Introduction It’s been a long time since I decided to to be away from Twitter for a while for self-improvements reasons and finding…

Contribute to dozernz/cve-2020-11651 development by creating an account on GitHub.

SQL Server Reporting Services(CVE-2020-0618)中的RCE. Contribute to euphrat1ca/CVE-2020-0618 development by creating an account on GitHub.

K8工具合集(内网渗透/提权工具/远程溢出/漏洞利用/扫描工具/密码破解/免杀工具/Exploit/APT/0day/Shellcode/Payload/priviledge/BypassUAC/OverFlow/WebShell/PenTest) Web GetShell Exploit(Struts2/Zimbra/Weblogic/Tomcat/Apache/Jboss/DotNetN...

#bugbountytips 1 - python /root/Sublist3r/sublist3r.py -d https://t.co/jE0pPCNb3W -o /root/subdomains.txt 2 - nmap -sn -Pn -n -iL subdomains.txt -oG out.txt 3 - awk -F" " '{print $2}' out.txt > outnew.txt 4 - masscan -iL outnew.txt --ports 0-65535 Leave no…

While GraphQL provides greater flexibility and power over traditional REST APIs, it can increase the attack surface for vulnerabilities.

Live Every Tuesday, Saturday and Sunday on Twitch:
https://twitch.tv/nahamsec

Follow me on social media:
https://twitter.com/nahamsec
https://instagram.com/nahamsec
https://twitch.com/nahamsec
https://hackerone.com/nahamsec
https://facebook.com/nahamsec1…

The world's most advanced ethical hacking tutorials bookmark compilation. These tutorials are best place to start and is dedicated to those who are in need of learn from beginners to advanced. Get Free Kali Linux on AWS with Public IP – Real Time Penetration…

Easy Bugs for Hard Cash

As some of you will know, we have recently entered into the Red Team training space. Before deciding to create our course now known as “Adversary Simulation and Red Team...

PyMultitor - Python Multi Threaded Tor Proxy. Contribute to realgam3/pymultitor development by creating an account on GitHub.

This post is another evidence to show how difficult to parse a URL correctly. IE has URL parsing problem, this idea is originated from Sergey Bobrov. And then successfully exploited by filedescript…

Для автоматизации простых проверок на сайтах bug bounty я использую два php скрипта. Первый собирает поддомены с разных источников (...

A powerful hacker toolkit collected more than 10 categories of open source scanners from Github - 安全行业从业者自研开源扫描器合辑 - We5ter/Scanners-Box

Course materials for Modern Binary Exploitation by RPISEC - RPISEC/MBE

Microsoft changed the location of ADSync encryption keys in Azure AD Connect version 1.4.x. These keys are used to encrypt and decrypt the passwords of “service accounts” used for syncing
data from AD to Azure AD. Earlier versions saved the keys in the registry…

This is an exploit for CVE-2020-0674 that runs on the x64 version of IE 8, 9, 10, and 11 on Windows 7. - maxpl0it/CVE-2020-0674-Exploit

A full write up: How to find a stored XSS bug in a Wordpress plugin and create a proof of concept payload that hijacks the full…