Tests for race conditions in web applications. Includes a RESTful API to integrate into a continuous integration pipeline. - GitHub - TheHackerDev/race-the-web: Tests for race conditions in web app...

In previous posts we saw two techniques to bypass firewalls through custom stagers to locate and reuse the connection socket; on the one ha...

Sooty is a tool developed with the task of aiding a SOC analyst to automate parts of their workflow and speed up their process.

Bypass XSS filter methodologies, techniques, tips. Cross Site Scripting (XSS) is a Web application attack in the data output to the page

Overview In the real world, while I was pentesting a financial institute I came across a scenario where they had an internal intranet and it was using MySQL 5.7 64-bit as the backend database techn…

Firefox mXSS <img id="<img src=1 onerror=alert(1)>"> based on @SecurityMB's work. Is triggered when you use something like template to read the innerHTML.

Intro

A simple SSRF-testing sheriff written in Go. Contribute to teknogeek/ssrf-sheriff development by creating an account on GitHub.

In this note, I describe an interesting XSS that I found in February 2018 in one of the Google applications. I won't only show directly wher...

cloudflare {`XSS´} «byPASS» payloads. @spyerror🎯🥇$cat /<img%20id=%26%23x101;%20src=x%20onerror=%26%23x101;;alert`1`;> 🥈$cat /<svg%0Aonauxclick=0;[1].some(confirm)// #BugBounty #BugBountyTip #WAF #infosec

Introduction Continuing with the Windows exploit development our next stop is learning how to craft ROP chains. In the context of this blogpost we will be using them to disable DEP and execute shellcode on the stack; however, ROP chains are extremely versatile…

JWT (JSON Web Token) is a mechanism that is often used in REST APIs it can be found in popular standards, such as OpenID Connect, but we will also encounter it sometimes using OAuth2. It is used both in large companies and smaller organisations. There are…

CVE-2019-1003000-Jenkins-RCE-POC. GitHub Gist: instantly share code, notes, and snippets.