Last week Intigriti had posted an XSS challenge on Twitter. I decided to give it a look. Today , in this article I am going to explain how I solved this challenge. Here is the code, const whitelist = ['intigriti.com','intigriti.io']; var url = new URL(l…

A tool designed to exploit a privilege escalation vulnerability in the sudo program on Unix-like systems. It takes advantage of a specific misconfiguration or flaw in sudo to gain elevated privileg...

Time to grab yourself a drink, this will take a while!







We are incredibly excited to announce our fourth and final release of 2019, Kali Linux 2019.4, which is available immediately for download.
2019.4 includes some exciting new updates:…

Hello All

GitHub Gist: instantly share code, notes, and snippets.

Hey everyone, I’d like to share how I found a simple API authorization bug in a private program, which affected thousands of sub-domains…

This is a write-up on how I solved Chainsaw from HacktheBox.

Bypassing AVs by C# Managed Code (Reverse Shell) In this article I want to talk about simple C# source code …

"Are you such a dreamer to put the world to rights? I stay home forever where 2 and 2 always …

An article about a small security flaw in the SSH authentication protocol that can lead to unexpected information disclosure of private infrastructure.

A collection of awesome penetration testing resources, tools and other shiny things - enaqx/awesome-pentest

Leaders in Information Security

create cypher create statements for neo4j out of netstat files from multiple machines - trinitor/netstat2neo4j

Scan for misconfigured S3 buckets across S3-compatible APIs! - sa7mon/S3Scanner

Hi Everyone, This presentation is on Logical Attacks it can be helpful in Bug Bounties while doing Bug Hunting, Vulnerability Research in web applications, mo…

Introduction: Out-Of-Band (OOB) technique provides an attacker with an alternative way to confirm and exploit a vulnerability which is otherwise “blind”. In a blind vulnerability, as an attacker you

Metasploit for website pentest using wmap. Wmap is a web application scanner that runs within metasploit. We can use wmap to get an outline of the application we are probing. Start dvwa inside vagrant In Read more…

Glances an Eye on your system. A top/htop alternative for GNU/Linux, BSD, Mac OS and Windows operating systems. - nicolargo/glances

Enumerate usernames on a domain where you have no creds by using SMB Relay with low priv. - skorov/ridrelay