Breaking Bits
Vulnerability Discovery
CTF
Firmware Emulator
Exploit Development
Link 🔗:-
https://breaking-bits.gitbook.io/
@GitBook_s
Vulnerability Discovery
CTF
Firmware Emulator
Exploit Development
Link 🔗:-
https://breaking-bits.gitbook.io/
@GitBook_s
breaking-bits.gitbook.io
What this gitbook is | Breaking Bits
https://owasp-scvs.gitbook.io/scvs/
Software Component Verification Standard
Software Component Verification Standard
owasp-scvs.gitbook.io
Cover | Software Component Verification Standard
https://noscriptingxss.gitbook.io
OWASP IOT Top 10 2018 Mapping Project
OWASP IOT Top 10 2018 Mapping Project
noscriptingxss.gitbook.io
OWASP IoT Top 10 2018 Mapping Project
Pentest Book
Recon
Enumeration
Exploitation
Post Exploitation
Mobile
Others
Link 🔗:-
http://six2dez.gitbook.io
@GitBook_s
Recon
Enumeration
Exploitation
Post Exploitation
Mobile
Others
Link 🔗:-
http://six2dez.gitbook.io
@GitBook_s
Six2Dez
/home/six2dez/.pentest-book | Pentest Book
This book contains a bunch of info, noscripts and knowledge used during my pentests.
📖
Pentest Book by n3t_hunt3r
XSS Filter Evasion and WAF Bypassing Tactics
Cloud Pentesting
Web App Pentesting
Link 🔗:-
https://n3t-hunt3r.gitbook.io/
@GitBook_s
Pentest Book by n3t_hunt3r
XSS Filter Evasion and WAF Bypassing Tactics
Cloud Pentesting
Web App Pentesting
Link 🔗:-
https://n3t-hunt3r.gitbook.io/
@GitBook_s
n3t-hunt3r.gitbook.io
XSS Filter Evasion and WAF Bypassing Tactics | Pentest Book by n3t_hunt3r
We will analyze various levels of evasion and bypassing tactics for XSS payloads.
𝗨𝗻𝗰𝗼𝘃𝗲𝗿 𝗧𝗵𝗲 𝗧𝗿𝘂𝗲 𝗜𝗣 𝗔𝗱𝗱𝗿𝗲𝘀𝘀 𝗢𝗳 𝗪𝗲𝗯𝘀𝗶𝘁𝗲𝘀 𝗦𝗮𝗳𝗲𝗴𝘂𝗮𝗿𝗱𝗲𝗱 𝗕𝘆 𝗖𝗹𝗼𝘂𝗱𝗳𝗹𝗮𝗿𝗲
CloakQuest3r is a powerful Python tool meticulously crafted to uncover the true IP address of websites safeguarded by Cloudflare, a widely adopted web security and performance enhancement service
Link 🔗:-
https://www.kitploit.com/2023/12/cloakquest3r-uncover-true-ip-address-of.html?m=1#google_vignette
@GitBook_s
CloakQuest3r is a powerful Python tool meticulously crafted to uncover the true IP address of websites safeguarded by Cloudflare, a widely adopted web security and performance enhancement service
Link 🔗:-
https://www.kitploit.com/2023/12/cloakquest3r-uncover-true-ip-address-of.html?m=1#google_vignette
@GitBook_s
Kitploit
Kitploit – Maintenance in Progress
Kitploit is temporarily under maintenance. We’ll be back shortly with improvements.
𝗪𝗲𝗯 𝗔𝗽𝗽 𝗛𝗮𝗰𝗸𝗶𝗻𝗴 𝗥𝗲𝘀𝗼𝘂𝗿𝗰𝗲𝘀
•Cyber Intelligence
•Red - Offensive Operations
•Blue - DFIR: Digital Forensics and Incident Response
•Yellow - NetEng/SysAdmin
•Yellow - Logging and Security Architecture
•Yellow - Cloud
•Yellow - Containers
•Yellow - Code and CLI
•Yellow - AI, Machine Learning, and FOSS
•Grey - Privacy/TOR/OPSEC
•Training and Resources
Link 🔗:-
https://s0cm0nkey.gitbook.io/s0cm0nkeys-security-reference-guide
@GitBook_s
•Cyber Intelligence
•Red - Offensive Operations
•Blue - DFIR: Digital Forensics and Incident Response
•Yellow - NetEng/SysAdmin
•Yellow - Logging and Security Architecture
•Yellow - Cloud
•Yellow - Containers
•Yellow - Code and CLI
•Yellow - AI, Machine Learning, and FOSS
•Grey - Privacy/TOR/OPSEC
•Training and Resources
Link 🔗:-
https://s0cm0nkey.gitbook.io/s0cm0nkeys-security-reference-guide
@GitBook_s
s0cm0nkey.gitbook.io
All of the Best Links and Resources on Cyber Security. | s0cm0nkey's Security Reference Guide
👍4
𝗗𝗲𝗲𝗽 𝗗𝗶𝘃𝗲 𝗜𝗻𝘁𝗼 𝗘𝘅𝗽𝗹𝗼𝗶𝘁𝗶𝗻𝗴 𝗪𝗶𝗻𝗱𝗼𝘄𝘀 𝗧𝗵𝗿𝗲𝗮𝗱 𝗣𝗼𝗼𝗹𝘀
•Attacking Worker Factories
•Attacking I/O Ports
•Attacking Timer Queues
•Abusing TLS Callbacks For Payload Execution
•Payload Execution
Link 🔗:-
https://urien.gitbook.io/diago-lima/a-deep-dive-into-exploiting-windows-thread-pools
@GitBook_s
•Attacking Worker Factories
•Attacking I/O Ports
•Attacking Timer Queues
•Abusing TLS Callbacks For Payload Execution
•Payload Execution
Link 🔗:-
https://urien.gitbook.io/diago-lima/a-deep-dive-into-exploiting-windows-thread-pools
@GitBook_s
urien.gitbook.io
A Deep Dive Into Exploiting Windows Thread Pools | Diago Lima
👍4
𝗠𝗮𝗰𝗢𝗦 𝗠𝗮𝗹𝘄𝗮𝗿𝗲 𝗗𝗲𝘃𝗲𝗹𝗼𝗽𝗺𝗲𝗻𝘁
We’ll delve into the world of designing and developing malware for macOS, which is essentially a Unix-based operating system.
Link 🔗:-
https://0xf00sec.github.io/2024/03/09/MacOs-X.html
@GitBook_s
We’ll delve into the world of designing and developing malware for macOS, which is essentially a Unix-based operating system.
Link 🔗:-
https://0xf00sec.github.io/2024/03/09/MacOs-X.html
@GitBook_s
👍4
𝗠𝗮𝗹𝘄𝗮𝗿𝗲 𝗗𝗲𝘃𝗲𝗹𝗼𝗽𝗺𝗲𝗻𝘁 𝗚𝘂𝗶𝗱𝗲
•Fork Bombs
•Logical Bombs
•Zip Bombs
•Keyloggers
•Wipers
•ScreenJackers
•Prependers and Postpenders
•Browser Extensions
•Worms
•RATs
•Botnets w/ C2 Servers
•Rootkits and Bootkits
•Polymorphic Malware
•Pivoting
•Elementary Concepts and Stuff
•Being Stealthy
•Backdoors
•Windows Process Injection
•SIM Swapping
•Quishing
•RunPE
•Malware Packers
Link 🔗:-
https://arachn3.gitbook.io/malware-development-guide/
@GitBook_s
•Fork Bombs
•Logical Bombs
•Zip Bombs
•Keyloggers
•Wipers
•ScreenJackers
•Prependers and Postpenders
•Browser Extensions
•Worms
•RATs
•Botnets w/ C2 Servers
•Rootkits and Bootkits
•Polymorphic Malware
•Pivoting
•Elementary Concepts and Stuff
•Being Stealthy
•Backdoors
•Windows Process Injection
•SIM Swapping
•Quishing
•RunPE
•Malware Packers
Link 🔗:-
https://arachn3.gitbook.io/malware-development-guide/
@GitBook_s
arachn3.gitbook.io
Introduction | Malware Development Guide
❤1
𝗢𝗵𝗦𝗛𝗜𝗡𝗧
•Introduction to OSINT Web Resources
•Search Engines
•Social Media Intelligence [SOCMINT]
•Mapping and Geospatial Intelligence [GEOINT]
•Imagery Intelligence [IMINT]
•Orbital Intelligence [ORBINT]
•Business Research and Trade Intelligence [TRADINT]
•Financial Intelligence [FININT]
•Vehicle and Transportation Intelligence [VATINT]
•Digital Network Intelligence [DNINT]
•Signals Intelligence [SIGINT]
•Deep Webs and Darknets
•People Investigations
•Email Addresses
•Phone Numbers
•Usernames
•Gaming
•Real Estate
•Data Sets
•Organized Crime and Illicit Trade
•Stolen Property
•War, Crisis and Conflicts
•Weapons and Equipment •Identification
•Government Information
•Dictionaries, Translation and •Decoding
Link 🔗:-
https://ohshint.gitbook.io/oh-shint-its-a-blog
@GitBook_s
•Introduction to OSINT Web Resources
•Search Engines
•Social Media Intelligence [SOCMINT]
•Mapping and Geospatial Intelligence [GEOINT]
•Imagery Intelligence [IMINT]
•Orbital Intelligence [ORBINT]
•Business Research and Trade Intelligence [TRADINT]
•Financial Intelligence [FININT]
•Vehicle and Transportation Intelligence [VATINT]
•Digital Network Intelligence [DNINT]
•Signals Intelligence [SIGINT]
•Deep Webs and Darknets
•People Investigations
•Email Addresses
•Phone Numbers
•Usernames
•Gaming
•Real Estate
•Data Sets
•Organized Crime and Illicit Trade
•Stolen Property
•War, Crisis and Conflicts
•Weapons and Equipment •Identification
•Government Information
•Dictionaries, Translation and •Decoding
Link 🔗:-
https://ohshint.gitbook.io/oh-shint-its-a-blog
@GitBook_s
ohshint.gitbook.io
OH SHINT! Welcome Aboard | OH SHINT! It's A Blog!
So what is this site all about? Yep, it's an OSINT blog.
𝗘𝘁𝗵𝗶𝗰𝗮𝗹 𝗛𝗮𝗰𝗸𝗶𝗻𝗴 𝗧𝗼𝗼𝗹𝘀
•Kali linux most used subdomain finder
•Tools for pentesting
Wappalyzer
•the Harvester
•Parsing Wappalyzer in python
Link 🔗:-
https://ethicaltools.gitbook.io/subdomainfinder/
@GitBook_s
•Kali linux most used subdomain finder
•Tools for pentesting
Wappalyzer
•the Harvester
•Parsing Wappalyzer in python
Link 🔗:-
https://ethicaltools.gitbook.io/subdomainfinder/
@GitBook_s
ethicaltools.gitbook.io
Kali linux most used subdomain finder | Ethical-tools
There are many subdomain finder tools out there on GitHub, if you search for subdomain finder you will find a backlog of repositories on GitHub all offering subdomain finder and enumerating tools.
𝗕𝘂𝗴 𝗛𝘂𝗻𝘁𝗲𝗿 𝗛𝗮𝗻𝗱𝗯𝗼𝗼𝗸
•Getting Started in InfoSec and Bug Bounties
•Presentations
•Checklists / Guides
•Useful Twitter Threads
•List of Vulnerabilities
•API Security
•Mobile Security
•Fuzzing / Wordlists
•BugBounty Short Write-ups
•Burp Suite Tips and Tricks
•HackerOne Reports
•Response Manipulation
•Client Vs Server Side Vulnerabilities
•AWS
•Chaining of Bugs
•Bug Bounty Automation
•Mindmaps
•Oneliner Collections
•Red Teaming
•Blue Teamining
•Recon One Liners
•Containers
•Wordpress
•Fuzzing / FuFF
•OWASP ZAP
•Bug List
•Setting up burp collaborator
•Admin Panel PwN
•Credential Stuffing / Dump / •HaveibeenPwned?
•Tools Required
•Nuclei Template
Link 🔗:-
gowthams.gitbook.io/bughunter-handbook
@GitBook_s
•Getting Started in InfoSec and Bug Bounties
•Presentations
•Checklists / Guides
•Useful Twitter Threads
•List of Vulnerabilities
•API Security
•Mobile Security
•Fuzzing / Wordlists
•BugBounty Short Write-ups
•Burp Suite Tips and Tricks
•HackerOne Reports
•Response Manipulation
•Client Vs Server Side Vulnerabilities
•AWS
•Chaining of Bugs
•Bug Bounty Automation
•Mindmaps
•Oneliner Collections
•Red Teaming
•Blue Teamining
•Recon One Liners
•Containers
•Wordpress
•Fuzzing / FuFF
•OWASP ZAP
•Bug List
•Setting up burp collaborator
•Admin Panel PwN
•Credential Stuffing / Dump / •HaveibeenPwned?
•Tools Required
•Nuclei Template
Link 🔗:-
gowthams.gitbook.io/bughunter-handbook
@GitBook_s
gowthams.gitbook.io
Introduction | Bug Hunter Handbook
𝗜𝗻𝗳𝗼𝘀𝗲𝗰 𝗕𝗹𝗼𝗴
•Web Application Findings
•Recon automation, tips and tricks
•Hack The Box Machines
•CTF Challenges
•Red Teaming Tips & Tricks
•Cloud Security
Link 🔗:-
https://eslam3kl.gitbook.io/blog/
@GitBook_s
•Web Application Findings
•Recon automation, tips and tricks
•Hack The Box Machines
•CTF Challenges
•Red Teaming Tips & Tricks
•Cloud Security
Link 🔗:-
https://eslam3kl.gitbook.io/blog/
@GitBook_s
eslam3kl.gitbook.io
Welcome! | Eslam Ali Akl @eslam3kl
⚠️ Caution: This blog is mine alone. Everything posted here reflects my personal views only. Nothing I say represents my employer or any other organization I’m affiliated with. Don’t confuse the two.