Wrote in-depth about CSP and its bypasses #csp #BugBounty #hacking #CyberSecurity #bugbountytips jsecures.com/everything-abo…

If you need to investigate GitHub user accounts, Try GitFive github.com/mxrch/GitFive Created by mxrch #OSINT #github #CTI #CyberSecurity #infosec #DFIR #ThreatIntel #intelligence #CyberSecurity #tool

Answering my web #AppSec interview question from yesterday! Question 38: Name some ways TLS / SSL can be misconfigured. 1. Outdated Protocols (e.g. SSLv3, TLSv1.0) 2. Insecure Private Key Sizes 3. Incomplete Certificate Chains 4. Expired / Revoked Certificates 5. Insecure

Burp Suite Certified Practitioner Exam Study github.com/botesjuan/Burp…

CatSniffer: original multiprotocol, and multiband board made for sniffing, communicating, and attacking IoT devices securityonline.info/catsniffer-ori…

I found the "bible" of pentesting. It covers EVERYTHING! Absolutely incredible collection: drive.google.com/file/d/1TlDb1H…

Massive Mobile Security Framework (MMSF) A mobile open-source framework that combines functionalities from Frida, Objection, drozer, reflutter and more for #iOS #Android app analysis Info: securitycafe.ro/2023/09/18/mob… Download: github.com/St3v3nsS/MMSF by @st3v3nss_

Fun DA route 🧵: 1) No creds, poison the network, get some Proxy-Authentications flowing 2) Add a new computer via ntlmrelayx 3) Creds owned -> certipy find -> 2 CAs with ESC8 4) Can't relay DC, custom templates for computers 5) Relay CA1 to CA2 with the custom computer cert

Released as part of #NahamCon, an SQL injection cheatsheet like no other: tib3rius.com/sqli I'll be updating it soon with more examples, but it covers so much useful info! Thanks Ben Sadeghipour for inviting me to do an SQLi workshop!