kh4sh3i's Projects
97 JSON Tests for Authentication Endpoints
A curated list of awesome Active Directory Penetration Testing and attack resources
Alpine with curl and date installed
Apache Tomcat exploit and Pentesting guide for penetration tester
Here are some common interview questions for an application security position you can review for your own interview, along with example answers
A curated list of awesome Burp Extensions for bug hunter. groups by vulnerability types
Bruteforce HTTP Authentication. Supports: Basic HTTP authentication ,Digest HTTP authentication
A curated list of available Bug Bounty & Disclosure Programs and Write-ups.
Bug Hunting Handbook
flAWS.cloud and flAWS2.cloud Interactive tutorial/CTFs to learn common AWS security mistakes.
A curated list of cloud pentesting resource, contains AWS, Azure, Google Cloud
Google Chrome Vulnerabilities CVE-2021-30573 allowed a remote attacker to potentially exploit heap corruption
Zabbix - SAML SSO Authentication Bypass
[PoC] Atlassian Confluence (CVE-2022-26134) - Unauthenticated OGNL injection vulnerability (RCE)
CVE-2023-22515 - Broken Access Control Vulnerability in Confluence Data Center and Server
Metabase Pre-auth RCE (CVE-2023-38646)
A curated list of awesome cyber attacks in iran, we want to review and explain some advanced attack that happened in iran, in order to learned some security tips.
A curated list of threat detection and hunting resources
DDoS Attack and type of ddos attack and ddos mitigation approach
Collection and Roadmap for everyone who wants DevSecOps, contains list of tools and methodologies
Repository with text of DMCA takedown notices as received. GitHub does not endorse or adopt any assertion contained in the following notices. Users identified in the notices are presumed innocent until proven guilty. Additional information about our DMCA policy can be found at
ElasticSearch exploit and Pentesting guide for penetration tester
The great Microsoft exchange hack: A penetration testerβs guide (exchange penetration testing)
Calculate Favicon Hash for Shodan
Describe how to use ffuf different options with examples
FortiWeb is a web application firewall (WAF)
List of fresh DNS resolvers updated daily
a Curated list of gitlab vulnerability
POC for CVE-2021-22214: Gitlab SSRF