Awesome List Updates on Nov 05, 2019

3 awesome lists updated today.

🏠 Home · 🔍 Search · 🔥 Feed · 📮 Subscribe · ❤️ Sponsor

1. Awesome Cybersecurity Blueteam

Cloud platform security / Security Orchestration, Automation, and Response (SOAR)

• Prowler (⭐10k) - Tool based on AWS-CLI commands for Amazon Web Services account security assessment and hardening.

• Scout Suite (⭐6.3k) - Open source multi-cloud security-auditing tool, which enables security posture assessment of cloud environments.

Phishing awareness and reporting / Firewall appliances or distributions

• CertSpotter (⭐943) - Certificate Transparency log monitor from SSLMate that alerts you when a SSL/TLS certificate is issued for one of your domains.

2. Awesome Web Security

XSS - Cross-Site Scripting

• PayloadsAllTheThings - XSS Injection (⭐42k) - Written by @swisskyrepo.

CSV Injection

• PayloadsAllTheThings - CSV Injection (⭐42k) - Written by @swisskyrepo.

SQL Injection

• PayloadsAllTheThings - SQL Injection (⭐42k) - Written by @swisskyrepo.

• MySQL Error Based SQL Injection Using EXP - Written by @osandamalith.

Command Injection

• PayloadsAllTheThings - Command Injection (⭐42k) - Written by @swisskyrepo.

XXE - XML eXternal Entity

• XML external entity (XXE) injection - Written by portswigger.

• XML Schema, DTD, and Entity Attacks - Written by Timothy D. Morgan and Omar Al Ibrahim.

• PayloadsAllTheThings - XXE Injection (⭐42k) - Written by various contributors.

CSRF - Cross-Site Request Forgery

• PayloadsAllTheThings - CSRF Injection (⭐42k) - Written by @swisskyrepo.

SSRF - Server-Side Request Forgery

• PayloadsAllTheThings - Server-Side Request Forgery (⭐42k) - Written by @swisskyrepo.

Web Cache Poisoning

• PayloadsAllTheThings - Web Cache Deception (⭐42k) - Written by @swisskyrepo.

Open Redirect

• PayloadsAllTheThings - Open Redirect (⭐42k) - Written by @swisskyrepo.

Security Assertion Markup Language (SAML)

• PayloadsAllTheThings - SAML Injection (⭐42k) - Written by @swisskyrepo.

Upload

• PayloadsAllTheThings - Upload Insecure Files (⭐42k) - Written by @swisskyrepo.

XXE

• Bypass Fix of OOB XXE Using Different encoding - Written by @SpiderSec.

• XML Out-Of-Band Data Retrieval - Written by Timur Yunusov and Alexey Osipov.

• XXE in WeChat Pay Sdk ( WeChat leave a backdoor on merchant websites) - Written by Rose Jackcode.

• XXE OOB exploitation at Java 1.7+ (2014): Exfiltration using FTP protocol - Written by Ivan Novikov.

• XXE OOB extracting via HTTP+FTP using single opened port - Written by skavans.

• What You Didn't Know About XML External Entities Attacks - Written by Timothy D. Morgan.

• Pre-authentication XXE vulnerability in the Services Drupal module - Written by Renaud Dubourguais.

• Forcing XXE Reflection through Server Error Messages - Written by Antti Rantasaari.

• Exploiting XXE with local DTD files - Written by Arseniy Sharoglazov.

• Automating local DTD discovery for XXE exploitation - Written by Philippe Arteau.

Remote Code Execution

• CVE-2019-1306: ARE YOU MY INDEX? - Written by @yu5k3.

XSS

• Upgrade self XSS to Exploitable XSS an 3 Ways Technic - Written by HAHWUL.

Offensive / XXE

• dtd-finder (⭐484) - List DTDs and generate XXE payloads using those local DTDs by @GoSecure.

Others / Server-Side Request Forgery

• ntlm_challenger (⭐131) - Parse NTLM over HTTP challenge messages by @b17zr.

• cefdebug (⭐167) - Minimal code to connect to a CEF debugger by @taviso.

• ctftool (⭐1.6k) - Interactive CTF Exploration Tool by @taviso.

3. Awesome Remote Job

Podcasts

• Distributed - Interview podcast by Matt Mullenweg. Focused on the benefits and challenges of distributed work and recruiting people around the globe.

• Prev: Nov 06, 2019
• Next: Nov 04, 2019