Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
* / Misc / Multiple
Information
https://portswigger.net/kb/issues
JSON Hijacking
Keywords: JSON, hijacking
https://haacked.com/archive/2009/06/25/json-hijacking.aspx/
Posts / Examples
[List of bounties won by SintheticLabs team]
Keywords: H1, bounty
https://h1.sintheticlabs.com/
Active Directory
Information
Posts / Examples
Kerberoasting Without Mimikatz
Keywords: Kerberos, AD
https://www.harmj0y.net/blog/powershell/kerberoasting-without-mimikatz/
Android
Information
Posts / Examples
Hacking android apps with Frida I
Keywords: Frida, Android, DBI
https://www.codemetrix.net/hacking-android-apps-with-frida-1/
Authentication / Authorization
Posts / Examples
Gaining access to private topics using quoting feature
Keywords: Discourse, authorization bypass, forum
https://hackerone.com/reports/312647
AWS
Information
EC2 - Instance Metadata and User Data
Keywords: EC2
http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html
Posts / Examples
Tools
AWS pwn
Keywords: AWS
https://github.com/dagrz/aws_pwn
CORS
Information
HTTP access control (CORS)
Keywords: CORS
https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS
Posts / Examples
Exploiting CORS Misconfigurations for Bitcoins and
Bounties
Keywords: CORS
http://blog.portswigger.net/2016/10/exploiting-cors-misconfigurations-for.html
Crypto
Information
https://sites.google.com/site/cryptocrackprogram
https://r12a.github.io/uniview
https://github.com/nccgroup/featherduster
Posts / Examples
CBC "cut and paste" attack may cause Open Redirect (even
XSS)
Keywords: CBC, crypto, redirect, token
https://hackerone.com/reports/126203
CSRF / SOP
Information
Authoritative guide to CORS (Cross-Origin Resource Sharing)
for REST APIs
Keywords: CSRF
https://www.moesif.com/blog/technical/cors/Authoritative-Guide-to-CORS-Cross-Origin-Resource-Shari
ng-for-REST-APIs/
Posts / Examples
Exploiting CSRF on JSON endpoints with Flash and redirects
Tools
Csv injection
Information
Posts / Examples
Comma separated vulnerabilities
Keywords: Openoffice, Libreoffice, Excel, export to csv
https://www.contextis.com/resources/blog/comma-separated-vulnerabilities/
Bluetooth
Posts / Examples
Reversing and exploiting BLE 4.0 communication
Keywords: BLE, Bluetooth
http://payatu.com/reversing-exploiting-ble-4-0-communication/
Tools
Directory/path traversal
Information
Directory Traversal Checklist
Keywords: checklist, path traversal, directory traversal
● 16 bit Unicode encoding:
○ . = %u002e, / = %u2215, \ = %u2216
● Double URL encoding:
○ . = %252e, / = %252f, \ = %255c
● UTF-8 Unicode encoding:
○ . = %c0%2e, %e0%40%ae, %c0ae, / = %c0%af, %e0%80%af, %c0%2f, \ = %c0%5c,
%c0%80%5c
Django / Python
Information
Posts / Examples
Exploring server-side template injection in Flask Jinja2
Keywords: Flask, Jinja2
https://nvisium.com/blog/2016/03/09/exploring-ssti-in-flask-jinja2/
Injecting Flask
Keywords: Flask
https://nvisium.com/blog/2015/12/07/injecting-flask/
Tools
Ethereum
Posts / Examples
Thinking About Smart Contract Security
https://blog.ethereum.org/2016/06/19/thinking-smart-contract-security/
Exploiting
Information / Training
Linux Heap Exploitation Intro Series: Used and Abused – Use
After Free
Keywords: use after free
https://sensepost.com/blog/2017/linux-heap-exploitation-intro-series-used-and-abused-use-after-free/
Hunting In Memory
Keywords: shellcode injection, reflective DLL injection, memory module, process and module hollowing, Gargoyle (ROP/APC)
https://www.endgame.com/blog/technical-blog/hunting-memory
https://srcincite.io/blog/2017/04/27/from-serialized-to-shell-auditing-google-web-toolkit.html
HTTP Headers
Practical HTTP Host header attacks
Keywords: HTTP Headers, Host, cache poisoning
http://www.skeletonscribe.net/2013/05/practical-http-host-header-attacks.html
iOS
Information / Tips
“Easy network monitoring on non jailbroken iOS:
1/ connect your iOS device to your macOS via USB
2/ rvictl -s <UDID>
3/ tcpdump|wireshark -i rvi0”
IoT
Posts / Examples
Philips Hue Reverse Engineering (BH Talk ‘A Lightbulb
Worm?’)
Keywords: Philips hue, IoT, Zigbee
http://colinoflynn.com/2016/08/philips-hue-r-e-whitepaper-from-black-hat-2016/
Tools
JWT
Information
Posts / Examples
Critical Vulnerability Uncovered in JSON Encryption
Keywords: JWT, json
http://blogs.adobe.com/security/2017/03/critical-vulnerability-uncovered-in-json-encryption.html
Tools
LFI/RFI
Information
https://highon.coffee/blog/lfi-cheat-sheet/
https://www.hackthis.co.uk/articles/shell-via-lfi-and-procselfenviron
https://blog.g0tmi1k.com/2012/02/kioptrix-level-4-local-file/
Posts / Examples
LOCAL FILE READ VIA XSS IN DYNAMICALLY GENERATED PDF
Keywords: XSS, LFI, pdf generator, pdf
http://www.noob.ninja/2017/11/local-file-read-via-xss-in-dynamically.html
PHP Remote File Inclusion command shell using data://
Keywords: PHP, RFI, LFI, URI
https://www.idontplaydarts.com/2011/03/php-remote-file-inclusion-command-shell-using-data-stream/
NodeJS
Posts / Examples
[demo.paypal.com] Node.js code injection (RCE)
Keywords: Paypal, Node, NodeJS, RCE
http://artsploit.blogspot.com.es/2016/08/pprce2.html
Exploiting Node.js deserialization bug for Remote Code
Execution
Keywords: Node, NodeJS, RCE
https://opsecx.com/index.php/2017/02/08/exploiting-node-js-deserialization-bug-for-remote-code-exec
ution/
OAUTH
Information
Posts / Examples
Login CSRF + Open Redirect -> Account Takeover
Keywords: Uber, CSRF, account takeover, Oauth theft
http://ngailong.com/uber-login-csrf-open-redirect-account-takeover/
Tools
Open redirect
Posts / Examples
Airbnb – Chaining Third-Party Open Redirect into Server-Side
Request Forgery (SSRF) via LivePerson Chat
Keywords: SSRF
http://buer.haus/2017/03/09/airbnb-chaining-third-party-open-redirect-into-server-side-request-forgery
-ssrf-via-liveperson-chat/
Powershell
Information
15 Ways to Bypass the PowerShell Execution Policy
Keywords: Powershell, policy, bypass
https://blog.netspi.com/15-ways-to-bypass-the-powershell-execution-policy/
Posts / Examples
From APK to Golden Ticket
Keywords: red team, apk, golden ticket
https://docs.google.com/document/d/1XWzlOOuoTE7DUK60qTk1Wz1VNhbPaHqKEzyxPfyW4GQ
Restricted shells
Information
Escape From SHELLcatraz - Breaking Out of Restricted Unix
Shells
Keywords: shell escapes, restricted shell
https://speakerdeck.com/knaps/escape-from-shellcatraz-breaking-out-of-restricted-unix-shells
RCE
Information
Template injection
Keywords: template, Mako, Jinja, Twig, Smarty
Posts / Examples
Leveraging LFI to RCE using zip://
Keywords: Php, LFI, RCE, uri, data uri
http://www.sxcurity.pro/2017/01/01/zip-to-rce-lfi/
RFID
INFOrmation
RFID Hacking with The Proxmark 3
Keywords: Proxmark 3, RFID, getting started
https://blog.kchung.co/rfid-hacking-with-the-proxmark-3/
Router exploitation
Posts / Examples
SQL Injection to MIPS Overflows: Rooting SOHO Routers
http://media.blackhat.com/bh-us-12/Briefings/Cutlip/BH_US_12_Cutlip_SQL_Exploitation_WP.pdf
SAML
Information
Posts / Examples
The road to your codebase is paved with forged assertions
http://www.economyofmechanism.com/github-saml.html
Tools
SAMLRaider - Burp extension
https://github.com/SAMLRaider/SAMLRaider
Serialization
INFOrmation
Java-Deserialization-Cheat-Sheet
Keywords: Java, serialization, deserialization, cheatsheet
https://github.com/GrrrDog/Java-Deserialization-Cheat-Sheet
Posts / Examples
Attacking Java Deserialization
Keywords: Java, serialization, deserialization
https://nickbloor.co.uk/2017/08/13/attacking-java-deserialization/
Tools
A proof-of-concept tool for generating payloads that
exploit unsafe Java object deserialization
Keywords: Java, serialization, deserialization, ysoserial
https://github.com/frohoff/ysoserial/
SOAP
Posts / Examples
Don’t Drop the SOAP: Real World Web Service Testing
https://media.blackhat.com/bh-us-11/Johnson/BH_US_11_JohnsonEstonAbraham_Dont_Drop_the_SOAP_W
P.pdf
SQL Injection
Exploiting Second Order SQLi Flaws by using Burp & Custom
Sqlmap Tamper
Keywords: SQLi, sqlmap
https://pentest.blog/exploiting-second-order-sqli-flaws-by-using-burp-custom-sqlmap-tamper/
SQL Injection on sctrack.email.uber.com.cn
https://hackerone.com/reports/150156
SSRF
Information
SSRF tips
Keywords: SSRF, tips, cheatsheet
http://blog.safebuff.com/2016/07/03/SSRF-Tips/
Posts / Examples
On “Open Redirect” [1]
Tips
“If the vulnerable server is using cURL to make HTTP requests, it’s possible to use the dict URL schema to
make requests to any host on any port and send custom data.
The URL dict://locahost:11211/stat will cause the server to connect to localhost on port 11211 and send the
string “stat”. Port 11211 is the default port used by Memcached.”
Tools
UPnP
Information
“research of security risks that exist in UPnP
implementations”
http://www.upnp-hacks.org/upnp.html
Posts / Examples
Sending a video content to a DLNA/UPnP software/device
using curl
http://www.accella.net/knowledgebase/sending-a-video-content-to-a-dlnaupnp-softwaredevice-using-c
url/
Adventures in UPnP with cURL and netcat
https://coolaj86.com/articles/adventures-in-upnp-with-curl-and-netcat/
Tools
WAF
Information
Web Application Firewall (WAF) Evasion Techniques (I & II)
Keywords: WAF, bypass
https://medium.com/secjuice/waf-evasion-techniques-718026d693d8
https://medium.com/secjuice/web-application-firewall-waf-evasion-techniques-2-125995f3e7b0
Posts / Examples
Tools
Web services
Information
“Flaws of today's web service standards and
implementations in regard to web service security”
http://ws-attacks.org/Welcome_to_WS-Attacks
Posts / Examples
Tools
Tools
Windows - exploiting
Information
Injecting code into remote process
http://www.tuxmealux.net/2015/03/10/code-injection/
Posts / Examples
Tools
XSS / Javascript-fu
Information
What can be really done with Cross-site Scripting
Keywords: XSS, Brutelogic, tips
https://docs.google.com/presentation/d/1v3Me8IWDuvSb1k96UB5RNyXE-hLHk0i6cf5MDJMaxuY/
http://blog.portswigger.net/2016/01/xss-without-html-client-side-template.html
Posts / Examples
“Another vulnerability in Facebook”
https://habrahabr.ru/company/pt/blog/247709/
Exploiting CSRF
Keywords: XSS, CSRF
<img src='x' onerror='$.post('${DOMAIN}.com', {params});' >
XXE
Information
XXE Cheatsheet
Keywords: XXE, Cheatsheet
https://web-in-security.blogspot.co.uk/2016/03/xxe-cheat-sheet.html
XXE payloads
Keywords: XXE, payloads, injection
https://gist.github.com/staaldraad/01415b990939494879b4
Posts / Examples
XML External Entity Injection in Jive-n (CVE-2018-5758)
Keywords: XXE, Word, DTD
https://rhinosecuritylabs.com/research/xml-external-entity-injection-xxe-cve-2018-5758/
https://blog.g0tmi1k.com/2011/08/basic-linux-privilege-escalation/
https://github.com/rebootuser/LinEnum
https://www.securitysift.com/download/linuxprivchecker.py
https://github.com/PenturaLabs/Linux_Exploit_Suggester
https://pentest.blog/windows-privilege-escalation-methods-for-pentesters/
https://www.youtube.com/watch?v=kMG8IsCohHA
http://www.fuzzysecurity.com/tutorials/16.html
https://toshellandback.com/2015/11/24/ms-priv-esc/
https://github.com/51x/WHP
https://isc.sans.edu/diary/Windows+Command-Line+Kung+Fu+with+WMIC/1229
Abusing SUDO (Linux Privilege Escalation)
http://touhidshaikh.com/blog/?p=790