AppSec Ezines Url (https://github.com/Simpsonpt/AppSecEzine) from 1 to 309

ezines.txt

https://gist.github.com/cure53/df34ea68c26441f3ae98f821ba1feb9c
http://goo.gl/ZIOZqG (+)
http://rol.im/asux/
https://bitbucket.org/decalage/oletools
https://goo.gl/fBEuSF (+)
https://intothesymmetry.blogspot.co.uk/2016/05/holy-redirecturi-batman.html
https://unlogic.co.uk/2016/04/12/binary-bomb-with-radare2-prelude/
http://www.oreilly.com/webops-perf/free/files/docker-security.pdf
http://goo.gl/QM0mZx (+)
https://www.cs.tau.ac.il/~tromer/mobilesc/
https://scumjr.github.io/2016/01/10/from-smm-to-userland-in-a-few-bytes/
http://winternl.com/2016/05/02/hello-world/
http://blog.frizn.fr/bkpctf-2016/qwn2own-bkpctf16
https://eev.ee/blog/2016/04/12/apple-did-not-invent-emoji/
http://www.backtrack-linux.org/backtrack/backtrack-0day-privilege-escalation/
https://goo.gl/BVzfDH (+)
http://mksben.l0.cm/2016/05/xssauditor-bypass-flash-basetag.html
https://goo.gl/Hdo0Xt (+)
http://www.shellntel.com/blog/2016/3/30/vpn-over-dns-1
https://snyk.io/blog/marked-xss-vulnerability/
http://goo.gl/ZRPrGm (+)
https://www.notsosecure.com/crafting-way-json-web-tokens/
https://steamdb.info/blog/breaking-steam-client-cryptography/
https://nullsecure.org/building-your-own-passivedns-feed/
https://goo.gl/2LrWzM (+)
http://yurichev.com/blog/breaking_simple_exec_crypto/
https://boris.in/blog/2016/the-bank-job/
https://vagmour.eu/why-resolving-to-internal-ips-really-hurts/
https://www.thanassis.space/arm.html
http://gutomaia.net/pyNES/
http://goo.gl/hEhxXH (+)
https://derevenets.com/
http://goo.gl/nctrWn (+)
https://corner.squareup.com/2016/05/content-security-policy-single-page-app.html
https://www.informationsecurity.ws/2016/01/pwning-windows-7-with-avg-av/
https://goo.gl/t0Cc6s (+)
https://dfir.it/blog/2015/08/12/webshell-every-time-the-same-purpose/
http://www.contextis.com/resources/blog/push-hack-reverse-engineering-ip-camera/
http://www.neutralizethreat.com/2016/02/lazagne-credential-recovery-binary-used.html
http://phishme.com/powerpoint-and-custom-actions/
https://seanmelia.files.wordpress.com/2016/02/yahoo-remote-code-execution-cms1.pdf
https://learn.adafruit.com/hacking-the-kinect/overview
http://ipv6excuses.com/
http://blog.detectify.com/post/82370846588/how-we-got-read-access-on-googles-production-servers
http://pwnrules.com/flickr-from-sql-injection-to-rce/
http://nahamsec.com/2014/04/paypal-marketing-remote-code-execution/
https://www.unix-ag.uni-kl.de/~conrad/krypto/pkcrack.html
http://www.sec-down.com/wordpress/?p=373
https://www.appsecconsulting.com/appsec-blog/searching-for-credit-card-track-data-in-memory/menu-id-193.html
http://javascript.info/tutorial/clickjacking
http://n0where.net/basic-integer-overflows/
http://thehackerblog.com/crossdomain-xml-proof-of-concept-tool/
http://www.ctnieves.com/blogpost.php?id=1
http://phrack.org/papers/fall_of_groups.html
https://gist.github.com/epixoip/10570627
https://hackerone.com/reports/390
https://esevece.github.io/2016/06/01/taking-over-heroku-accounts.html
https://gist.github.com/HarmJ0y/3328d954607d71362e3c
http://goo.gl/gOwiwL (+)
http://blog.securelayer7.net/mongodb-security-injection-attacks-with-php
http://cn33liz.blogspot.pt/2016/05/bypassing-amsi-using-powershell-5-dll.html
http://en.wooyun.io/2016/02/29/44.html
https://goo.gl/Y6aa6S (+)
http://blog.cr4.sh/2016/02/exploiting-smm-callout-vulnerabilities.html
http://drops.wooyun.org/papers/15430
https://hackerone.com/reports/111192
http://gursevkalra.blogspot.pt/2016/01/ysoserial-commonscollections1-exploit.html
https://hackerone.com/reports/123660
https://threatbutt.com/map/
https://hackerone.com/reports/136169
https://blog.zsec.uk/pwning-pornhub/
https://goo.gl/tNemh7 (+)
https://owtf.github.io/
https://zneak.github.io/fcd/
https://www.greyhathacker.net/?p=500
http://www.powertheshell.com/powershell-obfuscator/
http://halcyon-ide.org/
https://security-base.com:8000/
http://www.gironsec.com/blog/2016/06/backdooring-a-dll/
https://goo.gl/u6fqEf (+)
https://tyranidslair.blogspot.co.uk/2013/02/fun-with-java-serialization-and.html
http://haxx.ml/post/140552592371/remote-code-execution-in-apache-jetspeed-230-and
https://goo.gl/ojUIiP (+)
https://goo.gl/WgmTsi (+)
https://snyk.io/blog/sql-injection-orm-vulnerabilities/
http://blog.kcnabin.com.np/find_my_iphone_can-be-failed/
https://digitalfreedom.io/map/
http://makthepla.net/blog/=/scornhub-bounty
http://austingwalters.com/export-a-command-line-curl-command-to-an-executable/
https://paraschetal.in/writing-your-own-shellcode/
https://www.adamlogue.com/revisiting-xss-payloads-in-png-idat-chunks/
http://blog.blindspotsecurity.com/2016/06/advisory-http-header-injection-in.html
https://gist.github.com/sourceincite/985fd1476b7e1623cdbf7e22f3cc42e8
http://goo.gl/HgflG6 (+)
https://gist.github.com/rygorous/e0f055bfb74e3d5f0af20690759de5a7
http://incolumitas.com/2016/06/08/typosquatting-package-managers/
http://marcoramilli.blogspot.pt/2016/03/recovering-files-from-brand-new.html
http://www.deependresearch.org/2016/04/jboss-exploits-view-from-victim.html
http://www.debuginfo.com/articles/easywindbg.html
http://oalmanna.blogspot.pt/2016/03/startssl-domain-validation.html
http://www.0verl0ad.net/2016/03/bypassing-disablefunctions-y.html
https://datavibe.net/~sneak/20141023/wtf-icloud/
https://evertpot.com/PHP-Sucks/
https://blog.benjojo.co.uk/post/ssh-port-fluxing-with-totp
https://gist.github.com/graceavery/01ec404e555571a4a668c271c8f62e8b
https://blog.kchung.co/reverse-engineering-hid-iclass-master-keys/
https://goo.gl/mH93Rr (+)
http://goo.gl/mmktjE (+)
https://goo.gl/wrqfg0 (+)
https://goo.gl/3eGtjK (+)
https://ghostbin.com/paste/2w26u
http://www.kahusecurity.com/2016/locky-js-and-url-revealer/
https://hackerone.com/reports/128085
https://olivierbeg.com/finding-xss-vulnerabilities-in-flash-files/
https://www.sixdub.net/?p=591
http://blog.jan-ahrens.eu/2014/03/22/threema-protocol-analysis.html
https://goo.gl/oZrJor (+)
https://www.nutmeginfosec.com/anatomy-of-a-javascript-downloader/
https://mborgerson.com/hacking-the-blynclight
https://goo.gl/umSem4 (+)
https://goo.gl/j0Efzh (+)
https://hackerone.com/reports/137229
http://d3adend.org/blog/?p=722
http://jerrygamblin.com/2016/05/31/kalibrowser/
http://blog.knownsec.com/2016/06/php-5-4-34-unserialize-uaf-exploit/
https://bitbucket.org/iwseclabs/gunpack/
https://goo.gl/v8UgSQ (+)
http://www.cosc.canterbury.ac.nz/research/reports/HonsReps/2015/hons_1504.pdf
https://goo.gl/cr8pg6 (+)
http://www.secalert.net/2013/12/13/ebay-remote-code-execution/
http://netanelrub.in/2016/05/17/magento-unauthenticated-remote-code-execution/
https://webtransparency.cs.princeton.edu/webcensus/index.html#
http://jcjc-dev.com/2016/04/08/reversing-huawei-router-1-find-uart/
http://goo.gl/2FEOPl (+)
https://blog.cylance.com/compromising-an-entire-julia-cluster
http://irq5.io/2016/06/22/designing-the-x-ctf-2016-badge/
https://blog.benjojo.co.uk/post/cheap-hdmi-capture-for-linux
https://luc10.github.io/onedrive-an-easter-egg-into-ms-library/
http://blog.bentkowski.info/2016/07/xss-es-in-google-caja.html
https://hackerone.com/reports/131450
https://alexaltea.github.io/hasher/
http://pentestmonkey.net/blog/ssh-with-no-tty
https://modexp.wordpress.com/2016/06/04/winux/
http://srcincite.io/advisories/src-2016-22/
http://onready.me/old_horse_attacks.html
https://gist.github.com/mattifestation/97ceccd93133c7a1d39a1661922fe545
https://blogs.securiteam.com/index.php/archives/2701
https://goo.gl/5iX4at (+)
http://justhaifei1.blogspot.pt/2015/10/watch-your-downloads-risk-of-auto.html
http://goo.gl/hrhPSo (+)
http://infoseczone.net/mssql-union-based-injection-step-step/
http://blog.gosecure.ca/2016/05/26/detecting-hidden-backdoors-in-php-opcache/
https://blog.bugcrowd.com/discovering-subdomains
http://marcoramilli.blogspot.pt/2016/05/process-hollowing.html
https://auth0.com/blog/2016/05/31/cookies-vs-tokens-definitive-guide
https://blog.filippo.io/securing-a-travel-iphone/
http://blog.innerht.ml/rpo-gadgets/
https://www.josipfranjkovic.com/blog/race-conditions-on-web
http://jasminderpalsingh.info/single.php?p=87
https://labs.mwrinfosecurity.com/tools/pivot-with-ping/
https://hub.docker.com/r/jgamblin/tiny-tor/
https://pastebin.com/raw/CC6UPcbZ
http://pastebin.com/hVx08e6U
https://danielgrzelak.com/backdooring-an-aws-account-da007d36f8f9
http://goo.gl/s9tfxL (+)
http://scottgriffy.com/blogs/rat-in-the-shellcode.html
https://itsjack.cc/blog/2016/05/poor-mans-malware-hawkeye-keylogger-reborn/
https://goo.gl/fFR7Gg (+)
http://drops.wooyun.org/tips/16381
https://www.pentestpartners.com/blog/hacking-the-mitsubishi-outlander-phev-hybrid-suv
https://hackerone.com/reports/136531
https://notehub.org/5zo2v
http://haxx.ml/post/142844845111/hacking-mattermost-from-unauthenticated-to-system
https://www.youtube.com/watch?v=jOyfZex7B3E
https://www.anfractuosity.com/projects/cditter/
https://abdullah-iq.blogspot.pt/2016/06/medium-full-account-takeover.html
http://mksben.l0.cm/2016/07/xxn-caret.html
https://www.josipfranjkovic.com/blog/hacking-facebook-csrf-device-login-flow
https://gist.github.com/mattifestation/5d1565348d71b54ad02c44a5b94839f8
http://goo.gl/HYUocq (+)
http://goo.gl/CZ1Sii (+)
http://www.shellntel.com/blog/2016/6/7/weaponizing-nessus
https://habrahabr.ru/post/281374/
https://goo.gl/OnyUTd (+)
https://thusoy.com/2016/mitming-postgres
https://chloe.re/2016/06/16/badonions/
http://blog.gdssecurity.com/labs/2016/6/13/email-injection.html
https://toschprod.wordpress.com/2012/01/31/mitm-4-arp-spoofing-exploit/
https://0x41.no/mr-robot-s02e01-easter-egg/
https://httpoxy.org/
https://goo.gl/SSHshf (+)
https://www.evonide.com/how-we-broke-php-hacked-pornhub-and-earned-20000-dollar/
http://www.binsim.com/
https://goo.gl/K7f9kF (+)
http://www.andreybazhan.com/dbgkit.html
http://www.halfdog.net/Security/2016/DebianEximSpoolLocalRoot/EximUpgrade.c
https://subt0x10.blogspot.pt/2016/06/what-you-probably-didnt-know-about.html
https://blog.zsec.uk/csv-dangers-mitigations/
http://moyix.blogspot.pt/2016/07/fuzzing-with-afl-is-an-art.html
http://home.arcor.de/skanthak/sentinel.html
http://goo.gl/umnWPN (+)
https://goo.gl/gqeJyL (+)
http://xlab.tencent.com/en/2016/06/17/BadTunnel-A-New-Hope/
https://en.blog.nic.cz/2016/06/13/dnssec-signing-with-knot-dns-and-yubikey/
https://agrrrdog.blogspot.pt/2016/06/remote-detection-of-users-av-via-flash.html
https://goo.gl/yVrOhP (+)
https://alexgaynor.net/2016/mar/14/anatomy-of-a-crypto-vulnerability/
http://bugbounty.fail/
https://banmeihack.wordpress.com/2016/07/27/hacking-pokemon-into-candy-crush/
http://akat1.pl/?id=2
http://www.gattack.io/
https://ericrafaloff.com/client-side-redis-attack-poc/
https://gitlab.com/litm/redirect/tree/master
https://goo.gl/78WtUr (+)
https://shubs.io/high-frequency-security-bug-hunting-120-days-120-bugs/
http://theori.io/research/jscript9_typed_array
http://goo.gl/ThDhM8 (+)
https://reverse.put.as/2016/06/25/apple-efi-firmware-passwords-and-the-scbo-myth/
http://xlab.tencent.com/badbarcode/
https://research.g0blin.co.uk/xss-and-wordpress-the-aftermath/
https://bazad.github.io/2016/05/mac-os-x-use-after-free/
http://blog.cr4.sh/2016/06/exploring-and-exploiting-lenovo.html
https://suchakra.wordpress.com/2016/07/03/unravelling-code-injection-in-binaries/
https://magoo.github.io/Blockchain-Graveyard/
https://zwischenzugs.wordpress.com/2016/04/12/hitler-uses-docker-annotated/
https://community.rapid7.com/community/metasploit/blog/2014/04/15/exploiting-csrf-without-javascript
http://breaktoprotect.blogspot.in/2014/04/feedly-android-application-zero-day.html
http://pyrasite.readthedocs.org/en/latest/CLI.html
https://code.google.com/p/pdf-grapher/
http://phrack.org/papers/revisiting-mac-os-x-kernel-rootkits.html
http://www.mehmetince.net/codeigniter-object-injection-vulnerability-via-encryption-key/
http://www.sodnpoo.com/posts.xml/spoofing_the_samsung_smart_tv_internet_check.xml
http://www.debasish.in/2014/04/attacking-audio-recaptcha-using-googles.html
http://2014.hackitoergosum.org/slides/
https://www.youtube.com/watch?v=whEWE6WC1Ew
http://annasagrera.com/on-ascii-youtube-and-letting-go/
https://goo.gl/G3rxy2 (+)
https://avicoder.me/2016/07/22/Twitter-Vine-Source-code-dump/
https://bugs.chromium.org/p/project-zero/issues/detail?id=884
https://labs.nettitude.com/tools/poshc2/
https://benmmurphy.github.io/blog/2016/07/11/rails-webconsole-dns-rebinding/
http://www.forceprojectx.com/services/apps/memory_dumper
http://www.nyxbone.com/malware/odcodc.html
https://deadcode.me/blog/2016/07/01/UPC-UBEE-EVW3226-WPA2-Reversing.html
https://goo.gl/RwShjR (+)
https://goo.gl/Cfzilu (+)
https://goo.gl/VpRb9R (+)
http://anee.me/reversing-an-elf/
https://kjaer.io/extension-malware/
https://premium.wpmudev.org/blog/xml-rpc-wordpress/
http://theori.io/research/cve-2016-0189
https://0x90909090.blogspot.pt/2016/07/analyzing-zip-with-wsf-file-inside.html
https://smealum.github.io/3ds/
http://goo.gl/9drpjq (+)
https://introvertmac.wordpress.com/2016/07/30/hacking-google-for-fun-and-profit/
http://www.martinvigo.com/steal-2999-99-minute-venmo-siri/
https://warroom.securestate.com/bypassing-gmails-malicious-macro-signatures/
https://hackerone.com/reports/131202
https://www.npmjs.com/package/btlejuice
http://www.contextis.com/resources/blog/attacks-https-malicious-pac-files/
http://goo.gl/dh9UDb (+)
https://www.sensepost.com/blog/2016/universal-serial-abuse/
https://rol.im/securegoldenkeyboot/
https://goo.gl/Tn22Hq (+)
https://gist.github.com/cure53/521c12e249478c1c50914b3b41d8a750
http://goo.gl/9z1NXK (+)
https://gist.github.com/Kopachris/b8bb1de2cada4fdde88666e018167926
https://gist.github.com/anonymous/e48209b03f1dd9625a992717e7b89c4f
http://blog.deniable.org/blog/2016/08/09/cracking-orcus-rat/
http://dnstun.com/
https://www.cs.bham.ac.uk/~exr/lectures/opsys/10_11/lectures/os-dev.pdf
https://artsploit.blogspot.pt/2016/08/pprce2.html
https://medium.com/@nmalcolm/hacking-imgur-for-fun-and-profit-3b2ec30c9463#.ql8goaiky
http://goo.gl/4pbewk (+)
http://cryptoanarchic.me/wat.txt
https://blog.silentsignal.eu/2016/08/25/bake-your-own-extrabacon/
https://systemoverlord.com/2016/08/24/posting-json-with-an-html-form.html
https://breakdev.org/how-i-hacked-an-android-app-to-get-free-beer/
https://sysforensics.org/2016/08/jtaging-mobile-phones/
https://blog.xyz.is/2016/webkit-360.html
http://goo.gl/37GYKN (+)
http://stackstatus.net/post/147710624694/outage-postmortem-july-20-2016
http://carnal0wnage.attackresearch.com/2016/08/got-any-rces.html
https://hshrzd.wordpress.com/2016/07/21/how-to-turn-a-dll-into-a-standalone-exe/
http://co9.io/post/148716614744/defcon-24-badge-challenge
https://hackerone.com/reports/156098
http://www.paulosyibelo.com/2016/08/instagram-stored-oauth-xss.html
https://httpsonly.blogspot.pt/2016/08/turning-self-xss-into-good-xss-v2.html
https://c0nradsc0rner.wordpress.com/2016/07/06/cookie-shadow-path-injection/
https://averagesecurityguy.github.io/2016/04/21/cracking-mongodb-passwords/
http://legalhackers.com/advisories/vBulletin-SSRF-Vulnerability-Exploit.txt
https://hackerone.com/reports/131210
http://sh3ifu.com/Breaking-The-Great-Wall-Of-Web-Rafay-Baloch.pdf
https://ret2libc.wordpress.com/2016/04/04/analysing-swf-files-for-vulnerabilities/
http://goo.gl/rP8BTW (+)
http://goo.gl/KlikSg (+)
http://goo.gl/D91R2U (+)
https://hackerone.com/reports/151058
http://www.exploit-monday.com/2016/07/Win10IoTCore-Build14393-EoP.html
https://chloe.re/2016/07/25/bypassing-paths-with-open-redirects-in-csp/
http://pixelat.ion.land/
http://bouk.co/blog/hacking-developers/
https://room362.com/post/2016/snagging-creds-from-locked-machines/
http://goo.gl/x6TVjl (+)
http://goo.gl/pYL8eZ (+)
https://gist.github.com/rvrsh3ll/cc93a0e05e4f7145c9eb
https://sumofpwn.nl/advisory/2016/ajax_load_more_local_file_inclusion_vulnerability.html
http://goo.gl/VaK5Ts (+)
https://sektioneins.de/en/blog/16-09-02-pegasus-ios-kernel-vulnerability-explained.html
http://blog.zorinaq.com/nginx-resolver-vulns/
https://enigma0x3.net/2016/07/22/bypassing-uac-on-windows-10-using-disk-cleanup/
https://sites.utexas.edu/iso/2016/07/21/using-nodejs-to-deobfuscate-malicious-javascript/
http://www.keysniffer.net/
https://osandamalith.com/2016/08/01/making-your-shellcode-undetectable-using-net/
https://stratumsecurity.com/2010/04/26/owasp-2010-adding-it-all-up/
http://goo.gl/AwXfpT (+)
https://lcamtuf.blogspot.com/2016/08/css-mix-blend-mode-is-bad-for-keeping.html
https://blog.fletchto99.com/2016/september/asus-disclosure/
https://goo.gl/kjWNZv (+)
https://blog.didierstevens.com/2016/08/12/mimikatz-golden-ticket-dcsync/
https://gist.github.com/chtg/bac6459587dbb79190d0a4c235901f03
https://gist.github.com/chtg/a2acf86d44315146e85b6f88f4d2b5eb
https://honeybadger.readthedocs.io/en/latest/
https://goo.gl/nj3zNK (+)
https://www.vusec.net/projects/flip-feng-shui/
https://goo.gl/m1JdoI (+)
https://goo.gl/0C91rO (+)
https://httpsonly.blogspot.pt/2016/08/cve-2016-0782-writeup.html
https://goo.gl/JIOvxT (+)
https://linux-audit.com/elf-binaries-on-linux-understanding-and-analysis/
https://blog.exodusintel.com/2016/08/09/vxworks-execute-my-packets/
http://ohshitgit.com/
https://support.microsoft.com/en-us/kb/261186
https://weblog.sh/
https://sasi2103.blogspot.pt/2016/09/combination-of-techniques-lead-to-dom.html
https://goo.gl/DjOEHf (+)
http://www.blackhillsinfosec.com/?p=5230
https://goo.gl/tnW7hD (+)
https://nixaid.com/encrypted-chat-with-netcat/
https://andreas-mausch.github.io/whatsapp-viewer/
https://deadcode.me/blog/2016/09/02/Blind-Java-Deserialization-Commons-Gadgets.html
https://goo.gl/ClLuZH (+)
https://goo.gl/ENPsiI (+)
http://blog.nickbloor.co.uk/2016/08/drupal-coder-module-unauthenticated.html
https://goo.gl/Uqcs96 (+)
https://hostoftroubles.com/
https://tom.vg/2016/08/request-and-conquer/
http://antirez.com/news/96
https://access.redhat.com/blogs/766093/posts/2592591
https://www.thijsbroenink.com/2016/09/xiaomis-analytics-app-reverse-engineered/
https://44con.com/2016/09/19/getting-started-with-your-hidiot-badge/
http://blog.k3170makan.com/2016/09/abusing-webvtt-and-cors-for-fun-and.html
https://goo.gl/sGPM4p (+)
https://back-flip.blogspot.pt/2016/08/steal-google-account-on-stolen-or.html
https://gist.github.com/freddyb/29eedc12b3ae4b1a26d645ee90a5912d
https://jaq.alibaba.com/community/art/show?articleid=532
https://goo.gl/2tSUyp (+)
https://www.optiv.com/blog/mssql-agent-jobs-for-command-execution
http://lab.truel.it/flash-sandbox-bypass/
https://goo.gl/P0cFa8 (+)
https://sweet32.info/
https://goo.gl/lVm81H (+)
http://www.sjoerdlangkemper.nl/2016/08/29/kayako-xss/
https://www.aidanwoods.com/blog/faulty-login-pages
https://thel3l.me/blog/winprivesc/index.html
http://tinysubversions.com/notes/ethical-ad-blocker/
https://archive.org/details/softwarelibrary_msdos_games
https://diracdeltas.github.io/blog/backdooring-js/
https://5haked.blogspot.pt/2016/10/how-i-hacked-pornhub-for-fun-and-profit.html
https://hackerone.com/reports/61312
https://goo.gl/c2opyI (+)
https://173210.github.io/psp2
http://www.mbsd.jp/blog/20160921_2.html
http://paper.seebug.org/58/
https://goo.gl/Jt751V (+)
https://goo.gl/t7rg3A (+)
http://paper.seebug.org/42/
http://mksben.l0.cm/2016/09/safari-uxss-showModalDialog.html
https://hackerone.com/reports/158148
https://www.jardinesoftware.net/2016/09/12/xxe-in-net-and-xpathdocument/
https://goo.gl/UiIWfL (+)
http://calebmadrigal.com/hackrf-replay-attack-jeep/
https://goo.gl/pkPDb2 (+)
https://blog.tarq.io/node-js-request-smuggling/
http://blog.wesecureapp.com/xss-by-tossing-cookies/
https://www.cgsec.co.uk/powershell-empire-cve-2016-0189-profit/
https://hackerone.com/reports/53004
https://goo.gl/ZQK5fU (+)
https://goo.gl/63HPVG (+)
https://goo.gl/ZxXu7l (+)
http://rednaga.io/2016/09/21/reversing_go_binaries_like_a_pro/
https://www.virtuesecurity.com/blog/jquery-security-model/
http://blog.rewolf.pl/blog/?p=1630
https://goo.gl/6KQMdJ (+)
https://blog.nelhage.com/2011/03/exploiting-pickle/
http://www.gwan.com/blog/20160405.html
http://nedbatchelder.com//blog/201609/computing_primes_with_css.html
http://blog.tjll.net/ssh-kung-fu/
http://blog.gdssecurity.com/labs/2014/4/24/sql-injection-in-dynamically-constructed-images-and-other-sq.html
http://tetraph.com/covert_redirect/oauth2_openid_covert_redirect.html
http://thehelpfulhacker.net/2011/11/15/virtual-box-openbsd-router/
https://www.netspi.com/blog/entryid/223/executing-msf-payloads-via-powershell-webshellery
http://duartes.org/gustavo/blog/post/anatomy-of-a-program-in-memory/
http://www.incapsula.com/blog/world-largest-site-xss-ddos-zombies.html
http://cert.inteco.es/extfrontinteco/img/File/intecocert/EstudiosInformes/INT_Telegram_EN.pdf
http://blog.emaze.net/2014/04/attack-campaign-targeting-struts2.html
http://joxeankoret.com/blog/2014/05/02/a-vulnerability-that-wasnt/
http://programmingexcuses.com/
http://secalert.net/slack-security-bug-bounty.html
https://sites.google.com/site/bughunteruniversity/best-reports/openredirectsthatmatter
https://goo.gl/o6KYtc (+)
https://goo.gl/nG92Fe (+)
https://techanarchy.net/2016/10/extracting-lastpass-site-credentials-from-memory/
http://lightbulbone.com/2016/10/04/intro-to-macos-kernel-debugging.html
https://www.ixiacom.com/company/blog/equation-groups-firewall-exploit-chain
https://goo.gl/oE7r5q (+)
http://www.seg.inf.uc3m.es/~guillermo-suarez-tangil/papers/2016mal-iot.pdf
https://archive.is/TpVVg
https://goo.gl/oHV88F (+)
https://desc0n0cid0.blogspot.pt/2016/09/stack-based-buffer-overflow.html
http://www.ms509.com/?p=439
https://goo.gl/1HSx1l (+)
https://robinlinus.github.io/socialmedia-leak/
https://robots.thoughtbot.com/is-your-site-leaking-password-reset-links
https://henryhoggard.co.uk/blog/Paypal-2FA-Bypass
https://sourceforge.net/projects/rcexploiter/
https://www.leavesongs.com/HTML/chrome-xss-auditor-bypass-collection.html
http://x42.obscurechannel.com/?p=310
https://regala.im/2016/10/05/fixing-burp-ssl-handshake-failed-alert/
https://goo.gl/yzBzCN (+)
http://dirtycow.ninja/
https://www.vusec.net/projects/drammer/
https://hackerone.com/reports/150179
http://paper.seebug.org/91/
https://www.thanassis.space/android.html
https://www.pietroalbini.org/blog/gandi-security-vulnerability-2fa-bypass/
http://www.miasm.re/blog/2016/09/03/zeusvm_analysis.html#first-stages
https://zone13.io/post/Snagging-credentials-over-WiFi-Part1/
https://goo.gl/XczEiJ (+)
http://www.gifcities.org/#/
https://shubs.io/guide-to-building-the-tastic-rfid-thief/
https://codepo8.github.io/logo-o-matic/
http://www.blackhillsinfosec.com/?p=5396
https://hackerone.com/reports/178152
http://blog.x1622.com/2016/01/poc-how-to-steal-httponly-session.html
https://gist.github.com/anonymous/908a087b95035d9fc9ca46cef4984e97
https://osandamalith.com/2016/10/10/fun-with-sqlite-load_extension/
https://bitquark.co.uk/blog/2016/10/03/exfiltrating_files_with_busybox
http://bloggerbust.ca/2016/10/26/browsersmack-a-browser-stack-proxy-vulnerability/
https://goo.gl/4JiEfd (+)
https://goo.gl/LFF2Qa (+)
https://goo.gl/czhcHM (+)
http://www.alexkyte.me/2016/10/how-textsecure-protocol-signal-whatsapp.html
https://vah13.github.io/AVDetection/
http://blog.senr.io/blog/jtag-explained
https://rudk.ws/2016/10/17/reverse-engineering-by-using-chrome/
https://goo.gl/Z7Aly4 (+)
https://devwerks.net/blog/16/how-not-to-use-html-purifier/
https://goo.gl/D8jxL8 (+)
https://www.cs.umd.edu/hcil/members/bshneiderman/nsd/rejection_letter.html
http://www.blacknurse.dk/
http://blog.andrewlang.net/post/152805939304/tumblr-xss-exploit
http://blog.securityfuse.com/2016/11/gmail-account-hijacking-vulnerability.html
http://secalert.net/#CVE-2016-4977
https://www.netzob.org/
https://slashcrypto.org/2016/11/07/Netflix/
https://goo.gl/CXHtg5 (+)
https://hosakacorp.net/p/systemd-user.html
https://goo.gl/KAEZe6 (+)
https://goo.gl/rcf3ao (+)
https://zuh4n.blogspot.co.uk/2016/10/adobe-importance-of-up-to-date.html
https://cyseclabs.com/blog/cve-2016-6187-heap-off-by-one-exploit
http://www.fuzzysecurity.com/tutorials/27.html
http://b.fl7.de/2016/08/d-link-nas-dns-xss-via-smb.html
https://www.invincealabs.com/blog/2016/11/wemo-hardware-bypass/
http://websdr.ewi.utwente.nl:8901/?tune=7030usb
http://386bsd.org/
https://hackerone.com/reports/180074
https://gist.github.com/x-42/3d822d85e6b547e7018c919c6d657e8e
https://kimiyuki.net/blog/2016/09/16/one-gadget-rce-ubuntu-1604/
https://sourceforge.net/projects/vbscan/
https://gallery.technet.microsoft.com/Net-Cease-Blocking-Net-1e8dcb5b
https://www.poweradmin.com/paexec/
http://hmarco.org/bugs/CVE-2016-4484/CVE-2016-4484_cryptsetup_initrd_shell.html
http://d3adend.org/blog/?p=851
https://goo.gl/eWXUvR (+)
https://sethsec.blogspot.pt/2016/11/exploiting-python-code-injection-in-web.html
https://goo.gl/lR1WeY (+)
https://woumn.wordpress.com/2016/09/24/smashing-the-stack-into-a-reverse-shell/
http://www.ioactive.com/Arnaboldi-XML-Schema-Vulnerabilities.pdf
http://www.davidlitchfield.com/BypassingXSSFiltersusingXMLInternalEntities.pdf
https://goo.gl/gme14H (+)
http://zseano.com/tut/4.html
https://sidbala.com/h-264-is-magic/
https://yifan.lu/2016/11/01/taihen-cfw-framework-for-ps-vita/
https://cure53.de/pentest-report_curl.pdf
https://medium.com/@joewalnes/tail-f-to-the-web-browser-b933d9056cc#.4rnmefbo1
https://averagesecurityguy.github.io/2016/10/21/recon-ng-dorks-burp/
https://www.netresec.com/?page=findject
https://slack.engineering/syscall-auditing-at-scale-e6a3ca8ac1b8#.hlfdfpeiv
https://www.utkusen.com/blog/sending-valid-phishing-emails-from-microsoftcom.html
https://goo.gl/ssq3Oo (+)
http://blog.0x3a.com/post/153468210759/monitoring-dns-inside-the-tor-network
https://goo.gl/0wvoBX (+)
http://ropgadget.com/posts/pebwalk.html
https://arno0x0x.wordpress.com/2015/11/27/hacking-voip/
https://pierrekim.github.io/blog/2016-11-01-gpon-ftth-networks-insecurity.html
https://www.n00py.io/2016/10/using-email-for-persistence-on-os-x/
http://graffiti.gaurs.io/
http://jerrygamblin.com/2016/11/12/automated-burp-suite-scanning-and-reporting-to-slack/
http://www.glamenv-septzen.net/en/view/6
https://hackerone.com/reports/182358
http://blog.intothesymmetry.com/2016/11/all-your-paypal-tokens-belong-to-me.html
http://ianduffy.ie/blog/2016/11/26/azure-bug-bounty-pwning-red-hat-enterprise-linux/
http://legalhackers.com/exploits/tomcat-rootprivesc-deb.sh
https://gist.github.com/subTee/c51ea995dfaf919fd4bd36b3f7252486
http://paper.seebug.org/95/
http://research.aurainfosec.io/bypassing-saml20-SSO/
https://goo.gl/bCn3yk (+)
https://www.contrastsecurity.com/security-influencers/dom-xss-in-wix.com
https://g-laurent.blogspot.pt/2016/11/ms16-137-lsass-remote-memory-corruption.html
https://goo.gl/HskhRe (+)
https://eprint.iacr.org/2016/1013.pdf
http://labs.lastline.com/evasive-jscript
https://deadcode.me/blog/2016/11/05/Active-Deauth-Kismet-Wardriving.html
https://gist.github.com/kennwhite/1f3bc4d889b02b35d8aa
https://natmchugh.blogspot.pt/2014/10/how-i-created-two-images-with-same-md5.html
https://goo.gl/QAtMIt (+)
https://insert-script.blogspot.pt/2016/12/firefox-svg-cross-domain-cookie.html
https://goo.gl/jX2CTk (+)
https://sintonen.fi/advisories/tar-extract-pathname-bypass.proper.txt
https://objective-see.com/blog/blog_0x14.html
http://www.adlice.com/google-chrome-secure-preferences/
http://colin.keigher.ca/2016/12/going-viral-on-imgur-with-powershell.html
https://mambrui.github.io/2016/11/rooting-vm
https://blog.paranoidsoftware.com/dirty-cow-cve-2016-5195-docker-container-escape/
https://goo.gl/yCPYpL (+)
https://dougallj.wordpress.com/2016/11/13/exploiting-dolphin-part-1/
https://blog.ripstech.com/2016/roundcube-command-execution-via-email/
https://goo.gl/eIfu9b (+)
https://blog.zimperium.com/analysis-of-multiple-vulnerabilities-in-airdroid/
https://peteris.rocks/blog/htop/
https://laurent22.github.io/so-injections/
https://urlscan.io
https://klikki.fi/adv/yahoo2.html
https://vulnsec.com/2016/netgear-router-rce/
https://humblesec.wordpress.com/2016/12/08/escaping-a-restricted-shell/
https://goo.gl/MLt1p7 (+)
https://goo.gl/xvrb0T (+)
https://gist.github.com/dergachev/7916152
https://jolmos.blogspot.pt/2016/11/rtldecompresbuffer-vulnerability.html
https://goo.gl/CKQPZv (+)
https://blog.lizzie.io/notes-about-cve-2016-7117.html
https://goo.gl/3BHsWQ (+)
http://www.ateijelo.com/blog/2016/09/13/making-an-msx-font
https://labs.detectify.com/2016/12/15/postmessage-xss-on-a-million-sites/
https://goo.gl/ULx7Ud (+)
https://donncha.is/2016/12/compromising-ubuntu-desktop/
https://goo.gl/CTp8We (+)
https://goo.gl/fb63MI (+)
https://nebelwelt.net/publications/files/16STM.pdf
https://goo.gl/zllfk3 (+)
http://blog.skylined.nl/20161206001.html
https://hub.zhovner.com/geek/how-skype-fixes-security-vulnerabilities/
https://c0rni3sm.blogspot.pt/2016/12/fiat-chrysler-automobiles-bug-bounty.html
http://rednaga.io/2016/11/14/hackingteam_back_for_your_androids/
http://www.sec-down.com/wordpress/?p=696
https://goo.gl/xxEiWP (+)
https://goo.gl/aZSbLk (+)
https://www.pelock.com/articles/how-to-write-a-crackme-for-a-ctf-competition
https://www.unforgettable.dk/
http://penturalabs.wordpress.com/2014/05/04/reverse-dom-xss/
http://www.websecresearch.com/2014/05/a-way-to-bypass-authentication.html
http://blog.flowdock.com/2014/05/07/how-we-found-a-directory-traversal-vulnerability-in-rails-routes/
http://makthepla.net/blog/=/plesk-sso-xxe-xss
https://code.google.com/p/wfuzz/
http://www.frida.re/
https://code.google.com/p/volafox/
http://blog.mrg-effitas.com/publishing-of-mrg-effitas-automatic-xor-decryptor-tool/
http://www.blisstonia.com/software/Decrypto/
http://www.thespanner.co.uk/2014/05/06/mxss/
http://www.nirgoldshlager.com/2013/02/how-i-hacked-facebook-oauth-to-get-full.html
http://car-online.fr/files/publications/2014-03-CODASPY/kameleonfuzz-evolutionary_blackbox_XSS_fuzzing-duchene-codaspy_2014-paper.pdf
http://thehackpot.blogspot.ie/2014/04/android-hacking-using-armitage.html
http://rce4fun.blogspot.pt/2014/05/windows-heap-overflow-exploitation.html
http://pastebin.com/raw.php?i=gjkivAf3
https://gist.github.com/quchen/5280339
https://randywestergren.com/persistent-xss-verizons-webmail-client/
https://chloe.re/2016/12/04/dealing-with-user-uploaded-files/
http://tayyabqadir.com/2016/12/17/paypal-2fa-bypass-by-tayyab-qadir/
https://gitlab.com/e271/usblogger/tree/master
https://hackerone.com/reports/142549
https://goo.gl/fsiEqm (+)
https://d0hnuts.com/2016/12/21/basics-of-making-a-rootkit-from-syscall-to-hook/
https://goo.gl/uMEzce (+)
https://goo.gl/SFAHof (+)
https://goo.gl/Vh6ufm (+)
http://blogs.360.cn/360safe/2016/11/29/three-roads-lead-to-rome-2/
http://0xthem.blogspot.pt/2015/03/hijacking-ssh-to-inject-port-forwards.html
https://dhavalkapil.com/blogs/SQL-Attack-Constraint-Based/
https://goo.gl/nzmNqK (+)
https://www.robertputt.co.uk/2016/11/28/learn-from-your-attackers-ssh-honeypot/
http://docker-saigon.github.io/post/Docker-Internals/
https://goo.gl/NE7btw (+)
https://gist.github.com/subTee/c34d0499e232c1501ff9f0a8dd302cbd
http://security.szurek.pl/e107-cms-211-privilege-escalation.html
http://hacksys.vfreaks.com/research/shellcode-of-death.html
http://lucumr.pocoo.org/2016/12/29/careful-with-str-format/
http://asintsov.blogspot.pt/2016/12/bypassing-exploit-protection-of-norton.html
https://goo.gl/f5qb4m (+)
https://goo.gl/eLAj3P (+)
https://www.swordshield.com/2016/10/multi-tool-multi-user-http-proxy/
https://bugs.chromium.org/p/project-zero/issues/detail?id=978
http://www.peter.hartmann.tk/single-post/2016/11/29/Fuzzing-Qt-with-libFuzzer
https://haveyousecured.blogspot.pt/2016/12/attempting-to-detect-responder-with.html
https://subt0x10.blogspot.pt/2016/12/mimikatz-delivery-via-clickonce-with.html
https://threejs.org
http://blog.orange.tw/2017/01/bug-bounty-github-enterprise-sql-injection.html
http://sebastian-lekies.de/csp/bypasses.php
https://goo.gl/Qz8NV1 (+)
https://goo.gl/7diAiw (+)
https://lowleveldesign.wordpress.com/2016/11/30/decrypting-asp-net-4-5/
http://www.hemanthjoseph.com/2016/11/how-i-bypassed-apples-most-secure-find.html
https://siguza.github.io/cl0ver/
https://hackmag.com/security/ad-forest/
http://www.netmux.com/blog/cracking-12-character-above-passwords
http://ramtin-amin.fr/#nvmedma
https://goo.gl/PVbpJs (+)
https://hackerone.com/reports/5534
https://www.foo.be/2016/12/OpenPGP-really-works
http://chris.beams.io/posts/git-commit/
https://finnwea.com/blog/stealing-passwords-from-mcdonalds-users
http://insert-script.blogspot.pt/2016/10/pdf-how-to-steal-pdfs-by-injecting.html
http://4lemon.ru/2017-01-17_facebook_imagetragick_remote_code_execution.html
https://goo.gl/MdCd6S (+)
http://techlog360.com/all-windows-cmd-commands/
http://blog.win-fu.com/2016/11/every-windows-10-in-place-upgrade-is.html
https://digi.ninja/blog/rdp_show_login_page.php
https://gitlab.com/micaksica/CVE-2016-1000304
http://dumpco.re/cve-2016-7434/
https://goo.gl/U57NCx (+)
https://goo.gl/ZA2NUG (+)
http://blog.amossys.fr/intro-to-use-after-free-detection.html
https://goo.gl/abZVVL (+)
https://insinuator.net/2016/12/analyzing-yet-another-smart-home-device/
https://www.curesec.com/blog/article/blog/Tap-039n039-Sniff-185.html
https://www.dsinternals.com/en/impersonating-office-365-users-mimikatz/
https://goo.gl/YXYM3N (+)
https://hackerone.com/reports/187134
http://yolocaust.de/
https://gist.github.com/marcan/a2eafd605d3d6ac76eb10a7c64f736c3
https://goo.gl/90LFIj (+)
https://goo.gl/KuuOMq (+)
https://httpsonly.blogspot.pt/2017/01/0day-writeup-xxe-in-ubercom.html
https://pentest.blog/windows-privilege-escalation-methods-for-pentesters/
https://gist.github.com/anonymous/f0b9a85e25ea097f810b4d79e9e005a5
https://gist.github.com/chtg/4849e0c2cfc1f08eb6532f347594c66c
https://gist.github.com/Wack0/a3435cafa5eb372b190f971190a506b8
http://andresriancho.github.io/nimbostratus/
https://yurichev.com/writings/toy_decompiler.pdf
https://woumn.wordpress.com/2016/12/07/rop-heap-spray-for-a-reverse-shell-in-ie8/
http://sten0.ghost.io/2016/10/13/abusing-dorking-and-robots-txt/
https://nation.state.actor/mcafee.html
https://boredhackerblog.blogspot.pt/2016/02/how-we-broke-into-your-house.html
https://pentest.blog/data-ex-filtration-with-dns-in-sqli-attacks/
https://securitycafe.ro/2017/01/18/practical-jsonp-injection/
https://0x00sec.org/t/remote-exploit-shellcode-without-sockets/1440
http://blog.tihmstar.net/2017/01/how-to-downgrade-without-jailbreak.html
https://goo.gl/eUDIqC (+)
http://astronaut.io/
https://goo.gl/N9Ia4k (+)
https://s1gnalcha0s.github.io/epub/2017/01/25/This-book-reads-you.html
http://phrack.org/papers/cyber_grand_shellphish.html
https://hackerone.com/reports/166942
https://doxmyipwindowstool.codeplex.com/
https://phpinfo.me/2016/07/07/1275.html
http://security.szurek.pl/winpower-v4904-privilege-escalation.html
https://web-in-security.blogspot.pt/2017/01/printer-security.html
https://raz0r.name/articles/universal-isomorphic-web-applications-security/
https://goo.gl/9LGkzY (+)
https://lukasa.co.uk/2016/12/Debugging_Your_Operating_System/
http://blog.thinkst.com/p/canarytokensorg-quick-free-detection.html
https://goo.gl/qFFdEI (+)
https://goo.gl/wrJFoL (+)
http://blog.volema.com/nginx-insecurities.html#.WFMh_WGLSV5
http://blog.frizk.net/2016/12/filevault-password-retrieval.html
http://incept10n.com/
https://www.expeditedssl.com/aws-in-plain-english
https://cmdchallenge.com/
https://goo.gl/9zv6U7 (+)
http://sirdarckcat.blogspot.pt/2017/02/unpatched-0day-jquery-mobile-xss.html
https://goo.gl/fuAQaC (+)
https://sensepost.com/blog/2016/intercepting-passwords-with-empire-and-winning/
https://zerosum0x0.blogspot.pt/2016/05/xml-attack-for-c-remote-code-execution.html
https://goo.gl/8eHB5Y (+)
https://goo.gl/ssYMu2 (+)
https://goo.gl/CYvxms (+)
https://goo.gl/KqHGkN (+)
https://filippo.io/Ticketbleed/
https://hackerone.com/reports/172562
https://techblog.mediaservice.net/2016/10/exploiting-ognl-injection/
https://osandamalith.com/2017/02/03/mysql-out-of-band-hacking/
https://securityresear.ch/2017/02/08/oneplus3-bootloader-vulns/
https://blog.appcanary.com/2017/http-security-headers.html
http://theori.io/research/chakra-jit-cfg-bypass
https://xuset.github.io/planktos/
http://deadpool.sh/2017/RCE-Springs/
https://www.brokenbrowser.com/uxss-ie-htmlfile/
https://goo.gl/nlojkc (+)
https://goo.gl/R9gdqX (+)
http://blog.inspired-sec.com/archive/2017/02/14/Mail-Server-Setup.html
https://goo.gl/vOXIvA (+)
https://goo.gl/ywuBjX (+)
https://what.pwned.me/index.php/2017/01/23/axis-206-pwned/
http://exfil.co/2017/01/17/wiegotcha-rfid-thief/
https://www.x41-dsec.de/lab/advisories/x41-2016-signal/
https://www.tazj.in/en/1486830338
https://goo.gl/X7rYaC (+)
http://blog.ioactive.com/2016/12/in-flight-hacking-system.html
https://www.foo.be/2017/01/Squashfs_As_A_Forensic_Container
http://pwnanisec.blogspot.pt/2017/02/use-after-free-in-google-hangouts.html
https://vulnsec.com/2017/reverse-engineering-a-book-cover/
https://gist.github.com/danielfaust/998441
https://goo.gl/lUkrm7 (+)
https://shattered.it/
https://dhavalkapil.com/blogs/Attacking-the-OAuth-Protocol/
https://thesbros.github.io/2017/02/16/geforce-experience-vulnerability.html
https://goo.gl/Les62U (+)
https://nlnetlabs.nl/projects/dnssec-trigger/
http://newandroidbook.com/tools/jtrace.html
http://bernardodamele.blogspot.pt/2011/09/reverse-shells-one-liners.html
http://security-assessment.com/files/documents/advisory/SplunkAdvisory.pdf
https://ruimarinho.gitbooks.io/yubikey-handbook/content/
https://goo.gl/hE1V1S (+)
https://www.stevencampbell.info/2017/02/configure-pentest-dropbox-dns-tunneling/
https://shiftordie.de/blog/2017/02/18/smtp-over-xxe/
http://blog.blindspotsecurity.com/2017/02/advisory-javapython-ftp-injections.html
https://goo.gl/WW01xo (+)
http://www.cs.vu.nl/~herbertb/download/papers/anc_ndss17.pdf
https://security.tencent.com/index.php/blog/msg/110
https://goo.gl/TBPei2 (+)
https://goo.gl/R3ehjE (+)
https://lamehackersguide.blogspot.pt/2017/02/weaponizing-postscript.html
https://goo.gl/3V9m3m (+)
http://omergil.blogspot.pt/2017/02/web-cache-deception-attack.html
https://www.zyantific.com/blog/bypassing-telekom-fon-hotspot-authentication/
https://www.xorrior.com/Empire-Domain-Fronting/
http://leucosite.com/FireFox-RCE/
https://goo.gl/9Z2HmN (+)
https://akondrat.blogspot.pt/2016/12/pivoting-kerberos-golden-tickets-in.html
https://blog.xyz.is/2016/vita-netps-ioctl.html
https://goo.gl/YjcDMC (+)
https://mijailovic.net/2017/01/22/removing-edge-magazine-drm/
https://mo.github.io/2017/02/20/cross-origin-resource-sharing.html
https://improsec.com/blog//windows-kernel-shellcode-on-windows-10-part-1
https://goo.gl/3pCejL (+)
http://timeofcheck.com/time-based-blind-sqli-on-news-starbucks-com/
https://goo.gl/aFfO6E (+)
https://sagi.io/2016/09/cve-2016-3873-arbitrary-kernel-write-in-nexus-9/
https://team-sik.org/trent_portfolio/password-manager-apps/
https://www.secureworks.com/blog/attacking-windows-smb-zero-day-vulnerability
http://pc.textmod.es/
http://www.oauthsecurity.com/
http://www.securatary.com/Portals/0/Vulnerabilities/PayPal/Paypal%20Manager%20Account%20Hijack.pdf
http://bouk.co/blog/elasticsearch-rce/
http://holloway.co.nz/steg/
https://blog.curesec.com/article/blog/32.html
http://xip.io/
http://www.securityaegis.com/the-big-fat-metasploit-post/
http://samsclass.info/124/proj14/p6x-NTP-DrDOS.htm
http://www.aldeid.com/wiki/Fiddler#Example:_Decrypting_malware_HTTPS_traffic
http://blog.ioactive.com/2014/05/glass-reflections-in-pictures-osint.html
http://www.jakoblell.com/blog/2014/05/07/hacking-contest-rootkit/
http://blog.ptsecurity.com/2014/05/obtaining-passwords-from-cisco-wireless.html
https://www.adafruit.com/blog/2014/04/04/new-product-cupcade-the-raspberry-pi-powered-micro-arcade-cabinet-kit-beta/
https://www.alchemistowl.org/pocorgtfo/spoiler03.html
https://klikki.fi/adv/bttv.html
https://goo.gl/0GUXQJ (+)
https://goo.gl/7yUj5d (+)
https://goo.gl/YrxqHQ (+)
https://www.redteam-pentesting.de/advisories/rt-sa-2016-001.txt
https://www.exploitee.rs/index.php/Western_Digital_MyCloud
https://www.myhackerhouse.com/naenara-browser-3-5-exploit-jackrabbit/
https://squeal.net/bypassing-twitter-account-protection/
https://alephsecurity.com/2017/03/08/nexus9-fiq-debugger/
https://pierrekim.github.io/blog/2017-03-08-camera-goahead-0day.html
https://pages.nist.gov/mobile-threat-catalogue/
https://goo.gl/iVOK1o (+)
https://goo.gl/1Iml0J (+)
https://goo.gl/6t10EZ (+)
https://rftap.github.io/blog/2016/09/01/rftap-wifi.html
https://www.toshellandback.com/2017/02/11/psexec/
http://jamesbvaughan.com/python-twilio-scraping/
https://goo.gl/ObQkkZ (+)
https://thehftguy.com/2017/02/23/docker-in-production-an-update/
https://goo.gl/wJH2GY (+)
https://goo.gl/3mVdcz (+)
https://goo.gl/96ZeIk (+)
https://blog.sourceclear.com/rails_admin-vulnerability-disclosure/
http://pentestdan.com/rop-primer-level-0-explained/
https://goo.gl/7t86Kw (+)
http://www.economyofmechanism.com/github-saml.html
https://securitycafe.ro/2017/02/28/time-based-data-exfiltration/
https://goo.gl/YVYxD4 (+)
https://bierbaumer.net/security/asuswrt/
https://bo0om.ru/telegram-love-phdays-en
https://vez.mrsk.me/freebsd-defaults.txt
https://goo.gl/XqLInP (+)
http://www.redblue.team/2017/02/abusing-google-app-scripting-through.html
http://jackson.thuraisamy.me/oracle-opera.html
https://yurichev.com/blog/minesweeper/
https://rsync.samba.org/how-rsync-works.html
https://goo.gl/r9a3MX (+)
https://goo.gl/n3QisR (+)
http://netanelrub.in/2017/03/20/moodle-remote-code-execution/
https://gist.github.com/subTee/3610a16a54bcbc1fe0ebc46313f5c02e
http://www.hackwhackandsmack.com/?p=1021
https://biterrant.io/
http://www.fuzzysecurity.com/tutorials/28.html
https://goo.gl/RrCmN1 (+)
http://blog.inspired-sec.com/archive/2017/03/17/COM-Moniker-Privesc.html
https://goo.gl/ZEw1eh (+)
https://goo.gl/GB5Hd7 (+)
https://www.hurricanelabs.com/blog/new-xssi-vector-untold-merits-of-nosniff
https://openai.com/blog/adversarial-example-research/
https://blogs.securiteam.com/index.php/archives/3052
http://hwreblog.com/projects/arduino_nand_reader.html
https://goo.gl/gNY8Dv (+)
https://stephensclafani.com/2017/03/21/stealing-messenger-com-login-nonces/
https://artkond.com/2017/03/23/pivoting-guide/
https://goo.gl/5Zq7Hw (+)
https://goo.gl/n4fhc3 (+)
https://saelo.github.io/posts/firefox-script-loader-overflow.html
http://bugkraut.de/posts/tainting
https://www.ibrahim-elsayed.com/?p=150
https://blog.silentsignal.eu/2017/02/17/not-so-unique-snowflakes/
https://goo.gl/Ysh7W7 (+)
https://goo.gl/nOQ2iQ (+)
https://www.invincea.com/2017/03/powershell-exploit-analyzed-line-by-line/
http://bugkraut.de/posts/bounty-txt
https://alephsecurity.com/2017/03/26/oneplus3t-adb-charger/
https://www.dancounsell.com/building-a-hackintosh-pro/
http://cybersquirrel1.com/#
https://goo.gl/MT32ED (+)
https://bugs.chromium.org/p/project-zero/issues/detail?id=1225
http://hexinject.sourceforge.net/
https://gist.github.com/joernchen/f28ec01de20b22bbbee1622a41deb601
https://goo.gl/pIKwVU (+)
https://unmitigatedrisk.com/?p=570
https://razygon.github.io/2016/09/23/iOS-kernel-heap-review-5-10/
https://cobbr.io/ObfuscatedEmpire.html
 https://goo.gl/D6mU2f (+) | https://goo.gl/eHsPc1 (+)
https://goo.gl/xcQhzl (+)
https://capacitorset.github.io/mathjs/
https://www.aptive.co.uk/blog/unrestricted-file-upload-testing/
https://bamboofox.github.io/2017/03/20/Synology-Bug-Bounty-2016/
http://offsecbyautomation.com/Automating-Web-Content-Discovery/
https://codewhitesec.blogspot.pt/2017/04/amf.html
https://mastodon.social/
https://calebfenton.github.io/2017/04/05/creating_java_vm_from_android_native_code/
https://www.notsosecure.com/anatomy-hack-sqli-via-crypto/
http://blog.intothesymmetry.com/2017/04/csrf-in-facebookdropbox-mallory-added.html
https://gist.github.com/anonymous/5fd967b3fe5d9201e0ec7a1d35c03a19
https://cedricvb.be/post/tracing-api-calls-in-burp-with-frida/
https://www.uperesia.com/booby-trapped-shortcut-generator
https://goo.gl/JA65ce (+)
https://www.vgrsec.com/post20170402.html
https://goo.gl/xQ8tdz (+)
http://struct.github.io/oilpan_metadata.html
https://blogs.securiteam.com/index.php/archives/3107
https://a13xp0p0v.github.io/2017/03/24/CVE-2017-2636.html
https://goo.gl/GnSddg (+)
https://artkond.com/2017/04/10/cisco-catalyst-remote-code-execution/
https://goo.gl/ObZ5eL (+)
https://goo.gl/buPacq (+)
https://www.brokenbrowser.com/sop-bypass-abusing-read-protocol/
https://goo.gl/TvYytI (+)
https://goo.gl/vi9oqr (+)
http://threatexpress.com/2016/12/slack-notifications-for-cobalt-strike/
https://goo.gl/EfyJxm (+)
https://securedorg.github.io/RE101/
http://www.threathunting.net/
https://martinfowler.com/articles/session-secret.html
https://securitybytes.io/sudont-escape-so-easily-ce8801bf9a4b#.a941nrlj4
https://www.n0tr00t.com/2016/12/30/jsm-Bypass-via-CreateClassLoader.html
https://statuscode.ch/2016/01/subtle-vulnerabilties-with-php-and-curl/
http://eryanbot.com/jtp/2012/06/30/game-hacking-utilizing-code-caves/
https://goo.gl/j0UImT (+)
https://goo.gl/Vfkqdm (+)
http://blog.svenbrauch.de/2017/02/19/homemade-10-mbits-laser-optical-ethernet-transceiver/
https://goo.gl/SXXey1 (+)
https://hackerone.com/reports/220494
https://scotthelme.co.uk/nomx-the-worlds-most-secure-communications-protocol
http://offsecbyautomation.com/Open-Redirection-Bobrov/
https://jaq.alibaba.com/community/art/show?articleid=781
https://blogs.securiteam.com/index.php/archives/2928
https://www.ambionics.io/blog/drupal-services-module-rce
https://goo.gl/E2rgJ6 (+)
https://blog.cugu.eu/post/apfs/
https://goo.gl/QG0FPF (+)
https://www.scip.ch/en/?labs.20170105
http://blog.opensecurityresearch.com/2013/01/windows-dll-injection-basics.html
https://textslashplain.com/2017/01/14/the-line-of-death/
https://goo.gl/NMtcp2 (+)
https://goo.gl/AbEKml (+)
https://www.youtube.com/watch?v=uNjxe8ShM-8
http://xproger.info/projects/OpenLara/
https://www.ssh.com/ssh/port
http://www.paulosyibelo.com/2017/05/twitter-xss-csp-bypass.html
https://hackerone.com/reports/212696
https://goo.gl/HZn7Yb (+)
https://goo.gl/le4nvm (+)
https://improsec.com/blog//bypassing-control-flow-guard-in-windows-10
https://stringbleed.github.io
https://goo.gl/F1xBst (+)
https://www.evilsocket.net/2017/04/27/Android-Applications-Reversing-101/
https://blog.joshlemon.com.au/protecting-your-pdf-files-and-metadata/
http://www.abatchy.com/2017/05/tcp-bind-shell-in-assembly-null.html
https://goo.gl/V6EsOr (+)
https://www.vgrsec.com/post20170219.html
http://blog.jpcert.or.jp/2016/01/windows-commands-abused-by-attackers.html
https://poshsecurity.com/blog/deconstructing-secure-http-without-https
https://theshell.xyz/
https://bugs.chromium.org/p/project-zero/issues/detail?id=1252&desc=5
https://hackerone.com/reports/88719
https://quanyang.github.io/part-1-continuous-pwning/
https://goo.gl/h2dWbh (+)
https://phoenhex.re/2017-05-04/pwn2own17-cachedcall-uaf
https://insinuator.net/2017/05/git-shell-bypass-by-abusing-less-cve-2017-8386/
https://goo.gl/728eER (+)
https://goo.gl/4J95NW (+)
https://micahflee.com/2017/04/breaking-the-security-model-of-subgraph-os/
https://bugs.chromium.org/p/project-zero/issues/detail?id=1096
https://blogs.securiteam.com/index.php/archives/3171
http://snf.github.io/2017/05/04/exploit-protection-i-page-heap/
https://goo.gl/3npUqt (+)
http://nahamsec.com/?p=210
http://blog.shubh.am/how-i-bypassed-2-factor-authentication-on-google-yahoo-linkedin-and-many-others/
http://blog.techorganic.com/2014/05/14/from-fuzzing-to-0-day/
http://cybermashup.com/2014/05/01/jtag-debugging-made-easy-with-bus-pirate-and-openocd/
http://www.room362.com/blog/2014/04/19/executing-code-via-smb-without-psexec/
https://bitbucket.org/mihaila/bintrace/wiki/Home
https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20140508-0_AVG_Remote_Administration_Multiple_critical_vulnerabilities_v10.txt
https://www.trustedsec.com/may-2014/moar-shellz/
https://doar-e.github.io/blog/2014/04/30/corrupting-arm-evt/
https://fail0verflow.com/blog/2014/enhancing-the-avic-5000nex.html
http://habrahabr.ru/company/dsec/blog/222993/
http://int0xcc.svbtle.com/stripping-upatre-trojan-downloader
http://syncthing.net/
http://blogs.msdn.com/b/debuggingtoolbox/archive/2014/05/14/hacking-minesweeper-for-windows-8.aspx
http://blog.cloudflare.com/bpf-the-forgotten-bytecode
https://slashcrypto.org/2017/05/17/5k_Error_Page/
https://goo.gl/ium1x1 (+)
https://goo.gl/QNgi0K (+)
https://goo.gl/9TL0an (+)
https://goo.gl/XQohRS (+)
https://klue.github.io/blog/2017/04/macos_kernel_debugging_vbox/
https://checkmarx.gitbooks.io/go-scp/
https://irssi.org/2017/05/12/fuzzing-irssi/
https://shhnjk.blogspot.pt/2017/05/is-your-epub-reader-secure-enough.html
https://unmitigatedrisk.com/?p=586
https://goo.gl/AuoG68 (+)
https://modexp.wordpress.com/2017/01/24/shellcode-x84/
https://blog.bi.tk/2017/01/20/findbug/
https://goo.gl/7eGSu8 (+)
https://xerub.github.io/ios/kpp/2017/04/13/tick-tock.html
http://www.unixwiz.net/techtips/sql-injection.html
https://goo.gl/KKSSqD (+)
https://goo.gl/DGJIZJ (+)
https://devnull-as-a-service.com/features/
http://kedrisec.com/twitter-publish-by-any-user/
https://www.ambionics.io/blog/oracle-peoplesoft-xxe-to-rce
https://randywestergren.com/xss-sms-hacking-text-messages-verizon-messages/
http://www.debasish.in/2017/05/openxmolar-ms-openxml-format-fuzzing_20.html
http://www.exfiltrated.com/research-BIOS_Based_Rootkits.php
http://blog.timac.org/?p=1570
https://cobbr.io/ScriptBlock-Logging-Bypass.html
http://cloak-and-dagger.org/
https://wald0.com/?p=112
https://goo.gl/Xzy1ql (+)
https://www.elttam.com.au/blog/playing-with-canaries/
https://goo.gl/4oruRY (+)
https://tyranidslair.blogspot.pt/2017/05/exploiting-environment-variables-in.html
https://animal0day.blogspot.co.uk/2017/05/fuzzing-apache-httpd-server-with.html
https://medium.com/@d0znpp/how-to-bypass-libinjection-in-many-waf-ngwaf-1e2513453c0f
https://gist.github.com/winocm/e3eb9c9b061c7414441c45a4938a0c57
http://research.rootme.in/h1-xssi/
https://ysx.me.uk/road-to-unauthenticated-recovery-downloading-github-saml-codes/
https://goo.gl/rkzXun (+)
http://www.thegreycorner.com/2017/01/exploiting-difficult-sql-injection.html
https://hackerone.com/reports/217745
https://goo.gl/OBoFZ1 (+)
https://scarybeastsecurity.blogspot.pt/2017/05/bleed-more-powerful-dumping-yahoo.html
https://goo.gl/vHiyry (+)
http://wphutte.com/avada-5-1-4-stored-xss-and-csrf/
https://winscripting.blog/2017/05/12/first-entry-welcome-and-uac-bypass/
https://goo.gl/p0molg (+)
https://sizzop.github.io/2016/07/05/kernel-hacking-with-hevd-part-1.html
https://lowleveldesign.org/2017/03/07/how-to-securely-sign-dotnet-assemblies/
https://ysx.me.uk/a-pair-of-plotly-bugs-stored-xss-and-aws-metadata-ssrf/
http://blog.martinfenner.org/2014/08/25/using-microsoft-word-with-git/
http://kubernetesbyexample.com/
https://www.shodan.io/host/203.254.47.164
https://vvyper.com/2017/05/22/instagram-stories-ssl/
https://hackerone.com/reports/231053
https://medium.com/@th3g3nt3l/how-i-got-5500-from-yahoo-for-rce-92fffb7145e6
http://www.rpcview.org/index.html
https://phoenhex.re/2017-06-02/arrayspread
https://bling.kapsi.fi/blog/no-proc-process-recon.html
https://goo.gl/5EeZC0 (+)
https://goo.gl/1HRwSB (+)
https://msitpros.com/?p=3877
http://c0rni3sm.blogspot.pt/2017/06/from-js-to-another-js-files-lead-to.html
https://raz0r.name/vulnerabilities/arbitrary-file-reading-in-next-js-2-4-1/
https://chao-tic.github.io/blog/2017/05/24/dirty-cow
https://sploitfun.wordpress.com/2015/02/10/understanding-glibc-malloc/
https://goo.gl/gJ1LiQ (+)
https://oded.ninja/2017/05/14/amt-n-ken-hack/
https://sonniesedge.co.uk/blog/a-day-without-javascript
http://pentestit.com/wordsteal-steal-ntlm-hashes-remotely/
https://www.hackerone.com/blog-How-To-Server-Side-Request-Forgery-SSRF
https://goo.gl/Zy8Nhe (+)
https://firefart.at/post/turning_piwik_superuser_creds_into_rce/
https://goo.gl/Tv6uRg (+)
https://0x00sec.org/t/c-a-simple-runtime-crypter/519
https://0patch.blogspot.pt/2017/01/micropatching-remote-code-execution-in.html
http://blog.blindspotsecurity.com/2016/09/nodejs-breaking-jade-pug-dlopen.html
https://goo.gl/AL1b7q (+)
https://www.securitysift.com/understanding-wordpress-auth-cookies
https://medium.com/@br4nsh/from-linux-to-ad-10efb529fae9
https://goo.gl/ea1gwR (+)
https://borgandrew.blogspot.pt/2017/01/h1-margin-bottom-0.html
https://goo.gl/t23oea (+)
http://el.che.moe/Writeup_VoiceAttack.html
https://blog.kchung.co/rfid-hacking-with-the-proxmark-3/
https://habrahabr.ru/company/aladdinrd/blog/329166/
http://switchbrew.org
http://www.lofibucket.com/articles/64k_intro.html
https://angelmmiguel.github.io/svgi/
https://goo.gl/3dSAS2 (+)
https://goo.gl/8SMkHF (+)
http://offsecbyautomation.com/Subdomain-Delegation-Takeover/
https://sourceware.org/systemtap/
https://goo.gl/2gCFrE (+)
https://guidovranken.wordpress.com/2017/06/21/the-openvpn-post-audit-bug-bonanza/
https://phoenhex.re/2017-06-21/firefox-structuredclone-refleak
https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt
https://goo.gl/ENZQiQ (+)
https://bo0om.ru/just-enter-the-space-attacks-en
https://goo.gl/w38a3h (+)
https://goo.gl/KnVyxr (+)
https://oleb.net/blog/2017/01/fun-with-string-interpolation/
https://mostsecure.pw/
http://ngailong.com/uber-login-csrf-open-redirect-account-takeover/
https://goo.gl/WyXvVf (+)
http://ostinato.org/
https://securityonline.info/bypass-waf-php-webshell-without-numbers-letters/
https://goo.gl/ygKLLx (+)
https://blog.cylance.com/running-executables-on-macos-from-memory
https://www.bishopfox.com/blog/2017/06/how-i-built-an-xss-worm-on-atmail/
https://goo.gl/PU7zc2 (+)
https://yurichev.com/blog/symbolic/
https://www.contextis.com/resources/blog/hacking-unicorns-web-bluetooth/
https://goo.gl/ezUM9n (+)
https://jamescoote.co.uk/phishlulz-tutorial/
https://jankopecky.net/index.php/2017/04/18/0day-textplain-considered-harmful/
http://inspirobot.me/
https://arogozhnikov.github.io/3d_nn/
https://goo.gl/h7QdzQ (+)
https://medium.com/@FreedomCoder/following-the-white-rabbit-5e392e3f6fb9
https://mrpapercut.com/sites/wscript/
https://www.mzrst.com/
http://hacking-printers.net
https://goo.gl/VD8BxF (+)
http://vegardno.blogspot.pt/2017/03/fuzzing-openssh-daemon-using-afl.html
https://lowleveldesign.org/2017/07/04/decrypting-tfs-secret-variables/
https://www.itsec.nl/en/2017/06/26/drive-by-remote-code-execution-by-mamp/
https://goo.gl/Jsze4P (+)
https://goo.gl/41PZHT (+)
https://blog.rubidus.com/2017/02/06/preventing-subdomain-takeover/
https://dev.to/fenceposterror/hacking-open-source-software-for-fun-and-non-profit
https://zerosum0x0.blogspot.pt/2017/07/puppet-strings-dirty-secret-for-free.html
https://blog.haschek.at/post/f2fda
http://www.righto.com/2017/07/bitcoin-mining-on-vintage-xerox-alto.html
https://blog.zsec.uk/blind-xxe-learning/
https://goo.gl/5TNzwu (+)
https://goo.gl/Y3odmB (+)
https://gist.github.com/hasherezade/e3b5682fee27500c5dabf5343f447de3
https://gist.github.com/ryhanson/227229866af52e2d963cf941af135a52
https://goo.gl/BhW3Lt (+)
https://goo.gl/GSGgjX (+)
https://www.rcesecurity.com/2014/07/slae-shell-reverse-tcp-shellcode-linux-x86/
https://myexploit.wordpress.com/hunt-for-the-domain-admin-da/
https://krbtgt.pw/oracle-oam-10g-session-hijacking/
https://goo.gl/is7Tyu (+)
http://boosterok.com/blog/broadpwn/
http://www.nmattia.com/posts/2017-03-05-crack-luks-stutter-gnu-parallel.html
https://medium.com/wemake-services/testing-bash-applications-85512e7fe2de
https://blog.preempt.com/new-ldap-rdp-relay-vulnerabilities-in-ntlm
http://acez.re/the-weak-bug-exploiting-a-heap-overflow-in-vmware/
http://hacker-news.verylegit.link/
http://aem1k.com/symmetry/
https://trueschool.se/html/fonts.html
https://goo.gl/wSKFLS (+)
https://xakep.ru/2017/07/06/safari-localfile-read/
https://gist.github.com/jobertabma/e9a383a8ad96baa189b65cdc8d74a845
https://blog.netspi.com/attacking-javascript-web-service-proxies-burp/
https://blog.ropnop.com/upgrading-simple-shells-to-fully-interactive-ttys/
https://goo.gl/uLeBCf (+)
https://goo.gl/ehHr8U (+)
https://goo.gl/RmmyFJ (+)
http://blog.deniable.org/blog/2017/07/16/inject-all-the-things/
http://wapiflapi.github.io/2015/04/22/single-null-byte-heap-overflow/
https://pentestarmoury.com/2017/07/19/s3-buckets-for-good-and-evil/
https://oneupsecurity.com/research/remote-code-execution-in-source-games
https://www.coresecurity.com/blog/solving-post-exploitation-issue-cve-2017-7308
http://news.dieweltistgarnichtso.net/posts/gnome-thumbnailer-msi-fail.html
https://goo.gl/Qc7ZPm (+)
http://blog.sec-consult.com/2017/06/ghosts-from-past-authentication-bypass.html
https://goo.gl/YGBuph (+)
https://goo.gl/vfkPjf (+)
http://dmitry.gr/index.php?r=05.Projects&proj=25.%20VMU%20Hacking
http://op-co.de/blog/posts/hacking_the_nx300/
http://cyvera.com/cve-2014-1776-how-easy-it-is-to-attack-these-days/
http://insanecoding.blogspot.ro/2014/04/common-libressl-porting-mistakes.html
https://zyan.scripts.mit.edu/blog/wordpress-fail/
http://rotlogix.com/2014/05/21/exploiting-local-file-includes-with-liffy/
http://m-austin.com/blog/?p=118
http://www.hexacorn.com/blog/2014/05/21/rce-list-of-64-bit-tools/
https://code.google.com/p/libbde/
http://eternal-todo.com/blog/cve-2013-2729-exploit-zeusp2p-gameover
http://www.vupen.com/blog/20140520.Advanced_Exploitation_Firefox_UaF_Pwn2Own_2014.php
http://www.scriptjunkie.us/2013/11/adding-easy-ssl-client-authentication-to-any-webapp/
http://www.websec.mx/advisories/view/Generador-de-WPA-Huawei-HG8245-y-HG8247
http://williamknowles.co.uk/?p=16
http://www.circl.lu/projects/CIRCLean/
https://goo.gl/vDEMKL (+)
https://gerbenjavado.com/the-race-to-the-top-of-a-bug-bounty-program/
https://goo.gl/jQJK3U (+)
https://asciinema.org/a/130730
https://security.gerhardt.link/RCE-in-Factorio/
https://bling.kapsi.fi/blog/jvm-deserialization-broken-classldr.html
https://elaineou.com/2017/01/19/how-the-twitter-app-bypasses-paywalls/
https://goo.gl/s5Eyy4 (+)
https://goo.gl/kLaawx (+)
https://pierrekim.github.io/blog/2017-02-09-tplink-c2-and-c20i-vulnerable.html
https://www.gironsec.com/blog/2017/07/keylogger-using-directx/
http://rh0dev.github.io/blog/2017/the-return-of-the-jit/
https://bneg.io/2017/07/26/empire-without-powershell-exe/
https://goo.gl/aEPUuS (+)
https://goo.gl/djcEh1 (+)
https://www.stefanjudis.de/hidden-messages-in-javascript-property-names.html
https://hackernoon.com/a-collision-too-perfect-279a47fb5d42
https://doesmysiteneedhttps.com/
https://blog.innerht.ml/testing-new-features/
http://blog.orange.tw/2017/07/how-i-chained-4-vulnerabilities-on.html
https://blog.zsec.uk/rce-starwars/
https://vallejo.cc/2017/07/16/anti-antidebugging-windbg-scripts/
https://gist.github.com/marcan/6a2d14b0e3eaa5de1795a763fb58641e
http://paper.seebug.org/230/
https://0x00sec.org/t/reverse-engineering-101/1233
https://goo.gl/h5EJDE (+)
http://rohk.io/free-bits-on-twitch/
https://goo.gl/mqi664 (+)
http://blog.huntingmalware.com/notes/WMI
https://comsecuris.com/blog/posts/path_of_least_resistance/
https://scarybeastsecurity.blogspot.pt/2017/03/black-box-discovery-of-memory.html
https://goo.gl/986jDv (+)
https://cybersyndicates.com/2017/02/os-x-packet-capture--empire/
https://medium.com/0xcc/how-to-turn-photoshop-into-a-remote-access-tool-805485a9480
https://z4ziggy.wordpress.com/2017/07/21/zigfrid-a-passive-rfid-fuzzer/
https://blog.lessonslearned.org/building-a-more-secure-development-chromebook/
https://bo0om.ru/xss-everywhere
https://sites.google.com/site/testsitehacking/10k-host-header
http://staaldraad.github.io/pentest/phishing/2017/08/02/o356-phishing-with-oauth/
http://blog.safebuff.com/2016/07/03/SSRF-Tips/
http://blog.securelayer7.net/thick-client-penetration-testing-1/
http://www.rvrsh3ll.net/blog/offensive/ssl-domain-fronting-101/
https://blog.doyensec.com/2017/08/03/electron-framework-security.html
https://zerosum0x0.blogspot.pt/2017/04/doublepulsar-initial-smb-backdoor-ring.html
https://goo.gl/FdwEKQ (+)
https://landave.io/2017/07/bitdefender-remote-stack-buffer-overflow-via-7z-ppmd/
https://goo.gl/3xEuby (+)
https://blog.phusion.nl/2015/01/20/docker-and-the-pid-1-zombie-reaping-problem/
https://ysx.me.uk/managed-apps-and-music-a-tale-of-two-xsses-in-google-play/
http://www.phreedom.org/research/tinype/
https://goo.gl/fu93Mg (+)
https://goo.gl/XAq8qW (+)
http://lightningsecurity.io/blog/password-not-provided/
http://redplait.blogspot.pt/2017/08/wincheck-rc858.html
https://gist.github.com/marcan/23e1ec416bf884dcd7f0e635ce5f2724
http://illmatics.com/carhacking.html
https://goo.gl/Yg4QHV (+)
https://l.avala.mp/?p=241
https://lowlevelbits.org/reverse-engineering-stickies.app/
https://www.psattack.com/articles/20170810/application-compatibility-shims/
https://lolware.net/2017/08/01/capturing-mfa-logons.html
https://blog.netspi.com/attacking-sso-common-saml-vulnerabilities-ways-find/
https://goo.gl/P8EdJH (+)
https://aspe1337.blogspot.pt/2017/04/writeup-of-cve-2017-7199.html
http://www.exploit-monday.com/2017/07/bypassing-device-guard-with-dotnet-methods.html
http://hackethereum.com/
https://gist.github.com/MerryMage/797c523724e2dc02ada86a1cfadea3ee
http://sheepsec.com/blog/username_enumeration_via_jar.html
https://hackerone.com/reports/198690
https://goo.gl/zsevzD (+)
https://duo.com/blog/hunting-malicious-npm-packages
https://iayanpahwa.github.io/Reverse-Engineering-IoT-Devices/
https://toshellandback.com/2017/08/16/mousejack/
https://0x00sec.org/t/game-hacking-winxp-minesweeper/1266
http://thecyberrecce.net/2017/02/12/reversing-the-trendnet-ts-402/
https://zhuanlan.zhihu.com/p/28575189
https://goo.gl/KBsZtt (+)
https://goo.gl/ViLaih (+)
http://nahamsec.com/secure-your-jenkins-instance-or-hackers-will-force-you-to/
https://ae7.st/g/
https://dave.cheney.net/2017/08/21/the-here-is-key
http://gbppr.dyndns.org/~gbpprorg/l0pht/l0pht.html
https://hackerone.com/reports/207042
https://medium.com/@arbazhussain/pre-domain-wildcard-cors-exploitation-2d6ac1d4bd30
https://goo.gl/d15wVv (+)
https://phoenixpwn.com/
https://sintonen.fi/advisories/qnap-qts-42-multiple-vulnerabilities.txt
http://bsmt.me/posts/openxc-reversing/
https://goo.gl/7grxsj (+)
https://raw.githubusercontent.com/hatRiot/token-priv/master/abusing_token_eop_1.0.txt
https://gerbenjavado.com/manual-sql-injection-discovery-tips/
https://goo.gl/7psV1M (+)
https://appscreener.us/blog/?code=reading-ios-app-binary-files
https://goo.gl/2JbZAv (+)
https://goo.gl/xFHvXr (+)
https://research.swtch.com/zip
https://chris.bolin.co/offline/
http://madeintheusbwebsite.azurewebsites.net
http://zhchbin.github.io/2017/08/30/Uber-XSS-via-Cookie/
https://opnsec.com/2017/08/advanced-flash-vulnerabilities-in-youtube/
https://blog.didierstevens.com/2017/09/05/abusing-a-writable-windows-service/
https://www.doyler.net/security-not-included/certreq-exfiltration
https://lgtm.com/blog/apache_struts_CVE-2017-9805
http://blog.thinkst.com/2017/08/disrupting-aws-s3-logging.html
http://dmitry.gr/index.php?r=05.Projects&proj=23.%20PSoC4
https://reactarmory.com/answers/how-can-i-use-css-in-js-securely
http://www.martinvigo.com/diy-spy-program-abusing-apple-call-relay-protocol/
https://benkowlab.blogspot.pt/2017/08/from-onliner-spambot-to-millions-of.html
http://blog.pentestbegins.com/2017/08/05/remote-xss-attack-using-csrf/
https://goo.gl/JhkeQj (+)
http://www.ringzerolabs.com/2017/08/bypassing-anti-analysis-technique-in.html
https://blogs.securiteam.com/index.php/archives/3379
https://www.imperialviolet.org/2017/08/13/securitykeys.html
https://blog.quarkslab.com/flash-dumping-part-i.html
https://goo.gl/DtNjd8 (+)
https://goo.gl/H8T3kz (+)
https://goo.gl/tkrdbm (+)
https://goo.gl/omukkh (+)
https://goo.gl/54L7rS (+)
https://rtpbleed.com/
http://go.armis.com/hubfs/BlueBorne%20Technical%20White%20Paper-1.pdf
https://goo.gl/3DfDJT (+)
https://goo.gl/WZXckr (+)
https://goo.gl/2CgsS4 (+)
https://courk.fr/index.php/2017/09/10/reverse-engineering-exploitation-connected-clock/
http://tinyhack.com/2017/09/05/mastercard-internet-gateway-service-hashing-design-flaw/
https://www.mdsec.co.uk/2017/09/exploiting-cve-2017-8759-soap-wsdl-parser-code-injection/
https://diablohorn.com/2017/09/09/understanding-practicing-java-deserialization-exploits/
http://www.exploit-monday.com/2017/08/exploiting-powershell-code-injection.html
https://jesuscoin.network/
https://quoteinvestigator.com/2013/03/06/artists-steal/amp/
https://safiire.github.io/blog/2017/08/19/solving-danish-defense-intelligence-puzzle/
https://goo.gl/SsWjW6 (+)
https://goo.gl/NTE4H9 (+)
https://www.virtuesecurity.com/blog/aws-penetration-testing-s3-buckets/
https://blog.avuln.com/article/4
http://patrickhurd.pro/blog/posts/popjsanalysis.html
http://qiita.com/alfa/items/b0e807ae040fc8f61d20
https://www.hopperapp.com/blog/?p=219
https://goo.gl/QTqj8t (+)
http://guptashubham.com/all-about-hackerone-private-program-terapeak/
https://wtf.horse/2017/09/19/common-wifi-attacks-explained/
https://0x10f8.wordpress.com/2017/08/07/reverse-engineering-an-eclipse-plugin/
https://www.antid0te.com/blog.html
http://blog.quarkslab.com/make-confide-great-again-no-we-cannot.html
https://goo.gl/fcmP1Y (+)
https://dev.to/tkaczanowski/explaining-programming-to-6-years-old-kids
https://goo.gl/GbJLyc (+)
https://learn.sparkfun.com/tutorials/gas-pump-skimmers
https://goo.gl/D2HWmu (+)
https://goo.gl/mtUa28 (+)
http://www.shawarkhan.com/2017/08/sarahah-xss-exploitation-tool.html
https://rails-sqli.org/
https://un-excogitate.org/dormant-domination
https://goo.gl/SwBQnX (+)
http://hatriot.github.io/blog/2017/09/19/abusing-delay-load-dll/
https://www.incapsula.com/blog/blocking-session-hijacking-on-gitlab.html
https://specterops.io/assets/resources/SpecterOps_Subverting_Trust_in_Windows.pdf
http://defencely.com/blog/defencely-clarifies-python-object-injection-exploitation/
https://www.twistlock.com/2017/06/25/alpine-linux-pt-1-2/
https://medium.com/@th3g3nt3l/900-xss-in-yahoo-recon-wins-65ee6d4bfcbd
https://blog.rapid7.com/2013/07/02/a-penetration-testers-guide-to-ipmi/
https://pokeinthe.io/2017/09/14/http-status-code-handling/
http://ccsinjection.lepidum.co.jp/blog/2014-06-05/CCS-Injection-en/index.html
http://radare.today/technical-analysis-of-the-gnutls-hello-vulnerability/
http://blog.internot.info/2014/05/facebook-skype-to-email-leak-3000-bounty.html
http://www.sysvalue.com/en/heartbleed-cupid-wireless/
https://henryhoggard.co.uk/?p=68
http://moscrack.sourceforge.net/
https://code.google.com/p/xssf/
http://blog.j-michel.org/post/86992432269/from-nand-chip-to-files
http://www.securitybydefault.com/2012/07/backdooring-apache.html
http://blog.opensecurityresearch.com/2014/05/acquiring-linux-memory-from-server-far.html
http://www.securityartwork.es/2014/06/04/read-htaccess-file-through-blind-sql-injection/?lang=en
http://www.labofapenetrationtester.com/2014/06/introducing-antak.html
http://kukuruku.co/hub/nix/writing-a-file-system-in-linux-kernel
https://wireedit.com/
http://www.moserware.com/2009/09/stick-figure-guide-to-advanced.html
http://blog.blackfan.ru/2017/09/devtwittercom-xss.html
https://forsec.nl/2017/09/smart-home-remote-command-execution-rce/
https://wmie.codeplex.com/
https://goo.gl/X5tmUW (+)
http://noxxi.de/research/breaking-dkim-on-purpose-and-by-chance.html
https://phoenhex.re/2017-06-09/pwn2own-diskarbitrationd-privesc
https://blog.filippo.io/we-need-to-talk-about-session-tickets/
https://goo.gl/AZ8qRV (+)
https://halbecaf.com/2017/05/24/exploiting-a-v8-oob-write/
https://sockpuppet.org/blog/2015/01/15/against-dnssec/
https://goo.gl/Fk6FpM (+)
https://blog.ropchain.com/2017/04/03/disarming-emet-5-52/
https://ro-che.info/articles/2017-09-17-booking-com-manipulation
https://jordaneldredge.com/projects/winamp2-js/
http://georgemauer.net/2017/10/07/csv-injection.html
https://justi.cz/security/2017/10/07/rubygems-org-rce.html
https://blog.zsec.uk/subdomainhijack/
https://goo.gl/d6XGkh (+)
https://goo.gl/96rGuw (+)
http://www.chokepoint.net/2017/10/exposing-server-ips-behind-cloudflare.html
https://goo.gl/HEpNnN (+)
https://smartlockpicking.com/tutorial/my-smart-lock-vendor-disappeared/
https://goo.gl/z1zesp (+)
https://blog.liftsecurity.io/2017/04/14/sql-and-more-via-xss-in-pgadmin4/
https://goo.gl/F7fdBb (+)
https://sensepost.com/blog/2017/macro-less-code-exec-in-msword/
https://medium.com/websec/wordpress-sqli-bbb2afcc8e94
http://clickheretosavetheworld.com/
https://gavv.github.io/blog/pulseaudio-under-the-hood/
https://kate.io/blog/git-bomb/
https://blogs.securiteam.com/index.php/archives/3430
https://kciredor.com/taking-over-every-ad-on-olx-automated-an-idor-story.html
https://www.nomotion.net/blog/sharknatto/
https://warroom.securestate.com/cve-2017-9769/
https://www.krackattacks.com/
http://hexdetective.blogspot.pt/2017/02/exploiting-android-s-boot-getting.html
https://goo.gl/kqbzgz (+)
http://codepool.me/NET-Reverse-Enginering-Part-1/
https://goo.gl/Ap47c2 (+)
https://crocs.fi.muni.cz/public/papers/rsa_ccs17
https://www.bamsoftware.com/papers/fronting/
https://blog.flanker017.me/cve-2017-2416-gif-remote-exec/
https://goo.gl/sSF3up (+)
https://gist.github.com/1wErt3r/4048722
http://blog.intothesymmetry.com/2017/10/slack-saml-authentication-bypass.html
https://goo.gl/hMHdD7 (+)
http://infosecninja.blogspot.pt/2017/09/android-kiosk-browser-lock-down.html
http://subt0x10.blogspot.pt/2017/08/msxslexe-working-as-designed.html
https://goo.gl/5jwWoj (+)
https://0.me.uk/ev-phishing/
https://www.fidusinfosec.com/tp-link-remote-code-execution-cve-2017-13772/
http://bobao.360.cn/learning/detail/4534.html
http://www.sysadminjd.com/adv170014-ntlm-sso-exploitation-guide/
https://appelsiini.net/2017/reverse-engineering-location-services/
https://nickcano.com/reversing-league-of-legends-client/
https://fail0verflow.com/blog/2017/ps4-namedobj-exploit/
http://www.geeknik.net/7k9et2d9e
https://embedi.com/blog/uefi-bios-holes-so-much-magic-dont-come-inside
https://goo.gl/rYdJdk (+)
https://goo.gl/xASVx1 (+)
http://www.dicewarepasswords.com/
http://webjack.io/
https://goo.gl/Up218B (+)
http://stamone-bug-bounty.blogspot.pt/2017/10/dom-xss-auth_14.html
https://goo.gl/Arvvgp (+)
https://benkowlab.blogspot.pt/2017/05/feedback-on-how-to-build-smb-honeypot.html
https://goo.gl/kojasB (+)
https://edoverflow.com/2017/broken-link-hijacking/
https://security.tencent.com/index.php/blog/msg/116
https://lucasg.github.io/2017/10/15/Api-set-resolution/
https://goo.gl/n6rbcT (+)
https://goo.gl/STZHRC (+)
https://goo.gl/jkFJjg (+)
https://goo.gl/mJoCR2 (+)
http://agrrrdog.blogspot.pt/2017/03/autobinding-vulns-and-spring-mvc.html
https://adamcaudill.com/2017/10/04/exploiting-jackson-rce-cve-2017-7525/
https://www.sneakymonkey.net/2016/10/30/raspberrypi-nsm/
https://goo.gl/geiujj (+)
https://philippeharewood.com/posting-gifs-as-anyone-on-facebook/
https://ysx.me.uk/app-maker-and-colaboratory-a-stored-google-xss-double-bill/
https://goo.gl/Apc2Mr (+)
https://diablohorn.com/2017/08/15/brute-forcing-encrypted-web-login-forms/
https://git.stan.sh/SL-Process/DataBuster-VPN
https://pentestlab.blog/2017/08/29/command-and-control-dropbox/
https://goo.gl/DD871b (+)
https://reverse.put.as/2017/11/07/exploiting-cve-2017-5123/
https://pleasestopnamingvulnerabilities.com/
https://gdelugre.github.io/2017/11/06/samba-path-pivot-attack/
https://jesux.es/exploiting/blueborne-android-6.0.1/
https://modexp.wordpress.com/2017/10/30/poly-mutex-names/
http://research.rootme.in/stealing-csvs-crossdomain/
https://goo.gl/QyY7fX (+)
https://whereisk0shl.top/Dark%20Composition%20Exploit%20in%20Ring0.html
http://trillian.mit.edu/~jc/humor/ATT_Copyright_true.html
https://gamehistory.org/aladdin-source-code/
http://www.noob.ninja/2017/11/local-file-read-via-xss-in-dynamically.html
https://justi.cz/security/2017/11/14/couchdb-rce-npm.html
http://blog.vulspy.com/2017/11/09/Wordpress-4-8-2-SQL-Injection-POC/
http://rickyhan.com/jekyll/update/2017/11/10/bypassing-recaptcha.html
https://www.illuminatejs.com
https://bo0om.ru/chrome-and-safari-uxss
https://staaldraad.github.io/2017/11/12/polycom-hdx-rce/
https://goo.gl/zgaNZu (+)
https://ionize.com.au/stealing-amazon-ec2-keys-via-xss-vulnerability/
https://rot.fi/2017/11/07/wan-to-lan-exploitation-of-4g-broadband-modem/
https://goo.gl/oPM722 (+)
https://goo.gl/k6wTv6 (+)
https://depthsecurity.com/blog/using-python-to-get-a-shell-without-a-shell
http://antonioparata.blogspot.pt/2017/11/shed-inspect-net-malware-like-sir.html
https://xorl.wordpress.com/2017/11/11/cve-2017-13089-wget-http-integer-overflow/
https://edoverflow.com/2017/ruby-resolv-bug/
http://korban.net/posts/postgres/2017-11-02-the-case-against-orms/
https://martinmelhus.com/web-audio-modem/
https://statuscode.ch/2017/11/from-markdown-to-rce-in-atom/
https://blog.zsec.uk/rce-chain/
https://embedi.com/blog/skeleton-closet-ms-office-vulnerability-you-didnt-know-about
https://goo.gl/Mh8xdi (+)
https://ss64.com/ps/
https://mike-n1.github.io/ExtensionsOverview
https://goo.gl/sXaCHB (+)
https://goo.gl/6kXDq6 (+)
https://openeffect.ca/snifflab-an-environment-for-testing-mobile-devices/
https://goo.gl/SF3fE2 (+)
https://digi.ninja/blog/xss_steal_csrf_token.php
https://goo.gl/UWPKNC (+)
https://blog.xpnsec.com/becoming-system/
https://goo.gl/3LbCnL (+)
https://samczsun.com/privilege-escalation-legalrobot/
https://diablohorn.com/2017/05/21/quantum-insert-bypassing-ip-restrictions/
https://blog.conscioushacker.io/index.php/2017/10/25/evading-microsofts-autoruns/
https://goo.gl/hVo9SC (+)
https://nickjanetakis.com/blog/run-the-first-edition-of-unix-1972-with-docker
https://goo.gl/oQexiF (+)
https://ysx.me.uk/taking-note-xss-to-rce-in-the-simplenote-electron-client/
https://objective-see.com/blog/blog_0x24.html
http://c0d3g33k.blogspot.pt/2017/11/story-of-json-xss.html
https://osandamalith.com/2017/03/24/places-of-interest-in-stealing-netntlm-hashes
http://jacksonbaker.net/reverse-engineering-the-misfit-bolt-btle-protocol/
https://medium.com/bindecy/huge-dirty-cow-cve-2017-1000405-110eca132de0
https://haiderm.com/fully-undetectable-backdooring-pe-files/
https://goo.gl/k5FhZY (+)
https://goo.gl/1oGthj (+)
https://raesene.github.io/blog/2017/05/01/Kubernetes-Security-etcd/
https://medium.com/@5yx/dde-word-exec-3e57cc45b401
https://www.xorrior.com/You-Have-The-Right-to-Remain-Cylance/
https://medium.com/@infodox/pwning-red-team-toys-crunchrat-rce-ce83e1d09ae9
http://blog.sec-consult.com/2017/04/what-unites-hp-philips-and-fujitsu-one.html
http://tldr.sh/
http://www.readylinux.com/
https://www.darkoperator.com/blog/2017/11/20/some-comments-and-thoughts-on-tradecraft
https://goo.gl/XrGehX (+)
https://goo.gl/VdAeoT (+)
https://www.mailsploit.com/index
https://goo.gl/oTx3iE (+)
https://bitrot.sh/post/30-11-2017-domain-fronting-with-meterpreter/
http://decidedlygray.com/2017/08/10/modifying-and-building-burp-extensions/
https://blog.elcomsoft.com/2017/11/ios-11-horror-story-the-rise-and-fall-of-ios-security/
https://goo.gl/FZuEMi (+)
https://codinguy.net/2013/06/03/insertion-encoderdecoder-shellcode/
http://blog.bentkowski.info/2017/11/yet-another-google-caja-bypasses-hat.html
http://az4n6.blogspot.fr/2017/10/finding-and-decoding-malicious.html
https://www.chrisdcmoore.co.uk/post/oneplus-analytics/
http://blog.talosintelligence.com/2017/11/exploiting-cve-2016-2334.html
https://blog.xpnsec.com/windows-warbird-privesc/
https://www.twistlock.com/2017/11/20/cve-2017-16544-busybox-autocompletion-vulnerability/
http://karl-voit.at/2016/02/07/accessing-home-ssh-via-tor/
http://dmitry.gr/?r=05.Projects&proj=07.%20Linux%20on%208bit
http://c0rni3sm.blogspot.pt/2014/02/youtube-stored-xss-strikes-back.html
http://blog.saynotolinux.com/2014/02/05/whats-that-smell-sniffing-cross-origin-frames-in-firefox/
https://blog.whitehatsec.com/flash-307-redirect-game-over/
https://www.scriptjunkie.us/2014/02/installing-linux-on-a-live-windows-system/
http://insert-script.blogspot.co.at/2014/02/svg-fun-time-firefox-svg-vector.html
http://projectshellcode.com/?q=node/12
http://bugscollector.com/tricks/12/
http://blog.sucuri.net/2014/02/new-iframe-injections-leverage-png-image-metadata.html
http://www.troyhunt.com/2014/02/heres-how-bell-was-hacked-sql-injection.html
http://blogs.law.harvard.edu/zeroday/2014/02/05/so-this-is-what-getting-pwned-is-like/
http://imgur.com/LiixgJ4
https://www.schneier.com/blog/archives/2014/02/hacking_airline.html
https://www.youtube.com/watch?v=tc4ROCJYbm0
http://www.orenh.com/2014/06/one-token-to-rule-them-all-tale-of.html
http://c0rni3sm.blogspot.pt/2014/06/xss-in-google-mapmaker.html
https://cybersmartdefence.com/docs/Paypal-Safely-Double-your-Money.csd
http://nahamsec.com/?p=267
https://zyan.scripts.mit.edu/blog/a-boring-xss-dissection/
http://n0where.net/hexinject/
https://www.shellterproject.com/introducing-shellter/
http://blog.cylance.com/a-study-in-bots-lobotomy
http://iss.oy.ne.ro/Aether
http://blog.opensecurityresearch.com/2014/05/multi-stagedmulti-form-csrf.html
http://sirdarckcat.blogspot.pt/2014/05/matryoshka-web-application-timing.html
http://labs.neohapsis.com/2014/06/02/smarttv-smartphone-dial-an-attack-surface/
http://xn--thibaud-dya.fr/jenkins_credentials.html
http://penturalabs.wordpress.com/2014/03/17/iclass-is-not-enough/
http://piratebox.cc/
https://robotattack.org/
https://medium.com/bugbountywriteup/bug-bounty-fastmail-feeda67905f5
https://goo.gl/v2uyi2 (+)
http://www.pwntester.com/blog/2013/12/23/rce-via-xstream-object-deserialization38/
https://goo.gl/1knbkp (+)
https://www.tarlogic.com/en/blog/exploiting-word-cve-2017-11826/
https://lewisardern.github.io/2017/12/10/blind-xss/
https://benkowlab.blogspot.pt/2017/12/an-inside-view-of-password-stealer.html
https://research.kudelskisecurity.com/2017/11/01/zigbee-security-basics-part-1/
https://medium.com/@palantir/osquery-across-the-enterprise-3c3c9d13ec55
https://symeonp.github.io/2017/09/17/fuzzing-winafl.html
https://goo.gl/RchdtG (+)
https://goo.gl/GxynDa (+)
https://dnstrails.com
https://medium.com/@shinkurt/exploiting-a-tricky-xss-in-zendesk-80bdeaea4dad
http://www.sxcurity.pro/2017/12/17/hackertarget/
https://nyansatan.github.io/dualboot/
https://packettotal.com/
https://bsdmag.org/freebsd-port-knocking-abdorrahman-homaei/
https://www.talosintelligence.com/reports/TALOS-2017-0432
https://goo.gl/k67GVK (+)
http://riscy.business/2017/12/lenovos-unsecured-objects/
http://blog.blindspotsecurity.com/2017/12/advanced-sql-server-mitm-attacks.html
https://goo.gl/7i24Kk (+)
https://msitpros.com/?p=3909
http://www.alexlambert.com/2017/12/18/kernel-debugging-for-newbies.html
https://goo.gl/KUrtkX (+)
https://www.twosixlabs.com/bluesteal-popping-gatt-safes/
http://blog.stratumsecurity.com/2016/06/13/websockets-auth/
https://goo.gl/EKsvWq (+)
https://wiki.postgresql.org/wiki/Sudoku_solver
https://ha.cking.ch/s8_data_line_locator/
https://hawkinsecurity.com/2017/12/13/rce-via-spring-engine-ssti/
https://www.cyberis.co.uk/burp_macros.html
https://secrary.com/ReversingMalware/UnpackingShade/
https://staaldraad.github.io/2017/12/20/netstat-without-netstat/
https://goo.gl/NpBqrf (+)
https://goo.gl/R5sLzw (+)
https://lbarman.ch/blog/stack_smashing/
https://lanrat.com/tethr/
http://blog.gaurangbhatnagar.com/2017/12/02/Hacking-a-dating-app.html
https://laskowski-tech.com/2017/12/19/setting-up-a-honeypot-using-opencanary/
https://goo.gl/c3uMW2 (+)
https://qiita.com/_pochi/items/4e20e38deee16a7615e1
https://www.fireeye.com/blog/threat-research/2017/05/gaining-root-on-lenovo-vibe.html
http://sshtron.zachlatta.com/
https://gist.github.com/keo/00f20ef27eddcdae78ab
https://meltdownattack.com/
http://blog.blackfan.ru/2018/01/polygooglecom-xss.html
https://goo.gl/a3jJxR (+)
http://www.blackhillsinfosec.com/?p=5633
https://devco.re/blog/2017/12/11/Exim-RCE-advisory-CVE-2017-16943-en/
http://arnaucode.com/blog/coffeeminer-hacking-wifi-cryptocurrency-miner.html
https://www.elttam.com.au/blog/goahead/
http://saleemrashid.com/2017/08/17/extracting-trezor-secrets-sram/
https://goo.gl/iyryvz (+)
https://goo.gl/MPbfyS (+)
https://objective-see.com/blog/blog_0x22.html
https://goo.gl/BdbbZg (+)
https://0x0.li/trackmageddon/
https://damow.net/building-a-thermal-camera/
https://ml-cheatsheet.readthedocs.io/en/latest/index.html
https://cr0n1c.wordpress.com/2018/01/08/exploiting-cheap-labor/
https://rcoh.me/posts/two-factor-auth/
https://www.xorrior.com/In-Memory-Python-Imports/
https://nickbloor.co.uk/2018/01/01/rce-with-bmc-server-automation/
https://siguza.github.io/IOHIDeous/
http://www.sxcurity.pro/2017/11/27/tricky-CORS/
https://wpshout.com/complete-guide-sanitizing-escaping/
https://goo.gl/MGEbmE (+)
https://www.anquanke.com/post/id/94210
http://www.shelliscoming.com/2017/05/post-exploitation-mounting-vmdk-files.html
http://blog.en.elevenpaths.com/2017/12/breaking-out-hsts-and-hpkp-on-firefox.html
https://www.digitalinterruption.com/single-post/2018/01/04/ToyTalkBugBountyWriteup
https://medium.com/@palantir/alerting-and-detection-strategy-framework-52dc33722df2
https://goo.gl/Nkrdni (+)
https://iknowwhatyoudownload.com/
https://www.zachaysan.com/writing/2017-12-30-zero-width-characters
https://blog.kintoandar.com/2018/01/Building-healthier-containers.html
https://blog.xpnsec.com/evernote-webclipper-uxss/
http://www.sxcurity.pro/2018/01/11/chaining-yahoo-bugs/
https://www.josipfranjkovic.com/blog/hacking-facebook-oculus-integration-csrf
https://gist.github.com/singe/cba85800dd6e701c53d0614d8506b281
https://goo.gl/aXGp9i (+)
https://www.nvteh.com/news/problems-with-public-ebs-snapshots
https://goo.gl/kw77MT (+)
https://duo.com/blog/understanding-bluetooth-security
https://blog.fox-it.com/2018/01/11/mitm6-compromising-ipv4-networks-via-ipv6/
https://goo.gl/tzHsjA (+)
https://johanengelen.github.io/ldc/2018/01/14/Fuzzing-with-LDC.html
https://klikki.fi/adv/formidable.html
https://dhavalkapil.com/blogs/FILE-Structure-Exploitation/
https://goo.gl/qgb6YU (+)
http://www.keras4kindergartners.com/
https://blog.benjojo.co.uk/post/dns-filesystem-true-cloud-storage-dnsfs
https://www.rcesecurity.com/2017/08/from-lfi-to-rce-via-php-sessions/
http://blog.orange.tw/2018/01/php-cve-2018-5711-hanging-websites-by.html
http://az4n6.blogspot.pt/2018/01/mounting-apfs-image-in-linux.html
https://diablohorn.com/2017/10/26/port-scanning-without-an-ip-address/
https://pseudolaboratories.github.io/DarkComet-upload-vulnerability/
https://pentesterslife.blog/2017/11/24/x64-egg-hunting-in-linux-systems/
https://franklinta.com/2014/08/31/predicting-the-next-math-random-in-java/
https://blog.zsec.uk/out-of-band-xxe-2/
https://goo.gl/tDcRZs (+)
https://whereisk0shl.top/post/2018-01-17
https://klikki.fi/adv/wpgform.html
https://ownyourbits.com/2017/10/29/sandbox-your-applications-with-firejail/
https://blogs.securiteam.com/index.php/archives/3649
https://makecode.com/
https://startyourownisp.com/
http://nullprogram.com/blog/2014/12/23/
http://blog.jr0ch17.com//2018/No-RCE-then-SSH-to-the-box/
https://goo.gl/e4HC7r (+)
http://whitehatstories.blogspot.in/2018/01/how-i-could-have-hacked-facebook.html
https://homjxi0e.wordpress.com/2018/01/20/whitelisting-bypassing-using-netsh-exec/
http://www.sploitspren.com/2018-01-26-Windows-Privilege-Escalation-Guide/
http://blog.swiecki.net/2018/01/fuzzing-tcp-servers.html
https://goo.gl/7QyUuJ (+)
https://goo.gl/Wtt6CB (+)
https://goo.gl/UGB2Ce (+)
https://depthsecurity.com/blog/exploiting-custom-template-engines
https://www.codemetrix.net/when-your-dns-leaks-your-infrastructure/
https://sqlwiki.netspi.com/
https://bazad.github.io/2017/09/live-kernel-introspection-ios/
http://blog.ptsecurity.com/2018/01/running-unsigned-code-in-intel-me.html
https://goo.gl/K7hbDW (+)
https://landave.io/2018/01/7-zip-multiple-memory-corruptions-via-rar-and-zip
http://ponzicoin.co/home.html
https://ponnuki.net/2012/09/kindleberry-pi/
https://ahussam.me/Amazon-leaking-csrf-token-using-service-worker/
https://inteltechniques.com/buscador/
https://xorl.wordpress.com/2018/02/04/ssh-hijacking-for-lateral-movement/
https://blog.tarq.io/vestacp-root-privilege-escalation/
https://xorl.wordpress.com/2017/11/20/reverse-engineering-isdebuggerpresent/
https://goo.gl/8pqJek (+)
https://goo.gl/646izH (+)
http://trackwatch.com/windows-kernel-pool-spraying/
https://goo.gl/8JYRYz (+)
https://thatoddmailbox.github.io/2017/01/28/iotaseed.html
https://goo.gl/V3dMKJ (+)
https://www.n00py.io/2017/01/removing-backdoors-powershell-empire-edition/
http://www.paulosyibelo.com/2018/02/hotspot-shield-cve-2018-6460-sensitive.html
https://jsnes.fir.sh/
https://x8x.net/2017/11/19/home-alarm-vs-bus-pirate/
https://diagprov.ch/posts/2017/03/a-polyglot-mbrpdfjarzip-cv.html
https://blog.jensec.co/clickjacking-in-google-root-picker/
https://sites.google.com/site/testsitehacking/-7-5k-Google-services-mix-up
https://gist.github.com/PseudoLaboratories/260b6f24844785aacc1e2fb61dd05c01
https://goo.gl/si8EhL (+)
https://goo.gl/21Vtnp (+)
https://mohemiv.com/all/evil-xml/
http://sploit3r.xyz/blueborne-exploitation-nexus-4/
http://www.greyhathacker.net/?p=1006
https://x-c3ll.github.io/posts/javascript-antidebugging/
https://osandamalith.com/2018/02/11/mysql-udf-exploitation/
http://baraktawily.blogspot.pt/2018/02/how-to-dos-29-of-world-wide-websites.html
https://www.halfdog.net/Security/2017/LibcRealpathBufferUnderflow/
https://www.cybereason.com/blog/new-lateral-movement-techniques-abuse-dcom-technology
https://www.secforce.com/blog/2014/02/from-cvs-import-to-cmd-exe-via-sql-injection/
https://blog.pnb.io/2018/02/bruteforcing-linux-full-disk-encryption.html
http://sandboxescaper.blogspot.pt/2018/02/how-to-escape-sandboxes-without.html
http://www.tomanthony.co.uk/blog/googlebot-javascript-random/
https://transfer.sh/
http://0x90909090.blogspot.pt/2015/07/no-one-expect-command-execution.html
http://www.insinuator.net/2014/05/django-image-validation-vulnerability/
http://blog.cyberint.com/2014/05/facebook-hidden-friends-vulnerability.html
http://blog.includesecurity.com/2014/06/exploit-walkthrough-cve-2014-0196-pty-kernel-race-condition.html
http://hacksecproject.com/?p=73
http://immunityservices.blogspot.pt/2014/06/from-patch-to-crash-story-of-ms13-089.html
http://joe4security.blogspot.pt/2014/06/the-power-of-cookbooks-generic-https.html
http://itsecurity.telelink.com/dhcp-attacks/
https://code.google.com/p/ghost-usb-honeypot/
http://blog.quarkslab.com/usb-fuzzing-basics-from-fuzzing-to-bug-reporting.html
http://hackerforhire.com.au/data-exfiltration-over-ssl-with-srvdir/
http://pastebin.com/raw.php?i=9s4TVqZq
http://lambdaops.com/rm-rf-remains
https://bughunt1307.herokuapp.com/googlebugs.html
https://bugs.chromium.org/p/project-zero/issues/detail?id=1524
http://woshub.com/port-forwarding-in-windows/
https://malpedia.caad.fkie.fraunhofer.de/
https://goo.gl/MEEp3F (+)
https://0x00sec.org/t/malware-reversing-burpsuite-keygen/5167
https://medium.com/@petergombos/lm-ntlm-net-ntlmv2-oh-my-a9b235c58ed4
http://riscy.business/2018/02/ida-remote-execution/
http://konukoii.com/blog/2018/02/16/5-min-tutorial-root-via-uart/
https://zachgrace.com/2018/02/20/cobalt_strike_redirectors.html
https://medium.com/@europa_/recoinnassance-7840824b9ef2
http://blog.frizn.fr/glibc/glibc-heap-to-rip
https://textslashplain.com/2018/02/14/understanding-the-limitations-of-https/
https://medium.com/@appmattus/android-security-ssl-pinning-1db8acb6621e
https://ipx.ac/run
https://ide.onelang.io/
https://goo.gl/LAUsok (+)
https://slashcrypto.org/2018/02/27/TenX_Account_Takeover/
https://hackerone.com/reports/303061
https://goo.gl/NnoZPp (+)
https://goo.gl/YjRkGK (+)
http://jsyang.ca/hacks/gear-vr-rev-eng/
https://nickbloor.co.uk/2018/02/28/popping-wordpress/
http://agrrrdog.blogspot.pt/2018/01/java-deserialization-misusing-ojdbc-for.html
http://www.freebuf.com/articles/terminal/160041.html
https://tunnelshade.in/blog/2018/01/afl-internals-compile-time-instrumentation/
https://krbtgt.pw/smbv3-null-pointer-dereference-vulnerability/
http://blog.ptsecurity.com/2018/02/new-bypass-and-protection-techniques.html
https://www.mike-gualtieri.com/posts/stealing-data-with-css-attack-and-defense
https://disconnect3d.pl/2018/02/24/log-injection-aka-tailing-logs-is-unsafe/
https://waveforms.surge.sh/waveforms-intro
https://medium.com/@malcomvetter/responsible-red-teams-1c6209fd43cc
https://goo.gl/eSAL6F (+)
https://s1gnalcha0s.github.io/dspl/2018/03/07/Stored-XSS-and-SSRF-Google.html
https://goo.gl/epujHQ (+)
https://zeltser.com/analyzing-malicious-documents/
https://goo.gl/46qXeQ (+)
https://heap-exploitation.dhavalkapil.com/
https://goo.gl/S4zdcJ (+)
https://erpscan.com/press-center/blog/adapting-hashcat-for-sap-half-hashes/
https://goo.gl/iNxWA1 (+)
https://blog.varonis.com/understanding-malware-free-hacking-part/
https://bazad.github.io/2018/03/a-fun-xnu-infoleak/
https://arxiv.org/pdf/1710.08864.pdf
https://osandamalith.com/2018/02/01/exploiting-format-strings-in-windows/
https://hackmd.io/s/rJ-3VKNPG
http://blog.koehntopp.info/index.php/3075-how-not-to-run-a-ca/
https://lightningsecurity.io/blog/bypassing-payments-using-webhooks/
https://www.josipfranjkovic.com/blog/facebook-friendlist-paymentcard-leak
https://labs.detectify.com/2018/03/14/graphql-abuse/
https://goo.gl/vNVzN1 (+)
https://www.eideon.com/2018-03-02-THL03-WMIBackdoors/
http://blog.japaric.io/safe-dma/
https://goo.gl/iz1hLP (+)
https://secdevops.ai/ios-static-analysis-and-recon-c611eaa6d108
https://goo.gl/ND8WeR (+)
https://reboare.github.io/lxd/lxd-escape.html
https://medium.com/@vysec.private/alibaba-cdn-domain-fronting-1c0754fa0142
https://blog.stealthbits.com/dcshadow-attacking-active-directory-with-rogue-dcs/
https://medium.com/secjuice/php-ssrf-techniques-9d422cb28d51
https://infocon.org/
https://opnsec.com/2018/03/stored-xss-on-facebook/
https://ahussam.me/Leaking-WordPress-CSRF-Tokens/
https://hackerone.com/reports/300748
https://www.unix-ninja.com/p/A_cheat-sheet_for_password_crackers
http://developers-club.com/posts/250999/
https://goo.gl/cAHW3N (+)
https://rastamouse.me/2018/03/laps---part-1/
https://saleemrashid.com/2018/03/20/breaking-ledger-security-model/
https://ryan.govost.es/2018/03/09/deepsound.html
https://staaldraad.github.io/post/2018-03-16-quick-win-with-graphql/
https://goo.gl/y1y8bn (+)
https://blog.jessfraz.com/post/building-container-images-securely-on-kubernetes/
https://oddvar.moe/2018/03/21/persistence-using-runonceex-hidden-from-autoruns-exe/
https://www.guardicore.com/2018/03/recovering-plaintext-passwords-azure/
https://goo.gl/64sxc8 (+)
http://misteralfa-hack.blogspot.pt/2018/03/leaking-facebook-internal-ip.html
https://codewhitesec.blogspot.pt/2018/03/exploiting-adobe-coldfusion.html
http://tech.jonathangardner.net/wiki/Why_Java_Sucks
https://gethead.info/
https://medium.com/@Alra3ees/google-adwords-3133-7-stored-xss-27bb083b8d27
https://hawkinsecurity.com/2018/03/24/gaining-filesystem-access-via-blind-oob-xxe/
https://zero-day.io/modifyexploits/
https://blog.jli.host/posts/cf-auto-minify/
https://www.leavesongs.com/PENETRATION/client-session-security.html
https://goo.gl/fnxgfx (+)
https://jellyhive.com/activity/posts/2018/03/26/csp-implementations-are-broken/
https://magisterquis.github.io/2018/03/11/process-injection-with-gdb.html
https://medium.com/@cloudyforensics/how-to-perform-aws-cloud-forensics-309a03a77aee
https://goo.gl/93GuBP (+)
https://goo.gl/5Nu3xo (+)
https://goo.gl/Vunae1 (+)
https://ncona.com/2015/02/consuming-a-google-id-token-from-a-server/
https://jeremyrickard.github.io/post/fun-with-aci/
https://pjreddie.com/darknet/yolo/
https://jgthms.com/javascript-in-14-minutes/
https://ngailong.wordpress.com/2018/02/13/the-mystery-of-postmessage/
http://bit.ly/2IxLqdT (+)
http://www.getmantra.com/web-app-security-testing-with-browsers/
https://syscall.eu/blog/2018/03/12/aigo_part1/
http://gosecure.net/2018/04/03/beyond-xss-edge-side-include-injection/
http://bluec0re.blogspot.pt/2018/03/cve-2018-7160-pwning-nodejs-developers.html
https://blog.ice9.us/2018/04/stealing-credit-cards-from-fuze-bluetooth.html
https://magisterquis.github.io/2018/03/31/in-memory-only-elf-execution.html
https://medium.com/@cintainfinita/knocking-down-the-big-door-8e2177f76ea5
http://blog.orange.tw/2018/03/pwn-ctf-platform-with-java-jrmp-gadget.html
https://phoenhex.re/2018-03-25/not-a-vagrant-bug
https://lightbulbone.com/posts/2016/10/dsmos-kext/
https://krbtgt.pw/windows-remote-assistance-xxe-vulnerability/
http://bit.ly/2Gz3aJj (+)
https://holeybeep.ninja/
http://bit.ly/2q81V8U (+)
https://www.anishathalye.com/2018/04/03/macbook-touchscreen/
https://philippeharewood.com/facebook-graphql-csrf/
http://bit.ly/2v6ODPN (+)
https://secrary.com/Random/BypassUserHooks/
http://bit.ly/2HvXjSg (+)
https://jdow.io/blog/2018/03/18/web-application-penetration-testing-methodology/
https://blog.fabiopires.pt/running-your-instance-of-burp-collaborator-server/
http://bit.ly/2GSKOmB (+)
http://bit.ly/2EGBVGP (+)
https://medium.com/@yassergersy/xss-to-session-hijack-6039e11e6a81
https://snyk.io/blog/attacking-an-ftp-client/
https://www.mindpointgroup.com/blog/pen-test/cloudfront-hijacking/
https://embedi.com/blog/reflecting-upon-owasp-top-10-iot-vulnerabilities/
https://clo.ng/blog/osquery_reverse_shell/
https://medium.com/@jeremy.trinka/event-log-auditing-demystified-75b55879f069
http://bit.ly/2EFUPhc (+)
https://osandamalith.com/2018/04/07/haxing-minesweeper/
https://blog.benjojo.co.uk/post/tor-onions-to-v6-with-iptables-proxy
http://bit.ly/2HfV9ZS (+)
http://bit.ly/2HylK3L (+)
http://bit.ly/2HbjccF (+)
https://www.dasp.co/
https://gist.github.com/sirdarckcat/fe8ce94ef25de375d13b7681d851b7b4
https://pythontips.com/2018/04/15/reverse-engineering-soundcloud-api/
http://byte-atlas.blogspot.pt/2018/04/apivectors.html
http://bit.ly/2qL2dCT (+)
http://bit.ly/2HMh9c9 (+)
https://ifc0nf1g.xyz/blog/post/pwning-admin-panel-with-recon/
http://www.duskborn.com/how-to-read-write-llvm-bitcode/
http://bit.ly/2JbbAU5 (+)
https://paper.seebug.org/563/
https://blog.benjojo.co.uk/post/encoding-data-into-dubstep-drops
https://lightningsecurity.io/blog/linkedin/
http://bit.ly/2HsCqdK (+)
http://bit.ly/2vOHq71 (+)
http://blog.secu.dk/blog/Tunnels_in_a_hard_filtered_network
https://security.szurek.pl/exploit-bypass-php-escapeshellarg-escapeshellcmd.html
http://csl.com.co/rid-hijacking/
http://bit.ly/2KgT5i9 (+)
https://blog.xpnsec.com/total-meltdown-cve-2018-1038/
http://touhidshaikh.com/blog/?p=790
https://arvanaghi.com/blog/reversing-ethereum-smart-contracts/
http://bit.ly/2JqTRIs (+)
https://habrahabr.ru/post/272187/
http://blogs.360.cn/blog/how-to-kill-a-firefox-en/
http://bit.ly/2HQEpYV (+)
https://w00tsec.blogspot.pt/2018/04/abusing-mysql-local-infile-to-read.html
http://bit.ly/2vRctiE (+)
http://lab.onsec.ru/2014/06/xxe-oob-exploitation-at-java-17.html
http://blog.rop.io/http-cache-poisoning-explained.html
http://www.freebuf.com/articles/terminal/36503.html
https://www.duosecurity.com/blog/duo-security-researchers-uncover-bypass-of-paypal-s-two-factor-authentication
https://gist.github.com/willurd/5720255
http://www.sploitmonkey.com/2014/06/introducing-pyhashcat.html
http://sourceforge.net/projects/zeppoo/
https://examplecode.github.io/tools/2014/06/20/the-tools-prevent-dns-cache-pollution/
http://blog.crackpassword.com/2014/06/breaking-into-icloud-no-password-required/
http://www.labofapenetrationtester.com/2014/06/hacking-jenkins-servers.html
http://www.harmj0y.net/blog/
http://hashcrack.org/index.html#190614
http://yurichev.com/RE-book.html
https://medium.com/@oleavr/build-a-debugger-in-5-minutes-1-5-51dce98c3544
https://www.technovelty.org/linux/what-actually-happens-when-you-plug-in-a-usb-device.html
https://dicesoft.net/projects/wildcard-code-execution-exploit.htm
https://eligrey.com/blog/google-inbox-spoofing-vulnerability/
http://bit.ly/2Ib7xua (+)
http://bit.ly/2rjGMcf (+)
http://bit.ly/2rjC1zr (+)
https://erpscan.com/press-center/blog/oracle-ebs-penetration-testing-tool/
https://www.exploit-db.com/exploits/44553/
https://telekomsecurity.github.io/2018/04/trovebox-vulnerabilities.html
https://keenlab.tencent.com/en/2018/04/23/A-bunch-of-Red-Pills-VMware-Escapes/
https://www.computest.nl/wp-content/uploads/2018/04/connected-car-rapport.pdf
http://bit.ly/2jqx9oP (+)
http://www.danielbohannon.com/blog-1/2018/3/19/test-your-dfir-tools-sysmon-edition
http://bit.ly/2HNPhHA (+)
https://insert-script.blogspot.pt/2018/05/adobe-reader-pdf-client-side-request.html
http://blog.nsfocus.net/cve-2018-6574/
https://0x00rick.com/research/2018/04/20/afl_intro.html
http://bit.ly/2jt5eVl (+)
https://www.atredis.com/blog/cylance-privilege-escalation-vulnerability
http://hanno-rein.de/archives/349
https://blog.benjojo.co.uk/post/tls-https-server-from-a-yubikey
https://charles.dardaman.com/js_coinhive_in_excel
http://blog.mindedsecurity.com/2018/04/dom-based-cross-site-scripting-in.html
http://bit.ly/2rzhJCi (+)
https://michael-eder.net/post/2018/native_rdp_pass_the_hash/
https://goo.gl/JyAG1p (+)
https://xiaodaozhi.com/exploit/117.html
http://blog.redactedsec.net/exploits/2018/04/26/nagios.html
http://bit.ly/2rwqr5c (+)
https://diablohorn.com/2018/02/04/identify-a-whitelisted-ip-address/
https://medium.com/101-writeups/hacking-json-web-token-jwt-233fe6c862e6
http://bit.ly/2wuN0Mn (+)
http://sploit3r.xyz/cve-2017-13284-injection-in-configuration-file/
https://medium.com/@vysec.private/domain-fronting-who-am-i-3c982ccd52e6
http://everdox.net/popss.pdf
https://gdprchecklist.io/
http://bit.ly/2KdA5k3 (+)
https://momo5502.com/blog/?p=34
http://bit.ly/2rNr5LC (+)
http://bit.ly/2rKklhB (+)
https://ivrodriguez.com/reverse-engineer-ios-apps-ios-11-edition-part1/
https://blog.ensilo.com/ctrl-inject
http://bit.ly/2KuMPCX (+)
http://bit.ly/2Iofw7L (+)
https://gdelugre.github.io/2018/05/10/3gpp-ota-security-evolution/
https://systemoverlord.com/2018/04/16/the-iot-hackers-toolkit.html
https://musings.konundrum.org/2018/05/03/debugging-windows-services.html
https://0xpatrik.com/asset-discovery/
http://bit.ly/2Kyi5AT (+)
http://www.insomniacsecurity.com/2018/05/09/boblobblob.html
https://neonsea.uk/blog/2018/04/15/pwn910nd.html
https://efail.de/
http://ryan.govost.es/2018/03/27/sakuracam.html
https://try.mydatarequest.com/
https://hackerone.com/reports/341876
https://sites.google.com/site/testsitehacking/-36k-google-app-engine-rce
http://newosxbook.com/tools/jtool.html
https://x1m.nl/posts/laravel-xss-vuln/
https://jaiverma.github.io/blog/ios-game-hacking
http://bit.ly/2KT59WD (+)
http://deniable.org/reversing/symbolic-execution
http://bit.ly/2GMLZ1V (+)
https://blog.jli.host/posts/cloudflare-scrape-shield/
https://security.szurek.pl/gitbucket-unauthenticated-rce.html
https://medium.com/@canavaroxum/xxe-on-windows-system-then-what-76d571d66745
http://bit.ly/2s4NrHM (+)
http://www.harmj0y.net/blog/powershell/command-and-control-using-active-directory/
https://blog.benjojo.co.uk/post/bgp-battleships
http://www.computerhistory.org/atchm/adobe-photoshop-source-code/
https://www.robertxiao.ca/hacking/locationsmart/
https://hackerone.com/reports/85624
https://poc-server.com/blog/2018/05/22/rce-by-uploading-a-web-config/
http://www.orionforensics.com/w_en_page/USB_forensic_tracker.php
http://bit.ly/2J4uc8r (+)
https://andresriancho.com/recaptcha-bypass-via-http-parameter-pollution/
https://justi.cz/security/2018/05/23/cdn-tar-oops.html
http://bit.ly/2kGAXmA (+)
http://blogs.360.cn/blog/eos-node-remote-code-execution-vulnerability/
https://rhinosecuritylabs.com/aws/amazon-aws-misconfiguration-amazon-go/
https://embedi.com/blog/dji-spark-hijacking/
https://silviavali.github.io/Electron/only_an_electron_away_from_code_execution
https://blog.doyensec.com/2018/05/17/graphql-security-overview.html
http://bit.ly/2xwjIgR (+)
http://devalias.net/devalias/2018/05/13/usb-reverse-engineering-down-the-rabbit-hole/
https://gdprhallofshame.com/
https://resinos.io/
http://www.maizure.org/projects/printf/index.html
http://bit.ly/2Lv2eUp (+)
https://blog.innerht.ml/internet-explorer-has-a-url-problem/#rpoingooglefusiontable
https://hackertarget.com/tcpdump-examples/
http://bit.ly/2HrpwYT (+)
https://staaldraad.github.io/post/2018-06-03-cve-2018-11235-git-rce/
https://blahcat.github.io/2018/03/11/fuzzing-arbitrary-functions-in-elf-binaries/
https://www.serializing.me/2018/06/03/rooting-the-technicolor-7210/
http://bit.ly/2JzKqtY (+)
http://gosecure.net/2018/05/15/beware-of-the-magic-spell-part-1-cve-2018-1273/
https://ownyourbits.com/2018/05/23/the-real-power-of-linux-executables/
https://blogs.securiteam.com/index.php/archives/3689
https://nytrosecurity.com/2018/05/30/understanding-java-deserialization/
https://nbulischeck.io/posts/misusing-debugfs-for-in-memory-rce
http://bigric3.blogspot.pt/2018/05/cve-2018-8120-analysis-and-exploit.html
https://eklitzke.org/lobotomizing-gnome
https://wtfutil.com
http://bit.ly/2JFjwl2 (+)
https://www.bishopfox.com/blog/2018/06/server-side-spreadsheet-injections/
http://rift.stacktitan.com/debug-survival-the-compiled-dll/
https://gist.github.com/ricardojba/ecdfe30dadbdab6c514a530bc5d51ef6
http://bit.ly/2JT6dNe (+)
https://blog.umangis.me/persistent-r-w-on-ios-11-2-6/
https://wojciechregula.blog/your-encrypted-photos-in-macos-cache/
https://blog.ret2.io/2018/06/05/pwn2own-2018-exploit-development/
https://blog.ripstech.com/2018/moodle-remote-code-execution/
https://intoli.com/blog/not-possible-to-block-chrome-headless/
http://bit.ly/2JOjXp8 (+)
https://neopg.io/blog/enigmail-signature-spoof/
https://blog.spaceduck.io/siaberry-1/
http://bit.ly/2JQFTTP (+)
http://bit.ly/2JAq4l3 (+)
https://undercurrents.io/
https://bernsteinbear.com/blog/how-to-mess-with-your-roommate/
https://jamchamb.github.io/2018/06/09/animal-crossing-developer-mode.html
https://sekurak.pl/xss-w-google-colaboratory-obejscie-content-security-policy/
http://bit.ly/2yFRocH (+)
http://10degres.net/testing-flash-swf/
https://codewhitesec.blogspot.com/2018/06/cve-2018-0624.html
https://www.sxcurity.pro/advanced-cors-techniques/
https://medium.com/secjuice/waf-evasion-techniques-718026d693d8
https://payatu.com/guide-linux-privilege-escalation/
https://blog.sigmaprime.io/solidity-security.html
https://blog.vulnspy.com/2018/06/21/phpMyAdmin-4-8-x-Authorited-CLI-to-RCE/
http://bit.ly/2MJqvHL (+)
http://bit.ly/2tgPERM (+)
https://www.tarlogic.com/en/blog/red-team-tales-0x01/
https://www.sec-1.com/blog/2017/office365-activesync-username-enumeration
http://bit.ly/2KacLqQ (+)
http://bit.ly/2MxC5V9 (+)
https://finnwea.com/blog/stealing-passwords-from-mcdonalds-users/
https://blog.bentkowski.info/2018/06/setting-arbitrary-request-headers-in.html
https://0xpatrik.com/subdomain-takeover-starbucks/
http://mattwarren.org/2018/06/15/Tools-for-Exploring-.NET-Internals/
https://blog.netspi.com/databases-and-clouds-sql-server-as-a-c2/
http://agarri.fr/docs/ipobf.py
http://bit.ly/2KgbW0I (+)
http://bit.ly/2yyota8 (+)
http://bit.ly/2N7QCrJ (+)
https://latacora.singles/2018/06/21/loud-subshells.html
https://www.codewatch.org/blog/?p=453
http://bit.ly/2tCi7BH (+)
https://alephsecurity.com/2018/06/26/spectre-browser-query-cache/
http://bit.ly/2KhAN4f (+)
https://stek29.rocks/2018/06/26/nvram.html
https://modexp.wordpress.com/2018/06/08/stop-event-logger/
https://medium.com/0xcc/bypass-macos-rootless-by-sandboxing-5e24cca744be
https://srcincite.io/blog/2018/05/21/adobe-me-and-a-double-free.html
http://bit.ly/2Kup8ec (+)
http://bit.ly/2KQdVoE (+)
http://bit.ly/2tXqWX4 (+)
https://gitlab.com/0x4ndr3/blog/tree/master/JSgen
https://hansesecure.de/backdooring-pe-file-with-aslr/
https://alter-attack.net/
https://lucasg.github.io/2017/06/07/listing-known-dlls/
http://bit.ly/2tXrs7s (+)
http://bit.ly/2tYVsjf (+)
https://www.wst.space/ssl-part1-ciphersuite-hashing-encryption/
https://www.jeremydaly.com/event-injection-a-new-serverless-attack-vector/
http://nullprogram.com/blog/2018/06/23/
https://www.shelliscoming.com/2018/06/windows-reuse-shellcode-based-on.html
http://bit.ly/2zd0Ap7 (+)
https://rampageattack.com/
https://landlock.io/
http://bit.ly/2tKjNs3 (+)
http://natashenka.ca/reversing-my-tamagotchi-forever-evolution/
http://bit.ly/2zd35I1 (+)
http://blog.securitymouse.com/2014/06/raising-lazarus-20-year-old-bug-that.html
http://blog.h3xstream.com/2014/06/identifying-xml-external-entity.html
http://kos.io/outlook/
http://blog.sucuri.net/2014/06/anatomy-of-a-remote-code-execution-bug-on-disqus.html
http://blog.nullmode.com/blog/2014/06/28/getting-personal-with-powershell/
https://toastedcornflakes.github.io/blog/2014/06/28/static-analysis-of-cysca-2014-portknock-using-hopper-disassembler/
http://www.mafiasecurity..com/install-guides/step-by-step-penetration-test/
https://bitquark.co.uk/blog/2013/07/23/the_unexpected_dangers_of_preg_replace
http://www.hackwhackandsmack.com/?p=315
http://developers.mobage.jp/blog/2014/7/3/jsonsql-injection
http://moyix.blogspot.co.uk/2014/07/breaking-spotify-drm-with-panda.html
http://cfenollosa.com/misc/tricks.txt
http://bit.ly/2L1rTYd (+)
http://bit.ly/2JgS3RR (+)
https://x-c3ll.github.io/posts/Frida-Pwn-Adventure-3/
http://bit.ly/2N7w8P8 (+)
http://bit.ly/2mfSKBI (+)
https://www.forcepoint.com/blog/security-labs/analyzing-webassembly-binaries
https://dyn.com/blog/shutting-down-the-bgp-hijack-factory/
http://bit.ly/2mfL1mZ (+)
https://rootkits.xyz/blog/2017/06/kernel-setting-up/
https://blog.netspi.com/bypass-sql-logon-triggers/
https://0xpatrik.com/phishing-domains/
https://objective-see.com/blog/blog_0x34.html
http://bazad.github.io/2018/07/xpc-string-leak/
https://www.fastly.com/blog/hijacking-control-flow-webassembly-program
http://bit.ly/2KQK83a (+)
https://nahamsec.com/chaining-multiple-vulnerabilities-to-gain-admin-access/
http://craftinginterpreters.com/
http://bit.ly/2NLEwF3 (+)
http://bit.ly/2uC7Yp4 (+)
https://haiderm.com/how-i-was-able-to-delete-13k-microsoft-translator-projects/
https://scund00r.com/all/rfid/tutorial/2018/07/12/rfid-theif-v2.html
https://www.anitian.com/blog/owning-saml/
http://bit.ly/2LtgXPX (+)
https://www.endgame.com/blog/technical-blog/hunting-memory-net-attacks
https://posts.specterops.io/shelling-apache-felix-with-java-bundles-2450d3a099a
http://bit.ly/2O21CYc (+)
http://www.mohamedharon.com/2018/01/practical-jsonp-injection.html
https://nytrosecurity.com/2018/02/26/hooking-chromes-ssl-functions/
http://bit.ly/2LxaXFU (+)
https://www.peckshield.com/2018/07/12/tradeRifle/
http://bit.ly/2O5x7k2 (+)
https://www.ambionics.io/blog/prestashop-privilege-escalation
https://j00ru.vexillium.org/2018/07/exploiting-a-windows-10-pagedpool-off-by-one/
https://jamie.build/how-to-build-an-npm-worm
https://iandouglasscott.com/2018/07/04/canon-dslr-bluetooth-remote-protocol/
https://medium.com/@d0nut/exfiltration-via-css-injection-4e999f63097d
http://bit.ly/2mL4nAZ (+)
https://opnsec.com/2018/07/into-the-borg-ssrf-inside-google-production-network/
http://bit.ly/2OgSvmB (+)
https://hackerone.com/reports/334488
http://bit.ly/2LDtSSN (+)
http://blog.sevagas.com/?Advanced-USB-key-phishing
http://deniable.org/reversing/binary-instrumentation
https://blog.jse.li/posts/marveloptics-malware/
https://medium.com/@jonathanbouman/persistent-xss-at-ah-nl-198fe7b4c781
https://codecat.nl/2018/05/reverse-engineering-and-exploiting-a-game-trainer/
http://bit.ly/2LqhndN (+)
https://blog.doyensec.com/2018/07/19/instrumenting-electron-app.html
https://arp242.net/weblog/yaml_probably_not_so_great_after_all.html
http://obtruse.syfrtext.com/2018/07/oracle-privilege-escalation-via.html
https://modexp.wordpress.com/2018/07/12/process-injection-writing-payload/
https://neonsea.uk/blog/2018/07/21/tmp-to-rce.html
http://asintsov.blogspot.com/2018/07/cisco-webex-teams-remote-code-execution.html
https://manpages.bsd.lv/history.html
http://wouter.coekaerts.be/2018/java-type-system-broken
https://blog.bentkowski.info/2018/07/vulnerability-in-hangouts-chat-aka-how.html
https://medium.com/@tomnomnom/crlf-injection-into-phps-curl-options-e2e0d7cfe545
http://bit.ly/2AGDeZs (+)
https://gitlab.com/expliot_framework/expliot
http://bit.ly/2JUBHU1 (+)
https://asaf.me/2018/07/23/attacking-the-attackers/
http://bit.ly/2KmNOV4 (+)
http://bit.ly/2MdGmxp (+)
https://medium.com/@Wflki/exploiting-electron-rce-in-exodus-wallet-d9e6db13c374
http://liberty-shell.com/sec/2018/07/28/netshlep/
http://bit.ly/2AAIPAE (+)
http://bit.ly/2OEFCmE (+)
https://movaxbx.ru/2018/07/16/bypass-data-execution-protection-dep/
https://blog.xpnsec.com/hevd-null-pointer/
http://bit.ly/2v9IbFk (+)
https://ntcore.com/?p=488
https://brewpress.beer/
https://hackerone.com/reports/260697
http://bit.ly/2vvsgBc (+)
http://10degres.net/colorize-your-hunt/
https://medium.com/@adam.toscher/new-attack-on-wpa-wpa2-using-pmkid-96c3119f7f99
https://labs.mwrinfosecurity.com/blog/repacking-and-resigning-ios-applications/
http://bit.ly/2vyB2NU (+)
http://bit.ly/2OWNkbW (+)
https://tpx.mx/blog/2018/google-pay-replay-attack.html
http://bit.ly/2AYffFu (+)
https://noncombatant.org/application-principals/
https://edoverflow.com/2018/logic-flaws-in-wot-services
https://grimhacker.com/2018/03/09/just-a-printer/
https://neonsea.uk/blog/2018/08/01/hikvision-keygen.html
http://bit.ly/2OWtGwK (+)
https://vztekoverflow.com/2018/07/31/tbal-dpapi-backdoor/
https://manishearth.github.io/blog/2018/02/15/picking-apart-the-crashing-ios-string/
http://blogs.360.cn/blog/eos-asset-multiplication-integer-overflow-vulnerability/
https://regexcrossword.com/
https://www.masswerk.at/nowgobang/2018/anatomy-of-an-rng
http://matthewearl.github.io/2018/06/28/smb-level-extractor/
https://portswigger.net/blog/practical-web-cache-poisoning
http://blog.orange.tw/2018/08/how-i-chained-4-bugs-features-into-rce-on-amazon.html
http://bit.ly/2MkBTgE (+)
https://ohpe.github.io/juicy-potato/
http://www.pwncode.club/2018/08/macro-used-to-spoof-parent-process.html
https://cofense.com/abusing-microsoft-windows-utilities-deliver-malware-fun-profit/
https://blog.fox-it.com/2018/08/14/phishing-ask-and-ye-shall-receive/
http://bit.ly/2MpV8of (+)
https://hackerone.com/reports/386807
https://blog.trailofbits.com/2018/08/14/fault-analysis-on-rsa-signing/
http://bit.ly/2Mhs0QG (+)
http://bit.ly/2Mx7cnB (+)
https://rayanfam.com/topics/inside-windows-page-frame-number-part1/
https://pequalsnp-team.github.io/writeups/analisys_telegram_passport
https://foreshadowattack.eu
https://bohops.com/2018/08/04/capturing-netntlm-hashes-with-office-dot-xml-documents/
http://bit.ly/2KYQngG (+)
http://bit.ly/2Mg11oJ (+)
https://shkspr.mobi/blog/2018/08/twitters-secret-guest-mode/
https://jumpespjump.blogspot.com/2018/08/how-to-build-burner-device-for-def-con.html
https://ninja.style/post/bcard/
https://hackerone.com/reports/395296
https://www.blackhillsinfosec.com/how-to-hack-websockets-and-socket-io/
https://ntdiff.github.io/
http://www.kvakil.me/posts/ropchain/
https://hackerone.com/reports/126522
http://bit.ly/2NeGNs1 (+)
http://bit.ly/2wgLB8Q (+)
https://codewhitesec.blogspot.pt/2018/01/handcrafted-gadgets.html
https://blogs.securiteam.com/index.php/archives/3736
http://bit.ly/2w67bOb (+)
https://shkspr.mobi/blog/2018/01/mailchimp-leaks-your-email-address/
https://lgtm.com/blog/apache_struts_CVE-2018-11776
http://bit.ly/2PtttS5 (+)
http://bit.ly/2BzZKDO (+)
https://uselesscsp.com/
http://www.deaddialect.com/articles/2018/8/17/badge-story
https://hawkinsecurity.com/2018/08/27/traversing-the-path-to-rce/
https://blog.scrt.ch/2018/08/24/remote-code-execution-on-a-facebook-server/
https://www.powershellgallery.com/packages/InjectionHunter/1.0.0
https://hackerone.com/reports/401136
https://laconicwolf.com/2018/04/13/burp-extension-python-tutorial/
https://hunter2.gitbook.io/darthsidious/privilege-escalation/alpc-bug-0day
https://gist.github.com/PaulSec/26251d56134c7fedb2176f2290202546
https://gist.github.com/williballenthin/1c2bc539041ee3bea7a4c7129072a9ac
http://bit.ly/2MCbMBL (+)
https://mike-n1.github.io/Unusual_XSS
https://objective-see.com/blog/blog_0x36.html
http://bit.ly/2o0Mm27 (+)
https://www.voidsecurity.in/2018/08/from-compiler-optimization-to-code.html
http://bit.ly/2o9oTvT (+)
https://landgrey.me/struts2-045-debugging/
https://payatu.com/redteaming-from-zero-to-one-part-1/
https://b2dfir.blogspot.com/2016/10/touch-screen-lexicon-forensics.html
https://lowleveldesign.org/2018/08/15/randomness-in-net/
https://mattwarren.org/2018/08/28/Fuzzing-the-.NET-JIT-Compiler/
https://www.contrastsecurity.com/security-influencers/cve-2018-15685
https://bitmidi.com/
http://bit.ly/2MQEqzs (+)
https://philippeharewood.com/view-private-instagram-photos/
https://blog.reigningshells.com/2018/09/hacking-rpi-cam-web-interface.html
https://bneg.io/2018/01/15/iterm2-customizations-for-hackers/
https://medium.com/@hakluke/haklukes-guide-to-hacking-without-metasploit-1bbbe3d14f90
https://hackerone.com/reports/363971
http://openwall.com/lists/oss-security/2018/05/17/1
https://engineering.riotgames.com/news/riots-approach-anti-cheat
https://dangokyo.me/2018/08/26/analysis-on-cve-2017-3000/
https://phoenhex.re/2018-08-26/csgo-fuzzing-bsp
https://justi.cz/security/2018/08/28/packagist-org-rce.html
https://insecure.design/
http://bit.ly/2oKrYTd (+)
http://hatriot.github.io/blog/2018/08/22/dell-digital-delivery-eop/
http://bit.ly/2MQSeK5 (+)
http://williamshowalter.com/a-universal-windows-bootkit/
http://bit.ly/2MTheQP (+)
http://bit.ly/2M2eX0C (+)
https://rya.nc/bitfi-wallet.html
https://medium.com/@elkentaro/nothing-to-see-here-the-not-so-charger-62a51e3aab22
https://hackerone.com/reports/317476
https://ash-king.co.uk/facebook-bug-bounty-09-18.html
http://bit.ly/2CS01CN (+)
https://gitlab.com/technotame/cookie-decrypter
http://exceptionlevelone.blogspot.pt/2018/02/creating-your-own-ios-1112-jailbreak.html
https://gist.github.com/maldevel/1d46329e00ab0c076150ddbce90d94cd
https://quentinkaiser.be/pentesting/2018/09/07/node-red-rce/
https://www.rfk.id.au/blog/entry/security-bugs-ssrf-via-request-splitting/
http://reversing.io/posts/introducing-finch/
https://blogs.projectmoon.pw/2018/08/17/Edge-InlineArrayPush-Remote-Code-Execution/
http://bit.ly/2xaQu4q (+)
https://adapt-and-attack.com/2017/11/15/keying-payloads-for-scripting-languages/
https://gracefulbits.com/2018/07/26/system-call-dispatching-for-windows-on-arm64/
https://versprite.com/blog/json-deserialization-memory-corruption-vulnerabilities/
http://bit.ly/2NcA6dG (+)
https://siguza.github.io/KTRR/
http://bit.ly/2p3wcpa (+)
https://int0xcc.svbtle.com/using-concolic-execution-for-static-analysis-of-malware
https://www.michaelfogleman.com/rush/
http://nandgame.com/
http://w00tsec.blogspot.pt/2014/07/foxit-pdf-reader-stored-xss.html
https://www.sektioneins.de/en/blog/14-07-04-phpinfo-infoleak.html
http://words.zemn.me/csp
http://stephensclafani.com/2014/07/08/hacking-facebooks-legacy-api-part-1-making-calls-on-behalf-of-any-user/
http://www.shelliscoming.com/2014/07/ip-knock-shellcode-spoofed-ip-as.html
http://www.hackwhackandsmack.com/?p=345
http://blog.cyberis.co.uk/2013/08/egresser-enumerate-outbound-firewall.html
https://twindb.com/recover-innodb-table-after-drop-table-innodb/
http://miki.it/blog/2014/7/8/abusing-jsonp-with-rosetta-flash/
http://vamsoft.com/downloads/articles/vamsoft-headless-browsers-in-forum-spam.pdf
http://bogus.jp/wp/?p=1687
https://community.rapid7.com/community/metasploit/blog/2014/07/07/virtualbox-filename-command-execution-via-gksu
http://www.acunetix.com/blog/web-security-zone/block-automated-scanners/
https://community.qualys.com/blogs/securitylabs/2014/02/27/mediawiki-djvu-and-pdf-file-upload-remote-code-execution-vulnerability-cve-2014-1610
https://gist.github.com/danielrehn/d2e6f2129e5f853c3166
https://medium.com/@manicho/7af5d5f28038
https://justi.cz/security/2018/09/13/alpine-apk-rce.html
https://hackerone.com/reports/408583
https://medium.com/@jonathanbouman/local-file-inclusion-at-ikea-com-e695ed64d82f
https://cornerpirate.com/2018/07/24/grep-extractor-a-burp-extender/
https://gamozolabs.github.io/fuzzing/2018/09/16/scaling_afl.html
http://bit.ly/2NWlZcd (+)
https://blog.thomasorlita.cz/vulns/google-csp-evaluator/
https://rastamouse.me/2017/08/jumping-network-segregation-with-rdp/
https://uncoder.io/
https://medium.com/@vishwaraj101/ocr-to-xss-42720d85f7fa
http://bit.ly/2OHA7mD (+)
http://blog.nsfocus.net/cve-2018-804-analysis/
https://www.contextis.com/blog/wap-just-happened-my-samsung-galaxy
http://bit.ly/2NZYf78 (+)
http://bit.ly/2poFVXa (+)
https://blog.cylance.com/cracking-ransomware
https://rastating.github.io/creating-a-custom-shellcode-encoder/
https://rhinosecuritylabs.com/aws/aws-privilege-escalation-methods-mitigation/
http://bit.ly/2wiFctW (+)
https://oddvar.moe/2018/09/06/persistence-using-universal-windows-platform-apps-appx/
http://rinseandrepeatanalysis.blogspot.com/2018/09/dde-downloaders-excel-abuse-and.html
http://tonsky.me/blog/disenchantment/
https://lcq2.github.io/x86_iphone/
http://bit.ly/2NMLnC0 (+)
https://medium.com/@jonathanbouman/reflected-xss-at-philips-com-e48bf8f9cd3c
http://bit.ly/2Qf34Ha (+)
https://www.n00py.io/2018/08/bypassing-duo-two-factor-authentication-fail-open/
https://astr0baby.wordpress.com/2018/09/08/understanding-how-dll-hijacking-works/
https://blog.secarma.co.uk/labs/hacking-with-git-git-enum-metasploit-module-release
https://blog.benjojo.co.uk/post/qemu-monitor-socket-rce-vnc
https://www.hackerone.com/blog/Guide-Subdomain-Takeovers
http://krystalgamer.me/spidey-breaking/
https://cyseclabs.com/blog/linux-kernel-heap-spray
http://bit.ly/2N6yWM5 (+)
http://www.s3.eurecom.fr/projects/modern-android-phishing/
http://bit.ly/2R3ohVC (+)
http://bit.ly/2xGnLEO (+)
https://medium.com/tenable-techblog/advantech-webaccess-unpatched-rce-ffe9f37f8b83
http://bit.ly/2xUAdQT (+)
https://tunnelshade.in/blog/2018/09/hongfuzz-intel-pt-instrumentation/
https://truepolyglot.hackade.org/
https://safekeepcybersecurity.github.io/posts/2018/09/carhack_urh/
https://medium.com/@the4rchangel/email-spoofing-with-netcat-telnet-e558e4a10c1
https://medium.com/@brs.sgdc/google-stored-xss-in-payments-350cd7ba0d1b
http://bit.ly/2OzZOsx (+)
https://www.n00py.io/2018/10/popping-shells-on-splunk/
https://gitlab.com/gitlab-org/gitlab-ce/issues/49133
https://jacksonvd.com/pwned-passwords-and-ntlm-hashes/
https://www.x41-dsec.de/lab/blog/fax/
https://medium.com/@efkan162/how-i-xssed-uber-and-bypassed-csp-9ae52404f4c5
https://jordanpotti.com/2018/10/03/violating-your-personal-space-with-webex/
http://bit.ly/2OUsLMP (+)
http://bit.ly/2DWsXtT (+)
https://letsencrypt.org/docs/certificates-for-localhost/
https://blog.lexfo.fr/cve-2017-11176-linux-kernel-exploitation-part1.html
https://eli.thegreenplace.net/2011/01/23/how-debuggers-work-part-1/
https://www.gironsec.com/blog/2018/01/expiring-payloads-in-the-metasploit-framework/
http://ly0n.me/2015/08/01/writing-exploits-with-an-egghunter-part-1/
https://blog.smartdec.net/smartdec-smart-contract-audit-beginners-guide-d04cc7f1c571
http://blog.ptsecurity.com/2018/10/intel-me-manufacturing-mode-macbook.html
https://www.linuxboot.org/
http://www.lambdashell.com/
https://blog.sheddow.xyz/css-timing-attack/
http://www.sec-down.com/wordpress/?p=809
http://bit.ly/2OQkWuJ (+)
https://flatkill.org/
http://bit.ly/2C601gF (+)
https://geosn0w.github.io/Jailbreaks-Demystified/
https://www.nc-lp.com/blog/disguise-phar-packages-as-images
http://bit.ly/2yxlRWY (+)
http://bit.ly/2NC71nl (+)
https://prdeving.wordpress.com/2018/09/21/hiding-malware-in-windows-code-injection/
https://ewilded.blogspot.pt/2018/01/vulnserver-my-kstet-exploit-delivering.html
http://bit.ly/2C9esjR (+)
https://alephsecurity.com/2018/01/22/qualcomm-edl-1/
http://0xeb.net/2018/03/using-z3-with-ida-to-simplify-arithmetic-operations-in-functions/
http://telegra.ph/
https://blog.bejarano.io/hardening-macos.html
http://bit.ly/2EuxUKF (+)
http://bit.ly/2EttVhF (+)
https://hackerone.com/reports/405100
https://digi.ninja/blog/hiding_bash_history.php
https://hackernoon.com/how-i-hacked-modern-vending-machines-43f4ae8decec
http://bit.ly/2AhbatG (+)
https://oddcoder.com/BROP-102/
http://bit.ly/2J3ItTT (+)
https://leucosite.com/Microsoft-Edge-RCE/
https://www.xorrior.com/persistent-credential-theft/
http://bit.ly/2NNfkgs (+)
http://bit.ly/2yLKjDY (+)
https://paper.seebug.org/716/
https://medium.com/bugbountywriteup/bug-bounty-mail-ru-234fa6f5a5a
https://outflank.nl/blog/2018/10/12/sylk-xlm-code-execution-on-office-2011-for-mac/
https://tls.ulfheim.net/
http://serveo.net/
https://www.martinvigo.com/googlemeetroulette/
https://rpadovani.com/facebook-responsible-disclosure
https://fosterelli.co/privilege-escalation-via-docker.html
http://bit.ly/2Jig0ti (+)
https://bugid.skylined.nl/20181017001.html
https://alephsecurity.com/2018/10/22/StackOverflowException/
https://mp.weixin.qq.com/s/ebKHjpbQcszAy_vPocW0Sg
https://blog.skullsecurity.org/2018/technical-rundown-of-webexec
http://bit.ly/2PlwTsN (+)
https://liberty-shell.com/sec/2018/10/20/living-off-the-land/
https://hackerone.com/reports/348076
https://gamozolabs.github.io/fuzzing/2018/10/18/terrible_android_fuzzer.html
https://blog.stratumsecurity.com/2018/10/17/route-53-as-a-pentest-infrastructure/
https://shadowfile.inode.link/blog/2018/10/source-level-debugging-the-xnu-kernel/
https://ops.tips/blog/how-linux-tcp-introspection/
https://research.kudelskisecurity.com/2018/10/23/build-your-own-hardware-implant/
http://bit.ly/2qnqbnO (+)
http://bit.ly/2QcNf46 (+)
https://bitrot.sh/post/01-16-2018-password_spraying_adfs_with_burp/
http://bit.ly/2DjQT9m (+)
https://acru3l.github.io/2018/10/20/ropping-through-shady-corners/
https://jerrygamblin.com/2018/10/29/google-home-insecurity/
https://www.unix-ninja.com/p/attacking_google_authenticator
https://www.securepatterns.com/2018/10/cve-2018-14665-xorg-x-server.html
https://blog.quarkslab.com/playing-with-the-windows-notification-facility-wnf.html
https://sandboxescaper.blogspot.com/2018/10/reversing-alpc-where-are-your-windows.html
https://rhaidiz.net/2018/10/25/dribble-stealing-wifi-password-via-browsers-cache-poisoning
https://lgtm.com/blog/apple_xnu_icmp_error_CVE-2018-4407
http://bit.ly/2zkcxpG (+)
http://bit.ly/2Jx7RBw (+)
http://bit.ly/2ETzzKg (+)
https://mango.pdf.zone/stealing-chrome-cookies-without-a-password
https://hackerone.com/reports/303730
https://serializethoughts.com/2018/10/07/bypassing-android-flag_secure-using-frida/
https://danshumway.com/blog/gamasutra-vulnerabilities/
https://habr.com/post/429004/
https://wbenny.github.io/2018/11/04/wow64-internals.html
https://blog.xpnsec.com/rundll32-your-dotnet/
http://bit.ly/2QoKsol (+)
http://bit.ly/2ROJSRt (+)
https://www.tarlogic.com/en/blog/red-team-tales-0x02-from-sqli-to-domain-admin/
https://paper.seebug.org/737/
https://lgtm.com/blog/icecast_snprintf_CVE-2018-18820
https://poppopret.blogspot.com/2011/09/playing-with-mof-files-on-windows-for.html
https://marcan.st/2017/12/debugging-an-evil-go-runtime-bug/
https://apapedulimu.click/clickjacking-on-google-myaccount-worth-7500/
https://xlab.tencent.com/en/2018/11/13/cve-2018-4277/
https://medium.com/@mrnikhilsri/oob-xxe-in-prizmdoc-cve-2018-15805-dfb1e474345c
https://strm.sh/post/abusing-insecure-docker-deployments/
https://shkspr.mobi/blog/2018/11/domain-hacks-with-unusual-unicode-characters/
https://blog.xyz.is/2018/enso.html
https://ibm.co/2FqIXoO (+)
http://blogs.360.cn/post/VBScript_vul_EN.html
https://security-bits.de/posts/2018/11/11/exposed_sonos_interface.html
https://wwws.nightwatchcybersecurity.com/2018/11/11/cve-2018-15835/
https://www.ixiacom.com/company/blog/trinity-p2p-malware-over-adb
https://maxkersten.nl/binary-analysis-course/malware-analysis/dot-net-rat/
https://medium.com/tenable-techblog/uac-bypass-by-mocking-trusted-directories-24a96675f6e
http://bit.ly/2RWjjtj (+)
https://medium.com/@mattharr0ey/lateral-movement-using-url-protocol-e6f7d2d6cf2e
https://twobithistory.org/2018/11/12/cat.html
http://bit.ly/2DSeKgK (+)
http://bit.ly/2R6zbcG (+)
https://out-of-tree.io/
https://diary.shift-js.info/js-comment-block/
https://ionize.com.au/multiple-transports-in-a-meterpreter-payload/
https://www.hahwul.com/2018/11/waf-bypass-xss-payload-only-hangul.html
https://justi.cz/security/2018/11/14/gvisor-lpe.html
https://tinyhack.com/2018/11/21/reverse-engineering-pokemon-go-plus/
https://fireshellsecurity.team/restricted-linux-shell-escaping-techniques/
http://bit.ly/2zn0f0F (+)
http://bit.ly/2DCUGy1 (+)
https://www.elttam.com.au/blog/ruby-deserialization/
http://bit.ly/2DTokQm (+)
https://blog.cotten.io/hacking-gmail-with-weird-from-fields-d6494254722f
https://menschers.com/2018/10/30/what-is-cve-2018-8493/
https://wojciechregula.blog/your-signal-messages-can-leak-via-locked-screen-on-macos/
http://signedmalware.org/
https://nginxconfig.io/
https://medium.com/@copyconstruct/socat-29453e9fc8a6
https://vinicius777.github.io/blog/2014/07/14/truecrypt-privilege-escalation/
http://www.tripwire.com/state-of-security/featured/analysis-for-phpmyadmin-xss-cve-2014-1879/
http://blog.sucuri.net/2014/07/disclosure-insecure-nonce-generation-in-wptouch.html
https://home.regit.org/2014/06/pshitt-collect-passwords-used-in-ssh-bruteforce/
http://www.commonexploits.com/penetration-testing-scripts/
http://www.viper.li/
http://blogs.telerik.com/fiddler/posts/14-07-10/capturing-traffic-via-virtual-router
https://archive.org/details/OISFOhioInformationSecurityForum2014
http://h30499.www3.hp.com/t5/HP-Security-Research-Blog/Hacking-POS-Terminal-for-Fun-and-Non-profit/ba-p/6540620
http://www.vulcanproxy.com/
http://drimel.org/2014/07/14/shellcode-analysis-like-a-semi-pro/
http://deadliestwebattacks.com/2013/10/21/a-default-base-of-xss/
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=30475
http://vimeo.com/4530161
http://tholman.com/giflinks/
https://slashcrypto.org/2018/11/28/eBay-source-code-leak/
https://www.ory.sh/sign-in-with-user-impersonation-oauth2-openid-connect
https://medium.com/@Bank_Security/undetectable-c-c-reverse-shells-fab4c0ec4f15
https://medium.com/@petergombos/smb-named-pipe-pivoting-in-meterpreter-462580fd41c5
https://l.avala.mp/?p=285
https://saleemrashid.com/2018/11/26/breaking-into-bitbox/
http://bit.ly/2RnTVNd (+)
http://bit.ly/2zzlQmu (+)
https://medium.com/@SweetRollBandit/aws-slurp-github-takeover-f8c80b13e7b5
https://blog.timac.org/2018/1126-deobfuscated-libmobilegestalt-keys-ios-12/
http://bit.ly/2rbKlBV (+)
http://bit.ly/2P8u5v1 (+)
http://bit.ly/2TPBLWx (+)
https://gcemetery.co/
http://bit.ly/2FXmMGS (+)
https://pwning.re/2018/12/04/github-desktop-rce/
https://medium.com/@r0t1v/pwning-jboss-seam-2-like-a-boss-da5a43da6998
https://secrary.com/Random/injectionwithoutinjection/
https://www.justinoblak.com/2018/12/02/Smashing-AFL.html
https://dylankatz.com/digging-in-to-scp-command-injection/
https://blog.intothesymmetry.com/2018/12/billion-laugh-attack-in.html
http://bit.ly/2zJXw1o (+)
https://geosn0w.github.io/Debugging-macOS-Kernel-For-Fun/
https://secureidentity.se/delete-domain-admin-accounts/
https://salmg.net/2018/12/01/intro-to-nfc-payment-relay-attacks/
http://bit.ly/2SARmI9 (+)
https://medium.com/tenable-techblog/remotely-exploiting-zoom-meetings-5a811342ba1d
https://modexp.wordpress.com/2018/10/30/arm64-assembly/
https://www.voidsecurity.in/2018/11/virtualbox-nat-dhcpbootp-server.html
https://gist.github.com/grugq/03167bed45e774551155
http://bit.ly/2KYmIpj (+)
https://jamchamb.github.io/2018/12/03/gamecube-memory-card-raspi.html
https://www.honoki.net/2018/12/from-blind-xxe-to-root-level-file-read-access/
https://www.betterhacker.com/2018/12/rce-in-hubspot-with-el-injection-in-hubl.html
https://landgrey.me/influxdb-api-unauthorized-exploit/
https://ardern.io/2018/12/07/angularjs-bxss/
https://www.corben.io/XSS-to-XXE-in-Prince/
http://bit.ly/2RW53kT (+)
https://medium.com/@SecurityBender/exploiting-a-hql-injection-895f93d06718
https://cyber.wtf/2018/03/28/dissecting-olympic-destroyer-a-walk-through/
https://dev.to/antogarand/why-facebooks-api-starts-with-a-for-loop-1eob
http://bit.ly/2EutRx7 (+)
https://www.fidusinfosec.com/remote-code-execution-cve-2018-5767/
https://blog.intothesymmetry.com/2018/12/persistent-xsrf-on-kubernetes-dashboard.html
https://medium.com/javascript-security/avoiding-xss-in-react-is-still-hard-d2b5c7ad9412
https://www.cybereason.com/blog/fauxpersky-credstealer-malware-autohotkey-kaspersky-antivirus
http://fabiensanglard.net/dreamcast_hacking/
https://www.reaperbugs.com/index
https://mohemiv.com/all/exploiting-xxe-with-local-dtd-files/
https://blog.avatao.com/How-I-could-steal-your-photos-from-Google/
https://hackerone.com/reports/426944
http://bit.ly/2Rd09mc (+)
https://medium.com/@jamie.shaw/pass-the-cache-to-domain-compromise-320b6e2ff7da
https://www.joachim-bauch.de/tutorials/loading-a-dll-from-memory/
https://blog.cm2.pw/length-restricted-xss/
http://bit.ly/2Rf4FAG (+)
https://bnbdr.github.io/posts/swisscheese/
https://blog.sektor7.net/#!res/2018/pure-in-memory-linux.md
https://samcurry.net/reading-asp-secrets-for-17000/
http://bit.ly/2PMOBl7 (+)
https://bordplate.no/blog/en/post/interactive-rop-tutorial/
http://bit.ly/2S8mfU9 (+)
http://blog.digital-forensics.it/2017/04/brush-up-on-dropbox-dbx-decryption.html
http://bit.ly/2LrTRKk (+)
https://security.szurek.pl/kallithea-0-3-4-incorrect-access-control-and-xss.html
https://smallstep.com/blog/everything-pki.html
https://leucosite.com/WebExtension-Security/
http://bit.ly/2SmvFf6 (+)
https://jtnydv.xyz/2018/12/24/basic-xpath-injection/
https://no1zy.hatenablog.com/entry/static-analysis-of-javascript-for-bughunters
https://blog.ropnop.com/serverless-toolkit-for-pentesters/
https://0xrick.github.io/BinaryExploitation-BOF/
http://bit.ly/2Q7lnNO (+)
https://blog.cm2.pw/ms-edge-http-access-control-cors-bypass/
http://bit.ly/2SoL9iP (+)
https://blog.certfa.com/posts/the-return-of-the-charming-kitten/
http://bit.ly/2Q8Lzbb (+)
https://blog.k3170makan.com/2018/11/glibc-heap-exploitation-basics.html
https://blog.erratasec.com/2018/10/systemd-is-bad-parsing-and-should-feel.html
https://mksben.l0.cm/2018/05/cve-2018-5175-firefox-csp-strict-dynamic-bypass.html
https://www.ipify.org/
https://hackerone.com/reports/397478
https://abiondo.me/2019/01/02/exploiting-math-expm1-v8/
http://bit.ly/2Vox9aJ (+)
https://www.iceswordlab.com/2018/07/25/kdhack/
http://www.pwn3d.org/posts/7821231-gxpn-prep-2basic-scapy-review
https://nebelwelt.net/blog/20181231-BOP.html
http://bit.ly/2Vth6bm (+)
https://www.davidwong.fr/tls13/
https://www.lolhax.org/2019/01/02/extracting-keys-f00d-crumbs-raccoon-exploit/
https://www.imperialviolet.org/2019/01/01/zkattestation.html
http://bit.ly/A-Long-Evening-With-macOSs-Sandbox (+)
http://bit.ly/2AvBujp (+)
https://akijosberryblog.wordpress.com/2019/01/01/malicious-use-of-microsoft-laps/
https://www.secjuice.com/php-rce-bypass-filters-sanitization-waf/
https://blog.talosintelligence.com/2018/05/telegrab.html
http://misbehaving.site/
https://gamehistory.org/simcity/
https://hackerone.com/reports/409850
http://bit.ly/2RoDTqv (+)
http://bit.ly/2AER4JH (+)
https://www.roguesecurity.in/2018/12/02/a-guide-for-windows-penetration-testing/
https://medium.com/bugbountywriteup/ping-power-icmp-tunnel-31e2abb2aaea
https://wietzebeukema.nl/blog/spoofing-google-search-results
https://wunderwuzzi23.github.io/blog/passthecookie.html
https://mn3m.info/posts/suid-vs-capabilities/
https://niemand.com.ar/2019/01/01/how-to-hook-directx-11-imgui/
http://bit.ly/2QDF93N (+)
https://sites.google.com/view/ltefuzz
https://www.veracode.com/blog/research/exploiting-jndi-injections-java
https://tyranidslair.blogspot.com/2018/12/abusing-mount-points-over-smb-protocol.html
https://revers.engineering/syscall-hooking-via-extended-feature-enable-register-efer/
https://ericchiang.github.io/post/containers-from-scratch/
https://research.checkpoint.com/hacking-fortnite/
http://bit.ly/2RVTUDO (+)
https://0xdf.gitlab.io/2018/11/02/pwk-notes-tunneling.html
https://default-password.info/
https://netsec.ws/?p=262
http://bit.ly/2APgbtm (+)
http://bit.ly/2FDzxoy (+)
https://niemand.com.ar/2019/01/13/creating-your-own-wallhack/
https://scorpiosoftware.net/2019/01/15/fun-with-appcontainers/
http://bit.ly/2MhbFrV (+)
https://blogs.cisco.com/security/smb-and-the-return-of-the-worm
http://bit.ly/2Hig3bq (+)
https://blog.benpri.me/2019/01/13/why-you-shouldnt-be-using-bcrypt-and-scrypt/
https://sysdig.com/blog/privilege-escalation-kubernetes-dashboard/
http://www.greyhathacker.net/?p=1041
https://dontkillmyapp.com/
https://devhints.io/
https://blog.haschek.at/2018/the-curious-case-of-the-RasPi-in-our-network.html
https://justi.cz/security/2019/01/22/apt-rce.html
https://medium.com/tenable-techblog/rooting-nagios-via-outdated-libraries-bb79427172
http://bit.ly/2HuSb4y (+)
https://medium.com/@int0x33/upload-htaccess-as-image-to-bypass-filters-71dfcf797a86
https://www.inputzero.io/2019/01/fuzzing-http-servers.html
https://neonsea.uk/blog/2018/12/26/firewall-includes.html
http://bit.ly/2UgpUQO (+)
http://bit.ly/2FZ8hAT (+)
http://bit.ly/2FMAKdN (+)
http://bit.ly/2Mudulx (+)
https://enigma0x3.net/2019/01/21/razer-synapse-3-elevation-of-privilege/
https://dirkjanm.io/abusing-exchange-one-api-call-away-from-domain-admin/
https://medium.com/@_mattata/packet-editing-live-connections-with-python-c0ed221dafcd
https://www.mdsec.co.uk/2019/01/abusing-office-web-add-ins-for-fun-and-limited-profit/
http://bit.ly/2FMev7U (+)
https://lgtm.com/blog/ghostscript_typeconfusion
https://bogner.sh/2019/01/querying-virustotal-from-excel/
https://www.ezequiel.tech/2019/01/75k-google-cloud-platform-organization.html
http://bit.ly/2Wxv50A (+)
https://gist.github.com/sarazasasa/9450d63f96e7ff799824fc98fc7f3b43
https://egre55.github.io/system-properties-uac-bypass/
https://gist.github.com/3xocyte/0dc0bd4cb48cc7b4075bdc90a1ccc7d3
https://insert-script.blogspot.com/2019/01/adobe-reader-pdf-callback-via-xslt.html
https://engineering.linecorp.com/en/blog/air-go-apk-signing/
https://www.contextis.com/en/blog/basic-electron-framework-exploitation
https://lab.wallarm.com/xxe-that-can-bypass-waf-protection-98f679452ce0
http://bit.ly/2sYgLQY (+)
https://www.adyta.pt/en/2019/01/29/writeup-samsung-app-store-rce-via-mitm-2/
https://shenaniganslabs.io/2019/01/28/Wagging-the-Dog.html
http://bit.ly/2DLSrIl (+)
https://blog.scrt.ch/2019/01/24/magento-rce-local-file-read-with-low-privilege-admin-rights/
https://alsid.com/company/news/abusing-s4u2self-another-sneaky-active-directory-persistence
http://bit.ly/2sYg76j (+)
https://medium.com/tenable-techblog/reversing-the-rachio3-smart-sprinkler-controller-ae7fc06aab9
https://evolt.org/node/564
https://alexhude.github.io/2019/01/24/hacking-leica-m240.html
http://sethsec.blogspot.gr/2014/07/crossdomain-bing.html
http://www.skycure.com/blog/malicious-profiles-the-sleeping-giant-of-ios-security/
https://bitbucket.org/orbit-burg/nfc-emv/wiki/Home
http://lab.onsec.ru/2014/07/pamsteal-plugin-released.html
http://shell-storm.org/shellcode/
http://penturalabs.wordpress.com/2014/07/18/execute-shellcode-bypassing-anti-virus/
http://igurublog.wordpress.com/downloads/script-sandfox/
https://archive.today/23mBC
https://lilithlela.cyberguerrilla.org/?p=6620
http://www.irongeek.com/i.php?page=videos/bsidescleveland2014/mainlist
http://hashcrack.org/page?n=21072014
https://www.netspi.com/blog/entryid/235/stealing-unencrypted-ssh-agent-keys-from-memory
https://www.pentestgeek.com/2014/07/22/phishing-frenzy-hta-powershell-attacks-with-beef/
http://bit.ly/2BpGab7 (+)
http://bit.ly/2UNSyZH (+)
https://www.shawarkhan.com/2019/01/hijacking-accounts-by-retrieving-jwt.html
https://gist.github.com/mehaase/63e45c17bdbbd59e8e68d02ec58f4ca2
http://bit.ly/2MT26jg (+)
http://bit.ly/2UKEKis (+)
https://versprite.com/blog/hacking-remote-start-system/
https://vulnmind.io/i-heard-you-like-eop-to-system/
https://maskop9.wordpress.com/2019/02/06/analysis-of-jacksbot-backdoor/
https://doar-e.github.io/blog/2019/01/28/introduction-to-turbofan/
https://acru3l.github.io/2019/02/02/exploiting-mb-anti-exploit/
https://medium.com/@mattharr0ey/round-of-use-winrm-code-execution-xml-6e3219d3e31
http://bit.ly/2MTPDfh (+)
http://bit.ly/2MUUJrx (+)
https://blog.benjojo.co.uk/post/eve-online-bgp-internet
https://outpost24.com/blog/X-forwarded-for-SQL-injection
https://ysamm.com/?p=185
http://bit.ly/2SyIqaE (+)
https://gist.github.com/adamyordan/96da0ad5e72cbc97285f2df340cac43b
https://plainsec.org/how-to-bypass-instagram-ssl-pinning-on-android-v78/
http://bit.ly/2TQYTmW (+)
https://shenaniganslabs.io/2019/02/13/Dirty-Sock.html
http://bit.ly/2BCPZSX (+)
https://perception-point.io/resources/research/cve-2019-0539-root-cause-analysis/
https://medium.com/@x41x41x41/unauthenticated-ssrf-in-oracle-ebs-765bd789a145
https://offensi.com/2019/01/31/lfi-in-apigee-portals/
https://medium.com/tenable-techblog/make-it-rain-with-mikrotik-c90705459bc6
https://www.secjuice.com/modsecurity-web-application-firewall-dns-over-https/
https://lgtm.com/blog/ghostscript_CVE-2018-19134_exploit
https://www.secureauth.com/labs/advisories/asus-drivers-elevation-privilege-vulnerabilities
https://cantunsee.space/
https://leucosite.com/Microsoft-Office-365-Outlook-XSS/
https://medium.com/@elberandre/1-000-ssrf-in-slack-7737935d3884
http://bit.ly/2U0BPCz (+)
https://pwn.no0.be/exploitation/wifi/wpa_enterprise/
http://bit.ly/2tvFFaS (+)
https://bordplate.no/blog/en/post/debugging-a-windows-service/
https://medium.com/@localh0t/unveiling-amazon-s3-bucket-names-e1420ceaf4fa
https://medium.com/@rvrsh3ll/hardening-your-azure-domain-front-7423b5ab4f64
https://erfur.github.io/down_the_rabbit_hole_pt1/
https://toshellandback.com/2015/11/24/ms-priv-esc/
http://bit.ly/2GWaCx9 (+)
https://vmcall.github.io/reversal/2019/02/10/battleye-anticheat.html
http://bit.ly/2IsFpny (+)
https://research.checkpoint.com/extracting-code-execution-from-winrar/
https://0x00sec.org/t/using-uri-to-pop-shells-via-the-discord-client/11673/2
http://bit.ly/2NhVGup (+)
https://www.bishopfox.com/news/2019/02/openmrs-insecure-object-deserialization/
https://blog.orange.tw/2019/01/hacking-jenkins-part-1-play-with-dynamic-routing.html
https://worldwideweb.cern.ch/
https://ysamm.com/?p=240
http://bit.ly/2tDRA6O (+)
https://medium.com/intigriti/abusing-autoresponders-and-email-bounces-9b1995eb53c2
https://www.inputzero.io/2019/02/fuzzing-webkit.html
https://rootsh3ll.com/evil-twin-attack/
https://thebabush.github.io/dumbo-llvm-based-dumb-obfuscator.html
http://bit.ly/2XpR4qN (+)
https://www.ambionics.io/blog/drupal8-rce
https://gitlab.com/invuls/iot-projects/iotsecfuzz
http://bit.ly/2GODica (+)
http://thunderclap.io/
http://bit.ly/2IGJKUf (+)
https://www.pdf-insecurity.org
https://eklitzke.org/the-cbc-padding-oracle-problem
http://www.jackson-t.ca/lg-driver-lpe.html
https://paper.seebug.org/822/
https://movaxbx.ru/2019/02/20/triaging-the-exploitability-of-ie-edge-crashes/
http://bit.ly/2NxPIWm (+)
https://medium.com/@logicbomb_1/chain-of-hacks-leading-to-database-compromise-b2bc2b883915
https://noclip.website/
http://www.kwasstuff.altervista.org/RIP/index.html
https://staaldraad.github.io/post/2019-03-02-universal-rce-ruby-yaml-load/
https://www.vulnano.com/2019/03/facebook-messenger-server-random-memory.html
https://ghidra-sre.org/
https://0x90909090.blogspot.com/2019/02/executing-payload-without-touching.html
https://disloops.com/cloudfront-hijacking/
http://bit.ly/2XIF4AQ (+)
http://blog.ptsecurity.com/2019/02/detecting-web-attacks-with-seq2seq.html
https://www.veracode.com/blog/research/exploiting-spring-boot-actuators
https://movaxbx.ru/2019/02/16/windows-process-injection-sharing-the-payload/
https://blog.0day.rocks/hiding-through-a-maze-of-iot-devices-9db7f2067a80
http://bit.ly/2HjDsaQ (+)
http://bit.ly/2TB245t (+)
http://blogs.360.cn/post/Binder_Kernel_Vul_EN.html
https://js1k.com/2019-x/demos
https://blog.littlevgl.com/2019-02-02/use-ipod-nano6-lcd-for-littlevgl
https://hackerone.com/reports/411140
https://hackerone.com/reports/398799
https://medium.com/@rootxharsh_90844/vimeo-ssrf-with-code-execution-potential-68c774ba7c1e
https://pentest.blog/n-ways-to-unpack-mobile-malware/
https://ijustwannared.team/2019/03/11/browser-pivot-for-chrome/
https://hausec.com/2019/03/05/penetration-testing-active-directory-part-i/
https://d4stiny.github.io/Reading-Physical-Memory-using-Carbon-Black/
http://woshub.com/copying-large-files-using-bits-and-powershell/
https://webrtchacks.com/fuzzing-janus/
https://pulsesecurity.co.nz/articles/TPM-sniffing
https://www.stuffithoughtiknew.com/2019/02/detecting-bloodhound.html
http://bit.ly/2UGmozO (+)
https://licenciaparahackear.github.io/en/posts/bypassing-a-restrictive-js-sandbox/
https://redtimmysec.wordpress.com/2019/03/07/flexpaper-remote-code-execution/
http://bit.ly/2T4IBWA (+)
http://travisaltman.com/windows-privilege-escalation-via-weak-service-permissions/
http://blogs.360.cn/post/RootCause_CVE-2019-0808_EN.html
https://rhinosecuritylabs.com/application-security/exploiting-cve-2018-1335-apache-tika/
https://archivebox.io/
https://litherum.blogspot.com/2019/03/addition-font.html
https://hackerone.com/reports/470520
http://bit.ly/2ulwA56 (+)
https://medium.com/@terjanq/cross-site-content-and-status-types-leakage-ef2dab0a492
http://bit.ly/2Fo9zDP (+)
https://medium.com/@benoit.sevens/windows-10-emulation-with-qemu-f41870ed464d
https://medium.com/@0x0FFB347/writing-a-custom-shellcode-encoder-31816e767611
https://polict.net/blog/CVE-2018-17057
http://bit.ly/2HwT1wN (+)
https://blog.tint0.com/2019/03/a-saga-of-code-executions-on-zimbra.html
https://jarlob.github.io/en/blog/not-a-bug-sqli
https://liberty-shell.com/sec/2019/03/12/dll-hijacking/
https://lgtm.com/blog/facebook_fizz_CVE-2019-3560
http://offsec.provadys.com/intro-to-file-operation-abuse-on-Windows.html
https://medium.com/tenable-techblog/mikrotik-firewall-nat-bypass-b8d46398bf24
http://bit.ly/2ULRPsg (+)
https://blog.assetnote.io/bug-bounty/2019/03/19/rce-on-mozilla-zero-day-webpagetest/
https://proofofcalc.com/cve-2019-6453-mIRC/
https://blog.regehr.org/archives/1653
https://securitytxt.org/
https://www.niceideas.ch/roller2/badtrash/entry/deciphering-the-bengladesh-bank-heist
https://hackerone.com/reports/297478
http://bit.ly/2OqLKz2 (+)
https://medium.com/tenable-techblog/owning-the-network-with-badusb-72daa45d1b00
https://mogwailabs.de/blog/2019/03/repacking-ios-applications/
https://raw.githubusercontent.com/pedrib/PoC/master/advisories/nuuo-cms-ownage.txt
http://bit.ly/2YujGj1 (+)
http://bit.ly/2Ow20ij (+)
https://outflank.nl/blog/2018/10/06/old-school-evil-excel-4-0-macros-xlm/
http://bit.ly/2JJXpdQ (+)
https://securelist.com/hacking-microcontroller-firmware-through-a-usb/89919/
https://medium.com/0xcc/one-liner-safari-sandbox-escape-exploit-91082ddbe6ef
https://medium.com/@princechaddha/an-unusal-bug-on-braintree-paypal-b8d3ec662414
https://blog.zecops.com/vulnerabilities/analysis-and-reproduction-of-cve-2019-7286/
http://bit.ly/2UXZAM1 (+)
https://medium.com/@howard.poston/mapping-the-owasp-top-ten-to-blockchain-69c904394e69
https://nullprogram.com/blog/2019/03/22/
https://blog.jessfraz.com/post/digging-into-risc-v-and-how-i-learn-new-things/
https://hackerone.com/reports/511044
https://mahmoudsec.blogspot.com/2019/04/handlebars-template-injection-and-rce.html
https://blog.doyensec.com/2019/04/03/subverting-electron-apps-via-insecure-preload.html
http://bit.ly/2TVqqTJ (+)
https://masthoon.github.io/exploit/2019/03/29/cygeop.html
https://digi.ninja/blog/domain_fronting.php
https://gkbrk.com/2019/01/reverse-engineering-the-godot-file-format/
https://modexp.wordpress.com/2019/03/07/process-injection-print-spooler/
https://cfreal.github.io/carpe-diem-cve-2019-0211-apache-local-root.html
https://www.drewgreen.net/vulnerabilities-in-tightrope-media-systems-carousel/
https://snyk.io/blog/severe-security-vulnerability-in-bowers-zip-archive-extraction/
https://www.secjuice.com/finding-real-ips-of-origin-servers-behind-cloudflare-or-tor/
https://medium.com/tenable-techblog/filezilla-untrusted-search-path-bc3a7b3ae51e
http://bit.ly/2UzN9c0 (+)
http://bit.ly/2HXhjAb (+)
https://www.zoomeye.org/topic?id=ZoomEye-series-report-VE-en
https://hackerone.com/reports/381356
https://medium.com/@d0nut/better-exfiltration-via-html-injection-31c72a2dae8b
http://bit.ly/2X5eTCX (+)
https://blog.zsec.uk/el-injection-rce/
https://rastamouse.me/2019/01/gpo-abuse-part-1/
http://bit.ly/2Ksl6HR (+)
http://tomasuh.github.io/2018/12/28/retefe-unpack.html
http://bit.ly/2Uvj2DH (+)
https://www.shielder.it/blog/nagios-xi-5-5-10-xss-to-root-rce/
https://wpa3.mathyvanhoef.com/
https://habr.com/en/post/446238/
https://blog.exodusintel.com/2019/04/03/a-window-of-opportunity/
https://www.notsosecure.com/exploiting-ssrf-in-aws-elastic-beanstalk/
https://mp.weixin.qq.com/s/OissE9gAVkKmAXuiIUeOLA
http://cturt.github.io/pinball.html
http://www.righto.com/2019/04/iconic-consoles-of-ibm-system360.html
https://soroush.secproject.com/blog/2014/07/upload-a-web-config-file-for-fun-profit/
http://ibrahimbalic.com/2014/sqlmap-ile-csrf-bypass/
http://tomforb.es/exploiting-xpath-injection-vulnerabilities-with-xcat-1
http://www.relentless-coding.org/projects/jsdetox/
http://hive.ccs.neu.edu/
https://lzo.securitymouse.com/lzo
http://blog.oddbit.com/2014/07/21/tracking-down-a-kernel-bug-wit/
http://googleprojectzero.blogspot.pt/2014/07/pwn4fun-spring-2014-safari-part-i_24.html
http://atredispartners.blogspot.pt/2014/07/atredis-blackhat-2014-contest-after_24.html
http://diablohorn.wordpress.com/2014/07/26/writing-your-own-blind-sqli-script/
http://blogs.mcafee.com/mcafee-labs/dropping-files-temp-folder-raises-security-concerns
http://slides.com/mscasharjaved/on-breaking-php-based-cross-site-scripting-protections-in-the-wild#/
http://www.ghacks.net/2014/07/28/repair-extract-broken-rar-archives/
http://gsmmap.org/
https://blog.underdogsecurity.com/rce_in_origin_client/
https://hackerone.com/reports/369451
http://bit.ly/2KMwUF1 (+)
https://gist.github.com/glenux/3e705387e30f229c242ea153de6e6a4d
http://bit.ly/2ItRHvg (+)
https://hackerone.com/reports/473888
https://krbtgt.pw/dacl-permissions-overwrite-privilege-escalation-cve-2019-0841/
https://www.shielder.it/blog/exploit-apache-solr-through-opencms/
https://dejandayoff.com/the-danger-of-exposing-docker.sock/
https://parzelsec.de/timing-attacks-with-machine-learning/
http://bit.ly/2vgAlsN (+)
http://bit.ly/2Gydmz1 (+)
http://newosxbook.com/articles/OTA.html
https://hackerone.com/reports/110293
https://www.labofapenetrationtester.com/2019/04/abusing-PAM.html
http://bit.ly/2Xk9t7l (+)
https://jerrington.me/posts/2019-01-29-self-hosted-ngrok.html
https://ysamm.com/?p=256
https://scriptinjection.blogspot.com/2019/04/oe-classic-280-rce-via-stored-xss.html
https://hackerone.com/reports/422043
http://bit.ly/2GBOOEW (+)
http://bit.ly/2GFK4PU (+)
https://medium.com/@terjanq/xss-auditor-the-protector-of-unprotected-f900a5e15b7b
http://bit.ly/2XLQOlb (+)
https://habr.com/en/post/449182/
http://bit.ly/2W6YqOK (+)
https://blog.trailofbits.com/2019/01/22/fuzzing-an-api-with-deepstate-part-1/
http://bit.ly/2L061xq (+)
https://consensys.github.io/smart-contract-best-practices/known_attacks/
https://blog.quarkslab.com/android-application-diffing-engine-overview.html
http://bit.ly/2UHi2Yp (+)
https://blog.doyensec.com/2019/04/24/rubyzip-bug.html
https://sensepost.com/blog/2019/understanding-peap-in-depth/
https://www.linkedin.com/pulse/micro-patching-vulnerabilities-tutorial-0patch-t-k/
https://http3-explained.haxx.se/en/
https://wybiral.github.io/code-art/projects/tiny-mirror/
https://hackerone.com/reports/210779
http://bit.ly/2VE8WQE (+)
http://bit.ly/2Y1LhHa (+)
https://research.801labs.org/developing-a-dll-injector/
http://bit.ly/2Jbahrp (+)
https://www.darkmatter.ae/blogs/security-flaws-uncovered-in-sony-smart-tvs/
https://paper.seebug.org/910/
http://eternalsakura13.com/2019/04/29/CVE-2016-5198/
https://securityriskadvisors.com/blog/aws-iam-exploitation/
https://capsule8.com/blog/exploiting-systemd-journald-part-1/
https://edoverflow.com/2019/ci-knew-there-would-be-bugs-here/
https://medium.com/tenable-techblog/eight-devices-one-exploit-f5fc28c70a7c
https://d4stiny.github.io/Remote-Code-Execution-on-most-Dell-computers/
http://bit.ly/2GWPxAL (+)
http://www.tomanthony.co.uk/blog/xss-attacks-googlebot-index-manipulation/
http://bit.ly/2IYijVt (+)
https://www.virtuesecurity.com/tale-of-a-wormable-twitter-xss/
https://hackerone.com/reports/563870
http://bit.ly/2H9qH0X (+)
http://bit.ly/2Lxly8o (+)
http://bit.ly/2LyXKks (+)
https://www.tarlogic.com/en/blog/attacking-selenium-grid/
http://bit.ly/2LwQ1mK (+)
http://bit.ly/2Hbwowt (+)
http://bit.ly/2PUMZr3 (+)
https://hackerone.com/reports/509924
http://blog.0x42424242.in/2019/03/vstarcam-investigational-security.html
http://bit.ly/2JaLkNv (+)
http://bit.ly/2Jbl0Da (+)
https://medium.com/0xcc/rootpipe-reborn-part-ii-e5a1ffff6afe
https://www.nc-lp.com/blog/reverse-engineering-games-for-fun-and-ssrf-part-1
https://classic.minecraft.net
https://www.my-internet-explorer.com/
https://hackerone.com/reports/419883
https://hackerone.com/reports/450365
https://zeropwn.github.io/2019-05-13-xss-to-rce/
https://security.lauritz-holtmann.de/advisories/cve-2019-11832/
https://gist.github.com/jupenur/e5d0c6f9b58aa81860bf74e010cf1685
https://astr0baby.wordpress.com/2019/01/26/custom-meterpreter-loader-in-2019/
https://mdsattacks.com/
https://thewover.github.io/Introducing-Donut/
https://zombieloadattack.com/
https://wojciechregula.blog/post/stealing-bear-notes-with-url-schemes/
http://bit.ly/2Ep1u23 (+)
https://modexp.wordpress.com/2019/05/10/dotnet-loader-shellcode/
http://bit.ly/2WQBt2E (+)
https://rce4fun.blogspot.com/2019/05/panda-antivirus-local-privilege.html
http://bit.ly/2LY1qfw (+)
https://landgrey.me/richfaces-cve-2018-14667/
https://gist.github.com/wybiral/c8f46fdf1fc558d631b55de3a0267771
https://liveoverflow.com/the-origin-of-script-kiddie-hacker-etymology/
https://www.wpadblock.com/
https://hackerone.com/reports/341908
http://bit.ly/2WjQywF (+)
https://medium.com/tenable-techblog/stealing-downloads-from-slack-users-be6829a55f63
https://snikt.net/blog/2019/05/22/to-fuzz-a-websocket/
https://medium.com/@ghostlulzhacks/wayback-machine-e678a3567ec
http://lordofpwn.kr/index.php/writeup/cve-2019-8506-javascriptcore-exploit/
https://medium.com/@fs0c131y/how-to-brick-all-samsung-phones-6aae4389bea
https://www.tarlogic.com/en/blog/backdoors-modulos-apache/
https://zeropwn.github.io/2019-05-22-fun-with-uri-handlers/
https://hackerone.com/reports/505424
https://www.darkmatter.ae/papers-articles/from-zero-to-tfp0-part-1-prologue/
http://bit.ly/2JY17yV (+)
http://bit.ly/2EroJZ4 (+)
https://theevilbit.github.io/posts/vmware_fusion_11_guest_vm_rce_cve-2019-5514/
https://web-in-security.blogspot.com/2019/02/how-to-spoof-pdf-signatures.html
https://shenaniganslabs.io/2019/05/21/LXD-LPE.html
https://keikai.io/blog/p/currency-exchange
http://bit.ly/2M6nDrV (+)
https://petergarner.net/notes/index.php?thisnote=20180202-Travels+with+a+Pi
https://ysamm.com/?p=272
https://portswigger.net/blog/abusing-jquery-for-css-powered-timing-attacks
https://medium.com/@subTee/flying-toruk-makto-b1bff8f6603c
https://www.fcvl.net/vulnerabilities/macosx-gatekeeper-bypass
http://bit.ly/2wyCHUx (+)
http://bit.ly/2IcgEc2 (+)
https://habr.com/en/company/drweb/blog/452076/
https://phoenhex.re/2019-05-15/non-jit-bug-jit-exploit
https://labs.spotify.com/2013/06/18/creative-usernames/
https://blog.devsecurity.eu/en/blog/dnspy-deserialization-vulnerability
https://blog.devsecurity.eu/en/blog/joplin-electron-rce
https://whereisk0shl.top/post/2019-05-11
https://bnbdr.github.io/posts/wd/
http://standa-note.blogspot.com/2018/02/amsi-bypass-with-null-character.html
http://bit.ly/2EH1I4m (+)
https://techblog.mediaservice.net/2019/03/a-journey-into-iot-hardware-hacking-uart/
https://www.magiclantern.fm/
http://bit.ly/2Wr8O7v (+)
https://www.inputzero.io/2019/06/hacking-smart-tv.html
http://bit.ly/2I0PuWB (+)
http://bit.ly/31aZJz2 (+)
https://www.tarlogic.com/en/blog/how-to-attack-kerberos/
http://bit.ly/2K3whps (+)
http://homepages.laas.fr/rcayre/mirage-documentation/index.html
https://orangewirelabs.wordpress.com/2019/05/30/hacking-ios-xamarin-apps-with-frida/
http://bit.ly/2Ipk2Ab (+)
http://bit.ly/31fBbVN (+)
https://theevilbit.github.io/posts/getting_root_with_benign_appstore_apps/
http://www.catch22.net/tuts/undocumented-createprocess
http://bit.ly/2Z5lwGu (+)
https://0x41.cf/infosec/2019/05/28/skype-web-plugin-ez-rce.html
http://bit.ly/2WsWu7t (+)
https://leakfree.wordpress.com/2015/03/12/php-object-instantiation-cve-2015-1033/
https://blog.duszynski.eu/domain-hijack-through-http-301-cache-poisoning/
https://www.fireeye.com/blog/threat-research/2019/06/hunting-com-objects.html
https://medium.com/@lerner98/skiptracing-reversing-spotify-app-3a6df367287d
https://secretgeek.github.io/html_wysiwyg/html.html
https://medium.com/@notdan/curl-slight-of-hand-exploit-hysteria-29a82e5851d
https://blog.ripstech.com/2019/mybb-stored-xss-to-rce/
https://appio.dev/vulns/googleplex-com-blind-xss/
https://rce.wtf/2019/06/10/w2k.html
https://rambleed.com/
https://habr.com/ru/company/dsec/blog/454592/
https://medium.com/@two06/fun-with-frida-5d0f55dd331a
https://www.sneakymonkey.net/2019/05/22/trickbot-analysis/
http://bit.ly/2WiM2KD (+)
https://eybisi.run/Mobile-Malware-Analysis-Overlay-and-How-to-Counter-it/
http://bit.ly/2ID9Y6Y (+)
https://payatu.com/microsoft-edge-extensions-host-permission-bypass-cve-2019-0678/
https://howhttps.works/
https://harrisonsand.com/imsi-catcher/
https://wookey-project.github.io/
https://medium.com/@mr_hacker/a-5000-idor-f4268fffcd2e
http://bit.ly/2ZzYurC (+)
hhttps://www.jaiminton.com/cheatsheet/DFIR/
http://bit.ly/2x8SGJe (+)
https://blog.redteam.pl/2019/04/dns-based-threat-hunting-and-doh.html
https://hackerone.com/reports/576504
https://jaiverma.github.io/blog/ac-hack
https://theofficialflow.github.io/2019/06/18/trinity.html
https://blog.xpnsec.com/evading-sysmon-dns-monitoring/
http://bit.ly/2ItogYP (+)
https://xor.cat/2019/06/19/fortinet-forticam-vulns/
http://bit.ly/2x2tKmW (+)
https://www.twistlock.com/labs-blog/breaking-out-of-coresos-rkt-3-new-cves/
https://habr.com/ru/company/pt/blog/448378/
https://dmsec.io/hacking-thousands-of-websites-via-third-party-javascript-libraries/
https://dassur.ma/things/c-to-webassembly/
https://blog.benjojo.co.uk/post/dive-into-the-world-of-dos-viruses
http://m4x0n3.blogspot.pt/2014/07/password-reset-code-bruteforce-account.html
https://plus.google.com/+AlexisImperialLegrandGoogle/posts/f9gm2G2BH5g
http://habrahabr.ru/post/231369/
http://www.matriux.com/index.php?page=home
http://lcamtuf.coredump.cx/p0f3/
http://lcamtuf.blogspot.gr/2014/08/a-bit-more-about-american-fuzzy-lop.html
http://www.garage4hackers.com/entry.php?b=3072
http://blog.ptsecurity.com/2014/08/cell-phone-tapping-how-it-is-done-and.html
http://blog.internot.info/2014/06/paypals-2-factor-authentication2fa-good.html
http://blog.dornea.nu/2014/08/05/android-dynamic-code-analysis-mastering-droidbox/
http://www.dirk-loss.de/python-tools.htm
http://usbdescriptors.com/
https://hackademic.co.in/youtube-bug/
https://www.cyberark.com/threat-research-blog/outlook-for-android-xss/
https://alephsecurity.com/2019/06/17/xnu-qemu-arm64-1/
https://www.wzdftpd.net/blog/rust-fuzzers.html
https://labs.jumpsec.com/2019/06/20/bypassing-antivirus-with-golang-gopher-it/
http://bit.ly/2XyprhR (+)
https://objective-see.com/blog/blog_0x43.html
https://www.gironsec.com/blog/2019/06/yet-another-botnet-writeup/
https://ledger-donjon.github.io/Ellipal-Security/
http://bit.ly/2LnK35Z (+)
https://exp101t.blogspot.com/2019/04/cve-2017-5121-escape-analysis.html
https://dolosgroup.io/blog/2019/6/20/pillaging-the-jenkins-treasure-chest
http://bit.ly/2NeWeVf (+)
https://blog.duszynski.eu/tor-ip-disclosure-through-http-301-cache-poisoning/
https://blog.jessfraz.com/post/why-open-source-firmware-is-important-for-security/
http://www.enforcementtracker.com/
https://playclassic.games/
https://hackerone.com/reports/562335
https://shhnjk.blogspot.com/2019/07/intro-to-chromes-gold-features.html
https://ssl-config.mozilla.org/
https://gitlab.com/kennbroorg/iKy
https://blog.ripstech.com/2019/magento-rce-via-xss/
https://decoder.cloud/2019/07/04/creating-windows-access-tokens/
https://nytrosecurity.com/2019/06/30/writing-shellcodes-for-windows-x64/
https://kripken.github.io/blog/binaryen/2019/06/11/fuzz-reduce-productivity.html
https://medium.com/bugbountywriteup/knocking-the-idor-6f80e8126ee4
https://ktln2.org/2019/04/30/from-zero-to-hero/
http://bit.ly/2LxSeNn (+)
http://bit.ly/2Jnc235 (+)
http://bit.ly/2xyhr1G (+)
https://medium.com/@alex91ar/debugging-the-samsung-android-kernel-part-1-ab2a9b87c162
https://vulnerablecontainers.org/
https://www.youtube.com/watch?v=VwH6B7aJYDU
https://hackerone.com/reports/403417
http://bit.ly/32mecsz (+)
https://blog.rakeshmane.com/2019/07/u-xss-in-operamini-for-ios-browser-0-day.html
https://chryzsh.github.io/exploiting-privexchange/
https://www.cambus.net/fuzzing-dns-zone-parsers/
http://lordofpwn.kr/index.php/writeup/cve-2019-5825-v8-exploit/
https://withatwist.dev/strong-password-rubygem-hijacked.html
http://bit.ly/2KXINHu (+)
https://www.secjuice.com/abusing-php-query-string-parser-bypass-ids-ips-waf/
https://enigma0x3.net/2019/07/05/cve-2019-13142-razer-surround-1-1-63-0-eop/
https://medium.com/tenable-techblog/an-exploit-chain-against-citrix-sd-wan-709db08fb4ac
https://medium.com/tenable-techblog/an-analysis-of-arlo-6f1b691236b5
https://staaldraad.github.io/post/2019-07-11-bypass-docker-plugin-with-containerd/
https://ledger-donjon.github.io/Unfixable-Key-Extraction-Attack-on-Trezor/
https://medium.com/netscape/hacking-it-out-when-cors-wont-let-you-be-great-35f6206cc646
http://bit.ly/2XYhMdc (+)
https://www.bamsoftware.com/hacks/zipbomb/
https://techblog.eyeson.team/post/memelearning/
https://thezerohack.com/hack-any-instagram
https://medium.com/@ruvlol/rce-in-jira-cve-2019-11581-901b845f0f
http://bit.ly/2Lrs6o8 (+)
https://gist.github.com/realoriginal/3a00478efd67b554f09f739380e2c3ba
http://bit.ly/2JBDGuB (+)
http://bit.ly/2LtS6PJ (+)
https://www.corben.io/atlassian-crowd-rce/
https://sysrant.com/500-bounty-man-in-the-middle-on-slack/
https://medium.com/@sansyrox/hacking-tinders-premium-model-43f9f699d44
https://phoenhex.re/2019-07-10/ten-months-old-bug
http://bit.ly/2Lz6lD1 (+)
https://staaldraad.github.io/post/2019-07-16-cve-2019-13139-docker-build/
http://bit.ly/2XVf4B6 (+)
https://harry.garrood.me/blog/malicious-code-in-purescript-npm-installer/
https://medium.com/@ScatteredSecrets/how-to-crack-billions-of-passwords-6773af298172
http://bit.ly/2JN677F (+)
https://latacora.micro.blog/2019/07/16/the-pgp-problem.html
https://ardern.io/2019/06/20/payload-bxss/
http://bit.ly/2GtDPyi (+)
https://blog.ropnop.com/docker-for-pentesters/
http://bit.ly/2YiYOd9 (+)
http://bit.ly/2Ohxb4A (+)
https://paper.seebug.org/990/
https://zero.lol/2019-07-21-axway-securetransport-xml-injection/
https://blog.assetnote.io/bug-bounty/2019/07/17/rce-on-zoom/
http://bit.ly/2GtMW1R (+)
https://trustfoundry.net/basic-rop-techniques-and-tricks/
https://blog.doyensec.com/2019/07/22/jackson-gadgets.html
https://blog.trailofbits.com/2019/07/19/understanding-docker-container-escapes/
https://mthbernardes.github.io/rce/2018/03/14/abusing-h2-database-alias.html
https://pentest.blog/android-malware-analysis-dissecting-hydra-dropper/
http://orbis.stanford.edu/
http://bit.ly/2Mdl3Pt (+)
http://bit.ly/2YIS8cQ (+)
http://bit.ly/2Mx0ygL (+)
http://bit.ly/2ypIexV (+)
https://raw-data.gitlab.io/post/autoit_fud/
https://86hh.github.io/cfg2.html
https://rhinosecuritylabs.com/aws/mfa-phishing-on-aws/
https://akayn.github.io/2019/07/25/PwningWebkit.html
http://bit.ly/332Tnmm (+)
https://medium.com/0xcc/what-the-heck-is-tcp-port-18800-a16899f0f48f
http://bit.ly/2Yvu8FK (+)
http://bit.ly/2MvQhkY (+)
https://maxkersten.nl/binary-analysis-course/binary-types/browser-plug-in/
https://d4stiny.github.io/Local-Privilege-Escalation-on-most-Dell-computers/
http://bit.ly/2Oy9Rzu (+)
https://bo0om.ru/telegram-bugbounty-writeup
https://amonitoring.ru/article/steamclient-0day/
http://bit.ly/2GWT1UK (+)
http://bit.ly/2ZJVcCs (+)
https://m0chan.github.io/2019/07/31/How-To-Attack-Kerberos-101.html
http://bit.ly/2YTEBuS (+)
https://tactifail.wordpress.com/2019/07/26/three-vulns-for-the-price-of-one/
https://blog.flanker017.me/galaxy-leapfrogging-pwning-the-galaxy-s8/
http://bit.ly/2YwaWMQ (+)
http://bit.ly/33kIexb (+)
https://icyphox.sh/blog/fb50/
https://paper.seebug.org/993/
https://gravitational.com/blog/how-saml-authentication-works/
http://mahmoudsec.blogspot.com/2019/08/exploiting-out-of-band-xxe-using.html
http://blog.orange.tw/2019/07/attacking-ssl-vpn-part-1-preauth-rce-on-palo-alto.html
https://vimeo.com/341663153
http://www.nothingsecurity.com/
https://www.baseapp.com/iot/antenna-tuning-for-beginners/
https://appio.dev/vulns/clickjacking-xss-on-google-org/
https://medium.com/rangeforce/meteor-blind-nosql-injection-29211775cd01
https://blog.jse.li/posts/chrome-76-incognito-filesystem-timing/
https://go-re.tk
https://a13xp0p0v.github.io/2019/08/10/cfu.html
https://modexp.wordpress.com/2019/08/12/windows-process-injection-knowndlls/
https://raesene.github.io/blog/2019/08/10/making-it-rain-shells-in-Kubernetes/
https://siguza.github.io/APRR/
http://bit.ly/2Hbr77Q (+)
https://medium.com/cruise/container-platform-security-7a3057a27663
https://zero.lol/2019-08-11-the-year-of-linux-on-the-desktop/
http://bit.ly/2YQMhTl (+)
http://www.peppermalware.com/2019/07/analysis-of-frenchy-shellcode.html
http://bit.ly/2KGOVBa (+)
https://research.checkpoint.com/select-code_execution-from-using-sqlite/
https://initblog.com/2019/switcheroo/
https://www.janmeppe.com/blog/regex-for-noobs/
https://salibra.com/p/buying-tea-with-wechat-pay-d3931febd2be
http://bit.ly/2KM6v8c (+)
https://hackerone.com/reports/637194
https://secrary.com/Random/anti_re_simple/
https://hausec.com/2019/08/12/offensive-lateral-movement/
https://heapspray.io/automating-pentests-with-webdriver.html
https://blog.firosolutions.com/exploits/webmin/
http://bit.ly/33VrwoL (+)
https://nullprogram.com/blog/2019/07/10/
http://bit.ly/31PNCa6 (+)
https://knobattack.com
https://davejingtian.org/2019/07/17/usb-fuzzing-a-usb-perspective/
http://bit.ly/2Zkb1Px (+)
https://wojciechregula.blog/post/dangerous-get-task-allow-entitlement/
https://amonitoring.ru/article/onemore_steam_eop_0day/
https://gts3.org/2019/cve-2019-0609.html
https://www.tarlogic.com/en/blog/vulnerabilities-in-ampache/
https://blog.regehr.org/archives/1687
https://jordanpotti.com/2019/08/26/phishing-with-saml-and-sso-providers/
http://bit.ly/2ZyvrrT (+)
https://gist.github.com/nstarke/ed0aba2c882b8b3078747a567ee00520
https://osandamalith.com/2019/08/27/running-shellcode-directly-in-c/
http://bit.ly/2MJy1pg (+)
https://gist.github.com/TarlogicSecurity/2f221924fef8c14a1d8e29f3cb5c5c4a
http://bit.ly/2ZkSZkW (+)
http://bit.ly/2L3Sq69 (+)
http://bit.ly/2Ugodnw (+)
https://blog.semmle.com/uboot-rce-nfs-vulnerability/
https://verifpal.com/
https://labs.mwrinfosecurity.com/blog/autocad-designing-a-kill-chain/
https://samczsun.com/the-0x-vulnerability-explained/
https://blog.bi0s.in/2019/08/18/Pwn/Browser-Exploitation/cve-2019-11707-writeup/
https://palant.de/2019/08/19/kaspersky-in-the-middle-what-could-possibly-go-wrong/
https://medium.com/tenable-techblog/rooting-routeros-with-a-usb-drive-16d7b8665f90
http://hatriot.github.io/blog/2019/08/22/exploiting-leaked-process-and-thread-handles/
https://winworldpc.com/library/operating-systems
https://iximiuz.com/en/posts/from-docker-container-to-bootable-linux-disk-image/
http://www.windytan.com/2019/08/capturing-pal-video-with-sdr-and-few.html
http://www.primalsecurity.net/python-tutorials/
https://bitbucket.org/mattinfosec/wordhound/
https://fuzion24.github.io/android/gradle/xposed/jar/java/build/sdk/2014/08/15/android-gradle-xposed/
http://dustri.org/b/torbrowserbundleorg.html
http://www.room362.com/blog/2014/08/14/milkman-creating-processes-as-any-currently-logged-in-user/
https://www.miknet.net/security/optimizing-birthday-attack/
http://www.ioactive.com/pdfs/Remote_Automotive_Attack_Surfaces.pdf
http://docs.cs.up.ac.za/programming/asm/derick_tut/syscalls.html
https://isc.sans.edu/forums/diary/Web+Server+Attack+Investigation+-+Installing+a+Bot+and+Reverse+Shell+via+a+PHP+Vulnerability/18543
http://jvns.ca/blog/2014/08/12/what-happens-if-you-write-a-tcp-stack-in-python/
https://doegox.github.io/ElectronicColoringBook/
https://hackerone.com/reports/498052
https://ysamm.com/?p=280
https://hackerone.com/reports/446593
https://www.corben.io/jenkins-to-full-pwnage/
https://www.contextis.com/en/blog/common-language-runtime-hook-for-persistence
https://mogwailabs.de/blog/2019/04/attacking-rmi-based-jmx-services/
https://research.securitum.com/security-analysis-of-portal-element/
https://blog.trailofbits.com/2019/09/02/rewriting-functions-in-compiled-binaries/
http://bit.ly/2lGFkBx (+)
http://bit.ly/2k22O3H (+)
https://gist.github.com/roycewilliams/cf7fce5777d47a8b22265515dba8d004
http://bit.ly/2k53EwL (+)
https://leveldown.de/blog/tensorflow-sidechannel-analysis/
https://medium.com/@byte_St0rm/adventures-in-the-wonderful-world-of-amsi-25d235eb749c
https://losttraindude.itch.io/zfrag
https://pfery.com/create-your-own-portable-rfid-pentest-kit/
https://habr.com/en/post/466801/
https://leucosite.com/Microsoft-Edge-uXSS/
https://www.komodosec.com/post/an-accidental-ssrf-honeypot-in-google-calendar
https://incogbyte.github.io/pathtraversal/
http://bit.ly/2kxhWGM (+)
http://bit.ly/2kGM0Q0 (+)
https://giuliocomi.blogspot.com/2019/08/insecure-secrets-encryption-at-rest.html
https://simjacker.com/
http://bit.ly/2lSCoSp (+)
https://blog.openzeppelin.com/libra-vulnerability-summary/
http://blogs.360.cn/post/When-GC-Triggers-Callback.html
https://blog.aquasec.com/dns-spoofing-kubernetes-clusters
https://blog.cystack.net/subdomain-takeover/
https://xlab.tencent.com/en/2019/09/12/deep-analysis-of-cve-2019-8014/
http://bit.ly/2meGnJr (+)
http://bit.ly/2mc1A6F (+)
https://www.vusec.net/projects/netcat/
http://blog.lambdaconcept.com/doku.php?id=research:graywire
http://allenchou.net/2019/08/trigonometry-basics-sine-cosine/
https://blog.ripstech.com/2019/bitbucket-path-traversal-to-rce/
https://iwantmore.pizza/posts/cve-2019-10392.html
http://bit.ly/2lWASis (+)
https://0x00sec.org/t/reversing-hackex-an-android-game/16243
https://teamrot.fi/2019/05/23/self-hosted-burp-collaborator-with-custom-domain
https://vavkamil.cz/2019/09/11/serverless-blind-xss-hunter-with-cloudflare-workers/
http://bit.ly/2kI1fbK (+)
https://blog.semmle.com/android-deserialization-vulnerabilities/
http://bit.ly/2kRpyUv (+)
https://carvesystems.com/news/command-injection-with-usb-peripherals/
https://docs.google.com/document/d/1XWzlOOuoTE7DUK60qTk1Wz1VNhbPaHqKEzyxPfyW4GQ
https://dirkjanm.io/azure-ad-privilege-escalation-application-admin/
https://research.securitum.com/server-side-template-injection-on-the-example-of-pebble/
http://bit.ly/2lX3yI2 (+)
https://blog.openzeppelin.com/bypassing-smart-contract-timelocks/
http://bit.ly/2lZczQP (+)
https://aem1k.com/oo/
https://smallstep.com/blog/everything-pki/
https://hackerone.com/reports/692603
https://medium.com/@terjanq/dom-clobbering-techniques-8443547ebe94
https://samcurry.net/analysis-of-cve-2019-14994/
http://bit.ly/2kGLOjK (+)
https://blog.grimm-co.com/post/guided-fuzzing-with-driller/
https://modexp.wordpress.com/2019/08/30/minidumpwritedump-via-com-services-dll/
https://pentestlab.blog/2019/09/11/microsoft-exchange-mailbox-post-compromise/
http://bit.ly/2mW6FjW (+)
https://interrupt.memfault.com/blog/ble-throughput-primer
https://alephsecurity.com/2019/09/02/Z3-for-webapp-security/
https://ackcent.com/blog/in-depth-freemarker-template-injection/
https://adapt-and-attack.com/2019/08/29/proxying-com-for-stable-hijacks/
https://medium.com/@memn0ps/http-request-smuggling-cl-te-7c40e246021c
https://blog.xpnsec.com/bypassing-macos-privacy-controls/
https://medium.com/@akshukatkar/rce-with-flask-jinja-template-injection-ea5d0201b870
http://bit.ly/2lXfyJy (+)
https://medium.com/@vickieli/how-to-find-more-idors-ae2db67c9489
http://bit.ly/2ltl8DK (+)
https://hsivonen.fi/string-length/
https://nathandavison.com/blog/haproxy-http-request-smuggling
https://frederik-braun.com/firefox-ui-xss-leading-to-rce.html
http://bit.ly/2o9MCPZ (+)
https://frichetten.com/blog/bypass-guardduty-pentest-alerts
https://enciphers.github.io/Mobexler/
https://pentestlab.blog/2017/06/07/uac-bypass-fodhelper/
http://bit.ly/2nfcQ3d (+)
http://bit.ly/2pCAqHL (+)
http://bit.ly/2oN3uvR (+)
https://awakened1712.github.io/hacking/hacking-whatsapp-gif-rce/
https://starlabs.sg/advisories/19-8038/
http://bit.ly/2VaTQ2d (+)
https://sysenter-eip.github.io/VBParser
http://bit.ly/2pIHGCh (+)
https://thesw4rm.gitlab.io/nfqueue_c2/2019/09/15/Command-and-Control-via-TCP-Handshake/
https://medium.com/intigriti/gotcha-taking-phishing-to-a-whole-new-level-72eda9e30bef
https://eddiez.me/spotify-vacuum/
http://rl337.org/2012/07/31/in-java-when-is-math-abs-negative/
http://bit.ly/2oOXGSq (+)
https://hackerone.com/reports/631956
https://5alt.me/2019/10/HackMD%20Stored%20XSS%20and%20HackMD%20Desktop%20RCE/
https://medium.com/bugbountywriteup/sql-injection-to-lfi-to-rce-536bed29a862
https://nightowl131.github.io/AAPG/
https://theappanalyst.com/bird.html
http://bit.ly/33ljTql (+)
https://securing.github.io/SCSVS/
https://alex.kaskaso.li/post/revisiting-email-spoofing
http://bit.ly/2B5NZSt (+)
http://bit.ly/2IEgpay (+)
https://medium.com/swlh/php-type-juggling-vulnerabilities-3e28c4ed5c09
https://xerub.github.io/ios/iboot/2018/05/10/de-rebus-antiquis.html
https://x-c3ll.github.io//posts/CVE-2018-7081-RCE-ArubaOS/
https://www.preempt.com/blog/drop-the-mic-2-active-directory-open-to-more-ntlm-attacks/
https://collapseos.org/
http://www.pouet.net/prod.php?which=83222
http://bit.ly/2Mtnpbj (+)
http://bit.ly/2J0wSpP (+)
http://bit.ly/2IXw455 (+)
https://redteamzone.com/ThinVNC/
https://iwantmore.pizza/posts/meterpreter-psattack.html
https://www.praetorian.com/blog/running-a-net-assembly-in-memory-with-meterpreter
https://medium.com/@netscylla/pentesters-guide-to-oracle-hacking-1dcf7068d573
https://osandamalith.com/2019/10/12/bypassing-the-webarx-web-application-firewall-waf/
http://bit.ly/2VQ3ac8 (+)
http://bit.ly/31oU5bi (+)
https://www.sudo.ws/alerts/minus_1_uid.html
http://bit.ly/32s7JMc (+)
https://dmaasland.github.io/posts/mcafee.html
https://hernan.de/blog/2019/10/15/tailoring-cve-2019-2215-to-achieve-root/
https://blog.paloaltonetworks.com/2019/10/cloud-kubernetes-vulnerabilities/
https://dirkjanm.io/office-365-network-attacks-via-insecure-reply-url/
http://bit.ly/2IF9X3f (+)
https://christopher-vella.com/2019/09/06/recent-edr-av-observations/
http://bit.ly/33BSlx5 (+)
http://bit.ly/35KORdl (+)
https://jvns.ca/blog/2019/10/03/sql-queries-don-t-start-with-select/
https://buer.haus/2019/10/18/a-tale-of-exploitation-in-spreadsheet-file-conversions/
https://www.shielder.it/blog/exploiting-an-old-novnc-xss-cve-2017-18635-in-openstack/
https://x-c3ll.github.io//posts/CSS-Injection-Primitives/
http://bit.ly/2Jg9J2v (+)
https://cturt.github.io/ps2-yabasic.html
https://habr.com/en/company/dsec/blog/472762/
http://bit.ly/2PhNa1k (+)
https://research.securitum.com/jwt-json-web-token-security/
http://bit.ly/32Ja1XH (+)
http://bit.ly/2qJmUmx (+)
http://bit.ly/2BL3Ypn (+)
https://medium.com/@MalFuzzer/dissecting-ardamax-keylogger-f33f922d2576
https://medium.com/@philiptsukerman/activation-contexts-a-love-story-5f57f82bccd
http://www.snaponair.com/
https://binji.github.io/posts/raw-wasm-making-a-maze-race/
http://bit.ly/34kr6aJ (+)
https://research.securitum.com/prototype-pollution-rce-kibana-cve-2019-7609/
http://bit.ly/2BVSEqP (+)
https://lab.wallarm.com/race-condition-in-web-applications/
http://bit.ly/365EwsH (+)
https://pulsesecurity.co.nz/advisories/untitled-goose-game-deserialization
http://www.hydrogen18.com/blog/reddit-android-app-leaks-images.html
https://medium.com/tenable-techblog/routeros-chain-to-root-f4e0b07c0b21
http://bit.ly/2qchqQY (+)
https://hackerone.com/reports/629892
http://bit.ly/2NrrxcA (+)
https://incolumitas.com/2019/10/19/model-based-fuzzing-of-the-WPA3-dragonfly-handshake/
https://hellveticafont.com/
https://byuu.net/compact-discs/structure
https://rastating.github.io/opsec-in-the-after-life/
https://blog.teddykatz.com/2019/11/05/github-oauth-bypass.html
http://bit.ly/2PWO3g0 (+)
https://dualuse.io/blog/curryfinger/
https://labs.f-secure.com/blog/ou-having-a-laugh/
https://www.riccardoancarani.it/bloodhound-tips-and-tricks/
https://pentestlab.blog/2019/11/05/persistence-powershell-profile/
https://bcdevices.github.io/zephyr/ble/2019/10/30/zephyr-ble-testing.html
http://bit.ly/2qsNu39 (+)
http://bit.ly/2NoUXsX (+)
https://blog.netspi.com/escape-nodejs-sandboxes/
https://reverse.put.as/2019/10/29/crafting-an-efi-emulator/
https://medium.com/@lerner98/rage-against-the-maschine-3357be1abc48
https://iwantmore.pizza/posts/cve-2019-1414.html
https://nathandavison.com/blog/abusing-http-hop-by-hop-request-headers
https://argus-sec.com/remote-attack-bosch-drivelog-connector-dongle/
https://maxkersten.nl/binary-analysis-course/malware-analysis/corona-ddos-bot/
https://blog.vastart.dev/2019/10/stack-overflow-cve-2019-17424.html
http://whythefuckwasibreached.com/
https://lightcommands.com/
http://homakov.blogspot.pt/2014/02/how-i-hacked-github-again.html
http://insertco.in/2014/02/10/how-i-hacked-instagram/
http://blog.spiderlabs.com/2014/02/cve-2014-0050-exploit-with-boundaries-loops-without-boundaries.html
http://neosysforensics.blogspot.com.es/2010/02/la-papelera-de-reciclaje-en-windows.html
https://bitbucket.org/blackaura/browserfuzz
http://jeanphix.me/Ghost.py/
http://16s.us/docs/sshlog/
https://www.us-cert.gov/ncas/alerts/TA14-017A
http://www.lauradhamilton.com/random-lessons-online-poker-exploit
http://blog.alguien.at/2014/02/hackeando-el-router-zte-zxv10-w300-v21.html
https://archive.org/details/shmoocon-2014
http://www.devttys0.com/2014/02/cracking-linksys-crypto/
https://www.youtube.com/watch?v=waEeJJVZ5P8
http://www.digitaljournal.com/news/world/13-year-old-defies-big-brother-and-refuses-to-be-fingerprinted/article/370009
http://blog.opensecurityresearch.com/2014/08/learning-exploitation-with-fsexploitme.html
http://ccsir.org/how-to-ddos-through-facebook-datacenter-with-almost-1gbs-theyve-started-to-care/
https://pypi.python.org/pypi/ooniprobe
http://recon.cx/2014/video/
https://www.youtube.com/watch?v=___jEOjGCOY
https://jordan-wright.github.io/blog/2013/11/07/how-to-pentest-iphone-apps-with-burp/
https://www.netsparker.com/blog/web-security/ruby-on-rails-security-basics/
http://zenhax.com/viewtopic.php?f=16&t=87
http://w00tsec.blogspot.pt/2014/08/scan-internet-screenshot-all-things.html
http://www.bsdnow.tv/tutorials/openvpn
http://www.nsaplayset.org/
http://h4des.org/blog/index.php?/archives/345-Introducing-alertR-Open-Source-alerting-system.html
https://www.google.com/?hl=xx-hacker&gws_rd=ssl
https://fletchto99.dev/2019/november/slack-vulnerability/
https://blog.teddykatz.com/2019/11/12/github-actions-dos.html
https://terjanq.github.io/Bug-Bounty/Google/cache-attack-06jd2d2mz2r0/index.html
https://mike-n1.github.io/Chain_XSS
https://pentestlab.blog/2019/11/13/persistence-accessibility-features/
http://tpm.fail/
http://re.alisa.sh/notes/iBoot-address-space.html
https://decoder.cloud/2019/11/13/from-arbitrary-file-overwrite-to-system/
https://c0nradsc0rner.com/2016/07/03/ecb-byte-at-a-time/
http://bit.ly/374r7S9 (+)
http://bit.ly/2qW7JpO (+)
https://shenaniganslabs.io/2019/11/12/Ghost-Potato.html
http://bit.ly/34ZdguH (+)
http://bit.ly/2NMg74t (+)
http://bit.ly/2CLkyWI (+)
https://portswigger.net/research/cracking-recaptcha-turbo-intruder-style
http://bit.ly/34b23Hk (+)
https://www.notsosecure.com/oob-exploitation-cheatsheet/
http://bit.ly/2Qh4qUT (+)
http://bit.ly/2OwK1Zv (+)
http://bit.ly/2QB0ChD (+)
http://bit.ly/37ntoIl (+)
https://medium.com/@two06/amsi-as-a-service-automating-av-evasion-2e2f54397ff9
https://timvisee.com/blog/stealing-private-keys-from-secure-file-sharing-service/
http://bit.ly/37uwOJl (+)
https://blog.silentsignal.eu/2019/04/18/drop-by-drop-bleeding-through-libvips/
https://www.shelliscoming.com/2019/11/retro-shellcoding-for-current-threats.html
https://pomb.us/build-your-own-react/
https://webassembly-security.com/polyglot-webassembly-module-html-js-wasm/
https://jcjc-dev.com/2019/11/11/esp32-arduino-bluetooth-halloween-costume/
https://research.securitum.com/xss-in-amp4email-dom-clobbering/
https://ysamm.com/?p=343
https://0xeb-bp.github.io/blog/2019/11/21/practical-guide-pass-the-ticket.html
https://blog.xpnsec.com/exploring-mimikatz-part-1/
https://blog.benjojo.co.uk/post/userspace-usb-drivers
https://blog.orange.tw/2019/11/HiNet-GPON-Modem-RCE.html
https://staaldraad.github.io/post/2019-11-24-argument-injection/
https://mrexodia.github.io/reversing/2019/09/28/Analyzing-keyboard-firmware-part-1
https://dreadlocked.github.io/2019/10/25/kentico-cms-rce/
https://medium.com/bugbountywriteup/breaking-down-sha-256-algorithm-2ce61d86f7a3
https://blog.flanker017.me/examining-and-exploiting-android-vendor-binder-services-part1/
https://bkerler.github.io/2019/11/15/bring-light-to-the-darkness/
http://bit.ly/2R13owE (+)
https://kiwec.net/blog/posts/beating-c-with-brainfuck/
http://bit.ly/2Dqvj13 (+)
https://s0lly.itch.io/cellivization
http://bit.ly/2rjDZDX (+)
https://about.gitlab.com/blog/2019/11/29/shopping-for-an-admin-account/
http://bit.ly/2OS4n0D (+)
https://h0mbre.github.io/Learn-C-By-Creating-A-Rootkit
http://bit.ly/2OTDeuv (+)
https://blog.talosintelligence.com/2019/11/hunting-for-lolbins.html
https://puzzor.github.io/Linksys-Velop-Vulneraibility-Series
https://rushter.com/blog/public-ssh-keys/
http://bit.ly/2PlmQSi (+)
https://medium.com/@drakkars/hacking-an-android-tv-in-2-minutes-7b6f29518ff3
https://m417z.com/The-De-anonymization-of-the-Technion-Confessions-Admin/
https://medium.com/swlh/hacking-xml-data-a64c870b0988
https://sensepost.com/blog/2019/obtaining-shells-via-logitech-unifying-dongles/
http://xyproblem.info/
https://www.imbushuo.net/blog/archives/725
https://www.dylanpaulus.com/2019-11-24-how-fb-avoids-adblockers/
https://hipotermia.pw/bb/http-desync-idor
https://amonitoring.ru/article/origin_lpe_disclosure/
https://www.ragestorm.net/blogs/?p=486
https://www.coalfire.com/The-Coalfire-Blog/December-2019/Deserialized-Double-Dirty
https://x-c3ll.github.io/posts/Pivoting-MySQL-Proxy/
https://www.vdalabs.com/2019/09/25/windows-credential-theft-rdp-internet-explorer-11/
https://itm4n.github.io/cdpsvc-dll-hijacking/
https://medium.com/@ricardoiramar/reusing-cookies-23ed4691122b?
https://diverto.github.io/2019/11/18/Cracking-LUKS-passphrases
https://www.0x90.zone/multiple/reverse/2019/11/28/Anviz-pwn.html
http://bit.ly/2skmNhQ (+)
https://www.mdsec.co.uk/2019/12/macos-filename-homoglyphs-revisited/
https://promon.co/security-news/strandhogg/
https://medium.com/@ss23/php-autloading-local-file-inclusion-by-design-71aafe627877
https://n4r1b.netlify.com/en/posts/2019/11/understanding-wdboot-windows-defender-elam/
https://decoder.cloud/2019/12/06/we-thought-they-were-potatoes-but-they-were-beans/
https://starship.rs/
https://ivrodriguez.com/introducing-security-plist/
https://eng.getwisdom.io/hacking-github-with-unicode-dotless-i/
https://medium.com/@dPhoeniixx/vimeo-upload-function-ssrf-7466d8630437
https://brandonhinkel.com/breaking-hardened-mifare-proxmark3/
https://aboutdfir.com/jailbreaking-checkra1n-configuration/
https://pentest.blog/explore-hidden-networks-with-double-pivoting/
https://medium.com/maverislabs/cve-2019-17123-cbc946c99f8
https://osintcurio.us/2019/07/16/searching-instagram/
https://decoder.cloud/2019/12/18/from-dropboxupdater-to-nt-authoritysystem/
https://medium.com/@rootxharsh_90844/abusing-feature-to-steal-your-tokens-f15f78cebf74
https://nagarrosecurity.com/blog/interactive-buffer-overflow-exploitation
https://know.bishopfox.com/research/cve-2019-18935-remote-code-execution-in-telerik-ui
https://blog.tetrane.com/2019/11/17/Analyzing_an_Out_of_Bounds_read_in_a_TTF_font_file.html
https://lab.wallarm.com/securing-and-attacking-graphql-part-1-overview/
https://dsfile-analysis.blogspot.com/2019/12/normal-0-false-false-false-en-us-x-none.html
https://bowero.nl/blog/2019/12/15/c-what-the-fuck/
https://neilkakkar.com/unix.html
https://yurichev.com/blog/SA_XOR/
https://leucosite.com/Edge-Chromium-EoP-RCE/
http://bit.ly/34Rnm0g (+)
https://iwantmore.pizza/posts/meterpreter-ppid-spoofing.html
https://anee.me/reversing-a-real-world-249-bytes-backdoor-aadd876c0a32
http://bit.ly/35UMgNM (+)
https://blog.umangis.me/a-deep-dive-into-ios-code-signing/
https://offensi.com/2019/12/16/4-google-cloud-shell-bugs-explained-introduction/
https://medium.com/@R0X4R/graphql-idor-leads-to-information-disclosure-175eb560170d
https://know.bishopfox.com/blog/5-privesc-attack-vectors-in-aws
https://securitylab.github.com/research/ubuntu-whoopsie-daisy-overview
http://bit.ly/2ZstdI5 (+)
https://mp.weixin.qq.com/s/okU2y0izfnKXXtXG3EfLkQ
https://bertjwregeer.keybase.pub/2019-12-10%20-%20error_page%20request%20smuggling.pdf
https://fredericb.info/2016/10/amlogic-s905-soc-bypassing-not-so.html
https://www.blackhillsinfosec.com/how-to-hack-hardware-using-uart/
http://bit.ly/2Mulp3y (+)
https://alephsecurity.com/2019/12/29/revised-homograph-attacks/
http://bit.ly/2tnUn78 (+)
https://jpdias.me/infosec/hardware/2019/12/26/uberhid.html
https://m0chan.github.io/2019/07/30/Windows-Notes-and-Cheatsheet.html
https://gist.github.com/ykoster/4d2c3792d438e04bb73529017a6e1177
https://sec.alexflor.es/post/minipwn/
https://blog.zeddyu.info/2019/12/08/HTTP-Smuggling-en/
https://whereisk0shl.top/post/a-simple-story-of-dssvc
http://bit.ly/36ecGdz (+)
http://bit.ly/2PYAQmQ (+)
https://blog.quarkslab.com/a-deep-dive-into-samsungs-trustzone-part-1.html
https://keenlab.tencent.com/en/2020/01/02/exploiting-wifi-stack-on-tesla-model-s/
https://blog.jonlu.ca/posts/experiments-and-growth-hacking
https://medium.com/@frycos/yet-another-net-deserialization-35f6ce048df7
http://bit.ly/36kD8lE (+)
https://tech.michaelaltfield.net/2020/01/02/buskill-laptop-kill-cord-dead-man-switch/
http://bit.ly/2FBDJUC (+)
http://bit.ly/2tGKrG0 (+)
https://community.turgensec.com/ssh-hacking-guide/
https://pentestlab.blog/2020/01/07/persistence-appinit-dlls/
https://webassembly-security.com/fuzzing-wasm-javascript-dharma-chrome-v8/
https://cablehaunt.com/
https://www.ambionics.io/blog/php-mt-rand-prediction
https://gravitational.com/blog/ssh-handshake-explained/
http://bit.ly/2R6XSau (+)
https://www.pentagrid.ch/en/blog/fuzzing_java_with_jqf/
https://duo.com/labs/research/secure-boot-in-the-era-of-the-t2
https://redfast00.github.io/12-31-2019/reverse-engineering-uefi.html
https://medium.com/@ryancor/reverse-engineering-encrypted-code-segments-b01aead67701
https://medium.com/@catalyst256/osint-certificate-transparency-lists-a603c9d2b776
https://www.allysonomalley.com/2020/01/06/saying-goodbye-to-my-favorite-5-minute-p1/
http://rubyplants.com/
http://www.p01.org/defender_of_the_favicon/
https://immunant.com/blog/2020/01/quake3/
https://blog.isec.pl/all-is-xss-that-comes-to-the-net/
http://bit.ly/2FRi1fo (+)
https://yeggor.github.io/UEFI_BinDiff/
https://blog.redteam.pl/2019/12/chrome-portal-element-fuzzing.html
http://windows-internals.com/cet-on-windows/
http://bit.ly/2NxAz8G (+)
https://alephsecurity.com/2020/01/14/ruckus-wireless/
http://bit.ly/371T6l9 (+)
https://httptoolkit.tech/blog/debugging-https-without-global-root-ca-certs/
https://medium.com/tenable-techblog/lets-reverse-engineer-discord-1976773f4626
http://bit.ly/2TubqiN (+)
https://medium.com/@alexkaskasoli/pull-based-cd-pipelines-for-security-4e044b403f56
https://darvincitech.wordpress.com/2019/12/23/detect-frida-for-android/
https://pentest.blog/advisory-seagate-central-storage-remote-code-execution/
https://blog.jse.li/posts/torrent/
https://citizen428.net/blog/learning-fsharp-writing-a-raytracer/
http://deadliestwebattacks.com/2013/12/03/selector-the-almighty-subjugator-of-elements/
http://marc.durdin.net/2014/09/risks-with-third-party-scripts-on-internet-banking-sites/
http://securitysucks.info/exploit-phps-mail-to-get-remote-code-execution/
https://www.cert.org/blogs/certcc/post.cfm?EntryID=203
http://xmodulo.com/2014/08/sniff-http-traffic-command-line-linux.html
https://gist.github.com/jedisct1/e63d46822b9d95fe6702
http://www.exploresecurity.com/wp-content/uploads/custom/SSL_manual_cheatsheet.html
http://blog.tadaweb.com/2014/08/how-to-find-not-so-secret-documents-with-search-engines/
http://blog.dornea.nu/2014/08/21/howto-debug-android-apks-with-eclipse-and-ddms/
http://h30499.www3.hp.com/t5/Fortify-Application-Security/The-BREACH-attack-explained/ba-p/6605030
https://konklone.com/post/why-google-is-hurrying-the-web-to-kill-sha-1
http://www.skfu.xxx/2014/09/ps4-state-of-things-part-i-titleids.html
https://medium.com/@tareksiddiki/story-of-a-beg-bounty-hunter-e9a1f58ddf9e
http://fuzzinginfo.files.wordpress.com/2012/05/ben_nagy_how_to_fail_at_fuzzing.pdf
https://code.google.com/p/corkami/source/detail?r=1906
https://hufman.github.io/stories/bmwconnectedapps
http://bit.ly/2GiohNo (+)
http://bit.ly/37kXXxT (+)
https://decoder.cloud/2020/01/20/from-hyper-v-admin-to-system/
https://gist.github.com/nstarke/a611a19aab433555e91c656fe1f030a9
http://bit.ly/38AguGU (+)
https://www.ayrx.me/analyzing-kony-mobile-applications
https://posts.specterops.io/mimidrv-in-depth-4d273d19e148
https://0xsha.io/posts/mass-exploitation-hunting-while-sleeping
https://securitylab.github.com/research/chromium-ipc-vulnerabilities
https://penthertz.com/blog/testing-LoRa-with-SDR-and-handy-tools.html
https://sidechannel.tempestsi.com/the-cypher-injection-saga-9698d19bed4
https://web-in-security.blogspot.com/2020/01/cve-2020-2655-jsse-client.html
http://bit.ly/2tJ0ROo (+)
https://www.perimeterx.com/blog/analyzing_magecart_malware_from_zero_to_hero/#
https://trmm.net/Charliewatch
http://bit.ly/30SbdYr (+)
https://lapcatsoftware.com/articles/Safari-runs-disabled-extensions.html
https://nathandavison.com/blog/exploiting-email-address-parsing-with-aws-ses
https://hackerone.com/reports/759247
https://rderik.com/blog/using-lldb-for-reverse-engineering/
https://hacker.house/lab/windows-defender-bypassing-for-meterpreter/
http://bit.ly/2uOWK3r (+)
https://www.crummie5.club/pwning-a-pwned-citrix/
https://www.onsecurity.co.uk/blog/abusing-kerberos-from-linux
http://bit.ly/38XUNRn (+)
https://insert-script.blogspot.com/2020/01/internet-explorer-mhtml-why-you-should.html
http://bit.ly/3aT2ObT (+)
https://blog.gypsyengineer.com/en/security/cve-2020-1925-ssrf-in-apache-olingo.html
https://medium.com/@maxi./finding-and-exploiting-cve-2018-7445-f3103f163cc1
https://posts.specterops.io/attacking-azure-azure-ad-and-introducing-powerzure-ca70b330511a
https://www.mdsec.co.uk/2020/01/deep-dive-to-citrix-adc-remote-code-execution-cve-2019-19781/
https://littlegptracker.com/
https://bad-radio.solutions/notes_nrf51822
https://medium.com/@vmsp/blocking-your-adblocker-967d1c6e48f2
http://bit.ly/2SmJ7Rn (+)
https://www.perimeterx.com/tech-blog/2020/whatsapp-fs-read-vuln-disclosure/
https://techblog.mediaservice.net/2020/01/ok-google-bypass-the-authentication/
https://www.n00py.io/2020/02/exploiting-ldap-server-null-bind/
https://landgrey.me/blog/11/
https://blog.assetnote.io/bug-bounty/2020/02/01/expanding-attack-surface-react-native/
http://bit.ly/2GWYw5F (+)
https://blog.doyensec.com/2020/02/03/heap-exploit.html
http://bit.ly/31xKocu (+)
https://www.sudo.ws/alerts/pwfeedback.html
https://blog.kitor.pl/blog/avocent-ip-kvm-any-sip-hack
http://bit.ly/2GZpbij (+)
https://sandboxescaper.blogspot.com/2019/12/chasing-polar-bears-part-one.html
http://blog.ant0i.net/2020/02/down-rabbit-hole-of-harvested-personal.html
https://habr.com/en/post/486856/
http://www.simonweckert.com/googlemapshacks.html
https://www.hackerhealth.net/
https://medium.com/bugbountywriteup/haxing-minesweeper-e79ece9f5d16
http://b.fl7.de/2014/09/amazon-stored-xss-book-metadata.html
http://blog.nativeflow.com/the-futex-vulnerability
http://cultofthedyingsun.wordpress.com/2014/09/12/death-by-magick-number-fingerprinting-kippo-2014/
http://www.pugo.org/project/pshttpd/
http://vicenteaguileradiaz.com/tools/
http://www.nosqlmap.net/
http://media.ccc.de/browse/conferences/mrmcd/mrmcd14/
http://www.contextis.co.uk/resources/blog/hacking-canon-pixma-printers-doomed-encryption/
https://www.youtube.com/playlist?list=PLmfJypsykTLVGqTWJMu4ybJPiew7PUkH2
http://blog.spiderlabs.com/2014/09/leveraging-lfi-to-get-full-compromise-on-wordpress-sites.html
http://blog.opensecurityresearch.com/2014/09/hostapd-wpe-now-with-more-pwnage.html
http://insert-script.blogspot.co.at/2014/09/sitekiosk-breakout.html
http://dfir.org/?q=node/8/
http://www.whited00r.com/
http://pwnable.kr/
http://pathonproject.com/zb/?5b343c33591c9cc9#Pc9t/zKg8zWJUNkqqvYhuuL7Lofz8PGTX7R3qat0i/8=
http://blog.binamuse.com/2014/09/coregraphics-memory-corruption.html
http://avlidienbrunn.se/angular.txt
https://erenyagdiran.github.io/I-was-just-asked-to-crack-a-program-Part-1/
https://code.google.com/p/miasm/
http://breenmachine.blogspot.ca/2014/09/transfer-file-over-dns-in-windows-with.html
http://forensic.n0fate.com/?page_id=1180
http://thehackernews.com/2014/09/hacking-ebay-accounts.html
http://www.cloudscan.me/2014/09/cve-2014-4406-apple-sa-2014-09-17-5-os.html
http://www.martinvigo.com/a-look-into-lastpass/
https://blog.cloudflare.com/keyless-ssl-the-nitty-gritty-technical-details/
http://countuponsecurity.com/2014/09/22/malicious-documents-pdf-analysis-in-5-steps/
http://www.theamazingking.com/crypto.php
http://javahacker.com/a-javascript-challenge-for-nordic-js/
https://gist.github.com/ethicalhack3r/cb06f575c6ba28644e9a
http://www.rafayhackingarticles.net/2014/10/a-tale-of-another-sop-bypass-in-android.html
http://hexed.it/
http://lansec.net/project/scoutbot/
http://marketplace.eclipse.org/content/contrast-eclipse
http://pastebin.com/VyMs3rRd
http://d.uijn.nl/?p=32
http://marc.info/?l=qmail&m=141183309314366&w=2
https://diablohorn.wordpress.com/2011/10/19/8009-the-forgotten-tomcat-port/
http://opensecuritytraining.info/HTID.html
https://dnsleaktest.com/
http://blog.cobaltstrike.com/2014/10/01/user-driven-attacks/
https://shirt.codes/
http://www.cs.bham.ac.uk/~exr/lectures/opsys/10_11/lectures/os-dev.pdf
http://www.righto.com/2014/09/mining-bitcoin-with-pencil-and-paper.html
http://www.futuresouth.us/yahoo_hacked.html
http://blog.valverde.me/2014/01/03/reverse-engineering-my-bank's-security-token
http://handleopenurl.com/scheme
http://www.powershellmagazine.com/2014/10/03/building-netcat-with-powershell/
http://www.irongeek.com/i.php?page=videos/derbycon4/mainlist
http://blog.logrhythm.com/security/do-you-trust-your-computer/
http://www.cyrozap.com/2014/09/29/reversing-the-symantec-vip-access-provisioning-protocol/
http://vagmour.eu/persistence-1/
http://thejh.net/misc/website-terminal-copy-paste
http://nahamsec.com/2014/10/a-tale-of-2-yahoo-bug-bounty-reports/
https://tosdr.org/
http://q.viva64.com/
https://plus.google.com/+AlexisImperialLegrandGoogle/posts/gJDrVSuteUT
http://ceukelai.re/?p=11
http://googleonlinesecurity.blogspot.pt/2014/10/this-poodle-bites-exploiting-ssl-30.html
http://www.bsk-consulting.de/2014/10/04/smart-dll-execution-malware-analysis-sandbox-systems/
http://seclists.org/fulldisclosure/2014/Oct/53
https://www.drupal.org/SA-CORE-2014-005
http://securityaffairs.co/wordpress/29104/hacking/authentication-vulnerability-paypal-mobile.html
http://blog.toft.io/exploiting-unsecure-web-servers-with-svn-directories/
http://h30499.www3.hp.com/t5/HP-Security-Research-Blog/Hacking-my-smart-TV-an-old-new-thing/ba-p/6645844
http://www.appliednsm.com/introducing-flowbat/
http://conference.hitb.org/hitbsecconf2014kul/materials/
https://sysforensics.org/2014/10/forensics-in-the-amazon-cloud-ec2.html
http://applidium.com/en/news/hacking_the_navigo/
https://www.securusglobal.com/community/2014/10/13/bypassing-wafs-with-svg/
https://gist.github.com/anonymous/64ba9e34a018ebd86f70
http://openideals.com/2014/10/13/linux-commands-for-bluetooth-namespace-messaging/
http://www.websecuritylog.com/2014/10/facebook--bug-bounty.html
http://brutelogic.wordpress.com/2014/10/14/an-ssh-short-story-hack/
http://blog.detectify.com/post/100600514143/hostile-subdomain-takeover-using-heroku-github-desk
https://corkami.googlecode.com/svn/trunk/src/angecryption/
https://dutzi.github.io/tamper/
http://cyberarms.wordpress.com/2014/10/16/mana-tutorial-the-intelligent-rogue-wi-fi-router/
http://digital-forensics.sans.org/community/downloads
http://www.roe.ch/SSLsplit
http://www.agarri.fr/blog/
https://ruxcon.org.au/slides/
https://ruxconbreakpoint.com/slides/
http://securityaffairs.co/wordpress/29302/hacking/serious-flaw-addthis.html
https://blog.prakharprasad.com/2014/10/hackerone-vulnerability-common-response.html
http://www.securitysift.com/passive-reconnaissance/
http://cylonjs.com/
https://amp.twimg.com/v/7cb46f6d-9589-43c1-9ac9-3ac1ab697413
https://dhowe.github.io/AdNauseam/
http://blog.dornea.nu/2014/09/17/generate-all-ip-addresses-from-asn/
http://www.sectechno.com/2014/10/26/balbuzard-malware-analysis-tool/
https://www.apple.com/privacy/docs/iOS_Security_Guide_Oct_2014.pdf
http://blog.dornea.nu/2014/07/07/disect-android-apks-like-a-pro-static-code-analysis/
http://blog.infobytesec.com/2014/10/abusing-dialog-for-fun-and-profit.html
http://www.net-security.org/insecure-archive.php
http://n0where.net/how-to-iptables-firewall/
http://rationallyparanoid.com/articles/diskless-ssh-honeypot-alpine-linux.html
http://ezprompt.net/
http://packetlife.net/library/cheat-sheets/
https://security.stackexchange.com/questions/56181/hack-into-a-computer-through-mac-and-ip-address
http://blog.it-securityguard.com/bugbounty-the-5000-google-xss/
http://iamajin.blogspot.in/2014/11/when-gifs-serve-javascript.html
http://features.jsomers.net/how-i-reverse-engineered-google-docs/
https://code.facebook.com/posts/844436395567983/introducing-osquery/
http://edge-security.blogspot.com.es/2014/10/wfuzz-21-released.html
http://cultofthedyingsun.wordpress.com/2014/11/01/antivirus-evading-executable-and-post-exploitation-with-the-veil-evasion-framework-and-metasploit/
https://www.sektioneins.de/en/blog/14-11-03-drupal-sql-injection-vulnerability-PoC.html
http://digi.ninja/projects/http_traceroute.php
http://blog.badtrace.com/post/how-i-got-a-root-shell-in-my-nas-0day-inside/
https://medium.com/@oleavr/anatomy-of-a-code-tracer-b081aadb0df8
https://community.rapid7.com/community/metasploit/blog/2014/10/28/r7-2014-15-gnu-wget-ftp-symlink-arbitrary-filesystem-access
http://cyber.bgu.ac.il/content/how-leak-sensitive-data-isolated-computer-air-gap-near-mobile-phone-airhopper
http://randomthoughts.greyhats.it/2014/10/osx-local-privilege-escalation.html
http://acez.re/ps-vita-level-1-webkitties-3/
https://timtaubert.de/blog/2014/10/http-public-key-pinning-explained/
http://crimsonglow.ca/~kjiwa/x86-dos-boot-sector-in-c.html
http://www.hydrantlabs.org/Security/Google/Chrome/
http://blog.noobroot.com/2014/02/owncloud-600a-when-xss-vulnerability.html
http://gacksecurity.blogspot.co.uk/2014/02/beef-and-armitage-get-married.html
http://forum.yubico.com/viewtopic.php?f=26&t=1171
http://blackhatlibrary.net/Azazel
http://blog.sucuri.net/2014/02/php-backdoors-hidden-with-clever-use-of-extract-function.html
http://www.devttys0.com/2014/02/wrt120n-fprintf-stack-overflow/
http://www.sjdjweis.com/linux/proxyarp/
https://hackerone.com/reports/1356
http://vagosec.org/2014/02/google-drive-clickjacking-vulnerability/
http://www.tripwire.com/state-of-security/vulnerability-management/creating-iphone-rootkits-and-like-the-nsas-dropout-jeep/
https://community.rapid7.com/community/metasploit/blog/2014/02/18/lets-talk-about-your-security-breach-with-metasploit-literally
http://grahamcluley.com/2014/02/passwords-leaked-live-tv-flood-emergency/
https://www.youtube.com/watch?v=VggwVuboLoo
http://www.zerodayclothing.com/
http://packetstormsecurity.com/files/129081/VL-936.txt
https://labs.integrity.pt/articles/from-0-day-to-exploit-buffer-overflow-in-belkin-n750-cve-2014-1635/
https://mozilla.github.io/server-side-tls/ssl-config-generator/
http://decalage.info/vba_tools
http://sourceforge.net/projects/justniffer/
http://www.irongeek.com/xss-sql-injection-fuzzing-barcode-generator.php
http://ferdogan.net/PDF-Malware-Analiz-Teknikleri/
https://www.paloaltonetworks.com/content/dam/paloaltonetworks-com/en_US/assets/pdf/reports/Unit_42/unit42-wirelurker.pdf
http://argus-sec.com/blog/remote-attack-aftermarket-telematics-service/
http://tyranidslair.blogspot.co.uk/2014/11/whens-documenturl-not-documenturl-cve.html
https://opensource.srlabs.de/projects/badusb
http://forensicsfromthesausagefactory.blogspot.ae/2014/11/imaging-drives-protected-with-apple.html
http://tonyarcieri.com/cream-the-scary-ssl-attack-youve-probably-never-heard-of
http://nethack4.org/blog/building-c.html
http://lcamtuf.blogspot.pt/2014/11/pulling-jpegs-out-of-thin-air.html
http://www.fredericb.info/2014/11/exploitation-of-philips-smart-tv.html
http://sijmen.ruwhof.net/weblog/256-cross-site-scripting-in-millions-of-web-sites
http://www.fruitywifi.com/
http://www.procdot.com/index.htm
https://wireedit.com
http://forensic.n0fate.com/tools/chainbreaker/
https://www.jssec.org/dl/android_securecoding_en_20140701.pdf
http://huaweihg612hacking.wordpress.com/2012/11/07/jtaging-the-broadcom-bcm6368-hg612/
http://bartblaze.blogspot.pt/2014/11/malware-spreading-via-steam-chat.html
https://www.trustedsec.com/november-2014/meterssh-meterpreter-ssh/
http://www.swordsec.com/download/20FantasticKaliLinuxTools.pdf
http://blog.h3xstream.com/2014/11/remote-code-execution-by-design.html
http://2014.zeronights.org/conference-materials.html
http://xmodulo.com/access-linux-command-cheat-sheets-command-line.html
http://www.openvim.com/tutorial.html
http://www.coalfire.com/The-Coalfire-Blog/November-2014/Reverse-Shells-and-Your-Car
https://opensoc.github.io/
https://bitbucket.org/al14s/rawr/wiki/Home
http://hasherezade.net/IAT_patcher/
http://goo.gl/AkU519 (+)
http://webstersprodigy.net/2014/11/19/use-after-free-exploits-for-humans-part-1-exploiting-ms13-080-on-ie8-winxpsp3/
http://smealum.net/ninjhax/
http://klikki.fi/adv/wordpress.html
http://tyranidslair.blogspot.co.uk/2014/11/stupid-is-as-stupid-does-when-it-comes.html
http://www.nosuchcon.org/talks/2014/
https://www.youtube.com/user/unixfreaxjp/videos
http://unibios.free.fr/cdsystem.html
http://screeps.com/
http://mtayseer.net/2014/11/06/your-python-smells-like-java/
http://googleonlinesecurity.blogspot.pt/2014/12/are-you-robot-introducing-no-captcha.html
http://www.anandprakash.pw/search/label/bug%20bounty
http://securityaffairs.co/wordpress/30755/hacking/hacking-paypal-account-poc.html
http://www.labofapenetrationtester.com/2014/11/powershell-for-client-side-attacks.html
https://pacsec.jp/psj14archive.html
http://blog.fox-it.com/2014/11/18/cryptophp-analysis-of-a-hidden-threat-inside-popular-content-management-systems/
http://www.behindthefirewalls.com/2014/12/cve-2014-9016-and-cve-2014-9034-PoC.html
https://www.redteam-pentesting.de/en/advisories/rt-sa-2014-011/-entrypass-n5200-credentials-disclosure
http://farlight.org/
http://wafbypass.me/w/index.php/Main_Page
http://www.qemu-advent-calendar.org/
http://pdos.csail.mit.edu/scigen/
http://blog.dewhurstsecurity.com/2014/12/09/how-i-hacked-facebook.html
http://josipfranjkovic.blogspot.pt/
https://gist.github.com/worawit/84ab41358b8465966224
http://cxsecurity.com/issue/WLB-2014120030
https://securityreliks.wordpress.com/2010/08/20/devtcp-as-a-weapon/
http://desowin.org/usbpcap/tour.html
http://cybersecurity.upv.es/attacks/offset2lib/offset2lib.html
http://securityintelligence.com/spoofedme-social-login-attack-discovered-by-ibm-x-force-researchers/
https://evil32.com/
http://pen-testing.sans.org/blog/pen-testing/2014/12/04/cross-site-scripting-through-file-metedata
http://samiux.blogspot.pt/2014/12/howto-arpon-on-kali-linux-109a.html
https://forsec.nl/2014/12/reading-outlook-using-metasploit/
http://h30499.www3.hp.com/t5/Fortify-Application-Security/Leveraging-SimpleHTTPServer-as-a-Simple-Web-Honeypot/ba-p/6682905
http://www.jfedor.org/aaquake2/
http://alexnisnevich.github.io/untrusted/
http://researchcenter.paloaltonetworks.com/2014/12/google-chrome-exploitation-case-study/
https://blog.gaborszathmari.me/2014/12/10/wordpress-exploitation-with-xss/
http://securityaffairs.co/wordpress/31120/hacking/fixed-critical-flaw-blogger-allows-write-posts-blog.html
http://morris.guru/detecting-kippo-ssh-honeypots/
http://briskinfosec.blogspot.in/2014/12/reverce-shells-for-exploit-command.html?m=1
http://www.cipherdyne.org/blog/2014/12/ram-disks-and-saving-your-ssd-from-afl-fuzzing.html
http://homakov.blogspot.gr/2014/11/hacking-file-uploaders-with-race.html
https://blog.whitehatsec.com/hackerkast-11-bonus-round/
http://blog.opensecurityresearch.com/2012/02/json-csrf-with-parameter-padding.html
http://dogber1.blogspot.fr/2009/05/table-of-reverse-engineered-bios.html
http://insert-script.blogspot.co.at/2014/12/multiple-pdf-vulnerabilites-text-and.html
http://blog.malwaretracker.com/2014/12/cve-2014-4114cve-2014-6352-evade-av-by.html?spref=tw
http://robertheaton.com/2014/12/08/fun-with-your-friends-facebook-and-tinder-session-tokens/
http://js1k.com/2014-dragons/demo/1854
http://nathanfriend.io/inspirograph/
http://git-blame.blogspot.pt/2014/12/git-1856-195-205-214-and-221-and.html
http://sintheticlabs.com/blog/a-look-inside-facebooks-source-code.html
http://hak-it.blogspot.pt/2014/12/stored-xss-on-facebook-and-twitter_18.html
http://pen-testing.sans.org/blog/pen-testing/2014/12/10/awkward-binary-file-transfers-with-cut-and-paste
http://hooked-on-mnemonics.blogspot.pt/p/injdmp.html
http://www.darknet.org.uk/2014/12/bluemaho-project-bluetooth-security-testing-suite/
http://xgusix.com/blog/analyzing-a-malicious-excel-file-with-oledump-py/
https://titanous.com/posts/docker-insecurity
http://lifeat.tetrane.com/2014/12/ie-crash-analysis.html
http://breenmachine.blogspot.gr/2014/12/raining-shells-ambari-0-day.html
https://securityblog.redhat.com/2014/12/10/analysis-of-the-cve-2013-6435-flaw-in-rpm/
http://www.justanotherhacker.com/2011/12/writing-a-stealth-web-shell.html
http://web-in-security.blogspot.pt/2014/11/detecting-and-exploiting-xxe-in-saml.html
https://media.defcon.org/DEF%20CON%2022/DEF%20CON%2022%20video%20and%20slides/
http://www.keurighack.com/
https://www.druid.es/content/gopro-firmware-forensic
http://hackertyper.com/
https://trmm.net/thunderstrike
http://attack-secure.com/hacked-facebook-word-document/
http://mis.fortunecook.ie/
http://www.signedness.org/tools/
https://code.google.com/p/google-security-research/issues/detail?id=118
http://www.wains.be/pub/networking/tcpdump_advanced_filters.txt
http://aluigi.altervista.org/mytoolz.htm
http://dnscrypt.org/
http://khr0x40sh.wordpress.com/2014/06/10/moftastic_powershell/
http://gkbrk.com/blog/read?name=reverse_engineering_the_speedtest_net_protocol
http://www.vanimpe.eu/2014/12/13/using-elk-dashboard-honeypots/
http://blog.h3xstream.com/2014/12/predicting-struts-csrf-token-cve-2014.html
http://blog.xbc.nz/2014/12/lastpass-attempt-at-client-side-android.html
http://breenmachine.blogspot.gr/2014/12/mssql-mitm-ftw-ettercap-and-responder.html
https://blog.hboeck.de/archives/863-Dont-update-NTP-stop-using-it.html
https://bettercrypto.org/
http://www.montulli.org/theoriginofthe%3Cblink%3Etag
http://www.its.caltech.edu/~costis/sgb_hack/
https://stribika.github.io/2015/01/04/secure-secure-shell.html
https://code.google.com/p/usboblivion/
https://endrift.com/mgba/2014/12/28/classic-nes/
http://www.insinuator.net/2014/12/revisiting-an-old-friend-shell-globbing/
https://blog.haschek.at/post/fd9bc
http://ednolo.alumnos.upv.es/?p=1883
http://ednolo.alumnos.upv.es/papers/advisories/CVE-2015-0554_pirelli.txt
http://www.ifc0nfig.com/moonpig-vulnerability/
https://hatriot.github.io/blog/2015/01/06/ntpdc-exploit/
http://hackerschool.org/DefconCTF/17/B300.html
http://moviecode.tumblr.com/
https://cmd.fm/
http://habrahabr.ru/company/pt/blog/247709/
http://zoczus.blogspot.de/2015/01/yammercom-same-origin-method-execution.html?spref=tw
http://rtwaysea.net/blog/blog-2013-10-18-long.html
http://michenriksen.com/blog/gitrob-putting-the-open-source-in-osint/
http://seclist.us/inception-is-a-physical-memory-manipulation-and-hacking-tool-exploiting-pci-based-dma.html
http://networkfilter.blogspot.pt/2015/01/be-your-own-vpn-provider-with-openbsd.html
http://www.hexacorn.com/blog/2015/01/08/decompiling-compiled-autoit-scripts-64-bit-take-two/
https://milo2012.wordpress.com/2015/01/08/proxy-tester-script/
http://blog.sucuri.net/2015/01/website-backdoors-leverage-the-pastebin-service.html
https://blog.avast.com/2015/01/06/linux-ddos-trojan-hiding-itself-with-an-embedded-rootkit/
http://web-in-security.blogspot.pt/2015/01/save-your-cloud-exploiting-eucalyptus.html?spref=tw
http://www.giac.org/paper/gpen/6684/aix-penetration-testers/125890
http://randomthoughts.greyhats.it/2015/01/osx-bluetooth-lpe.html
http://www.shortbus.ninja/phishbait-scraping-the-web-for-email-addresses/
http://smealum.net/?p=517
http://blog.lse.epita.fr/articles/75-sstpinball.html
http://script-ed.org/?p=1671
https://www.imperialviolet.org/2014/02/22/applebug.html
https://gist.github.com/joernchen/a7c031b6b8df5d5d0b61
http://www.droidsec.org/news/2014/02/26/on-the-webview-addjsif-saga.html
http://lanmaster53.com/2013/07/multi-post-csrf/
http://7h3ram.github.io/
http://blog.cassidiancybersecurity.com/post/2014/02/Bitcrypt-broken
http://www.welivesecurity.com/2014/02/21/an-in-depth-analysis-of-linuxebury/
http://bromiumlabs.files.wordpress.com/2014/02/bypassing-emet-4-1.pdf
http://recon.cx/2013/schedule/schedule.html
http://labs.bromium.com/2014/02/25/dissecting-the-newest-ie10-0-day-exploit-cve-2014-0322/
http://r000t.com/who-hacked-ec-council/ | https://twitter.com/JamieCaitlin/status/438391518697512960
http://www.w3.org/People/Raggett/book4/ch02.html
http://drops.wooyun.org/papers/4621#yjs_add_arg=9893
http://breakingbits.net/2015/01/18/taking-over-godaddy-accounts-using-csrf
http://potatohatsecurity.tumblr.com/post/108756906604/admin-google-com-reflected-cross-site-scripting
http://omriher.blogspot.co.il/2015/01/captipper-malicious-http-traffic.html
http://www.hackwhackandsmack.com/?p=452
http://www.labofapenetrationtester.com/2015/01/fun-with-dns-txt-records-and-powershell.html
http://blog.defragger.org/radare-max++.html
http://resources.infosecinstitute.com/intelligence-information-gathering-collecting-twitter-followers-25-lines-python/
http://www.checkpoint.com/downloads/partners/TCC-Silverlight-Jan2015.pdf
http://sectooladdict.blogspot.co.il/2014/12/el-30-injection-java-is-getting-hacker.html
http://raidersec.blogspot.ca/2013/06/how-browsers-store-your-passwords-and.html
http://packetstormsecurity.com/files/122655/LIXIL-Satis-Toilet-Hard-Coded-Bluetooth-PIN.html
http://www.lofibucket.com/articles/oscilloscope_quake.html
http://chargen.matasano.com/chargen/2015/1/27/vulnerability-overview-ghost-cve-2015-0235.html
https://hackerone.com/reports/44146
http://potatohatsecurity.tumblr.com/post/108197611404/yahoo-root-access-sql-injection-tw-yahoo-com
https://gitweb.torproject.org/user/jvoisin/mat.git
http://www.gironsec.com/blog/2015/01/owning_modems_and_routers_silently/
https://forsec.nl/2015/01/bash-data-exfiltration-through-dns-using-bash-builtin-functions/
http://securitycafe.ro/2014/12/19/how-to-intercept-traffic-from-java-applications/
http://chichou.0ginr.com/blog/1023
https://capsop.com/phpmyadmin
http://www.malwaretech.com/2015/01/using-kernel-rootkits-to-conceal.html
http://wouter.coekaerts.be/2015/resurrecting-phantomreference
https://fail0verflow.com/blog/2014/hubcap-chromecast-root-pt1.html (-root-pt2.html)
https://milo2012.wordpress.com/2015/01/09/pentesting-firebird-database/
http://kukuruku.co/hub/infosec/backdoor-in-a-public-rsa-key
http://www.rfcreader.com/
http://js-dos.com/
http://innerht.ml/blog/ie-uxss.html
http://www.bulbsecurity.com/more-book-exercises-guessable-credentials-apache-tomcat/
http://wiki.secarmour.com/2013/02/ssi-injection-attack.html
https://binjitsu.readthedocs.org/en/latest/
http://0x00string.com/hacktionary/index.php?title=AllShare_Cast
http://securitycafe.ro/2015/01/05/understanding-php-object-injection/
https://blog.netspi.com/advisory-xxe-injection-oracle-database-cve-2014-6577/
http://www.davidlitchfield.com/Privilege_Escalation_via_Oracle_Indexes.pdf
http://h30499.www3.hp.com/t5/Fortify-Application-Security/Owning-SQLi-vulnerability-with-SQLmap/ba-p/6698577
http://drops.wooyun.org/papers/4762
http://keygenmusic.net/
http://shipyourenemiesglitter.com/
http://danlec.com/blog/hackerones-first-xss
http://zoczus.blogspot.pt/2015/02/evercookieswf-stored-cross-site.html
http://potatohatsecurity.tumblr.com/post/110024705384/google-com-mobile-feedback-url-redirect
http://samdmarshall.com/re.html
https://gitlab.maikel.pro/maikeldus/WhatsSpy-Public/wikis/home
https://net-ninja.net/article/2010/Oct/04/taking-control-of-a-jsp-environment/
http://breakingmalware.com/vulnerabilities/one-bit-rule-bypassing-windows-10-protections-using-single-bit/
https://www.checkmarx.com/2014/08/20/swift-security-issues/
https://rateip.com/blog/sql-injections-in-mysql-limit-clause/
http://adsecurity.org/?p=1275
https://isc.sans.edu/forums/diary/Finding+Privilege+Escalation+Flaws+in+Linux/19207/
http://labs.bromium.com/2015/02/02/exploiting-badiret-vulnerability-cve-2014-9322-linux-kernel-privilege-escalation/
http://saijogeorge.com/css-puns/
http://vanilla-js.com/
http://danlec.com/blog/hacking-stackoverflow-com-s-html-sanitizer
http://philippeharewood.com/paging-cursors-leaking-data-in-graph-api/
http://www.shellcheck.net/
https://jimshaver.net/2015/02/11/decrypting-tls-browser-traffic-with-wireshark-the-easy-way/
http://seclists.org/fulldisclosure/2015/Feb/56
http://sourceforge.net/projects/packeth/
http://shubh.am/exploiting-markdown-syntax-and-telescope-persistent-xss-through-markdown-cve-2014-5144/
http://blog.sucuri.net/2015/02/creative-evasion-technique-against-website-firewalls.html
https://www.trustedsec.com/january-2015/account-hunting-invoke-tokenmanipulation/
http://www.evilsocket.net/2015/01/29/nike-fuelband-se-ble-protocol-reversed/
http://www.insinuator.net/2015/01/evasion-of-cisco-acls-by-abusing-ipv6-discussion-of-mitigation-techniques/
https://rh0dev.github.io/blog/2015/fun-with-info-leaks/
http://haxelion.eu/article/LD_NOT_PRELOADED_FOR_REAL/
http://pixelscommander.com/en/javascript/nasa-coding-standarts-for-javascript-performance/
https://littleosbook.github.io/
http://jasminderpalsingh.info/single.php?p=84
http://sekurak.pl/xss-w-domenie-www-google-com-postini-header-analyzer/
http://www.7xter.com/2015/02/how-i-hacked-your-facebook-photos.html
http://blog.cobaltstrike.com/2015/02/25/my-favorite-powershell-post-exploitation-tools/
http://infosec42.blogspot.de/2015/02/exploit-seagate-blackarmor-network.html
http://blog.secureideas.com/2015/02/adventures-in-ldap-injection-exploiting.html
http://s1gnalcha0s.com/node/2015/01/31/SSJS-webshell-injection.html
http://www.en.pentester.es/2015/02/from-case-insensitive-to-rce.html
http://www.proteansec.com/linux/installing-using-cuckoo-malware-analysis-sandbox/
https://blogs.rsa.com/dns-poisoning-used-boleto-fraud/
http://w00tsec.blogspot.pt/2015/02/firmware-forensics-diffs-timelines-elfs.html
http://www.vulnerability-lab.com/get_content.php?id=1432
http://xmodulo.com/presentation-command-line-linux.html
http://twitterbiogenerator.com/
https://beyondbinary.io/advisory/seagate-nas-rce/
https://www.smacktls.com/#freak
http://thorly.batr.am/
https://gist.github.com/worawit/33cc5534cb555a0b710b
http://blog.rootshell.be/2015/03/04/phpmoadmin-0-day-nmap-script/
https://blog.whitehatsec.com/dnstest-monitor-your-dns-for-hijacking/
https://samsclass.info/124/proj14/norton.htm
http://secureornot.blogspot.co.il/2015/03/gopro-update-mechanism-exposes-multiple.html
https://barrebas.github.io/blog/2015/02/22/maximum-overkill-two-from-format-string-vulnerability-to-remote-code-execution/
http://securitycafe.ro/2015/02/23/bypassing-windows-lock-screen-via-flash-screensaver/
http://www.xexexe.cz/2015/02/bruteforcing-tp-link-routers-with.html
http://www.vnsecurity.net/research/2015/02/12/msie-vuln-analysis.html
http://www.contextis.com/resources/blog/automating-removal-java-obfuscation/
http://pixelambacht.nl/2015/sans-bullshit-sans/
http://drops.wooyun.org/papers/5107
https://hackerone.com/reports/48516
http://sakurity.com/blog/2015/03/05/RECONNECT.html
https://manifestsecurity.com/appie/
http://christian-schneider.net/ChromeSopBypassWithSvg.html
https://lqdc.github.io/making-finfisher-undetectable.html
https://www.nccgroup.com/media/481815/technical-advisory-multiple-vulnerabilities-in-mailenable.pdf
http://theelectronjungle.com/2015/02/15/use-after-free-in-vlc-2.1.x/
http://w00tsec.blogspot.pt/2015/02/extracting-raw-pictures-from-memory.html
http://www.malwaretech.com/2014/04/coding-malware-for-fun-and-not-for.html
https://keboch.wordpress.com/2008/11/09/please-accept-this-spider-as-payment/
https://gist.github.com/dchest/7225cf79c1ea2166489c
http://googleprojectzero.blogspot.pt/2015/03/exploiting-dram-rowhammer-bug-to-gain.html
http://www.7xter.com/2015/03/how-i-exposed-your-private-photos.html
http://nullsecurity.net/tools.html
http://www.securitysift.com/pecloak-py-an-experiment-in-av-evasion/
http://www.pritect.net/blog/esc_sql-doh-wordpress-sql-injection-vulnerability
http://jumpespjump.blogspot.in/2013/01/making-usb-flash-drive-hw-trojan.html
http://secniche.blogspot.pt/2015/03/a-real-world-story-of-cve-2014-6332-rce.html
http://www.halfdog.net/Security/2015/HavingFunWithDmesg/
http://0xthem.blogspot.gr/2015/03/hijacking-ssh-to-inject-port-forwards.html
http://securitycafe.ro/2015/01/28/intercepting-functions-from-statically-linked-libraries/
http://www.hackersusethis.com/
http://blog.nibblesec.org/2015/03/the-old-is-new-again-cve-2011-2461-is.html
http://sekurak.pl/kolejny-xss-w-www-google-com-custom-search-engine/
http://netwars-project.com/webdoc
https://x-ryl669.github.io/Frost/
https://mozillasecurity.github.io/dharma/
http://breakingmalware.com/vulnerabilities/vulnerability-patching-learning-from-avg-on-doing-it-right/
http://labs.detectify.com/post/114572572966/stealing-files-from-web-servers-by-exploiting-a
http://highon.coffee/blog/ssh-meterpreter-pivoting-techniques/
http://www.security-explorations.com/en/SE-2014-02-details.html
http://carnal0wnage.attackresearch.com/2015/03/devooops-revision-control-git.html
http://ultimatehackingarticles.blogspot.pt/2013/01/error-based-sql-injection-tutorial.html
https://bughardy.me/a-ghost-tale/
https://www.nccgroup.com/en/blog/2015/02/abusing-blu-ray-players-pt-1-sandbox-escapes/
http://shrigley.com/source_code_archive/
https://www.reddit.com/r/networking/comments/2gjzof/its_been_a_rough_week/
http://blog.saynotolinux.com/2014/03/01/yahoos-pet-show-of-horrors-abusing-a-crossdomain-proxy-to-leak-a-users-email/
http://www.jakoblell.com/blog/2013/10/30/real-world-csrf-attack-hijacks-dns-server-configuration-of-tp-link-routers-2/
http://neocri.me/documentation/using-ssh-certificate-authentication/
https://www.netspi.com/blog/entryid/220/dekrypto-padding-oracle-attack-against-ibm-websphere-commerce-cve-2013-05230
http://pwnrules.com/yahoo-suggestions-vulnerability/
http://www.reddit.com/r/apple/comments/1zh3gw/iphone_5s_continues_to_track_your_motion_even/
http://packetstormsecurity.com/files/125442/Office-365-Account-Hijacking.html
http://www.netresec.com/?page=Blog&month=2013-10&post=Command-line-Forensics-of-hacked-PHP-net
http://h30499.www3.hp.com/t5/HP-Security-Research-Blog/Process-Introspection-with-Python/ba-p/6402821
http://libgen.org/scimag/
http://quals.sec.codebits.eu/cb/1487ab262e8deb6ec5b9dd49a18d8ac5a/
http://danlec.com/blog/xss-via-a-spoofed-react-element
http://tomforb.es/dell-system-detect-rce-vulnerability
http://kamil.hism.ru/posts/about-vrg-and-delete-any-youtube-video-issue.html
http://blackarch.org/index.html
http://packetstormsecurity.com/files/131185/jbossjmx-exec.txt
http://shadow-file.blogspot.pt/2015/02/bowcaster-feature-multipartform-data.html
http://www.netresec.com/?page=Blog&month=2015-03&post=China%27s-Man-on-the-Side-Attack-on-GitHub
http://blog.lumberlabs.com/2012/04/why-app-developers-should-care-about.html
https://blog.netspi.com/all-you-need-is-one-a-clickonce-love-story/
https://hsmr.cc/palinopsia/
http://www.tuxmealux.net/2015/03/10/code-injection/
http://h30499.www3.hp.com/t5/Fortify-Application-Security/XPATH-Assisted-XXE-Attacks/ba-p/6721576
https://code.google.com/p/google-security-research/issues/detail?id=222
https://bugzilla.redhat.com/show_bug.cgi?id=1202858
http://marcoramilli.blogspot.pt/2015/02/notorious-hacking-groups.html
http://www.mreagle0x.xyz/2015/01/the-tricky-vineco-xss-and-how-to-filter.html
http://nahamsec.com/lack-of-domain-verification-by-google/
http://pouyadarabi.blogspot.pt/2015/03/facebook-bypass-ads-account-roles.html
http://www.parrotsec.org/
http://nullonerror.org/2015/04/05/escondendo-informacoes-dentro-de-imagens/
http://forum.xda-developers.com/android/development/guide-root-method-lg-devices-t3049772
https://hackerone.com/reports/46916
https://sploitfun.wordpress.com/
http://smerity.com/articles/2015/amazon_information_leakage.html
https://www.reddit.com/r/netsec/comments/2xl412/abusing_rfc_5227_to_dos_windows_hosts/
https://haiderm.com/column-truncation-sql-injection-vulnerability/
http://www.websegura.net/advisories/facebook-rfd-and-open-file-upload/
https://stackoverflow.com/questions/3115559/exploitable-php-functions
http://blog.loadzero.com/blog/tracking-down-a-segfault-in-grep/
http://cachemonet.com/
http://sixteencolors.net/
https://dougvitale.wordpress.com/2011/12/21/deprecated-linux-networking-commands-and-their-replacements/
http://intothesymmetry.blogspot.ch/2015/04/open-redirect-in-rfc6749-aka-oauth-20.html
https://truesecdev.wordpress.com/2015/04/09/hidden-backdoor-api-to-root-privileges-in-apple-os-x/
https://ma.ttias.be/remote-code-execution-via-http-request-in-iis-on-windows/
http://www.openwall.com/lists/oss-security/2015/04/14/4
https://blog.criticalstack.com/envdb-ask-your-environment-questions/
http://blog.h3xstream.com/2015/04/crossdomainxml-beware-of-wildcards.html
http://0xdabbad00.com/2015/04/12/looking_for_security_trouble_spots_in_go_code/
http://blog.maintenancewindow.ca/post/2015/03/29/Making-Smart-Locks-Smarter-%28aka.-Hacking-the-August-Smart-Lock%29
http://niiconsulting.com/checkmate/2015/04/server-side-request-forgery-ssrf/
http://www.labofapenetrationtester.com/2015/02/using-windows-screensaver-as-backdoor.html
http://beginners.re/
http://sirdarckcat.blogspot.hk/2014/05/matryoshka-web-application-timing.html
http://blog.0x3a.com/post/110052845124/an-in-depth-analysis-of-the-fiesta-exploit-kit-an
http://8088mph.blogspot.pt/2015/04/cga-in-1024-colors-new-mode-illustrated.html
http://crpgaddict.blogspot.pt/2015/04/game-183-shadowforge-1989.html
http://visualgo.net/
http://xn--mric-bpa.fr/blog/blackjack.html
https://miki.it/blog/2015/4/20/the-power-of-dns-rebinding-stealing-wifi-passwords-with-a-website/
http://blog.innerht.ml/twitter-crlf-injection/
https://binary.ninja/
http://www.kitploit.com/2015/04/rekall-most-complete-memory-analysis.html
http://tfpwn.com/files/fd-wnr2000v4.txt
http://www.openwall.com/lists/oss-security/2015/04/22/12
https://hashcat.net/misc/postgres-pth/postgres-pth.pdf
https://blog.netspi.com/playing-content-type-xxe-json-endpoints/
http://bartblaze.blogspot.co.uk/2015/03/c99shell-not-dead.html
http://www.malcolmstagg.com/bdp-s390.html
http://v0ids3curity.blogspot.de/2015/04/exploiting-php-bug-66550-sqlite.html
https://reclaim-your-privacy.com/wiki/Anonabox_Analysis
http://www.s3cur1ty.de/node/687
https://www.reddit.com/r/PHP/comments/1l7baq/creating_a_user_from_the_web_problem/
http://blog.malerisch.net/2015/04/pwning-hp-thin-client.html
http://www.rafayhackingarticles.net/2015/04/sucuri-waf-xss-filter-bypass.html
http://klikki.fi/adv/wordpress2.html
http://w1.fi/security/2015-1/wpa_supplicant-p2p-ssid-overflow.txt
https://cisofy.com/lynis/
http://www.paulosyibelo.com/2015/04/facebooks-parse-dom-xss.html
https://haiderm.com/oracle-sql-injection-guides-and-whitepapers/
http://www.devttys0.com/2015/04/what-the-ridiculous-fuck-d-link/
https://www.idontplaydarts.com/2011/11/decrypting-suhosin-sessions-and-cookies/
http://www.secgeek.net/youtube-vulnerability/
http://bobao.360.cn/learning/detail/357.html
https://chentiangemalc.wordpress.com/2015/04/17/patching-a-null-pointer-access-violation/
http://www.floyd.ch/?p=584
http://www.gameofhacks.com/
http://feross.org/hacks/ahh-windows/
http://blog.bentkowski.info/2015/05/xss-via-file-upload-wwwgooglecom.html
https://hackerone.com/reports/14883
https://www.firefart.at/how-to-crack-mifare-classic-cards/
https://blog.sucuri.net/2015/04/critical-persistent-xss-0day-in-wordpress.html
http://blog.checkpoint.com/2015/04/20/analyzing-magento-vulnerability/
http://malware-unplugged.blogspot.ie/2015/01/hunting-and-decrypting-communications.html
http://www.vulnerability-lab.com/get_content.php?id=1474
http://synacktiv.ninja/ressources/synacktiv_drupal_xxe_services.pdf
http://blog.atx.name/reverse-engineering-radio-weather-station/
https://drive.google.com/a/ase/folderview?id=0B2G2LjIu7WbdfjhaUmVzc1lCR2hUdk5fZllCOHdtbFItbU5qYzdqZGVxdmlnRkJyYVQ4VU0
http://io.smashthestack.org/
http://natmchugh.blogspot.co.uk/2015/05/how-to-make-two-binaries-with-same-md5.html
https://deya2diab.wordpress.com/2015/02/21/yahoo-main-domain-xss/
http://seclist.us/poodle-attack-poc-implementation-of-the-poodle-attack.html
https://git.hacklab.kr/snippets/13
https://bokken.re/
https://blog.netspi.com/forcing-xxe-reflection-server-error-messages/
http://blog.bentkowski.info/2015/04/xss-via-host-header-cse.html
http://hextechsecurity.com/?p=123
http://blog.silentsignal.eu/2015/05/07/cve-2014-3440-symantec-critical-system-protection-remote-code-execution/
http://www.viva64.com/en/a/0084/
https://blog.cloudflare.com/an-introduction-to-javascript-based-ddos/
http://blog.amossys.fr/Automated%20Reverse%20Engineering%20of%20Cryptographic%20Algorithms.html
http://www.windows93.net/
http://code.snipcademy.com/tutorials/command-line/steak/cooking
https://weakdh.org/
http://blog.bentkowski.info/2015/05/xss-via-windowstop-google-safen-up.html
https://dnsdumpster.com/
http://www.contextis.com/resources/blog/manually-testing-ssltls-weaknesses/
http://jumpespjump.blogspot.ca/2015/05/many-ways-of-malware-persistence-that.html
http://www.kazamiya.net/en/artifact/wipe/deletedsc
https://rya.nc/cert-tricks.html
http://security.cs.rpi.edu/courses/binexp-spring2015/
http://blog.gdssecurity.com/labs/2015/4/29/automated-data-exfiltration-with-xxe.html
http://www.adlice.com/bho-a-spy-in-your-browser/
https://drive.google.com/a/share/folderview?id=0B7rtSe_PH_fTWDQ0RC1DeWVoVUE&usp=sharing#
http://www.manuel-strehl.de/dev/minimal_git_folder
http://instantlyfuzzyshark.tumblr.com/post/119456076505/unauthorized-deletion-of-google-collections
http://sakurity.com/blog/2015/05/21/starbucks.html
http://www.benhayak.com/2015/05/stealing-private-photo-albums-from-Google.html
http://www.kitploit.com/2015/05/remote-dll-injector-v20-command-line.html
http://www.binvul.com/viewthread.php?tid=508
http://ab0files.com/writing-a-metasploit-post-exploitation-module
http://www.backerstreet.com/rec/rec.htm
http://seclist.us/updates-windows-exploit-suggester-revision-v-2-5.html
http://www.pagerduty.com/blog/the-discovery-of-apache-zookeepers-poison-packet/
http://sakurity.com/blog/2015/05/08/pusher.html
https://stackoff.ru/pochemu-reklama-v-skajpe-ne-tolko-urodliva-no-eshhe-i-opasna/
http://securityinside.info/evitando-hsts-una-cuestion-de-tiempo/
http://venom.crowdstrike.com/
http://cory.li/bytecode-hacking/
https://www.altsci.com/ipsec/
https://blog.netspi.com/gpu-cracking-rebuilding-box/
http://stacksmasher.me/tutorials/browser-anonymity-and-security/
https://reverse.put.as/2015/05/29/the-empire-strikes-back-apple-how-your-mac-firmware-security-is-completely-broken/
http://labs.detectify.com/post/120088174539/building-an-xss-polyglot-through-swf-and-csp
https://www.exploit-db.com/docs/35152.pdf
http://caca.zoy.org/wiki/zzuf
http://samy.pl/opensesame/
http://hackerhurricane.blogspot.nl/2015/05/defending-against-powershell-shells.html
http://xn--thibaud-dya.fr/robots.txt.html
http://web-in-security.blogspot.de/2015/05/how-to-attack-xml-encryption-in-ibm.html
https://blog.whitehatsec.com/magic-hashes/
http://blog.balicbilisim.com/gomulu-cihaz-guvenligi-ve-zollard-botnet-analizi/
http://jaanuskp.blogspot.cz/2015/05/cve-2015-3200.html
https://bugs.launchpad.net/ubuntu/+source/sudo/+bug/1219337
http://www.dimitrifourny.com/2014/03/08/how-i-have-fuzzed-php/
http://pastebin.com/0EqWGmTi
http://linuxaria.com/howto/ssh-in-2-steps-on-linux-with-google-authenticator?lang=en
http://console-cowboys.blogspot.co.uk/2014/03/the-curious-case-of-ninjamonkeypiratela.html
http://bas.bosschert.nl/steal-whatsapp-database/
https://code.google.com/p/chromium/issues/detail?id=240058
http://zairon.wordpress.com/2014/03/06/obfuscated-shellcode-inside-a-malicious-rtf-document/
http://www.palkeo.com/code/stealing-bitcoin.html
http://www.2uo.de/myths-about-urandom/
http://0xa.li/php-date-is-xssable/
https://intrepidusgroup.com/insight/2014/03/atv-password-log-bug/
http://mreagle0x.blogspot.in/2014/03/how-can-i-get-your-facebook-account.html
https://bugzilla.mozilla.org/show_bug.cgi?id=949446
https://labs.portcullis.co.uk/blog/raspberry-ph0wn/
http://labs.detectify.com/post/120855545341/google-xss-turkey
http://topolik-at-work.blogspot.cz/2015/06/cve-2015-3096-rosetta-flash-fix-bypass.html
http://ddecode.com/phpdecoder/
https://www.exploit-db.com/exploits/37098/
https://cxsecurity.com/issue/WLB-2015050153
http://blog.jpcert.or.jp/.s/2015/05/a-new-uac-bypass-method-that-dridex-uses.html
http://media.ccc.de/browse/conferences/camp1999/
https://blog.coresecurity.com/2015/05/18/ms15-011-microsoft-windows-group-policy-real-exploitation-via-a-smb-mitm-attack/
https://www.anfractuosity.com/projects/timeshifter/
http://www.defenceindepth.net/2013/11/oracle-listener-11107-information.html
http://n0where.net/best-onion-links-deep-web/
https://hackerone.com/reports/52042
http://mksben.l0.cm/2015/06/bypassing-xss-filter-showmodaldialog.html
http://www.benhayak.com/2015/06/same-origin-method-execution-some.html
http://seclists.org/fulldisclosure/2015/May/122
https://html5sec.org/cspbypass/
https://forum.bugcrowd.com/t/sqlmap-tamper-scripts-sql-injection-and-waf-bypass/423
http://cheeky4n6monkey.blogspot.pt/2015/06/extracting-pictures-from-ms-office-2007.html
http://www.shelliscoming.com/2015/06/tls-injector-running-shellcodes-through.html
https://benmmurphy.github.io/blog/2015/06/04/redis-eval-lua-sandbox-escape/
http://0xdabbad00.com/2015/04/18/go_code_auditing/
https://expdev-kiuhnm.rhcloud.com/2015/05/11/contents/
https://blog.benjojo.co.uk/post/auditing-github-users-keys
http://security.coverity.com/blog/2015/Jun/a-slice-of-pie.html
http://www.patrick-wied.at/static/nudejs/
http://jstnkndy.blogspot.pt/2015/06/a-fun-attack-path-starting-with-xxe.html
http://zoczus.blogspot.pt/2015/04/plupload-same-origin-method-execution.html
http://cybersyndicates.com/2015/06/sms-log-alert/
https://gist.github.com/joernchen/d868521352f1ccd25095
https://chloe.re/2015/06/20/a-month-with-badonions/
https://yifan.lu/2015/06/21/hacking-the-ps-vita/
https://blog.haschek.at/post/fd854
http://blog.pangu.io/ie-uninit-memory/
https://mborgerson.com/deconstructing-the-xbox-boot-rom
http://www.fuzzysecurity.com/tutorials/20.html
https://www.linkedin.com/pulse/cli-skype-roman-x-shafigullin
http://potatohatsecurity.tumblr.com/post/94565729529/defcon-22-badge-challenge-walkthrough
http://people.zoy.org/~sam/filsdepute.txt
http://thehackerblog.com/the-noscript-misnomer-why-should-i-trust-vjs-zendcdn-net/
https://www.veracode.com/blog/2015/06/angularjs-expression-security-internals
http://joevennix.com/2015/06/24/Adventures-in-Browser-Exploitation-Part-II--Safari-8-UXSS.html
http://www.pc-help.org/obscure.htm
https://reverse.put.as/2015/07/01/reversing-prince-harmings-kiss-of-death/
https://paragonie.com/blog/2015/06/preventing-xss-vulnerabilities-in-php-everything-you-need-know
http://vladz.devzero.fr/015_lsm-backdoor.html
http://nullsecure.org/threat-intel-web-crew/
http://blog.mazinahmed.net/2015/06/facebook-messenger-multiple-csrf.html
http://blog.csnc.ch/2015/06/xslt-security-and-server-side-request-forgery/
http://container-solutions.com/content/uploads/2015/06/15.06.15_DockerCheatSheet_A2.pdf
https://www.whitehatters.academy/hackfu-2015-badge-loyalty-system/
http://drops.wooyun.org/papers/6905
http://davidjorm.blogspot.pt/2015/07/101-ways-to-pwn-phone.html
https://hiddencodes.wordpress.com/2015/06/18/deobfuscate-javascript-using-phantomjs-headless-browser/
http://grimhacker.com/wordpress/2015/04/10/gp3finder-group-policy-preference-password-finder/
http://blog.quarkslab.com/quarkslabs-chatsecure-review.html
https://www.exploitee.rs/index.php/Wink_Hub
https://djbunny5.com/2015/06/26/dns-amplification-attacks/
https://truesecdev.wordpress.com/2015/07/01/exploiting-rootpipe-again/
https://pierrekim.github.io/blog/2015-07-01-poc-with-RCE-against-127-iptime-router-models.html
https://blog.bugcrowd.com/advice-from-a-researcher-xxe/
https://cellhack.net/login/
http://blog.innerht.ml/cascading-style-scripting/
https://thehackerblog.com/stealing-lastpass-passwords-with-clickjacking/
http://www.firmware.re/
http://www.mbsd.jp/Whitepaper/rpo.pdf
https://sploitfun.wordpress.com/2015/06/26/linux-x86-exploit-development-tutorial-series/
http://gfragkos.blogspot.co.uk/2015/06/linkedin-security-issue-unvalidated.html
http://nahamsec.com/yahoo-image-processing-xspa/
http://blog.tokumaru.org/2013/03/csrf-and-cookie-monster-bug.html
http://samsymons.com/blog/reverse-engineering-with-radare2-part-1/
https://k0st.wordpress.com/2015/07/05/identifying-and-exploiting-rom-0-vulnerabilities/
https://kr5hou2zh4qtebqk.onion.to/ezines/
https://jonasnick.github.io/blog/2015/07/08/exploiting-csgojackpots-weak-rng/
http://josipfranjkovic.blogspot.ru/2015/07/the-easiest-bug-bounties-i-have-ever-won.html
https://goo.gl/y17Bep
https://www.dropbox.com/s/sax2a5fm3z3q2nt/iChainbreaker_OSX.zip?dl=0
https://localh0t.github.io/wildpwn-v0.1-unix-wildcard-attacks/
https://www.offensivebits.com/?p=89
https://zeltser.com/c2-dns-tunneling/
http://blog.ghettoha.xxx/reversing-powersaves-for-amiibo
https://defuse.ca/bochs-hacking-guide.htm
http://blog.cr4.sh/2015/07/building-reliable-smm-backdoor-for-uefi.html
https://www.securify.nl/blog/SFY20150601/securify_spot_the_bug_challenge_2015_contest_analysis.html
https://thejh.net/written-stuff/openssh-6.8-xsecurity
http://www.contextis.com/resources/blog/dnswatch-when-full-dns-tunnel-just-too-much/
http://noone.org/talks/ssh-tricks/ssh-tricks-rmll.html
http://0x27.me/HackBack/0x00.txt
http://emulator101.com/
http://blog.ptsecurity.com/2015/07/best-reverser-write-up-analyzing.html
https://k0st.wordpress.com/2012/10/23/rip-or-pillage-dvcs-story-about-git/
http://www.sac.sk/files.php?d=7
http://0x90909090.blogspot.fr/2015/07/no-one-expect-command-execution.html
https://k0st.wordpress.com/2015/07/13/identifying-and-exploiting-ibm-websphere-application-server/
http://www.sleuthkit.org/autopsy/
https://securityblog.redhat.com/2015/07/23/libuser-vulnerabilities/
http://seclists.org/fulldisclosure/2015/Jul/11
http://labs.bromium.com/2015/07/10/government-grade-malware-a-look-at-hackingteams-rat/
https://fuzzing-project.org/tutorial-cflags.html
https://frederik-braun.com/using-subresource-integrity.html
https://blogs.securiteam.com/index.php/archives/2502
https://www.sektioneins.de/en/blog/15-07-07-dyld_print_to_file_lpe.html
https://digital-forensics.sans.org/community/summits
http://overthewire.org/wargames/
http://www.nopwn.com/
https://fin1te.net/articles/messenger-site-wide-csrf/
http://blog.portswigger.net/2015/08/server-side-template-injection.html
http://labs.detectify.com/post/125256364141/how-i-disabled-your-chrome-security-extensions
https://gist.github.com/Wack0/bcc5a196f0874a39b08f
http://pastebin.com/raw.php?i=6fcdqfbd
https://sturmflut.github.io/ubuntu/touch/2015/05/07/hacking-ubuntu-touch-index/
http://cr.yp.to/djbdns/notes.html
http://www.rc4nomore.com/
http://www.contextis.com/resources/blog/wireless-phishing-captive-portals/
http://mihai.bazon.net/blog/externalinterface-is-unreliable
http://www.anti-reversing.com/1813/
http://blog.cobaltstrike.com/2015/07/22/winrm-is-my-remote-access-tool/
http://x42.obscurechannel.com/2015/07/26/cracking-the-roku-v2-wpa2-psk/
https://hackerone.com/reports/58679
https://paul.reviews/behavioral-profiling-the-password-you-cant-change/
http://silentbreaksecurity.com/exploiting-ms15-076-cve-2015-2370/
http://www.ehacking.net/2015/07/bypass-anti-virus-with-shellter-on-kali.html
http://www.cyberciti.biz/faq/apple-mac-osx-find-wi-fi-network-password/
https://cymon.io/
https://jve.linuxwall.info/blog/index.php?post/2015/07/26/Using-Mozilla-Investigator-%28MIG%29-to-detect-unknown-hosts
http://bugs.proftpd.org/show_bug.cgi?id=4143#c0
http://pbiernat.blogspot.co.uk/2014/09/bypassing-python-sandbox-by-abusing.html
https://medium.com/@ValdikSS/detecting-vpn-and-its-configuration-and-proxy-users-on-the-server-side-1bcc59742413
http://opengarages.org/handbook/2014_car_hackers_handbook_compressed.pdf
http://www.codeandux.com/writing-a-simple-decompiler-for-net-part-1/
http://arxiv.org/pdf/1507.06955v1.pdf
https://blog.netspi.com/auto-dumping-domain-credentials-using-spns-powershell-remoting-and-mimikatz/
https://xebialabs.com/periodic-table-of-devops-tools/
https://www.youtube.com/watch?v=Jk5Yad598vs
https://plus.google.com/u/0/+AleksandrDobkin-Google/posts/JMwA7Y3RYzV
http://tinyhack.com/2014/03/12/implementing-a-web-server-in-a-single-printf-call/
http://www.debasish.in/2014/03/in-memory-kernel-driverioctlfuzzing.html
http://capstone-engine.org/bot.html
http://www.scs.stanford.edu/brop/
http://blog.didierstevens.com/2014/03/20/xorsearch-finding-embedded-executables/
http://swfid.zz.mu/swfid
http://blog.includesecurity.com/2014/03/exploit-CVE-2014-0038-x32-recvmmsg-kernel-vulnerablity.html
http://blog.shubh.am/ssrf-is-dangerous/
https://www.securusglobal.com/community/2014/03/17/how-i-got-root-with-sudo/
http://blog.veracode.com/2014/03/introducing-the-ios-reverse-engineering-toolkit/
http://sorting.at/
https://gist.github.com/homakov/9383241
http://sakurity.com/blog/2015/08/13/middlekit.html
http://x42.obscurechannel.com/2015/08/14/netripper_metasploit/
http://blog.gojhonny.com/2015/08/domain-administrator-in-17-seconds.html
http://jpinsoft.net/DeepSound/Documentation.aspx
https://sysexit.wordpress.com/2015/07/29/bypassing-the-windows-8-1-picture-password-feature-with-a-kernel-debugger/
http://codewhitesec.blogspot.in/2015/07/symantec-endpoint-protection.html?m=1
https://gun.io/blog/building-a-twitterbot-in-node-to-post-xss-payloads/
http://baileysoriginalirishtech.blogspot.pt/2015/06/applocker-schmapplocker.html
http://noxxi.de/research/sophos-utm-webprotection-bypass2.html
http://www.sicherheitsforschung-magdeburg.de/uploads/journal/MJS_034_Lukas_Java.pdf
http://volatility-labs.blogspot.pt/2015/08/recovering-teamviewer-and-other.html
https://speakerdeck.com/ange/lets-write-a-pdf-file
https://www.exploit-db.com/exploits/37669/
http://rotlogix.com/2015/08/23/exploiting-the-mercury-browser-for-android/
http://vulnerabledoma.in/camp2015_sop/
https://zyan.scripts.mit.edu/blog/backdooring-js/
http://www.openwall.com/lists/oss-security/2015/08/04/8
http://rossmarks.co.uk/blog/?p=609
https://blog.netspi.com/powershell-remoting-cheatsheet/
http://itsjack.cc/blog/2015/08/surveying-codecanyon-scripts-xss-lfi-sqli-more/
http://3vildata.tumblr.com/post/125666311707/abusing-the-mpc-hc-webui-to-steal-private-pictures
http://antukh.com/blog/2015/08/22/dark-appsec/
https://www.blackhat.com/docs/us-15/materials/us-15-Brossard-SMBv2-Sharing-More-Than-Just-Your-Files-wp.pdf
http://www.codereversing.com/blog/archives/261
https://gbmaster.wordpress.com/2015/08/13/x86-exploitation-101-integer-overflow-adding-one-more-aaaaaaaaaaand-its-gone/
https://blogs.securiteam.com/index.php/archives/2550
https://dfir.it/blog/2015/07/18/toxic-pdf-walkthrough-bsides-london-challenge/
http://metalcaptcha.heavygifts.com/
http://www.7xter.com/2015/08/hacking-facebook-pages.html
https://www.youtube.com/watch?v=2Kw6VPlBz9w
https://labs.integrity.pt/articles/xxe-all-the-things-including-apple-ioss-office-viewer/
https://pierrekim.github.io/advisories/2015-totolink-0x02.txt
https://gist.github.com/subTee/732330ebfeb5c63b1296
https://gist.github.com/pakt/c70073a0e0de1f47f579
http://seclists.org/fulldisclosure/2015/Aug/21
https://blog.sucuri.net/2015/08/persistent-xss-vulnerability-in-wordpress-explained.html
https://www.gitbook.com/book/radare/radare2book/details
https://goo.gl/xgGGt4
https://crowdshield.com/blog.php?name=reverse-engineering-a-critical-wordpress-0day-exploit
http://googleprojectzero.blogspot.de/2015/08/attacking-ecmascript-engines-with.html
http://blog.ropchain.com/2015/08/16/analysis-of-exploit-targeting-office-2007-2013-ms15-022/
http://intothesymmetry.blogspot.it/2015/08/apple-safari-sop-bypass-cve-2015-3753.html
https://code.google.com/p/chromium/issues/detail?id=526293
http://norvig.com/sudoku.html
http://www.sec-down.com/wordpress/?p=553
https://www.bishopfox.com/blog/2015/08/coldfusion-bomb-a-chain-reaction-from-xss-to-rce/
http://raz0r.name/articles/css-attacks/
http://zx.rs/6/DroidDucky---Can-an-Android-quack-like-a-duck/
http://www.intelligentexploit.com/view-details.html?id=21905
https://gist.github.com/mattifestation/47f9e8a431f96a266522
http://insecurety.net/?p=765
http://www.malwaretech.com/2015/08/creating-ultimate-tor-virtual-network.html
http://blog.ioactive.com/2015/09/the-beauty-of-old-school-backdoors.html
http://www.hexacorn.com/blog/2015/08/15/two-pe-tools-you-might-have-never-heard-of-now-you-do/
http://blog.crowdstrike.com/native-java-bytecode-debugging-without-source-code/
https://gbmaster.wordpress.com/2015/08/03/x86-exploitation-101-off-by-one-and-an-uninvited-friend-joins-the-party/
http://www.pentestpartners.com/blog/hacking-defcon-23s-iot-village-samsung-fridge/
http://cybermashup.com/2015/08/25/how-to-crack-ubuntu-disk-encryption-and-passwords/
http://translate.wooyun.io/2015/09/01/Bypass-WAF-Cookbook.html
https://hackerone.com/reports/77065
http://dreamsofastone.blogspot.de/2015/07/reverse-engineering-nostalgia.html
http://www.filet-o-firewall.com/
http://ownsecurity.blogspot.ro/2015/08/how-i-found-sweets-inside-google.html
https://warroom.securestate.com/index.php/spawning-shells-over-bluetooth/
http://thehackerblog.com/sonar-a-framework-for-scanning-and-exploiting-internal-hosts-with-a-webpage/
https://www.jkry.org/ouluhack/Toyota%20Touch%20%26%20Go
http://www.phrack.org/papers/self-patching-msxml.html
https://cturt.github.io/ps4.html
https://tinyurl.com/pv868t6
http://blog.cryptographyengineering.com/2015/09/lets-talk-about-imessage-again.html
http://trainwatch.u0d.de/
https://oreoshake.github.io/xss/rce/bugbounty/2015/09/08/xss-to-rce.html
http://mohamedmfouad.blogspot.pt/2015/09/starbucks-critical-flaws-allow-hackers.html
http://goo.gl/MKvt4p
https://isc.sans.edu/diary/PDF+%2B+maldoc1+%3D+maldoc2/20079
https://gist.github.com/atcuno/3425484ac5cce5298932
http://nullsecure.org/building-your-own-passivedns-feed/
http://l.avala.mp/blog/pwnage-per-port-22opentcpssh/
http://drops.wooyun.org/papers/8298
http://wololo.net/2015/09/22/exploit-psx-games-psp-vita/
https://www.lucidchart.com/techblog/2015/08/31/the-worst-mistake-of-computer-science/
https://goo.gl/Dk0Iin (+)
https://xem.github.io/hex/
http://www.linusakesson.net/programming/tty/
https://ucnv.github.io/pnglitch/
http://ashishpadelkar.com/index.php/2015/09/23/facebook-simple-technical-bug-worth-7500/
http://g-laurent.blogspot.pt/2015/09/demistifying-responder-wpad.html
http://alex.hyperiongray.com/posts/302352-pwn-the-docs
http://sourceforge.net/projects/exploitresolver/
http://www.thijsbroenink.com/2015/08/bruteforcing-coupon-codes-for-discount.html
https://gist.github.com/subTee/28b7439d3dfa07053b61
https://gist.github.com/colinmahns/e3c38c5eae6c4bf6441d
http://theta44.org/karma/
http://drops.wooyun.org/papers/8261
http://www.securitygalore.com/site3/safari-pasv
http://blog.perimeterx.com/bugzilla-cve-2015-4499
https://docs.google.com/document/d/1v1TkWZtrhzRLy0bYXBcdLUedXGb9njTNIJXa3u9akHM/edit?pli=1#
http://d.hatena.ne.jp/end0tknr/20150830/1440885918
https://www.rcesecurity.com/2015/09/cve-2014-7216-a-journey-through-yahoos-bug-bounty-program/
https://goo.gl/0fcbEB
http://sijmen.ruwhof.net/weblog/584-how-i-could-hack-internet-bank-accounts-of-danish-largest-bank-in-a-few-minutes
https://security.bugs.gallery
http://www.sw1tch.net/blog/gone-kingphishin-part-1-kingphisher-beef-digital-ocean-kali
https://gist.github.com/wirehack7/fccc32806221c4c803dd
https://testssl.sh/
http://dangerousprototypes.com/2015/09/08/a-xsvf-assemblerdisassembler-in-python/
http://www.room362.com/2012/02/ms08068-ms10046-fun-until-2018.html
http://www.bigendiansmalls.com/mainframe-bind-shell-source-code/
https://www.davidsopas.com/acunetix-got-rfded/
http://lucb1e.com/rp/cookielesscookies/
https://www.rapid7.com/docs/Hacking-IoT-A-Case-Study-on-Baby-Monitor-Exposures-and-Vulnerabilities.pdf
http://conorpp.com/blog/proxying-bluetooth-devices-for-security-analysis-using-btproxy/
https://www.notsosecure.com/2015/09/24/remote-code-execution-via-php-unserialize/
https://dfirblog.wordpress.com/2015/09/27/dissecting-powershell-attacks/
http://www.sekoia.fr/blog/malware-and-com-object-the-paradise-of-covert-channels/
https://blog.coresecurity.com/2015/09/28/abusing-gdi-for-ring0-exploit-primitives/
http://www.clicktorelease.com/blog/svg-google-logo-in-305-bytes
http://www.leakedin.com/
https://www.mdsec.co.uk/2015/09/an-introduction-to-hardware-hacking-the-ripe-atlas-probe/
https://www.davidsopas.com/reflected-file-download-cheat-sheet/
https://inventropy.us/blog/constructing-an-xss-vector-using-no-letters
http://subt0x10.blogspot.pt/2015/09/simple-example-of-encoded-mimikatz-upx.html
https://gist.github.com/mak/bd71962aae98ab0b0441
http://www.malwarefieldguide.com/LinuxChapter2.html
https://williammahler.github.io/Capstone.js-bookmarklet/
https://www.fabionatalucci.it/individuate-vulnerabilita-su-ilmessaggero-it-full-disclosure/
http://blog.dornea.nu/2015/10/02/manage-pki-using-openssl/
https://blog.perimeterx.com/bugzilla-cve-2015-4499/
http://blog.silentsignal.eu/2014/07/28/how-to-got-root-access-on-fireeye-os/
http://andreicostin.com/secadv/HP_MIPIO_backdoor.txt
https://shubh.am/exploiting-url-shortners-to-discover-sensitive-resources-2/
https://quequero.org/2015/09/black-hat-arsenal-peepdf-challenge-2015-writeup/
https://www.sysdream.com/exploiting-symfony2-profiler
https://bwall.github.io/libemu-scapy-for-shellcode-on-the-network/
http://www.sekoia.fr/blog/when-a-brazilian-string-smells-bad/
https://hackertarget.com/hacker-tools-mr-robot/
https://www.nowsecure.com/blog/2015/08/17/raspberry-pi-hang-instruction/
http://blog.naver.com/1n73ction/220499561862
https://www.synack.com/labs/blog/how-i-hacked-hotmail/
https://pierrekim.github.io/blog/2015-10-07-Huawei-routers-vulnerable-to-multiple-threats.html
http://wroot.org/posts/babadook-connection-less-powershell-persistent-and-resilient-backdoor/
https://www.mdsec.co.uk/2015/10/vulnerability-in-sed-systems-decimator-d3/
http://cynosureprime.blogspot.pt/2015/09/how-we-cracked-millions-of-ashley.html
http://mazinahmed.net/uploads/Evading%20All%20Web-Application%20Firewalls%20XSS%20Filters.pdf
http://www.bishopfox.com/blog/2015/09/the-active-directory-kill-chain-is-your-company-at-risk/
http://blog.knownsec.com/2015/10/wordpress-xmlrpc-brute-force-amplification-attack-analysis/
https://dl.packetstormsecurity.net/papers/general/cisco_ios_rootkits.pdf
https://www.idontplaydarts.com/2015/09/cross-domain-timing-attacks-against-lucene/
http://lalo.li/lsd/?ultra-hard-version
http://javahacker.com/the-first-javascript-misdirection-contest/
http://an7isec.blogspot.co.il/
http://gynvael.coldwind.pl/?lang=en&id=533
http://engineering.prezi.com/blog/2014/03/24/prezi-got-pwned-a-tale-of-responsible-disclosure/
https://blog.mozilla.org/security/2014/03/25/using-fuzzdb-for-testing-website-security/
http://openzfsonosx.org/
http://ropshell.com/
http://securehoney.net/blog/how-to-dissect-android-flappy-bird-malware.html#.UyxQzHV_spw
http://blog.safetechinnovations.com/pentest/ebay-authentication-bypass/
http://nginx.com/admin-guide/
http://mathiasbynens.be/notes/pbkdf2-hmac
http://geelen.github.io/x-gif/#/http://i.imgur.com/iKXH4E2.gif
http://dorey.github.io/JavaScript-Equality-Table/
http://blog.tunnelshade.in/2015/09/interesting-flash-xss-on-vkcom.html
https://hackerone.com/reports/96294
https://www.exploit-db.com/exploits/38360/
https://w3challs.com/syscalls/
http://www.room362.com/2014/04/executing-code-via-smb-dcom-without.html
http://d.hatena.ne.jp/masa141421356/20150914/1442239071
http://fatsquirrel.org/oldfartsalmanac/random/reverse-engineering-a-vintage-wireless-keypad-with-an-rtl-sdr/
http://blog.mindedsecurity.com/2015/09/autoloaded-file-inclusion-in-magento.html
http://noxxi.de/research/http-evader.html
https://labs.mwrinfosecurity.com/blog/2015/09/25/a-practical-guide-to-cracking-password-hashes/
http://linux-audit.com/elf-binaries-on-linux-understanding-and-analysis/
http://www.metzdowd.com/pipermail/cryptography/2015-October/026685.html
http://blog.knownsec.com/2015/09/linux-drm_legacy_lock_free-null-pointer-dereference-analysis/
https://www.7elements.co.uk/resources/blog/cve-2015-2342-remote-code-execution-within-vmware-vcenter/
http://www.repeater-builder.com/antenna/pdf/beer-barel-cavity.pdf
http://goo.gl/uTw6PN
http://foxglovesecurity.com/2015/10/26/car-hacking-for-plebs-the-untold-story/
https://cyberarms.wordpress.com/2015/10/04/anti-virus-bypass-with-shellter-5-1-on-kali-linux/
http://sourceforge.net/projects/awap/
http://securityaffairs.co/wordpress/40727/hacking/hack-decrypt-whatsapp-database.html
https://www.accuvant.com/blog/exploiting-jmx-rmi
http://lcamtuf.coredump.cx/edison_fuzz/
https://blog.goeswhere.com/2015/10/ssh-key-capture/
http://seckb.yehg.net/2012/06/xss-gaining-access-to-httponly-cookie.html
https://www.swordshield.com/2015/10/extracting-password-hashes-from-large-ntds-dit-files/
http://jumpespjump.blogspot.pt/2015/09/how-i-hacked-my-ip-camera-and-found.html
http://arxiv.org/pdf/1511.00444v2.pdf
https://goo.gl/rWptw1
https://www.bamsoftware.com/hacks/deflate.html
http://ec.europa.eu/taxation_customs/vies/vatResponse.html
http://blog.dewhurstsecurity.com/2015/11/10/mobile-security-certificate-pining.html
http://grangeia.io/2015/11/09/hacking-tomtom-runner-pt1/
http://www.debuginfo.com/tools/chkmatch.html
https://gef.readthedocs.org/en/latest/
https://gitlab.com/rav7teif/linux.wifatch
http://legalhackers.com/advisories/Google-AdWords-API-libraries-XXE-Injection-Vulnerability.txt
http://www.icewall.pl/?p=696&lang=en
http://blog.checkpoint.com/2015/11/05/check-point-discovers-critical-vbulletin-0-day/
http://tinyhack.com/2015/11/08/teensy-lc-u2f-key/
http://blog.a-way-out.net/blog/2015/11/06/host-header-injection/
http://blog.talosintel.com/2015/10/dangerous-clipboard.html
http://www.greyhathacker.net/?p=738
https://instant.io/
http://www.unfitbits.com/
http://stegosploit.info/
http://maustin.net/2015/11/12/hipchat_rce.html
http://ryhanson.com/angular-expression-injection-walkthrough/
http://silentbreaksecurity.com/invoke-dcsync-because-we-all-wanted-it/
https://gist.github.com/subTee/4843a1d9e7a9fcdb4417
http://meat.pisto.horse/2015/11/rooting-linksys-x2000-router-system.html
https://chloe.re/2015/11/09/csrf-blocker-block-csrf-attacks-the-right-way/
https://blog.filippo.io/the-sad-state-of-smtp-encryption/
https://respectxss.blogspot.de/2015/11/a-tale-of-breaking-saps-successfactorss.html
http://homepage.ntlworld.com/jonathan.deboynepollard/FGA/nslookup-flaws.html
https://www.sensepost.com/blog/2015/wadi-fuzzer/
https://blog.gaborszathmari.me/2015/11/11/tricking-google-authenticator-totp-with-ntp/
http://yahoo-security.tumblr.com/post/122883273670/apache-traffic-server-http2-fuzzing
http://superlogout.com/
http://www.n0tr00t.com/2015/11/27/cve-2015-8213.html
http://lizardhq.org/2015/11/25/dell-foundation-services.html
http://www.th3r3p0.com/vulns/jenkins/jenkinsVuln.html
http://goo.gl/O07NBR (+)
https://packetstormsecurity.com/files/134064/mchtml-exec.txt
http://www.pentest.guru/index.php/2015/10/19/ditch-psexec-spraywmi-is-here/
https://jbeekman.nl/blog/2015/03/reverse-engineering-uefi-firmware/
http://goo.gl/HCRlCE (+)
http://blog.knownsec.com/2015/11/analysis-of-redis-unauthorized-of-expolit/
https://blog.srcclr.com/spring-social-core-vulnerability-disclosure/
http://www.spect.cl/blog/2015/11/security-audit-scrapyd/
http://www.sciencedirect.com/science/article/pii/S1742287615000146
http://www.labofapenetrationtester.com/2015/11/week-of-continuous-intrusion-day-1.html
http://goo.gl/9TtRd8 (+)
http://www.adriancourreges.com/blog/2015/11/02/gta-v-graphics-study/
http://thepiratebook.net/
https://security.linkedin.com/blog-archive#11232015
http://blog.valverde.me/2015/12/07/bad-life-advice/
https://gist.github.com/crowell/92ed41884db35d73e2fc
http://magikh0e.ihtb.org/pubPapers/ssh_gymnastics_tunneling.html
http://decidedlygray.com/2015/11/19/evil-access-point-with-auto-backdooring-ftw/
http://yahoo-security.tumblr.com/post/134549767190/attacking-http2-implementations
http://www.sekoia.fr/blog/windows-driver-signing-bypass-by-derusbi/
https://goo.gl/Pei7cP (+)
http://silentbreaksecurity.com/malicious-outlook-rules/
https://odzhan.wordpress.com/2015/11/17/asmcodes-pic/
https://w00tsec.blogspot.pt/2015/11/arris-cable-modem-has-backdoor-in.html
https://www.mdsec.co.uk/2015/12/protected-mode-a-case-of-when-no-means-yes/
http://neonprimetime.blogspot.pt/2015/11/xsl-payload-xxe-rce-e3xpl0it.html
http://blog.fortinet.com/post/when-baby-monitors-are-a-model-for-iot-security
https://blog.coresecurity.com/2015/12/09/exploiting-windows-media-center/
https://hackerone.com/reports/100829
http://racksburg.com/choosing-an-http-status-code/
https://nvisium.com/blog/2015/12/07/injecting-flask/
https://vagmour.eu/facebook-open-redirect-vulnerability-that-does-the-social-engineering-job-too/
https://sites.google.com/site/zerodayresearch/BadWinmail.pdf
https://isc.sans.edu/diary/Scanning+tricks+with+scapy/20381
http://antincode.com/post/131952657591/xss-via-xml-post
http://www.greyhathacker.net/?p=894
https://odzhan.wordpress.com/2015/11/19/dllpic-injection-on-windows-from-wow64-process/
http://ethanheilman.tumblr.com/post/133488739430/is-playstation-4-network-traffic-especially
https://www.raspberrypi.org/forums/viewtopic.php?f=66&t=126892
http://blog.sec-consult.com/2015/11/house-of-keys-industry-wide-https.html
https://usn.pw/blog/gen/2015/06/09/filenames/
http://hn.premii.com/#/article/10686676
http://opensecuritytraining.info/IntroX86.html
http://labs.detectify.com/post/133528218381/chrome-extensions-aka-total-absence-of-privacy
https://blog.srcclr.com/amazon-aws-sdk-for-java-vulnerability-disclosure/
https://blogs.akamai.com/2015/12/developing-a-poc-step-by-step.html
http://blog.totallynotmalware.net/?p=15
http://oldweb.today/
http://bnrg.cs.berkeley.edu/~randy/Courses/CS39K.S13/anarchistcookbook2000.pdf
https://goo.gl/qexIz4 (+)
http://www.exfiltrated.com/research-Instagram-RCE.php#Ruby_RCE
http://l0.cm/xxn/
http://goo.gl/ysJ9ku (+)
http://www.contextis.com/resources/blog/data-exfiltration-blind-os-command-injection/
http://mainframed767.tumblr.com/post/133340564417/nmap-enumerating-vtam-applications
http://blog.knownsec.com/wp-content/uploads/2015/12/Sqlmap-exploit_en.txt
https://blogs.securiteam.com/index.php/archives/2671
https://www.poshsecurity.com/blog/2015/12/7/how-the-skype-team-failed-at-powershell
https://goo.gl/dUiZjx (+)
https://goo.gl/zQsIfv (+)
http://blog.regehr.org/archives/1282
http://blog.amossys.fr/How_to_reverse_unknown_protocols_using_Netzob.html
https://jbp.io/2015/11/23/abusing-u2f-to-store-keys/
http://agrrrdog.blogspot.ca/2015/11/3-attacks-on-cisco-tacacs-bypassing.html
http://www.codereversing.com/blog/archives/282
http://www.kfirlavi.com/blog/2012/11/14/defensive-bash-programming
https://julianoliver.com/output/log_2015-12-18_14-39
https://www.secgeek.net/bookfresh-vulnerability/
http://www.agarri.fr/kom/archives/2015/12/17/amf_parsing_and_xxe/index.html
https://www.optiv.com/blog/bypassing-csrf-tokens-via-xss
http://www.rootsh3ll.com/2015/11/aircrack-boost-script/
https://httphacker.github.io/gethead/
https://blog.cloudflare.com/tools-for-debugging-testing-and-using-http-2/
http://sethsec.blogspot.com.tr/2015/12/exploiting-server-side-request-forgery.html
https://adsecurity.org/?page_id=1821
http://x42.obscurechannel.com/?p=197
http://hmarco.org/bugs/CVE-2015-8370-Grub2-authentication-bypass.html
http://zoczus.blogspot.pt/2014/05/how-reverse-dns-can-help-us-with-xss.html
http://www.exploit-monday.com/2015/12/the-powersploit-manifesto.html
https://blog.g0tmi1k.com/2011/08/basic-linux-privilege-escalation/
http://marcoramilli.blogspot.pt/2015/12/spotting-malicious-node-relays.html
http://toshellandback.com/2015/11/24/ms-priv-esc/
http://oswatch.org/
http://azac.pl/cobol-on-wheelchair/
http://showterm.io/
http://www.ubercomp.com/posts/2014-01-16_facebook_remote_code_execution
https://code.google.com/p/google-security-research/issues/detail?id=675
https://guidovranken.files.wordpress.com/2015/12/https-bicycle-attack.pdf
http://www.securityfocus.com/archive/1/536930
https://blog.korelogic.com/blog/2015/12/04/linksys-0day-unauth-infodisco
http://dev.cra0kalo.com/?p=400
http://www.impulseadventure.com/photo/jpeg-snoop.html
http://www.shellntel.com/blog/2015/9/23/assessing-enterprise-wireless-networks
https://blog.g0tmi1k.com/dvwa/bruteforce-high/
http://randywestergren.com/running-a-hidden-tor-service-with-docker-compose/
http://goo.gl/tJ00NN (+)
http://blog.mindedsecurity.com/2015/11/reliable-os-shell-with-el-expression.html
http://routersecurity.org/checklist.php
http://c0rni3sm.blogspot.pt/2016/01/referrer-leakage-from-https-to-https.html
https://digi.ninja/projects/zonetransferme.php
http://www.greyhathacker.net/?p=911
https://blog.srcclr.com/handlebars_vulnerability_research_findings/
https://blog.risingstack.com/web-authentication-methods-explained/
http://www.portoscuso.com/codef/index.html
https://gist.github.com/hasegawayosuke/00f7253e22e228462b91