nikhil1232

Bucket-Flaws

Bucket Flaws ( S3 Bucket Mass Scanner ): A Simple Lightweight Script to Check for Common S3 Bucket Misconfigurations

IAM-Flaws

AWS IAM Security Toolkit: CIS Benchmarks | Enumeration | Privilege Escalation

apache-http-server-2.4-cis-benchmark-script

Apache HTTP Server 2.4 Automation Script according to CIS Benchmarks

apache-tomcat-9.0-CIS-Benchmark-script

Apache Tomcat 9.0 CIS Benchmark Automation Script

CVE-2020-7384

CVE-2020-7384

LibSSH-Authentication-Bypass

LibSSH Authentication Bypass CVE-2018-10933

Hack-the-Box-Writeups

-Monstra-CMS-3.0.4-Session-Management-Issue-in-the-Administrations-Tab

Active-Directory-Attack-Vectors-Notes

Active Directory Enumeration and Attack Vectors Notes

Application-Security-Engineer-Interview-Questions

Some of the questions which i was asked when i was giving interviews for Application/Product Security roles. I am sure this is not an exhaustive list but i felt these questions were important to be asked and some were challenging to answer

Cockpit-CMS-XSS-POC

Man-in-the-Middle-Attack-Presentation

This a very basic PPT presentation on Man in the Middle Attack

Monstra-CMS-3.0.4-Reflected-XSS-On-Login-

Monstra-CMS-3.0.4-Session-Management-Issue-in-Users-Tab

Ansible-Practice

A small practice scenario envolving deployment of various services in automated way and managing those services using containerized products vagrant and orchestration tools like ansible

API-Security-Checklist

Checklist of the most important security countermeasures when designing, testing, and releasing your API

Monstra-CMS-3.0.4-XSS-ON-Registration-Page

OSCP-notes

OSCP Notes

Trishul

Burp Extension written in Jython to hunt for common vulnerabilities found in websites. Developed by Gaurav Narwani to help people find vulnerabilities and teach how to exploit them.