cyberkhalid
Offensive Security || Red Team || Pentester || • 0xCyb3rkh4l1d •
HOME
CATEGORIES
ARCHIVES
ABOUT
Home
Archives
Archives
Cancel
Archives
2022
02
Jun
Linux/86 Delete file -> Jmp-call-pop,XOR
02
Jun
Linux/86 Create Directory (mkdir)-> Jmp-call-pop,XOR
02
Jun
Linux/86 Helloword -> Jmp-call-pop,XOR
02
Jun
Linux/86 Helloword -> Stack,XOR
02
Jun
Linux/86 execve -> Stack,XOR
02
Jun
Linux/86 Create file -> Jmp-call-pop,Stack,XOR
02
Jun
Linux/86 cat /etc/passwd -> Stack,XOR
02
Jun
SSH Pentesting -> Pivoting
02
Jun
SSH Pentesting -> Persistence
02
Jun
SSH Pentesting
02
Jun
SSH Pentesting -> Exfiltration
02
Jun
SSH Pentesting -> Enumeration
02
Jun
SSH Pentesting -> Bruteforce
02
Jun
WriteOwner On User
02
Jun
WriteDacl On User
02
Jun
Ownership On User
02
Jun
GenericAll On User
02
Jun
Force-Change-Password On User
02
Jun
WriteDacl On Group
02
Jun
GenericWrite On Group
02
Jun
GenericAll On Group
02
Jun
Self-Membership
02
Jun
Insecure Service-> Unquoted Service Path
02
Jun
Insecure Service-> Weak Registry Permissions
02
Jun
Insecure Service Permissions
02
Jun
Insecure Service Executables
02
Jun
Insecure GUI Apps
02
Jun
VNC Pentesting
02
Jun
Unconstrained delegation
02
Jun
Telnet Pentesting
02
Jun
Startup Apps
02
Jun
SNMPv1,SNMPv2,SNMPv2c Pentesting
02
Jun
SMBRelay
02
Jun
Silver Ticket
02
Jun
Local User Account
02
Jun
Startups
02
Jun
Registry Autoruns
02
Jun
Local User Account
02
Jun
Pass The Ticket(Ptt)
02
Jun
Pass The Hash(Pth)
02
Jun
SSH Authorized_keys
02
Jun
Scheduled Tasks
02
Jun
Token Impersonation — PrintSpoofer
02
Jun
Cronjob
02
Jun
.bashrc
02
Jun
Password Spraying
02
Jun
NTLMRelay
02
Jun
LLMNR/NBT-NS Poisoning
02
Jun
Machine Account -> Privileged Group
02
Jun
Machine Account -> UserAccountControl
02
Jun
SUID / SGID Executables - Shared Object Injection
02
Jun
SUID / SGID Executables - Known Exploits
02
Jun
SUID / SGID Executables - Environment Variables
02
Jun
SUDO - LD_PRELOAD
02
Jun
Shell Escape Sequences
02
Jun
Writable /etc/shadow
02
Jun
Readable /etc/shadow
02
Jun
Writable /etc/passwd
02
Jun
Capabilities
02
Jun
Cron Jobs - Wildcards
02
Jun
Cron Jobs - File Permissions
02
Jun
Cron Jobs - PATH Environment Variable
02
Jun
Ldap Pentesting
02
Jun
Kerberoasting
02
Jun
Kerberos Pentesting
02
Jun
DCSync On Domain
02
Jun
Golden Ticket
02
Jun
FTP Pentesting
02
Jun
Force Authentication
02
Jun
Directory Services Restore Mode (DSRM)
02
Jun
Registry Autoruns
02
Jun
AS-REP Roasting
02
Jun
Registry — AlwaysInstallElevated
02
Jun
AdminSDHolder
07
Apr
Local Account
07
Apr
SSH Authorized Keys
31
Mar
Process Injection -> CreateThread
31
Mar
RUNDLL32
31
Mar
REGSVR32
31
Mar
MSIEXEC
31
Mar
MSHTA
31
Mar
Process Discovery
31
Mar
Permission Groups Discovery -> Local Groups
31
Mar
Permission Groups Discovery -> Domain Groups
31
Mar
Group Policy Discovery
31
Mar
Domain Account
31
Mar
Local Account
31
Mar
Security Account Manager (SAM)
31
Mar
NTDS
31
Mar
LSA Secrets
31
Mar
/etc/passwd and /etc/shadow
31
Mar
DCSync
31
Mar
Cached Domain Credentials
31
Jan
Initial Access
31
Jan
Writec
01
Jan
Resource Development
31
Dec
Stored XSS
31
Dec
Reflected XSS
31
Dec
DOM-based XSS
31
Dec
XPATH Injection
31
Dec
Unrestricted File Upload -> Bypass
31
Dec
Unrestricted File Upload
31
Dec
Server-side request forgery (SSRF)
31
Dec
Blind Sql Injection -> Time Based
31
Dec
Sql Injection With Sqlmap
31
Dec
Sql Injection -> Authentication Bypass
31
Dec
In-band Sql Injection
31
Dec
Blind Sql Injection -> Boolean Based
31
Dec
SMTP header injection
31
Dec
Stored Html Injection
31
Dec
Remote File Inclusion
31
Dec
Nosql Injection
31
Dec
Multi-Factor Authentication Bypass
31
Dec
Mass Assignment -> Horizontal Privilege Escalation
31
Dec
Mass Assignment -> Vertical Privilege Escalation
31
Dec
JWT Authentication Bypass -> Weak Signing Key
31
Dec
JWT Authentication Bypass -> Unverified Signature
31
Dec
JWT Authentication Bypass -> jku header injection
31
Dec
JWT Authentication Bypass -> Algorithm Confusion
31
Dec
JWT Authentication Bypass -> None Algorithm
31
Dec
Insecure Deserialization
31
Dec
Html Injection
31
Dec
Host Header Injection -> Password Reset Poisoning
31
Dec
Host Header Injection -> Authentication Bypass
31
Dec
Directory Bruteforce
31
Dec
Cross-Side Request Forgery
31
Dec
Cross-Origin Resource Sharing
31
Dec
Code Injection
31
Dec
Clickjacking
31
Dec
Captcha Bypass -> Missing Parameter
31
Dec
Captcha Bypass -> Leaked In HTML
31
Dec
Captcha Bypass -> Not Expiring After Used
31
Dec
Captcha Bypass -> Leaked In Cookie
31
Dec
Captcha Bypass -> OCR
31
Dec
Broken Authentication -> Weak Password
31
Dec
Session hijacking -> Session Id In Url
31
Dec
Broken Authentication -> Username Enumeration
31
Dec
Session hijacking -> Session Fixation
31
Dec
Broken Authentication -> Account Takeover Via Multistage Login
31
Dec
Session hijacking -> Insufficient Session Expiration
31
Dec
Broken Authentication -> Unencrypted Communication
31
Dec
Broken Authentication -> Forgot Password - Bad Questions
31
Dec
Session hijacking -> Predictable session token
31
Dec
Broken Authentication -> Bruteforce
31
Dec
Broken Access Control -> IDOR -> Order
31
Dec
Broken Access Control -> IDOR -> Access File
31
Dec
Broken Access Control -> IDOR -> View Profile
31
Dec
Broken Access Control -> MFLAC
31
Dec
XXE - XML External Entity
31
Dec
Open Redirection
31
Dec
Server-Side Template Injection
31
Dec
Local File Inclusion
31
Dec
LDAP Injection
31
Dec
Path traversal
31
Dec
CRLF Injection
31
Dec
Blind Command Injection
31
Dec
Command Injection
31
Dec
Blind XML External Entity
31
Dec
Reconnaissance
31
Dec
Privilege Escalation
31
Dec
Persistence
31
Dec
Lateral Movement
31
Dec
Impact
31
Dec
Exfiltration
31
Dec
Execution
31
Dec
Defense Evasion
31
Dec
Discovery
31
Dec
Credential Access
31
Dec
Collection
31
Dec
Command and Control
Recently Updated
Cronjob
Registry Autoruns
Registry Autoruns
Startups
Insecure Service-> Unquoted Service Path