Here are a few new resources I’ve run across in the last month or so. I’ve gone back to add these to some of my older posts, such as the Windows Privesc Resources, so hopefully you’ll find them, one way or another.
JSgen.py – bind and reverse shell JS code generator for SSJI in Node.js with filter bypass encodings
So you want to be a security engineer?
Local and Remote File Inclusion Cheat Sheet
External XML Entity (XXE) Injection Payloads