An awesome wordlist repo added to TreeHouse Wordlists! Yay!
A large trove of default username and passwords for all kinds of products!
XXE is an awesome web application attack vector. Here is a great recommended short course on the subject!
Some commentary on a supply chain attack recently discovered and disclosed!
A MUST have for anyone who is experienced or new to API/Web Application penetration testing.
First step in a web application penetration test against SalesForce.
This is a must-have Burp Suite Extension for when you're testing Adobe (AEM) web applications. Use this first, then run aem_hacker to double check!
Still working on TreeHouse Wordlists. Found a super interesting resource, called DomainsProject. Check it out!!
Whether you're a Bug Bounty Hunter, Penetration Tester, Student, Researcher, CTF Player or all of the above, this knowledge about SSRF's certainly can't hurt.
A extensive "new" XSS wordlist! Grab it now while it's hot for your next web app pen test!