This repository contains hundreds of well-designed graphical explanations of file formats. If you've ever created an exploit in a binary file, you know it can be quite challenging. This repository doesn't make it easy, but it does make the process of...
Cheat sheets
Default credentials cheat sheet with 3445 products
Default credentials are everywhere! However, it’s often not that easy to Google them so we might sometimes miss these bugs. To help us avoid that, ihebski aggregated data from different sources to create a cheat sheet with 3,445 (!) sets of default creds....
Browser security resources
Cezary Cerekwicki, head of product security at Opera, compiled a list of browser security learning materials. It’s definitely for you if you are interested in hacking browsers but even if you’re not, there are some references like Public Suffix List or whitepapers...
Salesforce SOQL injection resources
Jason Haddix asked on Twitter for some tips about SOQL injection in Salesforce and there are some great resources linked there. I haven’t been hacking Salesforce for a while now but I remember from my pentesting days that it’s been an absolute mess so I want to have...
Escalating admin access to RCEs in common software
Awesome RCE techniques is a repository that includes ways to escalate account takeovers to RCEs in systems like WordPress, Drupal or Jenkins. They are not zero-days or some new attack techniques but they can often make your report a higher severity....
Oauth security guide
Oauth security guide Oauth is very common these days. There are a few nice bugs that can be introduced in that mechanism. That's why you should understand it and know common vulnerabilities. There's an excellent paper by Haboob that shows Oauth from the...
IDOR cheat sheet
With modern frameworks secured by default from many popular vulnerabilities, I see that IDORs have a bigger share in my pentest reports. Usually with high risk as well. IDORs are: hard to find using DAST, SAST or source code review relatively easy to find for a human...
Everything about 2FA
With the number of password leaks in recent years, 2FA (2 Factor authentication) is implemented in more and more systems, of course, including those with bug bounty programs. There are quite a few things that can go wrong with implementing 2FA and you should...
Over 200 public pentest reports
Pentesting reports are usually confidential. If you do regular pentests, you know that your reports mustn't be shared with anyone. It's likely that you only saw reports from companies you worked in and you think that you just can't read other ones....
Examples of dangerous code in Java, .NET, PHP and Ruby
If you are doing a white-box test then it's good to know what functions in what language can be dangerous. Inon Shkedy has shared a few links to the best website with documentation in the world - StackOverflow. There are instructions on how to immediately spot...