Keywords
Areas of Interest
Active Directory (8) Authentication (13) Broken Authentication and Authorization (4) Common Applications (10) Common Security Controls (1) Common Services (6) Cryptography (3) Custom Applications (9) Databases (5) Enterprise Network (18) Forensics (1) Host (1) Injections (12) IoT (2) Log Analysis (2) Niche Technologies (3) Person (1) Protocols (12) Reverse Engineering (2) Security Operations (2) Security Tools (19) Session Management and Hijacking (1) Social Engineering (1) Software & OS exploitation (20) Source Code Analysis (6) Steganography (1) Telecom (1) Vulnerability Assessment (37) Web Application (28) Wireless (1)
Vulnerabilities
Anonymous/Guest Access (4) Arbitrary File Read (4) Arbitrary File Upload (6) Arbitrary File Write (1) Autologon Credentials (1) Buffer Overflow (1) Clear Text Credentials (7) Code Execution (2) Code Injection (2) Command Execution (1) Cross Site Scripting (XSS) (1) Default Credentials (9) Deserialization (1) Directory Traversal (2) File System Configuration (2) Group Membership (2) Hard-coded Credentials (3) Information Disclosure (7) Insecure Design (3) Insecure Direct Object Reference (IDOR) (1) Local File Inclusion (2) Misconfiguration (14) OS Command Injection (7) PHP type juggling (1) Race Condition (1) Remote Code Execution (20) Remote File Inclusion (1) Sensitive Data Exposure (1) Server Side Request Forgery (SSRF) (1) SQL Injection (2) Weak Authentication (3) Weak Credentials (6) Weak Permissions (2)
Services
Apache (8) CGI (1) CMS (1) DNS (1) Docker (1) Exchange (1) EXE (1) Flask (1) FTP (2) Git (1) Gitea (2) Grafana (1) Gunicorn (1) HFS (1) hMailServer (1) IIS (4) Joomla (1) KeePass (1) Kerberos (2) Laravel (1) LDAP (2) LibreOffice (1) LightHTTPD (1) Linux (2) LXD (1) Macros (1) Maltrail (1) Metabase (1) Mosh (mobile shell) (1) MSSQL (1) MySQL (4) NGINX (6) Nibbleblog (1) NodeJS (1) Nostromo (1) Openadmin (1) OpenOffice (1) OpenSSL (1) OpenWRT (1) pfSense (1) Pi-Hole (1) PLC (1) Rails (1) Request Baskets (1) SAMBA (1) SMB (4) SNMP (1) Spring Boot (1) SQLite (4) SSH (11) Telnet (1) Tomcat (1) WebDav (2) Werkzeug (1) WiFi (1) Windows (2) WinRM (3) Wordpress (1)
Techniques
Active Directory Certificate Services (1) AD DCSync (2) Antivirus Bypass (1) API Abuse (1) ASREPRoasting (1) Authentication bypass (2) Binary Analysis (1) Binary Exploitation (1) Brute Force Attack (2) Configuration Analysis (5) Cookie Manipulation (1) Decompilation (2) Decrypt (1) Exploit Development (1) Exploit Modification (1) Fuzzing (7) Impersonation (1) Kerberoasting (1) Kernel Exploitation (1) Linux Capabilities (1) Network Misconfiguration (1) Packet Capture Analysis (1) Pass the Hash (3) Password Capture (3) Password Cracking (18) Password Dump (1) Password Guessing (1) Password Reset (1) Password Reuse (11) Password Spraying (2) Phishing (2) Pivoting (2) Port Forwarding (2) Potato Exploits (1) Privilege Abuse (6) Reconnaissance (30) Sandbox Escape (2) Scheduled Job Abuse (1) SUDO Exploitation (16) SUID Exploitation (3) System Exploitation (3) Tunneling (2) User Enumeration (6) Web Site Structure Discovery (13) WPS PIN Attack (1) WPS PIN Bruteforce (1)