Pinned Repositories
AttackingAndDefendingTheGCPMetadataAPI
This repo gives an overview of some GCP metadata API attack and defend patterns
cssInjection
Stealing CSRF tokens with CSS injection (without iFrames)
Damn-Vulnerable-Redis-Container
An example of obtaining RCE via Redis and CSRF
gcploit
These are tools we released with our 2020 defcon/blackhat talk https://www.youtube.com/watch?v=Ml09R38jpok
Pastejacking
A demo of overriding what's in a person's clipboard
Snapper
A security tool for grabbing screenshots of many web hosts
truffleHogRegexes
These are the regexes that power truffleHog
windowHijacking
A demo of altering an opened tab after a timer
WPA2-HalfHandshake-Crack
This is a POC to show it is possible to capture enough of a handshake with a user from a fake AP to crack a WPA2 network without knowing the passphrase of the actual AP.
XSSJacking
Abusing Self-XSS and Clickjacking to trigger XSS
dxa4481's Repositories
dxa4481/Pastejacking
A demo of overriding what's in a person's clipboard
dxa4481/WPA2-HalfHandshake-Crack
This is a POC to show it is possible to capture enough of a handshake with a user from a fake AP to crack a WPA2 network without knowing the passphrase of the actual AP.
dxa4481/truffleHogRegexes
These are the regexes that power truffleHog
dxa4481/gcploit
These are tools we released with our 2020 defcon/blackhat talk https://www.youtube.com/watch?v=Ml09R38jpok
dxa4481/AttackingAndDefendingTheGCPMetadataAPI
This repo gives an overview of some GCP metadata API attack and defend patterns
dxa4481/santaHog
Scans packages in npm and pypi for secrets
dxa4481/bygonessl
A tool to discover bygonessl vulnerabilities using the facebook API
dxa4481/SmartHealthCardViewer
Smart Health Card Viewer, view your California Smart Health Card Vaccination record
dxa4481/dxa4481.github.io
This is my resume, in HTML/CSS
dxa4481/redirect_demo
dxa4481/coolSVGXSS
simple demo of XSS in an SVG
dxa4481/dotGitFinder
dxa4481/blog
dxa4481/DNS-supplychain-frontend
dxa4481/evilModel
dxa4481/HelloShiftLeft-Mar2021
dxa4481/SecurityTarotCard
dxa4481/serviceworkerCSRFLogout
dxa4481/AnAWSSecret
dxa4481/Axeman
Axeman is a utility to retrieve certificates from Certificate Transparency Lists (CTLs)
dxa4481/cloud-builders-community
Community-contributed images for Google Cloud Build
dxa4481/election-bot
dxa4481/gcpmetadataheadlessbrowser
dxa4481/nsctfmc
dxa4481/serviceWorkerDemo
dxa4481/sound_board
dxa4481/test
dxa4481/testrepodeleteme
dxa4481/tst
test
dxa4481/xsshunter-express
An easy-to-setup version of XSS Hunter. Sets up in five minutes and requires no maintenance!