𝗛𝗮𝗰𝗸𝗲𝗿𝘀 𝗙𝗮𝗰𝘁𝗼𝗿𝘆

Tools - Hackers Factory A Chrome/Firefox browser extension to show alerts for reflected query params, show Wayback archive links for the current path, show hidden elements and enable disabled elements. https://github.com/xnl-h4ck3r/XnlReveal Burp Extension to find potential endpoints, parameters, and generate a custom target wordlist https://github.com/xnl-h4ck3r/GAP-Burp-Extension Finds graphql queries in javascript files https://github.com/xssdoctor/graphqlMaker Apache HugeGraph Server RCE Scanner ( CVE-2024-27348 ) https://github.com/Zeyad-Azima/CVE-2024-27348 Unauthenticated Remote Code Execution – Bricks <= 1.9.6 https://github.com/Chocapikk/CVE-2024-25600 A good collection with browser exploit CTF challenges. Please feel free to share if there is additional. Thank you all. https://github.com/exd0tpy/CTF-browser-challenges?tab=readme-ov-file https://github.com/m1ghtym0/browser-pwn https://github.com/De4dCr0w/Browser-pwn Oracle VirtualBox Elevation of Privilege (Local Privilege Escalation) Vulnerability https://github.com/mansk1es/CVE-2024-21111 A Hex Editor for Reverse Engineers, Programmers https://github.com/WerWolv/ImHex Local & remote Windows DLL Proxying https://github.com/synacktiv/DLHell #HackersFactory

Tools - Hackers Factory Side-by-side comparison of the Windows and Linux (GNU) Loaders https://github.com/ElliotKillick/windows-vs-linux-loader-architecture?tab=readme-ov-file Reverse engineering the precompiled Wi-Fi stack of ESP32 SoC to recreate an open source version Part 1: https://zeus.ugent.be/blog/23-24/open-source-esp32-wifi-mac/ Part 2: https://zeus.ugent.be/blog/23-24/esp32-reverse-engineering-continued/ Repo: https://github.com/esp32-open-mac/esp32-open-mac Overview of Secure-Launch process on Qualcomm devices https://github.com/TravMurav/Qcom-Secure-Launch Android 14 kernel exploit for Pixel7/8 Pro https://github.com/0x36/Pixel_GPU_Exploit GhostRace: race conditions on speculatively executed code paths Paper: https://download.vusec.net/papers/ghostrace_sec24.pdf GitHub PoC: github.com/vusec/ghostrace Collection of references to write-ups, blog posts and papers related to cybersecurity, reverse engineering and exploitation (constantly updated) https://github.com/0xor0ne/awesome-list/blob/main/topics/cybersec.md Fuzzing IoT Devices Using the Router TL-WR902AC as Example On Fuzzing IoT devices with blackbox approach (TL-WR902AC router as example) Blog: https://tsmr.eu/blackbox-fuzzing.html https://github.com/otsmr/blackbox-fuzzing?tab=readme-ov-file Hack-A-Sat Qualifiers Writeups Satellite Hacking Demystified https://redteamrecipe.com/satellite-hacking-demystified https://github.com/solar-wine/writeups Hack-a-sat players corner: hackasat.com/players-corner/ #HackersFactory

Tools - Hackers Factory Gourlex It is a simple tool that can be used to extract URLs and paths from web pages. It can be helpful during web application assessments to uncover additional targets. Try the tool :  https://github.com/trap-bytes/gourlex Find xss with this automation of the following work : 1. subfinder -d indeed.com -o indeed.txt //Find Subdomains 2. httpx -l subdomains.txt -o httpx.txt // Live Subdomains 3. echo "indeed.com" | gau --threads 5 >> Enpoints.txt // Find Endpoints 4. cat httpx.txt | katana -jc >> Enpoints.txt // Find More Endpoints 5. cat Enpoints.txt | uro >> Endpoints_F.txt // Remove Duplicates 6. cat Endpoints_F.txt | gf xss >> XSS.txt // Filter Endpoints for XSS 7. cat XSS.txt | Gxss -p khXSS -o XSS_Ref.txt // Find reflected Parameters 8. dalfox file XSS_Ref.txt -o Vulnerable_XSS.txt // Find XSS Script : https://github.com/dirtycoder0124/xss A simple powershell script that can run in powershell for linux. The purpose of the script is to identify potential privilege escalation vulnerabilities on Linux systems that run with PowerShell https://github.com/tjnull/pentest-arsenal/tree/main/Cadiclus InQL makes mapping out a GraphQL API easy! It also includes several automated vulnerability checks!  github.com/doyensec/inql A Microservices-based framework for the study of Network Security and Penetration Test techniques https://github.com/DockerSecurityPlayground/DSP Snaffler reimplementation in Python - https://github.com/SnaffCon/Snaffler https://github.com/asmtlab/snafflepy CVE-2024-24919 https://github.com/johnk3r/nuclei-templates/blob/main/http/cves/2024/CVE-2024-24919.yaml Python for AWAE (Advanced Web Attacks and Exploitation) https://github.com/shreyaschavhan/python-for-awae CVE-2024-24919 [Check Point Security Gateway Information Disclosure] https://github.com/ifconfig-me/CVE-2024-24919-Bulk-Scanner LAZYEGG Tool for extracting different data from web pages: - cookies - leaked credentials - domains - ips - images - links https://github.com/schooldropout1337/nuclei-templates/blob/main/lazyegg.py Extract endpoints from APK files https://github.com/ndelphit/apkurlgrep #HackersFactory

Tools - Hackers Factory Graphw00f is GraphQL Server Engine Fingerprinting utility for software security professionals looking to learn more about what technology is behind a given GraphQL endpoint. https://github.com/dolevf/graphw00f Security Auditor Utility for GraphQL APIs https://github.com/dolevf/graphql-cop A toolkit for testing, tweaking and cracking JSON Web Tokens https://github.com/ticarpi/jwt_tool Search Google/Bing/Ecosia/DuckDuckGo/Yandex/Yahoo for a search term (dork) with a default set of websites, bug bounty programs or custom collection. https://github.com/Zarcolio/sitedorks An interactive shell to spoof some LOLBins command line https://github.com/itaymigdal/LOLSpoof Community curated list of nuclei templates for finding "unknown" security vulnerabilities. https://github.com/projectdiscovery/fuzzing-templates This checklist may help you to have a good methodology for bug bounty hunting https://github.com/sehno/Bug-bounty/blob/master/bugbounty_checklist.md JS Fuzzing - LazyEgg https://github.com/schooldropout1337/lazyegg/?s=08 Check point: CVE-2024-24919 Dork: "Server: Check Point SVN" "X-UA-Compatible: IE=EmulateIE7" https://github.com/johnk3r/nuclei-templates/blob/main/http/cves/2024/CVE-2024-24919.yaml Burp Extension to find potential endpoints, parameters, and generate a custom target wordlist https://github.com/xnl-h4ck3r/GAP-Burp-Extension Live Feed of C2 servers, tools, and botnets https://github.com/montysecurity/C2-Tracker #HackersFactory

House arrest. Embassy confinement. A maximum security prison. We won't rest until Julian Assange is free. #FreeAssange #JournalismIsNotCrime

Tools - Hackers Factory +1000000 Reflected Cross Site Scripting & SQL Injection on an Private Hackerone Bug bounty Program Tools Subfinder: https://github.com/projectdiscovery/subfinder Assetfinder: https://github.com/tomnomnom/assetfinder Httpx: https://github.com/projectdiscovery/httpx Paramspider: https://github.com/devanshbatham/ParamSpider Kxss or GF: https://github.com/Emoe/kxss // https://github.com/tomnomnom/gf #HackersFactory

Facts about Pegasus Spyware after long research: 1. Pegasus spyware is a sophisticated surveillance tool developed by the Israeli cybersecurity company NSO Group. 2. It is designed to infiltrate mobile devices, granting its operators extensive access to the target's data, including messages, emails, photos, and location information. 3. Pegasus gained notoriety for its alleged use by various governments to spy on journalists, activists, and political dissidents. 4. The spyware can be deployed through various methods, including phishing attacks and exploiting vulnerabilities in software. 5. Pegasus is capable of infecting both iOS and Android devices, making it a cross-platform threat. 6. Once installed, it can operate covertly, without the user's knowledge, and can evade detection by traditional antivirus software. 7. NSO Group claims that Pegasus is intended for use by governments and law enforcement agencies to combat crime and terrorism. 8. However, there have been widespread reports of its misuse, leading to concerns about human rights violations and privacy infringements. 9. Efforts to regulate or ban the use of Pegasus and similar spyware have been met with challenges due to its clandestine nature and the difficulty of attributing its use to specific entities. 10. The ongoing debate surrounding Pegasus underscores the complex ethical and legal dilemmas surrounding the use of surveillance technology in the modern digital age.

Facts about Pegasus Spyware after long research: 1. Pegasus spyware is a sophisticated surveillance tool developed by the Israeli cybersecurity company NSO Group. 2. It is designed to infiltrate mobile devices, granting its operators extensive access to the target's data, including messages, emails, photos, and location information. 3. Pegasus gained notoriety for its alleged use by various governments to spy on journalists, activists, and political dissidents. 4. The spyware can be deployed through various methods, including phishing attacks and exploiting vulnerabilities in software. 5. Pegasus is capable of infecting both iOS and Android devices, making it a cross-platform threat. 6. Once installed, it can operate covertly, without the user's knowledge, and can evade detection by traditional antivirus software. 7. NSO Group claims that Pegasus is intended for use by governments and law enforcement agencies to combat crime and terrorism. 8. However, there have been widespread reports of its misuse, leading to concerns about human rights violations and privacy infringements. 9. Efforts to regulate or ban the use of Pegasus and similar spyware have been met with challenges due to its clandestine nature and the difficulty of attributing its use to specific entities. 10. The ongoing debate surrounding Pegasus underscores the complex ethical and legal dilemmas surrounding the use of surveillance technology in the modern digital age.

FREE PALESTINE ✊🇵🇸 #OpIsrahell

🇵🇸 Palestine in my heart ❤️ FREE PALESTINE! #RafahOnFıre