core
โช๏ธWAF detection & evasion
โช๏ธOutdated JS lib scanning
โช๏ธIntelligent payload generator
โช๏ธHandmade HTML & JavaScript parser
โช๏ธPowerful fuzzing engine
โช๏ธBlind XSS support
โช๏ธHighly researched work-flow
โช๏ธComplete HTTP support
โช๏ธBruteforce payloads from a file
โช๏ธPayload Encoding
๐ธ Github
Media is too big
VIEW IN TELEGRAM
Get Phone GPS