GitHub - parsiya/Hacking-with-Go: Golang for Security Professionals
https://github.com/parsiya/Hacking-with-Go
https://github.com/parsiya/Hacking-with-Go
GitHub
GitHub - parsiya/Hacking-with-Go: Golang for Security Professionals
Golang for Security Professionals. Contribute to parsiya/Hacking-with-Go development by creating an account on GitHub.
Abusing autoresponders and email bounces – intigriti – Medium
https://medium.com/intigriti/abusing-autoresponders-and-email-bounces-9b1995eb53c2
https://medium.com/intigriti/abusing-autoresponders-and-email-bounces-9b1995eb53c2
Medium
Abusing autoresponders and email bounces
Being a bug bounty hunter, I face a lot of competition. Lots of companies are willing to issue rewards for vulnerabilities in their…
How to find open databases with the help of Shodan and Lampyre
https://medium.com/@lampyre.io/how-to-find-open-databases-with-the-help-of-shodan-and-lampyre-1d6499003fb
https://medium.com/@lampyre.io/how-to-find-open-databases-with-the-help-of-shodan-and-lampyre-1d6499003fb
Medium
How to find open databases with the help of Shodan and Lampyre
Today I’ll be telling you about the tool which combines the advantages of many tools for Cyber Threat Intelligence and Open Source…
## OSINT
## searchengines
## hunt
censys.io
shodan.io
viz.greynoise.io/table
zoomeye.org
fofa.so
onyphe.io
app.binaryedge.io
hunter.io
wigle.net
Lampire.io
## searchengines
## hunt
censys.io
shodan.io
viz.greynoise.io/table
zoomeye.org
fofa.so
onyphe.io
app.binaryedge.io
hunter.io
wigle.net
Lampire.io
Pwning with Responder - A Pentester's Guide - NotSoSecure
https://www.notsosecure.com/pwning-with-responder-a-pentesters-guide/
https://www.notsosecure.com/pwning-with-responder-a-pentesters-guide/
NotSoSecure
Pwning with Responder - A Pentester's Guide
Overview: Responder is a great tool that every pentester needs in their arsenal. If a client/target cannot resolve a name via DNS it will fall back to name resolution via LLMNR (introduced in Windows
💀 Exploit Drupal < 8.6.10 / < 8.5.11 - REST Module Remote Code Execution CVE-2019-6340
https://sploitus.com/exploit?id=EDB-ID:46452
https://sploitus.com/exploit?id=EDB-ID:46452
Sploitus
💀 Exploit for Drupal < 8.6.10 / < 8.5.11 - REST Module Remote Code Execution
Exploit for Drupal < 8.6.10 / < 8.5.11 - REST Module Remote Code Execution | Sploitus | Exploit & Hacktool Search Engine
How-To: Cloud Cracker
1) Create AWS EC2 Instance
2) Choose p3.16xlarge
3) Install nVidia drivers
4) Install Hashcat
5) Crack Password Hashes
Alt) Choose an upToDate AMI from nVidia in the AWS Marketplace that already has nvidia drivers & configs installed. Then install Hashcat.
1) Create AWS EC2 Instance
2) Choose p3.16xlarge
3) Install nVidia drivers
4) Install Hashcat
5) Crack Password Hashes
Alt) Choose an upToDate AMI from nVidia in the AWS Marketplace that already has nvidia drivers & configs installed. Then install Hashcat.
GitHub - 0xInfection/Awesome-WAF: 🔥 A curated list of awesome web-app firewall (WAF) stuff.
https://github.com/0xInfection/Awesome-WAF
https://github.com/0xInfection/Awesome-WAF
GitHub
GitHub - 0xInfection/Awesome-WAF: Everything about Web Application Firewalls (WAFs) from Security Standpoint! 🔥
Everything about Web Application Firewalls (WAFs) from Security Standpoint! 🔥 - 0xInfection/Awesome-WAF
Need to steal the password to a wireless network? Have access to Windows 8 or 10 box?
1) netsh wlan show profiles
2) netsh wlan show profile name=WIFI_NAME key=clear
3) Look for the “Key Content” line, the cleartext password will be there.
1) netsh wlan show profiles
2) netsh wlan show profile name=WIFI_NAME key=clear
3) Look for the “Key Content” line, the cleartext password will be there.
Wordpress Scanners collection:-
https://t.co/q3s23QBKp2
https://t.co/8cPeIHZJ3i
https://t.co/7e0Bi62JWN
https://t.co/MPgMWMiWkI
https://t.co/DoYZuEuT6M
https://t.co/GaZAmoguiH
https://t.co/q3s23QBKp2
https://t.co/8cPeIHZJ3i
https://t.co/7e0Bi62JWN
https://t.co/MPgMWMiWkI
https://t.co/DoYZuEuT6M
https://t.co/GaZAmoguiH
GitHub
m4ll0k/WPSeku
WPSeku - Wordpress Security Scanner . Contribute to m4ll0k/WPSeku development by creating an account on GitHub.
Day 59: Windows API for Pentesting (Part 1) – int0x33 – Medium
https://medium.com/@int0x33/day-59-windows-api-for-pentesting-part-1-178c6ba280cb
https://medium.com/@int0x33/day-59-windows-api-for-pentesting-part-1-178c6ba280cb
Medium
Day 59: Windows API for Pentesting (Part 1)
What is the Windows API?
Analyzing a Windows DHCP Server Bug (CVE-2019-0626) - MalwareTech
https://www.malwaretech.com/2019/03/analyzing-a-windows-dhcp-server-bug-cve-2019-0626.html
https://www.malwaretech.com/2019/03/analyzing-a-windows-dhcp-server-bug-cve-2019-0626.html
Malwaretech
Analyzing a Windows DHCP Server Bug (CVE-2019-0626)
Today I’ll be doing an in-depth write up on CVE-2019-0626, and how to find it. Due to the fact this bug only exists on Windows Server, I’ll be using a Server 2016 VM (corresponding patch is KB4487026).
Note: this bug was not found by me, I reverse engineered…
Note: this bug was not found by me, I reverse engineered…
Arbitrary File Reading in Next.js < 2.4.1 – Arseny Reutov – Medium
https://raz0r.name/vulnerabilities/arbitrary-file-reading-in-next-js-2-4-1/
https://raz0r.name/vulnerabilities/arbitrary-file-reading-in-next-js-2-4-1/
Raz0r.name — Web Application Security
Arbitrary File Reading in Next.js < 2.4.1 | Raz0r — Web3 Security
Next.js is a quite popular (>13k stars on GitHub) framework for server-rendered React applications. It includes a NodeJS server which allows to render HTML pages dynamically. While digging into server's code, a list of internal routes drew my attention: defineRoutes()…
File upload vulnerability scanner and exploitation tool.
https://t.co/JoQu6EQz6Y
https://t.co/JoQu6EQz6Y
GitHub
almandin/fuxploider
File upload vulnerability scanner and exploitation tool. - almandin/fuxploider
Credentials & lateral movement
findstr /si password *.txt
findstr /si password *.xml
dir /s *pass* == *cred* == *vnc* == *.config*
findstr /spin "password" *.*
reg query HKLM /f password /t REG_SZ /s
reg query HKCU /f password /t REG_SZ /s
findstr /si password *.txt
findstr /si password *.xml
dir /s *pass* == *cred* == *vnc* == *.config*
findstr /spin "password" *.*
reg query HKLM /f password /t REG_SZ /s
reg query HKCU /f password /t REG_SZ /s
GitHub - Pure-L0G1C/Loki: Remote Access Tool/Botnet
https://github.com/Pure-L0G1C/Loki
https://github.com/Pure-L0G1C/Loki
GitHub
GitHub - Bitwise-01/Loki: Remote Access Tool
Remote Access Tool. Contribute to Bitwise-01/Loki development by creating an account on GitHub.