The criteria I used to rank:
- The level of complexity of the research. (How hard for me to do the same research?)
- The usefulness of the research to other security researchers.
- Novelty, scale of exploitation and impact
Top candidates
- Exploiting Hardened .NET Deserialization: New Exploitation Ideas and Abuse of Insecure Serialization
- https://github.com/thezdi/presentations/blob/main/2023_Hexacon/whitepaper-net-deser.pdf
Security Advisories / Bulletins / vendors Responses linked to Log4Shell (CVE-2021-44228)
- If you want to add a link, comment or send it to me
- Feel free to report any mistake directly below in the comment or in DM on Twitter @SwitHak
- Royce Williams list sorted by vendors responses Royce List
- Very detailed list NCSC-NL
- The list maintained by U.S. Cybersecurity and Infrastructure Security Agency: CISA List
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
##### | |
# | |
# St8out - Extra one-liner for reconnaissance | |
# | |
# Usage: ./st8out.sh target.com | |
# | |
# Resources: | |
# - https://github.com/j3ssie/metabigor |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
```zshrc | |
#▄███████▄ ▄████████ ▄█ █▄ ▄████████ ▄████████ | |
#██▀ ▄██ ███ ███ ███ ███ ███ ███ ███ ███ | |
# ▄███▀ ███ █▀ ███ ███ ███ ███ ███ █▀ | |
#▀█▀▄███▀▄▄ ███ ▄███▄▄▄▄███▄▄ ▄███▄▄▄▄██▀ ███ | |
# ▄███▀ ▀ ▀███████████ ▀▀███▀▀▀▀███▀ ▀▀███▀▀▀▀▀ ███ | |
#▄███▀ ███ ███ ███ ▀███████████ ███ █▄ | |
#███▄ ▄█ ▄█ ███ ███ ███ ███ ███ ███ ███ | |
#▀████████▀ ▄████████▀ ███ █▀ ███ ███ ████████▀ | |
# ███ ███ |
[ SecHackLabs ~/Projects/Rust/Development/findomain ] [develop]
└─ ▶ time ./target/release/findomain -t aol.com --query-database -i --threads 100
Target ==> aol.com
Searching subdomains in the Findomain database for the target aol.com 🔍
Performing asynchronous subdomains resolution for 70600 subdomains with 100 threads, it will take a while. 🧐
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
/.s3cfg | |
/phpunit.xml | |
/nginx.conf | |
/.vimrc | |
/LICENSE.md | |
/yarn.lock | |
/Gulpfile | |
/Gulpfile.js | |
/composer.json | |
/.npmignore |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
{ | |
"flags": "-HnriE", | |
"patterns": [ | |
"(xox[p|b|o|a]-[0-9]{12}-[0-9]{12}-[0-9]{12}-[a-z0-9]{32})", | |
"-----BEGIN RSA PRIVATE KEY-----", | |
"-----BEGIN DSA PRIVATE KEY-----", | |
"-----BEGIN EC PRIVATE KEY-----", | |
"-----BEGIN PGP PRIVATE KEY BLOCK-----", | |
"AKIA[0-9A-Z]{16}", | |
"amzn\\.mws\\.[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}", |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
echo "Recon $1" | |
domain=$1 | |
path="~/Desktop/Asset-note/" | |
folder=recon-$(date +"%Y-%m-%d") | |
sub_path=$path/$domain/$folder/subdomain | |
filemon_path=$path/$domain/Filemonitor |
NewerOlder