Pwn : Mastering The Art Of Digital Exploitation – Unveiling Advanced Techniques And Pwn2Own Triumphs
In the high-stakes world of cybersecurity, the art of "pwnage" represents not just a win, but a display of supreme technical mastery. This article delves into the intricacies of advanced exploits I've developed, showcased in the elite Pwn2Own competitions and beyond. From remote code execution vulnerabilities in JavaScript engines to sophisticated VM escapes, each exploit demonstrates a leap in...
All About Bug Bounty – A Detailed Resource On Vulnerabilities, Bypass Techniques, And Security Research
Diving into the world of bug bounty, this article serves as an essential toolkit for aspiring and seasoned security researchers alike. It compiles a vast array of vulnerabilities, bypass techniques, and strategic insights gathered from diverse sources. Whether you're looking to enhance your hacking skills, contribute to cybersecurity, or simply explore the depths of bug bounty hunting, this guide...
DotNet-MetaData : A Deep Dive Into .NET Malware Analysis
"DotNet-MetaData: A Deep Dive into .NET Malware Analysis" unveils the advanced techniques for analyzing and classifying .NET-based malware. With a focus on practical tools like Yara rules and Python scripts, this guide provides cybersecurity professionals with the means to extract crucial metadata from .NET binaries, enhancing their malware hunting and classification capabilities. Explore how to leverage these tools for...
BlueSpy – PoC To Record Audio From A Bluetooth Device
This repository contains the implementation of a proof of concept to record and replay audio from a bluetooth device without the legitimate user's awareness. The PoC was demonstrated during the talk BSAM: Seguridad en Bluetooth at RootedCON 2024 in Madrid. It's designed to raise awareness about the insecure use of Bluetooth devices, and the need of a consistent methodology for security evaluations. That's the purspose...
FinalRecon : The Ultimate All-In-One Web Reconnaissance Tool
FinalRecon is an all in one automatic web reconnaissance tool written in python. Goal of FinalRecon is to provide an overview of the target in a short amount of time while maintaining the accuracy of results. Instead of executing several tools one after another it can provide similar results keeping dependencies small and simple. Available In Features FinalRecon provides detailed information such as : Header Information Whois SSL Certificate Information Crawler html CSS Javascripts Internal Links External Links Images robots sitemaps Links inside Javascripts Links from Wayback...
ArtifactCollector : Unlocking Digital Forensics – A Comprehensive Guide
The artifactcollector project provides a software that collects forensic artifacts on systems. These artifacts can be used in forensic investigations to understand attacker behavior on compromised computers. Features The artifactcollector offers the following features ️Runs on Windows, Linux and macOS Can extract files, directories, registry entries, command and WMI output Uses the configurable and extensible Forensics Artifacts Creates a forensicstore as structured output It's open source Free for everyone...
VolWeb – Empowering Digital Forensics With Advanced Memory Analysis Tools
VolWeb is a digital forensic memory analysis platform that leverages the power of the Volatility 3 framework. It is dedicated to aiding in investigations and incident responses. Objective The goal of VolWeb is to enhance the efficiency of memory collection and forensic analysis by providing a centralized, visual, and enhanced web application for incident responders and digital forensics investigators. Once an...
Awesome Prompt Injection – Understanding And Mitigating AI Model Vulnerabilities
'Awesome Prompt Injection' delves into the intricate world of machine learning vulnerabilities, spotlighting the cunning exploits known as prompt injections. Discover how malicious actors manipulate AI models, explore cutting-edge research, and arm yourself with tools to fortify against these stealthy attacks. Learn about a type of vulnerability that specifically targets machine learning models. Contents Introduction Articles and Blog posts Tutorials Research Papers Tools CTF Community Introduction Prompt injection is...
Awesome Security Card Games – Mastering Cybersecurity Through Play
Security card games help train your skills and enable discussions for various areas of security. Mastering Cybersecurity Through Play,' your essential guide to the innovative world of security card games. These games aren't just entertaining; they're powerful tools designed to sharpen your skills and foster critical discussions across various domains of security. From application security to threat modeling, we've...
Awesome Password Cracking : Unlocking The Code – A Comprehensive Guide To Tools And Techniques
In cryptanalysis and computer security, password cracking is the process of recovering passwords from data that has been stored in or transmitted by a computer system in scrambled form. A common approach (brute-force attack) is to repeatedly try guesses for the password and to check them against an available cryptographic hash of the password. This is a curated list of...