There is no excerpt because this is a protected post.
Category: Penetration Testing
How I found 15 CVEs in 3 nights and how YOU can too.
My explanation of how I found 15 CVEs in 3 nights and my tips on how you can too!
CVE-2022-35142, CVE-2022-35143, CVE-2022-35144 – DoS, XSS and Weak Password Policy in Renato a Markdown powered knowledge base
Multiple new CVEs discovered and disclosed! XSS, DoS and a weak password policy!
CVE-2022-34613, CVE-2022-34618, CVE-2022-34619 – Multiple XSS (And more) in Mealie
Multiple new CVEs discovered and disclosed! XSS, file uploads and more!
CVE-2022-34625 – Server-Side Template Injection to Remote Code Execution (SSTI) to (RCE) in Mealie – A lesson in patience
A detailed walkthrough of CVE-2022-34625 aka a Server-Side Template Injection (SSTI) to Remote Code Execution (RCE)
Azure Cloud Pen Testing Software Suite
A great collection of scripts for attacking and defending Azure environments. Perfect for any azure cloud security assessment, audit or penetration test.
Should I add this Repo to TreeHouse Wordlists?
You tell me what you think of this wordlist repo? Is it worth adding?
CLI Web Discovery Alternative to Dirb, Dirsearch, Etc
A great alternative to have for web discovery during web app pen tests or bug bounties.
All in One RF/HID reader/writer smaller then the ProxMark?!
A great and useful device for any physical penetration test or hardware hacking engagement.
An Azure AD Recon and Exploitation Framework
A toolset for performing recon and exploiting an Azure AD instance.