GoSecure/xxe-workshop GoSecure/xxe-workshop

  • Stars
    star
    118
  • Rank 298,161 (Top 6 %)
  • Language
    JavaScript
  • Created almost 4 years ago
  • Updated over 1 year ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
GoSecure/xxe-workshop
github

GoSecure

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Workshop given at Hack in Paris 2019

Advanced XXE Workshop

This repository includes all the test applications presented at Hack in Paris 2019.

Reading the tutorials

Tutorials: https://gosecure.github.io/xxe-workshop/

Running the application yourself

All the application code and docker script are included in this repository. The build process will vary depending on the technology (PHP or Java).

First start by cloning the repository or exporting the repository to a zip archive. Refer to the README of each individual application.

git clone https://github.com/GoSecure/xxe-workshop.git

More Repositories

1

pyrdp

RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact
Python
1,483
star
2

malboxes

Builds malware analysis Windows VMs so that you don't have to.
Python
1,026
star
3

dtd-finder

List DTDs and generate XXE payloads using those local DTDs.
Kotlin
601
star
4

WSuspicious

WSuspicious - A tool to abuse insecure WSUS connections for privilege escalations
C#
338
star
5

php7-opcache-override

Security-related PHP7 OPcache abuse tools and demo
Python
306
star
6

pywsus

Standalone implementation of a part of the WSUS spec. Built for offensive security purposes.
Python
286
star
7

csp-auditor

Burp and ZAP plugin to analyse Content-Security-Policy headers or generate template CSP configuration from crawling a Website
Java
135
star
8

DLLPasswordFilterImplant

DLL Password Filter Implant with Exfiltration Capabilities
C
133
star
9

template-injection-workshop

Workshop on Template Injection (6 exercises) covering Twig, Jinja2, Tornado, Velocity and Freemaker engines.
CSS
118
star
10

ldap-scanner

Checks for signature requirements over LDAP
Python
92
star
11

frida-xamarin-unpin

A Frida script to bypass Xamarin certificate pinning implementations
C#
65
star
12

advanced-binary-analysis

Materials for the Binary Analysis Workshop presented at NorthSec 2020
HTML
63
star
13

break-fast-serial

A proof of concept that demonstrates asynchronous scanning for Java deserialization bugs
Python
54
star
14

security-cheat-sheet

Minimalist cheat sheet for developpers to write secure code
HTML
54
star
15

xfsc

eXtensions for Financial Services (XFS) proof of concept client to explore and issue commands directly to the devices that support the protocol. Force ATMs to dispense cash if you have code execution on them.
C
53
star
16

gophish-cli

Gophish Python cli to perform huge phishing campaigns
Python
40
star
17

linkedin-osint

A simple proof of concept that demonstrate how emails can easily be tie to LinkedIn profile
Python
36
star
18

presentations

Material from presentations done by GoSecure researchers
HTML
32
star
19

burp-ntlm-challenge-decoder

Burp extension to decode NTLM SSP headers and extract domain/host information
Kotlin
32
star
20

request-smuggling-workshop

Python
22
star
21

Cisco2Checkpoint

Tool that assists in migrating firewall rules from Cisco to Checkpoint. Will optimize rules for you (rationalization, reuse merging, etc.).
Python
21
star
22

unicode-pentester-cheatsheet

An easy to navigate list of unicode characters that have risky transformations ๐Ÿ’ฅ
HTML
20
star
23

zap-autodecode-view

ZAP plugin demonstrating custom view for WebSocket messages.
Kotlin
13
star
24

goinsecure-deserialization

Accompanying material needed for the workshop
Java
11
star
25

LansweeperPasswordRecovery

Lansweeper Password Recovery Tool
C#
11
star
26

malware-ioc

Indicators of Compromise (IOCs) for malware we have researched
YARA
10
star
27

44con-code-review-workshop

References, tools and sample payloads
10
star
28

hackfest-deserialization-workshop

8
star
29

jenkins-fsb

Jenkins instance with preconfigured jobs to analyze Java binaries using Find Security Bugs.
Shell
6
star
30

orange-code-widget

๐ŸŠ Widget for Orange to visualize code sample
Python
6
star
31

request-smuggling-nsec-demo

PHP
5
star
32

burp-fuzzy-encoding-generator

Quickly test various encoding for a given value in Burp Intruder
Kotlin
5
star
33

malware_investigation_template

Because .idb files should be version controlled.
Shell
4
star
34

fq-pyrdp

fq format for parsing PyRDP replays
Go
4
star
35

owasp-workshop-zap

Atelier pratique sur le dรฉveloppement d'extension ZAP / Workshop on ZAP extension development
HTML
4
star
36

caplets

Fork of caplets with RDP proxy caplet
JavaScript
3
star
37

confoo-xss-bypass-demos

Demonstration for the presentation Modern XSS
3
star
38

java-hostname-verification-poc

Java
2
star
39

missing-security-controls

HTML
1
star
40

notebooks

Cybersecurity Research Jupyter Notebooks for the Community
Jupyter Notebook
1
star
41

gosecure.github.io

HTML
1
star