𝗛𝗮𝗰𝗸𝗲𝗿𝘀 𝗙𝗮𝗰𝘁𝗼𝗿𝘆
The channel was created for CyberSec InfoSec Activism and Journalism This channel discusses: - Offensive Security - Information Security - Hacking - Tools - Activism #GhostClan #TheGhostSquad
Більше1 788
Підписники
+124 години
+267 днів
+3330 днів
- Підписники
- Перегляди допису
- ER - коефіцієнт залучення
Триває завантаження даних...
Приріст підписників
Триває завантаження даних...
Tools - Hackers Factory
A Chrome/Firefox browser extension to show alerts for reflected query params, show Wayback archive links for the current path, show hidden elements and enable disabled elements.
https://github.com/xnl-h4ck3r/XnlReveal
Burp Extension to find potential endpoints, parameters, and generate a custom target wordlist
https://github.com/xnl-h4ck3r/GAP-Burp-Extension
Finds graphql queries in javascript files
https://github.com/xssdoctor/graphqlMaker
Apache HugeGraph Server RCE Scanner ( CVE-2024-27348 )
https://github.com/Zeyad-Azima/CVE-2024-27348
Unauthenticated Remote Code Execution – Bricks <= 1.9.6
https://github.com/Chocapikk/CVE-2024-25600
A good collection with browser exploit CTF challenges. Please feel free to share if there is additional. Thank you all.
https://github.com/exd0tpy/CTF-browser-challenges?tab=readme-ov-file
https://github.com/m1ghtym0/browser-pwn
https://github.com/De4dCr0w/Browser-pwn
Oracle VirtualBox Elevation of Privilege (Local Privilege Escalation) Vulnerability
https://github.com/mansk1es/CVE-2024-21111
A Hex Editor for Reverse Engineers, Programmers
https://github.com/WerWolv/ImHex
Local & remote Windows DLL Proxying
https://github.com/synacktiv/DLHell
#HackersFactory
Tools - Hackers Factory
Side-by-side comparison of the Windows and Linux (GNU) Loaders
https://github.com/ElliotKillick/windows-vs-linux-loader-architecture?tab=readme-ov-file
Reverse engineering the precompiled Wi-Fi stack of ESP32 SoC to recreate an open source version
Part 1: https://zeus.ugent.be/blog/23-24/open-source-esp32-wifi-mac/
Part 2: https://zeus.ugent.be/blog/23-24/esp32-reverse-engineering-continued/
Repo: https://github.com/esp32-open-mac/esp32-open-mac
Overview of Secure-Launch process on Qualcomm devices
https://github.com/TravMurav/Qcom-Secure-Launch
Android 14 kernel exploit for Pixel7/8 Pro
https://github.com/0x36/Pixel_GPU_Exploit
GhostRace: race conditions on speculatively executed code paths
Paper: https://download.vusec.net/papers/ghostrace_sec24.pdf
GitHub PoC: github.com/vusec/ghostrace
Collection of references to write-ups, blog posts and papers related to cybersecurity, reverse engineering and exploitation (constantly updated)
https://github.com/0xor0ne/awesome-list/blob/main/topics/cybersec.md
Fuzzing IoT Devices Using the Router TL-WR902AC as Example
On Fuzzing IoT devices with blackbox approach (TL-WR902AC router as example)
Blog:
https://tsmr.eu/blackbox-fuzzing.html
https://github.com/otsmr/blackbox-fuzzing?tab=readme-ov-file
Hack-A-Sat Qualifiers Writeups
Satellite Hacking Demystified
https://redteamrecipe.com/satellite-hacking-demystified
https://github.com/solar-wine/writeups
Hack-a-sat players corner: hackasat.com/players-corner/
#HackersFactory
❤ 1
Tools - Hackers Factory
Gourlex
It is a simple tool that can be used to extract URLs and paths from web pages. It can be helpful during web application assessments to uncover additional targets.
Try the tool : https://github.com/trap-bytes/gourlex
Find xss with this automation of the following work :
1. subfinder -d indeed.com -o indeed.txt //Find Subdomains
2. httpx -l subdomains.txt -o httpx.txt // Live Subdomains
3. echo "indeed.com" | gau --threads 5 >> Enpoints.txt // Find Endpoints
4. cat httpx.txt | katana -jc >> Enpoints.txt // Find More Endpoints
5. cat Enpoints.txt | uro >> Endpoints_F.txt // Remove Duplicates
6. cat Endpoints_F.txt | gf xss >> XSS.txt // Filter Endpoints for XSS
7. cat XSS.txt | Gxss -p khXSS -o XSS_Ref.txt // Find reflected Parameters
8. dalfox file XSS_Ref.txt -o Vulnerable_XSS.txt // Find XSS
Script : https://github.com/dirtycoder0124/xss
A simple powershell script that can run in powershell for linux. The purpose of the script is to identify potential privilege escalation vulnerabilities on Linux systems that run with PowerShell
https://github.com/tjnull/pentest-arsenal/tree/main/Cadiclus
InQL makes mapping out a GraphQL API easy! It also includes several automated vulnerability checks!
github.com/doyensec/inql
A Microservices-based framework for the study of Network Security and Penetration Test techniques
https://github.com/DockerSecurityPlayground/DSP
Snaffler reimplementation in Python -
https://github.com/SnaffCon/Snaffler
https://github.com/asmtlab/snafflepy
CVE-2024-24919
https://github.com/johnk3r/nuclei-templates/blob/main/http/cves/2024/CVE-2024-24919.yaml
Python for AWAE (Advanced Web Attacks and Exploitation)
https://github.com/shreyaschavhan/python-for-awae
CVE-2024-24919 [Check Point Security Gateway Information Disclosure]
https://github.com/ifconfig-me/CVE-2024-24919-Bulk-Scanner
LAZYEGG
Tool for extracting different data from web pages:
- cookies
- leaked credentials
- domains
- ips
- images
- links
https://github.com/schooldropout1337/nuclei-templates/blob/main/lazyegg.py
Extract endpoints from APK files
https://github.com/ndelphit/apkurlgrep
#HackersFactory
Tools - Hackers Factory
Graphw00f is GraphQL Server Engine Fingerprinting utility for software security professionals looking to learn more about what technology is behind a given GraphQL endpoint.
https://github.com/dolevf/graphw00f
Security Auditor Utility for GraphQL APIs
https://github.com/dolevf/graphql-cop
A toolkit for testing, tweaking and cracking JSON Web Tokens
https://github.com/ticarpi/jwt_tool
Search Google/Bing/Ecosia/DuckDuckGo/Yandex/Yahoo for a search term (dork) with a default set of websites, bug bounty programs or custom collection.
https://github.com/Zarcolio/sitedorks
An interactive shell to spoof some LOLBins command line
https://github.com/itaymigdal/LOLSpoof
Community curated list of nuclei templates for finding "unknown" security vulnerabilities.
https://github.com/projectdiscovery/fuzzing-templates
This checklist may help you to have a good methodology for bug bounty hunting
https://github.com/sehno/Bug-bounty/blob/master/bugbounty_checklist.md
JS Fuzzing - LazyEgg
https://github.com/schooldropout1337/lazyegg/?s=08
Check point: CVE-2024-24919
Dork: "Server: Check Point SVN" "X-UA-Compatible: IE=EmulateIE7"
https://github.com/johnk3r/nuclei-templates/blob/main/http/cves/2024/CVE-2024-24919.yaml
Burp Extension to find potential endpoints, parameters, and generate a custom target wordlist
https://github.com/xnl-h4ck3r/GAP-Burp-Extension
Live Feed of C2 servers, tools, and botnets
https://github.com/montysecurity/C2-Tracker
#HackersFactory
Фото недоступнеДивитись в Telegram
House arrest. Embassy confinement. A maximum security prison. We won't rest until Julian Assange is free.
#FreeAssange #JournalismIsNotCrime
Tools - Hackers Factory
+1000000 Reflected Cross Site Scripting & SQL Injection on an Private Hackerone Bug bounty Program
Tools
Subfinder: https://github.com/projectdiscovery/subfinder
Assetfinder: https://github.com/tomnomnom/assetfinder
Httpx: https://github.com/projectdiscovery/httpx
Paramspider: https://github.com/devanshbatham/ParamSpider
Kxss or GF: https://github.com/Emoe/kxss // https://github.com/tomnomnom/gf
#HackersFactory
🔥 2❤ 1
Repost from Ghost Princess™
Facts about Pegasus Spyware after long research:
1. Pegasus spyware is a sophisticated surveillance tool developed by the Israeli cybersecurity company NSO Group.
2. It is designed to infiltrate mobile devices, granting its operators extensive access to the target's data, including messages, emails, photos, and location information.
3. Pegasus gained notoriety for its alleged use by various governments to spy on journalists, activists, and political dissidents.
4. The spyware can be deployed through various methods, including phishing attacks and exploiting vulnerabilities in software.
5. Pegasus is capable of infecting both iOS and Android devices, making it a cross-platform threat.
6. Once installed, it can operate covertly, without the user's knowledge, and can evade detection by traditional antivirus software.
7. NSO Group claims that Pegasus is intended for use by governments and law enforcement agencies to combat crime and terrorism.
8. However, there have been widespread reports of its misuse, leading to concerns about human rights violations and privacy infringements.
9. Efforts to regulate or ban the use of Pegasus and similar spyware have been met with challenges due to its clandestine nature and the difficulty of attributing its use to specific entities.
10. The ongoing debate surrounding Pegasus underscores the complex ethical and legal dilemmas surrounding the use of surveillance technology in the modern digital age.
Repost from Ghost Princess™
Facts about Pegasus Spyware after long research:
1. Pegasus spyware is a sophisticated surveillance tool developed by the Israeli cybersecurity company NSO Group.
2. It is designed to infiltrate mobile devices, granting its operators extensive access to the target's data, including messages, emails, photos, and location information.
3. Pegasus gained notoriety for its alleged use by various governments to spy on journalists, activists, and political dissidents.
4. The spyware can be deployed through various methods, including phishing attacks and exploiting vulnerabilities in software.
5. Pegasus is capable of infecting both iOS and Android devices, making it a cross-platform threat.
6. Once installed, it can operate covertly, without the user's knowledge, and can evade detection by traditional antivirus software.
7. NSO Group claims that Pegasus is intended for use by governments and law enforcement agencies to combat crime and terrorism.
8. However, there have been widespread reports of its misuse, leading to concerns about human rights violations and privacy infringements.
9. Efforts to regulate or ban the use of Pegasus and similar spyware have been met with challenges due to its clandestine nature and the difficulty of attributing its use to specific entities.
10. The ongoing debate surrounding Pegasus underscores the complex ethical and legal dilemmas surrounding the use of surveillance technology in the modern digital age.
Repost from 𝙂𝙝𝙤𝙨𝙩 𝘾𝙡𝙖𝙣™
03:18
Відео недоступнеДивитись в Telegram
🇵🇸 Palestine in my heart ❤️
FREE PALESTINE!
#RafahOnFıre
50.96 MB
❤ 2