snoopysecurity

OSCE-Prep

A list of freely available resources that can be used as a prerequisite before taking OSCE.

Setup-AD-Security-Lab

Scripts to create a Active Directory Lab with security misconfigurations and vulnerabilities.

Noopener-Burp-Extension

Find Target="_blank" values within web pages that are set without 'noopener' and 'noreferrer' attributes

what-happens-when

An attempt to answer the age old interview question "What happens when you type google.com into your browser and press enter?"

DVIA-v2

Damn Vulnerable iOS App (DVIA) is an iOS application that is damn vulnerable.

i3-starterpack

A simple guide (and example of configuration) to install i3 & its and essentials packages, then make them look eye candy.

browser-exploit-POC

ByP-SOP

🏴‍☠️ Bypass Same Origin Policy with DNS-rebinding to retrieve local server files 🏴‍☠️

chrome-sbx-db

A Collection of Chrome Sandbox Escape POCs/Exploits for learning

chromium-ipc-sniffer

A tool to capture communication between Chromium processes on Windows

chromium_bug_search

Simple commit search utility for Chromium Google Source.

exploit_playground

Fullscreen-API-Attack

Demo of phishing attack on the native HTML5 full screen API.

Jandroid

java-sec-code

Java web common vulnerabilities and security code which is base on springboot and spring security

js-vuln-db

A collection of JavaScript engine CVEs with PoCs

linux-kernel-exploitation

A bunch of links related to Linux kernel exploitation

Lynx

A Node.js vulnerability finding tool.

php7-internals

Research about the Zend Engine

Publications

My public presentations

wooyun_articles

drops.wooyun.org 乌云Drops文章备份

You-Dont-Know-JS

A book series on JavaScript. @YDKJS on twitter.