File-Upload - Google Slides
July 16, 2021 at 10:50:17 AM UTC - permalink -

- https://docs.google.com/presentation/d/1-YwXl9rhzSvvqVvE_bMZo2ab-0O5wRNTnzoihB9x6jI/mobilepresent#slide=id.gb80cbaa94f_0_0

Exploiting JMX RMI | Optiv
July 13, 2021 at 3:04:49 PM UTC - permalink -

- https://web.archive.org/web/20201027062446/https://www.optiv.com/explore-optiv-insights/blog/exploiting-jmx-rmi

Attacking RMI based JMX services | MOGWAI LABS GmbH
July 13, 2021 at 2:33:30 PM UTC - permalink -

- https://mogwailabs.de/en/blog/2019/04/attacking-rmi-based-jmx-services/

qtc-de/beanshooter: JMX enumeration and attacking tool.
July 13, 2021 at 1:12:53 PM UTC - permalink -

- https://github.com/qtc-de/beanshooter

The Java Soothsayer: A practical application for insecure randomness. (Includes free 0day)
July 13, 2021 at 11:16:14 AM UTC * - permalink -

- https://web.archive.org/web/20180315203404/https://medium.com/@alex91ar/the-java-soothsayer-a-practical-application-for-insecure-randomness-c67b0cd148cd

https://github.com/vincentcox/StaCoAn
July 10, 2021 at 12:47:14 PM UTC - permalink -

- https://github.com/vincentcox/StaCoAn

php-findsock-shell | pentestmonkey
July 8, 2021 at 9:20:12 AM UTC - permalink -

- http://pentestmonkey.net/tools/web-shells/php-findsock-shell

How we found Unintended bypass to exploiting entire CyberThreatForce discord server | by Muhammad Faqih Jihan Insani | Jul, 2021 | Medium
July 7, 2021 at 10:12:22 AM UTC * - permalink -

- https://hanasuru.medium.com/how-we-found-unintended-bypass-to-exploiting-entire-cyberthreatforce-discord-server-d93951b9efab

Introducing DOM Invader: DOM XSS just got a whole lot easier to find | Blog - PortSwigger
July 5, 2021 at 1:50:30 PM UTC - permalink -

- https://portswigger.net/blog/introducing-dom-invader

(1) Exfiltration at Lightspeed - Faster Blind SQL Injection : netsec
July 5, 2021 at 1:50:19 PM UTC - permalink -

- https://www.reddit.com/r/netsec/comments/4bquht/exfiltration_at_lightspeed_faster_blind_sql/

GitHub - hellman/xortool: A tool to analyze multi-byte xor cipher
July 5, 2021 at 1:32:28 AM UTC - permalink -

- https://github.com/hellman/xortool

legalhackers.com/advisories/zend-framework-XXE-vuln.txt
July 2, 2021 at 1:37:13 PM UTC - permalink -

- https://legalhackers.com/advisories/zend-framework-XXE-vuln.txt

MageReport.com
July 2, 2021 at 12:51:05 PM UTC - permalink -

- https://www.magereport.com/

FireWalker: A New Approach to Generically Bypass User-Space EDR Hooking - MDSec
June 30, 2021 at 12:59:52 PM UTC - permalink -

- https://www.mdsec.co.uk/2020/08/firewalker-a-new-approach-to-generically-bypass-user-space-edr-hooking/

PE Parsing and Defeating AV/EDR API Hooks in C++ - SolomonSklash.io
June 30, 2021 at 12:30:28 PM UTC - permalink -

- https://www.solomonsklash.io/pe-parsing-defeating-hooking.html

Pre-auth RCE in ForgeRock OpenAM (CVE-2021-35464) | PortSwigger Research
June 29, 2021 at 1:03:41 PM UTC - permalink -

- https://portswigger.net/research/pre-auth-rce-in-forgerock-openam-cve-2021-35464

04. Command Execution - Security Knowledge Base
June 18, 2021 at 6:31:55 PM UTC - permalink -

- https://github.sofianehamlaoui.fr/Security-Cheatsheets/databases/sqlserver/3-command-execution/

klezVirus/chameleon: PowerShell Script Obfuscator
June 3, 2021 at 1:29:19 PM UTC - permalink -

- https://github.com/klezVirus/chameleon

SensePost | Adventures into http2 and http3
May 30, 2021 at 11:10:04 PM UTC - permalink -

- https://sensepost.com/blog/2021/adventures-into-http2-and-http3/

Attacking Active Directory: 0 to 0.9 | zer1t0
May 30, 2021 at 10:47:44 PM UTC - permalink -

- https://zer1t0.gitlab.io/posts/attacking_ad/