101 private links
ChopChop is a command-line tool for dynamic application security testing on web applications, initially written by the Michelin CERT.
Its goal is to scan several endpoints and identify exposition of services/files/folders through the webroot. Checks/Signatures are declared in a config file (by default: chopchop.yml), fully configurable, and especially by developers.
BloodHound data collection, aka Sharphound, is quite a complex beast.
When giving BloodHound workshops, the part where I get the most questions is always data collection.
How is the BloodHound data collected? What methods do what? Who am I talking to? How do I fly under the radar?
This SQL injection cheat sheet contains examples of useful syntax that you can use to perform a variety of tasks that often arise when performing SQL ...
Callback config for xxe
ZAP 2.10.0 Anniversary Release
Again a great collection of things worth reading all around bug bounty and pentesting.