Skip to content
View scumdestroy's full-sized avatar
⛓️
Blood of heroes is closer to the Lord than ink of scholars or prayers of pious.
⛓️
Blood of heroes is closer to the Lord than ink of scholars or prayers of pious.

Block or report scumdestroy

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Please don't include any personal information such as legal names or email addresses. Maximum 100 characters, markdown supported. This note will be visible to only you.
Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse
scumdestroy/README.md

Header

Hi there 👋

Offsec Cybermage casting technoincendiary incantations across the internet so you can reassemble the pieces into something more impressive.

I wrote a book on recon for pentesters, bug bounty hunters and OSINT lifers recently - "Enumerating Esoteric Attack Surfaces" is the most comprehensive and esoteric tome on performing uncomfortably pervasive data sweeps against your target. The hidden attack surfaces will go from subterranean whispers of ghosts to radioactive bioluminescent glowies after you read this book.
https://www.amazon.com/Enumerating-Esoteric-Attack-Surfaces-Penetration-ebook/dp/B0CWDPHHMR

Certs

  • OSCP
  • eWPT
  • eCPPTv2 (eLearnSecurity Certified Professional Penetration Tester)
  • CompTIA Pentest+
  • Python Institute PCEP

HackerOne :: 99th percentile TryHackMe :: USA Top 10 and Global Top 50 (2021-2022)

CVEs

  • CVE-2023-3757 (critical SQLI in Rail Pass Management System Project in PHP" v 1.0)
  • CVE-2023-5303 (Multiple Stored-XSS Discovered in Online Banquet Booking System v1.0)
  • CVE-2023-5304 (Stored XSS via book-services.php)
  • CVE-2023-5305 (Stored XSS via mail.php)
  • CVE-2023-6074 (CVSS 9.8 SQLI in PHPGuruKui Restaurant Table Booking System 1.0)
  • CVE-2023-6075 (Stored XSS via Reservation Request Handler)
  • CVE-2023-6076 (CVSS 7.5 Information disclosure via booking-details.php)

Blog about Penetration Testing, Hacking and Bug Bounty: https://scumdestroy.com

TryHackMe - Scumdestroy

LinkedIn Instagram

  • 🔭 I’m currently working on a deep, obsessive, Marianis-Trench level recon campaign against a single target web app while ignoring 135 private bug bounty program invitations (Unauth Read/write on Internal Documents x 3, rXSS and Critical Information Disclosure x 2)

  • 👯 I’m looking to collaborate on bounty programs or CTF teams!! Let's hack them to chunks!!

  • 🌱 I’m currently researching GraphQL, Android Pentesting, Windows API/Malware Dev and the pursuit of those juicy CVEs and zero days every day.

Pinned Loading

  1. Infosec-Corruption Infosec-Corruption Public

    gitbook of all pentesting knowledge

    19 4

  2. pentest-scripts-for-dangerous-boys pentest-scripts-for-dangerous-boys Public

    Some good-boy scripts I've made throughout my time learning aggressive infosec

    Ruby 8 2

  3. cyberghostVPN-for-ParrotOS cyberghostVPN-for-ParrotOS Public

    Shell 7 1

  4. FatFree-Incendiary-Pentest-Gems FatFree-Incendiary-Pentest-Gems Public

    Amassing wealth in the form of biochemical tactical nuclear hack precision strike notes for existential fulfillment and destruction of the opps

    9 3

  5. 100-RedTeam-Projects 100-RedTeam-Projects Public

    Attempt to grind out the 100 offsec project challenges, conceptualized by github user, @kurogai, at his repo [https://github.com/kurogai/100-redteam-projects]

    Python 10