CVE-2023-27842
eXtplorer 2.1.15 - Insecure Permissions following RCE (Authenticated)
https://github.com/tristao-marinho/CVE-2023-27842
#cve #poc #RCE
@Pfk_git
eXtplorer 2.1.15 - Insecure Permissions following RCE (Authenticated)
https://github.com/tristao-marinho/CVE-2023-27842
#cve #poc #RCE
@Pfk_git
GitHub
GitHub - tristao-io/CVE-2023-27842
Contribute to tristao-io/CVE-2023-27842 development by creating an account on GitHub.
منابع-برای-شکارچیان-باگ-مبتدی
فهرستی از منابع برای کسانی که علاقه مند به شروع باگ Bounties هستند.
https://github.com/nahamsec/Resources-for-Beginner-Bug-Bounty-Hunters
#pentesting #bugbounty
@pfk_git
فهرستی از منابع برای کسانی که علاقه مند به شروع باگ Bounties هستند.
https://github.com/nahamsec/Resources-for-Beginner-Bug-Bounty-Hunters
#pentesting #bugbounty
@pfk_git
GitHub
GitHub - nahamsec/Resources-for-Beginner-Bug-Bounty-Hunters: A list of resources for those interested in getting started in bug…
A list of resources for those interested in getting started in bug bounties - nahamsec/Resources-for-Beginner-Bug-Bounty-Hunters
Ultimate DevSecOps library
This library contains list of tools and methodologies accompanied with resources. The main goal is to provide to the engineers a guide through opensource #DevSecOps tooling. This repository covers only #cybersecurity in the cloud and the DevSecOps scope.
https://github.com/sottlmarek/DevSecOps
@pfk_git
This library contains list of tools and methodologies accompanied with resources. The main goal is to provide to the engineers a guide through opensource #DevSecOps tooling. This repository covers only #cybersecurity in the cloud and the DevSecOps scope.
https://github.com/sottlmarek/DevSecOps
@pfk_git
GitHub
GitHub - sottlmarek/DevSecOps: Ultimate DevSecOps library
Ultimate DevSecOps library. Contribute to sottlmarek/DevSecOps development by creating an account on GitHub.
WinSpoof
This PoC code demostrate how TpAllocWork, TpPostWork and TpReleaseWork can be used to execute machine code, the code start a image file by calling:
https://github.com/mobdk/WinSpoof
#cybersecurity #infosec
@pfk_git
This PoC code demostrate how TpAllocWork, TpPostWork and TpReleaseWork can be used to execute machine code, the code start a image file by calling:
https://github.com/mobdk/WinSpoof
#cybersecurity #infosec
@pfk_git
GitHub
GitHub - mobdk/WinSpoof: Use TpAllocWork, TpPostWork and TpReleaseWork to execute machine code
Use TpAllocWork, TpPostWork and TpReleaseWork to execute machine code - mobdk/WinSpoof
همه چیز در مورد باگ بانتی
اینها یادداشتهای پاداش باگ من است که از منابع مختلف جمعآوری کردهام، شما هم میتوانید در این مخزن مشارکت کنید!
https://github.com/daffainfo/AllAboutBugBounty
#bugbounty #pentest #infosec
@pfk_git
اینها یادداشتهای پاداش باگ من است که از منابع مختلف جمعآوری کردهام، شما هم میتوانید در این مخزن مشارکت کنید!
https://github.com/daffainfo/AllAboutBugBounty
#bugbounty #pentest #infosec
@pfk_git
GitHub
GitHub - daffainfo/AllAboutBugBounty: All about bug bounty (bypasses, payloads, and etc)
All about bug bounty (bypasses, payloads, and etc) - daffainfo/AllAboutBugBounty
Authentication Token Obtain and Replace Extender
The plugin is created to help automated scanning using Burp in the following scenarios:
▫️ Access/Refresh token
▫️ Token replacement in XML,JSON body
▫️ Token replacement in cookies
▫️ The above can be achieved using complex macro, session rules or Custom Extender in some scenarios. The rules become tricky and do not work in scenarios where the replacement text is either JSON, XML.
https://github.com/portswigger/ator
@pfk_git
The plugin is created to help automated scanning using Burp in the following scenarios:
▫️ Access/Refresh token
▫️ Token replacement in XML,JSON body
▫️ Token replacement in cookies
▫️ The above can be achieved using complex macro, session rules or Custom Extender in some scenarios. The rules become tricky and do not work in scenarios where the replacement text is either JSON, XML.
https://github.com/portswigger/ator
@pfk_git
GitHub
GitHub - PortSwigger/ator
Contribute to PortSwigger/ator development by creating an account on GitHub.
Nuclei Wordfence CVE
https://github.com/topscoder/nuclei-wordfence-cve
#cybersecurity #infosec #cve #pentest
@pfk_git
https://github.com/topscoder/nuclei-wordfence-cve
#cybersecurity #infosec #cve #pentest
@pfk_git
GitHub
GitHub - topscoder/nuclei-wordfence-cve: 60k+ WordPress Nuclei templates, updated daily from Wordfence intel—filter by severity/tags/CVE…
60k+ WordPress Nuclei templates, updated daily from Wordfence intel—filter by severity/tags/CVE and scan in one line. 🚀🔒 - topscoder/nuclei-wordfence-cve
(ISC)2 Certified in Cybersecurity
The content in this repo is based on the self-paced course called Certified in #Cybersecurity from (ISC)2, which is a preparation for (ISC)2 Certified in Cybersecurity.
In this entry-level cybersecurity certification, the domains included are: Security Principles, Business Continuity, Disaster Recovery & Incident Response Concepts, Access Controls Concepts, Network Security and Security Operations.
https://github.com/cyberfascinate/ISC2-CC-Study-Material
#ISC
@Pfk_git
The content in this repo is based on the self-paced course called Certified in #Cybersecurity from (ISC)2, which is a preparation for (ISC)2 Certified in Cybersecurity.
In this entry-level cybersecurity certification, the domains included are: Security Principles, Business Continuity, Disaster Recovery & Incident Response Concepts, Access Controls Concepts, Network Security and Security Operations.
https://github.com/cyberfascinate/ISC2-CC-Study-Material
#ISC
@Pfk_git
GitHub
GitHub - cyberfascinate/ISC2-CC-Study-Material: ISC2-CC-Study-Material
ISC2-CC-Study-Material. Contribute to cyberfascinate/ISC2-CC-Study-Material development by creating an account on GitHub.
#DevOps Guide
Development to Production all configurations with basic notes to debug efficiently.
https://github.com/Tikam02/DevOps-Guide
@pfk_git
Development to Production all configurations with basic notes to debug efficiently.
https://github.com/Tikam02/DevOps-Guide
@pfk_git
GitHub
GitHub - Tikam02/DevOps-Guide: DevOps Guide - Development to Production all configurations with basic notes to debug efficiently.
DevOps Guide - Development to Production all configurations with basic notes to debug efficiently. - Tikam02/DevOps-Guide
#گزارش های حسابرسی
مجموعه ای از گزارش های حسابرسی انفرادی توسط کارشناسان امنیت web3. هرزنامه های روابط عمومی برای اضافه کردن گزارش های هر محقق امنیتی مستقلی که می شناسید.
https://github.com/chinmay-farkya/solo-audit-reports
#cybersecurity #infosec #Audit
@pfk_git
مجموعه ای از گزارش های حسابرسی انفرادی توسط کارشناسان امنیت web3. هرزنامه های روابط عمومی برای اضافه کردن گزارش های هر محقق امنیتی مستقلی که می شناسید.
https://github.com/chinmay-farkya/solo-audit-reports
#cybersecurity #infosec #Audit
@pfk_git
GitHub
GitHub - chinmay-farkya/solo-audit-reports: A collection of solo audit reports by web3 security experts
A collection of solo audit reports by web3 security experts - GitHub - chinmay-farkya/solo-audit-reports: A collection of solo audit reports by web3 security experts
چک لیست حسابرسی قرارداد هوشمند
https://github.com/vishnuram1999/Smart-Contract-Auditing-Checklist
#bugbounty #pentest #Audit
@pfk_git
https://github.com/vishnuram1999/Smart-Contract-Auditing-Checklist
#bugbounty #pentest #Audit
@pfk_git
GitHub
GitHub - vishnuram1999/audits: My Blockchain auditing service
My Blockchain auditing service. Contribute to vishnuram1999/audits development by creating an account on GitHub.
فهرست کلمات عبور
فهرست کلمات عبور و قوانین هش کت برای شکستن آفلاین گذرواژه های طولانی و پیچیده.
https://github.com/initstring/passphrase-wordlist
#password #bugbounty #cybersecurity #infosec
@pfk_git
فهرست کلمات عبور و قوانین هش کت برای شکستن آفلاین گذرواژه های طولانی و پیچیده.
https://github.com/initstring/passphrase-wordlist
#password #bugbounty #cybersecurity #infosec
@pfk_git
GitHub
GitHub - initstring/passphrase-wordlist: Passphrase wordlist and hashcat rules for offline cracking of long, complex passwords
Passphrase wordlist and hashcat rules for offline cracking of long, complex passwords - initstring/passphrase-wordlist
LeakySAB-PoC
PoC of 'LeakySAB' a vulnerability allowing extraction of usenet provider password from a SABnzbd instance.
https://github.com/rlaphoenix/LeakySAB-PoC
#cybersecurity #infosec
@Pfk_Git
PoC of 'LeakySAB' a vulnerability allowing extraction of usenet provider password from a SABnzbd instance.
https://github.com/rlaphoenix/LeakySAB-PoC
#cybersecurity #infosec
@Pfk_Git
GitHub
GitHub - rlaphoenix/LeakySAB-PoC: PoC of 'LeakySAB' a vulnerability allowing extraction of usenet provider password from a SABnzbd…
PoC of 'LeakySAB' a vulnerability allowing extraction of usenet provider password from a SABnzbd instance - rlaphoenix/LeakySAB-PoC
برنامه ای که بررسی می کند آیا فهرستی از دامنه ها را می توان بر اساس رکوردهای SPF و DMARC جعل کرد یا خیر.
https://github.com/MattKeeley/Spoofy
#bugbounty #pentest
@pfk_git
https://github.com/MattKeeley/Spoofy
#bugbounty #pentest
@pfk_git
GitHub
GitHub - MattKeeley/Spoofy: Spoofy is a program that checks if a list of domains can be spoofed based on SPF and DMARC records.
Spoofy is a program that checks if a list of domains can be spoofed based on SPF and DMARC records. - MattKeeley/Spoofy
Bash noscript that crawls a target URL to get a better image of what is tied to a website.
https://github.com/NeverWonderLand/wildcrawl
#bugbounty #pentest
@pfk_git
https://github.com/NeverWonderLand/wildcrawl
#bugbounty #pentest
@pfk_git
GitHub
GitHub - ghostwond3r/wildcrawl: Crawls URL to get a better image of what is tied to a website.
Crawls URL to get a better image of what is tied to a website. - ghostwond3r/wildcrawl
Arc
A manager for your secrets made of arc, a RESTful API server written in Go which exposes read and write primitives for encrypted records, and arc, the client application implemented in HTML5 and javanoscript, which runs in every modern browser and it is served by arc itself.
Records are generated, encrypted and decrypted client side by arc (with AES256 in GCM mode, using 10000 iterations for the PBKDF2 key derivation function, everything WebCrypto based ), which offers an intuitive management system equipped with UI widgets including:👇
https://github.com/evilsocket/arc
#cybersecurity #infosec
@pfk_git
A manager for your secrets made of arc, a RESTful API server written in Go which exposes read and write primitives for encrypted records, and arc, the client application implemented in HTML5 and javanoscript, which runs in every modern browser and it is served by arc itself.
Records are generated, encrypted and decrypted client side by arc (with AES256 in GCM mode, using 10000 iterations for the PBKDF2 key derivation function, everything WebCrypto based ), which offers an intuitive management system equipped with UI widgets including:👇
https://github.com/evilsocket/arc
#cybersecurity #infosec
@pfk_git
GitHub
GitHub - evilsocket/arc: A manager for your secrets.
A manager for your secrets. Contribute to evilsocket/arc development by creating an account on GitHub.
idfk
• Indirect syscalls via HellsHall. Only did it for the protect call and some other common ones, too lazy for others
• Producing Shellcode (via ShellcodeTemplate), exes, dlls.
• Sleep encryption via Ekko. Only works on Exes and Shellcode. I don't think DLL can sleep encrypt properly cause CFG, just a guess though
• I managed to injected to explorer/locally and it works, but if theres more than one instance of the shellcode is already there, only one of them will cycle.
https://github.com/susMdT/fictional-invention
#cybersecurity #infosec
@pfk_git
• Indirect syscalls via HellsHall. Only did it for the protect call and some other common ones, too lazy for others
• Producing Shellcode (via ShellcodeTemplate), exes, dlls.
• Sleep encryption via Ekko. Only works on Exes and Shellcode. I don't think DLL can sleep encrypt properly cause CFG, just a guess though
• I managed to injected to explorer/locally and it works, but if theres more than one instance of the shellcode is already there, only one of them will cycle.
https://github.com/susMdT/fictional-invention
#cybersecurity #infosec
@pfk_git
GitHub
GitHub - susMdT/fictional-invention: idk man this was the default github name
idk man this was the default github name. Contribute to susMdT/fictional-invention development by creating an account on GitHub.
Defender-For-Endpoint-Queries
This repo contains the queries for defender for endpoint detection queries also hunting queries.
https://github.com/le0li9ht/Defender-For-Endpoint-Queries
#cybersecurity #infosec
@pfk_git
This repo contains the queries for defender for endpoint detection queries also hunting queries.
https://github.com/le0li9ht/Defender-For-Endpoint-Queries
#cybersecurity #infosec
@pfk_git
GitHub
GitHub - le0li9ht/Defender-For-Endpoint-Queries: This repo contains the queries for defender for endpoint detections
This repo contains the queries for defender for endpoint detections - le0li9ht/Defender-For-Endpoint-Queries
Svn-Extractor
اسکریپت ساده برای استخراج تمام منابع وب با استفاده از پوشه .SVN در معرض شبکه.
https://github.com/anantshri/svn-extractor
#cybersecurity #infosec #bugbounty #pentest
@pfk_git
اسکریپت ساده برای استخراج تمام منابع وب با استفاده از پوشه .SVN در معرض شبکه.
https://github.com/anantshri/svn-extractor
#cybersecurity #infosec #bugbounty #pentest
@pfk_git
GitHub
GitHub - anantshri/svn-extractor: simple noscript to extract all web resources by means of .SVN folder exposed over network.
simple noscript to extract all web resources by means of .SVN folder exposed over network. - anantshri/svn-extractor
TokenUniverse
An advanced tool for working with access tokens and Windows security policy.
https://github.com/diversenok/TokenUniverse
#cybersecurity #infosec
@pfk_git
An advanced tool for working with access tokens and Windows security policy.
https://github.com/diversenok/TokenUniverse
#cybersecurity #infosec
@pfk_git
GitHub
GitHub - diversenok/TokenUniverse: An advanced tool for working with access tokens and Windows security policy.
An advanced tool for working with access tokens and Windows security policy. - diversenok/TokenUniverse