Index
Expand All
Collapse All
-
Web Application Pentesting
TODO
DNS (Domain Name System)
Roadmap
-
MY IMPORTANT NOTES
Recon
-
Methodologies
Checklist
-
ZSEANO methodology
His book
Videos' Notes
TheHackerish
-
insiderPHD notes
Mobile API testing
Ecommerce bug
IDOR 10 tips
SANS sec552 notes
WEB APPLICATION PENETRATION TESTING NOTES
WebApp-PentestProcess - A voir
Videos per vuln type
vocabulary/definition
HTTP status code
a trier screenshots
-
Recon
Recon cheatsheet from multiple sources
Github
fuzzing wordlists
-
Cheatsheet
"All" Cloud metadata endpoint
Injection (non sql)
NodeJS red team cheatsheet
-
Burpsuite
Intruder
Sequencer
burpsuite HOTKEYS
-
BurpSuite TIPS
Resources
burp-send-to
AutoRepeater
Autorize
Chain Burp & ZAP
-
TOOLS/one liners
-
FFUF
Fuzzing with ffuf rez0 talk nahamcon2021
AMASS
gobuster
HTTPX
NOTIFY
-
Encoding
url encoding
Char conversion
Unicode
Bug Bounty TIPS
H1 vuln list parsed
Write-up
Cookie Primer
OSINT
Attack Secondary contexts in Web App
-
Javascript
prototype pollution
Js For Pentesters
resources
-
API (web services)
Peritus courses notes
TIPS
GraphQL
REST
-
SOAP
How it works?
Definitions
resources
-
Thick/Thin clients
-
resources
lab
API MINDMAP
-
Authentication/Authorization (IDOR/mass assignement included)
-
Authorization
-
IDOR
Burp plugin automation (Autorize)
-
insiderPhD idor exploitation
videos
Mass Assignement
Resume
TIPS!!!
-
Authentication
Bruteforce username & password
2FA bypass
OTP bypass
-
Password reset functionnality testing
Checklist
Remember me/Keep me logged in cookie
captcha bypass
TIPS
-
Resources
AuthZineV2
-
Single Sign-On - SSO
How it works??
Real world examples
-
SAML
Exploitation
-
Oauth 2.0
-
How it works??
Code grant type
Implicit grant type
PHP code example
tips/bypass
Resume exploitation
Businness Logic Attacks
-
cmd injection
Resume
-
CMS - Content Management System
Sharepoint
-
wordpress
resources
WPScan
coldfusion
Compiled Object
Same Origine Policy - SOP
-
CORS (exported)
-
Exploitation
Example
-
(exported) Cross Domain Messaging (PostMessage) Vulnerabilities
video how this works
CR/LF injection
CSP - Content Security Policy
-
CSRF
CSRF - file upload
Tools/methods
bugbounty tips
Resources
Email things
-
File Upload
-
Complete checklist
bug bounty tips
-
bypasses
exentions to try appending
google dork for potentials
malicious .htaccess
other attacks in combination
Resources
Magic Bytes
-
GraphQL
Exploitation
ressources
-
Header Attacks
Article Host Header Attacks
-
Host Header
How it works?
Exploitation
HTML5
HTTP Response Splitting
JAVA and Struts
jboss
JSON exploitation
-
JWT pentesting
pentesting jwt
jwt pentest2
Tools
Resources
LDAP
-
LFI - RFI
bypass
extra tips-tricks
-
file locations - blind files
linux
windows
-
log poisoning - code exec
access.log
auth.log
error.log
php temporary files 2
-
phpinfo() + poc code
poc
proc-self-environ
proc files - information gathering
sessions
standard
-
Resources
List of attacks strings
NodeJS pentesting
-
NoSQL injection
how to test
nosqli payloads
Resources
-
Open Redirect
-
Bypass
raw md file
Common parameter to test
payloads
Report & writeups
Resources
Tools
Video(s)
-
oracle app servers
-
weblogic
-
decryptpasswords
-
bouncycastle.crypto.dll
java
powershell
python
t3 protocol
Request smuggling
RPO Relative Path Overwrite
RCE - Remote Code Execution
-
Serialize - Object Injection
-
Exploitation
-
php (de)serialize
detection - hunting
exploitation
general primer
mitigation
-
net (de)serialize
general primer
-
json (de)serialize
general primer
-
java (de)serialize
detection
exploiting deserialization
general primer
-
java code to list objects from request
code
usage
mitigation
outside port 80 and 443
payloads
resources
-
SQL injection
-
testing
general testing techniques
general attacks
methodology
tips - tricks
top reminders
SQLi payloads example
SQLmap
sqlite
-
Different types
blind
boolean-based
error-based
out-of-band
-
sqlinjection.net
-
advanced
-
defense
secure pl-sql
secure stored procedure
mysql_real_escape_string sqli
simulation environment
-
stored procedures
attacks
pl-sql attacks
system tables for sqli
-
tools
sqlmap overview
sqlmap tutorial
-
uncategorized
implicit numeric conversion
minimal select structure
-
attacks
-
basics
numeric parameters
string parameters
-
blind
estimate table size
time-based sqli
time-based using heavy query
-
extract information
db fingerprinting
find column names
find table names
-
techniques
comments to simplify
inference
login bypass
stacked queries
union
-
test
-
anomalies
detect from http errors
info from custom errors
server resp and page source
sqli and db errors
determining query structure
identify data entries
sqli detection
risks of sqli
what is sqli
time-based
potential methodology
cheatsheet
-
db2
db2 cheatsheet
general info
queries
-
informix
general info
queries
-
ingres
general info
queries
-
ms access
basic testing
-
blind testing
more specific
enum attributes
obtaining database schema
queries
scripts
-
mssql
-
cheatsheets to combine
-
evilsql cheatsheets
blind
error
union
exploit-db paper
-
evading filtering
get tricky
general info
password hashes
queries
specific attacks
tips - tricks
xd-blog tutorial
-
mysql
-
cheat sheets to combine
justin
-
evading filtering
filter evasion cheat sheet
get tricky
-
local priv esc running as root
alternative to raptor
-
queries
mysql_error() function
privileges
read file
specifics
write file
truncating vulnerability
-
oracle
-
general info
passwords
queries
specific attacks
-
postresql
general info
queries
resources
-
SSRF (exported)
-
Exploitation
Bypass defense
Gopher protocol
live exploitation
mindmap
list of cloud metadata
-
Rebinding site
-
DNS
1u.ms
nip.io
xip.io
HTTP rebinding
Resources
testing resources
bugbounty tips
dns rebinding
-
SSTI - Server Side Template Injection
Tool(s)
SSTI attacks from PayloadAllTheThings repo
resources
-
Type juggling (exported)
Resources
TOMCAT
-
WAF - Web App Firewall
How they work?
-
BYPASS WAF-FILTERING
unicode encoding
.NET filtering
Modsecurity
resources
-
Web Frameworks (rien d'interessant)
TIPS
-
Webmin
some file locations
webmin and apache
-
Web Cache poisonning
How do Web Caches work?
Key Concepts
Enumeration
XSS web cache poisoning
-
Websocket (exported)
-
Cross Site Websocket Hijacking
-
POC Cross Site Websocket Hijacking
POC 1 - Cross Site Websocket Hijack
POC 2 - Cross Site Websocket Hijacking
Testing websocket
XPATH
HTML Injection
-
XSS
-
DOM XSS
Sources
Sinks
-
testing for xss
steal cookie
cross-origin
open redirects
css xss
filename upload abuse
flash
header abuse
cache poisoning
email field
-
bypass
tricks
data URI
XSS Auditor Bypass BruteSecrets
PDF generator
top vectors
cookie tossing
XSS Cheatsheet TOP
-
All you need
useful js functions 2
useful html tags
regex matches
js file types for variable assignment
cookie catcher scripts
attack strings
agnostic event handlers
100 attack vectors
without parenthesis and semi colons
potential impact
references
-
XXE - XML External Entity Attack
-
How to exploit?
PDF Upload
SYSTEM entities
Some payloads
Learn and Practice (vickie li)
resources
mindmap
burpsuite hotkeys
Using burpsuite during manual testing
-
Mobile Pentesting
Recon
Static Analysis
Dynamic Analysis
-
Android Security Architecture
Android Identity and Access Management - IAM
Application Security and Signing Process