6460
Apache Struts double evaluation RCE lottery - Blog - LGTM
This post takes a look at a type of RCE vulnerability in Apache Struts known as a double evaluation and explains how to find it using QL.
web  vulnerability  struts  apache  rce  pentest 
23 hours ago
Sci-Hub: removing barriers in the way of science
The first pirate website in the world to open mass and public access to tens of millions research papers
academia  ieee  paper  papers  science  research  academic 
yesterday
lgandx/Responder: Responder is a LLMNR, NBT-NS and MDNS poisoner, with built-in HTTP/SMB/MSSQL/FTP/LDAP rogue authentication server supporting NTLMv1/NTLMv2/LMv2, Extended Security NTLMSSP and Basic HTTP authentication.
Responder is a LLMNR, NBT-NS and MDNS poisoner, with built-in HTTP/SMB/MSSQL/FTP/LDAP rogue authentication server supporting NTLMv1/NTLMv2/LMv2, Extended Security NTLMSSP and Basic HTTP authentication. - lgandx/Responder

The better maintained fork of Responder
secuirty  pentest  windows  fork  llmnr  netbios  smb  man-in-the-middle  wpad 
6 days ago
nickjj/ansible-docker: Install / Configure Docker and Docker Compose using Ansible.
Install / Configure Docker and Docker Compose using Ansible. - nickjj/ansible-docker
ansible  docker  setup  installation 
7 days ago
Top 10 Web Hacking Techniques of 2017 | Blog
The verdict is in! Following 37 nominations whittled down to a shortlist of 15 by a community vote, our panel of experts has conferred and selected the top 10 web hacking techniques of 2017 (and 2016)
web  security  top  2017 
12 days ago
keybase/keybase-chat-bot: exploration with the keybase chat API
exploration with the keybase chat API. Contribute to keybase/keybase-chat-bot development by creating an account on GitHub.
keybase  bot  javascript 
13 days ago
pretix – Reinventing ticket sales for conferences, festivals, exhibitions, ...
pretix helps you to sell tickets for your event in an easy way. It supports multi-lingual events and provides a wide range of features
opensource  ticketing  webshop  python  event 
13 days ago
CNCF Cloud Native Interactive Landscape
framework, platforms, tools related to container and cloud deployments
cloud  list  catalog  reference  container  orchestration  sysadmin  software  devops  opensource  proprietary 
15 days ago
linuz/Sticky-Keys-Slayer: Scans for accessibility tools backdoors via RDP
Scans for accessibility tools backdoors via RDP. Contribute to linuz/Sticky-Keys-Slayer development by creating an account on GitHub.
pentest  rdp  client  scanner  rdesktop  xdotool 
19 days ago
web-pdb · PyPI
Web interface for Python's built-in PDB debugger
web  web-based  debugger  debug  python  development  front-end  remote  debugging 
20 days ago
pudb · PyPI
A full-screen, console-based Python debugger
python  debugger  console  cli  debug  development 
20 days ago
The Pale Moon Project homepage
firefox fork that can run Java applets
firefox  fork  browser  java  npapi 
22 days ago
auchenberg/volkswagen: Volkswagen detects when your tests are being run in a CI server, and makes them pass.
:see_no_evil: Volkswagen detects when your tests are being run in a CI server, and makes them pass. - auchenberg/volkswagen
testing  ci  Volkswagen  funny 
26 days ago
EnterpriseQualityCoding/FizzBuzzEnterpriseEdition: FizzBuzz Enterprise Edition is a no-nonsense implementation of FizzBuzz made by serious businessmen for serious business purposes.
FizzBuzz Enterprise Edition is a no-nonsense implementation of FizzBuzz made by serious businessmen for serious business purposes. - EnterpriseQualityCoding/FizzBuzzEnterpriseEdition
humor  funny  programming  java  fizzbuzz  enterprise 
28 days ago
danigargu/heap-viewer: An IDA Pro plugin to examine the glibc heap, focused on exploit development
An IDA Pro plugin to examine the glibc heap, focused on exploit development - danigargu/heap-viewer
heap  memory  ida  pro  plugin 
28 days ago
VcXsrv Windows X Server download | SourceForge.net
Download VcXsrv Windows X Server for free. Windows X-server based on the xorg git sources (like xming or cygwin's xwin), but compiled with Visual C++ 2012 Express Edition. Source code can also be compiled with VS2008, VS2008 Express Edition and VS2010 Express Edition, although current project and makefile are not fully compatible anymore.
desktop  x11  windows  server  xorg  xserver  wsl 
28 days ago
googleprojectzero/halfempty: A fast, parallel testcase minimization tool.
A fast, parallel testcase minimization tool. Contribute to googleprojectzero/halfempty development by creating an account on GitHub.
fuzzing  bisect  path  solver  exploitation  fuzzer 
29 days ago
jessfraz/dockerfiles: Various Dockerfiles I use on the desktop and on servers.
Various Dockerfiles I use on the desktop and on servers. - jessfraz/dockerfiles
github  docker  desktop  server  dockerfile 
4 weeks ago
ambv/black: The uncompromising Python code formatter
The uncompromising Python code formatter. Automatically formats source code to avoid religious-level wars about code formatting
code  formatter  python  opensource  format  beautifier 
5 weeks ago
GhostPack
A collection of security related toolsets. GhostPack has 7 repositories available. Follow their code on GitHub.
c#  powershell  pentest  internal  tools  security  infosec  smb  powerup  dump 
5 weeks ago
AD Explorer - Windows Sysinternals | Microsoft Docs
Active Directory Explorer is an advanced Active Directory (AD) viewer and editor.
ad  activedirectory  ldap  windows  domains  client  explorer  gui  tool  sysinternals  directory 
5 weeks ago
nbs-system/snuffleupagus: Security module for php7 - Killing bugclasses and virtual-patching the rest!
Security module for php7 - Killing bugclasses and virtual-patching the rest! - nbs-system/snuffleupagus
php  security  module  php7 
5 weeks ago
Retire.NET
Retire.NET has 3 repositories available. Follow their code on GitHub.
dot-net  vulnerability  database  tool  security  code 
6 weeks ago
Cosmonaut - Hysteria (Gör FLsh Remix) [FREE DOWNLOAD] par GÖR FLSH | Écoute gratuite sur SoundCloud
Stream Cosmonaut - Hysteria (Gör FLsh Remix) [FREE DOWNLOAD] by GÖR FLSH from desktop or your mobile device
music  remix 
6 weeks ago
wagiro/BurpBounty: Burp Bounty (Scan Check Builder in BApps Store) is a extension of Burp Suite that improve an active and passive scanner by yourself. This extension requires Burp Suite Pro.
Burp Bounty (Scan Check Builder in BApps Store) is a extension of Burp Suite that improve an active and passive scanner by yourself. This extension requires Burp Suite Pro. - wagiro/BurpBounty
burp  tool  plugin  web  appsec  pentest 
7 weeks ago
AndProx/AndProx: Native Android Proxmark3 client (no root required)
Native Android Proxmark3 client (no root required) - AndProx/AndProx
android  proxmark  rfid 
7 weeks ago
google/tink: Tink is a multi-language, cross-platform library that provides cryptographic APIs that are secure, easy to use correctly, and hard(er) to misuse.
Tink is a multi-language, cross-platform library that provides cryptographic APIs that are secure, easy to use correctly, and hard(er) to misuse. - google/tink
cryptography  library  crypto  google  opensource  security 
8 weeks ago
mazen160/struts-pwn_CVE-2018-11776: An exploit for Apache Struts CVE-2018-11776
An exploit for Apache Struts CVE-2018-11776. Contribute to mazen160/struts-pwn_CVE-2018-11776 development by creating an account on GitHub.
struts  exploit  apache  poc  pentest 
8 weeks ago
Shlohmo - Emerge From Smoke (Unofficial Video) on Vimeo
Film: Naked Lunch - USA (1991) Music: Shlohmo - Emerge From Smoke
music  video  weird 
8 weeks ago
jiahaog/nativefier: Make any web page a desktop application
Description This isn't a nativefier issue per se, but rather an issue with how electron was compiled for linux and the new glibc 2.28 on arch linux If you upgrade glibc you will get a segmentation fault when you launch any app created wi...
web  app  generator  electron  native  osx  windows  linux  desktop 
10 weeks ago
Adminer - Database management in a single PHP file
Adminer (formerly phpMinAdmin) is a full-featured database management tool written in PHP. Conversely to phpMyAdmin, it consist of a single file ready to deploy to the target server. Adminer is available for MySQL, MariaDB, PostgreSQL, SQLite, MS SQL, Oracle, Firebird, SimpleDB, Elasticsearch and MongoDB.
database  php  mysql  admin  phpmyadmin  sqlite  postgresql 
10 weeks ago
Open Sourcing JA3 – Salesforce Engineering
A JA3 hash represents the fingerprint of an SSL/TLS client application as detected via a network sensor or device, such as Bro or Suricata.
tls  fingerprint  ssl  network  handshake  opensource  ja3 
11 weeks ago
« earlier      
3d analysis android apache api architecture archive art article asm assembly attack audio authentication automation backup beer binary blog botnet browser build business c c++ canada challenge chrome cli client cloud cluster cms code collaboration community compiler computer conference configuration cracking crypto cryptography css ctf data database debian debug debugger debugging decompiler deployment design desktop development devops disk distributed distro diy dns documentation eclipse editor electronics email embedded emulator encryption engineering exploit extension filesystem firefox firmware forensic forensics framework free fun funny game games geek generator git github google graph graphics gui hacking hardware hash history homebrew homebrewing honeypot hosting how-to howto html http humor ida ide image infosec internet iot java javascript kernel language law library linux low-level malware management math media memory microsoft mobile monitoring montreal multi-platform multimedia music mysql network networking online opensource os osx paper password pcap pdf pentest performance perl php plugin poc podcast politics presentation privacy productivity programming proxy python qa quebec ransomware recon recovery reference research resources reverse-engineering router ruby scalability scanner search security server service shell social software sound source sql ssh ssl static statistics storage streaming sysadmin talk technique technology testing tls tool tools tor tutorial ui unix usb video virtualization visualization vpn vulnerability web web-based webapp webdesign webdev wifi windows wireless write-up xss

Copy this bookmark:



description:


tags: