To clarify, with the comments upload drag-and-drop trick, you can't upload any file extensions outside of this allowlist (i,e., executable files not allowed): GIF, JPEG, JPG, MOV, MP4, PNG, SVG, WEBM, CPUPROFILE, CSV, DMP, DOCX, FODG, FODP, FODS, FODT, GZ, JSON, JSONC, LOG, MD, ODF, ODG, ODP, ODS, ODT, PATCH, PDF, PPTX, TGZ, TXT, XLS, XLSX or ZIP. Nothing stopping you from putting things in a release asset, though 😜 That trick looks to be doable on Gitlab just as well.

That´s an social engineer's wet dream. But the fact it works w/out even posting the issue is really the icing of the cake!

this is why i love john. he's so passionate and eager to share!

The issues-based file hosting is wild. You would think a person would at least need to submit the issue to have their files stored on a server for any length of time. I wonder how long those links are valid.

I see you changed the title of the video and thumbnail with the quickness.. I'm guessing "How to use Github to hack" wasn't as viable as you thought :D

Python Selenium would be a simple solution. Imitate a web browser, "upload" your file, get the url and send it to the c2 server / client .

I was once following your tutorial on burpsuite and I downloaded foxy-proxy extension on my Linux machine. Whenever I tried to use terminal as sudo the terminal freezed. I cannot recall the exact extension developer but clearly it was some variation of foxy-proxy. I uninstalled the extension and the terminal worked again. You should do a video on this

Dude, this is awesome, great video!

Why does the Linux community ignore this? Especially Linus Torvalds? Because they're also hackers. And by the way RMS, hacker is also ambiguous . Hacking is also dangerous because of its black hat definition.

who would've thought 😱

I keep reporting github malwares on a daily basis

10:14 I love that that's the video, idk it's hilarious

github is the new discord (kind of)

So i am currently doing a cyber security course and theres a project coming up where we have to setup a metaspoiltable 2 box.. could anyone tell me some tools to use to pentest the box if i am on team red and or some tools to defend the box etc on team blue? Would i need to have python knowledge as i am very new to it and i am starting to dip my toes in it

Lol, Microsoft is still using AWS for Github and not Azure 😂😂

I can imagine having a command of some sort in a file hosted on github and malware hosted on a device which occasionally checks that repo for a commit to that file, or perhaps a comment in a reply chain or something... I was specifically thinking that your command & control changes a file on the repo and at some point the malware will pull that file (during a poll :P) and do the command like taking a screenshot and uploading it back to the repo. Idk Very interesting video. I'm already using github to share memes, but now I'm getting ideas about how I can use other sites I'd otherwise never touch, like Truth Social.

You forgot my kind of hackers: the ugly

Hi John, great video. How can I connect with you about learning more.

well that was a fun until it lasted!

Hay John, I hope you're doing well, so I'm trying to find a websites Directory with Linux like Ubuntu, but I'm not sure how, can you make a video on how to find a websites directory please Thanks. 😊

When I Saw the title, what came to my mind was "Who Doesn't?"....

Keep'er Security? I hardly know her!

discord was so much easier before they made the fix

Looks like web 1.0

Are you Seth Rogens brother?

Seth Rogan sounding breh

Okay Sir that's what i want to do 🤣📈🚩

love from nepal

I thought it was gonna be the zoo

there hasnt been a comment in six months

Lmao, this totally works 😂

Hahahhhhhhahahh so many malware

.

dang just 4 minutes and I'm already here

❤

😀👍

Wow

8th comment here

I've been a follower since 2018 but he never response to my comment 😂

First!!!

First

first