This media is not supported in your browser
VIEW IN TELEGRAM
#BurpHacksForBounties - Day 28/30 - Super CSRF POC Generator Hack.
CSRF POC generator is only available in Burp Suite pro, but not anymore.
Use this -> https://github.com/merttasci/csrf-poc-generator by @mertistaken
#infosec #burp #appsec #security #bugbountytips #bugbountytip #cybersecurity
CSRF POC generator is only available in Burp Suite pro, but not anymore.
Use this -> https://github.com/merttasci/csrf-poc-generator by @mertistaken
#infosec #burp #appsec #security #bugbountytips #bugbountytip #cybersecurity
#BurpHacksForBounties - Day 29/30
No Collaborator No worries
Burp Suite Collaborator is part of pro, so use requestbin.net
- Exactly same as collaborator
- Free 20 requests without login
- HTTP bin
- DNS bin
#infosec #appsec #bugbountytips #bugbountytip #burp
No Collaborator No worries
Burp Suite Collaborator is part of pro, so use requestbin.net
- Exactly same as collaborator
- Free 20 requests without login
- HTTP bin
- DNS bin
#infosec #appsec #bugbountytips #bugbountytip #burp
purpleteam - CLI component of OWASP PurpleTeam
https://github.com/purpleteam-labs/purpleteam
#PurpleTeam #OWASP
https://github.com/purpleteam-labs/purpleteam
#PurpleTeam #OWASP
GitHub
GitHub - purpleteam-labs/purpleteam: CLI component of OWASP PurpleTeam
CLI component of OWASP PurpleTeam. Contribute to purpleteam-labs/purpleteam development by creating an account on GitHub.
EfsPotato
Exploit for EfsPotato(MS-EFSR EfsRpcOpenFileRaw with SeImpersonatePrivilege local privalege escalation vulnerability).
https://github.com/zcgonvh/EfsPotato
#windows #privesc #pentest
Exploit for EfsPotato(MS-EFSR EfsRpcOpenFileRaw with SeImpersonatePrivilege local privalege escalation vulnerability).
https://github.com/zcgonvh/EfsPotato
#windows #privesc #pentest
GitHub
GitHub - zcgonvh/EfsPotato: Exploit for EfsPotato(MS-EFSR EfsRpcOpenFileRaw with SeImpersonatePrivilege local privalege escalation…
Exploit for EfsPotato(MS-EFSR EfsRpcOpenFileRaw with SeImpersonatePrivilege local privalege escalation vulnerability). - zcgonvh/EfsPotato
Kubernetes Hardening Guidance
The NSA and CISA have published today a Kubernetes security-hardening guide
https://media.defense.gov/2021/Aug/03/2002820425/-1/-1/1/CTR_KUBERNETES%20HARDENING%20GUIDANCE.PDF
#kubernetes #hardening #security
The NSA and CISA have published today a Kubernetes security-hardening guide
https://media.defense.gov/2021/Aug/03/2002820425/-1/-1/1/CTR_KUBERNETES%20HARDENING%20GUIDANCE.PDF
#kubernetes #hardening #security
Malware Development Resources
A tale of EDR bypass methods
# https://s3cur3th1ssh1t.github.io/A-tale-of-EDR-bypass-methods/
Antivirus Artifacts
# https://github.com/D3VI5H4/Antivirus-Artifacts
Windows X86-64 System Call Table (XP/2003/Vista/2008/7/2012/8/10)
# https://j00ru.vexillium.org/syscalls/nt/64/
SysWhisoers
# https://github.com/jthuraisamy/SysWhispers
SysWhispers2
# https://github.com/jthuraisamy/SysWhispers2
SysWhispers2_x86
# https://github.com/mai1zhi2/SysWhispers2_x86
Dynamic Invocation in .NET to bypass hooks
# https://blog.nviso.eu/2020/11/20/dynamic-invocation-in-net-to-bypass-hooks/
Dynamic-Invoke
# https://thewover.github.io/Dynamic-Invoke/
Offensive P/Invoke: Leveraging the Win32 API from Managed Code
# https://posts.specterops.io/offensive-p-invoke-leveraging-the-win32-api-from-managed-code-7eef4fdef16d
Syscalls with D/Invoke
# https://offensivedefence.co.uk/posts/dinvoke-syscalls/
Shellycoat
# https://github.com/slaeryan/AQUARMOURY/tree/master/Shellycoat
Defeating Antivirus Real-time Protection From The Inside
# https://breakdev.org/defeating-antivirus-real-time-protection-from-the-inside/
Preventing 3rd Party DLLs from Injecting into your Malware
# https://www.ired.team/offensive-security/defense-evasion/preventing-3rd-party-dlls-from-injecting-into-your-processes
Lets Create An EDR… And Bypass It!
# https://ethicalchaos.dev/2020/05/27/lets-create-an-edr-and-bypass-it-part-1/
# https://ethicalchaos.dev/2020/06/14/lets-create-an-edr-and-bypass-it-part-2/
Bypassing Cylance and other AVs/EDRs by Unhooking Windows APIs
# https://www.ired.team/offensive-security/defense-evasion/bypassing-cylance-and-other-avs-edrs-by-unhooking-windows-apis
Red Team Tactics: Utilizing Syscalls in C#
# https://jhalon.github.io/utilizing-syscalls-in-csharp-1/
# https://jhalon.github.io/utilizing-syscalls-in-csharp-2/
Art of Anti Detection
# https://pentest.blog/art-of-anti-detection-1-introduction-to-av-detection-techniques/
# https://pentest.blog/art-of-anti-detection-2-pe-backdoor-manufacturing/
# https://pentest.blog/art-of-anti-detection-3-shellcode-alchemy/
#edr #av #evasion #maldev
A tale of EDR bypass methods
# https://s3cur3th1ssh1t.github.io/A-tale-of-EDR-bypass-methods/
Antivirus Artifacts
# https://github.com/D3VI5H4/Antivirus-Artifacts
Windows X86-64 System Call Table (XP/2003/Vista/2008/7/2012/8/10)
# https://j00ru.vexillium.org/syscalls/nt/64/
SysWhisoers
# https://github.com/jthuraisamy/SysWhispers
SysWhispers2
# https://github.com/jthuraisamy/SysWhispers2
SysWhispers2_x86
# https://github.com/mai1zhi2/SysWhispers2_x86
Dynamic Invocation in .NET to bypass hooks
# https://blog.nviso.eu/2020/11/20/dynamic-invocation-in-net-to-bypass-hooks/
Dynamic-Invoke
# https://thewover.github.io/Dynamic-Invoke/
Offensive P/Invoke: Leveraging the Win32 API from Managed Code
# https://posts.specterops.io/offensive-p-invoke-leveraging-the-win32-api-from-managed-code-7eef4fdef16d
Syscalls with D/Invoke
# https://offensivedefence.co.uk/posts/dinvoke-syscalls/
Shellycoat
# https://github.com/slaeryan/AQUARMOURY/tree/master/Shellycoat
Defeating Antivirus Real-time Protection From The Inside
# https://breakdev.org/defeating-antivirus-real-time-protection-from-the-inside/
Preventing 3rd Party DLLs from Injecting into your Malware
# https://www.ired.team/offensive-security/defense-evasion/preventing-3rd-party-dlls-from-injecting-into-your-processes
Lets Create An EDR… And Bypass It!
# https://ethicalchaos.dev/2020/05/27/lets-create-an-edr-and-bypass-it-part-1/
# https://ethicalchaos.dev/2020/06/14/lets-create-an-edr-and-bypass-it-part-2/
Bypassing Cylance and other AVs/EDRs by Unhooking Windows APIs
# https://www.ired.team/offensive-security/defense-evasion/bypassing-cylance-and-other-avs-edrs-by-unhooking-windows-apis
Red Team Tactics: Utilizing Syscalls in C#
# https://jhalon.github.io/utilizing-syscalls-in-csharp-1/
# https://jhalon.github.io/utilizing-syscalls-in-csharp-2/
Art of Anti Detection
# https://pentest.blog/art-of-anti-detection-1-introduction-to-av-detection-techniques/
# https://pentest.blog/art-of-anti-detection-2-pe-backdoor-manufacturing/
# https://pentest.blog/art-of-anti-detection-3-shellcode-alchemy/
#edr #av #evasion #maldev
👍1
Git-Secret
Go scripts for finding an API key / some keywords in a github repository
https://github.com/daffainfo/Git-Secret
#bugbounty #bugbountytips #pentest #api #infosec
Go scripts for finding an API key / some keywords in a github repository
https://github.com/daffainfo/Git-Secret
#bugbounty #bugbountytips #pentest #api #infosec
Search JS using Gau
#bugbounty #bugbountytips
gau -subs DOMAIN |grep -iE '\.js'|grep -iEv '(\.jsp|\.json)' >> js.txt#bugbounty #bugbountytips
Forget Password Vulns
https://www.xmind.net/m/nZwbdk/
#AppSec #hacking #bugbountytips #websecurity #xmind
https://www.xmind.net/m/nZwbdk/
#AppSec #hacking #bugbountytips #websecurity #xmind
Xmind
Common Vulnerabilities on Forget Password Functionality
A Mind Map about Common Vulnerabilities on Forget Password Functionality submitted by Harsh Bothra on Jul 23, 2021. Created with Xmind.