Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- https://gist.github.com/cure53/df34ea68c26441f3ae98f821ba1feb9c
- http://goo.gl/ZIOZqG (+)
- http://rol.im/asux/
- https://bitbucket.org/decalage/oletools
- https://goo.gl/fBEuSF (+)
- https://intothesymmetry.blogspot.co.uk/2016/05/holy-redirecturi-batman.html
- https://unlogic.co.uk/2016/04/12/binary-bomb-with-radare2-prelude/
- http://www.oreilly.com/webops-perf/free/files/docker-security.pdf
- http://goo.gl/QM0mZx (+)
- https://www.cs.tau.ac.il/~tromer/mobilesc/
- https://scumjr.github.io/2016/01/10/from-smm-to-userland-in-a-few-bytes/
- http://winternl.com/2016/05/02/hello-world/
- http://blog.frizn.fr/bkpctf-2016/qwn2own-bkpctf16
- https://eev.ee/blog/2016/04/12/apple-did-not-invent-emoji/
- http://www.backtrack-linux.org/backtrack/backtrack-0day-privilege-escalation/
- https://goo.gl/BVzfDH (+)
- http://mksben.l0.cm/2016/05/xssauditor-bypass-flash-basetag.html
- https://goo.gl/Hdo0Xt (+)
- http://www.shellntel.com/blog/2016/3/30/vpn-over-dns-1
- https://snyk.io/blog/marked-xss-vulnerability/
- http://goo.gl/ZRPrGm (+)
- https://www.notsosecure.com/crafting-way-json-web-tokens/
- https://steamdb.info/blog/breaking-steam-client-cryptography/
- https://nullsecure.org/building-your-own-passivedns-feed/
- https://goo.gl/2LrWzM (+)
- http://yurichev.com/blog/breaking_simple_exec_crypto/
- https://boris.in/blog/2016/the-bank-job/
- https://vagmour.eu/why-resolving-to-internal-ips-really-hurts/
- https://www.thanassis.space/arm.html
- http://gutomaia.net/pyNES/
- http://goo.gl/hEhxXH (+)
- https://derevenets.com/
- http://goo.gl/nctrWn (+)
- https://corner.squareup.com/2016/05/content-security-policy-single-page-app.html
- https://www.informationsecurity.ws/2016/01/pwning-windows-7-with-avg-av/
- https://goo.gl/t0Cc6s (+)
- https://dfir.it/blog/2015/08/12/webshell-every-time-the-same-purpose/
- http://www.contextis.com/resources/blog/push-hack-reverse-engineering-ip-camera/
- http://www.neutralizethreat.com/2016/02/lazagne-credential-recovery-binary-used.html
- http://phishme.com/powerpoint-and-custom-actions/
- https://seanmelia.files.wordpress.com/2016/02/yahoo-remote-code-execution-cms1.pdf
- https://learn.adafruit.com/hacking-the-kinect/overview
- http://ipv6excuses.com/
- http://blog.detectify.com/post/82370846588/how-we-got-read-access-on-googles-production-servers
- http://pwnrules.com/flickr-from-sql-injection-to-rce/
- http://nahamsec.com/2014/04/paypal-marketing-remote-code-execution/
- https://www.unix-ag.uni-kl.de/~conrad/krypto/pkcrack.html
- http://www.sec-down.com/wordpress/?p=373
- https://www.appsecconsulting.com/appsec-blog/searching-for-credit-card-track-data-in-memory/menu-id-193.html
- http://javascript.info/tutorial/clickjacking
- http://n0where.net/basic-integer-overflows/
- http://thehackerblog.com/crossdomain-xml-proof-of-concept-tool/
- http://www.ctnieves.com/blogpost.php?id=1
- http://phrack.org/papers/fall_of_groups.html
- https://gist.github.com/epixoip/10570627
- https://hackerone.com/reports/390
- https://esevece.github.io/2016/06/01/taking-over-heroku-accounts.html
- https://gist.github.com/HarmJ0y/3328d954607d71362e3c
- http://goo.gl/gOwiwL (+)
- http://blog.securelayer7.net/mongodb-security-injection-attacks-with-php
- http://cn33liz.blogspot.pt/2016/05/bypassing-amsi-using-powershell-5-dll.html
- http://en.wooyun.io/2016/02/29/44.html
- https://goo.gl/Y6aa6S (+)
- http://blog.cr4.sh/2016/02/exploiting-smm-callout-vulnerabilities.html
- http://drops.wooyun.org/papers/15430
- https://hackerone.com/reports/111192
- http://gursevkalra.blogspot.pt/2016/01/ysoserial-commonscollections1-exploit.html
- https://hackerone.com/reports/123660
- https://threatbutt.com/map/
- https://hackerone.com/reports/136169
- https://blog.zsec.uk/pwning-pornhub/
- https://goo.gl/tNemh7 (+)
- https://owtf.github.io/
- https://zneak.github.io/fcd/
- https://www.greyhathacker.net/?p=500
- http://www.powertheshell.com/powershell-obfuscator/
- http://halcyon-ide.org/
- https://security-base.com:8000/
- http://www.gironsec.com/blog/2016/06/backdooring-a-dll/
- https://goo.gl/u6fqEf (+)
- https://tyranidslair.blogspot.co.uk/2013/02/fun-with-java-serialization-and.html
- http://haxx.ml/post/140552592371/remote-code-execution-in-apache-jetspeed-230-and
- https://goo.gl/ojUIiP (+)
- https://goo.gl/WgmTsi (+)
- https://snyk.io/blog/sql-injection-orm-vulnerabilities/
- http://blog.kcnabin.com.np/find_my_iphone_can-be-failed/
- https://digitalfreedom.io/map/
- http://makthepla.net/blog/=/scornhub-bounty
- http://austingwalters.com/export-a-command-line-curl-command-to-an-executable/
- https://paraschetal.in/writing-your-own-shellcode/
- https://www.adamlogue.com/revisiting-xss-payloads-in-png-idat-chunks/
- http://blog.blindspotsecurity.com/2016/06/advisory-http-header-injection-in.html
- https://gist.github.com/sourceincite/985fd1476b7e1623cdbf7e22f3cc42e8
- http://goo.gl/HgflG6 (+)
- https://gist.github.com/rygorous/e0f055bfb74e3d5f0af20690759de5a7
- http://incolumitas.com/2016/06/08/typosquatting-package-managers/
- http://marcoramilli.blogspot.pt/2016/03/recovering-files-from-brand-new.html
- http://www.deependresearch.org/2016/04/jboss-exploits-view-from-victim.html
- http://www.debuginfo.com/articles/easywindbg.html
- http://oalmanna.blogspot.pt/2016/03/startssl-domain-validation.html
- http://www.0verl0ad.net/2016/03/bypassing-disablefunctions-y.html
- https://datavibe.net/~sneak/20141023/wtf-icloud/
- https://evertpot.com/PHP-Sucks/
- https://blog.benjojo.co.uk/post/ssh-port-fluxing-with-totp
- https://gist.github.com/graceavery/01ec404e555571a4a668c271c8f62e8b
- https://blog.kchung.co/reverse-engineering-hid-iclass-master-keys/
- https://goo.gl/mH93Rr (+)
- http://goo.gl/mmktjE (+)
- https://goo.gl/wrqfg0 (+)
- https://goo.gl/3eGtjK (+)
- https://ghostbin.com/paste/2w26u
- http://www.kahusecurity.com/2016/locky-js-and-url-revealer/
- https://hackerone.com/reports/128085
- https://olivierbeg.com/finding-xss-vulnerabilities-in-flash-files/
- https://www.sixdub.net/?p=591
- http://blog.jan-ahrens.eu/2014/03/22/threema-protocol-analysis.html
- https://goo.gl/oZrJor (+)
- https://www.nutmeginfosec.com/anatomy-of-a-javascript-downloader/
- https://mborgerson.com/hacking-the-blynclight
- https://goo.gl/umSem4 (+)
- https://goo.gl/j0Efzh (+)
- https://hackerone.com/reports/137229
- http://d3adend.org/blog/?p=722
- http://jerrygamblin.com/2016/05/31/kalibrowser/
- http://blog.knownsec.com/2016/06/php-5-4-34-unserialize-uaf-exploit/
- https://bitbucket.org/iwseclabs/gunpack/
- https://goo.gl/v8UgSQ (+)
- http://www.cosc.canterbury.ac.nz/research/reports/HonsReps/2015/hons_1504.pdf
- https://goo.gl/cr8pg6 (+)
- http://www.secalert.net/2013/12/13/ebay-remote-code-execution/
- http://netanelrub.in/2016/05/17/magento-unauthenticated-remote-code-execution/
- https://webtransparency.cs.princeton.edu/webcensus/index.html#
- http://jcjc-dev.com/2016/04/08/reversing-huawei-router-1-find-uart/
- http://goo.gl/2FEOPl (+)
- https://blog.cylance.com/compromising-an-entire-julia-cluster
- http://irq5.io/2016/06/22/designing-the-x-ctf-2016-badge/
- https://blog.benjojo.co.uk/post/cheap-hdmi-capture-for-linux
- https://luc10.github.io/onedrive-an-easter-egg-into-ms-library/
- http://blog.bentkowski.info/2016/07/xss-es-in-google-caja.html
- https://hackerone.com/reports/131450
- https://alexaltea.github.io/hasher/
- http://pentestmonkey.net/blog/ssh-with-no-tty
- https://modexp.wordpress.com/2016/06/04/winux/
- http://srcincite.io/advisories/src-2016-22/
- http://onready.me/old_horse_attacks.html
- https://gist.github.com/mattifestation/97ceccd93133c7a1d39a1661922fe545
- https://blogs.securiteam.com/index.php/archives/2701
- https://goo.gl/5iX4at (+)
- http://justhaifei1.blogspot.pt/2015/10/watch-your-downloads-risk-of-auto.html
- http://goo.gl/hrhPSo (+)
- http://infoseczone.net/mssql-union-based-injection-step-step/
- http://blog.gosecure.ca/2016/05/26/detecting-hidden-backdoors-in-php-opcache/
- https://blog.bugcrowd.com/discovering-subdomains
- http://marcoramilli.blogspot.pt/2016/05/process-hollowing.html
- https://auth0.com/blog/2016/05/31/cookies-vs-tokens-definitive-guide
- https://blog.filippo.io/securing-a-travel-iphone/
- http://blog.innerht.ml/rpo-gadgets/
- https://www.josipfranjkovic.com/blog/race-conditions-on-web
- http://jasminderpalsingh.info/single.php?p=87
- https://labs.mwrinfosecurity.com/tools/pivot-with-ping/
- https://hub.docker.com/r/jgamblin/tiny-tor/
- https://pastebin.com/raw/CC6UPcbZ
- http://pastebin.com/hVx08e6U
- https://danielgrzelak.com/backdooring-an-aws-account-da007d36f8f9
- http://goo.gl/s9tfxL (+)
- http://scottgriffy.com/blogs/rat-in-the-shellcode.html
- https://itsjack.cc/blog/2016/05/poor-mans-malware-hawkeye-keylogger-reborn/
- https://goo.gl/fFR7Gg (+)
- http://drops.wooyun.org/tips/16381
- https://www.pentestpartners.com/blog/hacking-the-mitsubishi-outlander-phev-hybrid-suv
- https://hackerone.com/reports/136531
- https://notehub.org/5zo2v
- http://haxx.ml/post/142844845111/hacking-mattermost-from-unauthenticated-to-system
- https://www.youtube.com/watch?v=jOyfZex7B3E
- https://www.anfractuosity.com/projects/cditter/
- https://abdullah-iq.blogspot.pt/2016/06/medium-full-account-takeover.html
- http://mksben.l0.cm/2016/07/xxn-caret.html
- https://www.josipfranjkovic.com/blog/hacking-facebook-csrf-device-login-flow
- https://gist.github.com/mattifestation/5d1565348d71b54ad02c44a5b94839f8
- http://goo.gl/HYUocq (+)
- http://goo.gl/CZ1Sii (+)
- http://www.shellntel.com/blog/2016/6/7/weaponizing-nessus
- https://habrahabr.ru/post/281374/
- https://goo.gl/OnyUTd (+)
- https://thusoy.com/2016/mitming-postgres
- https://chloe.re/2016/06/16/badonions/
- http://blog.gdssecurity.com/labs/2016/6/13/email-injection.html
- https://toschprod.wordpress.com/2012/01/31/mitm-4-arp-spoofing-exploit/
- https://0x41.no/mr-robot-s02e01-easter-egg/
- https://httpoxy.org/
- https://goo.gl/SSHshf (+)
- https://www.evonide.com/how-we-broke-php-hacked-pornhub-and-earned-20000-dollar/
- http://www.binsim.com/
- https://goo.gl/K7f9kF (+)
- http://www.andreybazhan.com/dbgkit.html
- http://www.halfdog.net/Security/2016/DebianEximSpoolLocalRoot/EximUpgrade.c
- https://subt0x10.blogspot.pt/2016/06/what-you-probably-didnt-know-about.html
- https://blog.zsec.uk/csv-dangers-mitigations/
- http://moyix.blogspot.pt/2016/07/fuzzing-with-afl-is-an-art.html
- http://home.arcor.de/skanthak/sentinel.html
- http://goo.gl/umnWPN (+)
- https://goo.gl/gqeJyL (+)
- http://xlab.tencent.com/en/2016/06/17/BadTunnel-A-New-Hope/
- https://en.blog.nic.cz/2016/06/13/dnssec-signing-with-knot-dns-and-yubikey/
- https://agrrrdog.blogspot.pt/2016/06/remote-detection-of-users-av-via-flash.html
- https://goo.gl/yVrOhP (+)
- https://alexgaynor.net/2016/mar/14/anatomy-of-a-crypto-vulnerability/
- http://bugbounty.fail/
- https://banmeihack.wordpress.com/2016/07/27/hacking-pokemon-into-candy-crush/
- http://akat1.pl/?id=2
- http://www.gattack.io/
- https://ericrafaloff.com/client-side-redis-attack-poc/
- https://gitlab.com/litm/redirect/tree/master
- https://goo.gl/78WtUr (+)
- https://shubs.io/high-frequency-security-bug-hunting-120-days-120-bugs/
- http://theori.io/research/jscript9_typed_array
- http://goo.gl/ThDhM8 (+)
- https://reverse.put.as/2016/06/25/apple-efi-firmware-passwords-and-the-scbo-myth/
- http://xlab.tencent.com/badbarcode/
- https://research.g0blin.co.uk/xss-and-wordpress-the-aftermath/
- https://bazad.github.io/2016/05/mac-os-x-use-after-free/
- http://blog.cr4.sh/2016/06/exploring-and-exploiting-lenovo.html
- https://suchakra.wordpress.com/2016/07/03/unravelling-code-injection-in-binaries/
- https://magoo.github.io/Blockchain-Graveyard/
- https://zwischenzugs.wordpress.com/2016/04/12/hitler-uses-docker-annotated/
- https://community.rapid7.com/community/metasploit/blog/2014/04/15/exploiting-csrf-without-javascript
- http://breaktoprotect.blogspot.in/2014/04/feedly-android-application-zero-day.html
- http://pyrasite.readthedocs.org/en/latest/CLI.html
- https://code.google.com/p/pdf-grapher/
- http://phrack.org/papers/revisiting-mac-os-x-kernel-rootkits.html
- http://www.mehmetince.net/codeigniter-object-injection-vulnerability-via-encryption-key/
- http://www.sodnpoo.com/posts.xml/spoofing_the_samsung_smart_tv_internet_check.xml
- http://www.debasish.in/2014/04/attacking-audio-recaptcha-using-googles.html
- http://2014.hackitoergosum.org/slides/
- https://www.youtube.com/watch?v=whEWE6WC1Ew
- http://annasagrera.com/on-ascii-youtube-and-letting-go/
- https://goo.gl/G3rxy2 (+)
- https://avicoder.me/2016/07/22/Twitter-Vine-Source-code-dump/
- https://bugs.chromium.org/p/project-zero/issues/detail?id=884
- https://labs.nettitude.com/tools/poshc2/
- https://benmmurphy.github.io/blog/2016/07/11/rails-webconsole-dns-rebinding/
- http://www.forceprojectx.com/services/apps/memory_dumper
- http://www.nyxbone.com/malware/odcodc.html
- https://deadcode.me/blog/2016/07/01/UPC-UBEE-EVW3226-WPA2-Reversing.html
- https://goo.gl/RwShjR (+)
- https://goo.gl/Cfzilu (+)
- https://goo.gl/VpRb9R (+)
- http://anee.me/reversing-an-elf/
- https://kjaer.io/extension-malware/
- https://premium.wpmudev.org/blog/xml-rpc-wordpress/
- http://theori.io/research/cve-2016-0189
- https://0x90909090.blogspot.pt/2016/07/analyzing-zip-with-wsf-file-inside.html
- https://smealum.github.io/3ds/
- http://goo.gl/9drpjq (+)
- https://introvertmac.wordpress.com/2016/07/30/hacking-google-for-fun-and-profit/
- http://www.martinvigo.com/steal-2999-99-minute-venmo-siri/
- https://warroom.securestate.com/bypassing-gmails-malicious-macro-signatures/
- https://hackerone.com/reports/131202
- https://www.npmjs.com/package/btlejuice
- http://www.contextis.com/resources/blog/attacks-https-malicious-pac-files/
- http://goo.gl/dh9UDb (+)
- https://www.sensepost.com/blog/2016/universal-serial-abuse/
- https://rol.im/securegoldenkeyboot/
- https://goo.gl/Tn22Hq (+)
- https://gist.github.com/cure53/521c12e249478c1c50914b3b41d8a750
- http://goo.gl/9z1NXK (+)
- https://gist.github.com/Kopachris/b8bb1de2cada4fdde88666e018167926
- https://gist.github.com/anonymous/e48209b03f1dd9625a992717e7b89c4f
- http://blog.deniable.org/blog/2016/08/09/cracking-orcus-rat/
- http://dnstun.com/
- https://www.cs.bham.ac.uk/~exr/lectures/opsys/10_11/lectures/os-dev.pdf
- https://artsploit.blogspot.pt/2016/08/pprce2.html
- https://medium.com/@nmalcolm/hacking-imgur-for-fun-and-profit-3b2ec30c9463#.ql8goaiky
- http://goo.gl/4pbewk (+)
- http://cryptoanarchic.me/wat.txt
- https://blog.silentsignal.eu/2016/08/25/bake-your-own-extrabacon/
- https://systemoverlord.com/2016/08/24/posting-json-with-an-html-form.html
- https://breakdev.org/how-i-hacked-an-android-app-to-get-free-beer/
- https://sysforensics.org/2016/08/jtaging-mobile-phones/
- https://blog.xyz.is/2016/webkit-360.html
- http://goo.gl/37GYKN (+)
- http://stackstatus.net/post/147710624694/outage-postmortem-july-20-2016
- http://carnal0wnage.attackresearch.com/2016/08/got-any-rces.html
- https://hshrzd.wordpress.com/2016/07/21/how-to-turn-a-dll-into-a-standalone-exe/
- http://co9.io/post/148716614744/defcon-24-badge-challenge
- https://hackerone.com/reports/156098
- http://www.paulosyibelo.com/2016/08/instagram-stored-oauth-xss.html
- https://httpsonly.blogspot.pt/2016/08/turning-self-xss-into-good-xss-v2.html
- https://c0nradsc0rner.wordpress.com/2016/07/06/cookie-shadow-path-injection/
- https://averagesecurityguy.github.io/2016/04/21/cracking-mongodb-passwords/
- http://legalhackers.com/advisories/vBulletin-SSRF-Vulnerability-Exploit.txt
- https://hackerone.com/reports/131210
- http://sh3ifu.com/Breaking-The-Great-Wall-Of-Web-Rafay-Baloch.pdf
- https://ret2libc.wordpress.com/2016/04/04/analysing-swf-files-for-vulnerabilities/
- http://goo.gl/rP8BTW (+)
- http://goo.gl/KlikSg (+)
- http://goo.gl/D91R2U (+)
- https://hackerone.com/reports/151058
- http://www.exploit-monday.com/2016/07/Win10IoTCore-Build14393-EoP.html
- https://chloe.re/2016/07/25/bypassing-paths-with-open-redirects-in-csp/
- http://pixelat.ion.land/
- http://bouk.co/blog/hacking-developers/
- https://room362.com/post/2016/snagging-creds-from-locked-machines/
- http://goo.gl/x6TVjl (+)
- http://goo.gl/pYL8eZ (+)
- https://gist.github.com/rvrsh3ll/cc93a0e05e4f7145c9eb
- https://sumofpwn.nl/advisory/2016/ajax_load_more_local_file_inclusion_vulnerability.html
- http://goo.gl/VaK5Ts (+)
- https://sektioneins.de/en/blog/16-09-02-pegasus-ios-kernel-vulnerability-explained.html
- http://blog.zorinaq.com/nginx-resolver-vulns/
- https://enigma0x3.net/2016/07/22/bypassing-uac-on-windows-10-using-disk-cleanup/
- https://sites.utexas.edu/iso/2016/07/21/using-nodejs-to-deobfuscate-malicious-javascript/
- http://www.keysniffer.net/
- https://osandamalith.com/2016/08/01/making-your-shellcode-undetectable-using-net/
- https://stratumsecurity.com/2010/04/26/owasp-2010-adding-it-all-up/
- http://goo.gl/AwXfpT (+)
- https://lcamtuf.blogspot.com/2016/08/css-mix-blend-mode-is-bad-for-keeping.html
- https://blog.fletchto99.com/2016/september/asus-disclosure/
- https://goo.gl/kjWNZv (+)
- https://blog.didierstevens.com/2016/08/12/mimikatz-golden-ticket-dcsync/
- https://gist.github.com/chtg/bac6459587dbb79190d0a4c235901f03
- https://gist.github.com/chtg/a2acf86d44315146e85b6f88f4d2b5eb
- https://honeybadger.readthedocs.io/en/latest/
- https://goo.gl/nj3zNK (+)
- https://www.vusec.net/projects/flip-feng-shui/
- https://goo.gl/m1JdoI (+)
- https://goo.gl/0C91rO (+)
- https://httpsonly.blogspot.pt/2016/08/cve-2016-0782-writeup.html
- https://goo.gl/JIOvxT (+)
- https://linux-audit.com/elf-binaries-on-linux-understanding-and-analysis/
- https://blog.exodusintel.com/2016/08/09/vxworks-execute-my-packets/
- http://ohshitgit.com/
- https://support.microsoft.com/en-us/kb/261186
- https://weblog.sh/
- https://sasi2103.blogspot.pt/2016/09/combination-of-techniques-lead-to-dom.html
- https://goo.gl/DjOEHf (+)
- http://www.blackhillsinfosec.com/?p=5230
- https://goo.gl/tnW7hD (+)
- https://nixaid.com/encrypted-chat-with-netcat/
- https://andreas-mausch.github.io/whatsapp-viewer/
- https://deadcode.me/blog/2016/09/02/Blind-Java-Deserialization-Commons-Gadgets.html
- https://goo.gl/ClLuZH (+)
- https://goo.gl/ENPsiI (+)
- http://blog.nickbloor.co.uk/2016/08/drupal-coder-module-unauthenticated.html
- https://goo.gl/Uqcs96 (+)
- https://hostoftroubles.com/
- https://tom.vg/2016/08/request-and-conquer/
- http://antirez.com/news/96
- https://access.redhat.com/blogs/766093/posts/2592591
- https://www.thijsbroenink.com/2016/09/xiaomis-analytics-app-reverse-engineered/
- https://44con.com/2016/09/19/getting-started-with-your-hidiot-badge/
- http://blog.k3170makan.com/2016/09/abusing-webvtt-and-cors-for-fun-and.html
- https://goo.gl/sGPM4p (+)
- https://back-flip.blogspot.pt/2016/08/steal-google-account-on-stolen-or.html
- https://gist.github.com/freddyb/29eedc12b3ae4b1a26d645ee90a5912d
- https://jaq.alibaba.com/community/art/show?articleid=532
- https://goo.gl/2tSUyp (+)
- https://www.optiv.com/blog/mssql-agent-jobs-for-command-execution
- http://lab.truel.it/flash-sandbox-bypass/
- https://goo.gl/P0cFa8 (+)
- https://sweet32.info/
- https://goo.gl/lVm81H (+)
- http://www.sjoerdlangkemper.nl/2016/08/29/kayako-xss/
- https://www.aidanwoods.com/blog/faulty-login-pages
- https://thel3l.me/blog/winprivesc/index.html
- http://tinysubversions.com/notes/ethical-ad-blocker/
- https://archive.org/details/softwarelibrary_msdos_games
- https://diracdeltas.github.io/blog/backdooring-js/
- https://5haked.blogspot.pt/2016/10/how-i-hacked-pornhub-for-fun-and-profit.html
- https://hackerone.com/reports/61312
- https://goo.gl/c2opyI (+)
- https://173210.github.io/psp2
- http://www.mbsd.jp/blog/20160921_2.html
- http://paper.seebug.org/58/
- https://goo.gl/Jt751V (+)
- https://goo.gl/t7rg3A (+)
- http://paper.seebug.org/42/
- http://mksben.l0.cm/2016/09/safari-uxss-showModalDialog.html
- https://hackerone.com/reports/158148
- https://www.jardinesoftware.net/2016/09/12/xxe-in-net-and-xpathdocument/
- https://goo.gl/UiIWfL (+)
- http://calebmadrigal.com/hackrf-replay-attack-jeep/
- https://goo.gl/pkPDb2 (+)
- https://blog.tarq.io/node-js-request-smuggling/
- http://blog.wesecureapp.com/xss-by-tossing-cookies/
- https://www.cgsec.co.uk/powershell-empire-cve-2016-0189-profit/
- https://hackerone.com/reports/53004
- https://goo.gl/ZQK5fU (+)
- https://goo.gl/63HPVG (+)
- https://goo.gl/ZxXu7l (+)
- http://rednaga.io/2016/09/21/reversing_go_binaries_like_a_pro/
- https://www.virtuesecurity.com/blog/jquery-security-model/
- http://blog.rewolf.pl/blog/?p=1630
- https://goo.gl/6KQMdJ (+)
- https://blog.nelhage.com/2011/03/exploiting-pickle/
- http://www.gwan.com/blog/20160405.html
- http://nedbatchelder.com//blog/201609/computing_primes_with_css.html
- http://blog.tjll.net/ssh-kung-fu/
- http://blog.gdssecurity.com/labs/2014/4/24/sql-injection-in-dynamically-constructed-images-and-other-sq.html
- http://tetraph.com/covert_redirect/oauth2_openid_covert_redirect.html
- http://thehelpfulhacker.net/2011/11/15/virtual-box-openbsd-router/
- https://www.netspi.com/blog/entryid/223/executing-msf-payloads-via-powershell-webshellery
- http://duartes.org/gustavo/blog/post/anatomy-of-a-program-in-memory/
- http://www.incapsula.com/blog/world-largest-site-xss-ddos-zombies.html
- http://cert.inteco.es/extfrontinteco/img/File/intecocert/EstudiosInformes/INT_Telegram_EN.pdf
- http://blog.emaze.net/2014/04/attack-campaign-targeting-struts2.html
- http://joxeankoret.com/blog/2014/05/02/a-vulnerability-that-wasnt/
- http://programmingexcuses.com/
- http://secalert.net/slack-security-bug-bounty.html
- https://sites.google.com/site/bughunteruniversity/best-reports/openredirectsthatmatter
- https://goo.gl/o6KYtc (+)
- https://goo.gl/nG92Fe (+)
- https://techanarchy.net/2016/10/extracting-lastpass-site-credentials-from-memory/
- http://lightbulbone.com/2016/10/04/intro-to-macos-kernel-debugging.html
- https://www.ixiacom.com/company/blog/equation-groups-firewall-exploit-chain
- https://goo.gl/oE7r5q (+)
- http://www.seg.inf.uc3m.es/~guillermo-suarez-tangil/papers/2016mal-iot.pdf
- https://archive.is/TpVVg
- https://goo.gl/oHV88F (+)
- https://desc0n0cid0.blogspot.pt/2016/09/stack-based-buffer-overflow.html
- http://www.ms509.com/?p=439
- https://goo.gl/1HSx1l (+)
- https://robinlinus.github.io/socialmedia-leak/
- https://robots.thoughtbot.com/is-your-site-leaking-password-reset-links
- https://henryhoggard.co.uk/blog/Paypal-2FA-Bypass
- https://sourceforge.net/projects/rcexploiter/
- https://www.leavesongs.com/HTML/chrome-xss-auditor-bypass-collection.html
- http://x42.obscurechannel.com/?p=310
- https://regala.im/2016/10/05/fixing-burp-ssl-handshake-failed-alert/
- https://goo.gl/yzBzCN (+)
- http://dirtycow.ninja/
- https://www.vusec.net/projects/drammer/
- https://hackerone.com/reports/150179
- http://paper.seebug.org/91/
- https://www.thanassis.space/android.html
- https://www.pietroalbini.org/blog/gandi-security-vulnerability-2fa-bypass/
- http://www.miasm.re/blog/2016/09/03/zeusvm_analysis.html#first-stages
- https://zone13.io/post/Snagging-credentials-over-WiFi-Part1/
- https://goo.gl/XczEiJ (+)
- http://www.gifcities.org/#/
- https://shubs.io/guide-to-building-the-tastic-rfid-thief/
- https://codepo8.github.io/logo-o-matic/
- http://www.blackhillsinfosec.com/?p=5396
- https://hackerone.com/reports/178152
- http://blog.x1622.com/2016/01/poc-how-to-steal-httponly-session.html
- https://gist.github.com/anonymous/908a087b95035d9fc9ca46cef4984e97
- https://osandamalith.com/2016/10/10/fun-with-sqlite-load_extension/
- https://bitquark.co.uk/blog/2016/10/03/exfiltrating_files_with_busybox
- http://bloggerbust.ca/2016/10/26/browsersmack-a-browser-stack-proxy-vulnerability/
- https://goo.gl/4JiEfd (+)
- https://goo.gl/LFF2Qa (+)
- https://goo.gl/czhcHM (+)
- http://www.alexkyte.me/2016/10/how-textsecure-protocol-signal-whatsapp.html
- https://vah13.github.io/AVDetection/
- http://blog.senr.io/blog/jtag-explained
- https://rudk.ws/2016/10/17/reverse-engineering-by-using-chrome/
- https://goo.gl/Z7Aly4 (+)
- https://devwerks.net/blog/16/how-not-to-use-html-purifier/
- https://goo.gl/D8jxL8 (+)
- https://www.cs.umd.edu/hcil/members/bshneiderman/nsd/rejection_letter.html
- http://www.blacknurse.dk/
- http://blog.andrewlang.net/post/152805939304/tumblr-xss-exploit
- http://blog.securityfuse.com/2016/11/gmail-account-hijacking-vulnerability.html
- http://secalert.net/#CVE-2016-4977
- https://www.netzob.org/
- https://slashcrypto.org/2016/11/07/Netflix/
- https://goo.gl/CXHtg5 (+)
- https://hosakacorp.net/p/systemd-user.html
- https://goo.gl/KAEZe6 (+)
- https://goo.gl/rcf3ao (+)
- https://zuh4n.blogspot.co.uk/2016/10/adobe-importance-of-up-to-date.html
- https://cyseclabs.com/blog/cve-2016-6187-heap-off-by-one-exploit
- http://www.fuzzysecurity.com/tutorials/27.html
- http://b.fl7.de/2016/08/d-link-nas-dns-xss-via-smb.html
- https://www.invincealabs.com/blog/2016/11/wemo-hardware-bypass/
- http://websdr.ewi.utwente.nl:8901/?tune=7030usb
- http://386bsd.org/
- https://hackerone.com/reports/180074
- https://gist.github.com/x-42/3d822d85e6b547e7018c919c6d657e8e
- https://kimiyuki.net/blog/2016/09/16/one-gadget-rce-ubuntu-1604/
- https://sourceforge.net/projects/vbscan/
- https://gallery.technet.microsoft.com/Net-Cease-Blocking-Net-1e8dcb5b
- https://www.poweradmin.com/paexec/
- http://hmarco.org/bugs/CVE-2016-4484/CVE-2016-4484_cryptsetup_initrd_shell.html
- http://d3adend.org/blog/?p=851
- https://goo.gl/eWXUvR (+)
- https://sethsec.blogspot.pt/2016/11/exploiting-python-code-injection-in-web.html
- https://goo.gl/lR1WeY (+)
- https://woumn.wordpress.com/2016/09/24/smashing-the-stack-into-a-reverse-shell/
- http://www.ioactive.com/Arnaboldi-XML-Schema-Vulnerabilities.pdf
- http://www.davidlitchfield.com/BypassingXSSFiltersusingXMLInternalEntities.pdf
- https://goo.gl/gme14H (+)
- http://zseano.com/tut/4.html
- https://sidbala.com/h-264-is-magic/
- https://yifan.lu/2016/11/01/taihen-cfw-framework-for-ps-vita/
- https://cure53.de/pentest-report_curl.pdf
- https://medium.com/@joewalnes/tail-f-to-the-web-browser-b933d9056cc#.4rnmefbo1
- https://averagesecurityguy.github.io/2016/10/21/recon-ng-dorks-burp/
- https://www.netresec.com/?page=findject
- https://slack.engineering/syscall-auditing-at-scale-e6a3ca8ac1b8#.hlfdfpeiv
- https://www.utkusen.com/blog/sending-valid-phishing-emails-from-microsoftcom.html
- https://goo.gl/ssq3Oo (+)
- http://blog.0x3a.com/post/153468210759/monitoring-dns-inside-the-tor-network
- https://goo.gl/0wvoBX (+)
- http://ropgadget.com/posts/pebwalk.html
- https://arno0x0x.wordpress.com/2015/11/27/hacking-voip/
- https://pierrekim.github.io/blog/2016-11-01-gpon-ftth-networks-insecurity.html
- https://www.n00py.io/2016/10/using-email-for-persistence-on-os-x/
- http://graffiti.gaurs.io/
- http://jerrygamblin.com/2016/11/12/automated-burp-suite-scanning-and-reporting-to-slack/
- http://www.glamenv-septzen.net/en/view/6
- https://hackerone.com/reports/182358
- http://blog.intothesymmetry.com/2016/11/all-your-paypal-tokens-belong-to-me.html
- http://ianduffy.ie/blog/2016/11/26/azure-bug-bounty-pwning-red-hat-enterprise-linux/
- http://legalhackers.com/exploits/tomcat-rootprivesc-deb.sh
- https://gist.github.com/subTee/c51ea995dfaf919fd4bd36b3f7252486
- http://paper.seebug.org/95/
- http://research.aurainfosec.io/bypassing-saml20-SSO/
- https://goo.gl/bCn3yk (+)
- https://www.contrastsecurity.com/security-influencers/dom-xss-in-wix.com
- https://g-laurent.blogspot.pt/2016/11/ms16-137-lsass-remote-memory-corruption.html
- https://goo.gl/HskhRe (+)
- https://eprint.iacr.org/2016/1013.pdf
- http://labs.lastline.com/evasive-jscript
- https://deadcode.me/blog/2016/11/05/Active-Deauth-Kismet-Wardriving.html
- https://gist.github.com/kennwhite/1f3bc4d889b02b35d8aa
- https://natmchugh.blogspot.pt/2014/10/how-i-created-two-images-with-same-md5.html
- https://goo.gl/QAtMIt (+)
- https://insert-script.blogspot.pt/2016/12/firefox-svg-cross-domain-cookie.html
- https://goo.gl/jX2CTk (+)
- https://sintonen.fi/advisories/tar-extract-pathname-bypass.proper.txt
- https://objective-see.com/blog/blog_0x14.html
- http://www.adlice.com/google-chrome-secure-preferences/
- http://colin.keigher.ca/2016/12/going-viral-on-imgur-with-powershell.html
- https://mambrui.github.io/2016/11/rooting-vm
- https://blog.paranoidsoftware.com/dirty-cow-cve-2016-5195-docker-container-escape/
- https://goo.gl/yCPYpL (+)
- https://dougallj.wordpress.com/2016/11/13/exploiting-dolphin-part-1/
- https://blog.ripstech.com/2016/roundcube-command-execution-via-email/
- https://goo.gl/eIfu9b (+)
- https://blog.zimperium.com/analysis-of-multiple-vulnerabilities-in-airdroid/
- https://peteris.rocks/blog/htop/
- https://laurent22.github.io/so-injections/
- https://urlscan.io
- https://klikki.fi/adv/yahoo2.html
- https://vulnsec.com/2016/netgear-router-rce/
- https://humblesec.wordpress.com/2016/12/08/escaping-a-restricted-shell/
- https://goo.gl/MLt1p7 (+)
- https://goo.gl/xvrb0T (+)
- https://gist.github.com/dergachev/7916152
- https://jolmos.blogspot.pt/2016/11/rtldecompresbuffer-vulnerability.html
- https://goo.gl/CKQPZv (+)
- https://blog.lizzie.io/notes-about-cve-2016-7117.html
- https://goo.gl/3BHsWQ (+)
- http://www.ateijelo.com/blog/2016/09/13/making-an-msx-font
- https://labs.detectify.com/2016/12/15/postmessage-xss-on-a-million-sites/
- https://goo.gl/ULx7Ud (+)
- https://donncha.is/2016/12/compromising-ubuntu-desktop/
- https://goo.gl/CTp8We (+)
- https://goo.gl/fb63MI (+)
- https://nebelwelt.net/publications/files/16STM.pdf
- https://goo.gl/zllfk3 (+)
- http://blog.skylined.nl/20161206001.html
- https://hub.zhovner.com/geek/how-skype-fixes-security-vulnerabilities/
- https://c0rni3sm.blogspot.pt/2016/12/fiat-chrysler-automobiles-bug-bounty.html
- http://rednaga.io/2016/11/14/hackingteam_back_for_your_androids/
- http://www.sec-down.com/wordpress/?p=696
- https://goo.gl/xxEiWP (+)
- https://goo.gl/aZSbLk (+)
- https://www.pelock.com/articles/how-to-write-a-crackme-for-a-ctf-competition
- https://www.unforgettable.dk/
- http://penturalabs.wordpress.com/2014/05/04/reverse-dom-xss/
- http://www.websecresearch.com/2014/05/a-way-to-bypass-authentication.html
- http://blog.flowdock.com/2014/05/07/how-we-found-a-directory-traversal-vulnerability-in-rails-routes/
- http://makthepla.net/blog/=/plesk-sso-xxe-xss
- https://code.google.com/p/wfuzz/
- http://www.frida.re/
- https://code.google.com/p/volafox/
- http://blog.mrg-effitas.com/publishing-of-mrg-effitas-automatic-xor-decryptor-tool/
- http://www.blisstonia.com/software/Decrypto/
- http://www.thespanner.co.uk/2014/05/06/mxss/
- http://www.nirgoldshlager.com/2013/02/how-i-hacked-facebook-oauth-to-get-full.html
- http://car-online.fr/files/publications/2014-03-CODASPY/kameleonfuzz-evolutionary_blackbox_XSS_fuzzing-duchene-codaspy_2014-paper.pdf
- http://thehackpot.blogspot.ie/2014/04/android-hacking-using-armitage.html
- http://rce4fun.blogspot.pt/2014/05/windows-heap-overflow-exploitation.html
- http://pastebin.com/raw.php?i=gjkivAf3
- https://gist.github.com/quchen/5280339
- https://randywestergren.com/persistent-xss-verizons-webmail-client/
- https://chloe.re/2016/12/04/dealing-with-user-uploaded-files/
- http://tayyabqadir.com/2016/12/17/paypal-2fa-bypass-by-tayyab-qadir/
- https://gitlab.com/e271/usblogger/tree/master
- https://hackerone.com/reports/142549
- https://goo.gl/fsiEqm (+)
- https://d0hnuts.com/2016/12/21/basics-of-making-a-rootkit-from-syscall-to-hook/
- https://goo.gl/uMEzce (+)
- https://goo.gl/SFAHof (+)
- https://goo.gl/Vh6ufm (+)
- http://blogs.360.cn/360safe/2016/11/29/three-roads-lead-to-rome-2/
- http://0xthem.blogspot.pt/2015/03/hijacking-ssh-to-inject-port-forwards.html
- https://dhavalkapil.com/blogs/SQL-Attack-Constraint-Based/
- https://goo.gl/nzmNqK (+)
- https://www.robertputt.co.uk/2016/11/28/learn-from-your-attackers-ssh-honeypot/
- http://docker-saigon.github.io/post/Docker-Internals/
- https://goo.gl/NE7btw (+)
- https://gist.github.com/subTee/c34d0499e232c1501ff9f0a8dd302cbd
- http://security.szurek.pl/e107-cms-211-privilege-escalation.html
- http://hacksys.vfreaks.com/research/shellcode-of-death.html
- http://lucumr.pocoo.org/2016/12/29/careful-with-str-format/
- http://asintsov.blogspot.pt/2016/12/bypassing-exploit-protection-of-norton.html
- https://goo.gl/f5qb4m (+)
- https://goo.gl/eLAj3P (+)
- https://www.swordshield.com/2016/10/multi-tool-multi-user-http-proxy/
- https://bugs.chromium.org/p/project-zero/issues/detail?id=978
- http://www.peter.hartmann.tk/single-post/2016/11/29/Fuzzing-Qt-with-libFuzzer
- https://haveyousecured.blogspot.pt/2016/12/attempting-to-detect-responder-with.html
- https://subt0x10.blogspot.pt/2016/12/mimikatz-delivery-via-clickonce-with.html
- https://threejs.org
- http://blog.orange.tw/2017/01/bug-bounty-github-enterprise-sql-injection.html
- http://sebastian-lekies.de/csp/bypasses.php
- https://goo.gl/Qz8NV1 (+)
- https://goo.gl/7diAiw (+)
- https://lowleveldesign.wordpress.com/2016/11/30/decrypting-asp-net-4-5/
- http://www.hemanthjoseph.com/2016/11/how-i-bypassed-apples-most-secure-find.html
- https://siguza.github.io/cl0ver/
- https://hackmag.com/security/ad-forest/
- http://www.netmux.com/blog/cracking-12-character-above-passwords
- http://ramtin-amin.fr/#nvmedma
- https://goo.gl/PVbpJs (+)
- https://hackerone.com/reports/5534
- https://www.foo.be/2016/12/OpenPGP-really-works
- http://chris.beams.io/posts/git-commit/
- https://finnwea.com/blog/stealing-passwords-from-mcdonalds-users
- http://insert-script.blogspot.pt/2016/10/pdf-how-to-steal-pdfs-by-injecting.html
- http://4lemon.ru/2017-01-17_facebook_imagetragick_remote_code_execution.html
- https://goo.gl/MdCd6S (+)
- http://techlog360.com/all-windows-cmd-commands/
- http://blog.win-fu.com/2016/11/every-windows-10-in-place-upgrade-is.html
- https://digi.ninja/blog/rdp_show_login_page.php
- https://gitlab.com/micaksica/CVE-2016-1000304
- http://dumpco.re/cve-2016-7434/
- https://goo.gl/U57NCx (+)
- https://goo.gl/ZA2NUG (+)
- http://blog.amossys.fr/intro-to-use-after-free-detection.html
- https://goo.gl/abZVVL (+)
- https://insinuator.net/2016/12/analyzing-yet-another-smart-home-device/
- https://www.curesec.com/blog/article/blog/Tap-039n039-Sniff-185.html
- https://www.dsinternals.com/en/impersonating-office-365-users-mimikatz/
- https://goo.gl/YXYM3N (+)
- https://hackerone.com/reports/187134
- http://yolocaust.de/
- https://gist.github.com/marcan/a2eafd605d3d6ac76eb10a7c64f736c3
- https://goo.gl/90LFIj (+)
- https://goo.gl/KuuOMq (+)
- https://httpsonly.blogspot.pt/2017/01/0day-writeup-xxe-in-ubercom.html
- https://pentest.blog/windows-privilege-escalation-methods-for-pentesters/
- https://gist.github.com/anonymous/f0b9a85e25ea097f810b4d79e9e005a5
- https://gist.github.com/chtg/4849e0c2cfc1f08eb6532f347594c66c
- https://gist.github.com/Wack0/a3435cafa5eb372b190f971190a506b8
- http://andresriancho.github.io/nimbostratus/
- https://yurichev.com/writings/toy_decompiler.pdf
- https://woumn.wordpress.com/2016/12/07/rop-heap-spray-for-a-reverse-shell-in-ie8/
- http://sten0.ghost.io/2016/10/13/abusing-dorking-and-robots-txt/
- https://nation.state.actor/mcafee.html
- https://boredhackerblog.blogspot.pt/2016/02/how-we-broke-into-your-house.html
- https://pentest.blog/data-ex-filtration-with-dns-in-sqli-attacks/
- https://securitycafe.ro/2017/01/18/practical-jsonp-injection/
- https://0x00sec.org/t/remote-exploit-shellcode-without-sockets/1440
- http://blog.tihmstar.net/2017/01/how-to-downgrade-without-jailbreak.html
- https://goo.gl/eUDIqC (+)
- http://astronaut.io/
- https://goo.gl/N9Ia4k (+)
- https://s1gnalcha0s.github.io/epub/2017/01/25/This-book-reads-you.html
- http://phrack.org/papers/cyber_grand_shellphish.html
- https://hackerone.com/reports/166942
- https://doxmyipwindowstool.codeplex.com/
- https://phpinfo.me/2016/07/07/1275.html
- http://security.szurek.pl/winpower-v4904-privilege-escalation.html
- https://web-in-security.blogspot.pt/2017/01/printer-security.html
- https://raz0r.name/articles/universal-isomorphic-web-applications-security/
- https://goo.gl/9LGkzY (+)
- https://lukasa.co.uk/2016/12/Debugging_Your_Operating_System/
- http://blog.thinkst.com/p/canarytokensorg-quick-free-detection.html
- https://goo.gl/qFFdEI (+)
- https://goo.gl/wrJFoL (+)
- http://blog.volema.com/nginx-insecurities.html#.WFMh_WGLSV5
- http://blog.frizk.net/2016/12/filevault-password-retrieval.html
- http://incept10n.com/
- https://www.expeditedssl.com/aws-in-plain-english
- https://cmdchallenge.com/
- https://goo.gl/9zv6U7 (+)
- http://sirdarckcat.blogspot.pt/2017/02/unpatched-0day-jquery-mobile-xss.html
- https://goo.gl/fuAQaC (+)
- https://sensepost.com/blog/2016/intercepting-passwords-with-empire-and-winning/
- https://zerosum0x0.blogspot.pt/2016/05/xml-attack-for-c-remote-code-execution.html
- https://goo.gl/8eHB5Y (+)
- https://goo.gl/ssYMu2 (+)
- https://goo.gl/CYvxms (+)
- https://goo.gl/KqHGkN (+)
- https://filippo.io/Ticketbleed/
- https://hackerone.com/reports/172562
- https://techblog.mediaservice.net/2016/10/exploiting-ognl-injection/
- https://osandamalith.com/2017/02/03/mysql-out-of-band-hacking/
- https://securityresear.ch/2017/02/08/oneplus3-bootloader-vulns/
- https://blog.appcanary.com/2017/http-security-headers.html
- http://theori.io/research/chakra-jit-cfg-bypass
- https://xuset.github.io/planktos/
- http://deadpool.sh/2017/RCE-Springs/
- https://www.brokenbrowser.com/uxss-ie-htmlfile/
- https://goo.gl/nlojkc (+)
- https://goo.gl/R9gdqX (+)
- http://blog.inspired-sec.com/archive/2017/02/14/Mail-Server-Setup.html
- https://goo.gl/vOXIvA (+)
- https://goo.gl/ywuBjX (+)
- https://what.pwned.me/index.php/2017/01/23/axis-206-pwned/
- http://exfil.co/2017/01/17/wiegotcha-rfid-thief/
- https://www.x41-dsec.de/lab/advisories/x41-2016-signal/
- https://www.tazj.in/en/1486830338
- https://goo.gl/X7rYaC (+)
- http://blog.ioactive.com/2016/12/in-flight-hacking-system.html
- https://www.foo.be/2017/01/Squashfs_As_A_Forensic_Container
- http://pwnanisec.blogspot.pt/2017/02/use-after-free-in-google-hangouts.html
- https://vulnsec.com/2017/reverse-engineering-a-book-cover/
- https://gist.github.com/danielfaust/998441
- https://goo.gl/lUkrm7 (+)
- https://shattered.it/
- https://dhavalkapil.com/blogs/Attacking-the-OAuth-Protocol/
- https://thesbros.github.io/2017/02/16/geforce-experience-vulnerability.html
- https://goo.gl/Les62U (+)
- https://nlnetlabs.nl/projects/dnssec-trigger/
- http://newandroidbook.com/tools/jtrace.html
- http://bernardodamele.blogspot.pt/2011/09/reverse-shells-one-liners.html
- http://security-assessment.com/files/documents/advisory/SplunkAdvisory.pdf
- https://ruimarinho.gitbooks.io/yubikey-handbook/content/
- https://goo.gl/hE1V1S (+)
- https://www.stevencampbell.info/2017/02/configure-pentest-dropbox-dns-tunneling/
- https://shiftordie.de/blog/2017/02/18/smtp-over-xxe/
- http://blog.blindspotsecurity.com/2017/02/advisory-javapython-ftp-injections.html
- https://goo.gl/WW01xo (+)
- http://www.cs.vu.nl/~herbertb/download/papers/anc_ndss17.pdf
- https://security.tencent.com/index.php/blog/msg/110
- https://goo.gl/TBPei2 (+)
- https://goo.gl/R3ehjE (+)
- https://lamehackersguide.blogspot.pt/2017/02/weaponizing-postscript.html
- https://goo.gl/3V9m3m (+)
- http://omergil.blogspot.pt/2017/02/web-cache-deception-attack.html
- https://www.zyantific.com/blog/bypassing-telekom-fon-hotspot-authentication/
- https://www.xorrior.com/Empire-Domain-Fronting/
- http://leucosite.com/FireFox-RCE/
- https://goo.gl/9Z2HmN (+)
- https://akondrat.blogspot.pt/2016/12/pivoting-kerberos-golden-tickets-in.html
- https://blog.xyz.is/2016/vita-netps-ioctl.html
- https://goo.gl/YjcDMC (+)
- https://mijailovic.net/2017/01/22/removing-edge-magazine-drm/
- https://mo.github.io/2017/02/20/cross-origin-resource-sharing.html
- https://improsec.com/blog//windows-kernel-shellcode-on-windows-10-part-1
- https://goo.gl/3pCejL (+)
- http://timeofcheck.com/time-based-blind-sqli-on-news-starbucks-com/
- https://goo.gl/aFfO6E (+)
- https://sagi.io/2016/09/cve-2016-3873-arbitrary-kernel-write-in-nexus-9/
- https://team-sik.org/trent_portfolio/password-manager-apps/
- https://www.secureworks.com/blog/attacking-windows-smb-zero-day-vulnerability
- http://pc.textmod.es/
- http://www.oauthsecurity.com/
- http://www.securatary.com/Portals/0/Vulnerabilities/PayPal/Paypal%20Manager%20Account%20Hijack.pdf
- http://bouk.co/blog/elasticsearch-rce/
- http://holloway.co.nz/steg/
- https://blog.curesec.com/article/blog/32.html
- http://xip.io/
- http://www.securityaegis.com/the-big-fat-metasploit-post/
- http://samsclass.info/124/proj14/p6x-NTP-DrDOS.htm
- http://www.aldeid.com/wiki/Fiddler#Example:_Decrypting_malware_HTTPS_traffic
- http://blog.ioactive.com/2014/05/glass-reflections-in-pictures-osint.html
- http://www.jakoblell.com/blog/2014/05/07/hacking-contest-rootkit/
- http://blog.ptsecurity.com/2014/05/obtaining-passwords-from-cisco-wireless.html
- https://www.adafruit.com/blog/2014/04/04/new-product-cupcade-the-raspberry-pi-powered-micro-arcade-cabinet-kit-beta/
- https://www.alchemistowl.org/pocorgtfo/spoiler03.html
- https://klikki.fi/adv/bttv.html
- https://goo.gl/0GUXQJ (+)
- https://goo.gl/7yUj5d (+)
- https://goo.gl/YrxqHQ (+)
- https://www.redteam-pentesting.de/advisories/rt-sa-2016-001.txt
- https://www.exploitee.rs/index.php/Western_Digital_MyCloud
- https://www.myhackerhouse.com/naenara-browser-3-5-exploit-jackrabbit/
- https://squeal.net/bypassing-twitter-account-protection/
- https://alephsecurity.com/2017/03/08/nexus9-fiq-debugger/
- https://pierrekim.github.io/blog/2017-03-08-camera-goahead-0day.html
- https://pages.nist.gov/mobile-threat-catalogue/
- https://goo.gl/iVOK1o (+)
- https://goo.gl/1Iml0J (+)
- https://goo.gl/6t10EZ (+)
- https://rftap.github.io/blog/2016/09/01/rftap-wifi.html
- https://www.toshellandback.com/2017/02/11/psexec/
- http://jamesbvaughan.com/python-twilio-scraping/
- https://goo.gl/ObQkkZ (+)
- https://thehftguy.com/2017/02/23/docker-in-production-an-update/
- https://goo.gl/wJH2GY (+)
- https://goo.gl/3mVdcz (+)
- https://goo.gl/96ZeIk (+)
- https://blog.sourceclear.com/rails_admin-vulnerability-disclosure/
- http://pentestdan.com/rop-primer-level-0-explained/
- https://goo.gl/7t86Kw (+)
- http://www.economyofmechanism.com/github-saml.html
- https://securitycafe.ro/2017/02/28/time-based-data-exfiltration/
- https://goo.gl/YVYxD4 (+)
- https://bierbaumer.net/security/asuswrt/
- https://bo0om.ru/telegram-love-phdays-en
- https://vez.mrsk.me/freebsd-defaults.txt
- https://goo.gl/XqLInP (+)
- http://www.redblue.team/2017/02/abusing-google-app-scripting-through.html
- http://jackson.thuraisamy.me/oracle-opera.html
- https://yurichev.com/blog/minesweeper/
- https://rsync.samba.org/how-rsync-works.html
- https://goo.gl/r9a3MX (+)
- https://goo.gl/n3QisR (+)
- http://netanelrub.in/2017/03/20/moodle-remote-code-execution/
- https://gist.github.com/subTee/3610a16a54bcbc1fe0ebc46313f5c02e
- http://www.hackwhackandsmack.com/?p=1021
- https://biterrant.io/
- http://www.fuzzysecurity.com/tutorials/28.html
- https://goo.gl/RrCmN1 (+)
- http://blog.inspired-sec.com/archive/2017/03/17/COM-Moniker-Privesc.html
- https://goo.gl/ZEw1eh (+)
- https://goo.gl/GB5Hd7 (+)
- https://www.hurricanelabs.com/blog/new-xssi-vector-untold-merits-of-nosniff
- https://openai.com/blog/adversarial-example-research/
- https://blogs.securiteam.com/index.php/archives/3052
- http://hwreblog.com/projects/arduino_nand_reader.html
- https://goo.gl/gNY8Dv (+)
- https://stephensclafani.com/2017/03/21/stealing-messenger-com-login-nonces/
- https://artkond.com/2017/03/23/pivoting-guide/
- https://goo.gl/5Zq7Hw (+)
- https://goo.gl/n4fhc3 (+)
- https://saelo.github.io/posts/firefox-script-loader-overflow.html
- http://bugkraut.de/posts/tainting
- https://www.ibrahim-elsayed.com/?p=150
- https://blog.silentsignal.eu/2017/02/17/not-so-unique-snowflakes/
- https://goo.gl/Ysh7W7 (+)
- https://goo.gl/nOQ2iQ (+)
- https://www.invincea.com/2017/03/powershell-exploit-analyzed-line-by-line/
- http://bugkraut.de/posts/bounty-txt
- https://alephsecurity.com/2017/03/26/oneplus3t-adb-charger/
- https://www.dancounsell.com/building-a-hackintosh-pro/
- http://cybersquirrel1.com/#
- https://goo.gl/MT32ED (+)
- https://bugs.chromium.org/p/project-zero/issues/detail?id=1225
- http://hexinject.sourceforge.net/
- https://gist.github.com/joernchen/f28ec01de20b22bbbee1622a41deb601
- https://goo.gl/pIKwVU (+)
- https://unmitigatedrisk.com/?p=570
- https://razygon.github.io/2016/09/23/iOS-kernel-heap-review-5-10/
- https://cobbr.io/ObfuscatedEmpire.html
- https://goo.gl/D6mU2f (+) | https://goo.gl/eHsPc1 (+)
- https://goo.gl/xcQhzl (+)
- https://capacitorset.github.io/mathjs/
- https://www.aptive.co.uk/blog/unrestricted-file-upload-testing/
- https://bamboofox.github.io/2017/03/20/Synology-Bug-Bounty-2016/
- http://offsecbyautomation.com/Automating-Web-Content-Discovery/
- https://codewhitesec.blogspot.pt/2017/04/amf.html
- https://mastodon.social/
- https://calebfenton.github.io/2017/04/05/creating_java_vm_from_android_native_code/
- https://www.notsosecure.com/anatomy-hack-sqli-via-crypto/
- http://blog.intothesymmetry.com/2017/04/csrf-in-facebookdropbox-mallory-added.html
- https://gist.github.com/anonymous/5fd967b3fe5d9201e0ec7a1d35c03a19
- https://cedricvb.be/post/tracing-api-calls-in-burp-with-frida/
- https://www.uperesia.com/booby-trapped-shortcut-generator
- https://goo.gl/JA65ce (+)
- https://www.vgrsec.com/post20170402.html
- https://goo.gl/xQ8tdz (+)
- http://struct.github.io/oilpan_metadata.html
- https://blogs.securiteam.com/index.php/archives/3107
- https://a13xp0p0v.github.io/2017/03/24/CVE-2017-2636.html
- https://goo.gl/GnSddg (+)
- https://artkond.com/2017/04/10/cisco-catalyst-remote-code-execution/
- https://goo.gl/ObZ5eL (+)
- https://goo.gl/buPacq (+)
- https://www.brokenbrowser.com/sop-bypass-abusing-read-protocol/
- https://goo.gl/TvYytI (+)
- https://goo.gl/vi9oqr (+)
- http://threatexpress.com/2016/12/slack-notifications-for-cobalt-strike/
- https://goo.gl/EfyJxm (+)
- https://securedorg.github.io/RE101/
- http://www.threathunting.net/
- https://martinfowler.com/articles/session-secret.html
- https://securitybytes.io/sudont-escape-so-easily-ce8801bf9a4b#.a941nrlj4
- https://www.n0tr00t.com/2016/12/30/jsm-Bypass-via-CreateClassLoader.html
- https://statuscode.ch/2016/01/subtle-vulnerabilties-with-php-and-curl/
- http://eryanbot.com/jtp/2012/06/30/game-hacking-utilizing-code-caves/
- https://goo.gl/j0UImT (+)
- https://goo.gl/Vfkqdm (+)
- http://blog.svenbrauch.de/2017/02/19/homemade-10-mbits-laser-optical-ethernet-transceiver/
- https://goo.gl/SXXey1 (+)
- https://hackerone.com/reports/220494
- https://scotthelme.co.uk/nomx-the-worlds-most-secure-communications-protocol
- http://offsecbyautomation.com/Open-Redirection-Bobrov/
- https://jaq.alibaba.com/community/art/show?articleid=781
- https://blogs.securiteam.com/index.php/archives/2928
- https://www.ambionics.io/blog/drupal-services-module-rce
- https://goo.gl/E2rgJ6 (+)
- https://blog.cugu.eu/post/apfs/
- https://goo.gl/QG0FPF (+)
- https://www.scip.ch/en/?labs.20170105
- http://blog.opensecurityresearch.com/2013/01/windows-dll-injection-basics.html
- https://textslashplain.com/2017/01/14/the-line-of-death/
- https://goo.gl/NMtcp2 (+)
- https://goo.gl/AbEKml (+)
- https://www.youtube.com/watch?v=uNjxe8ShM-8
- http://xproger.info/projects/OpenLara/
- https://www.ssh.com/ssh/port
- http://www.paulosyibelo.com/2017/05/twitter-xss-csp-bypass.html
- https://hackerone.com/reports/212696
- https://goo.gl/HZn7Yb (+)
- https://goo.gl/le4nvm (+)
- https://improsec.com/blog//bypassing-control-flow-guard-in-windows-10
- https://stringbleed.github.io
- https://goo.gl/F1xBst (+)
- https://www.evilsocket.net/2017/04/27/Android-Applications-Reversing-101/
- https://blog.joshlemon.com.au/protecting-your-pdf-files-and-metadata/
- http://www.abatchy.com/2017/05/tcp-bind-shell-in-assembly-null.html
- https://goo.gl/V6EsOr (+)
- https://www.vgrsec.com/post20170219.html
- http://blog.jpcert.or.jp/2016/01/windows-commands-abused-by-attackers.html
- https://poshsecurity.com/blog/deconstructing-secure-http-without-https
- https://theshell.xyz/
- https://bugs.chromium.org/p/project-zero/issues/detail?id=1252&desc=5
- https://hackerone.com/reports/88719
- https://quanyang.github.io/part-1-continuous-pwning/
- https://goo.gl/h2dWbh (+)
- https://phoenhex.re/2017-05-04/pwn2own17-cachedcall-uaf
- https://insinuator.net/2017/05/git-shell-bypass-by-abusing-less-cve-2017-8386/
- https://goo.gl/728eER (+)
- https://goo.gl/4J95NW (+)
- https://micahflee.com/2017/04/breaking-the-security-model-of-subgraph-os/
- https://bugs.chromium.org/p/project-zero/issues/detail?id=1096
- https://blogs.securiteam.com/index.php/archives/3171
- http://snf.github.io/2017/05/04/exploit-protection-i-page-heap/
- https://goo.gl/3npUqt (+)
- http://nahamsec.com/?p=210
- http://blog.shubh.am/how-i-bypassed-2-factor-authentication-on-google-yahoo-linkedin-and-many-others/
- http://blog.techorganic.com/2014/05/14/from-fuzzing-to-0-day/
- http://cybermashup.com/2014/05/01/jtag-debugging-made-easy-with-bus-pirate-and-openocd/
- http://www.room362.com/blog/2014/04/19/executing-code-via-smb-without-psexec/
- https://bitbucket.org/mihaila/bintrace/wiki/Home
- https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20140508-0_AVG_Remote_Administration_Multiple_critical_vulnerabilities_v10.txt
- https://www.trustedsec.com/may-2014/moar-shellz/
- https://doar-e.github.io/blog/2014/04/30/corrupting-arm-evt/
- https://fail0verflow.com/blog/2014/enhancing-the-avic-5000nex.html
- http://habrahabr.ru/company/dsec/blog/222993/
- http://int0xcc.svbtle.com/stripping-upatre-trojan-downloader
- http://syncthing.net/
- http://blogs.msdn.com/b/debuggingtoolbox/archive/2014/05/14/hacking-minesweeper-for-windows-8.aspx
- http://blog.cloudflare.com/bpf-the-forgotten-bytecode
- https://slashcrypto.org/2017/05/17/5k_Error_Page/
- https://goo.gl/ium1x1 (+)
- https://goo.gl/QNgi0K (+)
- https://goo.gl/9TL0an (+)
- https://goo.gl/XQohRS (+)
- https://klue.github.io/blog/2017/04/macos_kernel_debugging_vbox/
- https://checkmarx.gitbooks.io/go-scp/
- https://irssi.org/2017/05/12/fuzzing-irssi/
- https://shhnjk.blogspot.pt/2017/05/is-your-epub-reader-secure-enough.html
- https://unmitigatedrisk.com/?p=586
- https://goo.gl/AuoG68 (+)
- https://modexp.wordpress.com/2017/01/24/shellcode-x84/
- https://blog.bi.tk/2017/01/20/findbug/
- https://goo.gl/7eGSu8 (+)
- https://xerub.github.io/ios/kpp/2017/04/13/tick-tock.html
- http://www.unixwiz.net/techtips/sql-injection.html
- https://goo.gl/KKSSqD (+)
- https://goo.gl/DGJIZJ (+)
- https://devnull-as-a-service.com/features/
- http://kedrisec.com/twitter-publish-by-any-user/
- https://www.ambionics.io/blog/oracle-peoplesoft-xxe-to-rce
- https://randywestergren.com/xss-sms-hacking-text-messages-verizon-messages/
- http://www.debasish.in/2017/05/openxmolar-ms-openxml-format-fuzzing_20.html
- http://www.exfiltrated.com/research-BIOS_Based_Rootkits.php
- http://blog.timac.org/?p=1570
- https://cobbr.io/ScriptBlock-Logging-Bypass.html
- http://cloak-and-dagger.org/
- https://wald0.com/?p=112
- https://goo.gl/Xzy1ql (+)
- https://www.elttam.com.au/blog/playing-with-canaries/
- https://goo.gl/4oruRY (+)
- https://tyranidslair.blogspot.pt/2017/05/exploiting-environment-variables-in.html
- https://animal0day.blogspot.co.uk/2017/05/fuzzing-apache-httpd-server-with.html
- https://medium.com/@d0znpp/how-to-bypass-libinjection-in-many-waf-ngwaf-1e2513453c0f
- https://gist.github.com/winocm/e3eb9c9b061c7414441c45a4938a0c57
- http://research.rootme.in/h1-xssi/
- https://ysx.me.uk/road-to-unauthenticated-recovery-downloading-github-saml-codes/
- https://goo.gl/rkzXun (+)
- http://www.thegreycorner.com/2017/01/exploiting-difficult-sql-injection.html
- https://hackerone.com/reports/217745
- https://goo.gl/OBoFZ1 (+)
- https://scarybeastsecurity.blogspot.pt/2017/05/bleed-more-powerful-dumping-yahoo.html
- https://goo.gl/vHiyry (+)
- http://wphutte.com/avada-5-1-4-stored-xss-and-csrf/
- https://winscripting.blog/2017/05/12/first-entry-welcome-and-uac-bypass/
- https://goo.gl/p0molg (+)
- https://sizzop.github.io/2016/07/05/kernel-hacking-with-hevd-part-1.html
- https://lowleveldesign.org/2017/03/07/how-to-securely-sign-dotnet-assemblies/
- https://ysx.me.uk/a-pair-of-plotly-bugs-stored-xss-and-aws-metadata-ssrf/
- http://blog.martinfenner.org/2014/08/25/using-microsoft-word-with-git/
- http://kubernetesbyexample.com/
- https://www.shodan.io/host/203.254.47.164
- https://vvyper.com/2017/05/22/instagram-stories-ssl/
- https://hackerone.com/reports/231053
- https://medium.com/@th3g3nt3l/how-i-got-5500-from-yahoo-for-rce-92fffb7145e6
- http://www.rpcview.org/index.html
- https://phoenhex.re/2017-06-02/arrayspread
- https://bling.kapsi.fi/blog/no-proc-process-recon.html
- https://goo.gl/5EeZC0 (+)
- https://goo.gl/1HRwSB (+)
- https://msitpros.com/?p=3877
- http://c0rni3sm.blogspot.pt/2017/06/from-js-to-another-js-files-lead-to.html
- https://raz0r.name/vulnerabilities/arbitrary-file-reading-in-next-js-2-4-1/
- https://chao-tic.github.io/blog/2017/05/24/dirty-cow
- https://sploitfun.wordpress.com/2015/02/10/understanding-glibc-malloc/
- https://goo.gl/gJ1LiQ (+)
- https://oded.ninja/2017/05/14/amt-n-ken-hack/
- https://sonniesedge.co.uk/blog/a-day-without-javascript
- http://pentestit.com/wordsteal-steal-ntlm-hashes-remotely/
- https://www.hackerone.com/blog-How-To-Server-Side-Request-Forgery-SSRF
- https://goo.gl/Zy8Nhe (+)
- https://firefart.at/post/turning_piwik_superuser_creds_into_rce/
- https://goo.gl/Tv6uRg (+)
- https://0x00sec.org/t/c-a-simple-runtime-crypter/519
- https://0patch.blogspot.pt/2017/01/micropatching-remote-code-execution-in.html
- http://blog.blindspotsecurity.com/2016/09/nodejs-breaking-jade-pug-dlopen.html
- https://goo.gl/AL1b7q (+)
- https://www.securitysift.com/understanding-wordpress-auth-cookies
- https://medium.com/@br4nsh/from-linux-to-ad-10efb529fae9
- https://goo.gl/ea1gwR (+)
- https://borgandrew.blogspot.pt/2017/01/h1-margin-bottom-0.html
- https://goo.gl/t23oea (+)
- http://el.che.moe/Writeup_VoiceAttack.html
- https://blog.kchung.co/rfid-hacking-with-the-proxmark-3/
- https://habrahabr.ru/company/aladdinrd/blog/329166/
- http://switchbrew.org
- http://www.lofibucket.com/articles/64k_intro.html
- https://angelmmiguel.github.io/svgi/
- https://goo.gl/3dSAS2 (+)
- https://goo.gl/8SMkHF (+)
- http://offsecbyautomation.com/Subdomain-Delegation-Takeover/
- https://sourceware.org/systemtap/
- https://goo.gl/2gCFrE (+)
- https://guidovranken.wordpress.com/2017/06/21/the-openvpn-post-audit-bug-bonanza/
- https://phoenhex.re/2017-06-21/firefox-structuredclone-refleak
- https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt
- https://goo.gl/ENZQiQ (+)
- https://bo0om.ru/just-enter-the-space-attacks-en
- https://goo.gl/w38a3h (+)
- https://goo.gl/KnVyxr (+)
- https://oleb.net/blog/2017/01/fun-with-string-interpolation/
- https://mostsecure.pw/
- http://ngailong.com/uber-login-csrf-open-redirect-account-takeover/
- https://goo.gl/WyXvVf (+)
- http://ostinato.org/
- https://securityonline.info/bypass-waf-php-webshell-without-numbers-letters/
- https://goo.gl/ygKLLx (+)
- https://blog.cylance.com/running-executables-on-macos-from-memory
- https://www.bishopfox.com/blog/2017/06/how-i-built-an-xss-worm-on-atmail/
- https://goo.gl/PU7zc2 (+)
- https://yurichev.com/blog/symbolic/
- https://www.contextis.com/resources/blog/hacking-unicorns-web-bluetooth/
- https://goo.gl/ezUM9n (+)
- https://jamescoote.co.uk/phishlulz-tutorial/
- https://jankopecky.net/index.php/2017/04/18/0day-textplain-considered-harmful/
- http://inspirobot.me/
- https://arogozhnikov.github.io/3d_nn/
- https://goo.gl/h7QdzQ (+)
- https://medium.com/@FreedomCoder/following-the-white-rabbit-5e392e3f6fb9
- https://mrpapercut.com/sites/wscript/
- https://www.mzrst.com/
- http://hacking-printers.net
- https://goo.gl/VD8BxF (+)
- http://vegardno.blogspot.pt/2017/03/fuzzing-openssh-daemon-using-afl.html
- https://lowleveldesign.org/2017/07/04/decrypting-tfs-secret-variables/
- https://www.itsec.nl/en/2017/06/26/drive-by-remote-code-execution-by-mamp/
- https://goo.gl/Jsze4P (+)
- https://goo.gl/41PZHT (+)
- https://blog.rubidus.com/2017/02/06/preventing-subdomain-takeover/
- https://dev.to/fenceposterror/hacking-open-source-software-for-fun-and-non-profit
- https://zerosum0x0.blogspot.pt/2017/07/puppet-strings-dirty-secret-for-free.html
- https://blog.haschek.at/post/f2fda
- http://www.righto.com/2017/07/bitcoin-mining-on-vintage-xerox-alto.html
- https://blog.zsec.uk/blind-xxe-learning/
- https://goo.gl/5TNzwu (+)
- https://goo.gl/Y3odmB (+)
- https://gist.github.com/hasherezade/e3b5682fee27500c5dabf5343f447de3
- https://gist.github.com/ryhanson/227229866af52e2d963cf941af135a52
- https://goo.gl/BhW3Lt (+)
- https://goo.gl/GSGgjX (+)
- https://www.rcesecurity.com/2014/07/slae-shell-reverse-tcp-shellcode-linux-x86/
- https://myexploit.wordpress.com/hunt-for-the-domain-admin-da/
- https://krbtgt.pw/oracle-oam-10g-session-hijacking/
- https://goo.gl/is7Tyu (+)
- http://boosterok.com/blog/broadpwn/
- http://www.nmattia.com/posts/2017-03-05-crack-luks-stutter-gnu-parallel.html
- https://medium.com/wemake-services/testing-bash-applications-85512e7fe2de
- https://blog.preempt.com/new-ldap-rdp-relay-vulnerabilities-in-ntlm
- http://acez.re/the-weak-bug-exploiting-a-heap-overflow-in-vmware/
- http://hacker-news.verylegit.link/
- http://aem1k.com/symmetry/
- https://trueschool.se/html/fonts.html
- https://goo.gl/wSKFLS (+)
- https://xakep.ru/2017/07/06/safari-localfile-read/
- https://gist.github.com/jobertabma/e9a383a8ad96baa189b65cdc8d74a845
- https://blog.netspi.com/attacking-javascript-web-service-proxies-burp/
- https://blog.ropnop.com/upgrading-simple-shells-to-fully-interactive-ttys/
- https://goo.gl/uLeBCf (+)
- https://goo.gl/ehHr8U (+)
- https://goo.gl/RmmyFJ (+)
- http://blog.deniable.org/blog/2017/07/16/inject-all-the-things/
- http://wapiflapi.github.io/2015/04/22/single-null-byte-heap-overflow/
- https://pentestarmoury.com/2017/07/19/s3-buckets-for-good-and-evil/
- https://oneupsecurity.com/research/remote-code-execution-in-source-games
- https://www.coresecurity.com/blog/solving-post-exploitation-issue-cve-2017-7308
- http://news.dieweltistgarnichtso.net/posts/gnome-thumbnailer-msi-fail.html
- https://goo.gl/Qc7ZPm (+)
- http://blog.sec-consult.com/2017/06/ghosts-from-past-authentication-bypass.html
- https://goo.gl/YGBuph (+)
- https://goo.gl/vfkPjf (+)
- http://dmitry.gr/index.php?r=05.Projects&proj=25.%20VMU%20Hacking
- http://op-co.de/blog/posts/hacking_the_nx300/
- http://cyvera.com/cve-2014-1776-how-easy-it-is-to-attack-these-days/
- http://insanecoding.blogspot.ro/2014/04/common-libressl-porting-mistakes.html
- https://zyan.scripts.mit.edu/blog/wordpress-fail/
- http://rotlogix.com/2014/05/21/exploiting-local-file-includes-with-liffy/
- http://m-austin.com/blog/?p=118
- http://www.hexacorn.com/blog/2014/05/21/rce-list-of-64-bit-tools/
- https://code.google.com/p/libbde/
- http://eternal-todo.com/blog/cve-2013-2729-exploit-zeusp2p-gameover
- http://www.vupen.com/blog/20140520.Advanced_Exploitation_Firefox_UaF_Pwn2Own_2014.php
- http://www.scriptjunkie.us/2013/11/adding-easy-ssl-client-authentication-to-any-webapp/
- http://www.websec.mx/advisories/view/Generador-de-WPA-Huawei-HG8245-y-HG8247
- http://williamknowles.co.uk/?p=16
- http://www.circl.lu/projects/CIRCLean/
- https://goo.gl/vDEMKL (+)
- https://gerbenjavado.com/the-race-to-the-top-of-a-bug-bounty-program/
- https://goo.gl/jQJK3U (+)
- https://asciinema.org/a/130730
- https://security.gerhardt.link/RCE-in-Factorio/
- https://bling.kapsi.fi/blog/jvm-deserialization-broken-classldr.html
- https://elaineou.com/2017/01/19/how-the-twitter-app-bypasses-paywalls/
- https://goo.gl/s5Eyy4 (+)
- https://goo.gl/kLaawx (+)
- https://pierrekim.github.io/blog/2017-02-09-tplink-c2-and-c20i-vulnerable.html
- https://www.gironsec.com/blog/2017/07/keylogger-using-directx/
- http://rh0dev.github.io/blog/2017/the-return-of-the-jit/
- https://bneg.io/2017/07/26/empire-without-powershell-exe/
- https://goo.gl/aEPUuS (+)
- https://goo.gl/djcEh1 (+)
- https://www.stefanjudis.de/hidden-messages-in-javascript-property-names.html
- https://hackernoon.com/a-collision-too-perfect-279a47fb5d42
- https://doesmysiteneedhttps.com/
- https://blog.innerht.ml/testing-new-features/
- http://blog.orange.tw/2017/07/how-i-chained-4-vulnerabilities-on.html
- https://blog.zsec.uk/rce-starwars/
- https://vallejo.cc/2017/07/16/anti-antidebugging-windbg-scripts/
- https://gist.github.com/marcan/6a2d14b0e3eaa5de1795a763fb58641e
- http://paper.seebug.org/230/
- https://0x00sec.org/t/reverse-engineering-101/1233
- https://goo.gl/h5EJDE (+)
- http://rohk.io/free-bits-on-twitch/
- https://goo.gl/mqi664 (+)
- http://blog.huntingmalware.com/notes/WMI
- https://comsecuris.com/blog/posts/path_of_least_resistance/
- https://scarybeastsecurity.blogspot.pt/2017/03/black-box-discovery-of-memory.html
- https://goo.gl/986jDv (+)
- https://cybersyndicates.com/2017/02/os-x-packet-capture--empire/
- https://medium.com/0xcc/how-to-turn-photoshop-into-a-remote-access-tool-805485a9480
- https://z4ziggy.wordpress.com/2017/07/21/zigfrid-a-passive-rfid-fuzzer/
- https://blog.lessonslearned.org/building-a-more-secure-development-chromebook/
- https://bo0om.ru/xss-everywhere
- https://sites.google.com/site/testsitehacking/10k-host-header
- http://staaldraad.github.io/pentest/phishing/2017/08/02/o356-phishing-with-oauth/
- http://blog.safebuff.com/2016/07/03/SSRF-Tips/
- http://blog.securelayer7.net/thick-client-penetration-testing-1/
- http://www.rvrsh3ll.net/blog/offensive/ssl-domain-fronting-101/
- https://blog.doyensec.com/2017/08/03/electron-framework-security.html
- https://zerosum0x0.blogspot.pt/2017/04/doublepulsar-initial-smb-backdoor-ring.html
- https://goo.gl/FdwEKQ (+)
- https://landave.io/2017/07/bitdefender-remote-stack-buffer-overflow-via-7z-ppmd/
- https://goo.gl/3xEuby (+)
- https://blog.phusion.nl/2015/01/20/docker-and-the-pid-1-zombie-reaping-problem/
- https://ysx.me.uk/managed-apps-and-music-a-tale-of-two-xsses-in-google-play/
- http://www.phreedom.org/research/tinype/
- https://goo.gl/fu93Mg (+)
- https://goo.gl/XAq8qW (+)
- http://lightningsecurity.io/blog/password-not-provided/
- http://redplait.blogspot.pt/2017/08/wincheck-rc858.html
- https://gist.github.com/marcan/23e1ec416bf884dcd7f0e635ce5f2724
- http://illmatics.com/carhacking.html
- https://goo.gl/Yg4QHV (+)
- https://l.avala.mp/?p=241
- https://lowlevelbits.org/reverse-engineering-stickies.app/
- https://www.psattack.com/articles/20170810/application-compatibility-shims/
- https://lolware.net/2017/08/01/capturing-mfa-logons.html
- https://blog.netspi.com/attacking-sso-common-saml-vulnerabilities-ways-find/
- https://goo.gl/P8EdJH (+)
- https://aspe1337.blogspot.pt/2017/04/writeup-of-cve-2017-7199.html
- http://www.exploit-monday.com/2017/07/bypassing-device-guard-with-dotnet-methods.html
- http://hackethereum.com/
- https://gist.github.com/MerryMage/797c523724e2dc02ada86a1cfadea3ee
- http://sheepsec.com/blog/username_enumeration_via_jar.html
- https://hackerone.com/reports/198690
- https://goo.gl/zsevzD (+)
- https://duo.com/blog/hunting-malicious-npm-packages
- https://iayanpahwa.github.io/Reverse-Engineering-IoT-Devices/
- https://toshellandback.com/2017/08/16/mousejack/
- https://0x00sec.org/t/game-hacking-winxp-minesweeper/1266
- http://thecyberrecce.net/2017/02/12/reversing-the-trendnet-ts-402/
- https://zhuanlan.zhihu.com/p/28575189
- https://goo.gl/KBsZtt (+)
- https://goo.gl/ViLaih (+)
- http://nahamsec.com/secure-your-jenkins-instance-or-hackers-will-force-you-to/
- https://ae7.st/g/
- https://dave.cheney.net/2017/08/21/the-here-is-key
- http://gbppr.dyndns.org/~gbpprorg/l0pht/l0pht.html
- https://hackerone.com/reports/207042
- https://medium.com/@arbazhussain/pre-domain-wildcard-cors-exploitation-2d6ac1d4bd30
- https://goo.gl/d15wVv (+)
- https://phoenixpwn.com/
- https://sintonen.fi/advisories/qnap-qts-42-multiple-vulnerabilities.txt
- http://bsmt.me/posts/openxc-reversing/
- https://goo.gl/7grxsj (+)
- https://raw.githubusercontent.com/hatRiot/token-priv/master/abusing_token_eop_1.0.txt
- https://gerbenjavado.com/manual-sql-injection-discovery-tips/
- https://goo.gl/7psV1M (+)
- https://appscreener.us/blog/?code=reading-ios-app-binary-files
- https://goo.gl/2JbZAv (+)
- https://goo.gl/xFHvXr (+)
- https://research.swtch.com/zip
- https://chris.bolin.co/offline/
- http://madeintheusbwebsite.azurewebsites.net
- http://zhchbin.github.io/2017/08/30/Uber-XSS-via-Cookie/
- https://opnsec.com/2017/08/advanced-flash-vulnerabilities-in-youtube/
- https://blog.didierstevens.com/2017/09/05/abusing-a-writable-windows-service/
- https://www.doyler.net/security-not-included/certreq-exfiltration
- https://lgtm.com/blog/apache_struts_CVE-2017-9805
- http://blog.thinkst.com/2017/08/disrupting-aws-s3-logging.html
- http://dmitry.gr/index.php?r=05.Projects&proj=23.%20PSoC4
- https://reactarmory.com/answers/how-can-i-use-css-in-js-securely
- http://www.martinvigo.com/diy-spy-program-abusing-apple-call-relay-protocol/
- https://benkowlab.blogspot.pt/2017/08/from-onliner-spambot-to-millions-of.html
- http://blog.pentestbegins.com/2017/08/05/remote-xss-attack-using-csrf/
- https://goo.gl/JhkeQj (+)
- http://www.ringzerolabs.com/2017/08/bypassing-anti-analysis-technique-in.html
- https://blogs.securiteam.com/index.php/archives/3379
- https://www.imperialviolet.org/2017/08/13/securitykeys.html
- https://blog.quarkslab.com/flash-dumping-part-i.html
- https://goo.gl/DtNjd8 (+)
- https://goo.gl/H8T3kz (+)
- https://goo.gl/tkrdbm (+)
- https://goo.gl/omukkh (+)
- https://goo.gl/54L7rS (+)
- https://rtpbleed.com/
- http://go.armis.com/hubfs/BlueBorne%20Technical%20White%20Paper-1.pdf
- https://goo.gl/3DfDJT (+)
- https://goo.gl/WZXckr (+)
- https://goo.gl/2CgsS4 (+)
- https://courk.fr/index.php/2017/09/10/reverse-engineering-exploitation-connected-clock/
- http://tinyhack.com/2017/09/05/mastercard-internet-gateway-service-hashing-design-flaw/
- https://www.mdsec.co.uk/2017/09/exploiting-cve-2017-8759-soap-wsdl-parser-code-injection/
- https://diablohorn.com/2017/09/09/understanding-practicing-java-deserialization-exploits/
- http://www.exploit-monday.com/2017/08/exploiting-powershell-code-injection.html
- https://jesuscoin.network/
- https://quoteinvestigator.com/2013/03/06/artists-steal/amp/
- https://safiire.github.io/blog/2017/08/19/solving-danish-defense-intelligence-puzzle/
- https://goo.gl/SsWjW6 (+)
- https://goo.gl/NTE4H9 (+)
- https://www.virtuesecurity.com/blog/aws-penetration-testing-s3-buckets/
- https://blog.avuln.com/article/4
- http://patrickhurd.pro/blog/posts/popjsanalysis.html
- http://qiita.com/alfa/items/b0e807ae040fc8f61d20
- https://www.hopperapp.com/blog/?p=219
- https://goo.gl/QTqj8t (+)
- http://guptashubham.com/all-about-hackerone-private-program-terapeak/
- https://wtf.horse/2017/09/19/common-wifi-attacks-explained/
- https://0x10f8.wordpress.com/2017/08/07/reverse-engineering-an-eclipse-plugin/
- https://www.antid0te.com/blog.html
- http://blog.quarkslab.com/make-confide-great-again-no-we-cannot.html
- https://goo.gl/fcmP1Y (+)
- https://dev.to/tkaczanowski/explaining-programming-to-6-years-old-kids
- https://goo.gl/GbJLyc (+)
- https://learn.sparkfun.com/tutorials/gas-pump-skimmers
- https://goo.gl/D2HWmu (+)
- https://goo.gl/mtUa28 (+)
- http://www.shawarkhan.com/2017/08/sarahah-xss-exploitation-tool.html
- https://rails-sqli.org/
- https://un-excogitate.org/dormant-domination
- https://goo.gl/SwBQnX (+)
- http://hatriot.github.io/blog/2017/09/19/abusing-delay-load-dll/
- https://www.incapsula.com/blog/blocking-session-hijacking-on-gitlab.html
- https://specterops.io/assets/resources/SpecterOps_Subverting_Trust_in_Windows.pdf
- http://defencely.com/blog/defencely-clarifies-python-object-injection-exploitation/
- https://www.twistlock.com/2017/06/25/alpine-linux-pt-1-2/
- https://medium.com/@th3g3nt3l/900-xss-in-yahoo-recon-wins-65ee6d4bfcbd
- https://blog.rapid7.com/2013/07/02/a-penetration-testers-guide-to-ipmi/
- https://pokeinthe.io/2017/09/14/http-status-code-handling/
- http://ccsinjection.lepidum.co.jp/blog/2014-06-05/CCS-Injection-en/index.html
- http://radare.today/technical-analysis-of-the-gnutls-hello-vulnerability/
- http://blog.internot.info/2014/05/facebook-skype-to-email-leak-3000-bounty.html
- http://www.sysvalue.com/en/heartbleed-cupid-wireless/
- https://henryhoggard.co.uk/?p=68
- http://moscrack.sourceforge.net/
- https://code.google.com/p/xssf/
- http://blog.j-michel.org/post/86992432269/from-nand-chip-to-files
- http://www.securitybydefault.com/2012/07/backdooring-apache.html
- http://blog.opensecurityresearch.com/2014/05/acquiring-linux-memory-from-server-far.html
- http://www.securityartwork.es/2014/06/04/read-htaccess-file-through-blind-sql-injection/?lang=en
- http://www.labofapenetrationtester.com/2014/06/introducing-antak.html
- http://kukuruku.co/hub/nix/writing-a-file-system-in-linux-kernel
- https://wireedit.com/
- http://www.moserware.com/2009/09/stick-figure-guide-to-advanced.html
- http://blog.blackfan.ru/2017/09/devtwittercom-xss.html
- https://forsec.nl/2017/09/smart-home-remote-command-execution-rce/
- https://wmie.codeplex.com/
- https://goo.gl/X5tmUW (+)
- http://noxxi.de/research/breaking-dkim-on-purpose-and-by-chance.html
- https://phoenhex.re/2017-06-09/pwn2own-diskarbitrationd-privesc
- https://blog.filippo.io/we-need-to-talk-about-session-tickets/
- https://goo.gl/AZ8qRV (+)
- https://halbecaf.com/2017/05/24/exploiting-a-v8-oob-write/
- https://sockpuppet.org/blog/2015/01/15/against-dnssec/
- https://goo.gl/Fk6FpM (+)
- https://blog.ropchain.com/2017/04/03/disarming-emet-5-52/
- https://ro-che.info/articles/2017-09-17-booking-com-manipulation
- https://jordaneldredge.com/projects/winamp2-js/
- http://georgemauer.net/2017/10/07/csv-injection.html
- https://justi.cz/security/2017/10/07/rubygems-org-rce.html
- https://blog.zsec.uk/subdomainhijack/
- https://goo.gl/d6XGkh (+)
- https://goo.gl/96rGuw (+)
- http://www.chokepoint.net/2017/10/exposing-server-ips-behind-cloudflare.html
- https://goo.gl/HEpNnN (+)
- https://smartlockpicking.com/tutorial/my-smart-lock-vendor-disappeared/
- https://goo.gl/z1zesp (+)
- https://blog.liftsecurity.io/2017/04/14/sql-and-more-via-xss-in-pgadmin4/
- https://goo.gl/F7fdBb (+)
- https://sensepost.com/blog/2017/macro-less-code-exec-in-msword/
- https://medium.com/websec/wordpress-sqli-bbb2afcc8e94
- http://clickheretosavetheworld.com/
- https://gavv.github.io/blog/pulseaudio-under-the-hood/
- https://kate.io/blog/git-bomb/
- https://blogs.securiteam.com/index.php/archives/3430
- https://kciredor.com/taking-over-every-ad-on-olx-automated-an-idor-story.html
- https://www.nomotion.net/blog/sharknatto/
- https://warroom.securestate.com/cve-2017-9769/
- https://www.krackattacks.com/
- http://hexdetective.blogspot.pt/2017/02/exploiting-android-s-boot-getting.html
- https://goo.gl/kqbzgz (+)
- http://codepool.me/NET-Reverse-Enginering-Part-1/
- https://goo.gl/Ap47c2 (+)
- https://crocs.fi.muni.cz/public/papers/rsa_ccs17
- https://www.bamsoftware.com/papers/fronting/
- https://blog.flanker017.me/cve-2017-2416-gif-remote-exec/
- https://goo.gl/sSF3up (+)
- https://gist.github.com/1wErt3r/4048722
- http://blog.intothesymmetry.com/2017/10/slack-saml-authentication-bypass.html
- https://goo.gl/hMHdD7 (+)
- http://infosecninja.blogspot.pt/2017/09/android-kiosk-browser-lock-down.html
- http://subt0x10.blogspot.pt/2017/08/msxslexe-working-as-designed.html
- https://goo.gl/5jwWoj (+)
- https://0.me.uk/ev-phishing/
- https://www.fidusinfosec.com/tp-link-remote-code-execution-cve-2017-13772/
- http://bobao.360.cn/learning/detail/4534.html
- http://www.sysadminjd.com/adv170014-ntlm-sso-exploitation-guide/
- https://appelsiini.net/2017/reverse-engineering-location-services/
- https://nickcano.com/reversing-league-of-legends-client/
- https://fail0verflow.com/blog/2017/ps4-namedobj-exploit/
- http://www.geeknik.net/7k9et2d9e
- https://embedi.com/blog/uefi-bios-holes-so-much-magic-dont-come-inside
- https://goo.gl/rYdJdk (+)
- https://goo.gl/xASVx1 (+)
- http://www.dicewarepasswords.com/
- http://webjack.io/
- https://goo.gl/Up218B (+)
- http://stamone-bug-bounty.blogspot.pt/2017/10/dom-xss-auth_14.html
- https://goo.gl/Arvvgp (+)
- https://benkowlab.blogspot.pt/2017/05/feedback-on-how-to-build-smb-honeypot.html
- https://goo.gl/kojasB (+)
- https://edoverflow.com/2017/broken-link-hijacking/
- https://security.tencent.com/index.php/blog/msg/116
- https://lucasg.github.io/2017/10/15/Api-set-resolution/
- https://goo.gl/n6rbcT (+)
- https://goo.gl/STZHRC (+)
- https://goo.gl/jkFJjg (+)
- https://goo.gl/mJoCR2 (+)
- http://agrrrdog.blogspot.pt/2017/03/autobinding-vulns-and-spring-mvc.html
- https://adamcaudill.com/2017/10/04/exploiting-jackson-rce-cve-2017-7525/
- https://www.sneakymonkey.net/2016/10/30/raspberrypi-nsm/
- https://goo.gl/geiujj (+)
- https://philippeharewood.com/posting-gifs-as-anyone-on-facebook/
- https://ysx.me.uk/app-maker-and-colaboratory-a-stored-google-xss-double-bill/
- https://goo.gl/Apc2Mr (+)
- https://diablohorn.com/2017/08/15/brute-forcing-encrypted-web-login-forms/
- https://git.stan.sh/SL-Process/DataBuster-VPN
- https://pentestlab.blog/2017/08/29/command-and-control-dropbox/
- https://goo.gl/DD871b (+)
- https://reverse.put.as/2017/11/07/exploiting-cve-2017-5123/
- https://pleasestopnamingvulnerabilities.com/
- https://gdelugre.github.io/2017/11/06/samba-path-pivot-attack/
- https://jesux.es/exploiting/blueborne-android-6.0.1/
- https://modexp.wordpress.com/2017/10/30/poly-mutex-names/
- http://research.rootme.in/stealing-csvs-crossdomain/
- https://goo.gl/QyY7fX (+)
- https://whereisk0shl.top/Dark%20Composition%20Exploit%20in%20Ring0.html
- http://trillian.mit.edu/~jc/humor/ATT_Copyright_true.html
- https://gamehistory.org/aladdin-source-code/
- http://www.noob.ninja/2017/11/local-file-read-via-xss-in-dynamically.html
- https://justi.cz/security/2017/11/14/couchdb-rce-npm.html
- http://blog.vulspy.com/2017/11/09/Wordpress-4-8-2-SQL-Injection-POC/
- http://rickyhan.com/jekyll/update/2017/11/10/bypassing-recaptcha.html
- https://www.illuminatejs.com
- https://bo0om.ru/chrome-and-safari-uxss
- https://staaldraad.github.io/2017/11/12/polycom-hdx-rce/
- https://goo.gl/zgaNZu (+)
- https://ionize.com.au/stealing-amazon-ec2-keys-via-xss-vulnerability/
- https://rot.fi/2017/11/07/wan-to-lan-exploitation-of-4g-broadband-modem/
- https://goo.gl/oPM722 (+)
- https://goo.gl/k6wTv6 (+)
- https://depthsecurity.com/blog/using-python-to-get-a-shell-without-a-shell
- http://antonioparata.blogspot.pt/2017/11/shed-inspect-net-malware-like-sir.html
- https://xorl.wordpress.com/2017/11/11/cve-2017-13089-wget-http-integer-overflow/
- https://edoverflow.com/2017/ruby-resolv-bug/
- http://korban.net/posts/postgres/2017-11-02-the-case-against-orms/
- https://martinmelhus.com/web-audio-modem/
- https://statuscode.ch/2017/11/from-markdown-to-rce-in-atom/
- https://blog.zsec.uk/rce-chain/
- https://embedi.com/blog/skeleton-closet-ms-office-vulnerability-you-didnt-know-about
- https://goo.gl/Mh8xdi (+)
- https://ss64.com/ps/
- https://mike-n1.github.io/ExtensionsOverview
- https://goo.gl/sXaCHB (+)
- https://goo.gl/6kXDq6 (+)
- https://openeffect.ca/snifflab-an-environment-for-testing-mobile-devices/
- https://goo.gl/SF3fE2 (+)
- https://digi.ninja/blog/xss_steal_csrf_token.php
- https://goo.gl/UWPKNC (+)
- https://blog.xpnsec.com/becoming-system/
- https://goo.gl/3LbCnL (+)
- https://samczsun.com/privilege-escalation-legalrobot/
- https://diablohorn.com/2017/05/21/quantum-insert-bypassing-ip-restrictions/
- https://blog.conscioushacker.io/index.php/2017/10/25/evading-microsofts-autoruns/
- https://goo.gl/hVo9SC (+)
- https://nickjanetakis.com/blog/run-the-first-edition-of-unix-1972-with-docker
- https://goo.gl/oQexiF (+)
- https://ysx.me.uk/taking-note-xss-to-rce-in-the-simplenote-electron-client/
- https://objective-see.com/blog/blog_0x24.html
- http://c0d3g33k.blogspot.pt/2017/11/story-of-json-xss.html
- https://osandamalith.com/2017/03/24/places-of-interest-in-stealing-netntlm-hashes
- http://jacksonbaker.net/reverse-engineering-the-misfit-bolt-btle-protocol/
- https://medium.com/bindecy/huge-dirty-cow-cve-2017-1000405-110eca132de0
- https://haiderm.com/fully-undetectable-backdooring-pe-files/
- https://goo.gl/k5FhZY (+)
- https://goo.gl/1oGthj (+)
- https://raesene.github.io/blog/2017/05/01/Kubernetes-Security-etcd/
- https://medium.com/@5yx/dde-word-exec-3e57cc45b401
- https://www.xorrior.com/You-Have-The-Right-to-Remain-Cylance/
- https://medium.com/@infodox/pwning-red-team-toys-crunchrat-rce-ce83e1d09ae9
- http://blog.sec-consult.com/2017/04/what-unites-hp-philips-and-fujitsu-one.html
- http://tldr.sh/
- http://www.readylinux.com/
- https://www.darkoperator.com/blog/2017/11/20/some-comments-and-thoughts-on-tradecraft
- https://goo.gl/XrGehX (+)
- https://goo.gl/VdAeoT (+)
- https://www.mailsploit.com/index
- https://goo.gl/oTx3iE (+)
- https://bitrot.sh/post/30-11-2017-domain-fronting-with-meterpreter/
- http://decidedlygray.com/2017/08/10/modifying-and-building-burp-extensions/
- https://blog.elcomsoft.com/2017/11/ios-11-horror-story-the-rise-and-fall-of-ios-security/
- https://goo.gl/FZuEMi (+)
- https://codinguy.net/2013/06/03/insertion-encoderdecoder-shellcode/
- http://blog.bentkowski.info/2017/11/yet-another-google-caja-bypasses-hat.html
- http://az4n6.blogspot.fr/2017/10/finding-and-decoding-malicious.html
- https://www.chrisdcmoore.co.uk/post/oneplus-analytics/
- http://blog.talosintelligence.com/2017/11/exploiting-cve-2016-2334.html
- https://blog.xpnsec.com/windows-warbird-privesc/
- https://www.twistlock.com/2017/11/20/cve-2017-16544-busybox-autocompletion-vulnerability/
- http://karl-voit.at/2016/02/07/accessing-home-ssh-via-tor/
- http://dmitry.gr/?r=05.Projects&proj=07.%20Linux%20on%208bit
- http://c0rni3sm.blogspot.pt/2014/02/youtube-stored-xss-strikes-back.html
- http://blog.saynotolinux.com/2014/02/05/whats-that-smell-sniffing-cross-origin-frames-in-firefox/
- https://blog.whitehatsec.com/flash-307-redirect-game-over/
- https://www.scriptjunkie.us/2014/02/installing-linux-on-a-live-windows-system/
- http://insert-script.blogspot.co.at/2014/02/svg-fun-time-firefox-svg-vector.html
- http://projectshellcode.com/?q=node/12
- http://bugscollector.com/tricks/12/
- http://blog.sucuri.net/2014/02/new-iframe-injections-leverage-png-image-metadata.html
- http://www.troyhunt.com/2014/02/heres-how-bell-was-hacked-sql-injection.html
- http://blogs.law.harvard.edu/zeroday/2014/02/05/so-this-is-what-getting-pwned-is-like/
- http://imgur.com/LiixgJ4
- https://www.schneier.com/blog/archives/2014/02/hacking_airline.html
- https://www.youtube.com/watch?v=tc4ROCJYbm0
- http://www.orenh.com/2014/06/one-token-to-rule-them-all-tale-of.html
- http://c0rni3sm.blogspot.pt/2014/06/xss-in-google-mapmaker.html
- https://cybersmartdefence.com/docs/Paypal-Safely-Double-your-Money.csd
- http://nahamsec.com/?p=267
- https://zyan.scripts.mit.edu/blog/a-boring-xss-dissection/
- http://n0where.net/hexinject/
- https://www.shellterproject.com/introducing-shellter/
- http://blog.cylance.com/a-study-in-bots-lobotomy
- http://iss.oy.ne.ro/Aether
- http://blog.opensecurityresearch.com/2014/05/multi-stagedmulti-form-csrf.html
- http://sirdarckcat.blogspot.pt/2014/05/matryoshka-web-application-timing.html
- http://labs.neohapsis.com/2014/06/02/smarttv-smartphone-dial-an-attack-surface/
- http://xn--thibaud-dya.fr/jenkins_credentials.html
- http://penturalabs.wordpress.com/2014/03/17/iclass-is-not-enough/
- http://piratebox.cc/
- https://robotattack.org/
- https://medium.com/bugbountywriteup/bug-bounty-fastmail-feeda67905f5
- https://goo.gl/v2uyi2 (+)
- http://www.pwntester.com/blog/2013/12/23/rce-via-xstream-object-deserialization38/
- https://goo.gl/1knbkp (+)
- https://www.tarlogic.com/en/blog/exploiting-word-cve-2017-11826/
- https://lewisardern.github.io/2017/12/10/blind-xss/
- https://benkowlab.blogspot.pt/2017/12/an-inside-view-of-password-stealer.html
- https://research.kudelskisecurity.com/2017/11/01/zigbee-security-basics-part-1/
- https://medium.com/@palantir/osquery-across-the-enterprise-3c3c9d13ec55
- https://symeonp.github.io/2017/09/17/fuzzing-winafl.html
- https://goo.gl/RchdtG (+)
- https://goo.gl/GxynDa (+)
- https://dnstrails.com
- https://medium.com/@shinkurt/exploiting-a-tricky-xss-in-zendesk-80bdeaea4dad
- http://www.sxcurity.pro/2017/12/17/hackertarget/
- https://nyansatan.github.io/dualboot/
- https://packettotal.com/
- https://bsdmag.org/freebsd-port-knocking-abdorrahman-homaei/
- https://www.talosintelligence.com/reports/TALOS-2017-0432
- https://goo.gl/k67GVK (+)
- http://riscy.business/2017/12/lenovos-unsecured-objects/
- http://blog.blindspotsecurity.com/2017/12/advanced-sql-server-mitm-attacks.html
- https://goo.gl/7i24Kk (+)
- https://msitpros.com/?p=3909
- http://www.alexlambert.com/2017/12/18/kernel-debugging-for-newbies.html
- https://goo.gl/KUrtkX (+)
- https://www.twosixlabs.com/bluesteal-popping-gatt-safes/
- http://blog.stratumsecurity.com/2016/06/13/websockets-auth/
- https://goo.gl/EKsvWq (+)
- https://wiki.postgresql.org/wiki/Sudoku_solver
- https://ha.cking.ch/s8_data_line_locator/
- https://hawkinsecurity.com/2017/12/13/rce-via-spring-engine-ssti/
- https://www.cyberis.co.uk/burp_macros.html
- https://secrary.com/ReversingMalware/UnpackingShade/
- https://staaldraad.github.io/2017/12/20/netstat-without-netstat/
- https://goo.gl/NpBqrf (+)
- https://goo.gl/R5sLzw (+)
- https://lbarman.ch/blog/stack_smashing/
- https://lanrat.com/tethr/
- http://blog.gaurangbhatnagar.com/2017/12/02/Hacking-a-dating-app.html
- https://laskowski-tech.com/2017/12/19/setting-up-a-honeypot-using-opencanary/
- https://goo.gl/c3uMW2 (+)
- https://qiita.com/_pochi/items/4e20e38deee16a7615e1
- https://www.fireeye.com/blog/threat-research/2017/05/gaining-root-on-lenovo-vibe.html
- http://sshtron.zachlatta.com/
- https://gist.github.com/keo/00f20ef27eddcdae78ab
- https://meltdownattack.com/
- http://blog.blackfan.ru/2018/01/polygooglecom-xss.html
- https://goo.gl/a3jJxR (+)
- http://www.blackhillsinfosec.com/?p=5633
- https://devco.re/blog/2017/12/11/Exim-RCE-advisory-CVE-2017-16943-en/
- http://arnaucode.com/blog/coffeeminer-hacking-wifi-cryptocurrency-miner.html
- https://www.elttam.com.au/blog/goahead/
- http://saleemrashid.com/2017/08/17/extracting-trezor-secrets-sram/
- https://goo.gl/iyryvz (+)
- https://goo.gl/MPbfyS (+)
- https://objective-see.com/blog/blog_0x22.html
- https://goo.gl/BdbbZg (+)
- https://0x0.li/trackmageddon/
- https://damow.net/building-a-thermal-camera/
- https://ml-cheatsheet.readthedocs.io/en/latest/index.html
- https://cr0n1c.wordpress.com/2018/01/08/exploiting-cheap-labor/
- https://rcoh.me/posts/two-factor-auth/
- https://www.xorrior.com/In-Memory-Python-Imports/
- https://nickbloor.co.uk/2018/01/01/rce-with-bmc-server-automation/
- https://siguza.github.io/IOHIDeous/
- http://www.sxcurity.pro/2017/11/27/tricky-CORS/
- https://wpshout.com/complete-guide-sanitizing-escaping/
- https://goo.gl/MGEbmE (+)
- https://www.anquanke.com/post/id/94210
- http://www.shelliscoming.com/2017/05/post-exploitation-mounting-vmdk-files.html
- http://blog.en.elevenpaths.com/2017/12/breaking-out-hsts-and-hpkp-on-firefox.html
- https://www.digitalinterruption.com/single-post/2018/01/04/ToyTalkBugBountyWriteup
- https://medium.com/@palantir/alerting-and-detection-strategy-framework-52dc33722df2
- https://goo.gl/Nkrdni (+)
- https://iknowwhatyoudownload.com/
- https://www.zachaysan.com/writing/2017-12-30-zero-width-characters
- https://blog.kintoandar.com/2018/01/Building-healthier-containers.html
- https://blog.xpnsec.com/evernote-webclipper-uxss/
- http://www.sxcurity.pro/2018/01/11/chaining-yahoo-bugs/
- https://www.josipfranjkovic.com/blog/hacking-facebook-oculus-integration-csrf
- https://gist.github.com/singe/cba85800dd6e701c53d0614d8506b281
- https://goo.gl/aXGp9i (+)
- https://www.nvteh.com/news/problems-with-public-ebs-snapshots
- https://goo.gl/kw77MT (+)
- https://duo.com/blog/understanding-bluetooth-security
- https://blog.fox-it.com/2018/01/11/mitm6-compromising-ipv4-networks-via-ipv6/
- https://goo.gl/tzHsjA (+)
- https://johanengelen.github.io/ldc/2018/01/14/Fuzzing-with-LDC.html
- https://klikki.fi/adv/formidable.html
- https://dhavalkapil.com/blogs/FILE-Structure-Exploitation/
- https://goo.gl/qgb6YU (+)
- http://www.keras4kindergartners.com/
- https://blog.benjojo.co.uk/post/dns-filesystem-true-cloud-storage-dnsfs
- https://www.rcesecurity.com/2017/08/from-lfi-to-rce-via-php-sessions/
- http://blog.orange.tw/2018/01/php-cve-2018-5711-hanging-websites-by.html
- http://az4n6.blogspot.pt/2018/01/mounting-apfs-image-in-linux.html
- https://diablohorn.com/2017/10/26/port-scanning-without-an-ip-address/
- https://pseudolaboratories.github.io/DarkComet-upload-vulnerability/
- https://pentesterslife.blog/2017/11/24/x64-egg-hunting-in-linux-systems/
- https://franklinta.com/2014/08/31/predicting-the-next-math-random-in-java/
- https://blog.zsec.uk/out-of-band-xxe-2/
- https://goo.gl/tDcRZs (+)
- https://whereisk0shl.top/post/2018-01-17
- https://klikki.fi/adv/wpgform.html
- https://ownyourbits.com/2017/10/29/sandbox-your-applications-with-firejail/
- https://blogs.securiteam.com/index.php/archives/3649
- https://makecode.com/
- https://startyourownisp.com/
- http://nullprogram.com/blog/2014/12/23/
- http://blog.jr0ch17.com//2018/No-RCE-then-SSH-to-the-box/
- https://goo.gl/e4HC7r (+)
- http://whitehatstories.blogspot.in/2018/01/how-i-could-have-hacked-facebook.html
- https://homjxi0e.wordpress.com/2018/01/20/whitelisting-bypassing-using-netsh-exec/
- http://www.sploitspren.com/2018-01-26-Windows-Privilege-Escalation-Guide/
- http://blog.swiecki.net/2018/01/fuzzing-tcp-servers.html
- https://goo.gl/7QyUuJ (+)
- https://goo.gl/Wtt6CB (+)
- https://goo.gl/UGB2Ce (+)
- https://depthsecurity.com/blog/exploiting-custom-template-engines
- https://www.codemetrix.net/when-your-dns-leaks-your-infrastructure/
- https://sqlwiki.netspi.com/
- https://bazad.github.io/2017/09/live-kernel-introspection-ios/
- http://blog.ptsecurity.com/2018/01/running-unsigned-code-in-intel-me.html
- https://goo.gl/K7hbDW (+)
- https://landave.io/2018/01/7-zip-multiple-memory-corruptions-via-rar-and-zip
- http://ponzicoin.co/home.html
- https://ponnuki.net/2012/09/kindleberry-pi/
- https://ahussam.me/Amazon-leaking-csrf-token-using-service-worker/
- https://inteltechniques.com/buscador/
- https://xorl.wordpress.com/2018/02/04/ssh-hijacking-for-lateral-movement/
- https://blog.tarq.io/vestacp-root-privilege-escalation/
- https://xorl.wordpress.com/2017/11/20/reverse-engineering-isdebuggerpresent/
- https://goo.gl/8pqJek (+)
- https://goo.gl/646izH (+)
- http://trackwatch.com/windows-kernel-pool-spraying/
- https://goo.gl/8JYRYz (+)
- https://thatoddmailbox.github.io/2017/01/28/iotaseed.html
- https://goo.gl/V3dMKJ (+)
- https://www.n00py.io/2017/01/removing-backdoors-powershell-empire-edition/
- http://www.paulosyibelo.com/2018/02/hotspot-shield-cve-2018-6460-sensitive.html
- https://jsnes.fir.sh/
- https://x8x.net/2017/11/19/home-alarm-vs-bus-pirate/
- https://diagprov.ch/posts/2017/03/a-polyglot-mbrpdfjarzip-cv.html
- https://blog.jensec.co/clickjacking-in-google-root-picker/
- https://sites.google.com/site/testsitehacking/-7-5k-Google-services-mix-up
- https://gist.github.com/PseudoLaboratories/260b6f24844785aacc1e2fb61dd05c01
- https://goo.gl/si8EhL (+)
- https://goo.gl/21Vtnp (+)
- https://mohemiv.com/all/evil-xml/
- http://sploit3r.xyz/blueborne-exploitation-nexus-4/
- http://www.greyhathacker.net/?p=1006
- https://x-c3ll.github.io/posts/javascript-antidebugging/
- https://osandamalith.com/2018/02/11/mysql-udf-exploitation/
- http://baraktawily.blogspot.pt/2018/02/how-to-dos-29-of-world-wide-websites.html
- https://www.halfdog.net/Security/2017/LibcRealpathBufferUnderflow/
- https://www.cybereason.com/blog/new-lateral-movement-techniques-abuse-dcom-technology
- https://www.secforce.com/blog/2014/02/from-cvs-import-to-cmd-exe-via-sql-injection/
- https://blog.pnb.io/2018/02/bruteforcing-linux-full-disk-encryption.html
- http://sandboxescaper.blogspot.pt/2018/02/how-to-escape-sandboxes-without.html
- http://www.tomanthony.co.uk/blog/googlebot-javascript-random/
- https://transfer.sh/
- http://0x90909090.blogspot.pt/2015/07/no-one-expect-command-execution.html
- http://www.insinuator.net/2014/05/django-image-validation-vulnerability/
- http://blog.cyberint.com/2014/05/facebook-hidden-friends-vulnerability.html
- http://blog.includesecurity.com/2014/06/exploit-walkthrough-cve-2014-0196-pty-kernel-race-condition.html
- http://hacksecproject.com/?p=73
- http://immunityservices.blogspot.pt/2014/06/from-patch-to-crash-story-of-ms13-089.html
- http://joe4security.blogspot.pt/2014/06/the-power-of-cookbooks-generic-https.html
- http://itsecurity.telelink.com/dhcp-attacks/
- https://code.google.com/p/ghost-usb-honeypot/
- http://blog.quarkslab.com/usb-fuzzing-basics-from-fuzzing-to-bug-reporting.html
- http://hackerforhire.com.au/data-exfiltration-over-ssl-with-srvdir/
- http://pastebin.com/raw.php?i=9s4TVqZq
- http://lambdaops.com/rm-rf-remains
- https://bughunt1307.herokuapp.com/googlebugs.html
- https://bugs.chromium.org/p/project-zero/issues/detail?id=1524
- http://woshub.com/port-forwarding-in-windows/
- https://malpedia.caad.fkie.fraunhofer.de/
- https://goo.gl/MEEp3F (+)
- https://0x00sec.org/t/malware-reversing-burpsuite-keygen/5167
- https://medium.com/@petergombos/lm-ntlm-net-ntlmv2-oh-my-a9b235c58ed4
- http://riscy.business/2018/02/ida-remote-execution/
- http://konukoii.com/blog/2018/02/16/5-min-tutorial-root-via-uart/
- https://zachgrace.com/2018/02/20/cobalt_strike_redirectors.html
- https://medium.com/@europa_/recoinnassance-7840824b9ef2
- http://blog.frizn.fr/glibc/glibc-heap-to-rip
- https://textslashplain.com/2018/02/14/understanding-the-limitations-of-https/
- https://medium.com/@appmattus/android-security-ssl-pinning-1db8acb6621e
- https://ipx.ac/run
- https://ide.onelang.io/
- https://goo.gl/LAUsok (+)
- https://slashcrypto.org/2018/02/27/TenX_Account_Takeover/
- https://hackerone.com/reports/303061
- https://goo.gl/NnoZPp (+)
- https://goo.gl/YjRkGK (+)
- http://jsyang.ca/hacks/gear-vr-rev-eng/
- https://nickbloor.co.uk/2018/02/28/popping-wordpress/
- http://agrrrdog.blogspot.pt/2018/01/java-deserialization-misusing-ojdbc-for.html
- http://www.freebuf.com/articles/terminal/160041.html
- https://tunnelshade.in/blog/2018/01/afl-internals-compile-time-instrumentation/
- https://krbtgt.pw/smbv3-null-pointer-dereference-vulnerability/
- http://blog.ptsecurity.com/2018/02/new-bypass-and-protection-techniques.html
- https://www.mike-gualtieri.com/posts/stealing-data-with-css-attack-and-defense
- https://disconnect3d.pl/2018/02/24/log-injection-aka-tailing-logs-is-unsafe/
- https://waveforms.surge.sh/waveforms-intro
- https://medium.com/@malcomvetter/responsible-red-teams-1c6209fd43cc
- https://goo.gl/eSAL6F (+)
- https://s1gnalcha0s.github.io/dspl/2018/03/07/Stored-XSS-and-SSRF-Google.html
- https://goo.gl/epujHQ (+)
- https://zeltser.com/analyzing-malicious-documents/
- https://goo.gl/46qXeQ (+)
- https://heap-exploitation.dhavalkapil.com/
- https://goo.gl/S4zdcJ (+)
- https://erpscan.com/press-center/blog/adapting-hashcat-for-sap-half-hashes/
- https://goo.gl/iNxWA1 (+)
- https://blog.varonis.com/understanding-malware-free-hacking-part/
- https://bazad.github.io/2018/03/a-fun-xnu-infoleak/
- https://arxiv.org/pdf/1710.08864.pdf
- https://osandamalith.com/2018/02/01/exploiting-format-strings-in-windows/
- https://hackmd.io/s/rJ-3VKNPG
- http://blog.koehntopp.info/index.php/3075-how-not-to-run-a-ca/
- https://lightningsecurity.io/blog/bypassing-payments-using-webhooks/
- https://www.josipfranjkovic.com/blog/facebook-friendlist-paymentcard-leak
- https://labs.detectify.com/2018/03/14/graphql-abuse/
- https://goo.gl/vNVzN1 (+)
- https://www.eideon.com/2018-03-02-THL03-WMIBackdoors/
- http://blog.japaric.io/safe-dma/
- https://goo.gl/iz1hLP (+)
- https://secdevops.ai/ios-static-analysis-and-recon-c611eaa6d108
- https://goo.gl/ND8WeR (+)
- https://reboare.github.io/lxd/lxd-escape.html
- https://medium.com/@vysec.private/alibaba-cdn-domain-fronting-1c0754fa0142
- https://blog.stealthbits.com/dcshadow-attacking-active-directory-with-rogue-dcs/
- https://medium.com/secjuice/php-ssrf-techniques-9d422cb28d51
- https://infocon.org/
- https://opnsec.com/2018/03/stored-xss-on-facebook/
- https://ahussam.me/Leaking-WordPress-CSRF-Tokens/
- https://hackerone.com/reports/300748
- https://www.unix-ninja.com/p/A_cheat-sheet_for_password_crackers
- http://developers-club.com/posts/250999/
- https://goo.gl/cAHW3N (+)
- https://rastamouse.me/2018/03/laps---part-1/
- https://saleemrashid.com/2018/03/20/breaking-ledger-security-model/
- https://ryan.govost.es/2018/03/09/deepsound.html
- https://staaldraad.github.io/post/2018-03-16-quick-win-with-graphql/
- https://goo.gl/y1y8bn (+)
- https://blog.jessfraz.com/post/building-container-images-securely-on-kubernetes/
- https://oddvar.moe/2018/03/21/persistence-using-runonceex-hidden-from-autoruns-exe/
- https://www.guardicore.com/2018/03/recovering-plaintext-passwords-azure/
- https://goo.gl/64sxc8 (+)
- http://misteralfa-hack.blogspot.pt/2018/03/leaking-facebook-internal-ip.html
- https://codewhitesec.blogspot.pt/2018/03/exploiting-adobe-coldfusion.html
- http://tech.jonathangardner.net/wiki/Why_Java_Sucks
- https://gethead.info/
- https://medium.com/@Alra3ees/google-adwords-3133-7-stored-xss-27bb083b8d27
- https://hawkinsecurity.com/2018/03/24/gaining-filesystem-access-via-blind-oob-xxe/
- https://zero-day.io/modifyexploits/
- https://blog.jli.host/posts/cf-auto-minify/
- https://www.leavesongs.com/PENETRATION/client-session-security.html
- https://goo.gl/fnxgfx (+)
- https://jellyhive.com/activity/posts/2018/03/26/csp-implementations-are-broken/
- https://magisterquis.github.io/2018/03/11/process-injection-with-gdb.html
- https://medium.com/@cloudyforensics/how-to-perform-aws-cloud-forensics-309a03a77aee
- https://goo.gl/93GuBP (+)
- https://goo.gl/5Nu3xo (+)
- https://goo.gl/Vunae1 (+)
- https://ncona.com/2015/02/consuming-a-google-id-token-from-a-server/
- https://jeremyrickard.github.io/post/fun-with-aci/
- https://pjreddie.com/darknet/yolo/
- https://jgthms.com/javascript-in-14-minutes/
- https://ngailong.wordpress.com/2018/02/13/the-mystery-of-postmessage/
- http://bit.ly/2IxLqdT (+)
- http://www.getmantra.com/web-app-security-testing-with-browsers/
- https://syscall.eu/blog/2018/03/12/aigo_part1/
- http://gosecure.net/2018/04/03/beyond-xss-edge-side-include-injection/
- http://bluec0re.blogspot.pt/2018/03/cve-2018-7160-pwning-nodejs-developers.html
- https://blog.ice9.us/2018/04/stealing-credit-cards-from-fuze-bluetooth.html
- https://magisterquis.github.io/2018/03/31/in-memory-only-elf-execution.html
- https://medium.com/@cintainfinita/knocking-down-the-big-door-8e2177f76ea5
- http://blog.orange.tw/2018/03/pwn-ctf-platform-with-java-jrmp-gadget.html
- https://phoenhex.re/2018-03-25/not-a-vagrant-bug
- https://lightbulbone.com/posts/2016/10/dsmos-kext/
- https://krbtgt.pw/windows-remote-assistance-xxe-vulnerability/
- http://bit.ly/2Gz3aJj (+)
- https://holeybeep.ninja/
- http://bit.ly/2q81V8U (+)
- https://www.anishathalye.com/2018/04/03/macbook-touchscreen/
- https://philippeharewood.com/facebook-graphql-csrf/
- http://bit.ly/2v6ODPN (+)
- https://secrary.com/Random/BypassUserHooks/
- http://bit.ly/2HvXjSg (+)
- https://jdow.io/blog/2018/03/18/web-application-penetration-testing-methodology/
- https://blog.fabiopires.pt/running-your-instance-of-burp-collaborator-server/
- http://bit.ly/2GSKOmB (+)
- http://bit.ly/2EGBVGP (+)
- https://medium.com/@yassergersy/xss-to-session-hijack-6039e11e6a81
- https://snyk.io/blog/attacking-an-ftp-client/
- https://www.mindpointgroup.com/blog/pen-test/cloudfront-hijacking/
- https://embedi.com/blog/reflecting-upon-owasp-top-10-iot-vulnerabilities/
- https://clo.ng/blog/osquery_reverse_shell/
- https://medium.com/@jeremy.trinka/event-log-auditing-demystified-75b55879f069
- http://bit.ly/2EFUPhc (+)
- https://osandamalith.com/2018/04/07/haxing-minesweeper/
- https://blog.benjojo.co.uk/post/tor-onions-to-v6-with-iptables-proxy
- http://bit.ly/2HfV9ZS (+)
- http://bit.ly/2HylK3L (+)
- http://bit.ly/2HbjccF (+)
- https://www.dasp.co/
- https://gist.github.com/sirdarckcat/fe8ce94ef25de375d13b7681d851b7b4
- https://pythontips.com/2018/04/15/reverse-engineering-soundcloud-api/
- http://byte-atlas.blogspot.pt/2018/04/apivectors.html
- http://bit.ly/2qL2dCT (+)
- http://bit.ly/2HMh9c9 (+)
- https://ifc0nf1g.xyz/blog/post/pwning-admin-panel-with-recon/
- http://www.duskborn.com/how-to-read-write-llvm-bitcode/
- http://bit.ly/2JbbAU5 (+)
- https://paper.seebug.org/563/
- https://blog.benjojo.co.uk/post/encoding-data-into-dubstep-drops
- https://lightningsecurity.io/blog/linkedin/
- http://bit.ly/2HsCqdK (+)
- http://bit.ly/2vOHq71 (+)
- http://blog.secu.dk/blog/Tunnels_in_a_hard_filtered_network
- https://security.szurek.pl/exploit-bypass-php-escapeshellarg-escapeshellcmd.html
- http://csl.com.co/rid-hijacking/
- http://bit.ly/2KgT5i9 (+)
- https://blog.xpnsec.com/total-meltdown-cve-2018-1038/
- http://touhidshaikh.com/blog/?p=790
- https://arvanaghi.com/blog/reversing-ethereum-smart-contracts/
- http://bit.ly/2JqTRIs (+)
- https://habrahabr.ru/post/272187/
- http://blogs.360.cn/blog/how-to-kill-a-firefox-en/
- http://bit.ly/2HQEpYV (+)
- https://w00tsec.blogspot.pt/2018/04/abusing-mysql-local-infile-to-read.html
- http://bit.ly/2vRctiE (+)
- http://lab.onsec.ru/2014/06/xxe-oob-exploitation-at-java-17.html
- http://blog.rop.io/http-cache-poisoning-explained.html
- http://www.freebuf.com/articles/terminal/36503.html
- https://www.duosecurity.com/blog/duo-security-researchers-uncover-bypass-of-paypal-s-two-factor-authentication
- https://gist.github.com/willurd/5720255
- http://www.sploitmonkey.com/2014/06/introducing-pyhashcat.html
- http://sourceforge.net/projects/zeppoo/
- https://examplecode.github.io/tools/2014/06/20/the-tools-prevent-dns-cache-pollution/
- http://blog.crackpassword.com/2014/06/breaking-into-icloud-no-password-required/
- http://www.labofapenetrationtester.com/2014/06/hacking-jenkins-servers.html
- http://www.harmj0y.net/blog/
- http://hashcrack.org/index.html#190614
- http://yurichev.com/RE-book.html
- https://medium.com/@oleavr/build-a-debugger-in-5-minutes-1-5-51dce98c3544
- https://www.technovelty.org/linux/what-actually-happens-when-you-plug-in-a-usb-device.html
- https://dicesoft.net/projects/wildcard-code-execution-exploit.htm
- https://eligrey.com/blog/google-inbox-spoofing-vulnerability/
- http://bit.ly/2Ib7xua (+)
- http://bit.ly/2rjGMcf (+)
- http://bit.ly/2rjC1zr (+)
- https://erpscan.com/press-center/blog/oracle-ebs-penetration-testing-tool/
- https://www.exploit-db.com/exploits/44553/
- https://telekomsecurity.github.io/2018/04/trovebox-vulnerabilities.html
- https://keenlab.tencent.com/en/2018/04/23/A-bunch-of-Red-Pills-VMware-Escapes/
- https://www.computest.nl/wp-content/uploads/2018/04/connected-car-rapport.pdf
- http://bit.ly/2jqx9oP (+)
- http://www.danielbohannon.com/blog-1/2018/3/19/test-your-dfir-tools-sysmon-edition
- http://bit.ly/2HNPhHA (+)
- https://insert-script.blogspot.pt/2018/05/adobe-reader-pdf-client-side-request.html
- http://blog.nsfocus.net/cve-2018-6574/
- https://0x00rick.com/research/2018/04/20/afl_intro.html
- http://bit.ly/2jt5eVl (+)
- https://www.atredis.com/blog/cylance-privilege-escalation-vulnerability
- http://hanno-rein.de/archives/349
- https://blog.benjojo.co.uk/post/tls-https-server-from-a-yubikey
- https://charles.dardaman.com/js_coinhive_in_excel
- http://blog.mindedsecurity.com/2018/04/dom-based-cross-site-scripting-in.html
- http://bit.ly/2rzhJCi (+)
- https://michael-eder.net/post/2018/native_rdp_pass_the_hash/
- https://goo.gl/JyAG1p (+)
- https://xiaodaozhi.com/exploit/117.html
- http://blog.redactedsec.net/exploits/2018/04/26/nagios.html
- http://bit.ly/2rwqr5c (+)
- https://diablohorn.com/2018/02/04/identify-a-whitelisted-ip-address/
- https://medium.com/101-writeups/hacking-json-web-token-jwt-233fe6c862e6
- http://bit.ly/2wuN0Mn (+)
- http://sploit3r.xyz/cve-2017-13284-injection-in-configuration-file/
- https://medium.com/@vysec.private/domain-fronting-who-am-i-3c982ccd52e6
- http://everdox.net/popss.pdf
- https://gdprchecklist.io/
- http://bit.ly/2KdA5k3 (+)
- https://momo5502.com/blog/?p=34
- http://bit.ly/2rNr5LC (+)
- http://bit.ly/2rKklhB (+)
- https://ivrodriguez.com/reverse-engineer-ios-apps-ios-11-edition-part1/
- https://blog.ensilo.com/ctrl-inject
- http://bit.ly/2KuMPCX (+)
- http://bit.ly/2Iofw7L (+)
- https://gdelugre.github.io/2018/05/10/3gpp-ota-security-evolution/
- https://systemoverlord.com/2018/04/16/the-iot-hackers-toolkit.html
- https://musings.konundrum.org/2018/05/03/debugging-windows-services.html
- https://0xpatrik.com/asset-discovery/
- http://bit.ly/2Kyi5AT (+)
- http://www.insomniacsecurity.com/2018/05/09/boblobblob.html
- https://neonsea.uk/blog/2018/04/15/pwn910nd.html
- https://efail.de/
- http://ryan.govost.es/2018/03/27/sakuracam.html
- https://try.mydatarequest.com/
- https://hackerone.com/reports/341876
- https://sites.google.com/site/testsitehacking/-36k-google-app-engine-rce
- http://newosxbook.com/tools/jtool.html
- https://x1m.nl/posts/laravel-xss-vuln/
- https://jaiverma.github.io/blog/ios-game-hacking
- http://bit.ly/2KT59WD (+)
- http://deniable.org/reversing/symbolic-execution
- http://bit.ly/2GMLZ1V (+)
- https://blog.jli.host/posts/cloudflare-scrape-shield/
- https://security.szurek.pl/gitbucket-unauthenticated-rce.html
- https://medium.com/@canavaroxum/xxe-on-windows-system-then-what-76d571d66745
- http://bit.ly/2s4NrHM (+)
- http://www.harmj0y.net/blog/powershell/command-and-control-using-active-directory/
- https://blog.benjojo.co.uk/post/bgp-battleships
- http://www.computerhistory.org/atchm/adobe-photoshop-source-code/
- https://www.robertxiao.ca/hacking/locationsmart/
- https://hackerone.com/reports/85624
- https://poc-server.com/blog/2018/05/22/rce-by-uploading-a-web-config/
- http://www.orionforensics.com/w_en_page/USB_forensic_tracker.php
- http://bit.ly/2J4uc8r (+)
- https://andresriancho.com/recaptcha-bypass-via-http-parameter-pollution/
- https://justi.cz/security/2018/05/23/cdn-tar-oops.html
- http://bit.ly/2kGAXmA (+)
- http://blogs.360.cn/blog/eos-node-remote-code-execution-vulnerability/
- https://rhinosecuritylabs.com/aws/amazon-aws-misconfiguration-amazon-go/
- https://embedi.com/blog/dji-spark-hijacking/
- https://silviavali.github.io/Electron/only_an_electron_away_from_code_execution
- https://blog.doyensec.com/2018/05/17/graphql-security-overview.html
- http://bit.ly/2xwjIgR (+)
- http://devalias.net/devalias/2018/05/13/usb-reverse-engineering-down-the-rabbit-hole/
- https://gdprhallofshame.com/
- https://resinos.io/
- http://www.maizure.org/projects/printf/index.html
- http://bit.ly/2Lv2eUp (+)
- https://blog.innerht.ml/internet-explorer-has-a-url-problem/#rpoingooglefusiontable
- https://hackertarget.com/tcpdump-examples/
- http://bit.ly/2HrpwYT (+)
- https://staaldraad.github.io/post/2018-06-03-cve-2018-11235-git-rce/
- https://blahcat.github.io/2018/03/11/fuzzing-arbitrary-functions-in-elf-binaries/
- https://www.serializing.me/2018/06/03/rooting-the-technicolor-7210/
- http://bit.ly/2JzKqtY (+)
- http://gosecure.net/2018/05/15/beware-of-the-magic-spell-part-1-cve-2018-1273/
- https://ownyourbits.com/2018/05/23/the-real-power-of-linux-executables/
- https://blogs.securiteam.com/index.php/archives/3689
- https://nytrosecurity.com/2018/05/30/understanding-java-deserialization/
- https://nbulischeck.io/posts/misusing-debugfs-for-in-memory-rce
- http://bigric3.blogspot.pt/2018/05/cve-2018-8120-analysis-and-exploit.html
- https://eklitzke.org/lobotomizing-gnome
- https://wtfutil.com
- http://bit.ly/2JFjwl2 (+)
- https://www.bishopfox.com/blog/2018/06/server-side-spreadsheet-injections/
- http://rift.stacktitan.com/debug-survival-the-compiled-dll/
- https://gist.github.com/ricardojba/ecdfe30dadbdab6c514a530bc5d51ef6
- http://bit.ly/2JT6dNe (+)
- https://blog.umangis.me/persistent-r-w-on-ios-11-2-6/
- https://wojciechregula.blog/your-encrypted-photos-in-macos-cache/
- https://blog.ret2.io/2018/06/05/pwn2own-2018-exploit-development/
- https://blog.ripstech.com/2018/moodle-remote-code-execution/
- https://intoli.com/blog/not-possible-to-block-chrome-headless/
- http://bit.ly/2JOjXp8 (+)
- https://neopg.io/blog/enigmail-signature-spoof/
- https://blog.spaceduck.io/siaberry-1/
- http://bit.ly/2JQFTTP (+)
- http://bit.ly/2JAq4l3 (+)
- https://undercurrents.io/
- https://bernsteinbear.com/blog/how-to-mess-with-your-roommate/
- https://jamchamb.github.io/2018/06/09/animal-crossing-developer-mode.html
- https://sekurak.pl/xss-w-google-colaboratory-obejscie-content-security-policy/
- http://bit.ly/2yFRocH (+)
- http://10degres.net/testing-flash-swf/
- https://codewhitesec.blogspot.com/2018/06/cve-2018-0624.html
- https://www.sxcurity.pro/advanced-cors-techniques/
- https://medium.com/secjuice/waf-evasion-techniques-718026d693d8
- https://payatu.com/guide-linux-privilege-escalation/
- https://blog.sigmaprime.io/solidity-security.html
- https://blog.vulnspy.com/2018/06/21/phpMyAdmin-4-8-x-Authorited-CLI-to-RCE/
- http://bit.ly/2MJqvHL (+)
- http://bit.ly/2tgPERM (+)
- https://www.tarlogic.com/en/blog/red-team-tales-0x01/
- https://www.sec-1.com/blog/2017/office365-activesync-username-enumeration
- http://bit.ly/2KacLqQ (+)
- http://bit.ly/2MxC5V9 (+)
- https://finnwea.com/blog/stealing-passwords-from-mcdonalds-users/
- https://blog.bentkowski.info/2018/06/setting-arbitrary-request-headers-in.html
- https://0xpatrik.com/subdomain-takeover-starbucks/
- http://mattwarren.org/2018/06/15/Tools-for-Exploring-.NET-Internals/
- https://blog.netspi.com/databases-and-clouds-sql-server-as-a-c2/
- http://agarri.fr/docs/ipobf.py
- http://bit.ly/2KgbW0I (+)
- http://bit.ly/2yyota8 (+)
- http://bit.ly/2N7QCrJ (+)
- https://latacora.singles/2018/06/21/loud-subshells.html
- https://www.codewatch.org/blog/?p=453
- http://bit.ly/2tCi7BH (+)
- https://alephsecurity.com/2018/06/26/spectre-browser-query-cache/
- http://bit.ly/2KhAN4f (+)
- https://stek29.rocks/2018/06/26/nvram.html
- https://modexp.wordpress.com/2018/06/08/stop-event-logger/
- https://medium.com/0xcc/bypass-macos-rootless-by-sandboxing-5e24cca744be
- https://srcincite.io/blog/2018/05/21/adobe-me-and-a-double-free.html
- http://bit.ly/2Kup8ec (+)
- http://bit.ly/2KQdVoE (+)
- http://bit.ly/2tXqWX4 (+)
- https://gitlab.com/0x4ndr3/blog/tree/master/JSgen
- https://hansesecure.de/backdooring-pe-file-with-aslr/
- https://alter-attack.net/
- https://lucasg.github.io/2017/06/07/listing-known-dlls/
- http://bit.ly/2tXrs7s (+)
- http://bit.ly/2tYVsjf (+)
- https://www.wst.space/ssl-part1-ciphersuite-hashing-encryption/
- https://www.jeremydaly.com/event-injection-a-new-serverless-attack-vector/
- http://nullprogram.com/blog/2018/06/23/
- https://www.shelliscoming.com/2018/06/windows-reuse-shellcode-based-on.html
- http://bit.ly/2zd0Ap7 (+)
- https://rampageattack.com/
- https://landlock.io/
- http://bit.ly/2tKjNs3 (+)
- http://natashenka.ca/reversing-my-tamagotchi-forever-evolution/
- http://bit.ly/2zd35I1 (+)
- http://blog.securitymouse.com/2014/06/raising-lazarus-20-year-old-bug-that.html
- http://blog.h3xstream.com/2014/06/identifying-xml-external-entity.html
- http://kos.io/outlook/
- http://blog.sucuri.net/2014/06/anatomy-of-a-remote-code-execution-bug-on-disqus.html
- http://blog.nullmode.com/blog/2014/06/28/getting-personal-with-powershell/
- https://toastedcornflakes.github.io/blog/2014/06/28/static-analysis-of-cysca-2014-portknock-using-hopper-disassembler/
- http://www.mafiasecurity..com/install-guides/step-by-step-penetration-test/
- https://bitquark.co.uk/blog/2013/07/23/the_unexpected_dangers_of_preg_replace
- http://www.hackwhackandsmack.com/?p=315
- http://developers.mobage.jp/blog/2014/7/3/jsonsql-injection
- http://moyix.blogspot.co.uk/2014/07/breaking-spotify-drm-with-panda.html
- http://cfenollosa.com/misc/tricks.txt
- http://bit.ly/2L1rTYd (+)
- http://bit.ly/2JgS3RR (+)
- https://x-c3ll.github.io/posts/Frida-Pwn-Adventure-3/
- http://bit.ly/2N7w8P8 (+)
- http://bit.ly/2mfSKBI (+)
- https://www.forcepoint.com/blog/security-labs/analyzing-webassembly-binaries
- https://dyn.com/blog/shutting-down-the-bgp-hijack-factory/
- http://bit.ly/2mfL1mZ (+)
- https://rootkits.xyz/blog/2017/06/kernel-setting-up/
- https://blog.netspi.com/bypass-sql-logon-triggers/
- https://0xpatrik.com/phishing-domains/
- https://objective-see.com/blog/blog_0x34.html
- http://bazad.github.io/2018/07/xpc-string-leak/
- https://www.fastly.com/blog/hijacking-control-flow-webassembly-program
- http://bit.ly/2KQK83a (+)
- https://nahamsec.com/chaining-multiple-vulnerabilities-to-gain-admin-access/
- http://craftinginterpreters.com/
- http://bit.ly/2NLEwF3 (+)
- http://bit.ly/2uC7Yp4 (+)
- https://haiderm.com/how-i-was-able-to-delete-13k-microsoft-translator-projects/
- https://scund00r.com/all/rfid/tutorial/2018/07/12/rfid-theif-v2.html
- https://www.anitian.com/blog/owning-saml/
- http://bit.ly/2LtgXPX (+)
- https://www.endgame.com/blog/technical-blog/hunting-memory-net-attacks
- https://posts.specterops.io/shelling-apache-felix-with-java-bundles-2450d3a099a
- http://bit.ly/2O21CYc (+)
- http://www.mohamedharon.com/2018/01/practical-jsonp-injection.html
- https://nytrosecurity.com/2018/02/26/hooking-chromes-ssl-functions/
- http://bit.ly/2LxaXFU (+)
- https://www.peckshield.com/2018/07/12/tradeRifle/
- http://bit.ly/2O5x7k2 (+)
- https://www.ambionics.io/blog/prestashop-privilege-escalation
- https://j00ru.vexillium.org/2018/07/exploiting-a-windows-10-pagedpool-off-by-one/
- https://jamie.build/how-to-build-an-npm-worm
- https://iandouglasscott.com/2018/07/04/canon-dslr-bluetooth-remote-protocol/
- https://medium.com/@d0nut/exfiltration-via-css-injection-4e999f63097d
- http://bit.ly/2mL4nAZ (+)
- https://opnsec.com/2018/07/into-the-borg-ssrf-inside-google-production-network/
- http://bit.ly/2OgSvmB (+)
- https://hackerone.com/reports/334488
- http://bit.ly/2LDtSSN (+)
- http://blog.sevagas.com/?Advanced-USB-key-phishing
- http://deniable.org/reversing/binary-instrumentation
- https://blog.jse.li/posts/marveloptics-malware/
- https://medium.com/@jonathanbouman/persistent-xss-at-ah-nl-198fe7b4c781
- https://codecat.nl/2018/05/reverse-engineering-and-exploiting-a-game-trainer/
- http://bit.ly/2LqhndN (+)
- https://blog.doyensec.com/2018/07/19/instrumenting-electron-app.html
- https://arp242.net/weblog/yaml_probably_not_so_great_after_all.html
- http://obtruse.syfrtext.com/2018/07/oracle-privilege-escalation-via.html
- https://modexp.wordpress.com/2018/07/12/process-injection-writing-payload/
- https://neonsea.uk/blog/2018/07/21/tmp-to-rce.html
- http://asintsov.blogspot.com/2018/07/cisco-webex-teams-remote-code-execution.html
- https://manpages.bsd.lv/history.html
- http://wouter.coekaerts.be/2018/java-type-system-broken
- https://blog.bentkowski.info/2018/07/vulnerability-in-hangouts-chat-aka-how.html
- https://medium.com/@tomnomnom/crlf-injection-into-phps-curl-options-e2e0d7cfe545
- http://bit.ly/2AGDeZs (+)
- https://gitlab.com/expliot_framework/expliot
- http://bit.ly/2JUBHU1 (+)
- https://asaf.me/2018/07/23/attacking-the-attackers/
- http://bit.ly/2KmNOV4 (+)
- http://bit.ly/2MdGmxp (+)
- https://medium.com/@Wflki/exploiting-electron-rce-in-exodus-wallet-d9e6db13c374
- http://liberty-shell.com/sec/2018/07/28/netshlep/
- http://bit.ly/2AAIPAE (+)
- http://bit.ly/2OEFCmE (+)
- https://movaxbx.ru/2018/07/16/bypass-data-execution-protection-dep/
- https://blog.xpnsec.com/hevd-null-pointer/
- http://bit.ly/2v9IbFk (+)
- https://ntcore.com/?p=488
- https://brewpress.beer/
- https://hackerone.com/reports/260697
- http://bit.ly/2vvsgBc (+)
- http://10degres.net/colorize-your-hunt/
- https://medium.com/@adam.toscher/new-attack-on-wpa-wpa2-using-pmkid-96c3119f7f99
- https://labs.mwrinfosecurity.com/blog/repacking-and-resigning-ios-applications/
- http://bit.ly/2vyB2NU (+)
- http://bit.ly/2OWNkbW (+)
- https://tpx.mx/blog/2018/google-pay-replay-attack.html
- http://bit.ly/2AYffFu (+)
- https://noncombatant.org/application-principals/
- https://edoverflow.com/2018/logic-flaws-in-wot-services
- https://grimhacker.com/2018/03/09/just-a-printer/
- https://neonsea.uk/blog/2018/08/01/hikvision-keygen.html
- http://bit.ly/2OWtGwK (+)
- https://vztekoverflow.com/2018/07/31/tbal-dpapi-backdoor/
- https://manishearth.github.io/blog/2018/02/15/picking-apart-the-crashing-ios-string/
- http://blogs.360.cn/blog/eos-asset-multiplication-integer-overflow-vulnerability/
- https://regexcrossword.com/
- https://www.masswerk.at/nowgobang/2018/anatomy-of-an-rng
- http://matthewearl.github.io/2018/06/28/smb-level-extractor/
- https://portswigger.net/blog/practical-web-cache-poisoning
- http://blog.orange.tw/2018/08/how-i-chained-4-bugs-features-into-rce-on-amazon.html
- http://bit.ly/2MkBTgE (+)
- https://ohpe.github.io/juicy-potato/
- http://www.pwncode.club/2018/08/macro-used-to-spoof-parent-process.html
- https://cofense.com/abusing-microsoft-windows-utilities-deliver-malware-fun-profit/
- https://blog.fox-it.com/2018/08/14/phishing-ask-and-ye-shall-receive/
- http://bit.ly/2MpV8of (+)
- https://hackerone.com/reports/386807
- https://blog.trailofbits.com/2018/08/14/fault-analysis-on-rsa-signing/
- http://bit.ly/2Mhs0QG (+)
- http://bit.ly/2Mx7cnB (+)
- https://rayanfam.com/topics/inside-windows-page-frame-number-part1/
- https://pequalsnp-team.github.io/writeups/analisys_telegram_passport
- https://foreshadowattack.eu
- https://bohops.com/2018/08/04/capturing-netntlm-hashes-with-office-dot-xml-documents/
- http://bit.ly/2KYQngG (+)
- http://bit.ly/2Mg11oJ (+)
- https://shkspr.mobi/blog/2018/08/twitters-secret-guest-mode/
- https://jumpespjump.blogspot.com/2018/08/how-to-build-burner-device-for-def-con.html
- https://ninja.style/post/bcard/
- https://hackerone.com/reports/395296
- https://www.blackhillsinfosec.com/how-to-hack-websockets-and-socket-io/
- https://ntdiff.github.io/
- http://www.kvakil.me/posts/ropchain/
- https://hackerone.com/reports/126522
- http://bit.ly/2NeGNs1 (+)
- http://bit.ly/2wgLB8Q (+)
- https://codewhitesec.blogspot.pt/2018/01/handcrafted-gadgets.html
- https://blogs.securiteam.com/index.php/archives/3736
- http://bit.ly/2w67bOb (+)
- https://shkspr.mobi/blog/2018/01/mailchimp-leaks-your-email-address/
- https://lgtm.com/blog/apache_struts_CVE-2018-11776
- http://bit.ly/2PtttS5 (+)
- http://bit.ly/2BzZKDO (+)
- https://uselesscsp.com/
- http://www.deaddialect.com/articles/2018/8/17/badge-story
- https://hawkinsecurity.com/2018/08/27/traversing-the-path-to-rce/
- https://blog.scrt.ch/2018/08/24/remote-code-execution-on-a-facebook-server/
- https://www.powershellgallery.com/packages/InjectionHunter/1.0.0
- https://hackerone.com/reports/401136
- https://laconicwolf.com/2018/04/13/burp-extension-python-tutorial/
- https://hunter2.gitbook.io/darthsidious/privilege-escalation/alpc-bug-0day
- https://gist.github.com/PaulSec/26251d56134c7fedb2176f2290202546
- https://gist.github.com/williballenthin/1c2bc539041ee3bea7a4c7129072a9ac
- http://bit.ly/2MCbMBL (+)
- https://mike-n1.github.io/Unusual_XSS
- https://objective-see.com/blog/blog_0x36.html
- http://bit.ly/2o0Mm27 (+)
- https://www.voidsecurity.in/2018/08/from-compiler-optimization-to-code.html
- http://bit.ly/2o9oTvT (+)
- https://landgrey.me/struts2-045-debugging/
- https://payatu.com/redteaming-from-zero-to-one-part-1/
- https://b2dfir.blogspot.com/2016/10/touch-screen-lexicon-forensics.html
- https://lowleveldesign.org/2018/08/15/randomness-in-net/
- https://mattwarren.org/2018/08/28/Fuzzing-the-.NET-JIT-Compiler/
- https://www.contrastsecurity.com/security-influencers/cve-2018-15685
- https://bitmidi.com/
- http://bit.ly/2MQEqzs (+)
- https://philippeharewood.com/view-private-instagram-photos/
- https://blog.reigningshells.com/2018/09/hacking-rpi-cam-web-interface.html
- https://bneg.io/2018/01/15/iterm2-customizations-for-hackers/
- https://medium.com/@hakluke/haklukes-guide-to-hacking-without-metasploit-1bbbe3d14f90
- https://hackerone.com/reports/363971
- http://openwall.com/lists/oss-security/2018/05/17/1
- https://engineering.riotgames.com/news/riots-approach-anti-cheat
- https://dangokyo.me/2018/08/26/analysis-on-cve-2017-3000/
- https://phoenhex.re/2018-08-26/csgo-fuzzing-bsp
- https://justi.cz/security/2018/08/28/packagist-org-rce.html
- https://insecure.design/
- http://bit.ly/2oKrYTd (+)
- http://hatriot.github.io/blog/2018/08/22/dell-digital-delivery-eop/
- http://bit.ly/2MQSeK5 (+)
- http://williamshowalter.com/a-universal-windows-bootkit/
- http://bit.ly/2MTheQP (+)
- http://bit.ly/2M2eX0C (+)
- https://rya.nc/bitfi-wallet.html
- https://medium.com/@elkentaro/nothing-to-see-here-the-not-so-charger-62a51e3aab22
- https://hackerone.com/reports/317476
- https://ash-king.co.uk/facebook-bug-bounty-09-18.html
- http://bit.ly/2CS01CN (+)
- https://gitlab.com/technotame/cookie-decrypter
- http://exceptionlevelone.blogspot.pt/2018/02/creating-your-own-ios-1112-jailbreak.html
- https://gist.github.com/maldevel/1d46329e00ab0c076150ddbce90d94cd
- https://quentinkaiser.be/pentesting/2018/09/07/node-red-rce/
- https://www.rfk.id.au/blog/entry/security-bugs-ssrf-via-request-splitting/
- http://reversing.io/posts/introducing-finch/
- https://blogs.projectmoon.pw/2018/08/17/Edge-InlineArrayPush-Remote-Code-Execution/
- http://bit.ly/2xaQu4q (+)
- https://adapt-and-attack.com/2017/11/15/keying-payloads-for-scripting-languages/
- https://gracefulbits.com/2018/07/26/system-call-dispatching-for-windows-on-arm64/
- https://versprite.com/blog/json-deserialization-memory-corruption-vulnerabilities/
- http://bit.ly/2NcA6dG (+)
- https://siguza.github.io/KTRR/
- http://bit.ly/2p3wcpa (+)
- https://int0xcc.svbtle.com/using-concolic-execution-for-static-analysis-of-malware
- https://www.michaelfogleman.com/rush/
- http://nandgame.com/
- http://w00tsec.blogspot.pt/2014/07/foxit-pdf-reader-stored-xss.html
- https://www.sektioneins.de/en/blog/14-07-04-phpinfo-infoleak.html
- http://words.zemn.me/csp
- http://stephensclafani.com/2014/07/08/hacking-facebooks-legacy-api-part-1-making-calls-on-behalf-of-any-user/
- http://www.shelliscoming.com/2014/07/ip-knock-shellcode-spoofed-ip-as.html
- http://www.hackwhackandsmack.com/?p=345
- http://blog.cyberis.co.uk/2013/08/egresser-enumerate-outbound-firewall.html
- https://twindb.com/recover-innodb-table-after-drop-table-innodb/
- http://miki.it/blog/2014/7/8/abusing-jsonp-with-rosetta-flash/
- http://vamsoft.com/downloads/articles/vamsoft-headless-browsers-in-forum-spam.pdf
- http://bogus.jp/wp/?p=1687
- https://community.rapid7.com/community/metasploit/blog/2014/07/07/virtualbox-filename-command-execution-via-gksu
- http://www.acunetix.com/blog/web-security-zone/block-automated-scanners/
- https://community.qualys.com/blogs/securitylabs/2014/02/27/mediawiki-djvu-and-pdf-file-upload-remote-code-execution-vulnerability-cve-2014-1610
- https://gist.github.com/danielrehn/d2e6f2129e5f853c3166
- https://medium.com/@manicho/7af5d5f28038
- https://justi.cz/security/2018/09/13/alpine-apk-rce.html
- https://hackerone.com/reports/408583
- https://medium.com/@jonathanbouman/local-file-inclusion-at-ikea-com-e695ed64d82f
- https://cornerpirate.com/2018/07/24/grep-extractor-a-burp-extender/
- https://gamozolabs.github.io/fuzzing/2018/09/16/scaling_afl.html
- http://bit.ly/2NWlZcd (+)
- https://blog.thomasorlita.cz/vulns/google-csp-evaluator/
- https://rastamouse.me/2017/08/jumping-network-segregation-with-rdp/
- https://uncoder.io/
- https://medium.com/@vishwaraj101/ocr-to-xss-42720d85f7fa
- http://bit.ly/2OHA7mD (+)
- http://blog.nsfocus.net/cve-2018-804-analysis/
- https://www.contextis.com/blog/wap-just-happened-my-samsung-galaxy
- http://bit.ly/2NZYf78 (+)
- http://bit.ly/2poFVXa (+)
- https://blog.cylance.com/cracking-ransomware
- https://rastating.github.io/creating-a-custom-shellcode-encoder/
- https://rhinosecuritylabs.com/aws/aws-privilege-escalation-methods-mitigation/
- http://bit.ly/2wiFctW (+)
- https://oddvar.moe/2018/09/06/persistence-using-universal-windows-platform-apps-appx/
- http://rinseandrepeatanalysis.blogspot.com/2018/09/dde-downloaders-excel-abuse-and.html
- http://tonsky.me/blog/disenchantment/
- https://lcq2.github.io/x86_iphone/
- http://bit.ly/2NMLnC0 (+)
- https://medium.com/@jonathanbouman/reflected-xss-at-philips-com-e48bf8f9cd3c
- http://bit.ly/2Qf34Ha (+)
- https://www.n00py.io/2018/08/bypassing-duo-two-factor-authentication-fail-open/
- https://astr0baby.wordpress.com/2018/09/08/understanding-how-dll-hijacking-works/
- https://blog.secarma.co.uk/labs/hacking-with-git-git-enum-metasploit-module-release
- https://blog.benjojo.co.uk/post/qemu-monitor-socket-rce-vnc
- https://www.hackerone.com/blog/Guide-Subdomain-Takeovers
- http://krystalgamer.me/spidey-breaking/
- https://cyseclabs.com/blog/linux-kernel-heap-spray
- http://bit.ly/2N6yWM5 (+)
- http://www.s3.eurecom.fr/projects/modern-android-phishing/
- http://bit.ly/2R3ohVC (+)
- http://bit.ly/2xGnLEO (+)
- https://medium.com/tenable-techblog/advantech-webaccess-unpatched-rce-ffe9f37f8b83
- http://bit.ly/2xUAdQT (+)
- https://tunnelshade.in/blog/2018/09/hongfuzz-intel-pt-instrumentation/
- https://truepolyglot.hackade.org/
- https://safekeepcybersecurity.github.io/posts/2018/09/carhack_urh/
- https://medium.com/@the4rchangel/email-spoofing-with-netcat-telnet-e558e4a10c1
- https://medium.com/@brs.sgdc/google-stored-xss-in-payments-350cd7ba0d1b
- http://bit.ly/2OzZOsx (+)
- https://www.n00py.io/2018/10/popping-shells-on-splunk/
- https://gitlab.com/gitlab-org/gitlab-ce/issues/49133
- https://jacksonvd.com/pwned-passwords-and-ntlm-hashes/
- https://www.x41-dsec.de/lab/blog/fax/
- https://medium.com/@efkan162/how-i-xssed-uber-and-bypassed-csp-9ae52404f4c5
- https://jordanpotti.com/2018/10/03/violating-your-personal-space-with-webex/
- http://bit.ly/2OUsLMP (+)
- http://bit.ly/2DWsXtT (+)
- https://letsencrypt.org/docs/certificates-for-localhost/
- https://blog.lexfo.fr/cve-2017-11176-linux-kernel-exploitation-part1.html
- https://eli.thegreenplace.net/2011/01/23/how-debuggers-work-part-1/
- https://www.gironsec.com/blog/2018/01/expiring-payloads-in-the-metasploit-framework/
- http://ly0n.me/2015/08/01/writing-exploits-with-an-egghunter-part-1/
- https://blog.smartdec.net/smartdec-smart-contract-audit-beginners-guide-d04cc7f1c571
- http://blog.ptsecurity.com/2018/10/intel-me-manufacturing-mode-macbook.html
- https://www.linuxboot.org/
- http://www.lambdashell.com/
- https://blog.sheddow.xyz/css-timing-attack/
- http://www.sec-down.com/wordpress/?p=809
- http://bit.ly/2OQkWuJ (+)
- https://flatkill.org/
- http://bit.ly/2C601gF (+)
- https://geosn0w.github.io/Jailbreaks-Demystified/
- https://www.nc-lp.com/blog/disguise-phar-packages-as-images
- http://bit.ly/2yxlRWY (+)
- http://bit.ly/2NC71nl (+)
- https://prdeving.wordpress.com/2018/09/21/hiding-malware-in-windows-code-injection/
- https://ewilded.blogspot.pt/2018/01/vulnserver-my-kstet-exploit-delivering.html
- http://bit.ly/2C9esjR (+)
- https://alephsecurity.com/2018/01/22/qualcomm-edl-1/
- http://0xeb.net/2018/03/using-z3-with-ida-to-simplify-arithmetic-operations-in-functions/
- http://telegra.ph/
- https://blog.bejarano.io/hardening-macos.html
- http://bit.ly/2EuxUKF (+)
- http://bit.ly/2EttVhF (+)
- https://hackerone.com/reports/405100
- https://digi.ninja/blog/hiding_bash_history.php
- https://hackernoon.com/how-i-hacked-modern-vending-machines-43f4ae8decec
- http://bit.ly/2AhbatG (+)
- https://oddcoder.com/BROP-102/
- http://bit.ly/2J3ItTT (+)
- https://leucosite.com/Microsoft-Edge-RCE/
- https://www.xorrior.com/persistent-credential-theft/
- http://bit.ly/2NNfkgs (+)
- http://bit.ly/2yLKjDY (+)
- https://paper.seebug.org/716/
- https://medium.com/bugbountywriteup/bug-bounty-mail-ru-234fa6f5a5a
- https://outflank.nl/blog/2018/10/12/sylk-xlm-code-execution-on-office-2011-for-mac/
- https://tls.ulfheim.net/
- http://serveo.net/
- https://www.martinvigo.com/googlemeetroulette/
- https://rpadovani.com/facebook-responsible-disclosure
- https://fosterelli.co/privilege-escalation-via-docker.html
- http://bit.ly/2Jig0ti (+)
- https://bugid.skylined.nl/20181017001.html
- https://alephsecurity.com/2018/10/22/StackOverflowException/
- https://mp.weixin.qq.com/s/ebKHjpbQcszAy_vPocW0Sg
- https://blog.skullsecurity.org/2018/technical-rundown-of-webexec
- http://bit.ly/2PlwTsN (+)
- https://liberty-shell.com/sec/2018/10/20/living-off-the-land/
- https://hackerone.com/reports/348076
- https://gamozolabs.github.io/fuzzing/2018/10/18/terrible_android_fuzzer.html
- https://blog.stratumsecurity.com/2018/10/17/route-53-as-a-pentest-infrastructure/
- https://shadowfile.inode.link/blog/2018/10/source-level-debugging-the-xnu-kernel/
- https://ops.tips/blog/how-linux-tcp-introspection/
- https://research.kudelskisecurity.com/2018/10/23/build-your-own-hardware-implant/
- http://bit.ly/2qnqbnO (+)
- http://bit.ly/2QcNf46 (+)
- https://bitrot.sh/post/01-16-2018-password_spraying_adfs_with_burp/
- http://bit.ly/2DjQT9m (+)
- https://acru3l.github.io/2018/10/20/ropping-through-shady-corners/
- https://jerrygamblin.com/2018/10/29/google-home-insecurity/
- https://www.unix-ninja.com/p/attacking_google_authenticator
- https://www.securepatterns.com/2018/10/cve-2018-14665-xorg-x-server.html
- https://blog.quarkslab.com/playing-with-the-windows-notification-facility-wnf.html
- https://sandboxescaper.blogspot.com/2018/10/reversing-alpc-where-are-your-windows.html
- https://rhaidiz.net/2018/10/25/dribble-stealing-wifi-password-via-browsers-cache-poisoning
- https://lgtm.com/blog/apple_xnu_icmp_error_CVE-2018-4407
- http://bit.ly/2zkcxpG (+)
- http://bit.ly/2Jx7RBw (+)
- http://bit.ly/2ETzzKg (+)
- https://mango.pdf.zone/stealing-chrome-cookies-without-a-password
- https://hackerone.com/reports/303730
- https://serializethoughts.com/2018/10/07/bypassing-android-flag_secure-using-frida/
- https://danshumway.com/blog/gamasutra-vulnerabilities/
- https://habr.com/post/429004/
- https://wbenny.github.io/2018/11/04/wow64-internals.html
- https://blog.xpnsec.com/rundll32-your-dotnet/
- http://bit.ly/2QoKsol (+)
- http://bit.ly/2ROJSRt (+)
- https://www.tarlogic.com/en/blog/red-team-tales-0x02-from-sqli-to-domain-admin/
- https://paper.seebug.org/737/
- https://lgtm.com/blog/icecast_snprintf_CVE-2018-18820
- https://poppopret.blogspot.com/2011/09/playing-with-mof-files-on-windows-for.html
- https://marcan.st/2017/12/debugging-an-evil-go-runtime-bug/
- https://apapedulimu.click/clickjacking-on-google-myaccount-worth-7500/
- https://xlab.tencent.com/en/2018/11/13/cve-2018-4277/
- https://medium.com/@mrnikhilsri/oob-xxe-in-prizmdoc-cve-2018-15805-dfb1e474345c
- https://strm.sh/post/abusing-insecure-docker-deployments/
- https://shkspr.mobi/blog/2018/11/domain-hacks-with-unusual-unicode-characters/
- https://blog.xyz.is/2018/enso.html
- https://ibm.co/2FqIXoO (+)
- http://blogs.360.cn/post/VBScript_vul_EN.html
- https://security-bits.de/posts/2018/11/11/exposed_sonos_interface.html
- https://wwws.nightwatchcybersecurity.com/2018/11/11/cve-2018-15835/
- https://www.ixiacom.com/company/blog/trinity-p2p-malware-over-adb
- https://maxkersten.nl/binary-analysis-course/malware-analysis/dot-net-rat/
- https://medium.com/tenable-techblog/uac-bypass-by-mocking-trusted-directories-24a96675f6e
- http://bit.ly/2RWjjtj (+)
- https://medium.com/@mattharr0ey/lateral-movement-using-url-protocol-e6f7d2d6cf2e
- https://twobithistory.org/2018/11/12/cat.html
- http://bit.ly/2DSeKgK (+)
- http://bit.ly/2R6zbcG (+)
- https://out-of-tree.io/
- https://diary.shift-js.info/js-comment-block/
- https://ionize.com.au/multiple-transports-in-a-meterpreter-payload/
- https://www.hahwul.com/2018/11/waf-bypass-xss-payload-only-hangul.html
- https://justi.cz/security/2018/11/14/gvisor-lpe.html
- https://tinyhack.com/2018/11/21/reverse-engineering-pokemon-go-plus/
- https://fireshellsecurity.team/restricted-linux-shell-escaping-techniques/
- http://bit.ly/2zn0f0F (+)
- http://bit.ly/2DCUGy1 (+)
- https://www.elttam.com.au/blog/ruby-deserialization/
- http://bit.ly/2DTokQm (+)
- https://blog.cotten.io/hacking-gmail-with-weird-from-fields-d6494254722f
- https://menschers.com/2018/10/30/what-is-cve-2018-8493/
- https://wojciechregula.blog/your-signal-messages-can-leak-via-locked-screen-on-macos/
- http://signedmalware.org/
- https://nginxconfig.io/
- https://medium.com/@copyconstruct/socat-29453e9fc8a6
- https://vinicius777.github.io/blog/2014/07/14/truecrypt-privilege-escalation/
- http://www.tripwire.com/state-of-security/featured/analysis-for-phpmyadmin-xss-cve-2014-1879/
- http://blog.sucuri.net/2014/07/disclosure-insecure-nonce-generation-in-wptouch.html
- https://home.regit.org/2014/06/pshitt-collect-passwords-used-in-ssh-bruteforce/
- http://www.commonexploits.com/penetration-testing-scripts/
- http://www.viper.li/
- http://blogs.telerik.com/fiddler/posts/14-07-10/capturing-traffic-via-virtual-router
- https://archive.org/details/OISFOhioInformationSecurityForum2014
- http://h30499.www3.hp.com/t5/HP-Security-Research-Blog/Hacking-POS-Terminal-for-Fun-and-Non-profit/ba-p/6540620
- http://www.vulcanproxy.com/
- http://drimel.org/2014/07/14/shellcode-analysis-like-a-semi-pro/
- http://deadliestwebattacks.com/2013/10/21/a-default-base-of-xss/
- https://gcc.gnu.org/bugzilla/show_bug.cgi?id=30475
- http://vimeo.com/4530161
- http://tholman.com/giflinks/
- https://slashcrypto.org/2018/11/28/eBay-source-code-leak/
- https://www.ory.sh/sign-in-with-user-impersonation-oauth2-openid-connect
- https://medium.com/@Bank_Security/undetectable-c-c-reverse-shells-fab4c0ec4f15
- https://medium.com/@petergombos/smb-named-pipe-pivoting-in-meterpreter-462580fd41c5
- https://l.avala.mp/?p=285
- https://saleemrashid.com/2018/11/26/breaking-into-bitbox/
- http://bit.ly/2RnTVNd (+)
- http://bit.ly/2zzlQmu (+)
- https://medium.com/@SweetRollBandit/aws-slurp-github-takeover-f8c80b13e7b5
- https://blog.timac.org/2018/1126-deobfuscated-libmobilegestalt-keys-ios-12/
- http://bit.ly/2rbKlBV (+)
- http://bit.ly/2P8u5v1 (+)
- http://bit.ly/2TPBLWx (+)
- https://gcemetery.co/
- http://bit.ly/2FXmMGS (+)
- https://pwning.re/2018/12/04/github-desktop-rce/
- https://medium.com/@r0t1v/pwning-jboss-seam-2-like-a-boss-da5a43da6998
- https://secrary.com/Random/injectionwithoutinjection/
- https://www.justinoblak.com/2018/12/02/Smashing-AFL.html
- https://dylankatz.com/digging-in-to-scp-command-injection/
- https://blog.intothesymmetry.com/2018/12/billion-laugh-attack-in.html
- http://bit.ly/2zJXw1o (+)
- https://geosn0w.github.io/Debugging-macOS-Kernel-For-Fun/
- https://secureidentity.se/delete-domain-admin-accounts/
- https://salmg.net/2018/12/01/intro-to-nfc-payment-relay-attacks/
- http://bit.ly/2SARmI9 (+)
- https://medium.com/tenable-techblog/remotely-exploiting-zoom-meetings-5a811342ba1d
- https://modexp.wordpress.com/2018/10/30/arm64-assembly/
- https://www.voidsecurity.in/2018/11/virtualbox-nat-dhcpbootp-server.html
- https://gist.github.com/grugq/03167bed45e774551155
- http://bit.ly/2KYmIpj (+)
- https://jamchamb.github.io/2018/12/03/gamecube-memory-card-raspi.html
- https://www.honoki.net/2018/12/from-blind-xxe-to-root-level-file-read-access/
- https://www.betterhacker.com/2018/12/rce-in-hubspot-with-el-injection-in-hubl.html
- https://landgrey.me/influxdb-api-unauthorized-exploit/
- https://ardern.io/2018/12/07/angularjs-bxss/
- https://www.corben.io/XSS-to-XXE-in-Prince/
- http://bit.ly/2RW53kT (+)
- https://medium.com/@SecurityBender/exploiting-a-hql-injection-895f93d06718
- https://cyber.wtf/2018/03/28/dissecting-olympic-destroyer-a-walk-through/
- https://dev.to/antogarand/why-facebooks-api-starts-with-a-for-loop-1eob
- http://bit.ly/2EutRx7 (+)
- https://www.fidusinfosec.com/remote-code-execution-cve-2018-5767/
- https://blog.intothesymmetry.com/2018/12/persistent-xsrf-on-kubernetes-dashboard.html
- https://medium.com/javascript-security/avoiding-xss-in-react-is-still-hard-d2b5c7ad9412
- https://www.cybereason.com/blog/fauxpersky-credstealer-malware-autohotkey-kaspersky-antivirus
- http://fabiensanglard.net/dreamcast_hacking/
- https://www.reaperbugs.com/index
- https://mohemiv.com/all/exploiting-xxe-with-local-dtd-files/
- https://blog.avatao.com/How-I-could-steal-your-photos-from-Google/
- https://hackerone.com/reports/426944
- http://bit.ly/2Rd09mc (+)
- https://medium.com/@jamie.shaw/pass-the-cache-to-domain-compromise-320b6e2ff7da
- https://www.joachim-bauch.de/tutorials/loading-a-dll-from-memory/
- https://blog.cm2.pw/length-restricted-xss/
- http://bit.ly/2Rf4FAG (+)
- https://bnbdr.github.io/posts/swisscheese/
- https://blog.sektor7.net/#!res/2018/pure-in-memory-linux.md
- https://samcurry.net/reading-asp-secrets-for-17000/
- http://bit.ly/2PMOBl7 (+)
- https://bordplate.no/blog/en/post/interactive-rop-tutorial/
- http://bit.ly/2S8mfU9 (+)
- http://blog.digital-forensics.it/2017/04/brush-up-on-dropbox-dbx-decryption.html
- http://bit.ly/2LrTRKk (+)
- https://security.szurek.pl/kallithea-0-3-4-incorrect-access-control-and-xss.html
- https://smallstep.com/blog/everything-pki.html
- https://leucosite.com/WebExtension-Security/
- http://bit.ly/2SmvFf6 (+)
- https://jtnydv.xyz/2018/12/24/basic-xpath-injection/
- https://no1zy.hatenablog.com/entry/static-analysis-of-javascript-for-bughunters
- https://blog.ropnop.com/serverless-toolkit-for-pentesters/
- https://0xrick.github.io/BinaryExploitation-BOF/
- http://bit.ly/2Q7lnNO (+)
- https://blog.cm2.pw/ms-edge-http-access-control-cors-bypass/
- http://bit.ly/2SoL9iP (+)
- https://blog.certfa.com/posts/the-return-of-the-charming-kitten/
- http://bit.ly/2Q8Lzbb (+)
- https://blog.k3170makan.com/2018/11/glibc-heap-exploitation-basics.html
- https://blog.erratasec.com/2018/10/systemd-is-bad-parsing-and-should-feel.html
- https://mksben.l0.cm/2018/05/cve-2018-5175-firefox-csp-strict-dynamic-bypass.html
- https://www.ipify.org/
- https://hackerone.com/reports/397478
- https://abiondo.me/2019/01/02/exploiting-math-expm1-v8/
- http://bit.ly/2Vox9aJ (+)
- https://www.iceswordlab.com/2018/07/25/kdhack/
- http://www.pwn3d.org/posts/7821231-gxpn-prep-2basic-scapy-review
- https://nebelwelt.net/blog/20181231-BOP.html
- http://bit.ly/2Vth6bm (+)
- https://www.davidwong.fr/tls13/
- https://www.lolhax.org/2019/01/02/extracting-keys-f00d-crumbs-raccoon-exploit/
- https://www.imperialviolet.org/2019/01/01/zkattestation.html
- http://bit.ly/A-Long-Evening-With-macOSs-Sandbox (+)
- http://bit.ly/2AvBujp (+)
- https://akijosberryblog.wordpress.com/2019/01/01/malicious-use-of-microsoft-laps/
- https://www.secjuice.com/php-rce-bypass-filters-sanitization-waf/
- https://blog.talosintelligence.com/2018/05/telegrab.html
- http://misbehaving.site/
- https://gamehistory.org/simcity/
- https://hackerone.com/reports/409850
- http://bit.ly/2RoDTqv (+)
- http://bit.ly/2AER4JH (+)
- https://www.roguesecurity.in/2018/12/02/a-guide-for-windows-penetration-testing/
- https://medium.com/bugbountywriteup/ping-power-icmp-tunnel-31e2abb2aaea
- https://wietzebeukema.nl/blog/spoofing-google-search-results
- https://wunderwuzzi23.github.io/blog/passthecookie.html
- https://mn3m.info/posts/suid-vs-capabilities/
- https://niemand.com.ar/2019/01/01/how-to-hook-directx-11-imgui/
- http://bit.ly/2QDF93N (+)
- https://sites.google.com/view/ltefuzz
- https://www.veracode.com/blog/research/exploiting-jndi-injections-java
- https://tyranidslair.blogspot.com/2018/12/abusing-mount-points-over-smb-protocol.html
- https://revers.engineering/syscall-hooking-via-extended-feature-enable-register-efer/
- https://ericchiang.github.io/post/containers-from-scratch/
- https://research.checkpoint.com/hacking-fortnite/
- http://bit.ly/2RVTUDO (+)
- https://0xdf.gitlab.io/2018/11/02/pwk-notes-tunneling.html
- https://default-password.info/
- https://netsec.ws/?p=262
- http://bit.ly/2APgbtm (+)
- http://bit.ly/2FDzxoy (+)
- https://niemand.com.ar/2019/01/13/creating-your-own-wallhack/
- https://scorpiosoftware.net/2019/01/15/fun-with-appcontainers/
- http://bit.ly/2MhbFrV (+)
- https://blogs.cisco.com/security/smb-and-the-return-of-the-worm
- http://bit.ly/2Hig3bq (+)
- https://blog.benpri.me/2019/01/13/why-you-shouldnt-be-using-bcrypt-and-scrypt/
- https://sysdig.com/blog/privilege-escalation-kubernetes-dashboard/
- http://www.greyhathacker.net/?p=1041
- https://dontkillmyapp.com/
- https://devhints.io/
- https://blog.haschek.at/2018/the-curious-case-of-the-RasPi-in-our-network.html
- https://justi.cz/security/2019/01/22/apt-rce.html
- https://medium.com/tenable-techblog/rooting-nagios-via-outdated-libraries-bb79427172
- http://bit.ly/2HuSb4y (+)
- https://medium.com/@int0x33/upload-htaccess-as-image-to-bypass-filters-71dfcf797a86
- https://www.inputzero.io/2019/01/fuzzing-http-servers.html
- https://neonsea.uk/blog/2018/12/26/firewall-includes.html
- http://bit.ly/2UgpUQO (+)
- http://bit.ly/2FZ8hAT (+)
- http://bit.ly/2FMAKdN (+)
- http://bit.ly/2Mudulx (+)
- https://enigma0x3.net/2019/01/21/razer-synapse-3-elevation-of-privilege/
- https://dirkjanm.io/abusing-exchange-one-api-call-away-from-domain-admin/
- https://medium.com/@_mattata/packet-editing-live-connections-with-python-c0ed221dafcd
- https://www.mdsec.co.uk/2019/01/abusing-office-web-add-ins-for-fun-and-limited-profit/
- http://bit.ly/2FMev7U (+)
- https://lgtm.com/blog/ghostscript_typeconfusion
- https://bogner.sh/2019/01/querying-virustotal-from-excel/
- https://www.ezequiel.tech/2019/01/75k-google-cloud-platform-organization.html
- http://bit.ly/2Wxv50A (+)
- https://gist.github.com/sarazasasa/9450d63f96e7ff799824fc98fc7f3b43
- https://egre55.github.io/system-properties-uac-bypass/
- https://gist.github.com/3xocyte/0dc0bd4cb48cc7b4075bdc90a1ccc7d3
- https://insert-script.blogspot.com/2019/01/adobe-reader-pdf-callback-via-xslt.html
- https://engineering.linecorp.com/en/blog/air-go-apk-signing/
- https://www.contextis.com/en/blog/basic-electron-framework-exploitation
- https://lab.wallarm.com/xxe-that-can-bypass-waf-protection-98f679452ce0
- http://bit.ly/2sYgLQY (+)
- https://www.adyta.pt/en/2019/01/29/writeup-samsung-app-store-rce-via-mitm-2/
- https://shenaniganslabs.io/2019/01/28/Wagging-the-Dog.html
- http://bit.ly/2DLSrIl (+)
- https://blog.scrt.ch/2019/01/24/magento-rce-local-file-read-with-low-privilege-admin-rights/
- https://alsid.com/company/news/abusing-s4u2self-another-sneaky-active-directory-persistence
- http://bit.ly/2sYg76j (+)
- https://medium.com/tenable-techblog/reversing-the-rachio3-smart-sprinkler-controller-ae7fc06aab9
- https://evolt.org/node/564
- https://alexhude.github.io/2019/01/24/hacking-leica-m240.html
- http://sethsec.blogspot.gr/2014/07/crossdomain-bing.html
- http://www.skycure.com/blog/malicious-profiles-the-sleeping-giant-of-ios-security/
- https://bitbucket.org/orbit-burg/nfc-emv/wiki/Home
- http://lab.onsec.ru/2014/07/pamsteal-plugin-released.html
- http://shell-storm.org/shellcode/
- http://penturalabs.wordpress.com/2014/07/18/execute-shellcode-bypassing-anti-virus/
- http://igurublog.wordpress.com/downloads/script-sandfox/
- https://archive.today/23mBC
- https://lilithlela.cyberguerrilla.org/?p=6620
- http://www.irongeek.com/i.php?page=videos/bsidescleveland2014/mainlist
- http://hashcrack.org/page?n=21072014
- https://www.netspi.com/blog/entryid/235/stealing-unencrypted-ssh-agent-keys-from-memory
- https://www.pentestgeek.com/2014/07/22/phishing-frenzy-hta-powershell-attacks-with-beef/
- http://bit.ly/2BpGab7 (+)
- http://bit.ly/2UNSyZH (+)
- https://www.shawarkhan.com/2019/01/hijacking-accounts-by-retrieving-jwt.html
- https://gist.github.com/mehaase/63e45c17bdbbd59e8e68d02ec58f4ca2
- http://bit.ly/2MT26jg (+)
- http://bit.ly/2UKEKis (+)
- https://versprite.com/blog/hacking-remote-start-system/
- https://vulnmind.io/i-heard-you-like-eop-to-system/
- https://maskop9.wordpress.com/2019/02/06/analysis-of-jacksbot-backdoor/
- https://doar-e.github.io/blog/2019/01/28/introduction-to-turbofan/
- https://acru3l.github.io/2019/02/02/exploiting-mb-anti-exploit/
- https://medium.com/@mattharr0ey/round-of-use-winrm-code-execution-xml-6e3219d3e31
- http://bit.ly/2MTPDfh (+)
- http://bit.ly/2MUUJrx (+)
- https://blog.benjojo.co.uk/post/eve-online-bgp-internet
- https://outpost24.com/blog/X-forwarded-for-SQL-injection
- https://ysamm.com/?p=185
- http://bit.ly/2SyIqaE (+)
- https://gist.github.com/adamyordan/96da0ad5e72cbc97285f2df340cac43b
- https://plainsec.org/how-to-bypass-instagram-ssl-pinning-on-android-v78/
- http://bit.ly/2TQYTmW (+)
- https://shenaniganslabs.io/2019/02/13/Dirty-Sock.html
- http://bit.ly/2BCPZSX (+)
- https://perception-point.io/resources/research/cve-2019-0539-root-cause-analysis/
- https://medium.com/@x41x41x41/unauthenticated-ssrf-in-oracle-ebs-765bd789a145
- https://offensi.com/2019/01/31/lfi-in-apigee-portals/
- https://medium.com/tenable-techblog/make-it-rain-with-mikrotik-c90705459bc6
- https://www.secjuice.com/modsecurity-web-application-firewall-dns-over-https/
- https://lgtm.com/blog/ghostscript_CVE-2018-19134_exploit
- https://www.secureauth.com/labs/advisories/asus-drivers-elevation-privilege-vulnerabilities
- https://cantunsee.space/
- https://leucosite.com/Microsoft-Office-365-Outlook-XSS/
- https://medium.com/@elberandre/1-000-ssrf-in-slack-7737935d3884
- http://bit.ly/2U0BPCz (+)
- https://pwn.no0.be/exploitation/wifi/wpa_enterprise/
- http://bit.ly/2tvFFaS (+)
- https://bordplate.no/blog/en/post/debugging-a-windows-service/
- https://medium.com/@localh0t/unveiling-amazon-s3-bucket-names-e1420ceaf4fa
- https://medium.com/@rvrsh3ll/hardening-your-azure-domain-front-7423b5ab4f64
- https://erfur.github.io/down_the_rabbit_hole_pt1/
- https://toshellandback.com/2015/11/24/ms-priv-esc/
- http://bit.ly/2GWaCx9 (+)
- https://vmcall.github.io/reversal/2019/02/10/battleye-anticheat.html
- http://bit.ly/2IsFpny (+)
- https://research.checkpoint.com/extracting-code-execution-from-winrar/
- https://0x00sec.org/t/using-uri-to-pop-shells-via-the-discord-client/11673/2
- http://bit.ly/2NhVGup (+)
- https://www.bishopfox.com/news/2019/02/openmrs-insecure-object-deserialization/
- https://blog.orange.tw/2019/01/hacking-jenkins-part-1-play-with-dynamic-routing.html
- https://worldwideweb.cern.ch/
- https://ysamm.com/?p=240
- http://bit.ly/2tDRA6O (+)
- https://medium.com/intigriti/abusing-autoresponders-and-email-bounces-9b1995eb53c2
- https://www.inputzero.io/2019/02/fuzzing-webkit.html
- https://rootsh3ll.com/evil-twin-attack/
- https://thebabush.github.io/dumbo-llvm-based-dumb-obfuscator.html
- http://bit.ly/2XpR4qN (+)
- https://www.ambionics.io/blog/drupal8-rce
- https://gitlab.com/invuls/iot-projects/iotsecfuzz
- http://bit.ly/2GODica (+)
- http://thunderclap.io/
- http://bit.ly/2IGJKUf (+)
- https://www.pdf-insecurity.org
- https://eklitzke.org/the-cbc-padding-oracle-problem
- http://www.jackson-t.ca/lg-driver-lpe.html
- https://paper.seebug.org/822/
- https://movaxbx.ru/2019/02/20/triaging-the-exploitability-of-ie-edge-crashes/
- http://bit.ly/2NxPIWm (+)
- https://medium.com/@logicbomb_1/chain-of-hacks-leading-to-database-compromise-b2bc2b883915
- https://noclip.website/
- http://www.kwasstuff.altervista.org/RIP/index.html
- https://staaldraad.github.io/post/2019-03-02-universal-rce-ruby-yaml-load/
- https://www.vulnano.com/2019/03/facebook-messenger-server-random-memory.html
- https://ghidra-sre.org/
- https://0x90909090.blogspot.com/2019/02/executing-payload-without-touching.html
- https://disloops.com/cloudfront-hijacking/
- http://bit.ly/2XIF4AQ (+)
- http://blog.ptsecurity.com/2019/02/detecting-web-attacks-with-seq2seq.html
- https://www.veracode.com/blog/research/exploiting-spring-boot-actuators
- https://movaxbx.ru/2019/02/16/windows-process-injection-sharing-the-payload/
- https://blog.0day.rocks/hiding-through-a-maze-of-iot-devices-9db7f2067a80
- http://bit.ly/2HjDsaQ (+)
- http://bit.ly/2TB245t (+)
- http://blogs.360.cn/post/Binder_Kernel_Vul_EN.html
- https://js1k.com/2019-x/demos
- https://blog.littlevgl.com/2019-02-02/use-ipod-nano6-lcd-for-littlevgl
- https://hackerone.com/reports/411140
- https://hackerone.com/reports/398799
- https://medium.com/@rootxharsh_90844/vimeo-ssrf-with-code-execution-potential-68c774ba7c1e
- https://pentest.blog/n-ways-to-unpack-mobile-malware/
- https://ijustwannared.team/2019/03/11/browser-pivot-for-chrome/
- https://hausec.com/2019/03/05/penetration-testing-active-directory-part-i/
- https://d4stiny.github.io/Reading-Physical-Memory-using-Carbon-Black/
- http://woshub.com/copying-large-files-using-bits-and-powershell/
- https://webrtchacks.com/fuzzing-janus/
- https://pulsesecurity.co.nz/articles/TPM-sniffing
- https://www.stuffithoughtiknew.com/2019/02/detecting-bloodhound.html
- http://bit.ly/2UGmozO (+)
- https://licenciaparahackear.github.io/en/posts/bypassing-a-restrictive-js-sandbox/
- https://redtimmysec.wordpress.com/2019/03/07/flexpaper-remote-code-execution/
- http://bit.ly/2T4IBWA (+)
- http://travisaltman.com/windows-privilege-escalation-via-weak-service-permissions/
- http://blogs.360.cn/post/RootCause_CVE-2019-0808_EN.html
- https://rhinosecuritylabs.com/application-security/exploiting-cve-2018-1335-apache-tika/
- https://archivebox.io/
- https://litherum.blogspot.com/2019/03/addition-font.html
- https://hackerone.com/reports/470520
- http://bit.ly/2ulwA56 (+)
- https://medium.com/@terjanq/cross-site-content-and-status-types-leakage-ef2dab0a492
- http://bit.ly/2Fo9zDP (+)
- https://medium.com/@benoit.sevens/windows-10-emulation-with-qemu-f41870ed464d
- https://medium.com/@0x0FFB347/writing-a-custom-shellcode-encoder-31816e767611
- https://polict.net/blog/CVE-2018-17057
- http://bit.ly/2HwT1wN (+)
- https://blog.tint0.com/2019/03/a-saga-of-code-executions-on-zimbra.html
- https://jarlob.github.io/en/blog/not-a-bug-sqli
- https://liberty-shell.com/sec/2019/03/12/dll-hijacking/
- https://lgtm.com/blog/facebook_fizz_CVE-2019-3560
- http://offsec.provadys.com/intro-to-file-operation-abuse-on-Windows.html
- https://medium.com/tenable-techblog/mikrotik-firewall-nat-bypass-b8d46398bf24
- http://bit.ly/2ULRPsg (+)
- https://blog.assetnote.io/bug-bounty/2019/03/19/rce-on-mozilla-zero-day-webpagetest/
- https://proofofcalc.com/cve-2019-6453-mIRC/
- https://blog.regehr.org/archives/1653
- https://securitytxt.org/
- https://www.niceideas.ch/roller2/badtrash/entry/deciphering-the-bengladesh-bank-heist
- https://hackerone.com/reports/297478
- http://bit.ly/2OqLKz2 (+)
- https://medium.com/tenable-techblog/owning-the-network-with-badusb-72daa45d1b00
- https://mogwailabs.de/blog/2019/03/repacking-ios-applications/
- https://raw.githubusercontent.com/pedrib/PoC/master/advisories/nuuo-cms-ownage.txt
- http://bit.ly/2YujGj1 (+)
- http://bit.ly/2Ow20ij (+)
- https://outflank.nl/blog/2018/10/06/old-school-evil-excel-4-0-macros-xlm/
- http://bit.ly/2JJXpdQ (+)
- https://securelist.com/hacking-microcontroller-firmware-through-a-usb/89919/
- https://medium.com/0xcc/one-liner-safari-sandbox-escape-exploit-91082ddbe6ef
- https://medium.com/@princechaddha/an-unusal-bug-on-braintree-paypal-b8d3ec662414
- https://blog.zecops.com/vulnerabilities/analysis-and-reproduction-of-cve-2019-7286/
- http://bit.ly/2UXZAM1 (+)
- https://medium.com/@howard.poston/mapping-the-owasp-top-ten-to-blockchain-69c904394e69
- https://nullprogram.com/blog/2019/03/22/
- https://blog.jessfraz.com/post/digging-into-risc-v-and-how-i-learn-new-things/
- https://hackerone.com/reports/511044
- https://mahmoudsec.blogspot.com/2019/04/handlebars-template-injection-and-rce.html
- https://blog.doyensec.com/2019/04/03/subverting-electron-apps-via-insecure-preload.html
- http://bit.ly/2TVqqTJ (+)
- https://masthoon.github.io/exploit/2019/03/29/cygeop.html
- https://digi.ninja/blog/domain_fronting.php
- https://gkbrk.com/2019/01/reverse-engineering-the-godot-file-format/
- https://modexp.wordpress.com/2019/03/07/process-injection-print-spooler/
- https://cfreal.github.io/carpe-diem-cve-2019-0211-apache-local-root.html
- https://www.drewgreen.net/vulnerabilities-in-tightrope-media-systems-carousel/
- https://snyk.io/blog/severe-security-vulnerability-in-bowers-zip-archive-extraction/
- https://www.secjuice.com/finding-real-ips-of-origin-servers-behind-cloudflare-or-tor/
- https://medium.com/tenable-techblog/filezilla-untrusted-search-path-bc3a7b3ae51e
- http://bit.ly/2UzN9c0 (+)
- http://bit.ly/2HXhjAb (+)
- https://www.zoomeye.org/topic?id=ZoomEye-series-report-VE-en
- https://hackerone.com/reports/381356
- https://medium.com/@d0nut/better-exfiltration-via-html-injection-31c72a2dae8b
- http://bit.ly/2X5eTCX (+)
- https://blog.zsec.uk/el-injection-rce/
- https://rastamouse.me/2019/01/gpo-abuse-part-1/
- http://bit.ly/2Ksl6HR (+)
- http://tomasuh.github.io/2018/12/28/retefe-unpack.html
- http://bit.ly/2Uvj2DH (+)
- https://www.shielder.it/blog/nagios-xi-5-5-10-xss-to-root-rce/
- https://wpa3.mathyvanhoef.com/
- https://habr.com/en/post/446238/
- https://blog.exodusintel.com/2019/04/03/a-window-of-opportunity/
- https://www.notsosecure.com/exploiting-ssrf-in-aws-elastic-beanstalk/
- https://mp.weixin.qq.com/s/OissE9gAVkKmAXuiIUeOLA
- http://cturt.github.io/pinball.html
- http://www.righto.com/2019/04/iconic-consoles-of-ibm-system360.html
- https://soroush.secproject.com/blog/2014/07/upload-a-web-config-file-for-fun-profit/
- http://ibrahimbalic.com/2014/sqlmap-ile-csrf-bypass/
- http://tomforb.es/exploiting-xpath-injection-vulnerabilities-with-xcat-1
- http://www.relentless-coding.org/projects/jsdetox/
- http://hive.ccs.neu.edu/
- https://lzo.securitymouse.com/lzo
- http://blog.oddbit.com/2014/07/21/tracking-down-a-kernel-bug-wit/
- http://googleprojectzero.blogspot.pt/2014/07/pwn4fun-spring-2014-safari-part-i_24.html
- http://atredispartners.blogspot.pt/2014/07/atredis-blackhat-2014-contest-after_24.html
- http://diablohorn.wordpress.com/2014/07/26/writing-your-own-blind-sqli-script/
- http://blogs.mcafee.com/mcafee-labs/dropping-files-temp-folder-raises-security-concerns
- http://slides.com/mscasharjaved/on-breaking-php-based-cross-site-scripting-protections-in-the-wild#/
- http://www.ghacks.net/2014/07/28/repair-extract-broken-rar-archives/
- http://gsmmap.org/
- https://blog.underdogsecurity.com/rce_in_origin_client/
- https://hackerone.com/reports/369451
- http://bit.ly/2KMwUF1 (+)
- https://gist.github.com/glenux/3e705387e30f229c242ea153de6e6a4d
- http://bit.ly/2ItRHvg (+)
- https://hackerone.com/reports/473888
- https://krbtgt.pw/dacl-permissions-overwrite-privilege-escalation-cve-2019-0841/
- https://www.shielder.it/blog/exploit-apache-solr-through-opencms/
- https://dejandayoff.com/the-danger-of-exposing-docker.sock/
- https://parzelsec.de/timing-attacks-with-machine-learning/
- http://bit.ly/2vgAlsN (+)
- http://bit.ly/2Gydmz1 (+)
- http://newosxbook.com/articles/OTA.html
- https://hackerone.com/reports/110293
- https://www.labofapenetrationtester.com/2019/04/abusing-PAM.html
- http://bit.ly/2Xk9t7l (+)
- https://jerrington.me/posts/2019-01-29-self-hosted-ngrok.html
- https://ysamm.com/?p=256
- https://scriptinjection.blogspot.com/2019/04/oe-classic-280-rce-via-stored-xss.html
- https://hackerone.com/reports/422043
- http://bit.ly/2GBOOEW (+)
- http://bit.ly/2GFK4PU (+)
- https://medium.com/@terjanq/xss-auditor-the-protector-of-unprotected-f900a5e15b7b
- http://bit.ly/2XLQOlb (+)
- https://habr.com/en/post/449182/
- http://bit.ly/2W6YqOK (+)
- https://blog.trailofbits.com/2019/01/22/fuzzing-an-api-with-deepstate-part-1/
- http://bit.ly/2L061xq (+)
- https://consensys.github.io/smart-contract-best-practices/known_attacks/
- https://blog.quarkslab.com/android-application-diffing-engine-overview.html
- http://bit.ly/2UHi2Yp (+)
- https://blog.doyensec.com/2019/04/24/rubyzip-bug.html
- https://sensepost.com/blog/2019/understanding-peap-in-depth/
- https://www.linkedin.com/pulse/micro-patching-vulnerabilities-tutorial-0patch-t-k/
- https://http3-explained.haxx.se/en/
- https://wybiral.github.io/code-art/projects/tiny-mirror/
- https://hackerone.com/reports/210779
- http://bit.ly/2VE8WQE (+)
- http://bit.ly/2Y1LhHa (+)
- https://research.801labs.org/developing-a-dll-injector/
- http://bit.ly/2Jbahrp (+)
- https://www.darkmatter.ae/blogs/security-flaws-uncovered-in-sony-smart-tvs/
- https://paper.seebug.org/910/
- http://eternalsakura13.com/2019/04/29/CVE-2016-5198/
- https://securityriskadvisors.com/blog/aws-iam-exploitation/
- https://capsule8.com/blog/exploiting-systemd-journald-part-1/
- https://edoverflow.com/2019/ci-knew-there-would-be-bugs-here/
- https://medium.com/tenable-techblog/eight-devices-one-exploit-f5fc28c70a7c
- https://d4stiny.github.io/Remote-Code-Execution-on-most-Dell-computers/
- http://bit.ly/2GWPxAL (+)
- http://www.tomanthony.co.uk/blog/xss-attacks-googlebot-index-manipulation/
- http://bit.ly/2IYijVt (+)
- https://www.virtuesecurity.com/tale-of-a-wormable-twitter-xss/
- https://hackerone.com/reports/563870
- http://bit.ly/2H9qH0X (+)
- http://bit.ly/2Lxly8o (+)
- http://bit.ly/2LyXKks (+)
- https://www.tarlogic.com/en/blog/attacking-selenium-grid/
- http://bit.ly/2LwQ1mK (+)
- http://bit.ly/2Hbwowt (+)
- http://bit.ly/2PUMZr3 (+)
- https://hackerone.com/reports/509924
- http://blog.0x42424242.in/2019/03/vstarcam-investigational-security.html
- http://bit.ly/2JaLkNv (+)
- http://bit.ly/2Jbl0Da (+)
- https://medium.com/0xcc/rootpipe-reborn-part-ii-e5a1ffff6afe
- https://www.nc-lp.com/blog/reverse-engineering-games-for-fun-and-ssrf-part-1
- https://classic.minecraft.net
- https://www.my-internet-explorer.com/
- https://hackerone.com/reports/419883
- https://hackerone.com/reports/450365
- https://zeropwn.github.io/2019-05-13-xss-to-rce/
- https://security.lauritz-holtmann.de/advisories/cve-2019-11832/
- https://gist.github.com/jupenur/e5d0c6f9b58aa81860bf74e010cf1685
- https://astr0baby.wordpress.com/2019/01/26/custom-meterpreter-loader-in-2019/
- https://mdsattacks.com/
- https://thewover.github.io/Introducing-Donut/
- https://zombieloadattack.com/
- https://wojciechregula.blog/post/stealing-bear-notes-with-url-schemes/
- http://bit.ly/2Ep1u23 (+)
- https://modexp.wordpress.com/2019/05/10/dotnet-loader-shellcode/
- http://bit.ly/2WQBt2E (+)
- https://rce4fun.blogspot.com/2019/05/panda-antivirus-local-privilege.html
- http://bit.ly/2LY1qfw (+)
- https://landgrey.me/richfaces-cve-2018-14667/
- https://gist.github.com/wybiral/c8f46fdf1fc558d631b55de3a0267771
- https://liveoverflow.com/the-origin-of-script-kiddie-hacker-etymology/
- https://www.wpadblock.com/
- https://hackerone.com/reports/341908
- http://bit.ly/2WjQywF (+)
- https://medium.com/tenable-techblog/stealing-downloads-from-slack-users-be6829a55f63
- https://snikt.net/blog/2019/05/22/to-fuzz-a-websocket/
- https://medium.com/@ghostlulzhacks/wayback-machine-e678a3567ec
- http://lordofpwn.kr/index.php/writeup/cve-2019-8506-javascriptcore-exploit/
- https://medium.com/@fs0c131y/how-to-brick-all-samsung-phones-6aae4389bea
- https://www.tarlogic.com/en/blog/backdoors-modulos-apache/
- https://zeropwn.github.io/2019-05-22-fun-with-uri-handlers/
- https://hackerone.com/reports/505424
- https://www.darkmatter.ae/papers-articles/from-zero-to-tfp0-part-1-prologue/
- http://bit.ly/2JY17yV (+)
- http://bit.ly/2EroJZ4 (+)
- https://theevilbit.github.io/posts/vmware_fusion_11_guest_vm_rce_cve-2019-5514/
- https://web-in-security.blogspot.com/2019/02/how-to-spoof-pdf-signatures.html
- https://shenaniganslabs.io/2019/05/21/LXD-LPE.html
- https://keikai.io/blog/p/currency-exchange
- http://bit.ly/2M6nDrV (+)
- https://petergarner.net/notes/index.php?thisnote=20180202-Travels+with+a+Pi
- https://ysamm.com/?p=272
- https://portswigger.net/blog/abusing-jquery-for-css-powered-timing-attacks
- https://medium.com/@subTee/flying-toruk-makto-b1bff8f6603c
- https://www.fcvl.net/vulnerabilities/macosx-gatekeeper-bypass
- http://bit.ly/2wyCHUx (+)
- http://bit.ly/2IcgEc2 (+)
- https://habr.com/en/company/drweb/blog/452076/
- https://phoenhex.re/2019-05-15/non-jit-bug-jit-exploit
- https://labs.spotify.com/2013/06/18/creative-usernames/
- https://blog.devsecurity.eu/en/blog/dnspy-deserialization-vulnerability
- https://blog.devsecurity.eu/en/blog/joplin-electron-rce
- https://whereisk0shl.top/post/2019-05-11
- https://bnbdr.github.io/posts/wd/
- http://standa-note.blogspot.com/2018/02/amsi-bypass-with-null-character.html
- http://bit.ly/2EH1I4m (+)
- https://techblog.mediaservice.net/2019/03/a-journey-into-iot-hardware-hacking-uart/
- https://www.magiclantern.fm/
- http://bit.ly/2Wr8O7v (+)
- https://www.inputzero.io/2019/06/hacking-smart-tv.html
- http://bit.ly/2I0PuWB (+)
- http://bit.ly/31aZJz2 (+)
- https://www.tarlogic.com/en/blog/how-to-attack-kerberos/
- http://bit.ly/2K3whps (+)
- http://homepages.laas.fr/rcayre/mirage-documentation/index.html
- https://orangewirelabs.wordpress.com/2019/05/30/hacking-ios-xamarin-apps-with-frida/
- http://bit.ly/2Ipk2Ab (+)
- http://bit.ly/31fBbVN (+)
- https://theevilbit.github.io/posts/getting_root_with_benign_appstore_apps/
- http://www.catch22.net/tuts/undocumented-createprocess
- http://bit.ly/2Z5lwGu (+)
- https://0x41.cf/infosec/2019/05/28/skype-web-plugin-ez-rce.html
- http://bit.ly/2WsWu7t (+)
- https://leakfree.wordpress.com/2015/03/12/php-object-instantiation-cve-2015-1033/
- https://blog.duszynski.eu/domain-hijack-through-http-301-cache-poisoning/
- https://www.fireeye.com/blog/threat-research/2019/06/hunting-com-objects.html
- https://medium.com/@lerner98/skiptracing-reversing-spotify-app-3a6df367287d
- https://secretgeek.github.io/html_wysiwyg/html.html
- https://medium.com/@notdan/curl-slight-of-hand-exploit-hysteria-29a82e5851d
- https://blog.ripstech.com/2019/mybb-stored-xss-to-rce/
- https://appio.dev/vulns/googleplex-com-blind-xss/
- https://rce.wtf/2019/06/10/w2k.html
- https://rambleed.com/
- https://habr.com/ru/company/dsec/blog/454592/
- https://medium.com/@two06/fun-with-frida-5d0f55dd331a
- https://www.sneakymonkey.net/2019/05/22/trickbot-analysis/
- http://bit.ly/2WiM2KD (+)
- https://eybisi.run/Mobile-Malware-Analysis-Overlay-and-How-to-Counter-it/
- http://bit.ly/2ID9Y6Y (+)
- https://payatu.com/microsoft-edge-extensions-host-permission-bypass-cve-2019-0678/
- https://howhttps.works/
- https://harrisonsand.com/imsi-catcher/
- https://wookey-project.github.io/
- https://medium.com/@mr_hacker/a-5000-idor-f4268fffcd2e
- http://bit.ly/2ZzYurC (+)
- hhttps://www.jaiminton.com/cheatsheet/DFIR/
- http://bit.ly/2x8SGJe (+)
- https://blog.redteam.pl/2019/04/dns-based-threat-hunting-and-doh.html
- https://hackerone.com/reports/576504
- https://jaiverma.github.io/blog/ac-hack
- https://theofficialflow.github.io/2019/06/18/trinity.html
- https://blog.xpnsec.com/evading-sysmon-dns-monitoring/
- http://bit.ly/2ItogYP (+)
- https://xor.cat/2019/06/19/fortinet-forticam-vulns/
- http://bit.ly/2x2tKmW (+)
- https://www.twistlock.com/labs-blog/breaking-out-of-coresos-rkt-3-new-cves/
- https://habr.com/ru/company/pt/blog/448378/
- https://dmsec.io/hacking-thousands-of-websites-via-third-party-javascript-libraries/
- https://dassur.ma/things/c-to-webassembly/
- https://blog.benjojo.co.uk/post/dive-into-the-world-of-dos-viruses
- http://m4x0n3.blogspot.pt/2014/07/password-reset-code-bruteforce-account.html
- https://plus.google.com/+AlexisImperialLegrandGoogle/posts/f9gm2G2BH5g
- http://habrahabr.ru/post/231369/
- http://www.matriux.com/index.php?page=home
- http://lcamtuf.coredump.cx/p0f3/
- http://lcamtuf.blogspot.gr/2014/08/a-bit-more-about-american-fuzzy-lop.html
- http://www.garage4hackers.com/entry.php?b=3072
- http://blog.ptsecurity.com/2014/08/cell-phone-tapping-how-it-is-done-and.html
- http://blog.internot.info/2014/06/paypals-2-factor-authentication2fa-good.html
- http://blog.dornea.nu/2014/08/05/android-dynamic-code-analysis-mastering-droidbox/
- http://www.dirk-loss.de/python-tools.htm
- http://usbdescriptors.com/
- https://hackademic.co.in/youtube-bug/
- https://www.cyberark.com/threat-research-blog/outlook-for-android-xss/
- https://alephsecurity.com/2019/06/17/xnu-qemu-arm64-1/
- https://www.wzdftpd.net/blog/rust-fuzzers.html
- https://labs.jumpsec.com/2019/06/20/bypassing-antivirus-with-golang-gopher-it/
- http://bit.ly/2XyprhR (+)
- https://objective-see.com/blog/blog_0x43.html
- https://www.gironsec.com/blog/2019/06/yet-another-botnet-writeup/
- https://ledger-donjon.github.io/Ellipal-Security/
- http://bit.ly/2LnK35Z (+)
- https://exp101t.blogspot.com/2019/04/cve-2017-5121-escape-analysis.html
- https://dolosgroup.io/blog/2019/6/20/pillaging-the-jenkins-treasure-chest
- http://bit.ly/2NeWeVf (+)
- https://blog.duszynski.eu/tor-ip-disclosure-through-http-301-cache-poisoning/
- https://blog.jessfraz.com/post/why-open-source-firmware-is-important-for-security/
- http://www.enforcementtracker.com/
- https://playclassic.games/
- https://hackerone.com/reports/562335
- https://shhnjk.blogspot.com/2019/07/intro-to-chromes-gold-features.html
- https://ssl-config.mozilla.org/
- https://gitlab.com/kennbroorg/iKy
- https://blog.ripstech.com/2019/magento-rce-via-xss/
- https://decoder.cloud/2019/07/04/creating-windows-access-tokens/
- https://nytrosecurity.com/2019/06/30/writing-shellcodes-for-windows-x64/
- https://kripken.github.io/blog/binaryen/2019/06/11/fuzz-reduce-productivity.html
- https://medium.com/bugbountywriteup/knocking-the-idor-6f80e8126ee4
- https://ktln2.org/2019/04/30/from-zero-to-hero/
- http://bit.ly/2LxSeNn (+)
- http://bit.ly/2Jnc235 (+)
- http://bit.ly/2xyhr1G (+)
- https://medium.com/@alex91ar/debugging-the-samsung-android-kernel-part-1-ab2a9b87c162
- https://vulnerablecontainers.org/
- https://www.youtube.com/watch?v=VwH6B7aJYDU
- https://hackerone.com/reports/403417
- http://bit.ly/32mecsz (+)
- https://blog.rakeshmane.com/2019/07/u-xss-in-operamini-for-ios-browser-0-day.html
- https://chryzsh.github.io/exploiting-privexchange/
- https://www.cambus.net/fuzzing-dns-zone-parsers/
- http://lordofpwn.kr/index.php/writeup/cve-2019-5825-v8-exploit/
- https://withatwist.dev/strong-password-rubygem-hijacked.html
- http://bit.ly/2KXINHu (+)
- https://www.secjuice.com/abusing-php-query-string-parser-bypass-ids-ips-waf/
- https://enigma0x3.net/2019/07/05/cve-2019-13142-razer-surround-1-1-63-0-eop/
- https://medium.com/tenable-techblog/an-exploit-chain-against-citrix-sd-wan-709db08fb4ac
- https://medium.com/tenable-techblog/an-analysis-of-arlo-6f1b691236b5
- https://staaldraad.github.io/post/2019-07-11-bypass-docker-plugin-with-containerd/
- https://ledger-donjon.github.io/Unfixable-Key-Extraction-Attack-on-Trezor/
- https://medium.com/netscape/hacking-it-out-when-cors-wont-let-you-be-great-35f6206cc646
- http://bit.ly/2XYhMdc (+)
- https://www.bamsoftware.com/hacks/zipbomb/
- https://techblog.eyeson.team/post/memelearning/
- https://thezerohack.com/hack-any-instagram
- https://medium.com/@ruvlol/rce-in-jira-cve-2019-11581-901b845f0f
- http://bit.ly/2Lrs6o8 (+)
- https://gist.github.com/realoriginal/3a00478efd67b554f09f739380e2c3ba
- http://bit.ly/2JBDGuB (+)
- http://bit.ly/2LtS6PJ (+)
- https://www.corben.io/atlassian-crowd-rce/
- https://sysrant.com/500-bounty-man-in-the-middle-on-slack/
- https://medium.com/@sansyrox/hacking-tinders-premium-model-43f9f699d44
- https://phoenhex.re/2019-07-10/ten-months-old-bug
- http://bit.ly/2Lz6lD1 (+)
- https://staaldraad.github.io/post/2019-07-16-cve-2019-13139-docker-build/
- http://bit.ly/2XVf4B6 (+)
- https://harry.garrood.me/blog/malicious-code-in-purescript-npm-installer/
- https://medium.com/@ScatteredSecrets/how-to-crack-billions-of-passwords-6773af298172
- http://bit.ly/2JN677F (+)
- https://latacora.micro.blog/2019/07/16/the-pgp-problem.html
- https://ardern.io/2019/06/20/payload-bxss/
- http://bit.ly/2GtDPyi (+)
- https://blog.ropnop.com/docker-for-pentesters/
- http://bit.ly/2YiYOd9 (+)
- http://bit.ly/2Ohxb4A (+)
- https://paper.seebug.org/990/
- https://zero.lol/2019-07-21-axway-securetransport-xml-injection/
- https://blog.assetnote.io/bug-bounty/2019/07/17/rce-on-zoom/
- http://bit.ly/2GtMW1R (+)
- https://trustfoundry.net/basic-rop-techniques-and-tricks/
- https://blog.doyensec.com/2019/07/22/jackson-gadgets.html
- https://blog.trailofbits.com/2019/07/19/understanding-docker-container-escapes/
- https://mthbernardes.github.io/rce/2018/03/14/abusing-h2-database-alias.html
- https://pentest.blog/android-malware-analysis-dissecting-hydra-dropper/
- http://orbis.stanford.edu/
- http://bit.ly/2Mdl3Pt (+)
- http://bit.ly/2YIS8cQ (+)
- http://bit.ly/2Mx0ygL (+)
- http://bit.ly/2ypIexV (+)
- https://raw-data.gitlab.io/post/autoit_fud/
- https://86hh.github.io/cfg2.html
- https://rhinosecuritylabs.com/aws/mfa-phishing-on-aws/
- https://akayn.github.io/2019/07/25/PwningWebkit.html
- http://bit.ly/332Tnmm (+)
- https://medium.com/0xcc/what-the-heck-is-tcp-port-18800-a16899f0f48f
- http://bit.ly/2Yvu8FK (+)
- http://bit.ly/2MvQhkY (+)
- https://maxkersten.nl/binary-analysis-course/binary-types/browser-plug-in/
- https://d4stiny.github.io/Local-Privilege-Escalation-on-most-Dell-computers/
- http://bit.ly/2Oy9Rzu (+)
- https://bo0om.ru/telegram-bugbounty-writeup
- https://amonitoring.ru/article/steamclient-0day/
- http://bit.ly/2GWT1UK (+)
- http://bit.ly/2ZJVcCs (+)
- https://m0chan.github.io/2019/07/31/How-To-Attack-Kerberos-101.html
- http://bit.ly/2YTEBuS (+)
- https://tactifail.wordpress.com/2019/07/26/three-vulns-for-the-price-of-one/
- https://blog.flanker017.me/galaxy-leapfrogging-pwning-the-galaxy-s8/
- http://bit.ly/2YwaWMQ (+)
- http://bit.ly/33kIexb (+)
- https://icyphox.sh/blog/fb50/
- https://paper.seebug.org/993/
- https://gravitational.com/blog/how-saml-authentication-works/
- http://mahmoudsec.blogspot.com/2019/08/exploiting-out-of-band-xxe-using.html
- http://blog.orange.tw/2019/07/attacking-ssl-vpn-part-1-preauth-rce-on-palo-alto.html
- https://vimeo.com/341663153
- http://www.nothingsecurity.com/
- https://www.baseapp.com/iot/antenna-tuning-for-beginners/
- https://appio.dev/vulns/clickjacking-xss-on-google-org/
- https://medium.com/rangeforce/meteor-blind-nosql-injection-29211775cd01
- https://blog.jse.li/posts/chrome-76-incognito-filesystem-timing/
- https://go-re.tk
- https://a13xp0p0v.github.io/2019/08/10/cfu.html
- https://modexp.wordpress.com/2019/08/12/windows-process-injection-knowndlls/
- https://raesene.github.io/blog/2019/08/10/making-it-rain-shells-in-Kubernetes/
- https://siguza.github.io/APRR/
- http://bit.ly/2Hbr77Q (+)
- https://medium.com/cruise/container-platform-security-7a3057a27663
- https://zero.lol/2019-08-11-the-year-of-linux-on-the-desktop/
- http://bit.ly/2YQMhTl (+)
- http://www.peppermalware.com/2019/07/analysis-of-frenchy-shellcode.html
- http://bit.ly/2KGOVBa (+)
- https://research.checkpoint.com/select-code_execution-from-using-sqlite/
- https://initblog.com/2019/switcheroo/
- https://www.janmeppe.com/blog/regex-for-noobs/
- https://salibra.com/p/buying-tea-with-wechat-pay-d3931febd2be
- http://bit.ly/2KM6v8c (+)
- https://hackerone.com/reports/637194
- https://secrary.com/Random/anti_re_simple/
- https://hausec.com/2019/08/12/offensive-lateral-movement/
- https://heapspray.io/automating-pentests-with-webdriver.html
- https://blog.firosolutions.com/exploits/webmin/
- http://bit.ly/33VrwoL (+)
- https://nullprogram.com/blog/2019/07/10/
- http://bit.ly/31PNCa6 (+)
- https://knobattack.com
- https://davejingtian.org/2019/07/17/usb-fuzzing-a-usb-perspective/
- http://bit.ly/2Zkb1Px (+)
- https://wojciechregula.blog/post/dangerous-get-task-allow-entitlement/
- https://amonitoring.ru/article/onemore_steam_eop_0day/
- https://gts3.org/2019/cve-2019-0609.html
- https://www.tarlogic.com/en/blog/vulnerabilities-in-ampache/
- https://blog.regehr.org/archives/1687
- https://jordanpotti.com/2019/08/26/phishing-with-saml-and-sso-providers/
- http://bit.ly/2ZyvrrT (+)
- https://gist.github.com/nstarke/ed0aba2c882b8b3078747a567ee00520
- https://osandamalith.com/2019/08/27/running-shellcode-directly-in-c/
- http://bit.ly/2MJy1pg (+)
- https://gist.github.com/TarlogicSecurity/2f221924fef8c14a1d8e29f3cb5c5c4a
- http://bit.ly/2ZkSZkW (+)
- http://bit.ly/2L3Sq69 (+)
- http://bit.ly/2Ugodnw (+)
- https://blog.semmle.com/uboot-rce-nfs-vulnerability/
- https://verifpal.com/
- https://labs.mwrinfosecurity.com/blog/autocad-designing-a-kill-chain/
- https://samczsun.com/the-0x-vulnerability-explained/
- https://blog.bi0s.in/2019/08/18/Pwn/Browser-Exploitation/cve-2019-11707-writeup/
- https://palant.de/2019/08/19/kaspersky-in-the-middle-what-could-possibly-go-wrong/
- https://medium.com/tenable-techblog/rooting-routeros-with-a-usb-drive-16d7b8665f90
- http://hatriot.github.io/blog/2019/08/22/exploiting-leaked-process-and-thread-handles/
- https://winworldpc.com/library/operating-systems
- https://iximiuz.com/en/posts/from-docker-container-to-bootable-linux-disk-image/
- http://www.windytan.com/2019/08/capturing-pal-video-with-sdr-and-few.html
- http://www.primalsecurity.net/python-tutorials/
- https://bitbucket.org/mattinfosec/wordhound/
- https://fuzion24.github.io/android/gradle/xposed/jar/java/build/sdk/2014/08/15/android-gradle-xposed/
- http://dustri.org/b/torbrowserbundleorg.html
- http://www.room362.com/blog/2014/08/14/milkman-creating-processes-as-any-currently-logged-in-user/
- https://www.miknet.net/security/optimizing-birthday-attack/
- http://www.ioactive.com/pdfs/Remote_Automotive_Attack_Surfaces.pdf
- http://docs.cs.up.ac.za/programming/asm/derick_tut/syscalls.html
- https://isc.sans.edu/forums/diary/Web+Server+Attack+Investigation+-+Installing+a+Bot+and+Reverse+Shell+via+a+PHP+Vulnerability/18543
- http://jvns.ca/blog/2014/08/12/what-happens-if-you-write-a-tcp-stack-in-python/
- https://doegox.github.io/ElectronicColoringBook/
- https://hackerone.com/reports/498052
- https://ysamm.com/?p=280
- https://hackerone.com/reports/446593
- https://www.corben.io/jenkins-to-full-pwnage/
- https://www.contextis.com/en/blog/common-language-runtime-hook-for-persistence
- https://mogwailabs.de/blog/2019/04/attacking-rmi-based-jmx-services/
- https://research.securitum.com/security-analysis-of-portal-element/
- https://blog.trailofbits.com/2019/09/02/rewriting-functions-in-compiled-binaries/
- http://bit.ly/2lGFkBx (+)
- http://bit.ly/2k22O3H (+)
- https://gist.github.com/roycewilliams/cf7fce5777d47a8b22265515dba8d004
- http://bit.ly/2k53EwL (+)
- https://leveldown.de/blog/tensorflow-sidechannel-analysis/
- https://medium.com/@byte_St0rm/adventures-in-the-wonderful-world-of-amsi-25d235eb749c
- https://losttraindude.itch.io/zfrag
- https://pfery.com/create-your-own-portable-rfid-pentest-kit/
- https://habr.com/en/post/466801/
- https://leucosite.com/Microsoft-Edge-uXSS/
- https://www.komodosec.com/post/an-accidental-ssrf-honeypot-in-google-calendar
- https://incogbyte.github.io/pathtraversal/
- http://bit.ly/2kxhWGM (+)
- http://bit.ly/2kGM0Q0 (+)
- https://giuliocomi.blogspot.com/2019/08/insecure-secrets-encryption-at-rest.html
- https://simjacker.com/
- http://bit.ly/2lSCoSp (+)
- https://blog.openzeppelin.com/libra-vulnerability-summary/
- http://blogs.360.cn/post/When-GC-Triggers-Callback.html
- https://blog.aquasec.com/dns-spoofing-kubernetes-clusters
- https://blog.cystack.net/subdomain-takeover/
- https://xlab.tencent.com/en/2019/09/12/deep-analysis-of-cve-2019-8014/
- http://bit.ly/2meGnJr (+)
- http://bit.ly/2mc1A6F (+)
- https://www.vusec.net/projects/netcat/
- http://blog.lambdaconcept.com/doku.php?id=research:graywire
- http://allenchou.net/2019/08/trigonometry-basics-sine-cosine/
- https://blog.ripstech.com/2019/bitbucket-path-traversal-to-rce/
- https://iwantmore.pizza/posts/cve-2019-10392.html
- http://bit.ly/2lWASis (+)
- https://0x00sec.org/t/reversing-hackex-an-android-game/16243
- https://teamrot.fi/2019/05/23/self-hosted-burp-collaborator-with-custom-domain
- https://vavkamil.cz/2019/09/11/serverless-blind-xss-hunter-with-cloudflare-workers/
- http://bit.ly/2kI1fbK (+)
- https://blog.semmle.com/android-deserialization-vulnerabilities/
- http://bit.ly/2kRpyUv (+)
- https://carvesystems.com/news/command-injection-with-usb-peripherals/
- https://docs.google.com/document/d/1XWzlOOuoTE7DUK60qTk1Wz1VNhbPaHqKEzyxPfyW4GQ
- https://dirkjanm.io/azure-ad-privilege-escalation-application-admin/
- https://research.securitum.com/server-side-template-injection-on-the-example-of-pebble/
- http://bit.ly/2lX3yI2 (+)
- https://blog.openzeppelin.com/bypassing-smart-contract-timelocks/
- http://bit.ly/2lZczQP (+)
- https://aem1k.com/oo/
- https://smallstep.com/blog/everything-pki/
- https://hackerone.com/reports/692603
- https://medium.com/@terjanq/dom-clobbering-techniques-8443547ebe94
- https://samcurry.net/analysis-of-cve-2019-14994/
- http://bit.ly/2kGLOjK (+)
- https://blog.grimm-co.com/post/guided-fuzzing-with-driller/
- https://modexp.wordpress.com/2019/08/30/minidumpwritedump-via-com-services-dll/
- https://pentestlab.blog/2019/09/11/microsoft-exchange-mailbox-post-compromise/
- http://bit.ly/2mW6FjW (+)
- https://interrupt.memfault.com/blog/ble-throughput-primer
- https://alephsecurity.com/2019/09/02/Z3-for-webapp-security/
- https://ackcent.com/blog/in-depth-freemarker-template-injection/
- https://adapt-and-attack.com/2019/08/29/proxying-com-for-stable-hijacks/
- https://medium.com/@memn0ps/http-request-smuggling-cl-te-7c40e246021c
- https://blog.xpnsec.com/bypassing-macos-privacy-controls/
- https://medium.com/@akshukatkar/rce-with-flask-jinja-template-injection-ea5d0201b870
- http://bit.ly/2lXfyJy (+)
- https://medium.com/@vickieli/how-to-find-more-idors-ae2db67c9489
- http://bit.ly/2ltl8DK (+)
- https://hsivonen.fi/string-length/
- https://nathandavison.com/blog/haproxy-http-request-smuggling
- https://frederik-braun.com/firefox-ui-xss-leading-to-rce.html
- http://bit.ly/2o9MCPZ (+)
- https://frichetten.com/blog/bypass-guardduty-pentest-alerts
- https://enciphers.github.io/Mobexler/
- https://pentestlab.blog/2017/06/07/uac-bypass-fodhelper/
- http://bit.ly/2nfcQ3d (+)
- http://bit.ly/2pCAqHL (+)
- http://bit.ly/2oN3uvR (+)
- https://awakened1712.github.io/hacking/hacking-whatsapp-gif-rce/
- https://starlabs.sg/advisories/19-8038/
- http://bit.ly/2VaTQ2d (+)
- https://sysenter-eip.github.io/VBParser
- http://bit.ly/2pIHGCh (+)
- https://thesw4rm.gitlab.io/nfqueue_c2/2019/09/15/Command-and-Control-via-TCP-Handshake/
- https://medium.com/intigriti/gotcha-taking-phishing-to-a-whole-new-level-72eda9e30bef
- https://eddiez.me/spotify-vacuum/
- http://rl337.org/2012/07/31/in-java-when-is-math-abs-negative/
- http://bit.ly/2oOXGSq (+)
- https://hackerone.com/reports/631956
- https://5alt.me/2019/10/HackMD%20Stored%20XSS%20and%20HackMD%20Desktop%20RCE/
- https://medium.com/bugbountywriteup/sql-injection-to-lfi-to-rce-536bed29a862
- https://nightowl131.github.io/AAPG/
- https://theappanalyst.com/bird.html
- http://bit.ly/33ljTql (+)
- https://securing.github.io/SCSVS/
- https://alex.kaskaso.li/post/revisiting-email-spoofing
- http://bit.ly/2B5NZSt (+)
- http://bit.ly/2IEgpay (+)
- https://medium.com/swlh/php-type-juggling-vulnerabilities-3e28c4ed5c09
- https://xerub.github.io/ios/iboot/2018/05/10/de-rebus-antiquis.html
- https://x-c3ll.github.io//posts/CVE-2018-7081-RCE-ArubaOS/
- https://www.preempt.com/blog/drop-the-mic-2-active-directory-open-to-more-ntlm-attacks/
- https://collapseos.org/
- http://www.pouet.net/prod.php?which=83222
- http://bit.ly/2Mtnpbj (+)
- http://bit.ly/2J0wSpP (+)
- http://bit.ly/2IXw455 (+)
- https://redteamzone.com/ThinVNC/
- https://iwantmore.pizza/posts/meterpreter-psattack.html
- https://www.praetorian.com/blog/running-a-net-assembly-in-memory-with-meterpreter
- https://medium.com/@netscylla/pentesters-guide-to-oracle-hacking-1dcf7068d573
- https://osandamalith.com/2019/10/12/bypassing-the-webarx-web-application-firewall-waf/
- http://bit.ly/2VQ3ac8 (+)
- http://bit.ly/31oU5bi (+)
- https://www.sudo.ws/alerts/minus_1_uid.html
- http://bit.ly/32s7JMc (+)
- https://dmaasland.github.io/posts/mcafee.html
- https://hernan.de/blog/2019/10/15/tailoring-cve-2019-2215-to-achieve-root/
- https://blog.paloaltonetworks.com/2019/10/cloud-kubernetes-vulnerabilities/
- https://dirkjanm.io/office-365-network-attacks-via-insecure-reply-url/
- http://bit.ly/2IF9X3f (+)
- https://christopher-vella.com/2019/09/06/recent-edr-av-observations/
- http://bit.ly/33BSlx5 (+)
- http://bit.ly/35KORdl (+)
- https://jvns.ca/blog/2019/10/03/sql-queries-don-t-start-with-select/
- https://buer.haus/2019/10/18/a-tale-of-exploitation-in-spreadsheet-file-conversions/
- https://www.shielder.it/blog/exploiting-an-old-novnc-xss-cve-2017-18635-in-openstack/
- https://x-c3ll.github.io//posts/CSS-Injection-Primitives/
- http://bit.ly/2Jg9J2v (+)
- https://cturt.github.io/ps2-yabasic.html
- https://habr.com/en/company/dsec/blog/472762/
- http://bit.ly/2PhNa1k (+)
- https://research.securitum.com/jwt-json-web-token-security/
- http://bit.ly/32Ja1XH (+)
- http://bit.ly/2qJmUmx (+)
- http://bit.ly/2BL3Ypn (+)
- https://medium.com/@MalFuzzer/dissecting-ardamax-keylogger-f33f922d2576
- https://medium.com/@philiptsukerman/activation-contexts-a-love-story-5f57f82bccd
- http://www.snaponair.com/
- https://binji.github.io/posts/raw-wasm-making-a-maze-race/
- http://bit.ly/34kr6aJ (+)
- https://research.securitum.com/prototype-pollution-rce-kibana-cve-2019-7609/
- http://bit.ly/2BVSEqP (+)
- https://lab.wallarm.com/race-condition-in-web-applications/
- http://bit.ly/365EwsH (+)
- https://pulsesecurity.co.nz/advisories/untitled-goose-game-deserialization
- http://www.hydrogen18.com/blog/reddit-android-app-leaks-images.html
- https://medium.com/tenable-techblog/routeros-chain-to-root-f4e0b07c0b21
- http://bit.ly/2qchqQY (+)
- https://hackerone.com/reports/629892
- http://bit.ly/2NrrxcA (+)
- https://incolumitas.com/2019/10/19/model-based-fuzzing-of-the-WPA3-dragonfly-handshake/
- https://hellveticafont.com/
- https://byuu.net/compact-discs/structure
- https://rastating.github.io/opsec-in-the-after-life/
- https://blog.teddykatz.com/2019/11/05/github-oauth-bypass.html
- http://bit.ly/2PWO3g0 (+)
- https://dualuse.io/blog/curryfinger/
- https://labs.f-secure.com/blog/ou-having-a-laugh/
- https://www.riccardoancarani.it/bloodhound-tips-and-tricks/
- https://pentestlab.blog/2019/11/05/persistence-powershell-profile/
- https://bcdevices.github.io/zephyr/ble/2019/10/30/zephyr-ble-testing.html
- http://bit.ly/2qsNu39 (+)
- http://bit.ly/2NoUXsX (+)
- https://blog.netspi.com/escape-nodejs-sandboxes/
- https://reverse.put.as/2019/10/29/crafting-an-efi-emulator/
- https://medium.com/@lerner98/rage-against-the-maschine-3357be1abc48
- https://iwantmore.pizza/posts/cve-2019-1414.html
- https://nathandavison.com/blog/abusing-http-hop-by-hop-request-headers
- https://argus-sec.com/remote-attack-bosch-drivelog-connector-dongle/
- https://maxkersten.nl/binary-analysis-course/malware-analysis/corona-ddos-bot/
- https://blog.vastart.dev/2019/10/stack-overflow-cve-2019-17424.html
- http://whythefuckwasibreached.com/
- https://lightcommands.com/
- http://homakov.blogspot.pt/2014/02/how-i-hacked-github-again.html
- http://insertco.in/2014/02/10/how-i-hacked-instagram/
- http://blog.spiderlabs.com/2014/02/cve-2014-0050-exploit-with-boundaries-loops-without-boundaries.html
- http://neosysforensics.blogspot.com.es/2010/02/la-papelera-de-reciclaje-en-windows.html
- https://bitbucket.org/blackaura/browserfuzz
- http://jeanphix.me/Ghost.py/
- http://16s.us/docs/sshlog/
- https://www.us-cert.gov/ncas/alerts/TA14-017A
- http://www.lauradhamilton.com/random-lessons-online-poker-exploit
- http://blog.alguien.at/2014/02/hackeando-el-router-zte-zxv10-w300-v21.html
- https://archive.org/details/shmoocon-2014
- http://www.devttys0.com/2014/02/cracking-linksys-crypto/
- https://www.youtube.com/watch?v=waEeJJVZ5P8
- http://www.digitaljournal.com/news/world/13-year-old-defies-big-brother-and-refuses-to-be-fingerprinted/article/370009
- http://blog.opensecurityresearch.com/2014/08/learning-exploitation-with-fsexploitme.html
- http://ccsir.org/how-to-ddos-through-facebook-datacenter-with-almost-1gbs-theyve-started-to-care/
- https://pypi.python.org/pypi/ooniprobe
- http://recon.cx/2014/video/
- https://www.youtube.com/watch?v=___jEOjGCOY
- https://jordan-wright.github.io/blog/2013/11/07/how-to-pentest-iphone-apps-with-burp/
- https://www.netsparker.com/blog/web-security/ruby-on-rails-security-basics/
- http://zenhax.com/viewtopic.php?f=16&t=87
- http://w00tsec.blogspot.pt/2014/08/scan-internet-screenshot-all-things.html
- http://www.bsdnow.tv/tutorials/openvpn
- http://www.nsaplayset.org/
- http://h4des.org/blog/index.php?/archives/345-Introducing-alertR-Open-Source-alerting-system.html
- https://www.google.com/?hl=xx-hacker&gws_rd=ssl
- https://fletchto99.dev/2019/november/slack-vulnerability/
- https://blog.teddykatz.com/2019/11/12/github-actions-dos.html
- https://terjanq.github.io/Bug-Bounty/Google/cache-attack-06jd2d2mz2r0/index.html
- https://mike-n1.github.io/Chain_XSS
- https://pentestlab.blog/2019/11/13/persistence-accessibility-features/
- http://tpm.fail/
- http://re.alisa.sh/notes/iBoot-address-space.html
- https://decoder.cloud/2019/11/13/from-arbitrary-file-overwrite-to-system/
- https://c0nradsc0rner.com/2016/07/03/ecb-byte-at-a-time/
- http://bit.ly/374r7S9 (+)
- http://bit.ly/2qW7JpO (+)
- https://shenaniganslabs.io/2019/11/12/Ghost-Potato.html
- http://bit.ly/34ZdguH (+)
- http://bit.ly/2NMg74t (+)
- http://bit.ly/2CLkyWI (+)
- https://portswigger.net/research/cracking-recaptcha-turbo-intruder-style
- http://bit.ly/34b23Hk (+)
- https://www.notsosecure.com/oob-exploitation-cheatsheet/
- http://bit.ly/2Qh4qUT (+)
- http://bit.ly/2OwK1Zv (+)
- http://bit.ly/2QB0ChD (+)
- http://bit.ly/37ntoIl (+)
- https://medium.com/@two06/amsi-as-a-service-automating-av-evasion-2e2f54397ff9
- https://timvisee.com/blog/stealing-private-keys-from-secure-file-sharing-service/
- http://bit.ly/37uwOJl (+)
- https://blog.silentsignal.eu/2019/04/18/drop-by-drop-bleeding-through-libvips/
- https://www.shelliscoming.com/2019/11/retro-shellcoding-for-current-threats.html
- https://pomb.us/build-your-own-react/
- https://webassembly-security.com/polyglot-webassembly-module-html-js-wasm/
- https://jcjc-dev.com/2019/11/11/esp32-arduino-bluetooth-halloween-costume/
- https://research.securitum.com/xss-in-amp4email-dom-clobbering/
- https://ysamm.com/?p=343
- https://0xeb-bp.github.io/blog/2019/11/21/practical-guide-pass-the-ticket.html
- https://blog.xpnsec.com/exploring-mimikatz-part-1/
- https://blog.benjojo.co.uk/post/userspace-usb-drivers
- https://blog.orange.tw/2019/11/HiNet-GPON-Modem-RCE.html
- https://staaldraad.github.io/post/2019-11-24-argument-injection/
- https://mrexodia.github.io/reversing/2019/09/28/Analyzing-keyboard-firmware-part-1
- https://dreadlocked.github.io/2019/10/25/kentico-cms-rce/
- https://medium.com/bugbountywriteup/breaking-down-sha-256-algorithm-2ce61d86f7a3
- https://blog.flanker017.me/examining-and-exploiting-android-vendor-binder-services-part1/
- https://bkerler.github.io/2019/11/15/bring-light-to-the-darkness/
- http://bit.ly/2R13owE (+)
- https://kiwec.net/blog/posts/beating-c-with-brainfuck/
- http://bit.ly/2Dqvj13 (+)
- https://s0lly.itch.io/cellivization
- http://bit.ly/2rjDZDX (+)
- https://about.gitlab.com/blog/2019/11/29/shopping-for-an-admin-account/
- http://bit.ly/2OS4n0D (+)
- https://h0mbre.github.io/Learn-C-By-Creating-A-Rootkit
- http://bit.ly/2OTDeuv (+)
- https://blog.talosintelligence.com/2019/11/hunting-for-lolbins.html
- https://puzzor.github.io/Linksys-Velop-Vulneraibility-Series
- https://rushter.com/blog/public-ssh-keys/
- http://bit.ly/2PlmQSi (+)
- https://medium.com/@drakkars/hacking-an-android-tv-in-2-minutes-7b6f29518ff3
- https://m417z.com/The-De-anonymization-of-the-Technion-Confessions-Admin/
- https://medium.com/swlh/hacking-xml-data-a64c870b0988
- https://sensepost.com/blog/2019/obtaining-shells-via-logitech-unifying-dongles/
- http://xyproblem.info/
- https://www.imbushuo.net/blog/archives/725
- https://www.dylanpaulus.com/2019-11-24-how-fb-avoids-adblockers/
- https://hipotermia.pw/bb/http-desync-idor
- https://amonitoring.ru/article/origin_lpe_disclosure/
- https://www.ragestorm.net/blogs/?p=486
- https://www.coalfire.com/The-Coalfire-Blog/December-2019/Deserialized-Double-Dirty
- https://x-c3ll.github.io/posts/Pivoting-MySQL-Proxy/
- https://www.vdalabs.com/2019/09/25/windows-credential-theft-rdp-internet-explorer-11/
- https://itm4n.github.io/cdpsvc-dll-hijacking/
- https://medium.com/@ricardoiramar/reusing-cookies-23ed4691122b?
- https://diverto.github.io/2019/11/18/Cracking-LUKS-passphrases
- https://www.0x90.zone/multiple/reverse/2019/11/28/Anviz-pwn.html
- http://bit.ly/2skmNhQ (+)
- https://www.mdsec.co.uk/2019/12/macos-filename-homoglyphs-revisited/
- https://promon.co/security-news/strandhogg/
- https://medium.com/@ss23/php-autloading-local-file-inclusion-by-design-71aafe627877
- https://n4r1b.netlify.com/en/posts/2019/11/understanding-wdboot-windows-defender-elam/
- https://decoder.cloud/2019/12/06/we-thought-they-were-potatoes-but-they-were-beans/
- https://starship.rs/
- https://ivrodriguez.com/introducing-security-plist/
- https://eng.getwisdom.io/hacking-github-with-unicode-dotless-i/
- https://medium.com/@dPhoeniixx/vimeo-upload-function-ssrf-7466d8630437
- https://brandonhinkel.com/breaking-hardened-mifare-proxmark3/
- https://aboutdfir.com/jailbreaking-checkra1n-configuration/
- https://pentest.blog/explore-hidden-networks-with-double-pivoting/
- https://medium.com/maverislabs/cve-2019-17123-cbc946c99f8
- https://osintcurio.us/2019/07/16/searching-instagram/
- https://decoder.cloud/2019/12/18/from-dropboxupdater-to-nt-authoritysystem/
- https://medium.com/@rootxharsh_90844/abusing-feature-to-steal-your-tokens-f15f78cebf74
- https://nagarrosecurity.com/blog/interactive-buffer-overflow-exploitation
- https://know.bishopfox.com/research/cve-2019-18935-remote-code-execution-in-telerik-ui
- https://blog.tetrane.com/2019/11/17/Analyzing_an_Out_of_Bounds_read_in_a_TTF_font_file.html
- https://lab.wallarm.com/securing-and-attacking-graphql-part-1-overview/
- https://dsfile-analysis.blogspot.com/2019/12/normal-0-false-false-false-en-us-x-none.html
- https://bowero.nl/blog/2019/12/15/c-what-the-fuck/
- https://neilkakkar.com/unix.html
- https://yurichev.com/blog/SA_XOR/
- https://leucosite.com/Edge-Chromium-EoP-RCE/
- http://bit.ly/34Rnm0g (+)
- https://iwantmore.pizza/posts/meterpreter-ppid-spoofing.html
- https://anee.me/reversing-a-real-world-249-bytes-backdoor-aadd876c0a32
- http://bit.ly/35UMgNM (+)
- https://blog.umangis.me/a-deep-dive-into-ios-code-signing/
- https://offensi.com/2019/12/16/4-google-cloud-shell-bugs-explained-introduction/
- https://medium.com/@R0X4R/graphql-idor-leads-to-information-disclosure-175eb560170d
- https://know.bishopfox.com/blog/5-privesc-attack-vectors-in-aws
- https://securitylab.github.com/research/ubuntu-whoopsie-daisy-overview
- http://bit.ly/2ZstdI5 (+)
- https://mp.weixin.qq.com/s/okU2y0izfnKXXtXG3EfLkQ
- https://bertjwregeer.keybase.pub/2019-12-10%20-%20error_page%20request%20smuggling.pdf
- https://fredericb.info/2016/10/amlogic-s905-soc-bypassing-not-so.html
- https://www.blackhillsinfosec.com/how-to-hack-hardware-using-uart/
- http://bit.ly/2Mulp3y (+)
- https://alephsecurity.com/2019/12/29/revised-homograph-attacks/
- http://bit.ly/2tnUn78 (+)
- https://jpdias.me/infosec/hardware/2019/12/26/uberhid.html
- https://m0chan.github.io/2019/07/30/Windows-Notes-and-Cheatsheet.html
- https://gist.github.com/ykoster/4d2c3792d438e04bb73529017a6e1177
- https://sec.alexflor.es/post/minipwn/
- https://blog.zeddyu.info/2019/12/08/HTTP-Smuggling-en/
- https://whereisk0shl.top/post/a-simple-story-of-dssvc
- http://bit.ly/36ecGdz (+)
- http://bit.ly/2PYAQmQ (+)
- https://blog.quarkslab.com/a-deep-dive-into-samsungs-trustzone-part-1.html
- https://keenlab.tencent.com/en/2020/01/02/exploiting-wifi-stack-on-tesla-model-s/
- https://blog.jonlu.ca/posts/experiments-and-growth-hacking
- https://medium.com/@frycos/yet-another-net-deserialization-35f6ce048df7
- http://bit.ly/36kD8lE (+)
- https://tech.michaelaltfield.net/2020/01/02/buskill-laptop-kill-cord-dead-man-switch/
- http://bit.ly/2FBDJUC (+)
- http://bit.ly/2tGKrG0 (+)
- https://community.turgensec.com/ssh-hacking-guide/
- https://pentestlab.blog/2020/01/07/persistence-appinit-dlls/
- https://webassembly-security.com/fuzzing-wasm-javascript-dharma-chrome-v8/
- https://cablehaunt.com/
- https://www.ambionics.io/blog/php-mt-rand-prediction
- https://gravitational.com/blog/ssh-handshake-explained/
- http://bit.ly/2R6XSau (+)
- https://www.pentagrid.ch/en/blog/fuzzing_java_with_jqf/
- https://duo.com/labs/research/secure-boot-in-the-era-of-the-t2
- https://redfast00.github.io/12-31-2019/reverse-engineering-uefi.html
- https://medium.com/@ryancor/reverse-engineering-encrypted-code-segments-b01aead67701
- https://medium.com/@catalyst256/osint-certificate-transparency-lists-a603c9d2b776
- https://www.allysonomalley.com/2020/01/06/saying-goodbye-to-my-favorite-5-minute-p1/
- http://rubyplants.com/
- http://www.p01.org/defender_of_the_favicon/
- https://immunant.com/blog/2020/01/quake3/
- https://blog.isec.pl/all-is-xss-that-comes-to-the-net/
- http://bit.ly/2FRi1fo (+)
- https://yeggor.github.io/UEFI_BinDiff/
- https://blog.redteam.pl/2019/12/chrome-portal-element-fuzzing.html
- http://windows-internals.com/cet-on-windows/
- http://bit.ly/2NxAz8G (+)
- https://alephsecurity.com/2020/01/14/ruckus-wireless/
- http://bit.ly/371T6l9 (+)
- https://httptoolkit.tech/blog/debugging-https-without-global-root-ca-certs/
- https://medium.com/tenable-techblog/lets-reverse-engineer-discord-1976773f4626
- http://bit.ly/2TubqiN (+)
- https://medium.com/@alexkaskasoli/pull-based-cd-pipelines-for-security-4e044b403f56
- https://darvincitech.wordpress.com/2019/12/23/detect-frida-for-android/
- https://pentest.blog/advisory-seagate-central-storage-remote-code-execution/
- https://blog.jse.li/posts/torrent/
- https://citizen428.net/blog/learning-fsharp-writing-a-raytracer/
- http://deadliestwebattacks.com/2013/12/03/selector-the-almighty-subjugator-of-elements/
- http://marc.durdin.net/2014/09/risks-with-third-party-scripts-on-internet-banking-sites/
- http://securitysucks.info/exploit-phps-mail-to-get-remote-code-execution/
- https://www.cert.org/blogs/certcc/post.cfm?EntryID=203
- http://xmodulo.com/2014/08/sniff-http-traffic-command-line-linux.html
- https://gist.github.com/jedisct1/e63d46822b9d95fe6702
- http://www.exploresecurity.com/wp-content/uploads/custom/SSL_manual_cheatsheet.html
- http://blog.tadaweb.com/2014/08/how-to-find-not-so-secret-documents-with-search-engines/
- http://blog.dornea.nu/2014/08/21/howto-debug-android-apks-with-eclipse-and-ddms/
- http://h30499.www3.hp.com/t5/Fortify-Application-Security/The-BREACH-attack-explained/ba-p/6605030
- https://konklone.com/post/why-google-is-hurrying-the-web-to-kill-sha-1
- http://www.skfu.xxx/2014/09/ps4-state-of-things-part-i-titleids.html
- https://medium.com/@tareksiddiki/story-of-a-beg-bounty-hunter-e9a1f58ddf9e
- http://fuzzinginfo.files.wordpress.com/2012/05/ben_nagy_how_to_fail_at_fuzzing.pdf
- https://code.google.com/p/corkami/source/detail?r=1906
- https://hufman.github.io/stories/bmwconnectedapps
- http://bit.ly/2GiohNo (+)
- http://bit.ly/37kXXxT (+)
- https://decoder.cloud/2020/01/20/from-hyper-v-admin-to-system/
- https://gist.github.com/nstarke/a611a19aab433555e91c656fe1f030a9
- http://bit.ly/38AguGU (+)
- https://www.ayrx.me/analyzing-kony-mobile-applications
- https://posts.specterops.io/mimidrv-in-depth-4d273d19e148
- https://0xsha.io/posts/mass-exploitation-hunting-while-sleeping
- https://securitylab.github.com/research/chromium-ipc-vulnerabilities
- https://penthertz.com/blog/testing-LoRa-with-SDR-and-handy-tools.html
- https://sidechannel.tempestsi.com/the-cypher-injection-saga-9698d19bed4
- https://web-in-security.blogspot.com/2020/01/cve-2020-2655-jsse-client.html
- http://bit.ly/2tJ0ROo (+)
- https://www.perimeterx.com/blog/analyzing_magecart_malware_from_zero_to_hero/#
- https://trmm.net/Charliewatch
- http://bit.ly/30SbdYr (+)
- https://lapcatsoftware.com/articles/Safari-runs-disabled-extensions.html
- https://nathandavison.com/blog/exploiting-email-address-parsing-with-aws-ses
- https://hackerone.com/reports/759247
- https://rderik.com/blog/using-lldb-for-reverse-engineering/
- https://hacker.house/lab/windows-defender-bypassing-for-meterpreter/
- http://bit.ly/2uOWK3r (+)
- https://www.crummie5.club/pwning-a-pwned-citrix/
- https://www.onsecurity.co.uk/blog/abusing-kerberos-from-linux
- http://bit.ly/38XUNRn (+)
- https://insert-script.blogspot.com/2020/01/internet-explorer-mhtml-why-you-should.html
- http://bit.ly/3aT2ObT (+)
- https://blog.gypsyengineer.com/en/security/cve-2020-1925-ssrf-in-apache-olingo.html
- https://medium.com/@maxi./finding-and-exploiting-cve-2018-7445-f3103f163cc1
- https://posts.specterops.io/attacking-azure-azure-ad-and-introducing-powerzure-ca70b330511a
- https://www.mdsec.co.uk/2020/01/deep-dive-to-citrix-adc-remote-code-execution-cve-2019-19781/
- https://littlegptracker.com/
- https://bad-radio.solutions/notes_nrf51822
- https://medium.com/@vmsp/blocking-your-adblocker-967d1c6e48f2
- http://bit.ly/2SmJ7Rn (+)
- https://www.perimeterx.com/tech-blog/2020/whatsapp-fs-read-vuln-disclosure/
- https://techblog.mediaservice.net/2020/01/ok-google-bypass-the-authentication/
- https://www.n00py.io/2020/02/exploiting-ldap-server-null-bind/
- https://landgrey.me/blog/11/
- https://blog.assetnote.io/bug-bounty/2020/02/01/expanding-attack-surface-react-native/
- http://bit.ly/2GWYw5F (+)
- https://blog.doyensec.com/2020/02/03/heap-exploit.html
- http://bit.ly/31xKocu (+)
- https://www.sudo.ws/alerts/pwfeedback.html
- https://blog.kitor.pl/blog/avocent-ip-kvm-any-sip-hack
- http://bit.ly/2GZpbij (+)
- https://sandboxescaper.blogspot.com/2019/12/chasing-polar-bears-part-one.html
- http://blog.ant0i.net/2020/02/down-rabbit-hole-of-harvested-personal.html
- https://habr.com/en/post/486856/
- http://www.simonweckert.com/googlemapshacks.html
- https://www.hackerhealth.net/
- https://medium.com/bugbountywriteup/haxing-minesweeper-e79ece9f5d16
- http://b.fl7.de/2014/09/amazon-stored-xss-book-metadata.html
- http://blog.nativeflow.com/the-futex-vulnerability
- http://cultofthedyingsun.wordpress.com/2014/09/12/death-by-magick-number-fingerprinting-kippo-2014/
- http://www.pugo.org/project/pshttpd/
- http://vicenteaguileradiaz.com/tools/
- http://www.nosqlmap.net/
- http://media.ccc.de/browse/conferences/mrmcd/mrmcd14/
- http://www.contextis.co.uk/resources/blog/hacking-canon-pixma-printers-doomed-encryption/
- https://www.youtube.com/playlist?list=PLmfJypsykTLVGqTWJMu4ybJPiew7PUkH2
- http://blog.spiderlabs.com/2014/09/leveraging-lfi-to-get-full-compromise-on-wordpress-sites.html
- http://blog.opensecurityresearch.com/2014/09/hostapd-wpe-now-with-more-pwnage.html
- http://insert-script.blogspot.co.at/2014/09/sitekiosk-breakout.html
- http://dfir.org/?q=node/8/
- http://www.whited00r.com/
- http://pwnable.kr/
- http://pathonproject.com/zb/?5b343c33591c9cc9#Pc9t/zKg8zWJUNkqqvYhuuL7Lofz8PGTX7R3qat0i/8=
- http://blog.binamuse.com/2014/09/coregraphics-memory-corruption.html
- http://avlidienbrunn.se/angular.txt
- https://erenyagdiran.github.io/I-was-just-asked-to-crack-a-program-Part-1/
- https://code.google.com/p/miasm/
- http://breenmachine.blogspot.ca/2014/09/transfer-file-over-dns-in-windows-with.html
- http://forensic.n0fate.com/?page_id=1180
- http://thehackernews.com/2014/09/hacking-ebay-accounts.html
- http://www.cloudscan.me/2014/09/cve-2014-4406-apple-sa-2014-09-17-5-os.html
- http://www.martinvigo.com/a-look-into-lastpass/
- https://blog.cloudflare.com/keyless-ssl-the-nitty-gritty-technical-details/
- http://countuponsecurity.com/2014/09/22/malicious-documents-pdf-analysis-in-5-steps/
- http://www.theamazingking.com/crypto.php
- http://javahacker.com/a-javascript-challenge-for-nordic-js/
- https://gist.github.com/ethicalhack3r/cb06f575c6ba28644e9a
- http://www.rafayhackingarticles.net/2014/10/a-tale-of-another-sop-bypass-in-android.html
- http://hexed.it/
- http://lansec.net/project/scoutbot/
- http://marketplace.eclipse.org/content/contrast-eclipse
- http://pastebin.com/VyMs3rRd
- http://d.uijn.nl/?p=32
- http://marc.info/?l=qmail&m=141183309314366&w=2
- https://diablohorn.wordpress.com/2011/10/19/8009-the-forgotten-tomcat-port/
- http://opensecuritytraining.info/HTID.html
- https://dnsleaktest.com/
- http://blog.cobaltstrike.com/2014/10/01/user-driven-attacks/
- https://shirt.codes/
- http://www.cs.bham.ac.uk/~exr/lectures/opsys/10_11/lectures/os-dev.pdf
- http://www.righto.com/2014/09/mining-bitcoin-with-pencil-and-paper.html
- http://www.futuresouth.us/yahoo_hacked.html
- http://blog.valverde.me/2014/01/03/reverse-engineering-my-bank's-security-token
- http://handleopenurl.com/scheme
- http://www.powershellmagazine.com/2014/10/03/building-netcat-with-powershell/
- http://www.irongeek.com/i.php?page=videos/derbycon4/mainlist
- http://blog.logrhythm.com/security/do-you-trust-your-computer/
- http://www.cyrozap.com/2014/09/29/reversing-the-symantec-vip-access-provisioning-protocol/
- http://vagmour.eu/persistence-1/
- http://thejh.net/misc/website-terminal-copy-paste
- http://nahamsec.com/2014/10/a-tale-of-2-yahoo-bug-bounty-reports/
- https://tosdr.org/
- http://q.viva64.com/
- https://plus.google.com/+AlexisImperialLegrandGoogle/posts/gJDrVSuteUT
- http://ceukelai.re/?p=11
- http://googleonlinesecurity.blogspot.pt/2014/10/this-poodle-bites-exploiting-ssl-30.html
- http://www.bsk-consulting.de/2014/10/04/smart-dll-execution-malware-analysis-sandbox-systems/
- http://seclists.org/fulldisclosure/2014/Oct/53
- https://www.drupal.org/SA-CORE-2014-005
- http://securityaffairs.co/wordpress/29104/hacking/authentication-vulnerability-paypal-mobile.html
- http://blog.toft.io/exploiting-unsecure-web-servers-with-svn-directories/
- http://h30499.www3.hp.com/t5/HP-Security-Research-Blog/Hacking-my-smart-TV-an-old-new-thing/ba-p/6645844
- http://www.appliednsm.com/introducing-flowbat/
- http://conference.hitb.org/hitbsecconf2014kul/materials/
- https://sysforensics.org/2014/10/forensics-in-the-amazon-cloud-ec2.html
- http://applidium.com/en/news/hacking_the_navigo/
- https://www.securusglobal.com/community/2014/10/13/bypassing-wafs-with-svg/
- https://gist.github.com/anonymous/64ba9e34a018ebd86f70
- http://openideals.com/2014/10/13/linux-commands-for-bluetooth-namespace-messaging/
- http://www.websecuritylog.com/2014/10/facebook--bug-bounty.html
- http://brutelogic.wordpress.com/2014/10/14/an-ssh-short-story-hack/
- http://blog.detectify.com/post/100600514143/hostile-subdomain-takeover-using-heroku-github-desk
- https://corkami.googlecode.com/svn/trunk/src/angecryption/
- https://dutzi.github.io/tamper/
- http://cyberarms.wordpress.com/2014/10/16/mana-tutorial-the-intelligent-rogue-wi-fi-router/
- http://digital-forensics.sans.org/community/downloads
- http://www.roe.ch/SSLsplit
- http://www.agarri.fr/blog/
- https://ruxcon.org.au/slides/
- https://ruxconbreakpoint.com/slides/
- http://securityaffairs.co/wordpress/29302/hacking/serious-flaw-addthis.html
- https://blog.prakharprasad.com/2014/10/hackerone-vulnerability-common-response.html
- http://www.securitysift.com/passive-reconnaissance/
- http://cylonjs.com/
- https://amp.twimg.com/v/7cb46f6d-9589-43c1-9ac9-3ac1ab697413
- https://dhowe.github.io/AdNauseam/
- http://blog.dornea.nu/2014/09/17/generate-all-ip-addresses-from-asn/
- http://www.sectechno.com/2014/10/26/balbuzard-malware-analysis-tool/
- https://www.apple.com/privacy/docs/iOS_Security_Guide_Oct_2014.pdf
- http://blog.dornea.nu/2014/07/07/disect-android-apks-like-a-pro-static-code-analysis/
- http://blog.infobytesec.com/2014/10/abusing-dialog-for-fun-and-profit.html
- http://www.net-security.org/insecure-archive.php
- http://n0where.net/how-to-iptables-firewall/
- http://rationallyparanoid.com/articles/diskless-ssh-honeypot-alpine-linux.html
- http://ezprompt.net/
- http://packetlife.net/library/cheat-sheets/
- https://security.stackexchange.com/questions/56181/hack-into-a-computer-through-mac-and-ip-address
- http://blog.it-securityguard.com/bugbounty-the-5000-google-xss/
- http://iamajin.blogspot.in/2014/11/when-gifs-serve-javascript.html
- http://features.jsomers.net/how-i-reverse-engineered-google-docs/
- https://code.facebook.com/posts/844436395567983/introducing-osquery/
- http://edge-security.blogspot.com.es/2014/10/wfuzz-21-released.html
- http://cultofthedyingsun.wordpress.com/2014/11/01/antivirus-evading-executable-and-post-exploitation-with-the-veil-evasion-framework-and-metasploit/
- https://www.sektioneins.de/en/blog/14-11-03-drupal-sql-injection-vulnerability-PoC.html
- http://digi.ninja/projects/http_traceroute.php
- http://blog.badtrace.com/post/how-i-got-a-root-shell-in-my-nas-0day-inside/
- https://medium.com/@oleavr/anatomy-of-a-code-tracer-b081aadb0df8
- https://community.rapid7.com/community/metasploit/blog/2014/10/28/r7-2014-15-gnu-wget-ftp-symlink-arbitrary-filesystem-access
- http://cyber.bgu.ac.il/content/how-leak-sensitive-data-isolated-computer-air-gap-near-mobile-phone-airhopper
- http://randomthoughts.greyhats.it/2014/10/osx-local-privilege-escalation.html
- http://acez.re/ps-vita-level-1-webkitties-3/
- https://timtaubert.de/blog/2014/10/http-public-key-pinning-explained/
- http://crimsonglow.ca/~kjiwa/x86-dos-boot-sector-in-c.html
- http://www.hydrantlabs.org/Security/Google/Chrome/
- http://blog.noobroot.com/2014/02/owncloud-600a-when-xss-vulnerability.html
- http://gacksecurity.blogspot.co.uk/2014/02/beef-and-armitage-get-married.html
- http://forum.yubico.com/viewtopic.php?f=26&t=1171
- http://blackhatlibrary.net/Azazel
- http://blog.sucuri.net/2014/02/php-backdoors-hidden-with-clever-use-of-extract-function.html
- http://www.devttys0.com/2014/02/wrt120n-fprintf-stack-overflow/
- http://www.sjdjweis.com/linux/proxyarp/
- https://hackerone.com/reports/1356
- http://vagosec.org/2014/02/google-drive-clickjacking-vulnerability/
- http://www.tripwire.com/state-of-security/vulnerability-management/creating-iphone-rootkits-and-like-the-nsas-dropout-jeep/
- https://community.rapid7.com/community/metasploit/blog/2014/02/18/lets-talk-about-your-security-breach-with-metasploit-literally
- http://grahamcluley.com/2014/02/passwords-leaked-live-tv-flood-emergency/
- https://www.youtube.com/watch?v=VggwVuboLoo
- http://www.zerodayclothing.com/
- http://packetstormsecurity.com/files/129081/VL-936.txt
- https://labs.integrity.pt/articles/from-0-day-to-exploit-buffer-overflow-in-belkin-n750-cve-2014-1635/
- https://mozilla.github.io/server-side-tls/ssl-config-generator/
- http://decalage.info/vba_tools
- http://sourceforge.net/projects/justniffer/
- http://www.irongeek.com/xss-sql-injection-fuzzing-barcode-generator.php
- http://ferdogan.net/PDF-Malware-Analiz-Teknikleri/
- https://www.paloaltonetworks.com/content/dam/paloaltonetworks-com/en_US/assets/pdf/reports/Unit_42/unit42-wirelurker.pdf
- http://argus-sec.com/blog/remote-attack-aftermarket-telematics-service/
- http://tyranidslair.blogspot.co.uk/2014/11/whens-documenturl-not-documenturl-cve.html
- https://opensource.srlabs.de/projects/badusb
- http://forensicsfromthesausagefactory.blogspot.ae/2014/11/imaging-drives-protected-with-apple.html
- http://tonyarcieri.com/cream-the-scary-ssl-attack-youve-probably-never-heard-of
- http://nethack4.org/blog/building-c.html
- http://lcamtuf.blogspot.pt/2014/11/pulling-jpegs-out-of-thin-air.html
- http://www.fredericb.info/2014/11/exploitation-of-philips-smart-tv.html
- http://sijmen.ruwhof.net/weblog/256-cross-site-scripting-in-millions-of-web-sites
- http://www.fruitywifi.com/
- http://www.procdot.com/index.htm
- https://wireedit.com
- http://forensic.n0fate.com/tools/chainbreaker/
- https://www.jssec.org/dl/android_securecoding_en_20140701.pdf
- http://huaweihg612hacking.wordpress.com/2012/11/07/jtaging-the-broadcom-bcm6368-hg612/
- http://bartblaze.blogspot.pt/2014/11/malware-spreading-via-steam-chat.html
- https://www.trustedsec.com/november-2014/meterssh-meterpreter-ssh/
- http://www.swordsec.com/download/20FantasticKaliLinuxTools.pdf
- http://blog.h3xstream.com/2014/11/remote-code-execution-by-design.html
- http://2014.zeronights.org/conference-materials.html
- http://xmodulo.com/access-linux-command-cheat-sheets-command-line.html
- http://www.openvim.com/tutorial.html
- http://www.coalfire.com/The-Coalfire-Blog/November-2014/Reverse-Shells-and-Your-Car
- https://opensoc.github.io/
- https://bitbucket.org/al14s/rawr/wiki/Home
- http://hasherezade.net/IAT_patcher/
- http://goo.gl/AkU519 (+)
- http://webstersprodigy.net/2014/11/19/use-after-free-exploits-for-humans-part-1-exploiting-ms13-080-on-ie8-winxpsp3/
- http://smealum.net/ninjhax/
- http://klikki.fi/adv/wordpress.html
- http://tyranidslair.blogspot.co.uk/2014/11/stupid-is-as-stupid-does-when-it-comes.html
- http://www.nosuchcon.org/talks/2014/
- https://www.youtube.com/user/unixfreaxjp/videos
- http://unibios.free.fr/cdsystem.html
- http://screeps.com/
- http://mtayseer.net/2014/11/06/your-python-smells-like-java/
- http://googleonlinesecurity.blogspot.pt/2014/12/are-you-robot-introducing-no-captcha.html
- http://www.anandprakash.pw/search/label/bug%20bounty
- http://securityaffairs.co/wordpress/30755/hacking/hacking-paypal-account-poc.html
- http://www.labofapenetrationtester.com/2014/11/powershell-for-client-side-attacks.html
- https://pacsec.jp/psj14archive.html
- http://blog.fox-it.com/2014/11/18/cryptophp-analysis-of-a-hidden-threat-inside-popular-content-management-systems/
- http://www.behindthefirewalls.com/2014/12/cve-2014-9016-and-cve-2014-9034-PoC.html
- https://www.redteam-pentesting.de/en/advisories/rt-sa-2014-011/-entrypass-n5200-credentials-disclosure
- http://farlight.org/
- http://wafbypass.me/w/index.php/Main_Page
- http://www.qemu-advent-calendar.org/
- http://pdos.csail.mit.edu/scigen/
- http://blog.dewhurstsecurity.com/2014/12/09/how-i-hacked-facebook.html
- http://josipfranjkovic.blogspot.pt/
- https://gist.github.com/worawit/84ab41358b8465966224
- http://cxsecurity.com/issue/WLB-2014120030
- https://securityreliks.wordpress.com/2010/08/20/devtcp-as-a-weapon/
- http://desowin.org/usbpcap/tour.html
- http://cybersecurity.upv.es/attacks/offset2lib/offset2lib.html
- http://securityintelligence.com/spoofedme-social-login-attack-discovered-by-ibm-x-force-researchers/
- https://evil32.com/
- http://pen-testing.sans.org/blog/pen-testing/2014/12/04/cross-site-scripting-through-file-metedata
- http://samiux.blogspot.pt/2014/12/howto-arpon-on-kali-linux-109a.html
- https://forsec.nl/2014/12/reading-outlook-using-metasploit/
- http://h30499.www3.hp.com/t5/Fortify-Application-Security/Leveraging-SimpleHTTPServer-as-a-Simple-Web-Honeypot/ba-p/6682905
- http://www.jfedor.org/aaquake2/
- http://alexnisnevich.github.io/untrusted/
- http://researchcenter.paloaltonetworks.com/2014/12/google-chrome-exploitation-case-study/
- https://blog.gaborszathmari.me/2014/12/10/wordpress-exploitation-with-xss/
- http://securityaffairs.co/wordpress/31120/hacking/fixed-critical-flaw-blogger-allows-write-posts-blog.html
- http://morris.guru/detecting-kippo-ssh-honeypots/
- http://briskinfosec.blogspot.in/2014/12/reverce-shells-for-exploit-command.html?m=1
- http://www.cipherdyne.org/blog/2014/12/ram-disks-and-saving-your-ssd-from-afl-fuzzing.html
- http://homakov.blogspot.gr/2014/11/hacking-file-uploaders-with-race.html
- https://blog.whitehatsec.com/hackerkast-11-bonus-round/
- http://blog.opensecurityresearch.com/2012/02/json-csrf-with-parameter-padding.html
- http://dogber1.blogspot.fr/2009/05/table-of-reverse-engineered-bios.html
- http://insert-script.blogspot.co.at/2014/12/multiple-pdf-vulnerabilites-text-and.html
- http://blog.malwaretracker.com/2014/12/cve-2014-4114cve-2014-6352-evade-av-by.html?spref=tw
- http://robertheaton.com/2014/12/08/fun-with-your-friends-facebook-and-tinder-session-tokens/
- http://js1k.com/2014-dragons/demo/1854
- http://nathanfriend.io/inspirograph/
- http://git-blame.blogspot.pt/2014/12/git-1856-195-205-214-and-221-and.html
- http://sintheticlabs.com/blog/a-look-inside-facebooks-source-code.html
- http://hak-it.blogspot.pt/2014/12/stored-xss-on-facebook-and-twitter_18.html
- http://pen-testing.sans.org/blog/pen-testing/2014/12/10/awkward-binary-file-transfers-with-cut-and-paste
- http://hooked-on-mnemonics.blogspot.pt/p/injdmp.html
- http://www.darknet.org.uk/2014/12/bluemaho-project-bluetooth-security-testing-suite/
- http://xgusix.com/blog/analyzing-a-malicious-excel-file-with-oledump-py/
- https://titanous.com/posts/docker-insecurity
- http://lifeat.tetrane.com/2014/12/ie-crash-analysis.html
- http://breenmachine.blogspot.gr/2014/12/raining-shells-ambari-0-day.html
- https://securityblog.redhat.com/2014/12/10/analysis-of-the-cve-2013-6435-flaw-in-rpm/
- http://www.justanotherhacker.com/2011/12/writing-a-stealth-web-shell.html
- http://web-in-security.blogspot.pt/2014/11/detecting-and-exploiting-xxe-in-saml.html
- https://media.defcon.org/DEF%20CON%2022/DEF%20CON%2022%20video%20and%20slides/
- http://www.keurighack.com/
- https://www.druid.es/content/gopro-firmware-forensic
- http://hackertyper.com/
- https://trmm.net/thunderstrike
- http://attack-secure.com/hacked-facebook-word-document/
- http://mis.fortunecook.ie/
- http://www.signedness.org/tools/
- https://code.google.com/p/google-security-research/issues/detail?id=118
- http://www.wains.be/pub/networking/tcpdump_advanced_filters.txt
- http://aluigi.altervista.org/mytoolz.htm
- http://dnscrypt.org/
- http://khr0x40sh.wordpress.com/2014/06/10/moftastic_powershell/
- http://gkbrk.com/blog/read?name=reverse_engineering_the_speedtest_net_protocol
- http://www.vanimpe.eu/2014/12/13/using-elk-dashboard-honeypots/
- http://blog.h3xstream.com/2014/12/predicting-struts-csrf-token-cve-2014.html
- http://blog.xbc.nz/2014/12/lastpass-attempt-at-client-side-android.html
- http://breenmachine.blogspot.gr/2014/12/mssql-mitm-ftw-ettercap-and-responder.html
- https://blog.hboeck.de/archives/863-Dont-update-NTP-stop-using-it.html
- https://bettercrypto.org/
- http://www.montulli.org/theoriginofthe%3Cblink%3Etag
- http://www.its.caltech.edu/~costis/sgb_hack/
- https://stribika.github.io/2015/01/04/secure-secure-shell.html
- https://code.google.com/p/usboblivion/
- https://endrift.com/mgba/2014/12/28/classic-nes/
- http://www.insinuator.net/2014/12/revisiting-an-old-friend-shell-globbing/
- https://blog.haschek.at/post/fd9bc
- http://ednolo.alumnos.upv.es/?p=1883
- http://ednolo.alumnos.upv.es/papers/advisories/CVE-2015-0554_pirelli.txt
- http://www.ifc0nfig.com/moonpig-vulnerability/
- https://hatriot.github.io/blog/2015/01/06/ntpdc-exploit/
- http://hackerschool.org/DefconCTF/17/B300.html
- http://moviecode.tumblr.com/
- https://cmd.fm/
- http://habrahabr.ru/company/pt/blog/247709/
- http://zoczus.blogspot.de/2015/01/yammercom-same-origin-method-execution.html?spref=tw
- http://rtwaysea.net/blog/blog-2013-10-18-long.html
- http://michenriksen.com/blog/gitrob-putting-the-open-source-in-osint/
- http://seclist.us/inception-is-a-physical-memory-manipulation-and-hacking-tool-exploiting-pci-based-dma.html
- http://networkfilter.blogspot.pt/2015/01/be-your-own-vpn-provider-with-openbsd.html
- http://www.hexacorn.com/blog/2015/01/08/decompiling-compiled-autoit-scripts-64-bit-take-two/
- https://milo2012.wordpress.com/2015/01/08/proxy-tester-script/
- http://blog.sucuri.net/2015/01/website-backdoors-leverage-the-pastebin-service.html
- https://blog.avast.com/2015/01/06/linux-ddos-trojan-hiding-itself-with-an-embedded-rootkit/
- http://web-in-security.blogspot.pt/2015/01/save-your-cloud-exploiting-eucalyptus.html?spref=tw
- http://www.giac.org/paper/gpen/6684/aix-penetration-testers/125890
- http://randomthoughts.greyhats.it/2015/01/osx-bluetooth-lpe.html
- http://www.shortbus.ninja/phishbait-scraping-the-web-for-email-addresses/
- http://smealum.net/?p=517
- http://blog.lse.epita.fr/articles/75-sstpinball.html
- http://script-ed.org/?p=1671
- https://www.imperialviolet.org/2014/02/22/applebug.html
- https://gist.github.com/joernchen/a7c031b6b8df5d5d0b61
- http://www.droidsec.org/news/2014/02/26/on-the-webview-addjsif-saga.html
- http://lanmaster53.com/2013/07/multi-post-csrf/
- http://7h3ram.github.io/
- http://blog.cassidiancybersecurity.com/post/2014/02/Bitcrypt-broken
- http://www.welivesecurity.com/2014/02/21/an-in-depth-analysis-of-linuxebury/
- http://bromiumlabs.files.wordpress.com/2014/02/bypassing-emet-4-1.pdf
- http://recon.cx/2013/schedule/schedule.html
- http://labs.bromium.com/2014/02/25/dissecting-the-newest-ie10-0-day-exploit-cve-2014-0322/
- http://r000t.com/who-hacked-ec-council/ | https://twitter.com/JamieCaitlin/status/438391518697512960
- http://www.w3.org/People/Raggett/book4/ch02.html
- http://drops.wooyun.org/papers/4621#yjs_add_arg=9893
- http://breakingbits.net/2015/01/18/taking-over-godaddy-accounts-using-csrf
- http://potatohatsecurity.tumblr.com/post/108756906604/admin-google-com-reflected-cross-site-scripting
- http://omriher.blogspot.co.il/2015/01/captipper-malicious-http-traffic.html
- http://www.hackwhackandsmack.com/?p=452
- http://www.labofapenetrationtester.com/2015/01/fun-with-dns-txt-records-and-powershell.html
- http://blog.defragger.org/radare-max++.html
- http://resources.infosecinstitute.com/intelligence-information-gathering-collecting-twitter-followers-25-lines-python/
- http://www.checkpoint.com/downloads/partners/TCC-Silverlight-Jan2015.pdf
- http://sectooladdict.blogspot.co.il/2014/12/el-30-injection-java-is-getting-hacker.html
- http://raidersec.blogspot.ca/2013/06/how-browsers-store-your-passwords-and.html
- http://packetstormsecurity.com/files/122655/LIXIL-Satis-Toilet-Hard-Coded-Bluetooth-PIN.html
- http://www.lofibucket.com/articles/oscilloscope_quake.html
- http://chargen.matasano.com/chargen/2015/1/27/vulnerability-overview-ghost-cve-2015-0235.html
- https://hackerone.com/reports/44146
- http://potatohatsecurity.tumblr.com/post/108197611404/yahoo-root-access-sql-injection-tw-yahoo-com
- https://gitweb.torproject.org/user/jvoisin/mat.git
- http://www.gironsec.com/blog/2015/01/owning_modems_and_routers_silently/
- https://forsec.nl/2015/01/bash-data-exfiltration-through-dns-using-bash-builtin-functions/
- http://securitycafe.ro/2014/12/19/how-to-intercept-traffic-from-java-applications/
- http://chichou.0ginr.com/blog/1023
- https://capsop.com/phpmyadmin
- http://www.malwaretech.com/2015/01/using-kernel-rootkits-to-conceal.html
- http://wouter.coekaerts.be/2015/resurrecting-phantomreference
- https://fail0verflow.com/blog/2014/hubcap-chromecast-root-pt1.html (-root-pt2.html)
- https://milo2012.wordpress.com/2015/01/09/pentesting-firebird-database/
- http://kukuruku.co/hub/infosec/backdoor-in-a-public-rsa-key
- http://www.rfcreader.com/
- http://js-dos.com/
- http://innerht.ml/blog/ie-uxss.html
- http://www.bulbsecurity.com/more-book-exercises-guessable-credentials-apache-tomcat/
- http://wiki.secarmour.com/2013/02/ssi-injection-attack.html
- https://binjitsu.readthedocs.org/en/latest/
- http://0x00string.com/hacktionary/index.php?title=AllShare_Cast
- http://securitycafe.ro/2015/01/05/understanding-php-object-injection/
- https://blog.netspi.com/advisory-xxe-injection-oracle-database-cve-2014-6577/
- http://www.davidlitchfield.com/Privilege_Escalation_via_Oracle_Indexes.pdf
- http://h30499.www3.hp.com/t5/Fortify-Application-Security/Owning-SQLi-vulnerability-with-SQLmap/ba-p/6698577
- http://drops.wooyun.org/papers/4762
- http://keygenmusic.net/
- http://shipyourenemiesglitter.com/
- http://danlec.com/blog/hackerones-first-xss
- http://zoczus.blogspot.pt/2015/02/evercookieswf-stored-cross-site.html
- http://potatohatsecurity.tumblr.com/post/110024705384/google-com-mobile-feedback-url-redirect
- http://samdmarshall.com/re.html
- https://gitlab.maikel.pro/maikeldus/WhatsSpy-Public/wikis/home
- https://net-ninja.net/article/2010/Oct/04/taking-control-of-a-jsp-environment/
- http://breakingmalware.com/vulnerabilities/one-bit-rule-bypassing-windows-10-protections-using-single-bit/
- https://www.checkmarx.com/2014/08/20/swift-security-issues/
- https://rateip.com/blog/sql-injections-in-mysql-limit-clause/
- http://adsecurity.org/?p=1275
- https://isc.sans.edu/forums/diary/Finding+Privilege+Escalation+Flaws+in+Linux/19207/
- http://labs.bromium.com/2015/02/02/exploiting-badiret-vulnerability-cve-2014-9322-linux-kernel-privilege-escalation/
- http://saijogeorge.com/css-puns/
- http://vanilla-js.com/
- http://danlec.com/blog/hacking-stackoverflow-com-s-html-sanitizer
- http://philippeharewood.com/paging-cursors-leaking-data-in-graph-api/
- http://www.shellcheck.net/
- https://jimshaver.net/2015/02/11/decrypting-tls-browser-traffic-with-wireshark-the-easy-way/
- http://seclists.org/fulldisclosure/2015/Feb/56
- http://sourceforge.net/projects/packeth/
- http://shubh.am/exploiting-markdown-syntax-and-telescope-persistent-xss-through-markdown-cve-2014-5144/
- http://blog.sucuri.net/2015/02/creative-evasion-technique-against-website-firewalls.html
- https://www.trustedsec.com/january-2015/account-hunting-invoke-tokenmanipulation/
- http://www.evilsocket.net/2015/01/29/nike-fuelband-se-ble-protocol-reversed/
- http://www.insinuator.net/2015/01/evasion-of-cisco-acls-by-abusing-ipv6-discussion-of-mitigation-techniques/
- https://rh0dev.github.io/blog/2015/fun-with-info-leaks/
- http://haxelion.eu/article/LD_NOT_PRELOADED_FOR_REAL/
- http://pixelscommander.com/en/javascript/nasa-coding-standarts-for-javascript-performance/
- https://littleosbook.github.io/
- http://jasminderpalsingh.info/single.php?p=84
- http://sekurak.pl/xss-w-domenie-www-google-com-postini-header-analyzer/
- http://www.7xter.com/2015/02/how-i-hacked-your-facebook-photos.html
- http://blog.cobaltstrike.com/2015/02/25/my-favorite-powershell-post-exploitation-tools/
- http://infosec42.blogspot.de/2015/02/exploit-seagate-blackarmor-network.html
- http://blog.secureideas.com/2015/02/adventures-in-ldap-injection-exploiting.html
- http://s1gnalcha0s.com/node/2015/01/31/SSJS-webshell-injection.html
- http://www.en.pentester.es/2015/02/from-case-insensitive-to-rce.html
- http://www.proteansec.com/linux/installing-using-cuckoo-malware-analysis-sandbox/
- https://blogs.rsa.com/dns-poisoning-used-boleto-fraud/
- http://w00tsec.blogspot.pt/2015/02/firmware-forensics-diffs-timelines-elfs.html
- http://www.vulnerability-lab.com/get_content.php?id=1432
- http://xmodulo.com/presentation-command-line-linux.html
- http://twitterbiogenerator.com/
- https://beyondbinary.io/advisory/seagate-nas-rce/
- https://www.smacktls.com/#freak
- http://thorly.batr.am/
- https://gist.github.com/worawit/33cc5534cb555a0b710b
- http://blog.rootshell.be/2015/03/04/phpmoadmin-0-day-nmap-script/
- https://blog.whitehatsec.com/dnstest-monitor-your-dns-for-hijacking/
- https://samsclass.info/124/proj14/norton.htm
- http://secureornot.blogspot.co.il/2015/03/gopro-update-mechanism-exposes-multiple.html
- https://barrebas.github.io/blog/2015/02/22/maximum-overkill-two-from-format-string-vulnerability-to-remote-code-execution/
- http://securitycafe.ro/2015/02/23/bypassing-windows-lock-screen-via-flash-screensaver/
- http://www.xexexe.cz/2015/02/bruteforcing-tp-link-routers-with.html
- http://www.vnsecurity.net/research/2015/02/12/msie-vuln-analysis.html
- http://www.contextis.com/resources/blog/automating-removal-java-obfuscation/
- http://pixelambacht.nl/2015/sans-bullshit-sans/
- http://drops.wooyun.org/papers/5107
- https://hackerone.com/reports/48516
- http://sakurity.com/blog/2015/03/05/RECONNECT.html
- https://manifestsecurity.com/appie/
- http://christian-schneider.net/ChromeSopBypassWithSvg.html
- https://lqdc.github.io/making-finfisher-undetectable.html
- https://www.nccgroup.com/media/481815/technical-advisory-multiple-vulnerabilities-in-mailenable.pdf
- http://theelectronjungle.com/2015/02/15/use-after-free-in-vlc-2.1.x/
- http://w00tsec.blogspot.pt/2015/02/extracting-raw-pictures-from-memory.html
- http://www.malwaretech.com/2014/04/coding-malware-for-fun-and-not-for.html
- https://keboch.wordpress.com/2008/11/09/please-accept-this-spider-as-payment/
- https://gist.github.com/dchest/7225cf79c1ea2166489c
- http://googleprojectzero.blogspot.pt/2015/03/exploiting-dram-rowhammer-bug-to-gain.html
- http://www.7xter.com/2015/03/how-i-exposed-your-private-photos.html
- http://nullsecurity.net/tools.html
- http://www.securitysift.com/pecloak-py-an-experiment-in-av-evasion/
- http://www.pritect.net/blog/esc_sql-doh-wordpress-sql-injection-vulnerability
- http://jumpespjump.blogspot.in/2013/01/making-usb-flash-drive-hw-trojan.html
- http://secniche.blogspot.pt/2015/03/a-real-world-story-of-cve-2014-6332-rce.html
- http://www.halfdog.net/Security/2015/HavingFunWithDmesg/
- http://0xthem.blogspot.gr/2015/03/hijacking-ssh-to-inject-port-forwards.html
- http://securitycafe.ro/2015/01/28/intercepting-functions-from-statically-linked-libraries/
- http://www.hackersusethis.com/
- http://blog.nibblesec.org/2015/03/the-old-is-new-again-cve-2011-2461-is.html
- http://sekurak.pl/kolejny-xss-w-www-google-com-custom-search-engine/
- http://netwars-project.com/webdoc
- https://x-ryl669.github.io/Frost/
- https://mozillasecurity.github.io/dharma/
- http://breakingmalware.com/vulnerabilities/vulnerability-patching-learning-from-avg-on-doing-it-right/
- http://labs.detectify.com/post/114572572966/stealing-files-from-web-servers-by-exploiting-a
- http://highon.coffee/blog/ssh-meterpreter-pivoting-techniques/
- http://www.security-explorations.com/en/SE-2014-02-details.html
- http://carnal0wnage.attackresearch.com/2015/03/devooops-revision-control-git.html
- http://ultimatehackingarticles.blogspot.pt/2013/01/error-based-sql-injection-tutorial.html
- https://bughardy.me/a-ghost-tale/
- https://www.nccgroup.com/en/blog/2015/02/abusing-blu-ray-players-pt-1-sandbox-escapes/
- http://shrigley.com/source_code_archive/
- https://www.reddit.com/r/networking/comments/2gjzof/its_been_a_rough_week/
- http://blog.saynotolinux.com/2014/03/01/yahoos-pet-show-of-horrors-abusing-a-crossdomain-proxy-to-leak-a-users-email/
- http://www.jakoblell.com/blog/2013/10/30/real-world-csrf-attack-hijacks-dns-server-configuration-of-tp-link-routers-2/
- http://neocri.me/documentation/using-ssh-certificate-authentication/
- https://www.netspi.com/blog/entryid/220/dekrypto-padding-oracle-attack-against-ibm-websphere-commerce-cve-2013-05230
- http://pwnrules.com/yahoo-suggestions-vulnerability/
- http://www.reddit.com/r/apple/comments/1zh3gw/iphone_5s_continues_to_track_your_motion_even/
- http://packetstormsecurity.com/files/125442/Office-365-Account-Hijacking.html
- http://www.netresec.com/?page=Blog&month=2013-10&post=Command-line-Forensics-of-hacked-PHP-net
- http://h30499.www3.hp.com/t5/HP-Security-Research-Blog/Process-Introspection-with-Python/ba-p/6402821
- http://libgen.org/scimag/
- http://quals.sec.codebits.eu/cb/1487ab262e8deb6ec5b9dd49a18d8ac5a/
- http://danlec.com/blog/xss-via-a-spoofed-react-element
- http://tomforb.es/dell-system-detect-rce-vulnerability
- http://kamil.hism.ru/posts/about-vrg-and-delete-any-youtube-video-issue.html
- http://blackarch.org/index.html
- http://packetstormsecurity.com/files/131185/jbossjmx-exec.txt
- http://shadow-file.blogspot.pt/2015/02/bowcaster-feature-multipartform-data.html
- http://www.netresec.com/?page=Blog&month=2015-03&post=China%27s-Man-on-the-Side-Attack-on-GitHub
- http://blog.lumberlabs.com/2012/04/why-app-developers-should-care-about.html
- https://blog.netspi.com/all-you-need-is-one-a-clickonce-love-story/
- https://hsmr.cc/palinopsia/
- http://www.tuxmealux.net/2015/03/10/code-injection/
- http://h30499.www3.hp.com/t5/Fortify-Application-Security/XPATH-Assisted-XXE-Attacks/ba-p/6721576
- https://code.google.com/p/google-security-research/issues/detail?id=222
- https://bugzilla.redhat.com/show_bug.cgi?id=1202858
- http://marcoramilli.blogspot.pt/2015/02/notorious-hacking-groups.html
- http://www.mreagle0x.xyz/2015/01/the-tricky-vineco-xss-and-how-to-filter.html
- http://nahamsec.com/lack-of-domain-verification-by-google/
- http://pouyadarabi.blogspot.pt/2015/03/facebook-bypass-ads-account-roles.html
- http://www.parrotsec.org/
- http://nullonerror.org/2015/04/05/escondendo-informacoes-dentro-de-imagens/
- http://forum.xda-developers.com/android/development/guide-root-method-lg-devices-t3049772
- https://hackerone.com/reports/46916
- https://sploitfun.wordpress.com/
- http://smerity.com/articles/2015/amazon_information_leakage.html
- https://www.reddit.com/r/netsec/comments/2xl412/abusing_rfc_5227_to_dos_windows_hosts/
- https://haiderm.com/column-truncation-sql-injection-vulnerability/
- http://www.websegura.net/advisories/facebook-rfd-and-open-file-upload/
- https://stackoverflow.com/questions/3115559/exploitable-php-functions
- http://blog.loadzero.com/blog/tracking-down-a-segfault-in-grep/
- http://cachemonet.com/
- http://sixteencolors.net/
- https://dougvitale.wordpress.com/2011/12/21/deprecated-linux-networking-commands-and-their-replacements/
- http://intothesymmetry.blogspot.ch/2015/04/open-redirect-in-rfc6749-aka-oauth-20.html
- https://truesecdev.wordpress.com/2015/04/09/hidden-backdoor-api-to-root-privileges-in-apple-os-x/
- https://ma.ttias.be/remote-code-execution-via-http-request-in-iis-on-windows/
- http://www.openwall.com/lists/oss-security/2015/04/14/4
- https://blog.criticalstack.com/envdb-ask-your-environment-questions/
- http://blog.h3xstream.com/2015/04/crossdomainxml-beware-of-wildcards.html
- http://0xdabbad00.com/2015/04/12/looking_for_security_trouble_spots_in_go_code/
- http://blog.maintenancewindow.ca/post/2015/03/29/Making-Smart-Locks-Smarter-%28aka.-Hacking-the-August-Smart-Lock%29
- http://niiconsulting.com/checkmate/2015/04/server-side-request-forgery-ssrf/
- http://www.labofapenetrationtester.com/2015/02/using-windows-screensaver-as-backdoor.html
- http://beginners.re/
- http://sirdarckcat.blogspot.hk/2014/05/matryoshka-web-application-timing.html
- http://blog.0x3a.com/post/110052845124/an-in-depth-analysis-of-the-fiesta-exploit-kit-an
- http://8088mph.blogspot.pt/2015/04/cga-in-1024-colors-new-mode-illustrated.html
- http://crpgaddict.blogspot.pt/2015/04/game-183-shadowforge-1989.html
- http://visualgo.net/
- http://xn--mric-bpa.fr/blog/blackjack.html
- https://miki.it/blog/2015/4/20/the-power-of-dns-rebinding-stealing-wifi-passwords-with-a-website/
- http://blog.innerht.ml/twitter-crlf-injection/
- https://binary.ninja/
- http://www.kitploit.com/2015/04/rekall-most-complete-memory-analysis.html
- http://tfpwn.com/files/fd-wnr2000v4.txt
- http://www.openwall.com/lists/oss-security/2015/04/22/12
- https://hashcat.net/misc/postgres-pth/postgres-pth.pdf
- https://blog.netspi.com/playing-content-type-xxe-json-endpoints/
- http://bartblaze.blogspot.co.uk/2015/03/c99shell-not-dead.html
- http://www.malcolmstagg.com/bdp-s390.html
- http://v0ids3curity.blogspot.de/2015/04/exploiting-php-bug-66550-sqlite.html
- https://reclaim-your-privacy.com/wiki/Anonabox_Analysis
- http://www.s3cur1ty.de/node/687
- https://www.reddit.com/r/PHP/comments/1l7baq/creating_a_user_from_the_web_problem/
- http://blog.malerisch.net/2015/04/pwning-hp-thin-client.html
- http://www.rafayhackingarticles.net/2015/04/sucuri-waf-xss-filter-bypass.html
- http://klikki.fi/adv/wordpress2.html
- http://w1.fi/security/2015-1/wpa_supplicant-p2p-ssid-overflow.txt
- https://cisofy.com/lynis/
- http://www.paulosyibelo.com/2015/04/facebooks-parse-dom-xss.html
- https://haiderm.com/oracle-sql-injection-guides-and-whitepapers/
- http://www.devttys0.com/2015/04/what-the-ridiculous-fuck-d-link/
- https://www.idontplaydarts.com/2011/11/decrypting-suhosin-sessions-and-cookies/
- http://www.secgeek.net/youtube-vulnerability/
- http://bobao.360.cn/learning/detail/357.html
- https://chentiangemalc.wordpress.com/2015/04/17/patching-a-null-pointer-access-violation/
- http://www.floyd.ch/?p=584
- http://www.gameofhacks.com/
- http://feross.org/hacks/ahh-windows/
- http://blog.bentkowski.info/2015/05/xss-via-file-upload-wwwgooglecom.html
- https://hackerone.com/reports/14883
- https://www.firefart.at/how-to-crack-mifare-classic-cards/
- https://blog.sucuri.net/2015/04/critical-persistent-xss-0day-in-wordpress.html
- http://blog.checkpoint.com/2015/04/20/analyzing-magento-vulnerability/
- http://malware-unplugged.blogspot.ie/2015/01/hunting-and-decrypting-communications.html
- http://www.vulnerability-lab.com/get_content.php?id=1474
- http://synacktiv.ninja/ressources/synacktiv_drupal_xxe_services.pdf
- http://blog.atx.name/reverse-engineering-radio-weather-station/
- https://drive.google.com/a/ase/folderview?id=0B2G2LjIu7WbdfjhaUmVzc1lCR2hUdk5fZllCOHdtbFItbU5qYzdqZGVxdmlnRkJyYVQ4VU0
- http://io.smashthestack.org/
- http://natmchugh.blogspot.co.uk/2015/05/how-to-make-two-binaries-with-same-md5.html
- https://deya2diab.wordpress.com/2015/02/21/yahoo-main-domain-xss/
- http://seclist.us/poodle-attack-poc-implementation-of-the-poodle-attack.html
- https://git.hacklab.kr/snippets/13
- https://bokken.re/
- https://blog.netspi.com/forcing-xxe-reflection-server-error-messages/
- http://blog.bentkowski.info/2015/04/xss-via-host-header-cse.html
- http://hextechsecurity.com/?p=123
- http://blog.silentsignal.eu/2015/05/07/cve-2014-3440-symantec-critical-system-protection-remote-code-execution/
- http://www.viva64.com/en/a/0084/
- https://blog.cloudflare.com/an-introduction-to-javascript-based-ddos/
- http://blog.amossys.fr/Automated%20Reverse%20Engineering%20of%20Cryptographic%20Algorithms.html
- http://www.windows93.net/
- http://code.snipcademy.com/tutorials/command-line/steak/cooking
- https://weakdh.org/
- http://blog.bentkowski.info/2015/05/xss-via-windowstop-google-safen-up.html
- https://dnsdumpster.com/
- http://www.contextis.com/resources/blog/manually-testing-ssltls-weaknesses/
- http://jumpespjump.blogspot.ca/2015/05/many-ways-of-malware-persistence-that.html
- http://www.kazamiya.net/en/artifact/wipe/deletedsc
- https://rya.nc/cert-tricks.html
- http://security.cs.rpi.edu/courses/binexp-spring2015/
- http://blog.gdssecurity.com/labs/2015/4/29/automated-data-exfiltration-with-xxe.html
- http://www.adlice.com/bho-a-spy-in-your-browser/
- https://drive.google.com/a/share/folderview?id=0B7rtSe_PH_fTWDQ0RC1DeWVoVUE&usp=sharing#
- http://www.manuel-strehl.de/dev/minimal_git_folder
- http://instantlyfuzzyshark.tumblr.com/post/119456076505/unauthorized-deletion-of-google-collections
- http://sakurity.com/blog/2015/05/21/starbucks.html
- http://www.benhayak.com/2015/05/stealing-private-photo-albums-from-Google.html
- http://www.kitploit.com/2015/05/remote-dll-injector-v20-command-line.html
- http://www.binvul.com/viewthread.php?tid=508
- http://ab0files.com/writing-a-metasploit-post-exploitation-module
- http://www.backerstreet.com/rec/rec.htm
- http://seclist.us/updates-windows-exploit-suggester-revision-v-2-5.html
- http://www.pagerduty.com/blog/the-discovery-of-apache-zookeepers-poison-packet/
- http://sakurity.com/blog/2015/05/08/pusher.html
- https://stackoff.ru/pochemu-reklama-v-skajpe-ne-tolko-urodliva-no-eshhe-i-opasna/
- http://securityinside.info/evitando-hsts-una-cuestion-de-tiempo/
- http://venom.crowdstrike.com/
- http://cory.li/bytecode-hacking/
- https://www.altsci.com/ipsec/
- https://blog.netspi.com/gpu-cracking-rebuilding-box/
- http://stacksmasher.me/tutorials/browser-anonymity-and-security/
- https://reverse.put.as/2015/05/29/the-empire-strikes-back-apple-how-your-mac-firmware-security-is-completely-broken/
- http://labs.detectify.com/post/120088174539/building-an-xss-polyglot-through-swf-and-csp
- https://www.exploit-db.com/docs/35152.pdf
- http://caca.zoy.org/wiki/zzuf
- http://samy.pl/opensesame/
- http://hackerhurricane.blogspot.nl/2015/05/defending-against-powershell-shells.html
- http://xn--thibaud-dya.fr/robots.txt.html
- http://web-in-security.blogspot.de/2015/05/how-to-attack-xml-encryption-in-ibm.html
- https://blog.whitehatsec.com/magic-hashes/
- http://blog.balicbilisim.com/gomulu-cihaz-guvenligi-ve-zollard-botnet-analizi/
- http://jaanuskp.blogspot.cz/2015/05/cve-2015-3200.html
- https://bugs.launchpad.net/ubuntu/+source/sudo/+bug/1219337
- http://www.dimitrifourny.com/2014/03/08/how-i-have-fuzzed-php/
- http://pastebin.com/0EqWGmTi
- http://linuxaria.com/howto/ssh-in-2-steps-on-linux-with-google-authenticator?lang=en
- http://console-cowboys.blogspot.co.uk/2014/03/the-curious-case-of-ninjamonkeypiratela.html
- http://bas.bosschert.nl/steal-whatsapp-database/
- https://code.google.com/p/chromium/issues/detail?id=240058
- http://zairon.wordpress.com/2014/03/06/obfuscated-shellcode-inside-a-malicious-rtf-document/
- http://www.palkeo.com/code/stealing-bitcoin.html
- http://www.2uo.de/myths-about-urandom/
- http://0xa.li/php-date-is-xssable/
- https://intrepidusgroup.com/insight/2014/03/atv-password-log-bug/
- http://mreagle0x.blogspot.in/2014/03/how-can-i-get-your-facebook-account.html
- https://bugzilla.mozilla.org/show_bug.cgi?id=949446
- https://labs.portcullis.co.uk/blog/raspberry-ph0wn/
- http://labs.detectify.com/post/120855545341/google-xss-turkey
- http://topolik-at-work.blogspot.cz/2015/06/cve-2015-3096-rosetta-flash-fix-bypass.html
- http://ddecode.com/phpdecoder/
- https://www.exploit-db.com/exploits/37098/
- https://cxsecurity.com/issue/WLB-2015050153
- http://blog.jpcert.or.jp/.s/2015/05/a-new-uac-bypass-method-that-dridex-uses.html
- http://media.ccc.de/browse/conferences/camp1999/
- https://blog.coresecurity.com/2015/05/18/ms15-011-microsoft-windows-group-policy-real-exploitation-via-a-smb-mitm-attack/
- https://www.anfractuosity.com/projects/timeshifter/
- http://www.defenceindepth.net/2013/11/oracle-listener-11107-information.html
- http://n0where.net/best-onion-links-deep-web/
- https://hackerone.com/reports/52042
- http://mksben.l0.cm/2015/06/bypassing-xss-filter-showmodaldialog.html
- http://www.benhayak.com/2015/06/same-origin-method-execution-some.html
- http://seclists.org/fulldisclosure/2015/May/122
- https://html5sec.org/cspbypass/
- https://forum.bugcrowd.com/t/sqlmap-tamper-scripts-sql-injection-and-waf-bypass/423
- http://cheeky4n6monkey.blogspot.pt/2015/06/extracting-pictures-from-ms-office-2007.html
- http://www.shelliscoming.com/2015/06/tls-injector-running-shellcodes-through.html
- https://benmmurphy.github.io/blog/2015/06/04/redis-eval-lua-sandbox-escape/
- http://0xdabbad00.com/2015/04/18/go_code_auditing/
- https://expdev-kiuhnm.rhcloud.com/2015/05/11/contents/
- https://blog.benjojo.co.uk/post/auditing-github-users-keys
- http://security.coverity.com/blog/2015/Jun/a-slice-of-pie.html
- http://www.patrick-wied.at/static/nudejs/
- http://jstnkndy.blogspot.pt/2015/06/a-fun-attack-path-starting-with-xxe.html
- http://zoczus.blogspot.pt/2015/04/plupload-same-origin-method-execution.html
- http://cybersyndicates.com/2015/06/sms-log-alert/
- https://gist.github.com/joernchen/d868521352f1ccd25095
- https://chloe.re/2015/06/20/a-month-with-badonions/
- https://yifan.lu/2015/06/21/hacking-the-ps-vita/
- https://blog.haschek.at/post/fd854
- http://blog.pangu.io/ie-uninit-memory/
- https://mborgerson.com/deconstructing-the-xbox-boot-rom
- http://www.fuzzysecurity.com/tutorials/20.html
- https://www.linkedin.com/pulse/cli-skype-roman-x-shafigullin
- http://potatohatsecurity.tumblr.com/post/94565729529/defcon-22-badge-challenge-walkthrough
- http://people.zoy.org/~sam/filsdepute.txt
- http://thehackerblog.com/the-noscript-misnomer-why-should-i-trust-vjs-zendcdn-net/
- https://www.veracode.com/blog/2015/06/angularjs-expression-security-internals
- http://joevennix.com/2015/06/24/Adventures-in-Browser-Exploitation-Part-II--Safari-8-UXSS.html
- http://www.pc-help.org/obscure.htm
- https://reverse.put.as/2015/07/01/reversing-prince-harmings-kiss-of-death/
- https://paragonie.com/blog/2015/06/preventing-xss-vulnerabilities-in-php-everything-you-need-know
- http://vladz.devzero.fr/015_lsm-backdoor.html
- http://nullsecure.org/threat-intel-web-crew/
- http://blog.mazinahmed.net/2015/06/facebook-messenger-multiple-csrf.html
- http://blog.csnc.ch/2015/06/xslt-security-and-server-side-request-forgery/
- http://container-solutions.com/content/uploads/2015/06/15.06.15_DockerCheatSheet_A2.pdf
- https://www.whitehatters.academy/hackfu-2015-badge-loyalty-system/
- http://drops.wooyun.org/papers/6905
- http://davidjorm.blogspot.pt/2015/07/101-ways-to-pwn-phone.html
- https://hiddencodes.wordpress.com/2015/06/18/deobfuscate-javascript-using-phantomjs-headless-browser/
- http://grimhacker.com/wordpress/2015/04/10/gp3finder-group-policy-preference-password-finder/
- http://blog.quarkslab.com/quarkslabs-chatsecure-review.html
- https://www.exploitee.rs/index.php/Wink_Hub
- https://djbunny5.com/2015/06/26/dns-amplification-attacks/
- https://truesecdev.wordpress.com/2015/07/01/exploiting-rootpipe-again/
- https://pierrekim.github.io/blog/2015-07-01-poc-with-RCE-against-127-iptime-router-models.html
- https://blog.bugcrowd.com/advice-from-a-researcher-xxe/
- https://cellhack.net/login/
- http://blog.innerht.ml/cascading-style-scripting/
- https://thehackerblog.com/stealing-lastpass-passwords-with-clickjacking/
- http://www.firmware.re/
- http://www.mbsd.jp/Whitepaper/rpo.pdf
- https://sploitfun.wordpress.com/2015/06/26/linux-x86-exploit-development-tutorial-series/
- http://gfragkos.blogspot.co.uk/2015/06/linkedin-security-issue-unvalidated.html
- http://nahamsec.com/yahoo-image-processing-xspa/
- http://blog.tokumaru.org/2013/03/csrf-and-cookie-monster-bug.html
- http://samsymons.com/blog/reverse-engineering-with-radare2-part-1/
- https://k0st.wordpress.com/2015/07/05/identifying-and-exploiting-rom-0-vulnerabilities/
- https://kr5hou2zh4qtebqk.onion.to/ezines/
- https://jonasnick.github.io/blog/2015/07/08/exploiting-csgojackpots-weak-rng/
- http://josipfranjkovic.blogspot.ru/2015/07/the-easiest-bug-bounties-i-have-ever-won.html
- https://goo.gl/y17Bep
- https://www.dropbox.com/s/sax2a5fm3z3q2nt/iChainbreaker_OSX.zip?dl=0
- https://localh0t.github.io/wildpwn-v0.1-unix-wildcard-attacks/
- https://www.offensivebits.com/?p=89
- https://zeltser.com/c2-dns-tunneling/
- http://blog.ghettoha.xxx/reversing-powersaves-for-amiibo
- https://defuse.ca/bochs-hacking-guide.htm
- http://blog.cr4.sh/2015/07/building-reliable-smm-backdoor-for-uefi.html
- https://www.securify.nl/blog/SFY20150601/securify_spot_the_bug_challenge_2015_contest_analysis.html
- https://thejh.net/written-stuff/openssh-6.8-xsecurity
- http://www.contextis.com/resources/blog/dnswatch-when-full-dns-tunnel-just-too-much/
- http://noone.org/talks/ssh-tricks/ssh-tricks-rmll.html
- http://0x27.me/HackBack/0x00.txt
- http://emulator101.com/
- http://blog.ptsecurity.com/2015/07/best-reverser-write-up-analyzing.html
- https://k0st.wordpress.com/2012/10/23/rip-or-pillage-dvcs-story-about-git/
- http://www.sac.sk/files.php?d=7
- http://0x90909090.blogspot.fr/2015/07/no-one-expect-command-execution.html
- https://k0st.wordpress.com/2015/07/13/identifying-and-exploiting-ibm-websphere-application-server/
- http://www.sleuthkit.org/autopsy/
- https://securityblog.redhat.com/2015/07/23/libuser-vulnerabilities/
- http://seclists.org/fulldisclosure/2015/Jul/11
- http://labs.bromium.com/2015/07/10/government-grade-malware-a-look-at-hackingteams-rat/
- https://fuzzing-project.org/tutorial-cflags.html
- https://frederik-braun.com/using-subresource-integrity.html
- https://blogs.securiteam.com/index.php/archives/2502
- https://www.sektioneins.de/en/blog/15-07-07-dyld_print_to_file_lpe.html
- https://digital-forensics.sans.org/community/summits
- http://overthewire.org/wargames/
- http://www.nopwn.com/
- https://fin1te.net/articles/messenger-site-wide-csrf/
- http://blog.portswigger.net/2015/08/server-side-template-injection.html
- http://labs.detectify.com/post/125256364141/how-i-disabled-your-chrome-security-extensions
- https://gist.github.com/Wack0/bcc5a196f0874a39b08f
- http://pastebin.com/raw.php?i=6fcdqfbd
- https://sturmflut.github.io/ubuntu/touch/2015/05/07/hacking-ubuntu-touch-index/
- http://cr.yp.to/djbdns/notes.html
- http://www.rc4nomore.com/
- http://www.contextis.com/resources/blog/wireless-phishing-captive-portals/
- http://mihai.bazon.net/blog/externalinterface-is-unreliable
- http://www.anti-reversing.com/1813/
- http://blog.cobaltstrike.com/2015/07/22/winrm-is-my-remote-access-tool/
- http://x42.obscurechannel.com/2015/07/26/cracking-the-roku-v2-wpa2-psk/
- https://hackerone.com/reports/58679
- https://paul.reviews/behavioral-profiling-the-password-you-cant-change/
- http://silentbreaksecurity.com/exploiting-ms15-076-cve-2015-2370/
- http://www.ehacking.net/2015/07/bypass-anti-virus-with-shellter-on-kali.html
- http://www.cyberciti.biz/faq/apple-mac-osx-find-wi-fi-network-password/
- https://cymon.io/
- https://jve.linuxwall.info/blog/index.php?post/2015/07/26/Using-Mozilla-Investigator-%28MIG%29-to-detect-unknown-hosts
- http://bugs.proftpd.org/show_bug.cgi?id=4143#c0
- http://pbiernat.blogspot.co.uk/2014/09/bypassing-python-sandbox-by-abusing.html
- https://medium.com/@ValdikSS/detecting-vpn-and-its-configuration-and-proxy-users-on-the-server-side-1bcc59742413
- http://opengarages.org/handbook/2014_car_hackers_handbook_compressed.pdf
- http://www.codeandux.com/writing-a-simple-decompiler-for-net-part-1/
- http://arxiv.org/pdf/1507.06955v1.pdf
- https://blog.netspi.com/auto-dumping-domain-credentials-using-spns-powershell-remoting-and-mimikatz/
- https://xebialabs.com/periodic-table-of-devops-tools/
- https://www.youtube.com/watch?v=Jk5Yad598vs
- https://plus.google.com/u/0/+AleksandrDobkin-Google/posts/JMwA7Y3RYzV
- http://tinyhack.com/2014/03/12/implementing-a-web-server-in-a-single-printf-call/
- http://www.debasish.in/2014/03/in-memory-kernel-driverioctlfuzzing.html
- http://capstone-engine.org/bot.html
- http://www.scs.stanford.edu/brop/
- http://blog.didierstevens.com/2014/03/20/xorsearch-finding-embedded-executables/
- http://swfid.zz.mu/swfid
- http://blog.includesecurity.com/2014/03/exploit-CVE-2014-0038-x32-recvmmsg-kernel-vulnerablity.html
- http://blog.shubh.am/ssrf-is-dangerous/
- https://www.securusglobal.com/community/2014/03/17/how-i-got-root-with-sudo/
- http://blog.veracode.com/2014/03/introducing-the-ios-reverse-engineering-toolkit/
- http://sorting.at/
- https://gist.github.com/homakov/9383241
- http://sakurity.com/blog/2015/08/13/middlekit.html
- http://x42.obscurechannel.com/2015/08/14/netripper_metasploit/
- http://blog.gojhonny.com/2015/08/domain-administrator-in-17-seconds.html
- http://jpinsoft.net/DeepSound/Documentation.aspx
- https://sysexit.wordpress.com/2015/07/29/bypassing-the-windows-8-1-picture-password-feature-with-a-kernel-debugger/
- http://codewhitesec.blogspot.in/2015/07/symantec-endpoint-protection.html?m=1
- https://gun.io/blog/building-a-twitterbot-in-node-to-post-xss-payloads/
- http://baileysoriginalirishtech.blogspot.pt/2015/06/applocker-schmapplocker.html
- http://noxxi.de/research/sophos-utm-webprotection-bypass2.html
- http://www.sicherheitsforschung-magdeburg.de/uploads/journal/MJS_034_Lukas_Java.pdf
- http://volatility-labs.blogspot.pt/2015/08/recovering-teamviewer-and-other.html
- https://speakerdeck.com/ange/lets-write-a-pdf-file
- https://www.exploit-db.com/exploits/37669/
- http://rotlogix.com/2015/08/23/exploiting-the-mercury-browser-for-android/
- http://vulnerabledoma.in/camp2015_sop/
- https://zyan.scripts.mit.edu/blog/backdooring-js/
- http://www.openwall.com/lists/oss-security/2015/08/04/8
- http://rossmarks.co.uk/blog/?p=609
- https://blog.netspi.com/powershell-remoting-cheatsheet/
- http://itsjack.cc/blog/2015/08/surveying-codecanyon-scripts-xss-lfi-sqli-more/
- http://3vildata.tumblr.com/post/125666311707/abusing-the-mpc-hc-webui-to-steal-private-pictures
- http://antukh.com/blog/2015/08/22/dark-appsec/
- https://www.blackhat.com/docs/us-15/materials/us-15-Brossard-SMBv2-Sharing-More-Than-Just-Your-Files-wp.pdf
- http://www.codereversing.com/blog/archives/261
- https://gbmaster.wordpress.com/2015/08/13/x86-exploitation-101-integer-overflow-adding-one-more-aaaaaaaaaaand-its-gone/
- https://blogs.securiteam.com/index.php/archives/2550
- https://dfir.it/blog/2015/07/18/toxic-pdf-walkthrough-bsides-london-challenge/
- http://metalcaptcha.heavygifts.com/
- http://www.7xter.com/2015/08/hacking-facebook-pages.html
- https://www.youtube.com/watch?v=2Kw6VPlBz9w
- https://labs.integrity.pt/articles/xxe-all-the-things-including-apple-ioss-office-viewer/
- https://pierrekim.github.io/advisories/2015-totolink-0x02.txt
- https://gist.github.com/subTee/732330ebfeb5c63b1296
- https://gist.github.com/pakt/c70073a0e0de1f47f579
- http://seclists.org/fulldisclosure/2015/Aug/21
- https://blog.sucuri.net/2015/08/persistent-xss-vulnerability-in-wordpress-explained.html
- https://www.gitbook.com/book/radare/radare2book/details
- https://goo.gl/xgGGt4
- https://crowdshield.com/blog.php?name=reverse-engineering-a-critical-wordpress-0day-exploit
- http://googleprojectzero.blogspot.de/2015/08/attacking-ecmascript-engines-with.html
- http://blog.ropchain.com/2015/08/16/analysis-of-exploit-targeting-office-2007-2013-ms15-022/
- http://intothesymmetry.blogspot.it/2015/08/apple-safari-sop-bypass-cve-2015-3753.html
- https://code.google.com/p/chromium/issues/detail?id=526293
- http://norvig.com/sudoku.html
- http://www.sec-down.com/wordpress/?p=553
- https://www.bishopfox.com/blog/2015/08/coldfusion-bomb-a-chain-reaction-from-xss-to-rce/
- http://raz0r.name/articles/css-attacks/
- http://zx.rs/6/DroidDucky---Can-an-Android-quack-like-a-duck/
- http://www.intelligentexploit.com/view-details.html?id=21905
- https://gist.github.com/mattifestation/47f9e8a431f96a266522
- http://insecurety.net/?p=765
- http://www.malwaretech.com/2015/08/creating-ultimate-tor-virtual-network.html
- http://blog.ioactive.com/2015/09/the-beauty-of-old-school-backdoors.html
- http://www.hexacorn.com/blog/2015/08/15/two-pe-tools-you-might-have-never-heard-of-now-you-do/
- http://blog.crowdstrike.com/native-java-bytecode-debugging-without-source-code/
- https://gbmaster.wordpress.com/2015/08/03/x86-exploitation-101-off-by-one-and-an-uninvited-friend-joins-the-party/
- http://www.pentestpartners.com/blog/hacking-defcon-23s-iot-village-samsung-fridge/
- http://cybermashup.com/2015/08/25/how-to-crack-ubuntu-disk-encryption-and-passwords/
- http://translate.wooyun.io/2015/09/01/Bypass-WAF-Cookbook.html
- https://hackerone.com/reports/77065
- http://dreamsofastone.blogspot.de/2015/07/reverse-engineering-nostalgia.html
- http://www.filet-o-firewall.com/
- http://ownsecurity.blogspot.ro/2015/08/how-i-found-sweets-inside-google.html
- https://warroom.securestate.com/index.php/spawning-shells-over-bluetooth/
- http://thehackerblog.com/sonar-a-framework-for-scanning-and-exploiting-internal-hosts-with-a-webpage/
- https://www.jkry.org/ouluhack/Toyota%20Touch%20%26%20Go
- http://www.phrack.org/papers/self-patching-msxml.html
- https://cturt.github.io/ps4.html
- https://tinyurl.com/pv868t6
- http://blog.cryptographyengineering.com/2015/09/lets-talk-about-imessage-again.html
- http://trainwatch.u0d.de/
- https://oreoshake.github.io/xss/rce/bugbounty/2015/09/08/xss-to-rce.html
- http://mohamedmfouad.blogspot.pt/2015/09/starbucks-critical-flaws-allow-hackers.html
- http://goo.gl/MKvt4p
- https://isc.sans.edu/diary/PDF+%2B+maldoc1+%3D+maldoc2/20079
- https://gist.github.com/atcuno/3425484ac5cce5298932
- http://nullsecure.org/building-your-own-passivedns-feed/
- http://l.avala.mp/blog/pwnage-per-port-22opentcpssh/
- http://drops.wooyun.org/papers/8298
- http://wololo.net/2015/09/22/exploit-psx-games-psp-vita/
- https://www.lucidchart.com/techblog/2015/08/31/the-worst-mistake-of-computer-science/
- https://goo.gl/Dk0Iin (+)
- https://xem.github.io/hex/
- http://www.linusakesson.net/programming/tty/
- https://ucnv.github.io/pnglitch/
- http://ashishpadelkar.com/index.php/2015/09/23/facebook-simple-technical-bug-worth-7500/
- http://g-laurent.blogspot.pt/2015/09/demistifying-responder-wpad.html
- http://alex.hyperiongray.com/posts/302352-pwn-the-docs
- http://sourceforge.net/projects/exploitresolver/
- http://www.thijsbroenink.com/2015/08/bruteforcing-coupon-codes-for-discount.html
- https://gist.github.com/subTee/28b7439d3dfa07053b61
- https://gist.github.com/colinmahns/e3c38c5eae6c4bf6441d
- http://theta44.org/karma/
- http://drops.wooyun.org/papers/8261
- http://www.securitygalore.com/site3/safari-pasv
- http://blog.perimeterx.com/bugzilla-cve-2015-4499
- https://docs.google.com/document/d/1v1TkWZtrhzRLy0bYXBcdLUedXGb9njTNIJXa3u9akHM/edit?pli=1#
- http://d.hatena.ne.jp/end0tknr/20150830/1440885918
- https://www.rcesecurity.com/2015/09/cve-2014-7216-a-journey-through-yahoos-bug-bounty-program/
- https://goo.gl/0fcbEB
- http://sijmen.ruwhof.net/weblog/584-how-i-could-hack-internet-bank-accounts-of-danish-largest-bank-in-a-few-minutes
- https://security.bugs.gallery
- http://www.sw1tch.net/blog/gone-kingphishin-part-1-kingphisher-beef-digital-ocean-kali
- https://gist.github.com/wirehack7/fccc32806221c4c803dd
- https://testssl.sh/
- http://dangerousprototypes.com/2015/09/08/a-xsvf-assemblerdisassembler-in-python/
- http://www.room362.com/2012/02/ms08068-ms10046-fun-until-2018.html
- http://www.bigendiansmalls.com/mainframe-bind-shell-source-code/
- https://www.davidsopas.com/acunetix-got-rfded/
- http://lucb1e.com/rp/cookielesscookies/
- https://www.rapid7.com/docs/Hacking-IoT-A-Case-Study-on-Baby-Monitor-Exposures-and-Vulnerabilities.pdf
- http://conorpp.com/blog/proxying-bluetooth-devices-for-security-analysis-using-btproxy/
- https://www.notsosecure.com/2015/09/24/remote-code-execution-via-php-unserialize/
- https://dfirblog.wordpress.com/2015/09/27/dissecting-powershell-attacks/
- http://www.sekoia.fr/blog/malware-and-com-object-the-paradise-of-covert-channels/
- https://blog.coresecurity.com/2015/09/28/abusing-gdi-for-ring0-exploit-primitives/
- http://www.clicktorelease.com/blog/svg-google-logo-in-305-bytes
- http://www.leakedin.com/
- https://www.mdsec.co.uk/2015/09/an-introduction-to-hardware-hacking-the-ripe-atlas-probe/
- https://www.davidsopas.com/reflected-file-download-cheat-sheet/
- https://inventropy.us/blog/constructing-an-xss-vector-using-no-letters
- http://subt0x10.blogspot.pt/2015/09/simple-example-of-encoded-mimikatz-upx.html
- https://gist.github.com/mak/bd71962aae98ab0b0441
- http://www.malwarefieldguide.com/LinuxChapter2.html
- https://williammahler.github.io/Capstone.js-bookmarklet/
- https://www.fabionatalucci.it/individuate-vulnerabilita-su-ilmessaggero-it-full-disclosure/
- http://blog.dornea.nu/2015/10/02/manage-pki-using-openssl/
- https://blog.perimeterx.com/bugzilla-cve-2015-4499/
- http://blog.silentsignal.eu/2014/07/28/how-to-got-root-access-on-fireeye-os/
- http://andreicostin.com/secadv/HP_MIPIO_backdoor.txt
- https://shubh.am/exploiting-url-shortners-to-discover-sensitive-resources-2/
- https://quequero.org/2015/09/black-hat-arsenal-peepdf-challenge-2015-writeup/
- https://www.sysdream.com/exploiting-symfony2-profiler
- https://bwall.github.io/libemu-scapy-for-shellcode-on-the-network/
- http://www.sekoia.fr/blog/when-a-brazilian-string-smells-bad/
- https://hackertarget.com/hacker-tools-mr-robot/
- https://www.nowsecure.com/blog/2015/08/17/raspberry-pi-hang-instruction/
- http://blog.naver.com/1n73ction/220499561862
- https://www.synack.com/labs/blog/how-i-hacked-hotmail/
- https://pierrekim.github.io/blog/2015-10-07-Huawei-routers-vulnerable-to-multiple-threats.html
- http://wroot.org/posts/babadook-connection-less-powershell-persistent-and-resilient-backdoor/
- https://www.mdsec.co.uk/2015/10/vulnerability-in-sed-systems-decimator-d3/
- http://cynosureprime.blogspot.pt/2015/09/how-we-cracked-millions-of-ashley.html
- http://mazinahmed.net/uploads/Evading%20All%20Web-Application%20Firewalls%20XSS%20Filters.pdf
- http://www.bishopfox.com/blog/2015/09/the-active-directory-kill-chain-is-your-company-at-risk/
- http://blog.knownsec.com/2015/10/wordpress-xmlrpc-brute-force-amplification-attack-analysis/
- https://dl.packetstormsecurity.net/papers/general/cisco_ios_rootkits.pdf
- https://www.idontplaydarts.com/2015/09/cross-domain-timing-attacks-against-lucene/
- http://lalo.li/lsd/?ultra-hard-version
- http://javahacker.com/the-first-javascript-misdirection-contest/
- http://an7isec.blogspot.co.il/
- http://gynvael.coldwind.pl/?lang=en&id=533
- http://engineering.prezi.com/blog/2014/03/24/prezi-got-pwned-a-tale-of-responsible-disclosure/
- https://blog.mozilla.org/security/2014/03/25/using-fuzzdb-for-testing-website-security/
- http://openzfsonosx.org/
- http://ropshell.com/
- http://securehoney.net/blog/how-to-dissect-android-flappy-bird-malware.html#.UyxQzHV_spw
- http://blog.safetechinnovations.com/pentest/ebay-authentication-bypass/
- http://nginx.com/admin-guide/
- http://mathiasbynens.be/notes/pbkdf2-hmac
- http://geelen.github.io/x-gif/#/http://i.imgur.com/iKXH4E2.gif
- http://dorey.github.io/JavaScript-Equality-Table/
- http://blog.tunnelshade.in/2015/09/interesting-flash-xss-on-vkcom.html
- https://hackerone.com/reports/96294
- https://www.exploit-db.com/exploits/38360/
- https://w3challs.com/syscalls/
- http://www.room362.com/2014/04/executing-code-via-smb-dcom-without.html
- http://d.hatena.ne.jp/masa141421356/20150914/1442239071
- http://fatsquirrel.org/oldfartsalmanac/random/reverse-engineering-a-vintage-wireless-keypad-with-an-rtl-sdr/
- http://blog.mindedsecurity.com/2015/09/autoloaded-file-inclusion-in-magento.html
- http://noxxi.de/research/http-evader.html
- https://labs.mwrinfosecurity.com/blog/2015/09/25/a-practical-guide-to-cracking-password-hashes/
- http://linux-audit.com/elf-binaries-on-linux-understanding-and-analysis/
- http://www.metzdowd.com/pipermail/cryptography/2015-October/026685.html
- http://blog.knownsec.com/2015/09/linux-drm_legacy_lock_free-null-pointer-dereference-analysis/
- https://www.7elements.co.uk/resources/blog/cve-2015-2342-remote-code-execution-within-vmware-vcenter/
- http://www.repeater-builder.com/antenna/pdf/beer-barel-cavity.pdf
- http://goo.gl/uTw6PN
- http://foxglovesecurity.com/2015/10/26/car-hacking-for-plebs-the-untold-story/
- https://cyberarms.wordpress.com/2015/10/04/anti-virus-bypass-with-shellter-5-1-on-kali-linux/
- http://sourceforge.net/projects/awap/
- http://securityaffairs.co/wordpress/40727/hacking/hack-decrypt-whatsapp-database.html
- https://www.accuvant.com/blog/exploiting-jmx-rmi
- http://lcamtuf.coredump.cx/edison_fuzz/
- https://blog.goeswhere.com/2015/10/ssh-key-capture/
- http://seckb.yehg.net/2012/06/xss-gaining-access-to-httponly-cookie.html
- https://www.swordshield.com/2015/10/extracting-password-hashes-from-large-ntds-dit-files/
- http://jumpespjump.blogspot.pt/2015/09/how-i-hacked-my-ip-camera-and-found.html
- http://arxiv.org/pdf/1511.00444v2.pdf
- https://goo.gl/rWptw1
- https://www.bamsoftware.com/hacks/deflate.html
- http://ec.europa.eu/taxation_customs/vies/vatResponse.html
- http://blog.dewhurstsecurity.com/2015/11/10/mobile-security-certificate-pining.html
- http://grangeia.io/2015/11/09/hacking-tomtom-runner-pt1/
- http://www.debuginfo.com/tools/chkmatch.html
- https://gef.readthedocs.org/en/latest/
- https://gitlab.com/rav7teif/linux.wifatch
- http://legalhackers.com/advisories/Google-AdWords-API-libraries-XXE-Injection-Vulnerability.txt
- http://www.icewall.pl/?p=696&lang=en
- http://blog.checkpoint.com/2015/11/05/check-point-discovers-critical-vbulletin-0-day/
- http://tinyhack.com/2015/11/08/teensy-lc-u2f-key/
- http://blog.a-way-out.net/blog/2015/11/06/host-header-injection/
- http://blog.talosintel.com/2015/10/dangerous-clipboard.html
- http://www.greyhathacker.net/?p=738
- https://instant.io/
- http://www.unfitbits.com/
- http://stegosploit.info/
- http://maustin.net/2015/11/12/hipchat_rce.html
- http://ryhanson.com/angular-expression-injection-walkthrough/
- http://silentbreaksecurity.com/invoke-dcsync-because-we-all-wanted-it/
- https://gist.github.com/subTee/4843a1d9e7a9fcdb4417
- http://meat.pisto.horse/2015/11/rooting-linksys-x2000-router-system.html
- https://chloe.re/2015/11/09/csrf-blocker-block-csrf-attacks-the-right-way/
- https://blog.filippo.io/the-sad-state-of-smtp-encryption/
- https://respectxss.blogspot.de/2015/11/a-tale-of-breaking-saps-successfactorss.html
- http://homepage.ntlworld.com/jonathan.deboynepollard/FGA/nslookup-flaws.html
- https://www.sensepost.com/blog/2015/wadi-fuzzer/
- https://blog.gaborszathmari.me/2015/11/11/tricking-google-authenticator-totp-with-ntp/
- http://yahoo-security.tumblr.com/post/122883273670/apache-traffic-server-http2-fuzzing
- http://superlogout.com/
- http://www.n0tr00t.com/2015/11/27/cve-2015-8213.html
- http://lizardhq.org/2015/11/25/dell-foundation-services.html
- http://www.th3r3p0.com/vulns/jenkins/jenkinsVuln.html
- http://goo.gl/O07NBR (+)
- https://packetstormsecurity.com/files/134064/mchtml-exec.txt
- http://www.pentest.guru/index.php/2015/10/19/ditch-psexec-spraywmi-is-here/
- https://jbeekman.nl/blog/2015/03/reverse-engineering-uefi-firmware/
- http://goo.gl/HCRlCE (+)
- http://blog.knownsec.com/2015/11/analysis-of-redis-unauthorized-of-expolit/
- https://blog.srcclr.com/spring-social-core-vulnerability-disclosure/
- http://www.spect.cl/blog/2015/11/security-audit-scrapyd/
- http://www.sciencedirect.com/science/article/pii/S1742287615000146
- http://www.labofapenetrationtester.com/2015/11/week-of-continuous-intrusion-day-1.html
- http://goo.gl/9TtRd8 (+)
- http://www.adriancourreges.com/blog/2015/11/02/gta-v-graphics-study/
- http://thepiratebook.net/
- https://security.linkedin.com/blog-archive#11232015
- http://blog.valverde.me/2015/12/07/bad-life-advice/
- https://gist.github.com/crowell/92ed41884db35d73e2fc
- http://magikh0e.ihtb.org/pubPapers/ssh_gymnastics_tunneling.html
- http://decidedlygray.com/2015/11/19/evil-access-point-with-auto-backdooring-ftw/
- http://yahoo-security.tumblr.com/post/134549767190/attacking-http2-implementations
- http://www.sekoia.fr/blog/windows-driver-signing-bypass-by-derusbi/
- https://goo.gl/Pei7cP (+)
- http://silentbreaksecurity.com/malicious-outlook-rules/
- https://odzhan.wordpress.com/2015/11/17/asmcodes-pic/
- https://w00tsec.blogspot.pt/2015/11/arris-cable-modem-has-backdoor-in.html
- https://www.mdsec.co.uk/2015/12/protected-mode-a-case-of-when-no-means-yes/
- http://neonprimetime.blogspot.pt/2015/11/xsl-payload-xxe-rce-e3xpl0it.html
- http://blog.fortinet.com/post/when-baby-monitors-are-a-model-for-iot-security
- https://blog.coresecurity.com/2015/12/09/exploiting-windows-media-center/
- https://hackerone.com/reports/100829
- http://racksburg.com/choosing-an-http-status-code/
- https://nvisium.com/blog/2015/12/07/injecting-flask/
- https://vagmour.eu/facebook-open-redirect-vulnerability-that-does-the-social-engineering-job-too/
- https://sites.google.com/site/zerodayresearch/BadWinmail.pdf
- https://isc.sans.edu/diary/Scanning+tricks+with+scapy/20381
- http://antincode.com/post/131952657591/xss-via-xml-post
- http://www.greyhathacker.net/?p=894
- https://odzhan.wordpress.com/2015/11/19/dllpic-injection-on-windows-from-wow64-process/
- http://ethanheilman.tumblr.com/post/133488739430/is-playstation-4-network-traffic-especially
- https://www.raspberrypi.org/forums/viewtopic.php?f=66&t=126892
- http://blog.sec-consult.com/2015/11/house-of-keys-industry-wide-https.html
- https://usn.pw/blog/gen/2015/06/09/filenames/
- http://hn.premii.com/#/article/10686676
- http://opensecuritytraining.info/IntroX86.html
- http://labs.detectify.com/post/133528218381/chrome-extensions-aka-total-absence-of-privacy
- https://blog.srcclr.com/amazon-aws-sdk-for-java-vulnerability-disclosure/
- https://blogs.akamai.com/2015/12/developing-a-poc-step-by-step.html
- http://blog.totallynotmalware.net/?p=15
- http://oldweb.today/
- http://bnrg.cs.berkeley.edu/~randy/Courses/CS39K.S13/anarchistcookbook2000.pdf
- https://goo.gl/qexIz4 (+)
- http://www.exfiltrated.com/research-Instagram-RCE.php#Ruby_RCE
- http://l0.cm/xxn/
- http://goo.gl/ysJ9ku (+)
- http://www.contextis.com/resources/blog/data-exfiltration-blind-os-command-injection/
- http://mainframed767.tumblr.com/post/133340564417/nmap-enumerating-vtam-applications
- http://blog.knownsec.com/wp-content/uploads/2015/12/Sqlmap-exploit_en.txt
- https://blogs.securiteam.com/index.php/archives/2671
- https://www.poshsecurity.com/blog/2015/12/7/how-the-skype-team-failed-at-powershell
- https://goo.gl/dUiZjx (+)
- https://goo.gl/zQsIfv (+)
- http://blog.regehr.org/archives/1282
- http://blog.amossys.fr/How_to_reverse_unknown_protocols_using_Netzob.html
- https://jbp.io/2015/11/23/abusing-u2f-to-store-keys/
- http://agrrrdog.blogspot.ca/2015/11/3-attacks-on-cisco-tacacs-bypassing.html
- http://www.codereversing.com/blog/archives/282
- http://www.kfirlavi.com/blog/2012/11/14/defensive-bash-programming
- https://julianoliver.com/output/log_2015-12-18_14-39
- https://www.secgeek.net/bookfresh-vulnerability/
- http://www.agarri.fr/kom/archives/2015/12/17/amf_parsing_and_xxe/index.html
- https://www.optiv.com/blog/bypassing-csrf-tokens-via-xss
- http://www.rootsh3ll.com/2015/11/aircrack-boost-script/
- https://httphacker.github.io/gethead/
- https://blog.cloudflare.com/tools-for-debugging-testing-and-using-http-2/
- http://sethsec.blogspot.com.tr/2015/12/exploiting-server-side-request-forgery.html
- https://adsecurity.org/?page_id=1821
- http://x42.obscurechannel.com/?p=197
- http://hmarco.org/bugs/CVE-2015-8370-Grub2-authentication-bypass.html
- http://zoczus.blogspot.pt/2014/05/how-reverse-dns-can-help-us-with-xss.html
- http://www.exploit-monday.com/2015/12/the-powersploit-manifesto.html
- https://blog.g0tmi1k.com/2011/08/basic-linux-privilege-escalation/
- http://marcoramilli.blogspot.pt/2015/12/spotting-malicious-node-relays.html
- http://toshellandback.com/2015/11/24/ms-priv-esc/
- http://oswatch.org/
- http://azac.pl/cobol-on-wheelchair/
- http://showterm.io/
- http://www.ubercomp.com/posts/2014-01-16_facebook_remote_code_execution
- https://code.google.com/p/google-security-research/issues/detail?id=675
- https://guidovranken.files.wordpress.com/2015/12/https-bicycle-attack.pdf
- http://www.securityfocus.com/archive/1/536930
- https://blog.korelogic.com/blog/2015/12/04/linksys-0day-unauth-infodisco
- http://dev.cra0kalo.com/?p=400
- http://www.impulseadventure.com/photo/jpeg-snoop.html
- http://www.shellntel.com/blog/2015/9/23/assessing-enterprise-wireless-networks
- https://blog.g0tmi1k.com/dvwa/bruteforce-high/
- http://randywestergren.com/running-a-hidden-tor-service-with-docker-compose/
- http://goo.gl/tJ00NN (+)
- http://blog.mindedsecurity.com/2015/11/reliable-os-shell-with-el-expression.html
- http://routersecurity.org/checklist.php
- http://c0rni3sm.blogspot.pt/2016/01/referrer-leakage-from-https-to-https.html
- https://digi.ninja/projects/zonetransferme.php
- http://www.greyhathacker.net/?p=911
- https://blog.srcclr.com/handlebars_vulnerability_research_findings/
- https://blog.risingstack.com/web-authentication-methods-explained/
- http://www.portoscuso.com/codef/index.html
- https://gist.github.com/hasegawayosuke/00f7253e22e228462b91
Add Comment
Please, Sign In to add comment