Giter Site home page Giter Site logo

Website

Blog

Social Media

Bug Bounty Profiles

Public Exploits

Open Source Security Tools

Certifications

  • OSCE
  • OSCP
  • CISSP
  • Security+
  • CNA
  • MCP
  • Network+
  • A+
  • PCI-ASV
  • SecurityTube Android Security For Penetration Testers

Public Exploits/PoC's/CVE's/Bug Bounties/CTF's

2023:

2021:

  • Nutanix Stored DOM Cross-Site Scripting (XSS) & Reflected Cross-Site Scripting (XSS) 0day

2020:

2019 - Current:

  • Founded Sn1perSecurity which provides offensive security solutions to professional penetration testers, bug bounty researchers and enterprise security teams.

2018:

2017:

  • Recieved Offensive Security Certified Expert (OSCE) cerfication 12/2017
  • Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in WEMO HomeKit Bridge ($3,000 bounty) 9/2017
  • Stored Cross-Site Scripting (XSS) vulnerability in WEMO HomeKit Bridge ($500 bounty) 9/2017
  • Systemic Stored XSS vulnerability in WEMO HomeKit Android Application ($1,500 bounty) 9/2017
  • Systemic Local File Inclusion in WEMO HomeKit Android Application ($3,000 bounty) 9/2017
  • Placed 7th in ToorConCTF CTF 8/2017
  • Stored XSS in ModSecurity App for Splunk (Full Disclosure) 8/2017
  • Directory Traversal in PSPDFKit/Atlassian Jira Cloud Android application Bug Bounty 7/2017
  • Recieved Android Security For Penetration Testers (ASFP) certification from SecurityTube 5/2017
  • Gave talk at ISSA/OWASP Phoenix to 90+ attendees titled "Man In The Browser Advanced Client Side Exploitation" (https://www.slideshare.net/1N3/man-in-the-browser-advanced-client-side-exploitation-using-beef) 4/2017
  • PSV-2017-0227: Cross-Site Tracing Vulnerability in NETGEAR Arlo CVE 2/2017
  • Directory traversal + multiple CSRF + multiple stored and reflected XSS in NETGEAR M4300-8X8F switches ($3,000+ bounty) 3/2017
  • Recieved Department of Defense HackerOne Challenge coin for the Hack The Army Bug Bounty Program 2/2017
  • Listed on the BugCrowd 2016 MVP list 1/2017

2016:

2015:

2014:

2003-2005:

  • Founder of Star Virtual Machines / creator of VOS (Virtual Operating System): A Linux based distribution aimed to run multiple Operation Systems, including Windows / Linux and Mac OS on the same computer.

2001-2003:

  • Creator of Project-X-IRC: An IRC warscript for mIRC
  • Creator of P2P Terminal: An IRC P2P file sharing application written in TCL/TK

1999-2001:

  • Founder of Xion Audio / inventor of T1 Impulse Adapter

xer0dayz's Projects

1n3 icon 1n3

Founder of @Sn1perSecurity LLC. Creator of Sn1per. Top 20 worldwide on @bugcrowd in 2016. OSCE/OSCP/CISSP/Security+

amass icon amass

In-depth Attack Surface Mapping and Asset Discovery

attacksurfacemanagement icon attacksurfacemanagement

Discover the attack surface and prioritize risks with our continuous Attack Surface Management (ASM) platform - Sn1per Professional #pentest #redteam #bugbounty

blackwidow icon blackwidow

A Python based web application scanner to gather OSINT and fuzz for OWASP vulnerabilities on a target website.

brutex icon brutex

Automatically brute force all services running on a target.

cloudhunter icon cloudhunter

Find unreferenced AWS S3 buckets which have CloudFront CNAME records pointing to them

dirdar icon dirdar

DirDar is a tool that searches for (403-Forbidden) directories to break it and get dir listing on it

exploits icon exploits

Exploits by 1N3 @CrowdShield @xer0dayz @XeroSecurity

findsploit icon findsploit

Find exploits in local and online databases instantly

forbidden icon forbidden

Bypass 4xx HTTP response status codes and more. Based on PycURL.

gitgraber icon gitgraber

gitGraber: monitor GitHub to search and find sensitive data in real time for different online services such as: Google, Amazon, Paypal, Github, Mailgun, Facebook, Twitter, Heroku, Stripe...

goohak icon goohak

Automatically Launch Google Hacking Queries Against A Target Domain

intruderpayloads icon intruderpayloads

A collection of Burpsuite Intruder payloads, BurpBounty payloads, fuzz lists, malicious file uploads and web pentesting methodologies and checklists.

jexboss icon jexboss

JexBoss: Jboss (and Java Deserialization Vulnerabilities) verify and EXploitation Tool

linkfinder icon linkfinder

A python script that finds endpoints in JavaScript files

massdns icon massdns

A high-performance DNS stub resolver for bulk lookups and reconnaissance (subdomain enumeration)

powerexfil icon powerexfil

A collection of data exfiltration scripts for Red Team assessments.

prism-ap icon prism-ap

An automated Wireless RogueAP MITM attack framework.

privesc icon privesc

A collection of Windows, Linux and MySQL privilege escalation scripts and exploits.

rapiddns icon rapiddns

Rapidly enumerate subdomains and domains using rapiddns.io.

reverseapk icon reverseapk

Quickly analyze and reverse engineer Android packages

sn1per icon sn1per

Attack Surface Management Platform

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.