Collection of CTF Web challenges I made. Contribute to orangetw/My-CTF-Web-Challenges development by creating an account on GitHub.

Automatic tool for DNS rebinding-based SSRF attacks - daeken/httprebind

A beginners guide to reconnaissance and how to investigate a target.

Simple Steps for LFI:

Pull out bits of URLs provided on stdin. Contribute to tomnomnom/unfurl development by creating an account on GitHub.

The following blog post introduces a new lateral movement technique that combines the power of DCOM and HTA. The research on this t...

There are a ton of great resources that have been released in the past few years on a multitude of Kerberos delegation abuse avenues.   Howe...

Bypassing WAF by inserting a JavaScript URL in the middle of the SVG image.

⏰ It's CHALLENGE O'CLOCK!
👉 Capture the flag before Thursday the 26th of June
👉 Win €400 in SWAG prizes
👉 We'll release a tip for every 100 likes on this tweet

Thanks @Toogidog for the challenge 👇

https://t.co/7koFEiaTaA

Scanning JavaScript files for Endpoints and Secrets to increase attack surface for Recon and Bug Bounty.

Running s_server in WWW mode on Windows can allow a client to read files
outside the s_server directory by including backslashes in the name, e.g.
GET /..\myfile.txt HTTP/1.0
There exists a check f...

mssqlproxy is a toolkit aimed to perform lateral movement in restricted environments through a compromised Microsoft SQL Server via socket reuse - blackarrowsec/mssqlproxy

HTTP parameter discovery suite. Contribute to edduu/Arjun development by creating an account on GitHub.