A ready to use JSONP endpoints/payloads to help bypass content security policy (CSP) of different websites.

BRICS+ CTF 2024 Quals

A curated list of web3Security materials and resources For Pentesters and Bug Hunters.

Find all libraries on cdn.js that pollute your prototype

Beyond XSS: Explore the Web Front-end Security Universe. A series about front-end security

A FREE comprehensive reverse engineering tutorial covering x86, x64, 32-bit/64-bit ARM and embedded RISC-V architectures.

Content-Type Research

Simple DNS Rebinding Service

Awesome MXSS ??

Potentially dangerous files

⚡ Automatically decrypt encryptions without knowing the key or cipher, decode encodings, and crack hashes ⚡

Analyse PNG file format for CTF, python API and CLI

rsatool can be used to calculate RSA and RSA-CRT parameters

The Bug Hunters Methodology

HTTPLeaks - All possible ways, a website can leak HTTP requests

Awesome XSS stuff

weblogic 漏洞扫描工具。目前包含对以下漏洞的检测能力：CVE-2014-4210、CVE-2016-0638、CVE-2016-3510、CVE-2017-3248、CVE-2017-3506、CVE-2017-10271、CVE-2018-2628、CVE-2018-2893、CVE-2018-2894、CVE-2018-3191、CVE-2018-3245、CVE-2018-32…

Do you want to use x64dbg instead of immunity debugger? oscp eCPPTv2 buffer overflow exploits pocs

Create tar/zip archives that try to exploit zipslip vulnerability.

A static analysis API for finding deserialization attack gadgets

A collective list of free APIs

Exploiting SHA-1-signed messages

Udemy – Linux Heap Exploitation

shiro 反序列 命令执行辅助检测工具

Some payloads of JNDI Injection in JDK 1.8.0_191+

Python sandbox escape wiki + payload generator

proof-of-concept for generating Java deserialization payload | Proxy MemShell

A collection of curated resources and CVEs I use for research.