-
- #iot
- #chrome-and-friends: Chrome, V8, Blink, Mojo, etc.
- Linux kernel #todo
- expdev #todo
- fuzzing #todo
El Mehdi myuyu
tin-z
/ VR_roadmap.md
Last active
December 9, 2025 17:49
Becoming a Vulnerability Researcher roadmap: my personal experience
msrkp
/ review.md
Last active
February 6, 2024 20:30
https://portswigger.net/polls/top-10-web-hacking-techniques-2023
The criteria I used to rank:
- The level of complexity of the research. (How hard for me to do the same research?)
- The usefulness of the research to other security researchers.
- Novelty, scale of exploitation and impact
Top candidates
- Exploiting Hardened .NET Deserialization: New Exploitation Ideas and Abuse of Insecure Serialization
- https://github.com/thezdi/presentations/blob/main/2023_Hexacon/whitepaper-net-deser.pdf
0xdevalias
/ _deobfuscating-unminifying-obfuscated-web-app-code.md
Last active
December 10, 2025 08:59
Some notes and tools for reverse engineering / deobfuscating / unminifying obfuscated web app code
Some notes and tools for reverse engineering / deobfuscating / unminifying obfuscated web app code.
SwitHak
/ 20211210-TLP-WHITE_LOG4J.md
Last active
November 24, 2025 11:24
BlueTeam CheatSheet * Log4Shell* | Last updated: 2021-12-20 2238 UTC
Security Advisories / Bulletins / vendors Responses linked to Log4Shell (CVE-2021-44228)
- If you want to add a link, comment or send it to me
- Feel free to report any mistake directly below in the comment or in DM on Twitter @SwitHak
- Royce Williams list sorted by vendors responses Royce List
- Very detailed list NCSC-NL
- The list maintained by U.S. Cybersecurity and Infrastructure Security Agency: CISA List
AvasDream
/ oscp_prep.md
Last active
November 16, 2025 15:44
Resource for OSCP like HTB Boxes with Ippsec Videos and Writeups.
dwisiswant0
/ st8out.sh
Last active
February 17, 2024 16:48
St8out - Extra one-liner for reconnaissance
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| ##### | |
| # | |
| # St8out - Extra one-liner for reconnaissance | |
| # | |
| # Usage: ./st8out.sh target.com | |
| # | |
| # Resources: | |
| # - https://github.com/j3ssie/metabigor |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ```zshrc | |
| #▄███████▄ ▄████████ ▄█ █▄ ▄████████ ▄████████ | |
| #██▀ ▄██ ███ ███ ███ ███ ███ ███ ███ ███ | |
| # ▄███▀ ███ █▀ ███ ███ ███ ███ ███ █▀ | |
| #▀█▀▄███▀▄▄ ███ ▄███▄▄▄▄███▄▄ ▄███▄▄▄▄██▀ ███ | |
| # ▄███▀ ▀ ▀███████████ ▀▀███▀▀▀▀███▀ ▀▀███▀▀▀▀▀ ███ | |
| #▄███▀ ███ ███ ███ ▀███████████ ███ █▄ | |
| #███▄ ▄█ ▄█ ███ ███ ███ ███ ███ ███ ███ | |
| #▀████████▀ ▄████████▀ ███ █▀ ███ ███ ████████▀ | |
| # ███ ███ |
Edu4rdSHL
/ parallel-subdomains-resolv.md
Created
November 11, 2019 16:03
[ SecHackLabs ~/Projects/Rust/Development/findomain ] [develop]
└─ ▶ time ./target/release/findomain -t aol.com --query-database -i --threads 100
Target ==> aol.com
Searching subdomains in the Findomain database for the target aol.com 🔍
Performing asynchronous subdomains resolution for 70600 subdomains with 100 threads, it will take a while. 🧐
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /.s3cfg | |
| /phpunit.xml | |
| /nginx.conf | |
| /.vimrc | |
| /LICENSE.md | |
| /yarn.lock | |
| /Gulpfile | |
| /Gulpfile.js | |
| /composer.json | |
| /.npmignore |
tehryanx
/ trufflehog.json
Last active
June 3, 2022 08:26
High signal patterns from trufflehog refactored to work with tomnomnom's gf
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "flags": "-HnriE", | |
| "patterns": [ | |
| "(xox[p|b|o|a]-[0-9]{12}-[0-9]{12}-[0-9]{12}-[a-z0-9]{32})", | |
| "-----BEGIN RSA PRIVATE KEY-----", | |
| "-----BEGIN DSA PRIVATE KEY-----", | |
| "-----BEGIN EC PRIVATE KEY-----", | |
| "-----BEGIN PGP PRIVATE KEY BLOCK-----", | |
| "AKIA[0-9A-Z]{16}", | |
| "amzn\\.mws\\.[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}", |
NewerOlder