GitHub repository with resources for beginners
https://github.com/nahamsec/Resources-for-Beginner-Bug-Bounty-Hunters#BugBounty
Bug bounty articles and resources
https://www.zapstiko.com/category/hacking-articles/bug-bounty-hacking-articles/#BugBounty
Advanced guide to finding good bugs
https://www.udemy.com/course/bug-bounty-an-advanced-guide-to-finding-good-bugs/#BugBounty
Bug bounty tips and resources
https://twitter.com/therceman/status/1536774501211553793?t=ARu5YSqtCSOb5JNLypCqIA&s=19#BugBounty
Bug bounty tutorial
https://www.youtube.com/watch?v=9mSLSC7aUcY#Cloud
PowerShell escape sequences
https://www.rlmueller.net/PowerShellEscape.htm#BugBounty
E-book on bug bounty hunting
https://raw.githubusercontent.com/akr3ch/BugBountyBooks/main/Bug%20Bounty%20Bootcamp%20The%20Guide%20to%20Finding%20and%20Reporting%20Web%20Vulnerabilities%20by%20Vickie%20Li.pdf#BugBounty
GitHub repository with bug bounty e-books
https://github.com/akr3ch/BugBountyBooks#BugBounty
GitHub repository with bug bounty scanner
https://github.com/chvancooten/BugBountyScanner#BugBounty
Bug bounty cheat sheet
https://hideandsec.sh/books/cheatsheets-82c/page/bug-bounty#BugBounty
List of bug bounty write-ups
https://pentester.land/list-of-bug-bounty-writeups.html#bug-bounty-writeups-published-in-2022#BugBounty
GitHub repository with Google VRP write-ups
https://github.com/xdavidhu/awesome-google-vrp-writeups#BugBounty
Getting started in bug bounty
https://medium.com/inbughunters/getting-started-in-bug-bounty-7052da28445a#BugBounty
Bug bounty tips and resources
https://twitter.com/ReconVillage/status/1558209255022465024?s=20&t=3aOkudNdQpKCs-Yos1lM4Q#BugBounty
Bug bounty tutorial
https://www.youtube.com/watch?v=p4JgIu1mceI#BugBounty
GitHub repository with bug bounty fetcher
https://github.com/Gomez0015/InitigritiFetcher#BugBounty
GitHub repository with bug bounty write-ups
https://github.com/devanshbatham/Awesome-Bugbounty-Writeups#BugBounty
Bug bounty resources
https://drive.google.com/file/d/1wMGITzEtpt_PgDug37NpmihORv4dcxeJ/view#BugBounty
GitHub repository with bug bounty targets data
https://github.com/arkadiyt/bounty-targets-data#BugBounty
Bug bounty tutorials and resources
https://m.youtube.com/@bugbountypocs/featured#Cloud
Bypassing Google's fix to access their internal admin panels
https://infosecwriteups.com/bypassing-googles-fix-to-access-their-internal-admin-panels-12acd3d821e3#BugBounty
Bug bounty resources
https://gist.github.com/Frycos/62fa664bacd19a85235be19c6e4d7599#BugBounty
Facebook and Instagram bug
https://securityaffairs.com/141571/social-networks/facebook-instagram-bug.html?amp=1#BugBounty
GitHub repository with public bug bounty programs
https://github.com/projectdiscovery/public-bugbounty-programs#BugBounty
Bug bounty tips and resources
https://twitter.com/hacker_/status/1512552850831851531#BugBounty
Bug bounty tips and resources
https://twitter.com/albinowax/status/925743148600647680#BugBounty
Bug bounty tips and resources
https://twitter.com/d0nutptr/status/1110501209528373248#BugBounty
GitHub repository with bug bounty resources
https://github.com/00xtrace/BugBounty#BugBounty
GitHub repository with mind maps for bug bounty
https://github.com/imran-parray/Mind-Maps#BugBounty
Getting started with smart contract bug bounty
https://blog.yeswehack.com/yeswerhackers/getting-started-smart-contract-bug-bounty/#BugBounty
Pimp my Burp
https://blog.yeswehack.com/yeswerhackers/pimpmyburp/pimpmyburp-6-generate-reports-directly-burp-suite/#BugBounty
Bug bounty tutorial
https://www.youtube.com/watch?v=mifj2NVGjKY#Cloud
GitHub repository with bug bounty cheat sheet
https://github.com/EdOverflow/bugbounty-cheatsheet#BugBounty
Bug bounty articles and resources
https://www.jonbottarini.com/tag/bug-bounty/#BugBounty
Automating Managed Identity Token Extraction in Azure Container Registries
https://www.netspi.com/blog/technical/cloud-penetration-testing/automating-managed-identity-token-extraction-in-azure-container-registries/#Cloud
Blog post by Rogier Dijkman
https://rogierdijkman.medium.com/privilege-escalation-via-storage-accounts-bca24373cc2e#Cloud
Privilege Escalation Google Cloud Platform Part 1
https://rhinosecuritylabs.com/gcp/privilege-escalation-google-cloud-platform-part-1/#Cloud
Azure Lateral Movement Cloud on Prem
https://cloud.hacktricks.xyz/pentesting-cloud/azure-pentesting/az-lateral-movement-cloud-on-prem/azure-ad-connect-hybrid-identity/phs-password-hash-sync#Cloud
Obtaining Domain Admin from Azure AD via Cloud Kerberos Trust
https://dirkjanm.io/obtaining-domain-admin-from-azure-ad-via-cloud-kerberos-trust/#Cloud
Digging Further into the Primary Refresh Token
https://dirkjanm.io/digging-further-into-the-primary-refresh-token/#Cloud
YouTube Channel
https://www.youtube.com/channel/UCP28F4uf9s2V1_SQwnJST_A#Cloud
SANS Workshop Building Azure Pentest Lab Red Teams
https://www.sans.org/webcasts/sans-workshop-building-azure-pentest-lab-red-teams/?msc=OOLP#Cloud
Awesome Azure Pentest GitHub Repository
https://github.com/Kyuu-Ji/Awesome-Azure-Pentest#Cloud
Privilege Escalation Google Cloud Platform Part 2
https://rhinosecuritylabs.com/cloud-security/privilege-escalation-google-cloud-platform-part-2/#Cloud
Post-Exploiting a Compromised etcd: Full Control over the Cluster and its Nodes
https://research.nccgroup.com/2023/11/07/post-exploiting-a-compromised-etcd-full-control-over-the-cluster-and-its-nodes/#Cloud
Phishing Microsoft Teams for Initial Access
https://pushsecurity.com/blog/phishing-microsoft-teams-for-initial-access/#Cloud
Microsoft Office Online Server Remote Code Execution
https://www.mdsec.co.uk/2022/10/microsoft-office-online-server-remote-code-execution/#Cloud
Azure Lateral Movement Cloud on Prem
https://cloud.hacktricks.xyz/pentesting-cloud/azure-pentesting/az-lateral-movement-cloud-on-prem/azure-ad-connect-hybrid-identity/federation#Cloud
YouTube Video
https://www.youtube.com/watch?v=SqfDFIQ8kkk#Cloud
YouTube Playlist
https://www.youtube.com/playlist?list=PL__YARLYIdeRDP-KsLIOqnzjc69MvmDde#Cloud
AzureHound Cypher Cheatsheet
https://hausec.com/2020/11/23/azurehound-cypher-cheatsheet/#Cloud
Twitter Status
https://twitter.com/emiliensocchi/status/1587917156842278913?s=46&t=G_4wVtIuqa0TWzwwrCUxww#Cloud
Azure AD Introduction for Red Teamers
https://www.synacktiv.com/publications/azure-ad-introduction-for-red-teamers.html#Cloud
Azure Lateral Movement Cloud on Prem
https://cloud.hacktricks.xyz/pentesting-cloud/azure-pentesting/az-lateral-movement-cloud-on-prem/azure-ad-connect-hybrid-identity/seamless-sso#Cloud
Azure App Tools GitHub Repository
https://github.com/rvrsh3ll/Azure-App-Tools#Cloud
Google Drive File
https://drive.google.com/file/d/1p1tTTIjg3RoJecYSU3CetvNw6-ZZdMXn/view?usp=sharing#BugBounty
Azure AD Connect for Red Teamers
https://blog.xpnsec.com/azuread-connect-for-redteam/#Cloud
365 Stealer Introduction
https://www.alteredsecurity.com/post/introduction-to-365-stealer#Cloud
GCP Enum GitHub Repository
https://gitlab.com/gitlab-com/gl-security/threatmanagement/redteam/redteam-public/gcp_enum#Cloud
Hack AWS in 60 Minutes GitHub Repository
https://github.com/CloudSecurityPartners/hack-aws-in-60-minutes#Cloud
NCC Group Research Author NCC Manning
https://research.nccgroup.com/author/nccmanning/#Cloud
Hacking Your Cloud Tokens Edition 2.0
https://www.trustedsec.com/blog/hacking-your-cloud-tokens-edition-2-0/#Cloud
Kubernetes Made Easy Course
https://www.udemy.com/course/kubernetes-made-easy/?couponCode=UDEMYNOV20#Cloud
Common Conditional Access Misconfigurations and Bypasses in Azure
https://www.trustedsec.com/blog/common-conditional-access-misconfigurations-and-bypasses-in-azure/?utm_content=223371823&utm_medium=social&utm_source=twitter&hss_channel=tw-403811306#Cloud
YouTube Channel
https://www.youtube.com/channel/UCPY5aUREHmbDO4PtR6AYLfQ#Cloud
YouTube Live
https://www.youtube.com/live/6KddjKKKEL4?si=01FqdyVKuM_7yaz0&t=3344#Cloud
Azure AD Cheatsheet
https://web.archive.org/web/20220522212941/https://hideandsec.sh/books/cheatsheets-82c/page/azure-ad#Cloud
CloudFox GitHub Repository
https://github.com/BishopFox/cloudfox?utm_source=linkedin&utm_medium=social&utm_term=&utm_content=external+&utm_campaign=external_link_202209#Cloud
Google Cloud 4 Words GitHub Repository
https://github.com/priyankavergadia/google-cloud-4-words#Cloud
Azure Lateral Movement Cloud on Prem
https://cloud.hacktricks.xyz/pentesting-cloud/azure-pentesting/az-lateral-movement-cloud-on-prem/azure-ad-connect-hybrid-identity/pta-pass-through-authentication#Cloud
Command and Kubectl Talk Follow-up
https://research.nccgroup.com/2020/02/12/command-and-kubectl-talk-follow-up/#Cloud
Finding AWS Account ID of Any S3 Bucket
https://tracebit.com/blog/2024/02/finding-aws-account-id-of-any-s3-bucket/#Cloud
Persistent AWS Access with Role Chain Juggling
https://rhinosecuritylabs.com/aws/cloud-container-attack-tool/#Cloud
BF My GCP Permissions GitHub Repository
https://github.com/carlospolop/bf_my_gcp_permissions#Cloud
Certified Azure Red Team Professional CARTP Exam Review
https://tripla.dk/2021/12/29/certified-azure-red-team-professional-cartp-by-pentester-academy-exam-review/#Cloud
PRTAbuse from Userland with Cobalt Strike
https://red.0xbad53c.com/red-team-operations/azure-and-o365/prt-abuse-from-userland-with-cobalt-strike/#Cloud
YouTube Video
https://www.youtube.com/watch?v=HXM1rBk_wXs#Cloud
Azure AD Pentesting Fundamentals
https://www.cobalt.io/blog/azure-ad-pentesting-fundamentals#Cloud
Discord Channel
https://discord.com/channels/819985942407675945/880404820597551134/970362921433571358#Cloud
YouTube Video
https://www.youtube.com/embed/m33VeLRUi4w#Cloud
Penetration Testing Azure for Ethical Hackers GitHub Repository
https://github.com/PacktPublishing/Penetration-Testing-Azure-for-Ethical-Hackers#Cloud
PayloadsAllTheThings GitHub Repository
https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Cloud%20-%20Azure%20Pentest.md#Cloud
What the Function Decrypting Azure Function App Keys
https://www.netspi.com/blog/technical/cloud-penetration-testing/what-the-function-decrypting-azure-function-app-keys/#Cloud
GCP Cloud Function Abuse Blog Post
https://blog.codydmartin.com/gcp-cloud-function-abuse/#Cloud
Abusing Azure AD SSO with the Primary Refresh Token
https://dirkjanm.io/abusing-azure-ad-sso-with-the-primary-refresh#Cloud
Run native mobile apps in your browser using Appetize.io, an online emulator for Android and iOS.
https://appetize.io/#Mobile
Explore Boschko's Incinerator, a powerful tool for analyzing and reversing Android applications.
https://boschko.ca/incinerator/amp/#Mobile
Thumbs Up emoji from the Twemoji project by Twitter.
https://cdn.jsdelivr.net/gh/twitter/twemoji@latest/assets/svg/1f44c.sv#Mobile
Fire emoji from the Twemoji project by Twitter.
https://cdn.jsdelivr.net/gh/twitter/twemoji@latest/assets/svg/1f525.sv#Mobile
Codeshare for Frida, a dynamic instrumentation toolkit for developers, reverse-engineers, and security researchers.
https://codeshare.frida.#Mobile
Un guide pour auditer la sécurité des applications iOS en utilisant Needle.
https://connect.ed-diamond.com/MISC/misc-091/auditer-la-securite-d-une-application-ios-avec-needle#Mobile
Article détaillant la mise en place d'un EDR (Endpoint Detection and Response) sous Android.
https://connect.ed-diamond.com/misc/misc-116/un-edr-sous-android#Mobile
Join the discussion on this specific Discord channel.
https://discord.com/channels/819985942407675945/819988038289588244/1032019602877714473#Mobile
APKLab is an integrated solution for Android applications reverse engineering.
https://github.com/APKLab/APKLab#Mobile
Blabb is a tool for security assessments and analysis by MarketStreetCyber.
https://github.com/MarketStreetCyber/Blabb#Mobile
Blabber is another security tool developed by MarketStreetCyber.
https://github.com/MarketStreetCyber/Blabber#Mobile
An automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis, and security assessment framework.
https://github.com/MobSF/Mobile-Security-Framework-MobSF#Mobile
A detailed analysis of a remote buffer overflow vulnerability in the wifi_stack of Android 11 platform on Samsung A20e.
https://github.com/SpiralBL0CK/Remote-buffer-overflow-over-wifi_stack-in-wpa_supplicant-binary-in-android-11-platform-samsung-a20e#Mobile
ALEAPP parses various logs, events, and Protobufs from Android devices.
https://github.com/abrignoni/ALEAPP#Mobile
iLEAPP is a tool to parse iOS logs, events, and Protobuf data.
https://github.com/abrignoni/iLEAPP#Mobile
A parser for Apple Cloud Notes, extracting and presenting data from iCloud backups.
https://github.com/threeplanetssoftware/apple_cloud_notes_parser#Mobile
PhoneSploit is a framework that utilizes ADB to exploit Android devices.
https://github.com/aerosol-can/PhoneSploit#Mobile
A collection of useful Frida scripts for reverse engineering and instrumentation.
https://github.com/iddoeldor/frida-snippets#Mobile
A comprehensive cheat sheet for mobile hacking and penetration testing.
https://github.com/randorisec/MobileHackingCheatSheet#Mobile
FriList is a tool for managing friends lists on social media platforms.
https://github.com/rsenet/FriList#Mobile
APKFram is a framework for the analysis and reverse engineering of APK files.
https://github.com/rsenet/apkfram.git#Mobile
Objection is a runtime mobile exploration toolkit powered by Frida, designed for performing security assessments of mobile applications.
https://github.com/sensepost/objection#Mobile
Research on Apple's Bluetooth Low Energy Exposé (BLEEE) vulnerabilities.
https://hexway.io/research/apple-bleee/#Mobile
A step-by-step guide on building an Android penetration testing lab.
https://medium.com/purplebox/step-by-step-guide-to-building-an-android-pentest-lab-853b4af6945e#Mobile
The ultimate guide to bypassing SSL pinning, provided by RedHunt Labs.
https://redhuntlabs.com/wp-content/uploads/2021/10/Ultimate-Guide-to-SSL-Pinning-Bypass-RedHunt-Labs-Attack-Surface-Management.pdf#Mobile
How to extract or unpack an .ab file (Android backup file) from your device.
https://stackoverflow.com/questions/18533567/how-to-extract-or-unpack-an-ab-file-android-backup-file#Mobile
Follow Aacle on Twitter for updates and insights.
https://twitter.com/Aacle_#Mobile
Check out this specific tweet from Aacle on Twitter.
https://twitter.com/Aacle_/status/1584916071483858944?s=20&t=_NVI4Fohd_VrJfcOymSCKg#Mobile
An introduction to mobile penetration testing by Hack The Box.
https://www.hackthebox.com/blog/intro-to-mobile-pentesting#Mobile
Guide on setting up Mobexler with VMware and Android Studio.
https://www.randorisec.fr/setting-up-mobexler-vmware-android-studio/#Mobile
XDA Developers is a community of developers and enthusiasts focused on Android development.
https://www.xda-developers.com/#Mobile
Profile of Svetius, a contributor on XDA Developers.
https://www.xda-developers.com/author/svetius#Mobile
Subscribe to this YouTube channel for videos on mobile security.
https://www.youtube.com/channel/UCa6eh7gCkpPo5XXUDfygQQ#Mobile
Watch this video on mobile security from YouTube.
https://www.youtube.com/watch?v=xp8ufidc514#Mobile
Author page on Zero Day Hacker, featuring various articles on mobile security.
https://zerodayhacker.com/author/hjdbvet6z3k#Mobile
Learn how to use an Android emulator for API hacking on Zero Day Hacker.
https://zerodayhacker.com/using-an-android-emulator-for-api-hacking/#Mobile
Introduction to RSA cryptography by express.
https://www.youtube.com/watch?v=RyMmKoSSPN8#Crypto
Express channel for cryptography tutorials and explanations.
https://www.youtube.com/channel/UCFMT8Cx0JO8BRkiZ8vzIa1A#Crypto
Tutorial on RSA encryption in French language.
https://www.youtube.com/watch?v=KfUrZG6Vo2Q#Crypto
Tech AB Info channel with various tech and crypto-related content.
https://www.youtube.com/channel/UCkzVomnoR_X9uE5box2Dw8g#Crypto
Educational series on elliptic curves in cryptography.
https://www.youtube.com/playlist?list=PLYpVTXjEi1oe1OeAllJpNhFoI4B7Ws8Yl#Crypto
Quantum channel featuring videos on quantum cryptography.
https://www.youtube.com/channel/UCgeO7CtfYSdWt0PPZ3vafqw#Crypto
Introduction to supersingular isogenies for post-quantum cryptography.
https://www.youtube.com/watch?v=9B7jq7Mgiwc#Crypto
Videos from Microsoft Research covering various aspects of cryptography.
https://www.youtube.com/channel/UCCb9_Kn8F_Opb3UCGm-lILQ#Crypto
Lecture on the mathematics of lattices in cryptography.
https://youtu.be/LlPXfy6bKIY#Crypto
Videos from Simons Institute discussing advanced topics in cryptography.
https://www.youtube.com/channel/UCW1C2xOfXsIzPgjXyuhkw9g#Crypto
Conference introducing RSA cryptography in French.
https://www.youtube.com/watch?v=FiZwf8GfSzo#Crypto
Crypto challenges and tutorials in French language.
https://www.youtube.com/watch?v=iIesDpv9F4s#Crypto
Videos from Ange Albertini covering various crypto-related topics.
https://www.youtube.com/channel/UCwQvHQ2JdGomedDJFJ9r7DA#Crypto
Mathematics exercises related to cryptography.
https://www.youtube.com/watch?v=IdchTH9bGOs#Crypto
Videos on preparing for cryptography challenges and exams.
https://www.youtube.com/channel/UCn4MPWKkXuS2GlmLH9-Qaew#Crypto
Tech tutorial on SSH and Diffie-Hellman key exchange.
https://youtu.be/VXGt12Nioqc#Crypto
Explanation of cybersecurity concepts in French.
https://www.youtube.com/channel/UCHScE3Ck5G6_Cp0BqPM7YTA#Crypto
Explanation of the AES encryption algorithm.
https://www.youtube.com/watch?v=O4xNJsjtN6E#Crypto
Computerphile channel with videos on computer science topics including cryptography.
https://www.youtube.com/channel/UC9-y-6csu5WGm29I7JiwpnA#Crypto
Explanation of attacking ECB mode encryption.
https://www.youtube.com/watch?v=unn09JYIjOI#Crypto
247CTF channel featuring CTF challenges including cryptography.
https://www.youtube.com/channel/UCtGLeKomT06x3xZ2SZp2l9Q#Crypto
Demonstration of AES-ECB plaintext recovery in a cyber competition.
https://www.youtube.com/watch?v=f-iz_ZAS258#Crypto
John Hammond channel with tutorials on cybersecurity and cryptography.
https://www.youtube.com/channel/UCVeW9qkBjo3zosnqUbG7CFw#Crypto
No description available.
https://www.youtube.com/channel/UCEpTctnbaz_m9DpibqG1siw#Crypto
Demonstration of decrypting RSA and ChaCha20 ransomware.
https://www.youtube.com/watch?v=S9NyJD4LiY0#Crypto
0xdf channel featuring cybersecurity and crypto-related content.
https://www.youtube.com/channel/UChO9OAH57Flz35RRX__E25A#Crypto
Explanation of the ChaCha stream cipher.
https://youtu.be/UeIpq-C-GSA#Crypto
Tutorial on exploiting SSH key parsing vulnerabilities.
https://youtu.be/4F1XGsvB2iA#Crypto
IppSec channel featuring cybersecurity walkthroughs including cryptographic challenges.
https://www.youtube.com/channel/UCa6eh7gCkpPo5XXUDfygQQA#Crypto
Explanation of creating the first SHA-1 collision and its implications for hash security.
https://www.youtube.com/watch?v=Zl1TZJGfvPo#Crypto
Black Hat channel featuring presentations on cybersecurity including cryptography.
https://www.youtube.com/channel/UCJ6q9Ie29ajGqKApbLqfBOg#Crypto
Introduction to the LEA cryptographic algorithm.
https://maojui.me/Crypto/LEA/#Crypto
Explanation of elliptic curve cryptography from the Nakov Cryptobook.
https://cryptobook.nakov.com/asymmetric-key-ciphers/elliptic-curve-cryptography-ecc#Crypto
Introduction to RSA encryption from SigmaPrime Blog.
https://blog.sigmaprime.io/introduction-to-rsa.html#Crypto
Exploration of attacking RSA for fun and in Capture The Flag competitions (Part 1).
https://bitsdeep.com/posts/attacking-rsa-for-fun-and-ctf-points-part-1/#Crypto
Explanation and usage of JA3 fingerprints in cybersecurity.
https://ja3er.com/#Crypto
Techniques for impersonating JA3 fingerprints in cybersecurity.
https://medium.com/cu-cyber/impersonating-ja3-fingerprints-b9f555880e42#Crypto
Exploration of unsupervised machine learning and JA-3 in cybersecurity.
https://www.darktrace.com/en/blog/beyond-the-hash-how-unsupervised-machine-learning-unlocks-the-true-power-of-ja-3/#Crypto
Tool for conducting RSA-related Capture The Flag challenges.
https://github.com/Ganapati/RsaCtfTool#Crypto
Explanation and demonstration of bit flipping attacks on CBC mode encryption.
https://crypto.stackexchange.com/questions/66085/bit-flipping-attack-on-cbc-mode#Crypto
Reference material on cryptography and engineering.
https://github.com/rmusser01/Infosec_Reference/blob/master/Draft/CandE.md#Crypto
Introduction to RSA encryption.
https://medium.com/@c0D3M/introduction-to-rsa-e8cb39af508e#Crypto
Courses and challenges for learning cryptography.
https://cryptohack.org/courses/#Crypto
Mathematical exploration of elliptic curves in cryptography.
https://www.alpertron.com.ar/ECM.HTM#Crypto
Basic notions in number theory related to cryptography.
https://github.com/zademn/EverythingCrypto/blob/master/E1%20Mathematics/Number_theory/Basic_notions.ipynb#Crypto
Guide to rolling your own AES encryption implementation.
https://github.com/francisrstokes/githublog/blob/main/2022/6/15/rolling-your-own-crypto-aes.md#Crypto
Book covering real-world applications of cryptography.
https://www.amazon.fr/Real-world-Cryptography-David-Wong/dp/1617296716#Crypto
Handbook covering various aspects of cryptography.
https://b-ok.cc/book/17217306/389dcb#Crypto
Challenges and exercises related to cryptography.
https://w3challs.com/challenges/list/crypto#Crypto
Repository of crypto attacks and techniques.
https://github.com/jvdsn/crypto-attacks#Crypto
Book on advanced military cryptography.
https://www.amazon.com/Advanced-Military-Cryptography-Cryptographic-Friedman/dp/0894120115#Crypto
Wiki resource on cryptography.
https://cryptography.fandom.com/wiki/Crypto_Wiki#Crypto
README file on elliptic curves.
https://github.com/ashutosh1206/Crypton/blob/master/Elliptic-Curves/README.md#Crypto
Design principles of the ChaCha20 cipher.
https://loup-vaillant.fr/tutorials/chacha20-design#Crypto
Key derivation in ChaCha20 stream cipher.
https://loup-vaillant.fr/articles/chacha20-key-derivation#Crypto
Usage of ChaCha20 in stream ciphers.
https://libsodium.gitbook.io/doc/advanced/stream_ciphers/chacha20#Crypto
Attack techniques against AES using square attack.
https://github.com/thomasperrot/aes-square-attack#Crypto
Writeup of crypto challenge from CA CTF 2022.
https://www.hackthebox.com/blog/movs-like-jagger-ca-ctf-2022-crypto-writeup#Crypto
Writeup on side channel attacks in cryptography.
https://github.com/0x14mth3n1ght/Writeup/tree/master/FCSC/side_chan/#Crypto
Explanation of the AES encryption algorithm.
https://braincoke.fr/blog/2020/08/the-aes-encryption-algorithm-explained/#Crypto
Cryptanalysis methods using video content.
https://www.nassiben.com/video-based-crypta#Crypto
Introduction to lattice-based cryptography.
https://vozec.fr/crypto-lattice/lattice-introduction/#Crypto
Best practices and handling tips for ECDSA cryptography.
https://blog.trailofbits.com/2020/06/11/ecdsa-handle-with-care/#Crypto
Writeup for the FCSC 2020 challenge "Corrumpere".
https://github.com/Jakobus0/FCSC-2020-write-ups/blob/master/corrumpere_write_up.md#Crypto
Tool or technique involving AES encryption.
https://github.com/Vozec/AES-Flipper#Crypto
Prediction and analysis of PHP mt_rand function.
https://www.ambionics.io/blog/php-mt-rand-prediction#Crypto
Reverse engineering of the mt_rand function.
https://github.com/ambionics/mt_rand-reverse#Crypto
Explanation of creating the first SHA-1 collision.
https://www.youtube.com/watch?v=Zl1TZJGfvPo#Crypto
Working with Expert Witness Files in Linux.
https://dfir.science/2017/11/EWF-Tools-working-with-Expert-Witness-Files-in-Linux.html#Forensics
Various tools by ANSSI-FR for BIOS Management.
https://github.com/ANSSI-FR/bmc-tools#Forensics
Forensics challenges and resources for CTF.
https://trailofbits.github.io/ctf/forensics/#Forensics
Tool to retrieve passwords stored on a system.
https://github.com/AlessandroZ/LaZagneForensic#Forensics
A comprehensive forensics spreadsheet.
https://docs.google.com/spreadsheets/d/1z-44BUA2AVf8uqnoiDDSi7UxbyWy8KJqK4uaYq_0YYg/edit#gid=9#Forensics
HFS file system, partitions, and relevant evidences.
https://www.andreafortuna.org/2020/08/31/ios-forensics-hfs-file-system-partitions-and-relevant-evidences/#Forensics
Resources on iOS forensics.
https://resources.infosecinstitute.com/topic/ios-forensics/#Forensics
Parse and extract data from BPL files.
https://github.com/threeplanetssoftware/bplister#Forensics
Dump iOS Frequent Locations data.
https://github.com/mac4n6/iOS-Frequent-Locations-Dumper#Forensics
Various forensics tools by Mesquidar.
https://github.com/mesquidar/ForensicsTools#Forensics
Digital forensics resources and tools.
https://www.digitalforensics.com/#Forensics
Emulation framework for firmware analysis.
https://github.com/firmadyne/firmadyne/#Forensics
How I cracked Conti Ransomware Group’s leaked source code.
https://medium.com/@whickey000/how-i-cracked-conti-ransomware-groups-leaked-source-code-zip-file-e15d54663a8#Forensics
Video on Linux memory forensics.
https://www.youtube.com/watch?v=uYWTfWV3dQI&ab_channel=IppSec#Forensics
Memory forensics on Android devices.
https://www.pwc.be/en/FY21/documents/Android_memory_forensics.pdf#Forensics
Part 1 of the Cobalt Strike Investigation series.
https://blog.lexfora.com/Cobalt%20Strike%20Investigation%20Part%201.html#Forensics
Detect hidden processes on Unix-like systems.
https://github.com/YJesus/Unhide-NG#Forensics
UNIX and Linux based rootkits techniques and countermeasures.
https://repository.root-me.org/Virologie/EN%20-%20UNIX%20and%20Linux%20based%20Rootkits%20Techniques%20and%20Countermeasures%20-%20Andreas%20Bunten.pdf#Forensics
Cheatsheet for Volatility framework.
https://k-lfa.info/volatility-cheatsheet/#Forensics
Case study on detecting DNS implants.
https://research.nccgroup.com/2022/08/11/detecting-dns-implants-old-kitten-new-tricks-a-saitama-case-study/#Forensics
List of useful forensics tools.
https://k-lfa.info/quelques-tools-forensics/#Forensics
Extract information from Firefox and Thunderbird profiles.
https://github.com/Busindre/dumpzilla#Forensics
Analyze attacks using Cobalt Strike.
https://connect.ed-diamond.com/misc/misc-116/analyser-une-attaque-utilisant-l-outil-d-intrusion-commercial-cobalt-strike#Forensics
Command-line tool for forensics and incident response.
https://github.com/WithSecureLabs/chainsaw#Forensics
Understanding MACB times in Windows Forensic Analysis.
https://andreafortuna.org/2017/10/06/macb-times-in-windows-forensic-analysis/#Forensics
Recover cleared browser history.
https://www.inversecos.com/2022/10/recovering-cleared-browser-history.html?m=1#Forensics
Investigation numérique sous macOS HFS.
https://connect.ed-diamond.com/MISC/misc-107/investigation-numerique-sous-macos-hfs#Forensics
Command-line tool to show information about EWF files.
https://command-not-found.com/ewfinfo#Forensics
Scan for Cobalt Strike beacons.
https://github.com/Apr4h/CobaltStrikeScan#Forensics
Understanding Apple’s binary property list format.
https://medium.com/@karaiskc/understanding-apples-binary-property-list-format-281e6da00dbd#Forensics
Writeups for FCSC 2021 forensics challenges.
https://github.com/SorCelien/CTF-WRITEUPS/blob/main/FCSC-2021/forensics/ordiphone-2.md#Forensics
Writeups for SharkyCTF EZDump challenges.
https://www.synacktiv.com/publications/sharkyctf-ezdump-writeups-linux-forensics-introduction.html#Forensics
Extract kallsyms from Linux kernel memory dumps.
https://github.com/pagabuc/kallsyms-extractor#Forensics
Research paper on forensics.
https://dl.acm.org/doi/fullHtml/10.1145/3485471#Forensics
Slides on Volatility from LSE Summer Week 2016.
https://www.lse.epita.fr/lse-summer-week-2016/slides/lse-summer-week-2016-04-volatility.pdf#Forensics
Convert DWARF debugging information to JSON.
https://github.com/volatilityfoundation/dwarf2json#Forensics
Create specific Volatility profile and symbol table.
https://fahriguresci.com/create-specific-volatility-profile-and-symbol-table/#Forensics
Library to work with Windows EVTX event log files.
https://github.com/omerbenamram/evtx#Forensics
Search Windows EVTX files with precision.
https://bhabeshraj.com/post/search-windows-evtx-files-with-precision/#Forensics
Forensics tool to find and extract data.
https://github.com/d4rk-d4nph3/exfinder#Forensics
Forensic analysis of Windows event logs.
https://andreafortuna.org/2017/10/20/windows-event-logs-in-forensic-analysis/#Forensics
Cracking PIN and password locks on Android.
https://forensics.spreitzenbarth.de/2012/02/28/cracking-pin-and-password-locks-on-android/#Forensics
Breaking the screenlock on Android devices.
https://forensics.spreitzenbarth.de/2015/08/12/breaking-the-screenlock-a-short-update/#Forensics
Finding malware on memory dumps using Volatility and YARA rules.
https://andreafortuna.org/2018/07/16/finding-malware-on-memory-dumps-using-volatility-and-yara-rules/#Forensics
Tool to extract files from .bup archives.
https://github.com/OpenSecurityResearch/unbup#Forensics
Volatility plugin for scanning Zeus malware.
https://github.com/botherder/volatility/blob/master/contrib/plugins/malware/zeusscan.py#Forensics
Post-exploitation tool to extract credentials.
https://github.com/FreeRDP/FreeRDP/wiki/Mimikatz#Forensics
Decrypt encrypted stub data in Wireshark.
https://medium.com/tenable-techblog/decrypt-encrypted-stub-data-in-wireshark-deb132c076e7#Forensics
Tool to retrieve passwords stored on a system.
https://github.com/AlessandroZ/LaZagneForensic#Forensics
Archive of RDP replay blog post.
https://web.archive.org/web/20200424034135/https://www.contextis.com/en/blog/rdp-replay#Forensics
Decrypting IPsec protocols ISAKMP.
https://celaldogan2010.medium.com/decrypting-ipsec-protocols-isakmp-and-5a93991#Forensics
Writeup on RDP network forensics.
https://res260.medium.com/ihack-2020-monster-inc-the-middle-rdp-network-forensics-writeup-91e2fb0f4287#Forensics
Memory forensics writeup on HackTheBox.
https://www.hackthebox.com/blog/memory-forensics-volatility-write-up#Forensics
LiME on Android AVDs for Volatility analysis.
https://gabrio-tognozzi.medium.com/lime-on-android-avds-for-volatility-analysis-a3d2d89a9dd0#Forensics
Digital forensics tools by Eric Zimmerman.
https://ericzimmerman.github.io/#!index.md#Forensics
Illustrated guide to memory forensics with Volatility.
https://volatility-labs.blogspot.com/2021/10/memory-forensics-r-illustrated.html#Forensics
Memory forensics and the Windows Subsystem for Linux.
https://dfrws.org/wp-content/uploads/2019/06/paper_memory_forensics_and_the_windows_subsystem_for_linux.pdf#Forensics
Introduction to memory forensics video playlist.
https://www.dfir.training/video-playlists/introduction-to-memory-forensics#Forensics
PowerShell obfuscation detection framework.
https://github.com/danielbohannon/Revoke-Obfuscation#Forensics
Scan for CanaryTokens in files.
https://github.com/0xNslabs/CanaryTokenScanner#Forensics
Anti-forensics techniques on HackTheBox.
https://www.hackthebox.com/blog/anti-forensics-techniques#Forensics
Presentation at DEF CON 24 discussing methods to bypass captive portals and limited networks.
https://www.youtube.com/watch?v=GhUUzGBjhXQ#Network
Discussion on the current state of DNS rebinding attacks and their origins.
https://www.youtube.com/watch?v=y9-0lICNjOQ#Network
Conference on securing mail infrastructure using DNS.
https://www.youtube.com/watch?v=C2gy_vITxLA#Network
Analysis of Modbus traffic focusing on SANS ICS concepts.
https://www.youtube.com/watch?v=OAsLdXzKQo8#Network
Educational video explaining 5G technology using small cars.
https://www.youtube.com/watch?v=ao3jzvDghNI#Network
Detailed guide to pfSense 2.3 covering its features and benefits.
https://www.youtube.com/watch?v=agieD5uiwYY#Network
Article discussing attacks on real VoIP systems using SIPVicious OSS.
https://www.rtcsec.com/article/attacking-real-voip-system-with-sipvicious-oss/#Network
Exploration of unsupervised machine learning and its impact on JA3 technology.
https://www.darktrace.com/en/blog/beyond-the-hash-how-unsupervised-machine-learning-unlocks-the-true-power-of-ja-3/#Network
Medium article detailing methods for impersonating JA3 fingerprints.
https://medium.com/cu-cyber/impersonating-ja3-fingerprints-b9f555880e42#Network
Pinterest board related to cybersecurity and technology.
https://www.pinterest.com/anderson_boschi/#Network
GitHub repository for SNMPv3Brute tool.
https://github.com/applied-risk/snmpv3brute#Network
Recipes and techniques for password cracking.
https://www.ifm.net.nz/cookbooks/passwordcracker.html#Network
Medium article discussing WiFi security hacking in IEEE 802.11 networks.
https://medium.com/@syedhuseyn/ieee-802-11-wifi-security-hacking-149d26a2831#Network
Research article on the WiFiDemon iOS WiFi RCE 0-day vulnerability.
https://blog.zecops.com/research/meet-wifidemon-ios-wifi-rce-0-day-vulnerability-and-a-zero-click-vulnerability-that-was-silently-patched/#Network
Alert from Palo Alto Networks regarding a zero-day vulnerability.
https://thehackernews.com/2021/11/palo-alto-warns-of-zero-day-bug-in.html?m=1#Network
Guide on performing Linux packet captures using tcpdump.
https://cordero.me/linux-packet-captures-with-tcpdump/#Network
Blog post detailing VLAN hopping attacks.
https://papehane.blogspot.com/2018/01/vlan-hopping-attack.html#Network
ICANN resource page explaining DNSSEC and its importance.
https://www.icann.org/resources/pages/dnssec-what-is-it-why-important-2019-03-20-fr#Network
Mind map for WiFi hacking techniques.
https://github.com/koutto/pi-pwnbox-rogueap/blob/main/mindmap/WiFi-Hacking-MindMap-v1.png#Network
Insights into exploiting AWS vulnerabilities from an attacker's perspective.
https://daycyberwox.com/exploiting-aws-2-attackers-perspective-flaws2cloud#Network
LinkedIn post on hacking protocol chapter RIPV1 by Mike Ghahremani.
https://www.linkedin.com/pulse/hack-protocol-chapter-ripv1-mike-ghahremani/#Network
Blog post on abusing Microsoft Teams Direct Routing.
https://blog.syss.com/posts/abusing-ms-teams-direct-routing/#Network
Tenable TechBlog article on decrypting encrypted stub data in Wireshark.
https://medium.com/tenable-techblog/decrypt-encrypted-stub-data-in-wireshark-deb132c076e7#Network
Medium article analyzing WhatsApp calls.
https://medium.com/@schirrmacher/analyzing-whatsapp-calls-176a9e776213#Network
Blog post from Grimm detailing trust issues.
https://blog.grimm-co.com/2021/09/mama-always-told-me-not-to-trust.html#Network
Blog post on subdomain enumeration using DNSSEC.
https://www.securesystems.de/blog/subdomain-enumeration-with-DNSSEC/#Network
GitHub repository for SeeYouCM Thief tool.
https://github.com/trustedsec/SeeYouCM-Thief#Network
Blog post on unauthenticated dumping of usernames via Cisco Unified Call Manager.
https://www.n00py.io/2022/01/unauthenticated-dumping-of-usernames-via-cisco-unified-call-manager-cucm/#Network
Security Intelligence article dissecting and exploiting TCP/IP RCE vulnerability.
https://securityintelligence.com/posts/dissecting-exploiting-tcp-ip-rce-vulnerability-evilesp/#Network
Medium article diving deep into TLS protocol.
https://medium.com/devops-dudes/deep-dive-into-tls-a9798ac1763a#Network
GitHub repository for Nord-Stream tool.
https://github.com/synacktiv/nord-stream#Network
GitHub repository for OSPFMD5Crack tool.
https://github.com/c4s73r/OSPFMD5Crack/tree/main#Network
French article explaining ARP spoofing, MITM, and DoS attacks.
https://www.it-connect.fr/comprendre-les-attaques-via-arp-spoofing-mitm-dos/#Network
GitHub repository for Wireless Pentesting CheatSheet.
https://github.com/V0lk3n/WirelessPentesting-CheatSheet#Network
GitHub repository for Network Segmentation Cheat Sheet.
https://github.com/sergiomarotco/Network-segmentation-cheat-sheet#Network
APNIC blog post providing an overview of QUIC protocol.
https://blog.apnic.net/2019/03/04/a-quick-look-at-quic/#Network
Docker documentation on packet filtering firewalls.
https://docs.docker.com/network/packet-filtering-firewalls/#Network
Tool for decoding online SMS PDU.
https://www.smsdeliverer.com/online-sms-pdu-decoder.aspx#Network
Medium article investigating Surfshark and NordVPN using JA4T.
https://medium.com/foxio/investigating-surfshark-and-nordvpn-with-ja4t-7bbf5a33aad0#Network
Exploring the implications of hotwiring electric vehicles in 2023.
https://www.youtube.com/watch?v=5tLNRk7mZXo#Hardware
Comparison between office chairs and gaming chairs.
https://www.youtube.com/watch?v=9Yhc6mmdJC4#Hardware
Channel focusing on gaming hardware and technology reviews.
https://youtube.com/c/GamersNexus#Hardware
Investigating the possibility of recovering sound from images.
https://www.youtube.com/watch?v=eUzB0L0mSCI#Hardware
Videos on technology and electronics.
https://www.youtube.com/user/dexsilicium/videos#Hardware
Exploring post-exploitation scenarios after hacking a WiFi router.
https://www.youtube.com/watch?v=bbZvIXU4laI#Hardware
Samy Kamkar discussing radio hacking of cars and hardware.
https://www.youtube.com/watch?v=1RipwqJG50c#Hardware
Discussion on hacking a TP-Link router at Pwn2Own competition.
https://www.youtube.com/watch?v=zjafMP7EgEA#Hardware
Demonstration of breaking out of kiosks using web browsers.
https://www.youtube.com/watch?v=R7srpHUshuI#Hardware
Security analysis of IoT and embedded systems firmware.
https://www.youtube.com/watch?v=9ONXskRt_qQ#Hardware
Man-in-the-middle style attack on a Netgear router from WAN.
https://www.youtube.com/watch?v=NQrKFeS5YUk#Hardware
Discussion on EcoOBD & NitroOBD scam.
https://www.youtube.com/watch?v=fGciVNYHw7U#Hardware
Analysis of the pricing of vehicle keys.
https://www.youtube.com/watch?v=IBJUh0jr9P0#Hardware
Lowering the entry fee to IoT bugfest with Hydrabus.
https://www.youtube.com/watch?v=theYbzPhYH8#Hardware
Keynote speech by Jayson E. Street at Security Fest 2022.
https://www.youtube.com/watch?v=FP5c8_U1G-w#Hardware
Hitchhacker’s guide to iPhone lightning cable hacking at DEF CON 30.
https://www.youtube.com/watch?v=8p3Oi4DL0eI#Hardware
Discussion on banned gadgets that anyone can buy.
https://www.youtube.com/watch?v=rTmJOkmlzro#Hardware
Analysis of the PS5 disassembly by Sony.
https://www.youtube.com/watch?v=9ZmKyjpq9jo#Hardware
Channel focusing on retro electronics and repairs.
https://www.youtube.com/@retrofixer#Hardware
Videos from the Flashback Team on various tech topics.
https://youtube.com/c/FlashbackTeam#Hardware
Analysis of silicon chip in a driver's license.
https://www.youtube.com/watch?v=aTpH34Mvg90#Hardware
Guide to UART root shell attacks.
https://www.youtube.com/watch?v=01mw0oTHwxg#Hardware
Air-gap exfiltration attack via radio signals from SATA cables.
https://www.youtube.com/watch?v=rlmP-csuFIo#Hardware
Site web spécialisé dans les actualités et tests de matériel informatique.
https://tomshardware.fr/#Hardware
Auteur Beapi sur Tom's Hardware France.
https://www.tomshardware.fr/author/beapi/#Hardware
Produit NooElec NESDR SMArt avec aluminium et antennes.
https://www.amazon.fr/NooElec-NESDR-SMArt-Aluminium-antennes/dp/B01GDN1T4S/#Hardware
Calculateur d'antenne collinéaire sans fil.
https://martybugs.net/wireless/collinear.cgi#Hardware
Défi BattleChip du CTF FCSC 2021 sur 0xff.re.
https://ctf.0xff.re/2021/fcsc_2021/battlechip#Hardware
Writeups pour le CTF FCSC 2021 sur le thème du hardware.
https://github.com/dspiricate/writeups/tree/main/FCSC/2021/hardware#Hardware
Article sur J2000.0 sur Wikipedia.
https://fr.wikipedia.org/wiki/J2000.0#Hardware
Tweet de Podalirius.
https://twitter.com/podalirius_/status/1434887791536652290#Hardware
Tweet de Podalirius.
https://twitter.com/podalirius_/status/1436420758188838913#Hardware
Projet RF to Bytes avec RTL-SDR sur nada-labs.net.
https://nada-labs.net/2017/rf-to-bytes-rtl-sdr/#Hardware
Article sur l'entête Ethernet sur FrameIP.
https://www.frameip.com/entete-ethernet/#Hardware
Auteur Sebastien Fontaine sur FrameIP.
https://www.frameip.com/author/sebastien-fontaine/#Hardware
Universal Radio Hacker (URH) sur GitHub.
https://github.com/jopohl/urh#Hardware
Firmware Modification Kit sur GitHub.
https://github.com/rampageX/firmware-mod-kit#Hardware
Awesome-Hardware-and-IoT-Hacking sur GitHub.
https://github.com/CyberSecurityUP/Awesome-Hardware-and-IoT-Hacking#Hardware
Article sur l'infrarouge sur le blog de Flipper Zero.
https://blog.flipperzero.one/infrared/amp/#Hardware
Guide DIY pour créer son propre proxy 4G sur BlackHatWorld.
https://www.blackhatworld.com/seo/diy-how-to-create-your-own-4g-proxy.1234185/#Hardware
Articles de la catégorie Classroom sur le blog de Flipper Zero.
https://blog.flipperzero.one/tag/classroom/#Hardware
Article sur le piratage de voiture sur Programming With Style.
https://programmingwithstyle.com/posts/howihackedmycar/#Hardware
Guide d'apprentissage sur les communications série asynchrones sur Saleae.
https://support.saleae.com/tutorials/learning-portal/learning-resources/learn-asynchronous-serial#Hardware
Firmware Flipper Zero avec plugins sur GitHub.
https://github.com/RogueMaster/flipperzero-firmware-wPlugins#Hardware
Articles How-To sur les gadgets sur HackMag.
https://hackmag.com/security/gadgets-howto/#Hardware
Article sur le relais des YubiKeys par Cube0x0.
https://cube0x0.github.io/Relaying-YubiKeys/#Hardware
Série Enabot Partie 2 sur DebugMen.
https://debugmen.dev/hardware-series/2022/08/01/enabot_series_part_2.html#Hardware
Série Enabot Partie 1 sur DebugMen.
https://debugmen.dev/hardware-series/2022/02/18/enabot_series_part_1.html#Hardware
Article sur l'émulation avec QEMU sur ZDI.
https://www.zerodayinitiative.com/blog/2020/5/27/mindshare-how-to-just-emulate-it-with-qemu#Hardware
Produit Amazon - Kit B01MUFRHQ2.
https://www.amazon.fr/gp/product/B01MUFRHQ2/ref=ppx_yo_dt_b_asin_title_o01_s00?ie=UTF8&psc=1#Hardware
Produit Amazon - Kit B00TM0W8ZY.
https://www.amazon.fr/gp/product/B00TM0W8ZY/ref=ppx_yo_dt_b_asin_title_o03_s00?ie=UTF8&psc=1#Hardware
Kit de électronique Velleman WSG150 sur Distrelec.
https://www.distrelec.ch/fr/kit-de-electronique-velleman-wsg150/p/18500308?trackQuery=kit+%c3%a9l%c3%a9ctronique&pos=17&origPos=17&origPageSize=50&track=true#Hardware
Kit Roue de la Fortune électronique Velleman WSG152 sur Distrelec.
https://www.distrelec.ch/fr/kit-roue-de-la-fortune-electronique-velleman-wsg152/p/18500324?trackQuery=kit+%c3%a9l%c3%a9ctronique&pos=19&origPos=19&origPageSize=50&track=true#Hardware
Kit de électronique Velleman WSG113 sur Distrelec.
https://www.distrelec.ch/fr/kit-de-electronique-velleman-wsg113/p/18520090?trackQuery=kit+%c3%a9l%c3%a9ctronique&pos=23&origPos=23&origPageSize=50&track=true#Hardware
Station de soudage JBC BT-2BWA 140Watt sur EleShop.
https://eleshop.fr/jbc-bt-2bwa-soldeerstation-140watt.html#Hardware
Pinecil Mini Fer à Souder Portable Intelligent sur EleShop.
https://eleshop.fr/pinecil-mini-fer-a-souder-portable-intelligent.html#Hardware
Guide sur l'évasion des applications GUI sur HackTricks.
https://book.hacktricks.xyz/hardware-physical-access/escaping-from-gui-applications#Hardware
Laboratoires de piratage de kiosques ATM sur Boschko.
https://boschko.ca/atm-kiosk-hacking-labs/amp/#Hardware
Article sur la sortie des kiosques Windows en utilisant uniquement Microsoft Edge sur le blog NVISO.
https://blog.nviso.eu/2022/05/24/breaking-out-of-windows-kiosks-using-only-microsoft-edge/#Hardware
Auteur Firat Acar sur le blog NVISO.
https://blog.nviso.eu/author/firat-acar/#Hardware
Expériences de piratage matériel sur GitHub.
https://github.com/koutto/hardware-hacking/blob/master/Hardware-Hacking-Experiments-Jeremy-Brun-Nouvion-2020.pdf#Hardware
Attaque DMA pratique sur Windows 10 par Synacktiv.
https://www.synacktiv.com/en/publications/practical-dma-attack-on-windows-10.html#Hardware
Article sur UART, U-Boot, et USB sur VoidStar Security.
https://voidstarsec.com/blog/uart-uboot-and-usb#Hardware
HackRF One en français sur GitHub par PierreAdams.
https://github.com/PierreAdams/HackRF-One-French#Hardware
Attaques par implants matériels - Partie 1 sur CSG GovTech.
https://medium.com/csg-govtech/hardware-implant-attacks-part-1-console-access-attacks-on-vulnerable-iot-devices-104662f472dc#Hardware
Dronesploit sur GitHub par dhondta.
https://github.com/dhondta/dronesploit#Hardware
Archive du blog ZeroJay.
https://web.archive.org/web/20201111185235/https://zerojay.com/blog/#Hardware
SF Cabinet sur GitHub par wrongbaud.
https://github.com/wrongbaud/sf-cabinet#Hardware
Bus Pirate sur GitHub par BusPirate.
https://github.com/BusPirate/Bus_Pirate#Hardware
Exploitation des APIs embarquées par le dumping de firmware sur Dana Epp.
https://danaepp.com/exploiting-embedded-apis-by-dumping-firmware#Hardware
HydraBus Framework sur 0x00sec (Cached).
https://webcache.googleusercontent.com/search?q=cache:y33eqtzZJNEJ:https://0x00sec.org/t/hydrabus-framework/17057&cd=8&hl=fr&ct=clnk&gl=fr&client=firefox-b-d#Hardware
Partie 3 du CTF IoT Ph0wn par Sébastien Andrivet.
http://sebastien.andrivet.com/en/posts/ph0wn-my-first-iot-ctf-part-3/#Hardware
Profondeur du protocole: Couche physique USB par Luigi C. Filho sur LinkedIn.
https://www.linkedin.com/pulse/protocol-depth-usb-physical-layer-luigi-c-filho/#Hardware
Ingénierie inverse de l'architecture pinout PLC par SEC Consult.
https://sec-consult.com/blog/detail/reverse-engineering-architecture-pinout-plc/#Hardware
Dumping de flash - Partie I sur Quarkslab.
https://blog.quarkslab.com/flash-dumping-part-i.html#Hardware
Je pirate U-Boot par Synacktiv.
https://www.synacktiv.com/publications/i-hack-u-boot#Hardware
Dumping de firmware d'une caméra Reolink par Micah VanDeusen.
https://micahvandeusen.com/dumping-firmware-from-a-reolink-camera/#Hardware
Guide pratique pour pirater les systèmes CAN Bus à l'aide du simulateur de cluster d'instruments - Partie I par Yogesh Ojha.
https://medium.com/@yogeshojha/car-hacking-101-practical-guide-to-exploiting-can-bus-using-instrument-cluster-simulator-part-i-cd88d3eb4a53#Hardware
Flipper Zero Brute Force sur GitHub par tobiabocchi.
https://github.com/tobiabocchi/flipperzero-bruteforce#Hardware
Jailbreaking the Sonos Era 100 par NCC Group.
https://research.nccgroup.com/2023/12/04/shooting-yourself-in-the-flags-jailbreaking-the-sonos-era-100/#Hardware
JTAG iPhone Pico par MattEyeux.
https://matteyeux.github.io/posts/jtag-iphone-pico/#Hardware
Vidéo YouTube sur ChatGPT et l'avancée de l'IA.
https://www.youtube.com/watch?v=mc2Qli9ImOI#IA
Article sur la fonction de perte log.
https://dasha.ai/en-us/blog/log-loss-function#IA
Tutoriel sur l'apprentissage profond.
https://www.geeksforgeeks.org/deep-learning-tutorial/#IA
Projet DeepExploit pour la sécurité en apprentissage automatique.
https://github.com/13o-bbr-bbq/machine_learning_security/tree/master/DeepExploit#IA
Article sur la détection de fraude avec l'apprentissage automatique chez Netflix.
https://netflixtechblog.com/machine-learning-for-fraud-detection-in-streaming-services-b0b4ef3be3f6#IA
Article sur l'exploitation des modèles GPT personnalisés.
https://hacktback.fr/nos-ressources/exploitation-des-modeles-gpt-personnalises/#IA
DarkGPT Official Edition par FlowGPT.
https://flowgpt.com/p/darkgpt-official-edition#IA
Article sur le premier ver informatique pour les systèmes d'IA.
https://www.clubic.com/actualite-520456-des-chercheurs-creent-le-tout-premier-ver-informatique-capable-de-se-repandre-dans-les-systemes-d-ia.html#IA
Tweet par HeyShrutiMishra.
https://twitter.com/heyshrutimishra/status/1771206798881825005?s=46&t=99dL4GUsW1YjQVX3886QCg#IA
Article sur l'invocation de Ragnarok avec votre Némésis.
https://posts.specterops.io/summoning-ragnarok-with-your-nemesis-7c4f0577c93b#IA
Article sur l'exploitation des modèles ML avec des attaques de fichiers Pickle (partie 1).
https://blog.trailofbits.com/2024/06/11/exploiting-ml-models-with-pickle-file-attacks-part-1/#IA
Articles par Sarah Miller sur Trail of Bits.
https://blog.trailofbits.com/author/sarahmiller239#IA
Conférence sur les origines de l'OSINT par Jean-Marc Manach.
https://www.youtube.com/watch?v=XrTFzZ77eEI#Osint
Techniques avancées d'OSINT sur LinkedIn avec Mishaal Khan.
https://www.youtube.com/watch?v=bz4oZBR3LEk#Osint
Conférence sur OSINT par une chaîne YouTube non identifiée.
https://www.youtube.com/channel/UCSxk_CUfES4ly5Sspc0Vorw#Osint
Atelier en français sur l'OSINT par mot de passe avec h8mail par Khast3x.
https://www.youtube.com/watch?v=u1frAWJE5_Q#Osint
Deuxième partie des origines de l'OSINT par _IntelligenceX/Peter Kleissner.
https://www.youtube.com/watch?v=UsRAziRLsY8#Osint
Techniques de piratage Google pour l'OSINT.
https://securitytrails.com/blog/google-hacking-techniques#Osint
Outil pour la recherche de fuites de données sociales.
https://github.com/MrTuxx/SocialPwned#Osint
Guide des opérateurs de recherche sur Yandex.
https://yandex.com/support/search/query-language/search-operators.html#Osint
Outil d'OSINT pour la recherche d'informations téléphoniques.
https://github.com/sundowndev/PhoneInfoga#Osint
Outil d'OSINT pour l'investigation sur Google Workspace.
https://github.com/mxrch/GHunt#Osint
Tweet par AFP Factuel concernant l'actualité.
https://twitter.com/afpfactuel/status/1413862177304350722?s=21#Osint
Outil pour la recherche de données sensibles dans les dépôts de déchets.
https://github.com/securing/DumpsterDiver#Osint
Défi de suivi de vols pour l'OSINT.
https://haax.fr/fr/writeups/osint-geoint/osint-flight-tracking-challenge/#Osint
Extension Firefox pour l'OSINT sur Facebook et Instagram.
https://addons.mozilla.org/fr/firefox/addon/facebook-instagram-osint/#Osint
Introduction à l'OSINT et ses principes de base.
https://0xraven.fr/articles/osint-101/#Osint
Moteur de recherche et d'analyse de statistiques Telegram.
https://tgstat.ru/en/search#Osint
Guide de pentesting Kubernetes depuis l'extérieur.
https://book.hacktricks.xyz/pentesting/pentesting-kubernetes/pentesting-kubernetes-from-the-outside#Osint
Méthodes pour géolocaliser une photo sur une base militaire US.
https://medium.com/@drstache/using-shadows-and-optics-to-geolocate-a-photo-in-a-us-military-base-29bd3086283c#Osint
Base de données de réseaux sans fil mondiaux.
https://www.cqcore.uk/the-world-of-wigle/#Osint
Articles par l'auteur sur CQCore.
https://www.cqcore.uk/author/cq21_pqp8gp56#Osint
Recherche d'informations sur les identifiants Steam.
https://www.steamidfinder.com/#Osint
Collection ultime d'outils d'OSINT.
https://start.me/p/DPYPMz/the-ultimate-osint-collection#Osint
Tweet par Podalirius sur un sujet non précisé.
https://twitter.com/podalirius_/status/1481670627048132608#Osint
Outil pour la recherche et l'exploitation d'informations.
https://github.com/pixelbubble/ProtOSINT#Osint
Extension Firefox pour la recherche par image.
https://addons.mozilla.org/en-US/firefox/addon/search_by_image/#Osint
Outil pour l'exploration des dispositifs JTAG.
https://github.com/novitae/sterraxcyl#Osint
Outil pour la collecte d'informations LinkedIn.
https://github.com/vysecurity/LinkedInt#Osint
Système de décimalisation des coordonnées DMS.
https://www.fcc.gov/media/radio/dms-decimal#Osint
Analyse GEOINT des frontières sino-birmanes.
https://medium.com/@meakaaet/geoint-1-fronti%C3%A8res-sino-birmanes-f77bdfb581ae#Osint
Outil pour la recherche de secrets dans les dépôts Git.
https://github.com/michenriksen/gitrob#Osint
Outil pour la recherche de fuites d'informations sensibles dans les dépôts Git.
https://github.com/zricethezav/gitleaks#Osint
Outil pour la collecte d'informations sur les courriels, les sous-domaines, etc.
https://github.com/laramies/theHarvester#Osint
Outil pour la recherche de noms d'utilisateur LinkedIn à partir d'adresses électroniques.
https://github.com/initstring/linkedin2username#Osint
Liste des moteurs de recherche pour hackers.
https://github.com/edoardottt/awesome-hacker-search-engines#Osint
Outil pour récupérer du texte à partir d'images floutées.
https://github.com/beurtschipper/Depix#Osint
Présentation sur BlackSide.
https://www.beautiful.ai/player/-MsnhEMkgvXsZpppPkNM/BlackSide#Osint
Guide sur l'extraction de données cachées sur Skype.
https://whitehatinspector.blogspot.com/2021/03/skype-hidden-osint-goldmine.html#Osint
Outil pour deviner les adresses e-mail.
https://github.com/WildSiphon/Mailfoguess#Osint
Service de cartographie en ligne du gouvernement français.
https://www.geoportail.gouv.fr/#Osint
Base de données des entreprises en France.
https://annuaire-entreprises.data.gouv.fr/#Osint
Outils pour l'investigation sur les entreprises.
https://www.societe.ninja/index.html#Osint
Technique pour récupérer des tenues Bitmoji anciennes.
https://webbreacher.com/2022/10/24/grabbing-old-bitmoji-outfits-with-backmoji/#Osint
Outil pour la recherche d'informations sur Google Workspace.
https://github.com/mxrch/GHunt/releases/tag/v2.0.1#Osint
Analyseur de en-têtes de courriel.
https://mxtoolbox.com/EmailHeaders.aspx#Osint
Article sur Google par Elsicarius.
https://elsicarius.fr/google-vous-connaissez#Osint
Six outils pour aider à la géolocalisation.
https://nixintel.info/osint-tools/six-tools-to-help-with-geolocation/#Osint
Outil pour la collecte d'informations LinkedIn.
https://github.com/vysecurity/LinkedInt#Osint
Guide pour comprendre et utiliser les identifiants Google dans une stratégie OSINT.
https://www.eduba.school/blog/comment-comprendre-et-utiliser-les-google-id-dans-une-strategie-osint#Osint
Alimentation publique de l'intelligence.
https://github.com/CriticalPathSecurity/Public-Intelligence-Feeds#Osint
Outil pour la recherche sur le Dark Web.
https://github.com/megadose/OnionSearchtion#Osint
Outil pour l'analyse des menaces et de l'intelligence.
https://www.spiderfoot.net/#Osint
Extension Firefox pour convertir le favicon en MurmurHash.
https://addons.mozilla.org/fr/firefox/addon/favicon-to-murmurhash/#Osint
Tweet par EPCyber sur un sujet non précisé.
https://twitter.com/epcyber/status/1630207876382744584?t=LE4pnzCmIpedmrZag1qdrg&s=19#Osint
Outil pour l'analyse et la collecte d'informations dans le cloud.
https://github.com/7WaySecurity/cloud_osint#Osint
Outil pour la collecte d'informations exposées.
https://github.com/utkusen/wholeaked#Osint
Outil pour l'analyse des menaces et de l'intelligence.
https://github.com/smicallef/spiderfoot#Osint
Outil pour la recherche par image.
https://github.com/dessant/search-by-image#Osint
Personnalisation de PimEyes pour contourner les restrictions.
https://github.com/ItsIgnacioPortal/PimEyes-Crack-UserStyle#Osint
Outil de recherche visuelle de Pinterest.
https://help.pinterest.com/fr/article/pinterest-lens#Osint
Générateur de dorks pour les recherches Google.
https://yuraloginoff.github.io/dork-generator/#Osint
Outil pour la recherche de fuites d'informations sur les employés.
https://github.com/infobyte/emploleaks#Osint
Outil pour obtenir l'adresse IP distante d'un utilisateur Telegram.
https://github.com/lleon1435/telegram-get-remote-ip#Osint
Articles par Sam0x90 sur le renseignement sur les menaces.
https://github.com/Sam0x90/CTI#Osint
Analyse du renseignement basée sur les graphes.
https://linkurious.com/blog/graph-based-intelligence-analysis/#Osint
Outil pour la collecte d'informations sur WhatsApp.
https://github.com/jasperan/whatsapp-osint#Osint
Outil pour la recherche de mémoires compromis.
https://github.com/travisbrown/memory.lol#Osint
Fondamentaux du renseignement sur les menaces.
https://github.com/curated-intel/CTI-fundamentals#Osint
Système d'interconnexion des registres de propriété bénéficiaire.
https://e-justice.europa.eu/38590/EN/beneficial_ownership_registers_interconnection_system_boris?EUROPEAN_UNION&action=maximize&idSubpage=1#Osint
Collection d'outils OSINT.
https://github.com/cipher387/osint_stuff_tool_collection#Osint
Extension Firefox pour la gestion de notes.
https://addons.mozilla.org/fr/firefox/addon/noobox_2/#Osint
Extension Firefox pour la gestion de comptes.
https://addons.mozilla.org/fr/firefox/addon/multi-account-containers/#Osint
Outil pour l'analyse de l'information en ligne.
https://scanner.deepware.ai/#Osint
Post de forum par Analyst1.
https://analyst1.com/this-forum-is-a-bunch-of-communists-and-they-set-me-up-lockbit-spills-the-tea-regarding-their-recent-ban-on-russian-speaking-forums/#Osint
Forum pour la discussion des violations de données.
https://breachforums.is/showthread.php?tid=97611#Osint
Outils pour l'investigation sur les entreprises.
https://www.societe.ninja/index.html#Osint
Extension pour la gestion des onglets Chrome.
https://extpose.com/ext/haogkfoekgcdihiijdhjnpnbbodkgfmb#Osint
Guide pour l'anonymat en ligne.
https://anonymousplanet.org/guide.html#Osint
Outil pour l'analyse des métadonnées.
https://github.com/franckferman/MetaDetective#Osint
Liste d'extensions de navigateur pour l'OSINT.
https://github.com/osintambition/Awesome-Browser-Extensions-for-OSINT#Osint
Introduction to fuzzing - YouTube
https://www.youtube.com/watch?v=o-3c2OGsxlk#Programming
Array Map in 100 Seconds - YouTube
https://www.youtube.com/watch?v=DC471a9qrU4#Programming
Chaîne YouTube Low Level Learning
https://www.youtube.com/@LowLevelLearning#Programming
DATA STRUCTURES you MUST know (as a Software Developer) - YouTube
https://www.youtube.com/watch?v=sVxBVvlnJsM#Programming
LLVM et les runtime modernes - YouTube
https://www.youtube.com/watch?v=AeQzAfrxbe4#Programming
Pyrser Selector Language par Lionel Auroux - YouTube
https://www.youtube.com/watch?v=POk5X6QGRRU#Programming
COMMENT DEVELOPPER UN INTERPRÉTEUR ASSEMBLEUR EN GOLANG #golangtuto - YouTube
https://www.youtube.com/watch?v=FcTAHvmGxf8#Programming
Créer un compilateur avec LLVM et ANTLR4 - YouTube
https://www.youtube.com/watch?v=2teHuAAvQeI#Programming
LSE Week - Discovery of Pyrser - Lionel Auroux - YouTube
https://www.youtube.com/watch?v=FY4U2gQcoXo#Programming
Utilisation de Tesseract pour l'OCR
https://nanonets.com/blog/ocr-with-tesseract/#Programming
Cheat sheet pour supprimer des conteneurs Docker
https://shisho.dev/blog/posts/docker-remove-cheatsheet/#Programming
Guide de piratage du runtime Golang
https://github.com/golang/go/blob/master/src/runtime/HACKING.md#Programming
Introduction aux threads en C/C++
https://ocamil.com/index.php/c-c/c-c-les-thread#Programming
AI For Beginners par Microsoft
https://github.com/microsoft/AI-For-Beginners#Programming
Writeups de CTF sur le shellcoding
https://github.com/VulnHub/ctf-writeups/blob/master/2015/ringzer0/shellcoding.md#Programming
Nouvelle méthode de calcul matriciel en IA
https://trustmyscience.com/intelligence-artificielle-nouvelle-methode-calcul-matriciel-acceleration-ordinateurs/#Programming
Articles par Moles sur Trust My Science
https://trustmyscience.com/author/moles/#Programming
Guide sur les expressions régulières en Python sur W3Schools
https://www.w3schools.com/python/python_regex.asp#Programming
Introduction to Machine Learning - Partie 1
https://ahampriyanshu.com/blog/intro-to-ml-part-1-introduction/#Programming
TheAlgorithms GitHub Repository
https://github.com/TheAlgorithms#Programming
Bibliothèque Empire Listeners
https://github.com/EmpireProject/Empire/blob/master/lib/listeners/#Programming
Gestion de la mémoire et collecte des déchets en Python
https://towardsdatascience.com/memory-management-and-garbage-collection-in-python-c1cb51d1612c#Programming
Documentation PyDoc pour Python
https://docs.python.org/fr/3/library/pydoc.html#Programming
Z3 Playground par 0vercl0k
https://github.com/0vercl0k/z3-playground#Programming
Cours CryptoZombies sur la blockchain
https://cryptozombies.io/en/course/#Programming
Décodage des erreurs de Rust
https://medium.com/swlh/unwrapping-rusts-errors-552e583e2963#Programming
Cours Rust pour débutants
https://training.zeropointsecurity.co.uk/courses/rust-for-n00bs#Programming
Guide des intrinsics Intel
https://www.intel.com/content/www/us/en/docs/intrinsics-guide/index.html#Programming
LazyGit GitHub Repository
https://github.com/jesseduffield/lazygit#Programming
Cours Rust offensif
https://redteamsorcery.teachable.com/p/offensive-rust#Programming
Rust Tips and Tricks par Kudaes
https://github.com/Kudaes/rust_tips_and_tricks#Programming
Exemples Flask par Swafox
https://github.com/Swafox/Flask-examples#Programming
Langage de programmation Inox
https://github.com/inoxlang/inox#Programming
Ce que j'ai appris sur les méthodes formelles
https://jakob.space/blog/what-ive-learned-about-formal-methods.html#Programming
Py-Tree-Sitter par Tree-Sitter
https://github.com/tree-sitter/py-tree-sitter#Programming
Exercices de programmation Exercism
https://exercism.org/#Programming
Plongée profonde dans le VM de Python - Load Const Bug
https://doar-e.github.io/blog/2014/04/17/deep-dive-into-pythons-vm-story-of-load_const-bug/#Programming
Introduction à la pagination
https://os.phil-opp.com/paging-introduction/#Programming
Écriture d'un débogueur Windows - Partie 2
https://www.codeproject.com/Articles/132742/Writing-Windows-Debugger-Part-2#Programming
Compilers: Principles, Techniques, and Tools
https://a.co/d/hUXgWDr#Programming
Tutoriel sur l'obfuscation avec LLVM
https://github.com/quarkslab/llvm-passes/blob/master/doc/llvm_obfuscation_tutorial.rst#Programming
Bachelor's Thesis by Marius Schulz
https://github.com/mariusschulz/bachelors-thesis/blob/master/thesis.pdf#Programming
CLOC (Count Lines of Code) GitHub Repository
https://github.com/AlDanial/cloc#Programming
Software Engineering Notes - Clean Architecture
https://github.com/LordNoteworthy/software-engineering-notes/blob/main/Clean-Architecture.md#Programming
Intro to C for Windows Developers - SANS Webcast
https://www.sans.org/webcasts/intro-c-windows-devs/#Programming
LIEF (Library to Instrument Executable Formats) GitHub Repository
https://github.com/lief-project/LIEF#Programming
Writing a Windows Fuzzer from Scratch
https://www.legacyy.xyz/vr/windows/2023/10/23/writing-a-windows-fuzzer-from-scratch.html#Programming
Gephi (Graph Visualization and Manipulation Software) GitHub Repository
https://github.com/gephi/gephi#Programming
Graph Databases with Neo4j
https://www.infoq.com/fr/articles/graph-nosql-neo4j/#Programming
Neo4j Labs GitHub Repository
https://github.com/neo4j-labs/neo4rs#Programming
Aura Graph Database by Neo4j
https://neo4j.com/cloud/platform/aura-graph-database/?ref=nav-get-started-cta#Programming
Raspberry Pi OS Tutorials with Rust
https://github.com/rust-embedded/rust-raspberrypi-OS-tutorials#Programming
Binary Tree on Wikipedia
https://fr.wikipedia.org/wiki/Arbre_binaire#Programming
Awesome Rust GitHub Repository
https://github.com/rust-unofficial/awesome-rust#Programming
Write a C Interpreter Tutorial
https://github.com/lotabout/write-a-C-interpreter/tree/master/tutorial/en#Programming
Compilers: Principles, Techniques, and Tools
https://www.amazon.com/Compilers-Principles-Techniques-Tools-2nd/dp/0321486811#Programming
Bell Labs on Wikipedia
https://fr.wikipedia.org/wiki/Laboratoires_Bell#Programming
Bifrost GitHub Repository
https://github.com/its-a-feature/bifrost#Programming
Docker Update Container on Code Change
https://stackoverflow.com/questions/63279765/docker-how-to-update-your-container-when-your-code-changes#Programming
Unreal Engine C++ Quick Start Guide
https://docs.unrealengine.com/5.3/en-US/unreal-engine-cpp-quick-start/#Programming
Computation Subtyping
https://okmij.org/ftp/Computation/Subtyping/#Programming
Vidéo sur l'ingénierie sociale dans le noyau Windows
https://www.youtube.com/watch?v=eF-nJnPycXs#Pwn
Vidéo sur l'exploitation de heap
https://www.youtube.com/watch?v=1xGss7qd6oA#Pwn
Vidéo sur le dépassement de tampon dans les environnements iOS/Android ARM64
https://www.youtube.com/watch?v=CmTA05bcawk#Pwn
Vidéo sur les techniques d'exploitation du noyau Windows
https://www.youtube.com/watch?v=f8hTwFpRphU#Pwn
Vidéo sur l'exploitation du noyau Windows 10
https://www.youtube.com/watch?v=Gu_5kkErQ6Y#Pwn
Explication simple des attaques Rowhammer
https://www.youtube.com/watch?v=rGaF15-ko5w#Pwn
Vidéo sur le Temple Of Pwn 12 - Ret2DlResolve
https://www.youtube.com/watch?v=6qMabyX0yPw#Pwn
Vidéo sur l'exploitation binaire de heap avec Matt E!
https://www.youtube.com/watch?v=Im1SqwOVsEQ#Pwn
Introduction à l'exploitation de heap
https://www.youtube.com/watch?v=nnF4Avttbns#Pwn
Exploitation binaire : Les raiders du chunk perdu par Thomas DUBIER
https://www.youtube.com/watch?v=zcLQ4YrgfNQ#Pwn
Conditions de course et vulnérabilité Time of Check to Time of Use (TOCTTOU)
https://www.youtube.com/watch?v=PH73lpG2B1M#Pwn
Utilisation de Seccomp pour limiter la surface d'attaque du noyau
https://www.youtube.com/watch?v=q6n4Q3lgjSA#Pwn
Explication sur le ROP (Return Oriented Programming)
https://www.youtube.com/watch?v=zRI8diZTEB0#Pwn
Exploitation binaire - Heap-Based Partie 2 - Double free
https://www.youtube.com/watch?v=NTSiUtzbWQs#Pwn
Introduction aux bases du dépassement de tampon de heap
https://www.youtube.com/watch?v=LsA-bYhPS6s#Pwn
Cadres de pile (System V AMD64 ABI)
https://www.youtube.com/watch?v=JO6GkjJvkTk#Pwn
Découverte de pwntools avec switch & masterfox
https://www.youtube.com/watch?v=y5gsiVjfPHg#Pwn
Exploitation de heap Glibc pour le plaisir et le profit
https://www.youtube.com/watch?v=U7EwhCQBRZM#Pwn
Introduction basique à Heap Feng Shui
https://www.youtube.com/watch?v=zWgS6fTw4Ts#Pwn
Exploitation binaire Pwn
https://www.youtube.com/playlist?list=PL1-BhNrIYWnm3HK-8PBL-qhHwWjI-mjb8#Pwn
1, 2, 3, PWNED ! par Louka Jacques-Chevallier
https://www.youtube.com/watch?v=hmt8M9YLwTg#Pwn
Exploitation de la faille DRAM Rowhammer pour obtenir des privilèges noyau
https://www.youtube.com/watch?v=0U7511Fb4to#Pwn
Trouver le dépassement de tampon avec le fuzzing
https://www.youtube.com/watch?v=Do1Ri8TCF0Q#Pwn
François Boisson : Buffer Overflow ou explication de «une faille d...
https://www.youtube.com/watch?v=u-OZQkv2ebw&start=1s#Pwn
Internes de Windows
https://www.youtube.com/playlist?list=PLIXt8mu2KcUL5-5xyMnwD2yGP1__45QqO#Pwn
Exploitation binaire - Buffer overflow Heap Based partie 1
https://www.youtube.com/watch?v=PFqEKkj7wWs#Pwn
Société de sécurité de l'information et des systèmes
https://youtube.com/channel/UCofdfNbVHmhmYhSQriJhLag#Pwn
37C3 - Operation Triangulation: What You Get When Attack iPhones o...
https://www.youtube.com/watch?v=1f6YyH62jFE#Pwn
The Heap: what does malloc() do? - bin 0x14
https://www.youtube.com/watch?v=HPDBOhiKaD8#Pwn
HEXACON2022 - Life and death of an iOS attacker by Luca Todesco
https://www.youtube.com/watch?v=8mQAYeozl5I#Pwn
Blind Buffer Overflow exploitation to leak secret data - rhme2 Anim...
https://www.youtube.com/watch?v=SstD1O4_kwc#Pwn
Flipping Bits in Memory Without Accessing Them - Papers...
https://www.youtube.com/watch?v=1iBpLhFN_OA#Pwn
How do use-after-free exploits work? - bin 0x16
https://www.youtube.com/watch?v=ZHghwsTRyzQ#Pwn
String Oriented Programming
https://www.youtube.com/watch?v=DvtBCSYwTiA#Pwn
Temple Of PWN
https://youtube.com/playlist?list=PLiCcguURxSpbD9M0ha-Mvs-vLYt-VKlWt#Pwn
Write Up - Blind rop
https://www.youtube.com/watch?v=pGOGITkVzuM#Pwn
Qu'est ce que le Heap Spray ?
https://www.youtube.com/watch?v=woKGxIrKFBc#Pwn
Hacking Livestream #25: Blind ROP
https://www.youtube.com/watch?v=OAk23u9b-88#Pwn
Reverse Engineering #0 - Reverse un programme (cracking dynamique a...
https://www.youtube.com/watch?v=kyq4V3UtA5w#Pwn
Bypass NX/ASLR via leak de la libc
https://www.youtube.com/watch?v=8skdPGCEuxE#Pwn
Browser Exploitation
https://youtube.com/playlist?list=PLhixgUqwRTjwufDsT1ntgOY9yjZgg5H_t#Pwn
Browser Exploitation - Max Zinkus
https://www.youtube.com/watch?v=3szZpS58Dqg#Pwn
OCR with Tesseract - NanoNets Blog
https://nanonets.com/blog/ocr-with-tesseract/#Pwn
Docker Remove Cheatsheet
https://shisho.dev/blog/posts/docker-remove-cheatsheet/#Pwn
Go Runtime Hacking
https://github.com/golang/go/blob/master/src/runtime/HACKING.md#Pwn
C/C++ Les Thread - Ocamil
https://ocamil.com/index.php/c-c/c-c-les-thread#Pwn
AI For Beginners - Microsoft
https://github.com/microsoft/AI-For-Beginners#Pwn
CTF Writeups - VulnHub
https://github.com/VulnHub/ctf-writeups/blob/master/2015/ringzer0/shellcoding.md#Pwn
Nouvelle Méthode Calcul Matriciel - Trust My Science
https://trustmyscience.com/intelligence-artificielle-nouvelle-methode-calcul-matriciel-acceleration-ordinateurs/#Pwn
Auteur Moles - Trust My Science
https://trustmyscience.com/author/moles/#Pwn
Python Regex - W3Schools
https://www.w3schools.com/python/python_regex.asp#Pwn
Introduction to Machine Learning - Ahampriyanshu
https://ahampriyanshu.com/blog/intro-to-ml-part-1-introduction/#Pwn
Empire Listeners
https://github.com/EmpireProject/Empire/blob/master/lib/listeners/#Pwn
Memory Management in Python
https://towardsdatascience.com/memory-management-and-garbage-collection-in-python-c1cb51d1612c#Pwn
Bachelors Thesis
https://github.com/mariusschulz/bachelors-thesis/blob/master/thesis.pdf#Pwn
Clean Architecture
https://github.com/LordNoteworthy/software-engineering-notes/blob/main/Clean-Architecture.md#Pwn
Intro to C for Windows Devs
https://www.sans.org/webcasts/intro-c-windows-devs/#Pwn
Writing a Windows Fuzzer from Scratch
https://www.legacyy.xyz/vr/windows/2023/10/23/writing-a-windows-fuzzer-from-scratch.html#Pwn
Neo4j Aura Graph Database
https://neo4j.com/cloud/platform/aura-graph-database/?ref=nav-get-started-cta#Pwn
Raspberry Pi OS Tutorials
https://github.com/rust-embedded/rust-raspberrypi-OS-tutorials#Pwn
Binary Tree - Wikipedia FR
https://fr.wikipedia.org/wiki/Arbre_binaire#Pwn
Write a C Interpreter
https://github.com/lotabout/write-a-C-interpreter/tree/master/tutorial/en#Pwn
Compilers: Principles, Techniques, and Tools
https://www.amazon.com/Compilers-Principles-Techniques-Tools-2nd/dp/0321486811#Pwn
Bell Labs - Wikipedia FR
https://fr.wikipedia.org/wiki/Laboratoires_Bell#Pwn
Docker Update Container on Code Change
https://stackoverflow.com/questions/63279765/docker-how-to-update-your-container-when-your-code-changes#Pwn
Unreal Engine C++ Quick Start
https://docs.unrealengine.com/5.3/en-US/unreal-engine-cpp-quick-start/#Pwn
C23: A Slightly Better C
https://lemire.me/blog/2024/01/21/c23-a-slightly-better-c/#Pwn
LVGL Monthly Newsletter
https://blog.lvgl.io/2024-01-23/monthly-newsletter#Pwn
You Probably Don't Need to Learn C
https://nedbatchelder.com/blog/202401/you_probably_dont_need_to_learn_c.html#Pwn
Lord of the Ring0 Part 1
https://idov31.github.io/2022/07/14/lord-of-the-ring0-p1.html#Pwn
How do use-after-free exploits work? - bin 0x16
https://www.youtube.com/watch?v=ZHghwsTRyzQ#Pwn
The Heap: How does malloc() work? - bin 0x14
https://www.youtube.com/watch?v=HPDBOhiKaD8#Pwn
Optimize Python - Lightender Blog
https://blog.lightender.fr/articles/optimizePython#Pwn
Tweet - Franc0Fernand0
https://twitter.com/Franc0Fernand0/status/1803763733224698124?t=jWrnAc4mmcdBJiMGPeljvQ&s=19#Pwn
BROP - README.md
https://github.com/nushosilayer8/pwn/blob/master/brop/README.md#Pwn
Null Byte Poisoning - 0x00sec
https://0x00sec.org/t/null-byte-poisoning-the-magic-byte/3874#Pwn
Signal Oriented Programming - Development
https://devel0pment.de/?p=688#Pwn
The Heap: How do use-after-free exploits work? - bin 0x16
https://www.youtube.com/watch?v=ZHghwsTRyzQ#Pwn
Introduction to the Heap - Ir0nstone
https://ir0nstone.gitbook.io/notes/types/heap/introduction-to-the-heap#Pwn
Heap-Based Buffer Overflow
https://www.0x0ff.info/2014/heap-based-buffer-overflow/#Pwn
Linux Heap Exploitation - Sensepost
https://sensepost.com/blog/2018/linux-heap-exploitation-intro-series-set-you-free-part-1/#Pwn
Signal Oriented Programming - Development
https://devel0pment.de/?p=688#Pwn
Return-Oriented Programming (ROP) - InfoSecFrench
https://www.youtube.com/watch?v=Do1Ri8TCF0Q#Pwn
Linux Heap Exploitation
https://courseupload.com/linux-heap-exploitation-200321/#Pwn
PicoCTF 2019 Heap Challenges
https://faraz.faith/2019-10-12-picoctf-2019-heap-challs/#Pwn
Signal-Oriented Programming - Stormshield
https://thisissecurity.stormshield.com/2015/01/03/playing-with-signals-an-overview-on-sigreturn-oriented-programming/#Pwn
Mehdi Talbi - Stormshield
https://thisissecurity.stormshield.com/author/mehditalbi/#Pwn
SROP - README.md
https://github.com/nushosilayer8/pwn/blob/master/srop/README.md#Pwn
Awesome Browser Exploit
https://github.com/Escapingbug/awesome-browser-exploit#Pwn
Binary Exploitation - Welchbj
https://github.com/welchbj/ctf/blob/master/docs/binary-exploitation.md#Pwn
Linux/Unix Privilege Escalation - HackTricks
https://book.hacktricks.xyz/linux-unix/privilege-escalation/seccomp#Pwn
Day 0 - zlkidda
https://medium.com/@zlkidda/day-0-quest-for-my-first-zero-day-writing-my-shell-code-847f493b71d0#Pwn
Getting into Browser Exploitation
https://liveoverflow.com/getting-into-browser-exploitation-new-series-introduction-browser-0x00/#Pwn
Shellcoding Cheatsheet - Sec4Us
https://sec4us.com.br/cheatsheet/shellcoding#Pwn
PBCTF 2021 Nightclub Writeup
https://www.willsroot.io/2021/10/pbctf-2021-nightclub-writeup-more-fun.html#Pwn
FILE Structure Exploitation - Perfect Blue Blog
https://blog.perfect.blue/FILE-Structure-Exploitation/#Pwn
Browser Exploitation - Connor McGarr
https://connormcgarr.github.io/browser1/#Pwn
HackSys Extreme Vulnerable Driver - GitHub
https://github.com/hacksysteam/HackSysExtremeVulnerableDriver#Pwn
Buffer Overflow Guide - Alomancy
https://alomancy.gitbook.io/guides/guides/bof#Pwn
Complete Guide to Stack Buffer Overflow - Steflan Security
https://steflan-security.com/complete-guide-to-stack-buffer-overflow-oscp/#Pwn
Stefano Lanaro - Steflan Security
https://steflan-security.com/author/stefano-lanaro96/#Pwn
Heap Exploitation Video - Tenor
https://media.tenor.co/videos/52d59aa7bbbb13d7e964f0267c618fb8/mp4#Pwn
Satellite Bus Writeup - Solar-Wine
https://github.com/solar-wine/writeups/blob/master/Satellite%20Bus/Sun%3F%20On%20my%20Sat%3F%20Again%3F/writeup.md#Pwn
Browser Exploitation Video
https://www.youtube.com/watch?v=kyq4V3UtA5w#Pwn
Browser Exploitation Channel - InfoSec
https://www.youtube.com/channel/UC7iUQz7WRKyJFn6p51tJwfQ#Pwn
Understanding GLIBC Malloc - SploitFun
https://sploitfun.wordpress.com/2015/02/10/understanding-glibc-malloc/#Pwn
Safe Linking - Checkpoint Research
https://research.checkpoint.com/2020/safe-linking-eliminating-a-20-year-old-malloc-exploit-primitive/#Pwn
Safe Linking Mitigation - Research Innovations
https://www.researchinnovations.com/post/bypassing-the-upcoming-safe-linking-mitigation#Pwn
Tweet - Podalirius
https://twitter.com/podalirius_/status/1433367842582405122#Pwn
Null Pointer Bypass - cr0 Blog
https://blog.cr0.org/2009/06/bypassing-linux-null-pointer.html#Pwn
NES Console Writing - Copetti
https://www.copetti.org/writings/consoles/nes/#Pwn
Dropping SUID Rights in Shellcodes - Podalirius
https://podalirius.net/fr/articles/unix-shells-dropping-suid-rights-in-shellcodes/#Pwn
Writing Your First Shellcode - Zeste de Savoir
https://zestedesavoir.com/articles/158/ecrivez-votre-premier-shellcode-en-asm-x86/#Pwn
Linux Kernel ROP Part 1 - Trustwave
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/linux-kernel-rop-ropping-your-way-to-part-1/#Pwn
Linux Kernel ROP Part 2 - Trustwave
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/linux-kernel-rop-ropping-your-way-to-part-2/#Pwn
SMEP Bypass Techniques - Vitaly Nikolenko
https://fr.slideshare.net/VitalyNikolenko/linux-smep-bypass-techniques#Pwn
SMEP/KASLR Bypass - Blackbunny
https://web.archive.org/web/20171029060939/http://www.blackbunny.io/linux-kernel-x86-64-bypass-smep-kaslr-kptr_restric/#Pwn
Sécurité matérielle et systèmes
https://www.amazon.fr/S%C3%A9curit%C3%A9-mat%C3%A9rielle-syst%C3%A8mes-Vuln%C3%A9rabilit%C3%A9-dexploitation/dp/210079096X#Pwn
Double Free Attacks - Sensepost
https://sensepost.com/blog/2017/linux-heap-exploitation-intro-series-riding-free-on-the-heap-double-free-attacks/#Pwn
Hardened Flag Store - Bruce30262
https://bruce30262.github.io/hxp-CTF-2017-hardened-flag-store/#Pwn
Linux/Unix Privilege Escalation - HackTricks
https://book.hacktricks.xyz/linux-unix/privilege-escalation/seccomp#Pwn
Day 0 - zlkidda
https://medium.com/@zlkidda/day-0-quest-for-my-first-zero-day-writing-my-shell-code-847f493b71d0#Pwn
ROPing on Aarch64 - Perfect Blue Blog
https://blog.perfect.blue/ROPing-on-Aarch64#Pwn
FILE Structure Exploitation - Dhaval Kapil
https://dhavalkapil.com/blogs/FILE-Structure-Exploitation/#Pwn
Tweet - CyberWarship
https://twitter.com/CyberWarship/status/1455545245513527298/photo/1#Pwn
FILE Structure Exploitation - Perfect Blue Blog
https://blog.perfect.blue/FILE-Structure-Exploitation/#Pwn
Browser Exploitation - Connor McGarr
https://connormcgarr.github.io/browser1/#Pwn
HackSys Extreme Vulnerable Driver - GitHub
https://github.com/hacksysteam/HackSysExtremeVulnerableDriver#Pwn
Buffer Overflow Guide - Alomancy
https://alomancy.gitbook.io/guides/guides/bof#Pwn
Complete Guide to Stack Buffer Overflow - Steflan Security
https://steflan-security.com/complete-guide-to-stack-buffer-overflow-oscp/#Pwn
Stefano Lanaro - Steflan Security
https://steflan-security.com/author/stefano-lanaro96/#Pwn
Heap Exploitation Video - Tenor
https://media.tenor.co/videos/52d59aa7bbbb13d7e964f0267c618fb8/mp4#Pwn
Satellite Bus Writeup - Solar-Wine
https://github.com/solar-wine/writeups/blob/master/Satellite%20Bus/Sun%3F%20On%20my%20Sat%3F%20Again%3F/writeup.md#Pwn
Browser Exploitation Video
https://www.youtube.com/watch?v=kyq4V3UtA5w#Pwn
Browser Exploitation Channel - InfoSec
https://www.youtube.com/channel/UC7iUQz7WRKyJFn6p51tJwfQ#Pwn
Understanding GLIBC Malloc - SploitFun
https://sploitfun.wordpress.com/2015/02/10/understanding-glibc-malloc/#Pwn
Safe Linking - Checkpoint Research
https://research.checkpoint.com/2020/safe-linking-eliminating-a-20-year-old-malloc-exploit-primitive/#Pwn
Safe Linking Mitigation - Research Innovations
https://www.researchinnovations.com/post/bypassing-the-upcoming-safe-linking-mitigation#Pwn
Tweet - Podalirius
https://twitter.com/podalirius_/status/1433367842582405122#Pwn
Null Pointer Bypass - cr0 Blog
https://blog.cr0.org/2009/06/bypassing-linux-null-pointer.html#Pwn
NES Console Writing - Copetti
https://www.copetti.org/writings/consoles/nes/#Pwn
Dropping SUID Rights in Shellcodes - Podalirius
https://podalirius.net/fr/articles/unix-shells-dropping-suid-rights-in-shellcodes/#Pwn
Writing Your First Shellcode - Zeste de Savoir
https://zestedesavoir.com/articles/158/ecrivez-votre-premier-shellcode-en-asm-x86/#Pwn
Linux Kernel ROP Part 1 - Trustwave
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/linux-kernel-rop-ropping-your-way-to-part-1/#Pwn
Linux Kernel ROP Part 2 - Trustwave
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/linux-kernel-rop-ropping-your-way-to-part-2/#Pwn
SMEP Bypass Techniques - Vitaly Nikolenko
https://fr.slideshare.net/VitalyNikolenko/linux-smep-bypass-techniques#Pwn
SMEP/KASLR Bypass - Blackbunny
https://web.archive.org/web/20171029060939/http://www.blackbunny.io/linux-kernel-x86-64-bypass-smep-kaslr-kptr_restric/#Pwn
Sécurité matérielle et systèmes
https://www.amazon.fr/S%C3%A9curit%C3%A9-mat%C3%A9rielle-syst%C3%A8mes-Vuln%C3%A9rabilit%C3%A9-dexploitation/dp/210079096X#Pwn
Double Free Attacks - Sensepost
https://sensepost.com/blog/2017/linux-heap-exploitation-intro-series-riding-free-on-the-heap-double-free-attacks/#Pwn
Hardened Flag Store - Bruce30262
https://bruce30262.github.io/hxp-CTF-2017-hardened-flag-store/#Pwn
Linux/Unix Privilege Escalation - HackTricks
https://book.hacktricks.xyz/linux-unix/privilege-escalation/seccomp#Pwn
Day 0 - zlkidda
https://medium.com/@zlkidda/day-0-quest-for-my-first-zero-day-writing-my-shell-code-847f493b71d0#Pwn
ROPing on Aarch64 - Perfect Blue Blog
https://blog.perfect.blue/ROPing-on-Aarch64#Pwn
FILE Structure Exploitation - Dhaval Kapil
https://dhavalkapil.com/blogs/FILE-Structure-Exploitation/#Pwn
Tweet - CyberWarship
https://twitter.com/CyberWarship/status/1455545245513527298/photo/1#Pwn
Linux Kernel Pwn Basics - MEM2019
https://mem2019.github.io/jekyll/update/2019/01/11/Linux-Kernel-Pwn-Basics.html#Pwn
Fastbin Attack - Guy in a Tuxedo
https://guyinatuxedo.github.io/28-fastbin_attack/explanation_fastbinAttack/index.html#Pwn
CCSC 2021 Writeups - Csotiriou
https://blog.csotiriou.com/post/ccsc-2021-writeups/#Pwn
Format String Attack - OWASP
https://owasp.org/www-community/attacks/Format_string_attack#Pwn
Day 0 Podcast
https://dayzerosec.com/podcast/ddr4-rowhammer-azure-bugs-essential-0days-and-backdoored-ida.html#Pwn
SLUB Overflow - Docfate111
https://docfate111.github.io/blog/securityresearch/2021/11/08/SLUBoverflow.html#Pwn
Exploiting DRAM Rowhammer Bug - Google Project Zero
https://googleprojectzero.blogspot.com/2015/03/exploiting-dram-rowhammer-bug-to-gain.html#Pwn
Attacking Co-hosted VM - Stormshield
https://thisissecurity.stormshield.com/2017/10/19/attacking-co-hosted-vm-hacker-hammer-two-memory-modules/#Pwn
Rampage Attack Explained - Cyber.tn
https://cyber.tn/rampage-attack-explained-exploiting-rowhammer-on-android-again/#Pwn
FCSC 2020 Writeups - GW3L
https://github.com/gw3l/FCSC-2020-Writeups/blob/master/HelloRootkitty.md#Pwn
Exploit Mitigations Disabled - red0xff
https://red0xff.github.io/posts/when_exploit_mitigations_are_disabled_on_modern_systems/#Pwn
Hello Rootkitty - Hug0 Vincent
https://hug0vincent.github.io/2020/05/hello-rootkitty/#Pwn
Rowhammer FFS DDR3 - Hammertux
https://github.com/hammertux/hammertux.github.io/blob/master/_posts/2021-02-19-rowhammer-ffs-ddr3.md#Pwn
BROP Attack - YT Liu
https://web.archive.org/web/20180228212208/https://ytliu.info/blog/2014/05/31/blind-return-oriented-programming-brop-attack-yi/#Pwn
TokyoWesterns CTF 2018 Write-Up - david942j
https://david942j.blogspot.com/2018/09/write-up-tokyowesterns-ctf-2018.html#Pwn
Linux Kernel Exploitation - xairy
https://github.com/xairy/linux-kernel-exploitation#Pwn
Null Pointer Dereference Exploitation - w3challs Blog
http://web.archive.org/web/20160404210408/http://blog.w3challs.com/index.php?post/2014/01/19/D%C3%A9r%C3%A9f%C3%A9rencement-de-pointeur-NULL-Exploitation-du-kernel-pour-les-nuls#Pwn
Azeria Labs Cheatsheet
https://azeria-labs.com/downloads/cheatsheetv1.1-1920x1080.png#Pwn
Windows Memory Corruption Exploits Part I - CyberArk
https://www.cyberark.com/resources/threat-research-blog/a-modern-exploration-of-windows-memory-corruption-exploits-part-i-stack-overflows#Pwn
Linux Kernel Pwn - Efiens Blog
https://blog.efiens.com/post/midas/linux-kernel-pwn-modprobe/#Pwn
Binary Function Analysis - Quarkslab
https://blog.quarkslab.com/weisfeiler-lehman-graph-kernel-for-binary-function-analysis.html#Pwn
UAF Mitigation and Bypass - Yumpu
https://www.yumpu.com/en/document/read/35526819/demott-uaf-migitation-and-bypass/64#Pwn
Browser Exploitation - Connor McGarr
https://connormcgarr.github.io/browser1/#Pwn
HackSys Extreme Vulnerable Driver - GitHub
https://github.com/hacksysteam/HackSysExtremeVulnerableDriver#Pwn
Buffer Overflow Guide - Alomancy
https://alomancy.gitbook.io/guides/guides/bof#Pwn
Complete Guide to Stack Buffer Overflow - Steflan Security
https://steflan-security.com/complete-guide-to-stack-buffer-overflow-oscp/#Pwn
BROP Attack - YT Liu
http://web.archive.org/web/20160504121503/http://ytliu.info/blog/2014/05/31/blind-return-oriented-programming-brop-attack-yi/#Pwn
Linux Insides Theory - 0xAX
https://0xax.gitbooks.io/linux-insides/content/Theory/linux-theory-1.html#Pwn
GDB Debugging Guide - anvbis
https://gist.github.com/anvbis/64907e4f90974c4bdd930baeb705dedf#Pwn
Source Engine RCE - Secret Club
https://secret.club/2021/05/13/source-engine-rce-join.html#Pwn
Linux Insides Theory - 0xAX
https://0xax.gitbooks.io/linux-insides/content/Theory/linux-theory-1.html#Pwn
Linux Initialization - 0xAX
https://github.com/0xAX/linux-insides/blob/master/Initialization/linux-initialization-1.md#Pwn
TempleOfPwn Exploit - GitHub
https://github.com/LMS57/TempleOfPwn/blob/main/fsop/exploit.py#Pwn
Format Strings GOT Overwrite - Ret2ROP Blog
https://ret2rop.blogspot.com/2018/10/format-strings-got-overwrite-remote.html?m=1#Pwn
Exploitation Stack Buffer Overflow - Zenika Blog
https://blog.zenika.com/2021/02/22/exploitation-stack-buffer-overflow-blind-return-oriented-programming/amp/#Pwn
Web Security Articles - GitHub
https://github.com/zongdeiqianxing/WebSecurityArticles/blob/e2f5e3db5cc28ed1c0232a0ef3352246e75540a0/xz.aliyun.com/xianzhi-all.20200905.md#Pwn
Google CTF Pwn CFI - GitHub
https://github.com/google/google-ctf/blob/master/2017/quals/2017-pwn-cfi/challenge/exploit.py#Pwn
Memory Corruption Without Corruption - GitHub Blog
https://github.blog/2022-07-27-corrupting-memory-without-memory-corruption/#Pwn
SLUB Refresher - Paolo Monti
https://github.com/PaoloMonti42/salt/blob/master/docs/0x00_SLUB_refresher.md#Pwn
Heap Overflow Study - Samsung KSPP
https://samsung.github.io/kspp-study/heap-ovfl.html#Pwn
Braindead Buffer Overflow Guide - Boschko
https://boschko.ca/braindead-buffer-overflow-guide-to-pass-the-oscp-blindfolded/#Pwn
Linux Kernel Exploitation CTF - 0x434b
https://0x434b.dev/dabbling-with-linux-kernel-exploitation-ctf-challenges-to-learn#Pwn
FCSC 2022 Writeup - Voydstack
https://github.com/voydstack/FCSC2022/blob/main/pwn/formatage/README.md#Pwn
Learning Browser Exploitation - Bruce30262
https://bruce30262.github.io/Learning-browser-exploitation-via-33C3-CTF-feuerfuchs-challenge/#Pwn
Linux Source Scripts - Elixir
https://elixir.bootlin.com/linux/latest/source/scripts#Pwn
Linux Kernel Blog - Guillaume Gomez
https://blog.guillaume-gomez.fr/Linux-kernel/1/1#Pwn
StarCTF OOB V8 - Faraz Faiz
https://faraz.faith/2019-12-13-starctf-oob-v8-indepth/#Pwn
LiveOverflow Browser Exploitation
https://liveoverflow.com/topic/browser-exploitation/#Pwn
Format String Notes - ir0nstone
https://github.com/ir0nstone/pwn-notes/blob/master/types/stack/format-string.md#Pwn
Exploit 101 Format Strings - Axcheron
https://axcheron.github.io/exploit-101-format-strings/#Pwn
House of Corrosion - CptGibbon
https://github.com/CptGibbon/House-of-Corrosion#Pwn
Return to VDSO - Void Security
https://www.voidsecurity.in/2014/12/return-to-vdso-using-elf-auxiliary.html#Pwn
Windows Kernel Exploitation - VulnDev
https://vulndev.io/2022/09/24/windows-kernel-exploitation-arbitrary-memory-mapping-x64/#Pwn
Firefox OOB to RCE - VulnDev
https://vulndev.io/2022/09/09/browser-exploitation-firefox-oob-to-rce/#Pwn
HEVD Use After Free - VulnDev
https://vulndev.io/2022/07/14/windows-kernel-exploitation-hevd-x64-use-after-free/#Pwn
CS6265 Tutorial - Georgia Tech
https://tc.gts3.org/cs6265/2019/tut/tut01-warmup1.html#Pwn
GCTF2021 eBPF - MEM2019
https://mem2019.github.io/jekyll/update/2021/07/19/GCTF2021-eBPF.html#Pwn
Chrome Browser Exploitation - Jhalon
https://jhalon.github.io/chrome-browser-exploitation-1/#Pwn
Integer Overflow Attack - Comparitech
https://www.comparitech.com/blog/information-security/integer-overflow-attack/#Pwn
InverseCos Tweet
https://twitter.com/inversecos/status/1597469492065447941?t=f878mW5pOOvxHppudNt0Sw&s=19#Pwn
Exploiting C++ VTables - Defuse.ca
https://defuse.ca/exploiting-cpp-vtables.htm#Pwn
Apocalypse CTF Writeup - Dplastico
https://dplastico.github.io/2022/05/25/Apocalypse_ctf.html#Pwn
Stack Alignment Ubuntu 18.04 - Cameron Wickes
https://www.cameronwickes.co.uk/stack-alignment-ubuntu-18-04-movaps/#Pwn
Playing with PCI Device Memory - NixHacker
https://nixhacker.com/playing-with-pci-device-memory/#Pwn
Exploiting Off-by-One Buffer Overflow - NixHacker
https://nixhacker.com/exploiting-off-by-one-buffer-overflow/#Pwn
Heap Exploit Intro - TyeYeah
https://tyeyeah.github.io/2021/05/12/2021-05-12-Heap-Exploit-Intro/#Pwn
Linux Kernel Building Exploit Preparation - TyeYeah
https://tyeyeah.github.io/2021/04/20/2021-04-20-Linux-Kernel-Building-Exploit-Preparation/#Pwn
Heap Exploitation in Real World - hac425xxx
https://github.com/hac425xxx/heap-exploitation-in-real-world#Pwn
Gadget Sequence for x86_64 ROP - Void Security
https://www.voidsecurity.in/2013/07/some-gadget-sequence-for-x8664-rop.html#Pwn
ElephantSeal Tweet
https://twitter.com/ElephantSe4l/status/1616986509801930752?t=IPuFavgJxQMNWIwYnhS89g&s=19#Pwn
Exploit Development Playlist - YouTube
https://www.youtube.com/playlist?list=PL1-BhNrIYWnm3HK-8PBL-qhHwWjI-mjb8#Pwn
HEVD Stackoverflow SMEP Bypass - H0mbre
https://h0mbre.github.io/HEVD_Stackoverflow_SMEP_Bypass_64bit/#Pwn
Kernel Exploit Practice - pr0cf5
https://github.com/pr0cf5/kernel-exploit-practice/blob/master/return-to-user/README.md#Pwn
Safe Linking - Check Point Research
https://research.checkpoint.com/2020/safe-linking-eliminating-a-20-year-old-malloc-exploit-primitive/#Pwn
Exploiting DNS Bug - Check Point Research
https://research.checkpoint.com/2020/resolving-your-way-into-domain-admin:-exploiting-a-17-year-old-bug-in-windows-dns-servers/#Pwn
Exploiting SIGRed - DataFarm Cybersecurity
https://datafarm-cybersecurity.medium.com/exploiting-sigred-cve-2020-1350-on-windows-server-2012-2016-2019-80dd88594228#Pwn
Linux Kernel Modprobe - Lkmidas
https://lkmidas.github.io/posts/20210223-linux-kernel-pwn-modprobe/#Pwn
Exploitation Series - Blahcat
https://blahcat.github.io/pages/exploitation-series.html#Pwn
ARM Exploitation Guide - AD2001
https://ad2001.gitbook.io/a-noobs-guide-to-arm-exploitation/#Pwn
Abusing Exceptions Part 2 - Bill Demirkapi
https://billdemirkapi.me/abusing-exceptions-for-code-execution-part-2/#Pwn
Exploit Development Playlist - YouTube
https://www.youtube.com/playlist?list=PL1-BhNrIYWnm3HK-8PBL-qhHwWjI-mjb8#Pwn
ROP Tricks - T00sh
https://github.com/t00sh/tosh-codes/blob/master/_posts/2013-08-26-rop-tricks-1.md#Pwn
Exploitation Series - Blahcat
https://blahcat.github.io/pages/exploitation-series.html#Pwn
OpenSSH Pre-Auth Double Free - JFrog
https://jfrog.com/blog/openssh-pre-auth-double-free-cve-2023-25136-writeup-and-proof-of-concept/#Pwn
Fastbin Attack - Guy in a Tuxedo
https://guyinatuxedo.github.io/28-fastbin_attack/explanation_fastbinAttack/index.html#Pwn
Fastbin Attack Tutorial - 0x00sec
https://0x00sec.org/t/heap-exploitation-fastbin-attack/3627#Pwn
Linux Kernel Modprobe - Lkmidas
https://lkmidas.github.io/posts/20210223-linux-kernel-pwn-modprobe/#Pwn
ROP Bypass NX ASLR PIE Canary - IronHackers
https://ironhackers.es/en/tutoriales/pwn-rop-bypass-nx-aslr-pie-y-canary/#Pwn
Memory Protections Guide - MDanilor
https://mdanilor.github.io/posts/memory-protections/#Pwn
Nintendo DSi Browser Hack - Farlow
https://farlow.dev/2023/03/02/hacking-the-nintendo-dsi-browser#Pwn
ARM IoT Exploit Lab - Ringzer0
https://www.ringzer0.training/archive/2022-august/arm-iot-exploitlab.html#Pwn
HackSecureIMS - Lexterl33t
https://github.com/Lexterl33t/hacksecureims/blob/main/README.md#Pwn
One Shellcode to Rule Them All - Shane Wilton
https://www.slideshare.net/ShaneWilton/one-shellcode-to-rule-them-all#Pwn
QEMU iPod Touch - Part 2
https://devos50.github.io/blog/2022/ipod-touch-qemu-pt2/#Pwn
Glibc Heap Exploitation Basics
http://blog.k3170makan.com/2018/12/glibc-heap-exploitation-basics.html#Pwn
Allocated vs Fastbin
https://3.bp.blogspot.com/-qj4RLjVNHLA/XBDCMEeZaVI/AAAAAAAAGK8/oOU_3VxXPOMYlSw8JU7QAmrxZWiHzXvpQCLcBGAs/s1600/allocatedVsFastbin.png#Pwn
Ret2ASLR - Google Security Research
https://github.com/google/security-research/tree/master/pocs/cpus/ret2aslr#Pwn
Windows 10 NT Heap Exploitation - AngelBoy
https://www.slideshare.net/AngelBoy1/windows-10-nt-heap-exploitation-english-version#Pwn
Linux Kernel Exploit Development - Breaking Bits
https://breaking-bits.gitbook.io/breaking-bits/exploit-development/linux-kernel-exploit-development#Pwn
Chrome Browser Exploitation - Jhalon
https://jhalon.github.io/chrome-browser-exploitation-1/#Pwn
Managing Inputs for Payload Injection - StackExchange
https://reverseengineering.stackexchange.com/questions/13928/managing-inputs-for-payload-injection#Pwn
Pwn Adventure 3 - Jaiminton
https://www.jaiminton.com/Game-Hacking/Pwn-Adventure-3#Pwn
Null Dereferences Exploitation - Google Project Zero
https://googleprojectzero.blogspot.com/2023/01/exploiting-null-dereferences-in-linux.html#Pwn
Attacking JS Engines - Side Channel Blog
https://www.sidechannel.blog/en/attacking-js-engines/#Pwn
K-Type Confusion Exploit - Medium
https://wafzsucks.medium.com/how-a-simple-k-typeconfusion-took-me-3-months-long-to-create-a-exploit-f643c94d445f#Pwn
Chrome Browser Exploitation - Jhalon
https://jhalon.github.io/chrome-browser-exploitation-1/#Pwn
Re-enabling FSOP on Libc 2.35 - Mymaqn
https://github.com/Mymaqn/reenabling_fsop_on_libc2_35#Pwn
Android Kernel Exploitation - CloudFuzz
https://cloudfuzz.github.io/android-kernel-exploitation/chapters/environment-setup.html#Pwn
Glibc Heap Exploitation Techniques - 0x434b
https://0x434b.dev/overview-of-glibc-heap-exploitation-techniques/#Pwn
GTIRB Stack Stamp - GrammaTech
https://github.com/GrammaTech/gtirb-stack-stamp#Pwn
Apple Safari CopyWithin Exploit - ZDI
https://www.zerodayinitiative.com/blog/2023/10/17/cve-2023-38600-story-of-an-innocent-apple-safari-copywithin-gone-way-outside#Pwn
OpenSecurityTraining Vulns1001
https://p.ost2.fyi/courses/course-v1:OpenSecurityTraining2+Vulns1001_C-family+2023_v1/about#Pwn
Babel ACE Vulnerability - Steak Enthusiast
https://steakenthusiast.github.io/2023/10/11/CVE-2023-45133-Finding-an-Arbitrary-Code-Execution-Vulnerability-In-Babel/#Pwn
Windows Kernel Wild Copy Exploit - Theori
https://blog.theori.io/exploiting-windows-kernel-wild-copy-with-user-fault-handling-cve-2023-28218-89f5189d0926#Pwn
Edge Sandbox Escape - EdgeVR
https://microsoftedge.github.io/edgevr/posts/Escaping-the-sandbox-A-bug-that-speaks-for-itself/#Pwn
0CTF-TCTF 2023 Writeup - Chovid99
https://chovid99.github.io/posts/0ctf-tctf-2023/#Pwn
CSGO Attack Surface - Synacktiv
https://www.synacktiv.com/en/publications/exploring-counter-strike-global-offensive-attack-surface#Pwn
Libc GOT Chain - ThisUsernameIsTaken
https://github.com/thisusernameistaken/LibcGOTchain#Pwn
RWCTF Writeup - HackCyom
https://www.hackcyom.com/2024/01/rwctf-lets-party-in-the-house-wu/#Pwn
Awesome Browser Exploit - EscapingBug
https://github.com/Escapingbug/awesome-browser-exploit/blob/master/README.md#Pwn
CTF 2019 OOB V8 Challenge - Ir0nstone
https://ir0nstone.gitbook.io/notes/types/browser-exploitation/ctf-2019-oob-v8/the-challenge#Pwn
StarCTF OOB V8 Writeup - Faraz
https://faraz.faith/2019-12-13-starctf-oob-v8-indepth/#Pwn
Simple Bugs Complex Exploits - Elttam
https://www.elttam.com/blog/simple-bugs-with-complex-exploits/#Pwn
Operation Triangulation - Securelist
https://securelist.com/operation-triangulation-the-last-hardware-mystery/111669/#Pwn
Triangulation Validators - Securelist
https://securelist.com/triangulation-validators-modules/110847/#Pwn
Operation Triangulation Overview - Securelist
https://securelist.com/operation-triangulation/109842/#Pwn
TriangleDB Implant - Securelist
https://securelist.com/triangledb-triangulation-implant/110050/#Pwn
Google VRP Bug Report
https://bughunters.google.com/reports/vrp/38FmYpr1h#Pwn
Heap Management Gist - Theldus
https://gist.github.com/Theldus/4e1efc07ec13fb84fa10c2f3d054dccd#Pwn
Halfempty Tool - Google Project Zero
https://github.com/googleprojectzero/halfempty#Pwn
TP-Link Buffer Overflow - Boschko
https://boschko.ca/tp-link-tddp-bof/amp/#Pwn
Pixel 8 Kernel Code Execution - Github Blog
https://github.blog/2024-03-18-gaining-kernel-code-execution-on-an-mte-enabled-pixel-8/#Pwn
Trail of Bits Twitter
https://twitter.com/trailofbits/status/1773704923479232886?t=5QcN9OLGu96Kxw9ZxHe3aw&s=19#Pwn
American Conquest Exploit - Synacktiv
https://www.synacktiv.com/publications/exploiting-american-conquest#Pwn
Fuzzing XML and JSON - GNUCitizen
https://www.gnucitizen.org/blog/fuzzing-xml-and-json-pt-1/#Pwn
Heap Diagram - Cloudburst
https://raw.githubusercontent.com/cloudburst/libheap/master/heap.png#Pwn
Intro to V8 Exploitation - Matteo Malvica
https://www.matteomalvica.com/blog/2024/06/05/intro-v8-exploitation-maglev/#Pwn
Fortigate RCE with CVE-2024-21762 - AssetNote
https://www.assetnote.io/resources/research/two-bytes-is-plenty-fortigate-rce-with-cve-2024-21762#Pwn
dhondta - gist 1
https://gist.github.com/dhondta/d2151c82dcd9a610a7380df1c6a0272c#Stegano
dhondta - gist 2
https://gist.github.com/dhondta/feaf4f5fb3ed8d1eb7515abe8cde4880#Stegano
dhondta - gist 3
https://gist.github.com/dhondta/30abb35bb8ee86109d17437b11a1477a#Stegano
How to Convert/Decode a Slow Scan Television (SSTV) Audio File to Images using QSSTV in Ubuntu 18.04
https://ourcodeworld.com/articles/read/956/how-to-convert-decode-a-slow-scan-television-transmissions-sstv-audio-file-to-images-using-qsstv-in-ubuntu-18-04#Stegano
Hiding Messages in x86 Binaries Using Semantic Duals
https://blog.yossarian.net/2020/08/16/Hiding-messages-in-x86-binaries-using-semantic-duals#Stegano
Plainsight Enciphering Demo
https://www.jamieweb.net/blog/plainsight-enciphering-demo/#Stegano
dhondta/python-tinyscript
https://github.com/dhondta/python-tinyscript#Stegano
Hiding Information by Changing an Image's Height
https://blog.cyberhacktics.com/hiding-information-by-changing-an-images-height/#Stegano
dhondta - gist 4
https://gist.github.com/dhondta/90a07d9d106775b0cd29bb51ffe15954#Stegano
Les Images PNG : Comment ça marche ? Comment corriger manuellement les erreurs ?
https://elsicarius.fr/les-images-png-comment-ca-marche-comment-corriger-manuellement-les-erreurs#Stegano
ElSicarius - S3cur3_tr4a4xx_adm1n_acc0unt
https://elsicarius.fr/author/s3cur3_tr4a4xx_adm1n_acc0unt#Stegano
Chaîne YouTube nanobyte
https://www.youtube.com/channel/UCSPIuWADJIMIf9Erf--XAsA/videos#Ring0
DEF CON 29 - Guillaume Fournier, Sylvain Afchain, Sylvain Baubeau
https://www.youtube.com/watch?v=5zixNDolLrg#Ring0
[Linux Kernel Exploitation] NULL pointer dereference bypass smep / ...
https://www.youtube.com/watch?v=Rx3sRn5garA#Ring0
WTF is ACPI ? - LSE Week 2012
https://www.youtube.com/watch?v=iHuo-y1gFAs#Ring0
Breaking the x86 Instruction Set
https://www.youtube.com/watch?v=KrksBdWcZgQ#Ring0
Write your own Operating System
https://www.youtube.com/channel/UCQdZltW7bh1ta-_nCH7LWYw/featured#Ring0
Conférence @Elf - de Kernel Module à eBPF
https://www.youtube.com/watch?v=FTdrqxf4loE#Ring0
How Do Linux Kernel Drivers Work? - Learning Resource
https://www.youtube.com/watch?v=juGNPLdjLH4#Ring0
Making an OS (x86)
https://www.youtube.com/playlist?list=PLm3B56ql_akNcvH8vvJRYOc7TbYhRs19M#Ring0
OffensiveCon20 - Alexander Popov - Exploiting a Linux Kernel Vulnerability
https://www.youtube.com/watch?v=J6xIohyARSU#Ring0
Temple Of PWN 13 - Kernel Exploitation
https://www.youtube.com/watch?v=dZgvLbuJiQ4#Ring0
Race Conditions and Time of Check to Time of Use TOCTTOU Vulnerabilities
https://www.youtube.com/watch?v=PH73lpG2B1M#Ring0
Hacking - Rootkit Development 09 - Hooking SysCall Read
https://www.youtube.com/watch?v=_BSZKj_rF5A#Ring0
Hacking - Rootkit Development 01
https://www.youtube.com/watch?v=8dZFJEc-8uI#Ring0
Virtual Memory: 3 What is Virtual Memory?
https://www.youtube.com/watch?v=qlH4-oHnBb8#Ring0
Create Your Own Kernel In C++
https://www.codeproject.com/Articles/1225196/Create-Your-Own-Kernel-In-C-2#Ring0
Linux Insides - Booting
https://0xax.gitbooks.io/linux-insides/content/Booting/linux-bootstrap-1.html#Ring0
Modules Kernel Linux - Kali Linux
https://www.kali-linux.fr/hacking/modules-kernel-linux#Ring0
8086 BIOS and DOS Interrupts
http://www.ablmcc.edu.hk/~scy/CIT/8086_bios_and_dos_interrupts.htm#Ring0
CTF Writeups - Kernel
https://ctftime.org/writeups?tags=kernel&hidden-tags=kernel#Ring0
Linux Kernel Exploitation by xairy
https://github.com/xairy/linux-kernel-exploitation#Ring0
A Guide to Kernel Exploitation - l34n
https://github.com/l34n/CySecBooks/blob/master/A%20Guide%20to%20Kernel%20Exploitation%20Attacking%20the%20Core.pdf#Ring0
Le Monde du Kernel - Hackndo
https://beta.hackndo.com/le-monde-du-kernel/#Ring0
Les Failles Kernel - Hackndo
https://beta.hackndo.com/les-failles-kernel/#Ring0
Exploit Database - Linux Kernel
https://www.exploit-db.com/exploits/45045#Ring0
Linux Kernel Pwn Part 1 - lkmidas
https://lkmidas.github.io/posts/20210123-linux-kernel-pwn-part-1/#Ring0
Understanding the Linux Kernel - wogh8732
https://wogh8732.tistory.com/323#Ring0
Introduction to Kernel - Kern Emporium
https://kernemporium.github.io/kernel/intro/#Ring0
Null Pointer Dereference - bases-hacking.org
https://bases-hacking.org/null-pointer-dereference.html#Ring0
Kernel Play Guide - NSKernel
https://nskernel.gitbook.io/kernel-play-guide/#Ring0
TutoOS - A. Michelizza
http://a.michelizza.free.fr/pmwiki.php?n=TutoOS.TutoOS#Ring0
Kernel 101 - Arjun Sreedharan
https://arjunsreedharan.org/post/82710718100/kernel-101-lets-write-a-kernel#Ring0
Learning KVM - David942j
https://david942j.blogspot.com/2018/10/note-learning-kvm-implement-your-own.html#Ring0
Introduction to eBPF - Zenika Blog
https://blog.zenika.com/2019/07/15/decouverte-ebpf/#Ring0
Anatomy of a BzImage - LWN.net
https://lwn.net/Articles/717293/#Ring0
Kernel ROP - hxp CTF 2020 Writeup
https://hxp.io/blog/81/hxp-CTF-2020-kernel-rop/#Ring0
Windows Kernel Exploitation - m101
https://m101.github.io/binholic/2018/04/28/windows-kernel-exploitation-token.html#Ring0
Lord of the Ring0 - Idov31
https://idov31.github.io/2022-07-14-lord-of-the-ring0-p1/#Ring0
Linux Kernel Hacking - Yardenshafir
https://github.com/yardenshafir/IoRingReadWritePrimitive#Ring0
MiniOS Kernel - 0xMirasio
https://github.com/0xMirasio/kernel-MiniOS#Ring0
Linux Kernel - Xcellerator
https://xcellerator.github.io/categories/linux/#Ring0
Linux Kernel Hacking - Xcellerator
https://github.com/xcellerator/linux_kernel_hacking#Ring0
Linux Kernel Defence Map - a13xp0p0v
https://github.com/a13xp0p0v/linux-kernel-defence-map#Ring0
Conférence @TheLaluka - Pentest Web 101
https://www.youtube.com/watch?v=gPsm_Iz_yak#Web
It's a PHP Unserialization Vulnerability Jim, but Not as We Know It
https://www.youtube.com/watch?v=OrEar0TiS90#Web
Hacking Modern Desktop apps with XSS and RCE Workshop
https://www.youtube.com/watch?v=xILfQGkLXQo#Web
#HITB2017AMS D2T1 - Everybody Wants SOME: Advance Same Origin Methods
https://www.youtube.com/watch?v=OvarkOxxdic#Web
Backslash Powered Scanning: Hunting Unknown Vulnerability Classes
https://www.youtube.com/watch?v=apOLZ67TZd0#Web
Club EH RM 05 - Intro to JSON Web Token Exploitation
https://www.youtube.com/watch?v=d7wmUz57Nlg#Web
Sql injection in SOAP API (API testing )
https://www.youtube.com/watch?v=UINLbiq19NQ#Web
Présentation - Modèle de classification XSS
https://www.youtube.com/watch?v=a0KUWOfXC_I#Web
Les bonnes pratiques OAuth2/OIDC conjuguées au présent, passé simple et futur
https://www.youtube.com/watch?v=PhQJKKrV5i0#Web
Advanced PHP Deserialization - Phar Files
https://www.youtube.com/watch?v=fHZKSCMWqF4#Web
Burpsuite tricks - xanhacks
https://www.youtube.com/watch?v=1Ae94tigBiM#Web
Edge Side Include Injection: Abusing Caching Servers into SSRF and Local File Inclusion
https://www.youtube.com/watch?v=6t50uRAxFT8#Web
Two Bugs To Rule Them All: Taking Over The PHP Supply Chain by Thomas Orlita
https://www.youtube.com/watch?v=RLcK0kRGpjw#Web
Olivier Arteau -- Prototype pollution attacks in NodeJS applications
https://www.youtube.com/watch?v=LUsiFV3dsK8#Web
Intro to PHP Deserialization / Object Injection
https://www.youtube.com/watch?v=HaW15aMzBUM#Web
PHP Type Juggling - Why === is Important - Sponsored Content
https://www.youtube.com/watch?v=idC5SAsKhlE#Web
Hack A Blazor WASM App (At Your Own Risk)
https://www.youtube.com/watch?v=Xx1eMlscXrQ#Web
Relative Path Overwrite XSS - Baptiste Moine
https://www.youtube.com/watch?v=Ama6jrsjRlM#Web
HackTheBox "Business CTF" - discordvm - Node.js Sandbox Escape
https://www.youtube.com/watch?v=pzh6--wIp24#Web
Hacking ELECTRON: JavaScript Desktop Applications w/ 7aSecurity
https://www.youtube.com/watch?v=P8QvSjL8F9w#Web
Creating Custom Nuclei Templates and Workflows
https://www.youtube.com/watch?v=bHXkQjtBOLo#Web
XSS Filter Bypass | Escape Quotes | Part 9
https://www.youtube.com/watch?v=DOLb_hNOpXk#Web
OAUTH 2.1 expliqué simplement (même si tu n'es pas dev) ! (Julien Tasso)
https://www.youtube.com/watch?v=YdShQveywpo#Web
Explorez différents thèmes de sécurité web sur Hackitude
https://www.hackitude.in/labs-web-security-academy-th%C3%A8mes#Web
Préparation pour l'Offensive Security Web Expert (AWAE)
https://z-r0crypt.github.io/blog/2020/01/22/oswe/awae-preparation/#Web
Tool for HTTP/2 cleartext (h2c) smuggling
https://github.com/BishopFox/h2csmuggler#Web
Google assists in the detection of malware on Brave.com
https://arstechnica.com/gadgets/2021/07/with-help-from-google-impersonated-brave-com-website-pushes-malware/#Web
Twitter post discussing a security topic by Podalirius
https://twitter.com/podalirius_/status/1420072160450785280#Web
Interactive labs to learn web security on PortSwigger
https://portswigger.net/web-security/all-labs#Web
Gist repository with security-related content by terjanq
https://gist.github.com/terjanq/458d8ec1148e96f7ccbdccfd908c56f6#Web
Writeups from FCSC 2021 related to web security challenges
https://github.com/dspiricate/writeups/tree/main/FCSC/2021/web/Shared%20notes#Web
Exploration of polyglot files in hacking scenarios
https://medium.com/swlh/polyglot-files-a-hackers-best-friend-850bf812dd8a#Web
Overview of classic and blind NoSQL injection techniques
https://www.dailysecurity.fr/nosql-injections-classique-blind/#Web
Checklist for web penetration testing from Pentestbook
https://pentestbook.six2dez.com/others/web-checklist#Web
Article in French discussing the benefits of Next.js
https://practicalprogramming.fr/pourquoi-next-js#Web
Tool to evaluate Content Security Policy headers
https://csp-evaluator.withgoogle.com/#Web
Another Twitter post discussing a security topic by Podalirius
https://twitter.com/podalirius_/status/1447455234071146497#Web
Articles related to cybersecurity and web topics on 0xHorizon
https://0xhorizon.eu/articles/#Web
Research on HTTP request smuggling
https://github.com/mattiasgrenfeldt/bachelors-thesis-http-request-smuggling/#Web
SlideShare presentation on HTTP response splitting
https://fr.slideshare.net/h4xorhead/http-response-splitting-39437258#Web
OWASP guide on HTTP response splitting attacks
https://owasp.org/www-community/attacks/HTTP_Response_Splitting#Web
Exploit for bypassing PHP escapeshellarg and escapeshellcmd
https://github.com/kacperszurek/exploits/blob/master/GitList/exploit-bypass-php-escapeshellarg-escapeshellcmd.md#Web
Tool for generating payloads for Python deserialization attacks
https://github.com/j0lt-github/python-deserialization-attack-payload-generator#Web
Blog post detailing a PHP-FPM local root exploit
https://www.ambionics.io/blog/php-fpm-local-root#Web
Article on finding and exploiting JavaScript prototype pollution vulnerabilities
https://infosecwriteups.com/javascript-prototype-pollution-practice-of-finding-and-exploitation-f97284333b2#Web
Information on conducting HTTP response splitting attacks
https://resources.infosecinstitute.com/topic/http-response-splitting-attack/#Web
Explanation and mitigation techniques for CSWSH attacks
https://infosecwriteups.com/cross-site-websocket-hijacking-cswsh-ce2a6b0747fc#Web
Techniques for exploiting PHP deserialization vulnerabilities
https://medium.com/swlh/exploiting-php-deserialization-56d71f03282a#Web
Information about the PHP serialization format
https://en.wikipedia.org/wiki/PHP_serialization_format#Web
Collection of wordlists for web applications
https://github.com/p0dalirius/webapp-wordlists#Web
Blog post detailing a remote code execution vulnerability in Joomla
https://blog.hacktivesecurity.com/index.php/2019/10/03/rusty-joomla-rce/#Web
Article on reflected XSS vulnerabilities
https://0xhorizon.eu/fr/articles/xss-reflected/#Web
Tool for bypassing IP source restrictions
https://github.com/p0dalirius/ipsourcebypass#Web
Exploration of PHP stream wrappers and filters
https://blog.eleven-labs.com/fr/php-stream-wrappers-filters/#Web
Exploit for CVE-2018-16509 affecting Ghostscript in PIL
https://github.com/farisv/PIL-RCE-Ghostscript-CVE-2018-16509#Web
Articles and insights on cybersecurity from Vaadata
https://www.vaadata.com/blog/fr/#Web
Twitter post discussing a security topic by Podalirius
https://twitter.com/podalirius_/status/1488921781637365771#Web
Tool for generating Content Security Policy (CSP) headers
https://github.com/Ruulian/CSPass#Web
GitHub issue discussing React framework
https://github.com/facebook/react/issues/3473#Web
Firefox add-on for viewing and editing web API definitions
https://addons.mozilla.org/fr/firefox/addon/wizdler/#Web
Articles and tips on enhancing Burp Suite functionality
https://blog.yeswehack.com/category/yeswerhackers/pimpmyburp/#Web
Cheat sheets for various web application security topics from OWASP
https://cheatsheetseries.owasp.org/index.html#Web
Techniques for data theft using CSS attacks on web applications
https://sekurak.pl/wykradanie-danych-w-swietnym-stylu-czyli-jak-wykorzystac-css-y-do-atakow-na-webaplikacje/#Web
Document on a web security topic on HackMD
https://hackmd.io/@Chivato/HyWsJ31dI#Web
Research on new cross-site scripting (XSS) attack vectors
https://portswigger.net/research/new-xss-vectors#Web
Exploration of Symfony secret fragment vulnerabilities
https://www.ambionics.io/blog/symfony-secret-fragment#Web
Research on exploiting Symfony vulnerabilities with EOS
https://www.synacktiv.com/en/publications/looting-symfony-with-eos.html#Web
Cheat sheet for web penetration testing
https://cheatsheet.haax.fr/web-pentest/#Web
Exploiting PHP sessions for local file inclusion (LFI) to remote code execution (RCE)
https://www.rcesecurity.com/2017/08/from-lfi-to-rce-via-php-sessions/#Web
Technique for finding unique values in JavaScript arrays
https://levelup.gitconnected.com/how-to-find-unique-values-by-property-in-an-array-of-objects-in-javascript-50ca23db8ccc#Web
Tool for testing HTTP response splitting vulnerabilities
https://github.com/Nefcore/CRLFsuite#Web
Tool for automating exploitation of deserialization vulnerabilities
https://github.com/wh1t3p1g/ysomap#Web
Tool for exploiting XXE (XML External Entity) vulnerabilities
https://github.com/enjoiz/XXEinjector#Web
Guide on SSRF vulnerabilities and exploitation
https://book.hacktricks.xyz/pentesting-web/ssrf-server-side-request-forgery#Web
Tool for exploiting SSRF via Gopher protocol
https://github.com/tarunkant/Gopherus#Web
Comprehensive guide and resources for bug bounty hunting
https://github.com/daffainfo/AllAboutBugBounty#Web
Guide and resources for bug bounty programs
https://github.com/Anlominus/Bug-Bounty#Web
Twitter post discussing a security topic by MeAsHacker_HNA
https://twitter.com/MeAsHacker_HNA/status/1538862575617814528#Web
Another Twitter post discussing a security topic by Podalirius
https://twitter.com/podalirius_/status/1554132093608804354#Web
Python shell script for Node.js security testing
https://github.com/ajinabraham/Node.Js-Security-Course/blob/master/nodejsshell.py#Web
Article on HTTP response splitting vulnerabilities
https://0xhorizon.eu/fr/articles/http-response-splitting/#Web
Simplified explanation of bit-shifting blind SQL injection
http://blog.k3170makan.com/2012/01/bit-shifting-blind-injection-simplified.html#Web
Walkthrough of Damn Vulnerable Web Application
https://sharpforce.gitbook.io/cybersecurity/walkthroughs/damn-vulnerable-web-application/damn-vulnerable-web-application-dvwa#Web
Exploiting LFI to RCE via PHP filters
https://book.hacktricks.xyz/pentesting-web/file-inclusion/lfi2rce-via-php-filters#Web
Resources and tools for ElectronJS security testing
https://github.com/doyensec/awesome-electronjs-hacking#Web
Discussion on parameter tampering and RCE in Node.js applications
https://blog.shoebpatel.com/2021/01/23/The-Secret-Parameter-LFR-and-Potential-RCE-in-NodeJS-Apps/#Web
Cheat sheet for Node.js red team operations
https://github.com/aadityapurani/NodeJS-Red-Team-Cheat-Sheet#Web
Challenges and techniques for sandboxing Node.js applications
https://pwnisher.gitlab.io/nodejs/sandbox/2019/02/21/sandboxing-nodejs-is-hard.html#Web
Notes on exploiting PHP object injection vulnerabilities
https://gist.github.com/jcreedcmu/4f6e6d4a649405a9c86bb076905696af?permalink_comment_id=3846798#Web
Introduction to prototype pollution vulnerabilities
https://shieldfy.io/security-wiki/prototype-pollution/introduction-to-prototype-pollution/#Web
Article on DOM clobbering vulnerabilities
https://medium.com/@shilpybanerjee/dom-clobbering-its-clobbering-time-f8dd5c8fbc4b#Web
Blog post from Twitter on Twitter Silhouette
https://blog.twitter.com/engineering/en_us/topics/insights/2018/twitter_silhouette#Web
Exploration of cross-site leaks vulnerabilities
https://www.appsecmonkey.com/blog/xs-leaks#Web
Exploiting insecure deserialization vulnerabilities
https://vickieli.dev/insecure%20deserialization/pop-chains/#Web
Exploration of PHP unserialize function and vulnerabilities
https://medium.com/swlh/diving-into-unserialize-3586c1ec97e#Web
Tool for JWT token manipulation
https://github.com/rishuranjanofficial/JWTweak#Web
Tool for JWT token analysis and manipulation
https://github.com/TRIKKSS/JWTSWISSKNIFE#Web
Exploiting path truncation vulnerabilities
https://www.dailysecurity.fr/les-path-truncations/#Web
Tool for dumping Local File Inclusion (LFI) vulnerabilities
https://github.com/p0dalirius/LFIDump#Web
Blog post discussing the Gopherus tool
https://spyclub.tech/2018/08/14/2018-08-14-blog-on-gopherus/#Web
Common vulnerabilities and exploitation in GraphQL
https://the-bilal-rizwan.medium.com/graphql-common-vulnerabilities-how-to-exploit-them-464f9fdce696#Web
Guide on exploiting GraphQL endpoints for bug bounty
https://blog.yeswehack.com/yeswerhackers/how-exploit-graphql-endpoint-bug-bounty/#Web
Cheat sheet for GraphQL vulnerabilities
https://0xn3va.gitbook.io/cheat-sheets/web-application/graphql-vulnerabilities#Web
Tool for mining parameters from web applications
https://github.com/PortSwigger/param-miner#Web
Exploiting PHP object injection vulnerabilities
https://snoopysecurity.github.io/web-application-security/2021/01/08/02_php_object_injection_exploitation-notes.html#Web
Techniques for exploiting PHP unserialize for RCE
https://notsosecure.com/remote-code-execution-php-unserialize#Web
Exploiting memory corruption bugs in JavaScript
https://www.bleepingcomputer.com/news/security/invisible-characters-could-be-hiding-backdoors-in-your-javascript-code/#Web
Twitter post discussing a security topic by Bughunter
https://twitter.com/_bughunter/status/1577622994897215488?t=3PEK40bh0MBAVIMHl-OaaQ&s=19#Web
Twitter post discussing a security topic by Intigriti
https://twitter.com/intigriti/status/1582334895405531137?s=46&t=cTpgYzx6oqBSszNo0uvpDQ#Web
Tool for generating PHP filter chains
https://github.com/synacktiv/php_filter_chain_generator#Web
Cheat sheet for server-side request forgery (SSRF)
https://0xn3va.gitbook.io/cheat-sheets/web-application/server-side-request-forgery#Web
Twitter post discussing a security topic by Vercel
https://twitter.com/vercel/status/1584964835984703491?t=BfM8iyBIAYaCLsvHuCdRhQ&s=19#Web
Research on using backslash for scanning and vulnerability hunting
https://portswigger.net/research/backslash-powered-scanning-hunting-unknown-vulnerability-classes#Web
Experience in creating Nuclei templates for security testing
https://www.andysvints.com/nuclei-templates-creation-my-experience/#Web
Overview of hacker tools like Nuclei for security testing
https://blog.intigriti.com/2021/05/10/hacker-tools-nuclei/#Web
Burp Suite extension for security testing
https://portswigger.net/bappstore/526f5564b7414bfe978e650d8ea6567b#Web
Tool for bypassing security controls in web applications
https://github.com/teambi0s/dfunc-bypasser#Web
Techniques for bypassing PHP disable_functions with Chankro
https://0xdf.gitlab.io/2019/08/02/bypassing-php-disable_functions-with-chankro.html#Web
Tool for reconnaissance and intelligence gathering
https://github.com/yogeshojha/rengine#Web
Checklist for API security testing
https://gitlab.com/pentest-tools/API-Security-Checklist#Web
Techniques for time-based data exfiltration
https://securitycafe.ro/2017/02/28/time-based-data-exfiltration/#Web
Advanced usage tricks for FFUF tool
https://www.acceis.fr/ffuf-advanced-tricks/#Web
Information on cross-site leaks and vulnerabilities
https://xsleaks.dev/#Web
Addon for security testing and exploitation
https://addons.mozilla.org/fr/firefox/addon/pwnfox/#Web
Resource hub for web security enthusiasts
https://websec.fr/#Web
Using Android emulator for API security testing
https://zerodayhacker.com/using-an-android-emulator-for-api-hacking/#Web
Exploration of URIs and their security implications
https://elsicarius.fr/les-uri-vous-connaissez#Web
Automation techniques for blind SQL injection over WebSocket
https://rayhan0x01.github.io/ctf/2021/04/02/blind-sqli-over-websocket-automation.html#Web
Techniques for bypassing CAPTCHAs using Python
https://cloudsek.com/how-to-bypass-captchas-easily-using-python-and-other-methods/#Web
Framework for building Node.js web applications
https://github.com/adonisjs/core#Web
Tool for parsing and interacting with Swagger APIs
https://gitlab.com/onemask/swaggerparser#Web
Exploiting blind XXE (XML External Entity) vulnerabilities
https://portswigger.net/web-security/xxe/blind#Web
Interactive exploration tool for GraphQL schemas
https://ivangoncharov.github.io/graphql-voyager/#Web
Interactive GraphQL IDE and testing tool
https://github.com/graphql/graphql-playground#Web
Tricks and techniques for PHP security testing
https://devansh.xyz/ctfs/2021/09/11/php-tricks.html#Web
Writeup and exploitation techniques for BUUCTF web challenges
https://exp10it.cn/2022/11/buuctf-web-writeup-8/#Web
Tool for editing and visualizing GraphQL schemas
https://graphqleditor.com/fr/#Web
Fuzzing techniques for XSS via nested parsers
https://swarm.ptsecurity.com/fuzzing-for-xss-via-nested-parsers-condition/#Web
Issue discussion on GitHub regarding PHP
https://github.com/php/php-src/issues/10469#Web
CVE-2022-35914 exploitation in GLPI using HTMLawed
https://mayfly277.github.io/posts/GLPI-htmlawed-CVE-2022-35914/#Web
Slides on MXSS (Mutation XSS) vulnerability CVE-2020-26870
https://slides.com/kevin-mizu/mxss-cve-2020-26870#Web
Slides on HTML sanitization techniques
https://slides.com/kevin-mizu/html-sanitizer#Web
Tool for bypassing URL parsers
https://github.com/laluka/bypass-url-parser#Web
Collection of source code and resources
https://www.sourcecodester.com/#Web
Exploitation of UUID for compromising accounts
https://www.xmco.fr/veille-vulnerabilites-fr/exploitation-uuid-compromission-compte/#Web
Tool for exploiting vulnerabilities in GLPI
https://github.com/Feals-404/GLPIAnarchy#Web
Research on hidden HTTP request smuggling attack vectors
https://github.com/PortSwigger/http-request-smuggler#Web
Research on hidden OAuth attack vectors
https://portswigger.net/research/hidden-oauth-attack-vectors#Web
Write-ups and explanations for OWASP Application Security Verification Standard
https://owasp-skf.gitbook.io/asvs-write-ups/#Web
Detection and exploitation techniques for server-side prototype pollution
https://blog.yeswehack.com/talent-development/server-side-prototype-pollution-how-to-detect-and-exploit/#Web
Explanation and examples of server-side prototype pollution vulnerabilities
https://portswigger.net/web-security/prototype-pollution/server-side#Web
Article on cache poisoning affecting Akamai edge nodes
https://medium.com/@jacopotediosi/worldwide-server-side-cache-poisoning-on-all-akamai-edge-nodes-50k-bounty-earned-f97d80f3922b#Web
Addon for interacting with SOAP web services
https://addons.mozilla.org/en-US/firefox/addon/wizdler/#Web
Twitter post discussing server-side cache poisoning
https://twitter.com/kevin_mizu/status/1628665943797669890?s=46&t=1ohrl4OjJp9gO0lreTvpgA#Web
Blog post discussing cross-site smallish scripting
https://www.trustedsec.com/blog/cross-site-smallish-scripting-xsss/#Web
Tool for exploiting blind SSRF vulnerabilities
https://github.com/assetnote/blind-ssrf-chains#Web
Illustrated guide to OAuth 2.0 flows
https://darutk.medium.com/diagrams-and-movies-of-all-the-oauth-2-0-flows-194f3c3ade85#Web
Article on insecurities in SAML
https://joonas.fi/2021/08/saml-is-insecure-by-design/#Web
Write-up of Hack The Box machine "Oouch"
https://0xdf.gitlab.io/2020/08/01/htb-oouch.html#Web
Study resources for the Burp Suite Certified Practitioner exam
https://github.com/botesjuan/Burp-Suite-Certified-Practitioner-Exam-Study#Web
Collection of vulnerable code snippets for educational purposes
https://github.com/yeswehack/vulnerable-code-snippets#Web
Tool for finding potential prototype pollution vulnerabilities
https://github.com/yeswehack/pp-finder#Web
Collection of security challenges
https://github.com/Blaklis/my-challenges#Web
Guide for pentesters on GraphQL security testing
https://www.acceis.fr/graphql-for-pentesters/#Web
Tool for analyzing data flow and dependencies
https://github.com/usdAG/FlowMate#Web
Compilation of top web hacking techniques for 2023
https://portswigger.net/polls/top-10-web-hacking-techniques-2023#Web
Explanation of HATEOAS (Hypermedia as the Engine of Application State)
https://en.wikipedia.org/wiki/HATEOAS#Web
Guide on hacking HTMX applications
https://infosecwriteups.com/hacking-htmx-applications-f8d29665faf#Web
Collection of awesome Web Application Firewalls (WAFs)
https://github.com/0xInfection/Awesome-WAF#Web
Tool for crawling domains and scanning for endpoints, secrets, and more
https://github.com/edoardottt/cariddi#Web
Techniques for bypassing Jinja2 template injection filters
https://0day.work/jinja2-template-injection-filter-bypasses/#Web
Guide for testing for mass assignment vulnerabilities
https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/07-Input_Validation_Testing/20-Testing_for_Mass_Assignment#Web
Research on PRSSI vulnerabilities
https://portswigger.net/research/detecting-and-exploiting-path-relative-stylesheet-import-prssi-vulnerabilities#Web
Analysis of Grafana vulnerability CVE-2021-43798
https://vulncheck.com/blog/grafana-cve-2021-43798#Web
Tool for reflective cross-site scripting (RXSS) testing
https://github.com/elkokc/reflector#Web
Plugin for adding webshell functionality to WordPress
https://github.com/p0dalirius/Wordpress-webshell-plugin#Web
Description non disponible
https://www.youtube.com/watch?v=CHk2XzFKwNc#Red-team
Description non disponible
https://www.youtube.com/watch?v=3TOiqGMCAOg#Red-team
Description non disponible
https://www.youtube.com/watch?v=jMKtlS9H_TQ#Red-team
Description non disponible
https://www.youtube.com/watch?v=CKfjLnEMfvI#Red-team
Description non disponible
https://www.youtube.com/watch?v=Ns-PvO6xUOI#Red-team
Description non disponible
https://www.youtube.com/watch?v=UuhEzY4d6KM#Red-team
Description non disponible
https://www.youtube.com/watch?v=_TEnBLt2JF4#Red-team
Description non disponible
https://www.youtube.com/watch?v=-iSMrYZbbgo#Red-team
Description non disponible
https://www.youtube.com/watch?v=bv53rYl34og#Red-team
Description non disponible
https://www.youtube.com/watch?v=TfG9lBYCOq8&start=690#Red-team
Description non disponible
https://www.youtube.com/watch?v=TwLLL8Ain24#Red-team
Description non disponible
https://www.youtube.com/watch?v=VWQY5R2A6X8#Red-team
Description non disponible
https://www.youtube.com/watch?v=IiMladUbL6E#Red-team
Description non disponible
https://www.youtube.com/watch?v=69xsb_TeazA#Red-team
Description non disponible
https://www.youtube.com/watch?v=XAvAVKXXC_8#Red-team
Description non disponible
https://www.youtube.com/watch?v=StSLxFbVz0M#Red-team
Description non disponible
https://www.youtube.com/@user-lf7lp1el9j/featured#Red-team
Description non disponible
https://www.youtube.com/watch?v=qIbrozlf2wM#Red-team
Description non disponible
https://www.youtube.com/watch?v=UAkC-brF6iQ#Red-team
Description non disponible
https://www.youtube.com/watch?v=2UruLKYwyEc#Red-team
Description non disponible
https://www.youtube.com/watch?v=IbA7Ung39o4#Red-team
Description non disponible
https://www.youtube.com/watch?v=0Z3VadqyFiM#Red-team
Description non disponible
https://youtube.com/playlist?list=PLXooO-eTihBuvLEEP304PULUf4VIUsBy8&si=MNOL0ng7AgOZz7mO#Red-team
Description non disponible
https://www.youtube.com/watch?v=cBgqgZUiU5I#Red-team
Description non disponible
https://www.youtube.com/watch?v=l8nkXCOYQC4#Red-team
Description non disponible
https://www.youtube.com/watch?v=edIMUcxCueA#Red-team
Description non disponible
https://www.youtube.com/watch?v=ME7IGHPcSKw#Red-team
Description non disponible
https://www.youtube.com/live/xcDp6SAwC2s?si=V7rfWr0RUW0xh8kf#Red-team
Description non disponible
https://www.youtube.com/watch?v=4jRFocEEX2M#Red-team
Description non disponible
https://www.youtube.com/@gemini_security/featured#Red-team
Description non disponible
https://www.youtube.com/watch?v=Ni1RqTwPiIQ#Red-team
Description non disponible
https://www.youtube.com/watch?v=z8GIjk0rfbI#Red-team
Description non disponible
https://www.youtube.com/watch?v=TGzMR9GfnIs#Red-team
Description non disponible
https://www.youtube.com/watch?v=IPFpyulNcRQ#Red-team
Description non disponible
https://www.youtube.com/watch?v=d9pvNlZ9GGQ#Red-team
GitHub repository for PackMyPayload tool.
https://github.com/mgeeky/PackMyPayload#Red-team
GitHub repository for Cobalt Strike Aggressor Scripts Collection.
https://github.com/bytecod3r/Cobaltstrike-Aggressor-Scripts-Collection#Red-team
Article on Witchetty steganography espionage.
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/witchetty-steganography-espionage#Red-team
Article on Browser in the Browser Phishing Attack.
https://mrd0x.com/browser-in-the-browser-phishing-attack/#Red-team
GitHub repository for ProtectMyTooling tool by mgeeky.
https://github.com/mgeeky/ProtectMyTooling#Red-team
GitHub repository for SigThief tool by secretsquirrel.
https://github.com/secretsquirrel/SigThief#Red-team
GitHub repository for LazySign tool by jfmaes.
https://github.com/jfmaes/LazySign#Red-team
GitHub repository for ATP PowerShell Scripts by Mr-Un1k0d3r.
https://github.com/Mr-Un1k0d3r/ATP-PowerShell-Scripts#Red-team
GitHub repository for DarkLoadLibrary tool by bats3c.
https://github.com/bats3c/DarkLoadLibrary#Red-team
GitHub repository for c_syscalls tool by janoglezcampos.
https://github.com/janoglezcampos/c_syscalls#Red-team
GitHub repository for ScareCrow tool by Optiv.
https://github.com/optiv/ScareCrow#Red-team
Article on hiding Cobalt Strike traffic.
https://www.tarlogic.com/blog/hidding-cobalt-strike-traffic/#Red-team
GitHub repository for RedWarden tool by mgeeky.
https://github.com/mgeeky/RedWarden#Red-team
GitHub repository for VXUG Papers by vxunderground.
https://github.com/vxunderground/VXUG-Papers/#Red-team
Slides on Malware Development for Dummies.
https://github.com/chvancooten/maldev-for-dummies/blob/main/Slides/Malware%20Development%20for%20Dummies%20-%20Hack%20in%20Paris%2030-06-2022%20%26%2001-07-2022.pdf#Red-team
GitHub repository for maldev-for-dummies by chvancooten.
https://github.com/chvancooten/maldev-for-dummies#Red-team
GitHub repository for NimPackt-v1 tool by chvancooten.
https://github.com/chvancooten/NimPackt-v1#Red-team
GitHub repository for OffensiveNim tool by byt3bl33d3r.
https://github.com/byt3bl33d3r/OffensiveNim#Red-team
GitHub repository for OffensiveCSharp tool by matterpreter.
https://github.com/matterpreter/OffensiveCSharp#Red-team
Article on bypassing AV DLL side loading.
https://www.flangvik.com/2019/07/24/Bypassing-AV-DLL-Side-Loading.html#Red-team
Article on blinding EDR on Windows.
https://synzack.github.io/Blinding-EDR-On-Windows/#Red-team
Article on creating an EDR and bypassing it - Part 1.
https://ethicalchaos.dev/2020/05/27/lets-create-an-edr-and-bypass-it-part-1/#Red-team
Author page for Ceri Coburn on Ethical Chaos.
https://ethicalchaos.dev/author/ceri-coburn/#Red-team
GitHub repository for ObfLoader tool by D1rkMtr.
https://github.com/D1rkMtr/ObfLoader#Red-team
Article on malware development on Inf0sec.
https://inf0sec.fr/article-19.php#Red-team
Article on malware development on Inf0sec.
https://inf0sec.fr/article-20.php#Red-team
GitHub repository for CS Situational Awareness BOF tool by trustedsec.
https://github.com/trustedsec/CS-Situational-Awareness-BOF#Red-team
Article on evading EDR with ScareCrow.
https://adamsvoboda.net/evading-edr-with-scarecrow/#Red-team
Article on EDR bypass methods.
https://s3cur3th1ssh1t.github.io/A-tale-of-EDR-bypass-methods/#Red-team
Red Actor article on Malware Development Detection.
https://red-actor.notion.site/Malware-Development-Detection-414b4670df1c4a07bf6321540573bcca#Red-team
GitHub repository for ObfLoader tool by D1rkMtr.
https://github.com/D1rkMtr/ObfLoader#Red-team
Tweet by OtterHacker on Twitter.
https://twitter.com/OtterHacker/status/1578412886346502145#Red-team
Tweet by Kleiton0x7e on Twitter.
https://twitter.com/kleiton0x7e/status/1578017869866016769#Red-team
Article on malware development part 1.
https://0xpat.github.io/Malware_development_part_1/#Red-team
GitHub repository for Windows Signed Binary by Mr-Un1k0d3r.
https://github.com/Mr-Un1k0d3r/Windows-SignedBinary#Red-team
Article on Microsoft Teams Webhooks.
https://learn.microsoft.com/en-us/microsoftteams/platform/webhooks-and-connectors/how-to/add-incoming-webhook#Red-team
GitHub repository for AtomPePacker tool by ORCx41.
https://github.com/ORCx41/AtomPePacker#Red-team
Tweet by Alh4zr3d on Twitter.
https://twitter.com/Alh4zr3d/status/1582007737847644165?t=qMOzxLzuRBQM27s59DHM_A&s=19#Red-team
Article on recreating an ISO payload for fun.
https://blog.sunggwanchoi.com/recreating-an-iso-payload-for-fun-and-no-profit/amp/#Red-team
Article on hiding API call strings with ordinals.
https://rioasmara.com/2020/11/15/hide-api-call-strings-with-ordinals/#Red-team
Article on malware development part 2.
https://0xpat.github.io/Malware_development_part_2/#Red-team
Article on Tor fronting utilizing hidden services.
https://www.vincentyiu.com/red-team/domain-fronting/tor-fronting-utilising-hidden-services-to-hide-attack-infrastructure#Red-team
GitHub repository for Tor fronting profile by mdsecresearch.
https://github.com/mdsecresearch/Publications/blob/master/tools/redteam/malleable/tor-fronting.profile#Red-team
Article sur le contournement des supervisions des EDR.
https://connect.ed-diamond.com/misc/misc-118/techniques-de-contournement-de-la-supervision-des-edr#Red-team
Article on kernel tracing injection detection.
https://blog.redbluepurple.io/windows-security-research/kernel-tracing-injection-detection#Red-team
GitHub repository for DripLoader tool by xuanxuan0.
https://github.com/xuanxuan0/DripLoader#Red-team
Article on removing kernel callbacks using signed drivers.
https://br-sn.github.io/Removing-Kernel-Callbacks-Using-Signed-Drivers/#Red-team
Article sur le tour d'horizon des mécanismes de supervision des EDR.
https://connect.ed-diamond.com/misc/misc-116/tour-d-horizon-des-mecanismes-de-supervision-des-edr#Red-team
Article on Windows callbacks.
http://blog.deniable.org/posts/windows-callbacks/#Red-team
GitHub repository for Dumpert tool by outflanknl.
https://github.com/outflanknl/Dumpert#Red-team
Article on BYOVKD.
https://public.cnotools.studio/bring-your-own-vulnerable-kernel-driver-byovkd/exploits/data-only-attack-neutralizing-etwti-provider#Red-team
GitHub repository for EtwExplorer tool by zodiacon.
https://github.com/zodiacon/EtwExplorer#Red-team
GitHub repository for SilkETW tool by mandiant.
https://github.com/mandiant/SilkETW#Red-team
Article on domain fronting.
https://www.orangecyberdefense.com/fr/insights/blog/ethical-hacking/focus-sur-le-domain-fronting#Red-team
GitHub repository for Payload Download Cradles tool by VirtualAlllocEx.
https://github.com/VirtualAlllocEx/Payload-Download-Cradles#Red-team
Article on Maldev: Cloning & Signing.
https://captmeelo.com/redteam/maldev/2022/11/07/cloning-signing.html#Red-team
GitHub repository for SharpCompile tool by SpiderLabs.
https://github.com/SpiderLabs/SharpCompile#Red-team
GitHub repository for NoPowerShell tool by bitsadmin.
https://github.com/bitsadmin/nopowershell#Red-team
Article on NSO Zero-Click by Google Project Zero.
https://googleprojectzero.blogspot.com/2021/12/a-deep-dive-into-nso-zero-click.html#Red-team
Tweet by 0xor0ne on Twitter.
https://twitter.com/0xor0ne/status/1590317045073465344?t=RuemA-Zoo3KqolHb5KfdYQ&s=19#Red-team
GitHub repository for Spoofing Gate tool by timwhitez.
https://github.com/timwhitez/Spoofing-Gate#Red-team
GitHub repository for RecycledGate tool by thefLink.
https://github.com/thefLink/RecycledGate#Red-team
GitHub repository for SysWhispers2 tool by jthuraisamy.
https://github.com/jthuraisamy/SysWhispers2#Red-team
Article on PNG steganography by Avast Decoded.
https://decoded.avast.io/martinchlumecky/png-steganography/#Red-team
Article on staged vs stageless handlers.
https://buffered.io/posts/staged-vs-stageless-handlers/#Red-team
GitHub repository for CobaltStrikeBypassDefender tool by Processus-Thief.
https://github.com/Processus-Thief/CobaltStrikeBypassDefender#Red-team
GitHub repository for SharpGmailC2 tool by reveng007.
https://github.com/reveng007/SharpGmailC2#Red-team
GitHub repository for CarbonCopy tool by paranoidninja.
https://github.com/paranoidninja/CarbonCopy#Red-team
GitHub repository for Offensive Snippets by 0xAbdullah.
https://github.com/0xAbdullah/Offensive-Snippets#Red-team
GitHub repository for PortBender tool by praetorian-inc.
https://github.com/praetorian-inc/PortBender#Red-team
GitHub repository for Presentations by Octoberfest7.
https://github.com/Octoberfest7/Presentations#Red-team
GitHub repository for BeastArsenal tool by CZashi.
https://github.com/CZashi/BeastArsenal#Red-team
Article on Fantastic Rootkits Part 1 by CyberArk.
https://www.cyberark.com/resources/threat-research-blog/fantastic-rootkits-and-where-to-find-them-part-1#Red-team
GitHub repository for cThreadHijack tool by connormcgarr.
https://github.com/connormcgarr/cThreadHijack#Red-team
Article on leveraging Microsoft Teams for initial access.
https://posts.inthecyber.com/leveraging-microsoft-teams-for-initial-access-42beb07f12c4#Red-team
GitHub repository for Codecepticon tool by Accenture.
https://github.com/Accenture/Codecepticon#Red-team
Article on OPSEC by XORL.
https://xorl.wordpress.com/2020/03/29/everything-you-wanted-to-know-about-opsec-and-some-more/#Red-team
Article on malware development part 6.
https://0xpat.github.io/Malware_development_part_6/#Red-team
Archive of VySecurity Rocks.
https://web.archive.org/web/20210329173433/https://vysecurity.rocks/?#Red-team
GitHub repository for Sharperner tool by aniqfakhrul.
https://github.com/aniqfakhrul/Sharperner#Red-team
GitHub repository for DebugOff tool by 0xor0ne.
https://github.com/0xor0ne/debugoff#Red-team
Article on hiding Windows API calls part 1.
https://trikkss.github.io/posts/hiding_windows_api_calls_part1/#Red-team
Article on EDR observations.
https://www.signal-labs.com/blog/edr-observations#Red-team
Article on automating Red Team infrastructure with Terraform.
https://www.ired.team/offensive-security/red-team-infrastructure/automating-red-team-infrastructure-with-terraform#Red-team
GitHub repository for RedWarden tool by mgeeky.
https://github.com/mgeeky/RedWarden#Red-team
Tweet by DallasFR2 on Twitter.
https://twitter.com/DallasFR2/status/1610717054780280834?s=20&t=EVUO2DNQoMEcT0h5s9UhsA#Red-team
GitHub repository for UnhookingPatch tool by D1rkMtr.
https://github.com/D1rkMtr/UnhookingPatch#Red-team
GitHub repository for Offensive Tools by post-cyberlabs.
https://github.com/post-cyberlabs/Offensive_tools/tree/main/PostDump#Red-team
Phishing techniques and strategies.
https://tyeyeah.github.io/2022/08/06/2022-08-06-Go-Phishing/#Red-team
Methods for bypassing antivirus software.
https://tyeyeah.github.io/2021/08/02/2021-08-02-Bypass-Anti-Virus/#Red-team
Guide on creating phishing attacks from scratch.
https://www.opencyber.com/phishing-from-scratch/#Red-team
Exploring User APC in WOW64 architecture.
https://repnz.github.io/posts/apc/wow64-user-apc/#Red-team
GitHub repository for PwnAuth tool by mandiant.
https://github.com/mandiant/PwnAuth#Red-team
GitHub repository for Inline Execute PE tool by Octoberfest7.
https://github.com/Octoberfest7/Inline-Execute-PE#Red-team
Techniques for hiding malicious activities.
https://0xdarkvortex.dev/hiding-in-plainsight/#Red-team
GitHub repository for CRTO tool by h3ll0clar1c3.
https://github.com/h3ll0clar1c3/CRTO#Red-team
Article on security topics by inf0sec.
https://inf0sec.fr/article-21.php#Red-team
GitHub repository for Conti Pentester Guide Leak by ForbiddenProgrammer.
https://github.com/ForbiddenProgrammer/conti-pentester-guide-leak#Red-team
GitHub repository for OperatorsKit tool by REDMED-X.
https://github.com/REDMED-X/OperatorsKit#Red-team
GitHub repository for RedTeaming CheatSheet by 0xJs.
https://github.com/0xJs/RedTeaming_CheatSheet#Red-team
How to decrypt Manage Engine PMP passwords for fun and domain admin - a red teaming tale.
https://www.shielder.com/blog/2022/09/how-to-decrypt-manage-engine-pmp-passwords-for-fun-and-domain-admin-a-red-teaming-tale/#Red-team
Exploiting explorer context menu for persistence.
https://ristbs.github.io/2023/02/15/hijack-explorer-context-menu-for-persistence-and-fun.html#Red-team
Twitter post by n00py1.
https://twitter.com/n00py1/status/1626268178803302401?t=St6HqkL1NtWMBXhfxhbPvw&s=19#Red-team
Malware evasion techniques against antivirus.
https://cocomelonc.github.io/malware/2023/02/12/malware-av-evasion-11.html#Red-team
GitHub repository for Red Teamer by Christbowel.
https://github.com/Christbowel/Red-Teamer#Red-team
Sliver C2 leveraged by many threat actors.
https://www.cybereason.com/blog/sliver-c2-leveraged-by-many-threat-actors#Red-team
GitHub repository for NTDLL Gadget Injection by LloydLabs.
https://github.com/LloydLabs/ntqueueapcthreadex-ntdll-gadget-injection#Red-team
Bypassing Windows Defender techniques.
https://mrfey.fr/ARTICLES/Bypass_Defender#Red-team
Exploiting Keepass for DLL hijacking.
https://skr1x.github.io/keepass-dll-hijacking/#Red-team
Behind the mask: spoofing call stacks dynamically with timers.
https://www.cobaltstrike.com/blog/behind-the-mask-spoofing-call-stacks-dynamically-with-timers/#Red-team
Defining Cobalt Strike reflective loader.
https://securityintelligence.com/posts/defining-cobalt-strike-reflective-loader/#Red-team
Persistence techniques using context menu.
https://pentestlab.blog/2023/03/13/persistence-context-menu/#Red-team
Simplifying development of Universal Distributed Reflective Loader (UDRL).
https://www.cobaltstrike.com/blog/revisiting-the-udrl-part-1-simplifying-development/#Red-team
GitHub repository for OffensiveCpp by lsecqt.
https://github.com/lsecqt/OffensiveCpp#Red-team
GitHub repository for WinShellcode by DallasFR.
https://github.com/DallasFR/WinShellcode#Red-team
Direct syscalls: a journey from high to low.
https://redops.at/en/blog/direct-syscalls-a-journey-from-high-to-low#Red-team
Linking browser processes via LNK files.
https://www.mandiant.com/resources/blog/lnk-between-browsers#Red-team
Twitter post by RistBs.
https://twitter.com/RistBs/status/1654181601775874048#Red-team
Introducing ReSocks - a tool for SOCKS proxy redirection.
https://blog.redteam-pentesting.de/2023/introducing-resocks/#Red-team
Security risks associated with Google's .ZIP top-level domain.
https://medium.com/@bobbyrsec/the-dangers-of-googles-zip-tld-5e1e675e59a5#Red-team