I do bug bounties from time to time. I study many pentesting certs just because those look cool and I need OSCP to apply for a job. My hobby is researching on open-source projects and sometimes working on Linux binary project. When i look at source code, at first i feel like i know everything but to be honest with you my head keeps saying ERROR 404.
My philosophy i live by is there are only people who know and who don't. You don't know today doesn't mean you are dumb. Different people different stories, I like to hear their stories because good stories make the best knowledge!
Strive to be better, keep pushing forward because it is the way, refuse to be an idiot sandwich LOL
I like to think and think again. like I'm living in the future where my head is constantly thinking all possibilities. this habit of mine is like a double-edge sword. It helps me see the outcome while stress is killing me. If you see me staring at the blank space please forgive me I'm having a life in my head. lol
📁: CLICK HERE
📁: CLICK HERE
🚀: CLICK HERE
Life without purpose is too boring!
-
Found 100 CVE ( 7/100 )
-
OSEE holder (Prolly 5 years from now on. Year 2030?)
-
Found Windows or any Linux distro OS kernel exploitation
-
Burp Pro ... You heard it right ... i want BURP PRO!
My journal as a security researcher!
Standard tools like Burp Suite, Sqlmap, Nmap, Gobuster, FFUF etc. I won't mention those because these tools i believe we are all familiar with them.
| Tool(เครื่องมือ) | Desc.(คือ) | URL & Repo(ลิ้งค์repoและURL) |
|---|---|---|
| BBot | Subdomain enumeration | https://github.com/blacklanternsecurity/bbot |
| Httpstatus | Check HTTP status | https://httpstatus.io/ |
| Http status checker | Check HTTP status automation | https://github.com/BLACK-SCORP10/url-status-checker |
| Shopify free trial | Validate subdomain takeover vuln. | https://www.shopify.com/ |
| Katana | Web crawling | https://github.com/projectdiscovery/katana |
| Zenrows | Web scraper API for bypassing WAF | https://www.zenrows.com/ |
| CloakQuest3r | Find real IP behind CloudFlare ( Alt is CloudPeler/Crimeflare but for now it isn't working well for me) |
https://github.com/spyboy-productions/CloakQuest3r |
| XSStrike | XSS checker | https://github.com/s0md3v/XSStrike |
| LFImap | LFI/Path Traversal | https://github.com/hansmach1ne/LFImap |
| JWT Beautifier | Read JWT tokens in plain text | https://jwt.io/ |
| JWT_tool | JWT token cracker | https://github.com/ticarpi/jwt_tool |
| Ghauri | Sql injection alternative | https://github.com/r0oth3x49/ghauri |
| ParamSpider | URL parameter fuzzing | https://github.com/devanshbatham/ParamSpider |
| SubSnipe | Automated subdomain takeover checker | https://github.com/dub-flow/subsnipe |
| Acunetix | Vulnerability web scanner | https://www.acunetix.com/ |
| PortSwigger | For learning web pentesting knowledge | https://portswigger.net/web-security/ |
| NoSQLMap | Automating NoSQL injection | https://github.com/codingo/NoSQLMap |
| Frida | Mobile pentesting tool | https://github.com/frida/frida |
| Checklist | Desc.(คือ) | URL & Repo(ลิ้งค์repoและURL) |
|---|---|---|
| DNS providers | Check for potential subdomain takeover-able providers | https://github.com/EdOverflow/can-i-take-over-xyz |
| XSS cheatsheet | XSS cheatsheet | https://portswigger.net/web-security/cross-site-scripting/cheat-sheet |
| SQL injection cheatsheet | SQL injection cheatsheet | https://portswigger.net/web-security/sql-injection/cheat-sheet |
| Frida cheatsheet | Frida usage cheatsheet | https://erev0s.com/blog/frida-code-snippets-for-android/ |
| Checklist | Desc.(คือ) | URL & Repo(ลิ้งค์repoและURL) |
|---|---|---|
| Buffer Overflow in source code | it is like you can write 4 letters but you add the 5th letter in the word. this causes the program to act differently | In source code, look for gets, strcopy, strcat, and printf/sprint |