Information Security

#bugbounty Tools

Scanners-Box
https://t.co/Kl8KyFqCtl
K8tools
https://t.co/Vc9Nm6AhLt
arachni
https://t.co/jyhK1yNlkH
Osmedeus
https://t.co/4maQSFojzs
Findsploit
https://t.co/kgO1lJfwRK
StaCoAn
https://t.co/er4opW1l5J

#bugbountytips

GitHub

We5ter/Scanners-Box

A powerful hacker toolkit collected more than 10 categories of open source scanners from Github - 安全行业从业者自研开源扫描器合辑 - We5ter/Scanners-Box

164 views07:37

Information Security

https://github.com/RPISEC/MBE

GitHub

GitHub - RPISEC/MBE: Course materials for Modern Binary Exploitation by RPISEC

Course materials for Modern Binary Exploitation by RPISEC - RPISEC/MBE

134 views09:21

Information Security

http://o365blog.com/post/adsync/

Aadinternals

Decrypting ADSync passwords - my journey into DPAPI

Microsoft changed the location of ADSync encryption keys in Azure AD Connect version 1.4.x. These keys are used to encrypt and decrypt the passwords of “service accounts” used for syncing
data from AD to Azure AD. Earlier versions saved the keys in the registry…

135 views09:28

Information Security

https://github.com/maxpl0it/CVE-2020-0674-Exploit

GitHub

GitHub - maxpl0it/CVE-2020-0674-Exploit: This is an exploit for CVE-2020-0674 that runs on the x64 version of IE 8, 9, 10, and…

This is an exploit for CVE-2020-0674 that runs on the x64 version of IE 8, 9, 10, and 11 on Windows 7. - maxpl0it/CVE-2020-0674-Exploit

152 views09:37

Information Security

“Stored XSS in Paytium 3.0.13 WordPress Plugin” by Jonathan Bouman https://link.medium.com/eoBxnJnZr6

Medium

Stored XSS in Paytium 3.0.13 WordPress Plugin

A full write up: How to find a stored XSS bug in a Wordpress plugin and create a proof of concept payload that hijacks the full…

141 views09:06

Information Security

https://labs.detectify.com/2016/12/15/postmessage-xss-on-a-million-sites/

Labs Detectify

postMessage XSS on a million sites - Labs Detectify

postMessage can be (and often is) a source for DOM XSS vulnerabilities. If you are using 3rd party scripts, make sure to examine them and their postMessage implementation.

139 views18:57

Information Security

https://medium.com/bugbountywriteup/exploiting-post-message-to-steal-users-cookies-7df43a00289a

Medium

Exploiting post message to steal user’s cookies

132 views10:59

Information Security

https://www.hahwul.com/2020/05/vulnerability-of-postmessage.html?m=1

Hahwul

Vulnerability of postMessage and postMesasge-tracker browser extension

126 views04:33

Information Security

https://www.agwa.name/blog/post/preventing_server_side_request_forgery_in_golang

www.agwa.name

Preventing Server Side Request Forgery in Golang

130 views11:05

Information Security

https://twitter.com/hackerscrolls/status/1261224450827190272

Twitter

Hack3rScr0lls

You suffer from Firefox telemetry requests in Burp, don't you? Here is the solution — use this config file for Firefox: gist.github.com/AetherEternity… It disables most of telemetry features. Trick by @AetherEternity #BugBountyTip

134 views14:14

Information Security

https://github.com/SecureAuthCorp/impacket/pull/857

129 views17:31

Information Security

https://byt3bl33d3r.github.io/practical-guide-to-ntlm-relaying-in-2017-aka-getting-a-foothold-in-under-5-minutes.html

byt3bl33d3r.github.io

Practical guide to NTLM Relaying in 2017 (A.K.A getting a foothold in under 5 minutes) // byt3bl33d3r // /dev/random > blog.py

byt3bl33d3r, /dev/random > blog.py

128 views17:35

Information Security

https://ssd-disclosure.com/ssd-advisory-mylittleadmin-preauth-rce/

SSD Secure Disclosure

SSD Advisory - MyLittleAdmin PreAuth RCE - SSD Secure Disclosure

TL;DR Find out how we managed to execute arbitrary commands on MyLittleAdmin management tool using unauthenticated RCE vulnerability. Vulnerability Summary MyLittleAdmin is a web-based management tool specially designed for MS SQL Server. It fully works…

138 views17:56

Information Security

https://www.ezequiel.tech/p/36k-google-app-engine-rce.html

www.ezequiel.tech

$36k Google App Engine RCE

Website of Ezequiel Pereira, Uruguayan security enthusiast and student.

119 views16:32

Information Security

https://www.ezequiel.tech/p/10k-host-header.html

www.ezequiel.tech

$10k host header

Website of Ezequiel Pereira, Uruguayan security enthusiast and student.

117 views16:35

Information Security

“Bypassing csrf token” by Amyrahm https://link.medium.com/jENSXSHxy6

Medium

Bypassing csrf token

***************************************************************.

115 views07:52

Information Security

“The complete subdomain Enumeration Guide” by Shifa cyclewala https://link.medium.com/rD1chmKyy6

Medium

The complete subdomain Enumeration Guide

Hello Everyone, as we know Information gathering or sometimes also known as Reconnaissance or simply recon is the first and foremost step…

132 views08:07

Information Security

“Bug Bounty Hunting All you will need” by Hazem Mohamed https://link.medium.com/j2gr6CWyy6

Medium

Bug Bounty Hunting All you will need

The Question All ask is How to start as a Bug Hunter ? and the following links are tell you how :) BUG BOUNTY How to start BUG BOUNTY…

140 views08:09

Information Security

https://github.com/0xsobky/HackVault/wiki/Unleashing-an-Ultimate-XSS-Polyglot

GitHub

Unleashing an Ultimate XSS Polyglot

A container repository for my public web hacks! Contribute to 0xSobky/HackVault development by creating an account on GitHub.

122 views17:34

Information Security

https://medium.com/@bilalmerokhel/chained-bugs-account-takeover-ceff67d1d55a

Medium

Chained Bugs [ Account TakeOver ]

Assalam-O-Alaikum fellas hope you all are fine, it has been a while I've not contributed to the community so, today I will share chained…

119 views17:42

About

Blog

Apps

Platform