If you, like many, think relying just on `cat` command's output is enough to be sure about the integrity of a bash file. Think twice, you could get hacked. Read below 👇
Reverse Engineering For Everyone!
This comprehensive set of reverse engineering tutorials covers x86, x64 32-bit ARM, 64-bit architectures. If you're a newbie looking to learn reversing, or just someone looking to revise some concepts, check it out
Cyber-Bookmarks: a list of bookmarks that contains lists of resources/articles that will help bug bounty hunters with resources that are useful during their bug bounty journey.
#cybersecurity
#malware
#bugbounty
#hacking
🔥 Awesome BugBounty Writeups 🔥
Created a list of 600+ Bugbounty writeups characterized by Bug type ! Happy Quarantine ! Grab a coffee and give them binge read 🔥
Github :
The full content of the bash file is as follows:
The script works by including raw escape codes to move the cursor up a couple of lines, so the rest of the script is written over the top of the malicious code, hiding it.
This awesome repository contains Malware analysis/Reverse engineering related tools, training, podcasts, blog posts, literature and just about anything else closely related to the topic. - by
@0x4143
#malware
#hacking
#reversing
#cybersecurity
Bug Hunter Handbook: a book that contains lists of resources that will help bug bounty hunters with resources that are useful during their bug bounty journey.
#hacking
#bughunting
#cybersecurity
ParamSpider : Parameter miner for humans
Got a nice SSRF last week using this :
- paramspider found a url with parameter ?file_url=
- The parameter was deprecated long back from the production
- luckily the parameter was vulnerable to SSRF
Github :
Damn Vulnerable GraphQL Application is an intentionally vulnerable implementation of Facebook's GraphQL technology, to learn and practice GraphQL Security.
#hacking
#graphql
#cybersecurity
#bughunting
We are so worried by this `xz` fiasco, when in reality it is so trivial to trick humans into running malicious code. No CVEs are used for the majority of the big shot hacks, humans are the most vulnerable link in this chain. Education/awareness alone will stop the majority of the
🔥Find OpenRedirect Vulnerabilities in Bulk !
OpenRedireX : An Asynchronous Fuzzer for testing Openredirect issues
Initially
@nullpxl
and I coded this for the output produced by ParamSpider + GF ,
Now releasing it as a standalone repository !
Github :
Damn Vulnerable DeFi is the wargame to learn offensive security of DeFi smart contracts. Throughout numerous challenges you will build the skills to become a bug hunter or security auditor in the space, and yeah Merry Christmas🎄
#blockchain
Bug Hunter Handbook: a book that contains lists of resources that will help bug bounty hunters with resources that are useful during their bug bounty journey.
#hacking
#bughunting
#cybersecurity
headerpwn: A fuzzer for finding anomalies and analyzing how servers respond to different HTTP headers
Useful for uncovering following behaviors:
- Header based access control issues
- 403/401 Bypasses
- Detecting anomalies when certain special headers are present
- Header
Machine Learning for Cyber Security: A curated list of amazingly awesome tools and resources related to the use of machine learning for cyber security.
#cybersecurity
#hacking
#machinelearning
A curated list of fuzzing resources ( Books, courses - free and paid, videos, tools, tutorials, and vulnerable applications to practice on ) for learning Fuzzing and initial phases of Exploit Development.
#cybersecurity
#fuzzing
#hacking
CVE reversing is perhaps the best, most effective and practical approach for learning the ropes of offensive security research. Here is how I do it:
- Tracking recent CVEs
- Selecting CVEs related to extensively utilized software
- Scrutinizing CVE description
- Reading product
Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis, and security assessment framework capable of performing static and dynamic analysis.
#cybersecurity
#hacking
paramspider: Mining URLs from dark corners of Web Archives for bughunting/fuzzing/further probing
GitHub:
🔄 Revamped Features:
- Multiple domain names Input using file
- Enhanced Exception Handling
- Easy Setup using pip
- Clear and more
An Intentionally designed Vulnerable Android Application built in Kotlin for sharping your mobile hacking skills via exploiting real-world mobile vulnerabilities.
#android
#hacking
#cybsersecurity
heaptruffle: Mine URLs from Browser's Heap Snapshot for fun and profit
GitHub:
heaptruffle captures heap snapshots of the web pages' memory. These heap snapshots are then parsed, allowing heaptruffle to extract URLs/endpoints from it.
#bugbountytips
I got so many DMs on how to use ParamSpider + GF , I created a section in the readme file() with follow along steps , do check this out , if still got problems DM are always open !
⚡️ Discover more subdomains and expand the attack surface using Rayder workflow.
Here is what the workflow does:
- Fetches subdomains of a domain using subfinder
- Mutates the subdomains using radamsa fuzzer
- Fetches fresh DNS resolvers for dns bruteforcing
- Uses massdns to
Malware and Exploitdev Resources: This document serves as a list of resources, and other things that aid in malware analysis/dev and exploit dev
#cybersecurity
#hacking
#malware
#exploit
Brute force HTTP headers on a list of URLs for finding anomalies and analyzing how servers respond to different HTTP headers using Rayder workflows
Useful for uncovering following behaviors:
⚡️ Header based access control issues
⚡️ 403/401 Bypasses
⚡️ Detecting anomalies