Conference presentation slides

A faster, simpler way to drive browsers supporting the Chrome DevTools Protocol.

BucketLoot is an automated S3-compatible bucket inspector that can help users extract assets, flag secret exposures and even search for custom keywords as well as Regular Expressions from publicly-…

A suite for hunting suspicious targets, expose domains and phishing discovery

Our main goal is to share tips from some well-known bughunters. Using recon methodology, we are able to find subdomains, apis, and tokens that are already exploitable, so we can report them. We wis…

Heavily-modified fork of David Buchanan's dlinject project. Injects arbitrary assembly (or precompiled binary) payloads directly into x86-64, x86, and ARM32 Linux processes without the use of ptrac…

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

A python3 remake of the classic "tree" command with the additional feature of searching for user provided keywords/regex in files, highlighting those that contain matches.

Freeze is a payload toolkit for bypassing EDRs using suspended processes, direct syscalls, and alternative execution methods