Reposted by Wiloti
I'm happy to release a script gadgets wiki inspired by the work of @slekies, @kkotowicz, and @sirdarckcat in their Black Hat USA 2017 talk! 🔥
The goal is to provide quick access to gadgets that help bypass HTML sanitizers and CSPs 👇
gmsgadget.com
1/4
The goal is to provide quick access to gadgets that help bypass HTML sanitizers and CSPs 👇
gmsgadget.com
1/4
July 24, 2025 at 3:31 PM
I'm happy to release a script gadgets wiki inspired by the work of @slekies, @kkotowicz, and @sirdarckcat in their Black Hat USA 2017 talk! 🔥
The goal is to provide quick access to gadgets that help bypass HTML sanitizers and CSPs 👇
gmsgadget.com
1/4
The goal is to provide quick access to gadgets that help bypass HTML sanitizers and CSPs 👇
gmsgadget.com
1/4
Reposted by Wiloti
@mizu.re just launched a service to list XSS gadgets that bypass CSP or sanitizers. A good thing to keep in the arsenal - and a good thing to contribute on, if you have something to add!
gmsgadget.com
gmsgadget.com
GMSGadget
gmsgadget.com
July 24, 2025 at 11:00 PM
@mizu.re just launched a service to list XSS gadgets that bypass CSP or sanitizers. A good thing to keep in the arsenal - and a good thing to contribute on, if you have something to add!
gmsgadget.com
gmsgadget.com
Reposted by Wiloti
#hacking #bugbounty #cybersecurity Sharing is caring. 😃 Here is a writup of my first earned cve number, CVE-2025-0474 to be precise. A joint effort with @laluka.bsky.social and a totally cool story about a very interesting Server Side Request Forgery, with a twist. Cheers 😃🥳😃🥳😃
Hoy Hoy ! ⚔️
No partner for the Valentine's day? 😭
No trouble, get a shell instead! 🥰
thinkloveshare.com/offenskill/i...
Again, Gg @brank0x42.bsky.social for your first CVE! 🌹
No partner for the Valentine's day? 😭
No trouble, get a shell instead! 🥰
thinkloveshare.com/offenskill/i...
Again, Gg @brank0x42.bsky.social for your first CVE! 🌹
February 14, 2025 at 10:00 AM
#hacking #bugbounty #cybersecurity Sharing is caring. 😃 Here is a writup of my first earned cve number, CVE-2025-0474 to be precise. A joint effort with @laluka.bsky.social and a totally cool story about a very interesting Server Side Request Forgery, with a twist. Cheers 😃🥳😃🥳😃
Reposted by Wiloti
Few BloodHound python updates: LDAP channel binding is now supported with Kerberos auth (native) or with NTLM (custom ldap3 version). Furthermore, the BH CE collector now has its own pypi package and command. You can have both on the same system with pipx. github.com/dirkjanm/Blo...
GitHub - dirkjanm/BloodHound.py: A Python based ingestor for BloodHound
A Python based ingestor for BloodHound. Contribute to dirkjanm/BloodHound.py development by creating an account on GitHub.
github.com
January 2, 2025 at 4:41 PM
Few BloodHound python updates: LDAP channel binding is now supported with Kerberos auth (native) or with NTLM (custom ldap3 version). Furthermore, the BH CE collector now has its own pypi package and command. You can have both on the same system with pipx. github.com/dirkjanm/Blo...
Reposted by Wiloti
hear me out, pass the certificate auth on nxc 🔥
December 31, 2024 at 5:11 PM
hear me out, pass the certificate auth on nxc 🔥
Reposted by Wiloti
I've pushed some updates to Dom-Explorer:
- Allow multiple pipeline embed
- Short links for sharing/sync
- Support for DomPurify triggers
- User settings
Give it a try and share your findings!
yeswehack.github.io/Dom-Explorer
- Allow multiple pipeline embed
- Short links for sharing/sync
- Support for DomPurify triggers
- User settings
Give it a try and share your findings!
yeswehack.github.io/Dom-Explorer
Dom-Explorer
yeswehack.github.io
December 20, 2024 at 1:54 PM
I've pushed some updates to Dom-Explorer:
- Allow multiple pipeline embed
- Short links for sharing/sync
- Support for DomPurify triggers
- User settings
Give it a try and share your findings!
yeswehack.github.io/Dom-Explorer
- Allow multiple pipeline embed
- Short links for sharing/sync
- Support for DomPurify triggers
- User settings
Give it a try and share your findings!
yeswehack.github.io/Dom-Explorer
Reposted by Wiloti
New module on #NetExec : wam
Dump #Entra access tokens from Windows Token Broker Cache, and make your way to Entra 🚀
Thanks @xpnsec.com for the technique! More info on his blog : blog.xpnsec.com/wam-bam/
Dump #Entra access tokens from Windows Token Broker Cache, and make your way to Entra 🚀
Thanks @xpnsec.com for the technique! More info on his blog : blog.xpnsec.com/wam-bam/
December 18, 2024 at 4:26 PM
New module on #NetExec : wam
Dump #Entra access tokens from Windows Token Broker Cache, and make your way to Entra 🚀
Thanks @xpnsec.com for the technique! More info on his blog : blog.xpnsec.com/wam-bam/
Dump #Entra access tokens from Windows Token Broker Cache, and make your way to Entra 🚀
Thanks @xpnsec.com for the technique! More info on his blog : blog.xpnsec.com/wam-bam/
Reposted by Wiloti
🚀 Big Announcement! 🚀
After 8+ years of working on PayloadsAllTheThings, I’m excited to release it as an ebook on Leanpub! 📖✨
To celebrate, I’m gifting 2 free copies to random reposters! 🔥
👉 Repost for a chance to win
Thank you all for your incredible support! 🙌
#CyberSecurity #Infosec
After 8+ years of working on PayloadsAllTheThings, I’m excited to release it as an ebook on Leanpub! 📖✨
To celebrate, I’m gifting 2 free copies to random reposters! 🔥
👉 Repost for a chance to win
Thank you all for your incredible support! 🙌
#CyberSecurity #Infosec
Payloads All The Things
leanpub.com
December 1, 2024 at 4:16 PM
🚀 Big Announcement! 🚀
After 8+ years of working on PayloadsAllTheThings, I’m excited to release it as an ebook on Leanpub! 📖✨
To celebrate, I’m gifting 2 free copies to random reposters! 🔥
👉 Repost for a chance to win
Thank you all for your incredible support! 🙌
#CyberSecurity #Infosec
After 8+ years of working on PayloadsAllTheThings, I’m excited to release it as an ebook on Leanpub! 📖✨
To celebrate, I’m gifting 2 free copies to random reposters! 🔥
👉 Repost for a chance to win
Thank you all for your incredible support! 🙌
#CyberSecurity #Infosec