Categories API Zipslip XML External Entity (OSWE) Wireless Penetration Testing Wireless Penetration Testing (OSWP) Exam Notes Windows Verb Tampering Understanding Java Gadgets TypeScript t=resetToken&p=CRX&s=Standard&id=guest&password1=password&password2=password Testing Requirements Summary Subdomain Takeover SQL Injection Sqeakr Some PHP Insecurity Challenges Slide 1: Introduction ServiceNow Scoping Requirements SameSite Attributes Salesforce Marketing Cloud (SFMC) Report Prototype Pollution Prototype Pollution Presentation Presentation Presentation - Introduction to Browser Exploitation (Memory Exploitation) PHP WordPress Remote Debugging PHP Remote Debugging PHP Code Review Basics Password Reset Authentication Bypass in Java (OSWE) OSWE Bible openITCOCKPIT XSS and OS Command Injection - Blackbox .NET Application Code Review (C#) MySQL Logging MYSQL Injection Mvc + Http Routing Miscellaneous Tools for Python Microservices Microservices SSRF (Code Review of url-to-pdf-api) MariaDB Logging Javascript Code Review Java Web Application Code Review Java Remote Debugging Java Code Review Ieee 802.11 Standard HSQLDB GraphQL General Game Hacking Full Disclosure Extra Mile Exploiting Permissive Cors Headers Exam Revision Dylib Injection DOM-based XSS (Client-side JavaScript Code Review) Cross-site Scripting Cross Origin Resource Sharing (CORS) Comprehensive Guide to Active Directory (AD) Common ports to scan Cloudformation Powerpoint Client Side PHP Browser Exploits Blockchain and Smart Contracts AWS Notes AWS Certified Solutions Architect AST (Abstract Syntax Tree) Injection API Penetration Testing Apache PHP Logging Active Directory Basic Commands Active Directory (AD) 8. DotNetNuke Cookie Deserialization RCE 7.5 4. ATutor Authentication Bypass and RCE 13.7.1 13.4.2 13. Server Side Request Forgery 12.3 (P) 12.2.5 12. Concord Authentication Bypass to RCE 11.6.5 (Incomplete) 10.3.5 10. OpenCRX Authentication Bypass and Remote Code Execution None Office RCE Exploit: CVE-2021-40444 Exploitation Zipslip XML External Entity (OSWE) VMWare Esxi Universal XSS Understanding Java Gadgets Under The Door Tools and Methodologies Summary SQL Injection Sqeakr Solidity Slide 1: Introduction ServiceNow Server-Side Request Forgery (SSRF) Server-side Prototype Pollution SameSite Attributes Salesforce Testing Ruby on Rails Code Review Report ProxyMan Prototype Pollution Prototype Pollution Presentation Prototype Pollution Cheat Sheet Prompts Presentation Presentation - Introduction to Browser Exploitation (Memory Exploitation) Post Exploitation PHP Code Review Basics Password Reset Authentication Bypass in Java (OSWE) Over The Door openITCOCKPIT XSS and OS Command Injection - Blackbox MYSQL Injection Miscellaneous Tools for Python Magnetic Lock Systems Latch Slipping Kernel Exploitation Java Java Code Review Intent Redirection HSQLDB Hinge Removal General Firebase Extra Mile Exploiting Permissive Cors Headers Exploitation (Java) Deserialization Basics Deep Link Exploitation Cryptography Cross-site Scripting Cross Origin Resource Sharing (CORS) Comprehensive Physical Security Audit Checklist Comprehensive Guide to Active Directory (AD) Challenge Link. Browser Exploits AST (Abstract Syntax Tree) Injection Android Presentation (Credits to Luke Symons) 9.5.3 9.5.2 8. DotNetNuke Cookie Deserialization RCE 7.5 6.5.1 (Incomplete) 4.9.4 13.4.2 13. Server Side Request Forgery 12.2.5 12. Concord Authentication Bypass to RCE 11.7.6 (Incomplete) None Sap Icmad Cve 2022 22536 Office RCE Exploit: CVE-2021-40444 Security Zipslip WordPress Testing WordPress CVEs Wireless Penetration Testing Wireless Penetration Testing (OSWP) Exam Notes Wireless Networks Windows RPC Vulnerability White Box Pentest Guide WebView Attacks Web Sockets Web Application Penetration Testing Web Application Firewall Presentation Useful Links Universal XSS Understanding Java Gadgets Under The Door Type Juggling Transport Layer Security (TLS) protocol Theory Testing Requirements Techniques for Bypassing Request to Exit (REX) Doors Task Hijacking Attacks Subdomain Takeover SQL Injection SQL Injection Techniques Some PHP Insecurity Challenges Solidity SMB Slide 1: Introduction ServiceNow Server-Side Template Injection (SSTI) Server-Side Request Forgery (SSRF) Server-side Prototype Pollution Security Breach Scoping Requirements SameSite Attributes Salesforce Marketing Cloud (SFMC) Reverse Shell Cheat Sheet Report Red Team ProxyMan Prototype Pollution Prototype Pollution Presentation Prompts Presentation Presentation - Introduction to Browser Exploitation (Memory Exploitation) Postgres RCE PHP Code Review Basics PDF Pentesting Password Reset Authentication Bypass in Java (OSWE) Over The Door *OSX Penetration Testing Network Infrastructure Penetration Testing .NET Application Code Review (C#) MYSQL Injection Multi-Factor Authentication MobSF Automated Dynamic and Static Analysis Miscellaneous Tools for Python Microservices Magnetic Lock Systems Local File Inclusion LDAP Injection Latch Slipping Javascript Code Review Java Code Review Intrusion detection system (IDS) Internet Protocol security (IPsec) Interactive Shell Upgrade Intent Redirection Infrastructure as Code (IaC) Penetration Testing HTTP Request Smuggling Attack HTTP Parameter Pollution HSQLDB Hinge Removal GraphQL General Full Disclosure Frida Frames and Network Interaction Follina Msdt Firebase File Upload Extra Mile External Recon Exploiting Permissive Cors Headers Exploitation (Java) Exam Revision Encryption ELK Stack Domain Fronting DOM-based XSS (Client-side JavaScript Code Review) Dependency Chain Attacks Deep Link Exploitation Cross-site Scripting Cross Origin Resource Sharing (CORS) CRLF Injection Courses and Materials Content Security Policy Comprehensive Physical Security Audit Checklist Comprehensive Guide to Active Directory (AD) Code Review Basics and Commands Cloudformation Powerpoint Cloud Penetration Testing Challenge Link. CDN - Content Delivery Network Bug Bounty Blockchain and Smart Contracts Beside The Door AWS Services Explained AWS Certified Solutions Architect Availability Zones + Regions Authentication AST (Abstract Syntax Tree) Injection API Penetration Testing Answers Android Active Directory Basic Commands Active Directory Attack Methodology Active Directory (AD) 9. ERPNext Authentication Bypass and Server Side Template Injection 8. DotNetNuke Cookie Deserialization RCE 7.5 4.9.4 3. Ssl Pinning 14.2.3 (P) 12.2.5 12. Concord Authentication Bypass to RCE 10. OpenCRX Authentication Bypass and Remote Code Execution None None Sap Icmad Cve 2022 22536 Office RCE Exploit: CVE-2021-40444 CI/CD Exam Revision CICD Testing AWS Services Explained AWS Notes Github Actions Pipelines Github Actions Research Docker Escapes Websocket Webpacks Web Resources Web Cache Poisoning Web Assembly Vim Version Control To Do List Testing Pre-installed Apps Test System System Design Subprocess (For Python 3) Spring4Shell Spring Setting up SSH Keys Setting Up Captive Portal on EC2 Same Origin Policy Basics Ruby ERB SSTI Reverse Engineering Resources Regex React Native Mobile Applications Python Scripting Python Code Review Prep Links Postfix Logging Pivoting PHP Type Juggling Phishing Persistent Payloads in PNG file upload - PHP Password Databases (for bruteforce) Password Cracking Padding Oracle Attack O365 NPM issues NodeJS Remote Debugging Neo4J --> Neo for Java Miscellaneous Tools Lua Shellcode Listo Kiosk Breakout Insecure PHP Deserialization HTTP/2 Desync How does a CPU work? Hardware Golang Code Review Github Fuzzing Find All Books File Transfer Encoding DocEdit Dns DLL Hijacking Directory Traversal Directory Brute-forcing Data Wrangling Data Mangling Credentials and Wordlists Conferences and Education Command Injection Coding Standards Client-side Prototype Pollution Chinese Resources Chatgpt Jailbreak C Code Review Bash Scripting Authenticated (Administrator) SQL Injection in Better Search Replace Plugin <=1.4 9.6.2 6.8.2 (Incomplete) 14.5.2 14.4.2 13.6.2 13.6.1 13.4.5 (Incomplete) 13.3.2 10.2.4 CTF Notes and Payloads LLM Driving 0Day Research Kubernetes (K8) Research Github Actions Containers Docker Escapes Template Injection (To escalate Prototype Pollution) Server-Side Request Forgery (SSRF) Semgrep Prototype Pollution Prototype Pollution Cheat Sheet PHP WordPress Remote Debugging Nodejs (Remote + Vscode) Microservices Javascript Code Review Java Code Review Exam Revision Docker Defeat the Pug! Debugging Techniques Courses and Materials Code Snippets Code Review Basics and Commands Cloudformation Powerpoint AWS Services Explained Availability Zones + Regions AST (Abstract Syntax Tree) Injection API Penetration Testing 12.2.5 11.6.2 Kubernetes (K8) Research K8 Kubernetes Exam Revision AWS Services Explained Kubernetes (K8) Research Virtual Machine Kubernetes (K8) Research LLM LLM Driving 0Day Research AI LLM Driving 0Day Research CTF Some PHP Insecurity Challenges Reverse Shell Cheat Sheet Presentation Presentation - Introduction to Browser Exploitation (Memory Exploitation) MYSQL Injection Miscellaneous Tools for Python CTF Challenges Browser Exploits CTF Notes and Payloads Fun CTF Notes and Payloads Network WPS Network Attacks (Used with WPA + WPA2) WordPress Testing Wireshark Wireless Penetration Testing Wireless Penetration Testing (OSWP) Exam Notes Wireless Networks Wireless Honeypot Project Ideas Virtual Routers, VPF and VLAN Virtual private network Understanding Java Gadgets Theory Testing Requirements SQL Injection Solidity SMB Slide 1: Introduction Server-Side Request Forgery (SSRF) Scoping Requirements Reverse Shell Cheat Sheet Remove probe requests and responses (Management frames) Red Team Raspberry Pi Presentation Presentation - Introduction to Browser Exploitation (Memory Exploitation) Networking Commands Network Infrastructure Penetration Testing Modify 'g' value until substring starts with '0e Miscellaneous Tools for Python Microservices Load balancer Intrusion detection system (IDS) Internet Protocol security (IPsec) Ieee 802.11 Standard General Full Disclosure Frames and Network Interaction Firewall Firebase Extra Mile External Infrastructure Exam Revision Encryption Enable and disable monitor mode on wireless devices Dynamic Host Configuration Protocol Deserialization Basics Defeat the Pug! Computing and Networking Theory Comprehensive Physical Security Audit Checklist Comprehensive Guide to Active Directory (AD) Common ports to scan Cloudformation Powerpoint CDN - Content Delivery Network Blockchain and Smart Contracts AWS Services Explained AWS Notes AWS Certified Solutions Architect Availability Zones + Regions Active Directory Basic Commands Active Directory Attack Methodology Active Directory (AD) 802.11 Options 13. Server Side Request Forgery 12.3 (P) None Windows Windows Windows RPC Vulnerability Windows Privilege Escalation Windows Internals Tools and Methodologies Summary Reverse Shell Cheat Sheet PHP Remote Debugging OSWE Bible Notes .NET Application Code Review (C#) Java Interactive Shell Upgrade General Game Hacking Full Disclosure Forensics Testing Exploitation (Java) Exam Revision Docker Deserialization Basics Debugging Comprehensive Guide to Active Directory (AD) Android Active Directory Basic Commands Active Directory Attack Methodology Active Directory (AD) 8. DotNetNuke Cookie Deserialization RCE None Evasion Windows Websocket RCE (Authenticated) Web Application Firewall Presentation WAF Bypass VNC Testing Use stdout=-1 to dump all contents to response Universal XSS Testing Requirements Template Injection (To escalate Prototype Pollution) Techniques for Bypassing Request to Exit (REX) Doors Summary SQL Injection SQL Injection Techniques Sqeakr Some PHP Insecurity Challenges Slide 1: Introduction Server-Side Template Injection (SSTI) Server-Side Request Forgery (SSRF) Server-side Prototype Pollution Saml Misconfiguration Same Origin Policy Bypass Reverse Shell Cheat Sheet Report Prototype Pollution Prototype Pollution Presentation Prompts PHP Code Review Basics Password Reset Authentication Bypass in Java (OSWE) Padlock Bypass Using Aluminum Can Microservices Magnetic Lock Systems Local File Inclusion Latch Slipping JSON Web Tokens Hinge Removal General Full Disclosure Frida Extra Mile Exam Revision EDR Bypass Defeat the Pug! Cryptography Cross-site Scripting Content Security Policy Comprehensive Physical Security Audit Checklist Comprehensive Guide to Active Directory (AD) Challenge Link. Bypassing EDR Bypass Beside The Door Answers Android Active Directory Basic Commands 9.5.3 9. ERPNext Authentication Bypass and Server Side Template Injection 4. ATutor Authentication Bypass and RCE 14.2.3 (P) 12. Concord Authentication Bypass to RCE 10. OpenCRX Authentication Bypass and Remote Code Execution Web Web Application Penetration Testing Web Application Firewall Presentation Universal XSS Template Injection (To escalate Prototype Pollution) Summary SQL Injection Solidity Scoping Requirements SameSite Attributes Rogue AP Setup README Report ProxyMan Prototype Pollution Prototype Pollution Presentation PHP Code Review Basics Password Reset Authentication Bypass in Java (OSWE) OSWE Bible openITCOCKPIT XSS and OS Command Injection - Blackbox openITCOCKPIT (Black Box Testing) now we update the sqli Notes Nodejs (Remote + Vscode) MYSQL Injection Mvc + Http Routing Microservices Javascript Code Review Java Web Application Code Review Java Code Review GraphQL General Full Disclosure File Upload Extra Mile Exploiting Permissive Cors Headers Exam Revision Enumerating Client Side JavaScript in Web Application Tests DOM-based XSS (Client-side JavaScript Code Review) Debugging Cross-site Scripting AWS Services Explained Answers 4. ATutor Authentication Bypass and RCE 14.5.1 12.2.5 12. Concord Authentication Bypass to RCE 11.7.6 (Incomplete) 11.6.4 (Incomplete) 11.6.2 Linux Wireless Penetration Testing Wireless Networks Websocket RCE (Authenticated) Summary Sqeakr Reverse Shell Cheat Sheet Raspberry Pi Python (Remote + Vscode) Powershell PHP Remote Debugging Modify 'g' value until substring starts with '0e Linux Kernel Exploitation Java Interactive Shell Upgrade HSQLDB Forensics Testing Exploitation (Java) Exam Revision Driver Installation Docker Deserialization Basics Cloudformation Powerpoint Answers Android Active Directory Basic Commands 4.9.4 Cloud Web Application Firewall Presentation WAF Bypass Subdomain Takeover SSM Slide 1: Introduction Server-Side Request Forgery (SSRF) Scoping Requirements Salesforce Testing Salesforce Marketing Cloud (SFMC) Report Readme Raspberry Pi ProxyMan .NET Application Code Review (C#) Miscellaneous Tools for Python Mastering AWS Cloudformation Mach Kernel Full Disclosure Exam Revision Dylib Injection Denial of Service Cross-site Scripting Cloudformation Cloudformation Powerpoint Cloud Penetration Testing CDN - Content Delivery Network AWS Services Explained AWS Notes AWS Certified Solutions Architect AWS Certified Cloud Practitioner Availability Zones + Regions 8. DotNetNuke Cookie Deserialization RCE Active Directory The complete list of all coding vulnerabilities LDAP Injection Full Disclosure Exam Revision Courses and Materials Comprehensive Guide to Active Directory (AD) Active Directory Basic Commands Active Directory Attack Methodology Active Directory (AD) IaC Wireless Networks SQL Injection Scoping Requirements Report Network Infrastructure Penetration Testing Mastering AWS Cloudformation Infrastructure as Code (IaC) Penetration Testing External Infrastructure Exam Revision Cloudformation Cloudformation Powerpoint AWS Services Explained AWS Certified Solutions Architect Availability Zones + Regions Active Directory Attack Methodology OSINT Prompts Bug Bounty Active Directory Attack Methodology Privilege Escalation Windows Privilege Escalation Report Prototype Pollution Cheat Sheet Local Privilege Escalation Active Directory Attack Methodology Recon Summary SSH SQL Injection SMB Server-Side Request Forgery (SSRF) Report Password Reset Authentication Bypass in Java (OSWE) OSWE Bible General Full Disclosure Comprehensive Guide to Active Directory (AD) Cloud Penetration Testing Active Directory Basic Commands Active Directory Attack Methodology Persistence Presentation Presentation - Introduction to Browser Exploitation (Memory Exploitation) Comprehensive Guide to Active Directory (AD) Forensics Forensics Testing Malware Windows Web Application Firewall Presentation Prompts Malware Development Malware Analysis Intrusion detection system (IDS) Docker Docker Escapes
