Hello Open World
Search
CTRL + K
Hello Open World
Search
CTRL + K
0. Learn Like a Systems Engineer
Browsers As OS
Resources
Clouds
0. Clouds
1. Clouds testing Scoping
2. Associate roles and services
Docker
Docker- Kali
Kubernetes
Kubernetes
LLM
Resources
Web
0. Web Architecture 101
1. Attack Web application
2. DNS Security - Defen ding Against Attacks
3. Load Balancer Security- Defending Against Attacks
4. Web Application Server Security- Defending Against Attacks
4a. RCE
5. Databases
6. Web Caching Security- Attacks & Mitigation Strategies
7a. Introduction to Job Queue Security
8. Microservices Security- Protecting APIs & Authentication Mechanisms
8a. JWT
8b. OAuth
8c. SAML
9. Introduction to Data Pipeline Security
10. HTTP Headers
1. Hack Like a Script Kiddie
Clouds
AWS
flaws.cloud
AWS Practice - flaws.cloud
AWS Practice 2 -flaws2.cloud
Tips
AWS IAM
AWS Signed API Request
AWS Signing and Authenticating REST requests
0. AWS Resources
1. AWS Cloud Services
2. AWS Enumeration Process
AWS -Tools
Azure
Azure General
IAM
How does a user authenticate to the cloud?
OpenID Connect
Security Token Service
AZ CLI
AZURE CLI Tab Completion
Azure Network
Azure Powershell
Azure REST API with Azure CLI
Built-in Permissions
Enumerate with credentials
Enumerate without Credentials
Tenant, Subscription, Resource
Tool - AADInternal
Tool - Azrecon.sh
Tool - AZSubEnum - Subdomain Enum
Tool - BloodHound AzureHoundCustomQuery
Tool - BloodHound
Tool - GraphRunner
Tool - Name mesh
Tool- RoadRecon
Tools - Password spray
Azure Services
Active Directory Federation Services (ADFS)
Azure API Management
Azure App Services
Azure Automation
Azure Entra
Azure Key Vault
Azure Resource Manager
Azure SQL
Azure Storage Account
Azure Virtual Machine
Microsoft Graph
SDKs
PwnedLabs
0. Azure - Readme
1. Azure Blob Container to Initial Access
2. Unlock Access with Azure Key Vault
3. Azure with Bloodhound and Microsoft.Graph
4. Loot Exchange, Teams and SharePoint with GraphRunner
5. Unmask Privileged Access in Azure
6. Azure Recon to Foothold and Profit
8. Execute Azure Credential Shuffle to Achieve Objectives
0. Resources
0. Attack Clouds
1. Search for Credentials - Services
2. Search for Credentials - File
Web
Data Wrapper
Bash Data Wrapper
Java Data Wrapper
Javascript Data Wrapper
Perl
PHP Data Wrapper
Debugger and Logger
Debugger - vscode
Debugger - .net - DNN
Debugger - Apache Debugger start
Debugger - Docker and NodeJS
Debugger - ERPNext Frappe
Debugger - Java - VSCODE
Debugger-Docker
Debugger-Maria
Debugger-VSCODE-Python
Logger - MongoDB
Logger - MS SQL Server
Logger - mysql
Logger - Nginx
Logger - Oracle Database
Logger - PostgreSQL
Logger - SQLite
Logger-PHP
Deserialization - .net
Black Box Appraoch
Debug with dnspy - DNN
White Box Approach
XML Deserialization Vulnerabilities
GraphQL
0. GraphQL Attack Flow
0. GraphQL Resources
1. GraphQL
2. GraphQL Endpoints?
3. Introspection - Getting information
4. Bypass
5. Connection Type
6. 'Something' doesn't exist on type 'Query'
JAVA
Java 101
Java Extenions
JAVA Servlets and Key Methods
JAVA Web Testing - White box
Javascript
Session Riding CSRF
CSRF
javascript payload session riding - CSRF
Javascript, Nodejs, Express, Webpack
NodeJS - Handlebars
NodeJS- EJS
Templating Engine
MYSQL
Collation - MySQL
Logger - MariaDB
MySQL Payload
SQLI Flow
PHP
PHP
PHP_vuln.py
postgresSQL
0. PSQL Extensions attack - UDF
1. PSQL Large Object exploit
1.1 PSQL Large Object Shell -linux
1.2 PSQL Large Object Shell- Windows
Large Object Reverse shell Python code
poc.c Local execution arking.
psql payload
PSQL Payload copy from, copy to
PSQL payload- RCE
psql poc.c - reverseshell
Remote execution py
Prototype
Example
Main Prototype pollution
Regex
regex for sqli
Regex syntax
SOP_CORS
SOP and CORS
SSRF
SSRF Basic
SSTI
Server Side Template Injection
SSTI Payload
web_pentesting_checklist
2.1 SQLMAP
3. Command Injection
0. Attack Web
Docker
Golang?
HTTP Smuggling
JSON Web Tokens
WAF
WebSocket
Attack Computer
AD
Port
53 - DNS
88 - Kerberos
135, 593 - Microsoft Remote Procedure Call
139,445 - SMB
389, 636, 3268, 3269 - LDAP
3389 - RDP
Unauthenticated Path - with HTB rebound
Attack Windows
1. Windows Basic
Windows Authentication System
LSASS - Local and Domain
Security Account Manager - Local
Windows Credentials Manager - Local
0. Resources
1. Portable Executable Structure
2. From PE to Memory
3. Flow of System Calls - ntdll.dll, kernel32.dll
4. Win32 API and Windows Native API
4a. NTDLL.DLL - Overview and Functionality
5. Syscalls Flow
5a. Syscalls Deep dive
5b. From Memory - PEB_TEB
6. Execution
SC
USB - How does it work?
Windows Authentication Systems ( Pending)
Windows Management Instrumentation (WMI)
Windows Remote Management
Windows User Rights
WMIC
1a. Windows Defense Mechanism
1. EDR Intro
1. Let's understand EDR like a blue team
2. Let's understand EDR like a red team
2. EDR Evasion
0. Binary creation and insertion
00. Resources
1. Download Prevention & Bypass Techniques
1a. AES, RC4, XOR encryption
1b. XOR-Based Self-Decrypting Payload (With Memory Execution)
1c. RC4-Based Self-Decrypting Payload (C++)
1d. AES-Based Self-Decrypting Payload (C++)
1e. Advanced UPX Methods for Modifying Binary Structure
2. Direct syscalls intro
2a. Direct Syscalls cpp
2b. Indirect Syscalls intro
2c. Indirect Syscalls -Tool
3. API Hooking
0. Windows defense mechanism
Bypass EDR!!
Windows Code Integrity Engine
2. Online article deep dive
CVE-2024-9473
Part 1 - Bypassing Windows Defender Application Control with Loki C2
Enumerate Windows
Attack Wireless
Wireless
Automation
Automate OSWE starting routine
Learn Programming
Learn C_C++
0. Cross Compiling - From Linux to Windows binary
Learn Python
Threading
Venv
Learn Rust
Rust Cross-Compilation Guide (Linux to Windows)
Publish Stuff
Digital Garden and github issue
Digital Garden Resources
Publish free
Hello open world
Debugger - Apache Debugger start
systemctl start apache2 tail -f /var/log/apach2/access.log