Archives

2022

• 03 06 Linux/86 Delete file -> Jmp-call-pop,XOR
• 03 06 Linux/86 Create Directory (mkdir)-> Jmp-call-pop,XOR
• 03 06 Linux/86 Helloword -> Jmp-call-pop,XOR
• 03 06 Linux/86 Helloword -> Stack,XOR
• 03 06 Linux/86 execve -> Stack,XOR
• 03 06 Linux/86 Create file -> Jmp-call-pop,Stack,XOR
• 03 06 Linux/86 cat /etc/passwd -> Stack,XOR
• 03 06 SSH Pentesting -> Pivoting
• 03 06 SSH Pentesting -> Persistence
• 03 06 SSH Pentesting
• 03 06 SSH Pentesting -> Exfiltration
• 03 06 SSH Pentesting -> Enumeration
• 03 06 SSH Pentesting -> Bruteforce
• 03 06 WriteOwner On User
• 03 06 WriteDacl On User
• 03 06 Ownership On User
• 03 06 GenericAll On User
• 03 06 Force-Change-Password On User
• 03 06 WriteDacl On Group
• 03 06 GenericWrite On Group
• 03 06 GenericAll On Group
• 03 06 Self-Membership
• 03 06 Insecure Service-> Unquoted Service Path
• 03 06 Insecure Service-> Weak Registry Permissions
• 03 06 Insecure Service Permissions
• 03 06 Insecure Service Executables
• 03 06 Insecure GUI Apps
• 03 06 VNC Pentesting
• 03 06 Unconstrained delegation
• 03 06 Telnet Pentesting
• 03 06 Startup Apps
• 03 06 SNMPv1,SNMPv2,SNMPv2c Pentesting
• 03 06 SMBRelay
• 03 06 Silver Ticket
• 03 06 Local User Account
• 03 06 Startups
• 03 06 Registry Autoruns
• 03 06 Local User Account
• 03 06 Pass The Ticket(Ptt)
• 03 06 Pass The Hash(Pth)
• 03 06 SSH Authorized_keys
• 03 06 Scheduled Tasks
• 03 06 Token Impersonation — PrintSpoofer
• 03 06 Cronjob
• 03 06 .bashrc
• 03 06 Password Spraying
• 03 06 NTLMRelay
• 03 06 LLMNR/NBT-NS Poisoning
• 03 06 Machine Account -> Privileged Group
• 03 06 Machine Account -> UserAccountControl
• 03 06 SUID / SGID Executables - Shared Object Injection
• 03 06 SUID / SGID Executables - Known Exploits
• 03 06 SUID / SGID Executables - Environment Variables
• 03 06 SUDO - LD_PRELOAD
• 03 06 Shell Escape Sequences
• 03 06 Writable /etc/shadow
• 03 06 Readable /etc/shadow
• 03 06 Writable /etc/passwd
• 03 06 Capabilities
• 03 06 Cron Jobs - Wildcards
• 03 06 Cron Jobs - File Permissions
• 03 06 Cron Jobs - PATH Environment Variable
• 03 06 Ldap Pentesting
• 03 06 Kerberoasting
• 03 06 Kerberos Pentesting
• 03 06 DCSync On Domain
• 03 06 Golden Ticket
• 03 06 FTP Pentesting
• 03 06 Force Authentication
• 03 06 Directory Services Restore Mode (DSRM)
• 03 06 Registry Autoruns
• 03 06 AS-REP Roasting
• 03 06 Registry — AlwaysInstallElevated
• 03 06 AdminSDHolder
• 08 04 Local Account
• 08 04 SSH Authorized Keys
• 01 04 Process Injection -> CreateThread
• 01 04 RUNDLL32
• 01 04 REGSVR32
• 01 04 MSIEXEC
• 01 04 MSHTA
• 01 04 Process Discovery
• 01 04 Permission Groups Discovery -> Local Groups
• 01 04 Permission Groups Discovery -> Domain Groups
• 01 04 Group Policy Discovery
• 01 04 Domain Account
• 01 04 Local Account
• 01 04 Security Account Manager (SAM)
• 01 04 NTDS
• 01 04 LSA Secrets
• 01 04 /etc/passwd and /etc/shadow
• 01 04 DCSync
• 01 04 Cached Domain Credentials
• 01 02 Initial Access
• 01 02 Writec
• 02 01 Resource Development
• 01 01 Stored XSS
• 01 01 Reflected XSS
• 01 01 DOM-based XSS
• 01 01 XPATH Injection
• 01 01 Unrestricted File Upload -> Bypass
• 01 01 Unrestricted File Upload
• 01 01 Server-side request forgery (SSRF)
• 01 01 Blind Sql Injection -> Time Based
• 01 01 Sql Injection With Sqlmap
• 01 01 Sql Injection -> Authentication Bypass
• 01 01 In-band Sql Injection
• 01 01 Blind Sql Injection -> Boolean Based
• 01 01 SMTP header injection
• 01 01 Stored Html Injection
• 01 01 Remote File Inclusion
• 01 01 Nosql Injection
• 01 01 Multi-Factor Authentication Bypass
• 01 01 Mass Assignment -> Horizontal Privilege Escalation
• 01 01 Mass Assignment -> Vertical Privilege Escalation
• 01 01 JWT Authentication Bypass -> Weak Signing Key
• 01 01 JWT Authentication Bypass -> Unverified Signature
• 01 01 JWT Authentication Bypass -> jku header injection
• 01 01 JWT Authentication Bypass -> Algorithm Confusion
• 01 01 JWT Authentication Bypass -> None Algorithm
• 01 01 Insecure Deserialization
• 01 01 Html Injection
• 01 01 Host Header Injection -> Password Reset Poisoning
• 01 01 Host Header Injection -> Authentication Bypass
• 01 01 Directory Bruteforce
• 01 01 Cross-Side Request Forgery
• 01 01 Cross-Origin Resource Sharing
• 01 01 Code Injection
• 01 01 Clickjacking
• 01 01 Captcha Bypass -> Missing Parameter
• 01 01 Captcha Bypass -> Leaked In HTML
• 01 01 Captcha Bypass -> Not Expiring After Used
• 01 01 Captcha Bypass -> Leaked In Cookie
• 01 01 Captcha Bypass -> OCR
• 01 01 Broken Authentication -> Weak Password
• 01 01 Session hijacking -> Session Id In Url
• 01 01 Broken Authentication -> Username Enumeration
• 01 01 Session hijacking -> Session Fixation
• 01 01 Broken Authentication -> Account Takeover Via Multistage Login
• 01 01 Session hijacking -> Insufficient Session Expiration
• 01 01 Broken Authentication -> Unencrypted Communication
• 01 01 Broken Authentication -> Forgot Password - Bad Questions
• 01 01 Session hijacking -> Predictable session token
• 01 01 Broken Authentication -> Bruteforce
• 01 01 Broken Access Control -> IDOR -> Order
• 01 01 Broken Access Control -> IDOR -> Access File
• 01 01 Broken Access Control -> IDOR -> View Profile
• 01 01 Broken Access Control -> MFLAC
• 01 01 XXE - XML External Entity
• 01 01 Open Redirection
• 01 01 Server-Side Template Injection
• 01 01 Local File Inclusion
• 01 01 LDAP Injection
• 01 01 Path traversal
• 01 01 CRLF Injection
• 01 01 Blind Command Injection
• 01 01 Command Injection
• 01 01 Blind XML External Entity
• 01 01 Reconnaissance
• 01 01 Privilege Escalation
• 01 01 Persistence
• 01 01 Lateral Movement
• 01 01 Impact
• 01 01 Exfiltration
• 01 01 Execution
• 01 01 Defense Evasion
• 01 01 Discovery
• 01 01 Credential Access
• 01 01 Collection
• 01 01 Command and Control