awesome list of browser exploitation tutorials
https://github.com/Escapingbug/awesome-browser-exploit
collection of awesome web crawler, spider
in different languages
https://github.com/BruceDone/awesome-crawler
List of libraries, tools and APIs
for web scraping and data processing
https://github.com/lorien/awesome-web-scraping
Everything about web-application firewalls (WAF)
https://github.com/0xInfection/Awesome-WAF
https://github.com/Escapingbug/awesome-browser-exploit
collection of awesome web crawler, spider
in different languages
https://github.com/BruceDone/awesome-crawler
List of libraries, tools and APIs
for web scraping and data processing
https://github.com/lorien/awesome-web-scraping
Everything about web-application firewalls (WAF)
https://github.com/0xInfection/Awesome-WAF
Pegasus Spyware Samples Decompiled
Operating System: AndroidOS
https://github.com/jonathandata1/pegasus_spyware
Operating System: AndroidOS
https://github.com/jonathandata1/pegasus_spyware
latest network security #vulnerability detection or #exploit code
https://github.com/aetkrad/goby_poc
https://github.com/aetkrad/goby_poc
Remote Desktop entirely coded in PowerShell
https://github.com/DarkCoderSc/PowerRemoteDesktop
fast terminal-ui for git written in rust
https://github.com/extrawurst/gitui
https://github.com/DarkCoderSc/PowerRemoteDesktop
fast terminal-ui for git written in rust
https://github.com/extrawurst/gitui
2201.01649.pdf
1.2 MB
WebSpec Machine-Checked Analysis of Browser Security Mechanisms, new cookie attack
https://arxiv.org/abs/2201.01649
https://arxiv.org/abs/2201.01649
CVE-2021-45608 | NetUSB RCE
Flaw in Millions of End User Routers
https://www.sentinelone.com/labs/cve-2021-45608-netusb-rce-flaw-in-millions-of-end-user-routers
CVE-2021-42278 Domain Escalation - sAMAccountName Spoofing
https://pentestlab.blog/2022/01/10/domain-escalation-samaccountname-spoofing
New macOS vulnerability, “powerdir,” could lead to unauthorized user data access
https://www.microsoft.com/security/blog/2022/01/10/new-macos-vulnerability-powerdir-could-lead-to-unauthorized-user-data-access
Flaw in Millions of End User Routers
https://www.sentinelone.com/labs/cve-2021-45608-netusb-rce-flaw-in-millions-of-end-user-routers
CVE-2021-42278 Domain Escalation - sAMAccountName Spoofing
https://pentestlab.blog/2022/01/10/domain-escalation-samaccountname-spoofing
New macOS vulnerability, “powerdir,” could lead to unauthorized user data access
https://www.microsoft.com/security/blog/2022/01/10/new-macos-vulnerability-powerdir-could-lead-to-unauthorized-user-data-access
CVE-2021-41277 can be extended to an SSRF
https://github.com/sasukeourad/CVE-2021-41277_SSRF
SonicWall SMA-100 Unauth RCE
Exploit CVE-2021-20038
https://github.com/jbaines-r7/badblood
https://github.com/sasukeourad/CVE-2021-41277_SSRF
SonicWall SMA-100 Unauth RCE
Exploit CVE-2021-20038
https://github.com/jbaines-r7/badblood
C# version of MDSec's ParallelSyscalls
https://github.com/cube0x0/ParallelSyscalls
A Linux program that replies to ping but modifies the payload of the ICMP package to get lower ping times
https://github.com/m-ou-se/pong
Bash script to check if a domain or list of domains can be spoofed based in DMARC records
https://github.com/v4d1/SpoofThatMail
Ivy is a payload creation framework for the execution of arbitrary VBA (macro) source code directly in memory
https://github.com/optiv/Ivy
https://github.com/cube0x0/ParallelSyscalls
A Linux program that replies to ping but modifies the payload of the ICMP package to get lower ping times
https://github.com/m-ou-se/pong
Bash script to check if a domain or list of domains can be spoofed based in DMARC records
https://github.com/v4d1/SpoofThatMail
Ivy is a payload creation framework for the execution of arbitrary VBA (macro) source code directly in memory
https://github.com/optiv/Ivy
A lightweight, stable and high-performance reverse proxy for NAT traversal, written in Rust, An alternative to frp and ngrok
https://github.com/rapiz1/rathole
frp0.33 modified version, over-traffic detection, free from killing, support for loading remote configuration files, plug-ins that can be used directly by cs
https://github.com/mstxq17/FrpProPlugin
https://github.com/rapiz1/rathole
frp0.33 modified version, over-traffic detection, free from killing, support for loading remote configuration files, plug-ins that can be used directly by cs
https://github.com/mstxq17/FrpProPlugin
A curated list for getting up to speed on #crypto and decentralized networks ☣
https://github.com/JumpCrypto/crypto-reading-list
A comprehensive, up-to-date collection of information about several thousands of #crypto tokens
https://github.com/trustwallet/assets
https://github.com/JumpCrypto/crypto-reading-list
A comprehensive, up-to-date collection of information about several thousands of #crypto tokens
https://github.com/trustwallet/assets
CISA Adds 15 Known Exploited Vulnerabilities to Catalog
https://www.cisa.gov/uscert/ncas/current-activity/2022/01/10/cisa-adds-15-known-exploited-vulnerabilities-catalog
https://www.cisa.gov/uscert/ncas/current-activity/2022/01/10/cisa-adds-15-known-exploited-vulnerabilities-catalog
Nanocore, Netwire and AsyncRAT spreading campaign uses public cloud infrastructure. latest example of threat actors abusing cloud services like Microsoft Azure and Amazon Web Services
Cisco Talos
https://blog.talosintelligence.com/2022/01/nanocore-netwire-and-asyncrat-spreading.html?m=1
Cisco Talos
https://blog.talosintelligence.com/2022/01/nanocore-netwire-and-asyncrat-spreading.html?m=1
CVE-2022-21907 Wormable Windows HTTP hole. what you need to know
https://nakedsecurity.sophos.com/2022/01/12/wormable-windows-http-hole-what-you-need-to-know
ESET researchers look at malware that abuses vulnerabilities in kernel drivers and outline mitigation techniques against this type of exploitation
https://www.welivesecurity.com/2022/01/11/signed-kernel-drivers-unguarded-gateway-windows-core
New SysJoker Backdoor Targets Windows, Linux, macOS
https://www.intezer.com/blog/malware-analysis/new-backdoor-sysjoker
SysJoker analyzing the first (macOS) malware of 2022
https://objective-see.com/blog/blog_0x6C.html
https://nakedsecurity.sophos.com/2022/01/12/wormable-windows-http-hole-what-you-need-to-know
ESET researchers look at malware that abuses vulnerabilities in kernel drivers and outline mitigation techniques against this type of exploitation
https://www.welivesecurity.com/2022/01/11/signed-kernel-drivers-unguarded-gateway-windows-core
New SysJoker Backdoor Targets Windows, Linux, macOS
https://www.intezer.com/blog/malware-analysis/new-backdoor-sysjoker
SysJoker analyzing the first (macOS) malware of 2022
https://objective-see.com/blog/blog_0x6C.html
Auto Collect #Poc Or #Exploit from Github by CVE ID #CVE-2021
https://github.com/ycdxsb/PocOrExp_in_Github/tree/main/2021
https://github.com/ycdxsb/PocOrExp_in_Github/tree/main/2021
Log4Shell Payloads
https://github.com/rwincey/CVE-2021-44228-Log4j-Payloads
RDP server access to C: drive
https://github.com/klinix5/ReverseRDP_RCE
https://github.com/rwincey/CVE-2021-44228-Log4j-Payloads
RDP server access to C: drive
https://github.com/klinix5/ReverseRDP_RCE
Vulnerability Intelligence Center / Exploits
https://github.com/Patrowl/PatrowlHears
Open-Source Vulnerability Intelligence Center Unified source of vulnerability, exploit and threat Intelligence feeds
https://github.com/Patrowl/PatrowlHearsData
https://github.com/Patrowl/PatrowlHears
Open-Source Vulnerability Intelligence Center Unified source of vulnerability, exploit and threat Intelligence feeds
https://github.com/Patrowl/PatrowlHearsData
XXE Injection Payload List
SQL Injection Payload List
RFI/LFI Payload List
Open Redirect Payload List
Command Injection Payload List
https://github.com/payloadbox
SQL Injection Payload List
RFI/LFI Payload List
Open Redirect Payload List
Command Injection Payload List
https://github.com/payloadbox
generate QR codes in a jiffy
https://github.com/endroid/qr-code
Simple Asset Mapping Tool
https://github.com/lcvvvv/kscan
Automated Penetration Tool After Border Dotting
https://github.com/inbug-team/InScan
An Adavnced Automation Tool For Web-Recon
https://github.com/Cyber-Guy1/BlackDragon
Building and Executing Position Independent Shellcode from Object Files in Memory
https://github.com/paranoidninja/PIC-Get-Privileges
https://github.com/endroid/qr-code
Simple Asset Mapping Tool
https://github.com/lcvvvv/kscan
Automated Penetration Tool After Border Dotting
https://github.com/inbug-team/InScan
An Adavnced Automation Tool For Web-Recon
https://github.com/Cyber-Guy1/BlackDragon
Building and Executing Position Independent Shellcode from Object Files in Memory
https://github.com/paranoidninja/PIC-Get-Privileges