dxa4481

Full stack hacker

Truffle Security @trufflesecurity USA

Pinned Repositories

AttackingAndDefendingTheGCPMetadataAPI
This repo gives an overview of some GCP metadata API attack and defend patterns
78 4 018
cssInjection
Stealing CSRF tokens with CSS injection (without iFrames)
Language:HTML312 15 053
Damn-Vulnerable-Redis-Container
An example of obtaining RCE via Redis and CSRF
Language:HTML76 6 123
gcploit
These are tools we released with our 2020 defcon/blackhat talk https://www.youtube.com/watch?v=Ml09R38jpok
Language:Python159 7 826
Pastejacking
A demo of overriding what's in a person's clipboard
Language:HTML1.4k 48 1499
Snapper
A security tool for grabbing screenshots of many web hosts
Language:Python303 19 058
truffleHogRegexes
These are the regexes that power truffleHog
Language:Python208 19 1097
windowHijacking
A demo of altering an opened tab after a timer
Language:HTML124 8 022
WPA2-HalfHandshake-Crack
This is a POC to show it is possible to capture enough of a handshake with a user from a fake AP to crack a WPA2 network without knowing the passphrase of the actual AP.
Language:Python566 61 4107
XSSJacking
Abusing Self-XSS and Clickjacking to trigger XSS
Language:HTML130 12 134

dxa4481's Repositories

dxa4481/Pastejacking
A demo of overriding what's in a person's clipboard
Language:HTML1.4k 48 1499
dxa4481/WPA2-HalfHandshake-Crack
This is a POC to show it is possible to capture enough of a handshake with a user from a fake AP to crack a WPA2 network without knowing the passphrase of the actual AP.
Language:Python566 61 4107
dxa4481/truffleHogRegexes
These are the regexes that power truffleHog
Language:Python208 19 1097
dxa4481/gcploit
These are tools we released with our 2020 defcon/blackhat talk https://www.youtube.com/watch?v=Ml09R38jpok
Language:Python159 7 826
dxa4481/AttackingAndDefendingTheGCPMetadataAPI
This repo gives an overview of some GCP metadata API attack and defend patterns
78 4 018
dxa4481/santaHog
Scans packages in npm and pypi for secrets
Language:Python29 5 011
dxa4481/bygonessl
A tool to discover bygonessl vulnerabilities using the facebook API
Language:Python19 4 07
dxa4481/SmartHealthCardViewer
Smart Health Card Viewer, view your California Smart Health Card Vaccination record
Language:JavaScript8 4 0
dxa4481/dxa4481.github.io
This is my resume, in HTML/CSS
Language:Python6 4 03
dxa4481/redirect_demo
Language:HTML6 2 03
dxa4481/coolSVGXSS
simple demo of XSS in an SVG
Language:HTML3 3 05
dxa4481/dotGitFinder
Language:JavaScript2 4 03
dxa4481/blog
Language:HTML1 3 0
dxa4481/DNS-supplychain-frontend
Language:JavaScript1 2 0
dxa4481/evilModel
Language:Python1 2 0
dxa4481/HelloShiftLeft-Mar2021
Language:Java1 2 0
dxa4481/SecurityTarotCard
Language:JavaScript1 2 0
dxa4481/serviceworkerCSRFLogout
Language:HTML1 3 0
dxa4481/AnAWSSecret
2 0
dxa4481/Axeman
Axeman is a utility to retrieve certificates from Certificate Transparency Lists (CTLs)
Language:Python1 0
dxa4481/cloud-builders-community
Community-contributed images for Google Cloud Build
Language:Dockerfile2 0
dxa4481/election-bot
Language:Python3 0
dxa4481/gcpmetadataheadlessbrowser
Language:HTML3 0
dxa4481/nsctfmc
2 0
dxa4481/serviceWorkerDemo
3 0
dxa4481/sound_board
Language:HTML2 0
dxa4481/test
Language:HTML2 0
dxa4481/testrepodeleteme
2 0
dxa4481/tst
test
3 0
dxa4481/xsshunter-express
An easy-to-setup version of XSS Hunter. Sets up in five minutes and requires no maintenance!
Language:SCSS1 0