MITRE ID : T1003.008 Tactic : Credential Access Platforms: Linux /etc/passwd and /etc/shadow Most modern Linux operating systems use a combination of /etc/passwd and /etc/shadow to store...

MITRE ID : T1003.006 Tactic : Credential Access Platforms: Windows DCSync DCSync attack simulates the behavior of a Domain Controller and asks other Domain Controllers to replicate infor...

MITRE ID : T1003.005 Tactic : Credential Access Platforms: Windows Cached Domain Credentials Cached domain credentials allows authentication to occur in the event a domain controller is ...

– title: Writable C$ Share date: 2022-06-03 05:49:33 +0800 categories: [Infrastructure Pentesting, Active Directory] tags: [] — C$ Exploitation

Resource Development

Stored XSS Cross-Site Scripting (XSS) attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted websites. XSS attacks occur when an attacker uses a...

Reflected XSS Cross-Site Scripting (XSS) attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted websites. XSS attacks occur when an attacker use...

DOM-based XSS Cross-Site Scripting (XSS) attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted websites. XSS attacks occur when an attacker use...

XPATH Injection XPath Injection attacks occur when a web site uses user-supplied information to construct an XPath query for XML data. By sending intentionally malformed information into the web s...