CVE-2017-9822

This repository contains complied exe of ysoserial.net ( ys.exe in directory ysoserial/bin/Debug). This work belongs to @pwntester bhai ji \m/

ysoserialnet A proof-of-concept tool for generating payloads that exploit unsafe NET object deserialization Description ysoserialnet is a collection of utilities and property-oriented programming "gadget chains" discovered in common NET libraries that can, under the right conditions, exploit NET applications performing unsafe deserialization of objects The mai

AWAE/OSWE Preparation for coming AWAE Training Work in progress Atmail Mail Server Appliance: from XSS to RCE (64) CVE-2012-2593 wwwexploit-dbcom/exploits/20009 githubcom/sourceincite/poc/blob/master/SRC-2016-0012py ATutor Authentication Bypass and RCE (221) CVE-2016-2555 Install: sourceforgenet/projects/atutor/files/atutor_2_2_1/

OSWE Preparation

AWAE/OSWE Preparation for coming AWAE Training Work in progress Atmail Mail Server Appliance: from XSS to RCE (64) CVE-2012-2593 wwwexploit-dbcom/exploits/20009 githubcom/sourceincite/poc/blob/master/SRC-2016-0012py ATutor Authentication Bypass and RCE (221) CVE-2016-2555 Install: sourceforgenet/projects/atutor/files/atutor_2_2_1/

Dockerized labs For Web Expert (OSWE) certification. Preparation for coming AWAE Training ...

OSWE -LABS Dockerized labs For Web Expert (OSWE) certification Preparation for coming AWAE Training Another project : malware analysis & cyber threat hunting githubcom/svdwi/BlueBox Available labs for the OSWE ATutor is an Open Source Web-based Learning Content Management System Wikipedia DNN is a web content management system and web application fr

AWAE/OSWE Preparation for coming AWAE Training Work in progress Atmail Mail Server Appliance: from XSS to RCE (64) CVE-2012-2593 wwwexploit-dbcom/exploits/20009 githubcom/sourceincite/poc/blob/master/SRC-2016-0012py ATutor Authentication Bypass and RCE (221) CVE-2016-2555 Install: sourceforgenet/projects/atutor/files/atutor_2_2_1/

https://github.com/timip/OSWE

AWAE/OSWE Preparation for coming AWAE Training Work in progress Atmail Mail Server Appliance: from XSS to RCE (64) CVE-2012-2593 wwwexploit-dbcom/exploits/20009 githubcom/sourceincite/poc/blob/master/SRC-2016-0012py ATutor Authentication Bypass and RCE (221) CVE-2016-2555 Install: sourceforgenet/projects/atutor/files/atutor_2_2_1/

[CVE-2017-9822] DotNetNuke Cookie Deserialization Remote Code Execution (RCE)

[CVE-2017-9822] DotNetNuke Cookie Deserialization Remote Code Execution (RCE) DotNetNuke (DNN) versions between 500 - 930 are affected to deserialization vulnerability that leads to Remote Code Execution (RCE) DotNetNuke uses the DNNPersonalization cookie to store anonymous users’ personalization options (the options for authenticated users are stored through their

https://github.com/ManhNho/AWAE-OSWE

AWAE/OSWE Preparation for coming AWAE Training Work in progress Facebook discuss group wwwfacebookcom/groups/262623168007439 Course syllabus wwwoffensive-securitycom/documentation/awae-syllabuspdf Other resource Burpsuite how to? portswiggernet/burp/documentation Common web vulnerabilities portswiggernet/web-security Atmail Mai

my n00b notes on web_study

stop what you are doing and have a glance through this: wwwinfosecmattercom/bug-bounty-tips/ web_study my n00b notes on web_study The Single Page badge on PA doesnt tell you where the exercises are they are here A good list of "todo's" is here at mrb3n's blog To do: Portswigger labs will take you from 0 to hero LKWA ^^^ lab guide Hack the Box/ B

Dockerized labs For Web Expert (OSWE) certification. Preparation for coming AWAE Training ...

OSWE -LABS Dockerized labs For Web Expert (OSWE) certification Preparation for coming AWAE Training Another project : malware analysis & cyber threat hunting githubcom/svdwi/BlueBox Available labs for the OSWE ATutor is an Open Source Web-based Learning Content Management System Wikipedia DNN is a web content management system and web application fr

Do all these topics and learn advance web hacking as well prepare for OSWE.

AWAE/OSWE Preparation for coming AWAE Training Work in progress Atmail Mail Server Appliance: from XSS to RCE (64) CVE-2012-2593 wwwexploit-dbcom/exploits/20009 githubcom/sourceincite/poc/blob/master/SRC-2016-0012py ATutor Authentication Bypass and RCE (221) CVE-2016-2555 Install: sourceforgenet/projects/atutor/files/atutor_2_2_1/

ysoserial.net for Windows execute file

ysoserialnet ysoserialnet for Windows execute file Usage ysoserialexe -h ysoserialnet generates deserialization payloads for a variety of NET formatters Available gadgets: ActivitySurrogateDisableTypeCheck (Disables 48+ type protections for ActivitySurrogateSelector, command is ignored) Formatters: BinaryFormatter, LosFormatter, NetDataContractSerializer, ObjectStateFor

ysoserialnet ysoserialnet for Windows execute file Usage ysoserialexe -h ysoserialnet generates deserialization payloads for a variety of NET formatters Available gadgets: ActivitySurrogateDisableTypeCheck (Disables 48+ type protections for ActivitySurrogateSelector, command is ignored) Formatters: BinaryFormatter, LosFormatter, NetDataContractSerializer, ObjectStateFor