mikesiegel
|
e024afc9f7
|
Added anti-SSRF header bypass for GCP.
|
2019-12-31 15:11:58 +00:00 |
|
mikesiegel
|
7aa2761e3e
|
Added anti-SSRF header bypass for GCP. Similar technique works on Azure and AWS I'm guessing.
|
2019-12-31 15:07:20 +00:00 |
|
Swissky
|
0a6ac284c9
|
AdminSDHolder Abuse
|
2019-12-30 19:55:47 +01:00 |
|
Swissky
|
bcb24c9866
|
Abusing Active Directory ACLs/ACEs
|
2019-12-30 14:22:10 +01:00 |
|
Swissky
|
4b10c5e302
|
AD mitigations
|
2019-12-26 12:09:23 +01:00 |
|
Swissky
|
1535c5f1b3
|
Kubernetes - Privileged Service Account Token
|
2019-12-20 11:33:25 +01:00 |
|
Swissky
|
cf5a4b6e97
|
XSLT injection draft
|
2019-12-17 21:13:59 +01:00 |
|
Swissky
|
02f714d479
|
Merge pull request #139 from nizam0906/patch-5
Fixed Broken Links in Directory traversal
|
2019-12-17 19:19:35 +01:00 |
|
Swissky
|
ada158cd60
|
Merge pull request #138 from nizam0906/patch-4
Fixed Broken Links in Command Injection
|
2019-12-17 19:18:54 +01:00 |
|
Swissky
|
4c96a5a6ef
|
Merge pull request #137 from nizam0906/patch-3
Updated Summary and Fixed Broken Links in CSRF
|
2019-12-17 19:18:34 +01:00 |
|
Swissky
|
976403034c
|
Merge pull request #136 from nizam0906/patch-2
Added Summary in CRLF
|
2019-12-17 19:18:11 +01:00 |
|
nizam0906
|
6939499bed
|
Fixed Broken Links in Directory traversal
|
2019-12-17 22:35:35 +05:30 |
|
nizam0906
|
4de5a20376
|
Fixed Broken Links in Command Injection
|
2019-12-17 22:29:17 +05:30 |
|
nizam0906
|
156ea32217
|
Updated Summary and Fixed Broken Links in CSRF
|
2019-12-17 22:21:53 +05:30 |
|
nizam0906
|
d6d649e08f
|
Added Summary in CRLF
|
2019-12-17 22:12:35 +05:30 |
|
Swissky
|
4588cc2eee
|
Merge pull request #135 from nizam0906/patch-1
Fixed Broken Links in API Key Leaks
|
2019-12-17 17:39:55 +01:00 |
|
nizam0906
|
03762911a7
|
Fixed Broken Links in API Key Leaks
|
2019-12-17 21:59:19 +05:30 |
|
Swissky
|
896e262531
|
Privilege impersonation and GraphQL SQLi
|
2019-12-11 16:59:14 +01:00 |
|
Swissky
|
ba9fce83b1
|
Merge pull request #131 from js-kyle/angularjs
clarify AngularJS vs Angular
|
2019-12-07 12:01:08 +01:00 |
|
Kyle Martin
|
e95b0c34a3
|
clarify AngularJS vs Angular
|
2019-12-07 10:54:47 +13:00 |
|
Swissky
|
6f4a28ef66
|
Slim RCE + CAP list
|
2019-12-05 23:06:53 +01:00 |
|
Swissky
|
21101ec287
|
Merge pull request #130 from clem9669/patch-3
Bypass XSS filters on alert
|
2019-12-03 15:40:22 +01:00 |
|
clem9669
|
286f7caaa3
|
Bypass XSS filters on alert
Bypass XSS filters using javascript global variables based on the following article https://www.secjuice.com/bypass-xss-filters-using-javascript-global-variables/ from theMiddle.
|
2019-12-03 15:24:24 +01:00 |
|
Swissky
|
e92126a16c
|
Merge pull request #129 from noraj/patch-2
SSFR: add ref for docker
|
2019-12-02 22:38:28 +01:00 |
|
Swissky
|
ac0239d332
|
Merge pull request #128 from noraj/patch-1
XXE: add XXE via SVG rasterization
|
2019-12-02 22:38:08 +01:00 |
|
Swissky
|
c125b35f98
|
Merge pull request #127 from trietptm/master
Copy this -> Cut this
|
2019-12-02 10:52:19 +01:00 |
|
Minh Triet Pham Tran
|
f44d014fc2
|
Copy this -> Cut this
Change copy to cut instruction
|
2019-12-02 12:59:54 +07:00 |
|
Swissky
|
c60f264664
|
RDP backdoor + RDP session takeover
|
2019-11-26 23:39:14 +01:00 |
|
Swissky
|
06864b0ff8
|
Password spraying rewrite + Summary fix
|
2019-11-25 23:35:20 +01:00 |
|
Swissky
|
3abaa3e23d
|
Linux AD - Keyring, Keytab, CCACHE
|
2019-11-25 23:12:06 +01:00 |
|
Swissky
|
886a0b9426
|
Merge pull request #125 from noraj/patch-3
Ruby: add slim
|
2019-11-16 23:49:11 +01:00 |
|
Alexandre ZANNI
|
6a398ca5c3
|
Ruby: add slim
|
2019-11-16 17:29:55 +01:00 |
|
Swissky
|
00684a10cd
|
IIS asp shell with .asa, .cer, .xamlx
|
2019-11-16 14:53:42 +01:00 |
|
Swissky
|
639dc9faec
|
.url file in writeable share
|
2019-11-14 23:54:57 +01:00 |
|
Swissky
|
3a384c34aa
|
Password spray + AD summary re-org
|
2019-11-14 23:37:51 +01:00 |
|
Swissky
|
7f266bfda8
|
mitm ipv6 + macOS kerberoasting
|
2019-11-14 23:26:13 +01:00 |
|
Swissky
|
255a8c3660
|
Merge pull request #124 from yehgdotnet/patch-1
Added new payloads from hahwul.com
|
2019-11-14 14:21:31 +01:00 |
|
Myo Soe
|
eac33e7e10
|
Added new payloads
Added new payloads from https://www.hahwul.com/p/ssrf-open-redirect-cheat-sheet.html
http://google.com\www.whitelisteddomain.tld
http://google.com&www.whitelisteddomain.tld
http:///////////google.com
\\google.com
http://www.whitelisteddomain.tld.google.com
|
2019-11-14 18:26:35 +08:00 |
|
Swissky
|
6ca8aa8acc
|
Merge pull request #123 from bash-c/patch-1
fix invalid link
|
2019-11-14 10:25:54 +01:00 |
|
M4x
|
221b353030
|
fix invalid link
|
2019-11-14 16:59:52 +08:00 |
|
Swissky
|
43f185d289
|
CVE-2019-1322 UsoSvc
|
2019-11-11 20:31:07 +01:00 |
|
Swissky
|
f6d5221a85
|
SID history break trust + Powershell history + SCF files
|
2019-11-07 23:21:00 +01:00 |
|
Swissky
|
6fecedd880
|
MXSS - Mutated XSS - Google POC
|
2019-11-06 18:32:29 +01:00 |
|
Swissky
|
24516ca7a1
|
Kubernetes attacks update + ref to securityboulevard
|
2019-11-05 11:05:59 +01:00 |
|
Swissky
|
60050219b7
|
Impersonating Office 365 Users on Azure AD Connect
|
2019-11-04 21:43:44 +01:00 |
|
Swissky
|
4eae23a43d
|
Merge pull request #122 from noraj/patch-4
XXE: tools description + more tools
|
2019-11-04 09:11:26 +01:00 |
|
Swissky
|
adaa93b4b8
|
Merge pull request #121 from noraj/patch-3
add ref for docker SSRF
|
2019-11-04 09:10:46 +01:00 |
|
Alexandre ZANNI
|
e3604c01d7
|
XXE: tools description + more tools
|
2019-11-04 01:58:15 +01:00 |
|
Alexandre ZANNI
|
54c94e0398
|
add ref for docker SSRF
|
2019-11-03 23:50:58 +01:00 |
|
Alexandre ZANNI
|
64f8f4d869
|
add ref for docker SSRF
|
2019-11-03 23:49:36 +01:00 |
|