.png)
 (1).png)
.png)
+ (1).png)
**Security Skills as a Service** platform bridges the current skill set gap by combining **global offensive security talent with smart automation**, providing real-time data you need to make informed decisions.
@@ -195,7 +195,7 @@ openssl pkcs7 -print_certs -in certificatename.p7b -out certificatename.cer
openssl pkcs12 -export -in certificatename.cer -inkey privateKey.key -out certificatename.pfx -certfile cacert.cer
```
-
+
**Security Skills as a Service** platform bridges the current skill set gap by combining **global offensive security talent with smart automation**, providing real-time data you need to make informed decisions.
diff --git a/exploiting/windows-exploiting-basic-guide-oscp-lvl.md b/exploiting/windows-exploiting-basic-guide-oscp-lvl.md
index fb24d0eb4..1844fae16 100644
--- a/exploiting/windows-exploiting-basic-guide-oscp-lvl.md
+++ b/exploiting/windows-exploiting-basic-guide-oscp-lvl.md
@@ -160,11 +160,11 @@ For example:
In this case you can see that **you shouldn't use the char 0x0A** (nothing is saved in memory since the char 0x09).
- (1).png>)
+.png>)
In this case you can see that **the char 0x0D is avoided**:
- (1).png>)
+.png>)
## Find a JMP ESP as a return address
@@ -182,7 +182,7 @@ You will **list the memory maps**. Search for some DLl that has:
* **NXCompat: False**
* **OS Dll: True**
- (1).png>)
+.png>)
Now, inside this memory you should find some JMP ESP bytes, to do that execute:
@@ -193,7 +193,7 @@ Now, inside this memory you should find some JMP ESP bytes, to do that execute:
**Then, if some address is found, choose one that don't contain any badchar:**
- (1).png>)
+.png>)
**In this case, for example: \_0x5f4a358f**\_
diff --git a/forensics/basic-forensic-methodology/specific-software-file-type-tricks/.pyc.md b/forensics/basic-forensic-methodology/specific-software-file-type-tricks/.pyc.md
index 591ff3c1a..c8ea337d2 100644
--- a/forensics/basic-forensic-methodology/specific-software-file-type-tricks/.pyc.md
+++ b/forensics/basic-forensic-methodology/specific-software-file-type-tricks/.pyc.md
@@ -12,7 +12,7 @@
- (1) (1) (1) (1).png)
+ (1) (1) (1).png)
If you are interested in **hacking carer** and hack the unhackable - **we are hiring!** (_fluent polish written and spoken required_).
@@ -231,7 +231,7 @@ C:\Users\test\Desktop\test>pyinstaller --onefile hello.py
* [https://blog.f-secure.com/how-to-decompile-any-python-binary/](https://blog.f-secure.com/how-to-decompile-any-python-binary/)
-
+
If you are interested in **hacking carer** and hack the unhackable - **we are hiring!** (_fluent polish written and spoken required_).
diff --git a/forensics/basic-forensic-methodology/specific-software-file-type-tricks/browser-artifacts.md b/forensics/basic-forensic-methodology/specific-software-file-type-tricks/browser-artifacts.md
index 15f383a79..30c7a6078 100644
--- a/forensics/basic-forensic-methodology/specific-software-file-type-tricks/browser-artifacts.md
+++ b/forensics/basic-forensic-methodology/specific-software-file-type-tricks/browser-artifacts.md
@@ -12,7 +12,7 @@
-.png)
+ (1).png)
**Security Skills as a Service** platform bridges the current skill set gap by combining **global offensive security talent with smart automation**, providing real-time data you need to make informed decisions.
@@ -266,7 +266,7 @@ Opera **stores browser history and download data in the exact same format as Goo
* **Browser’s built-in anti-phishing:** `grep --color 'fraud_protection_enabled' ~/Library/Application Support/com.operasoftware.Opera/Preferences`
* **fraud\_protection\_enabled** should be **true**
-
+
**Security Skills as a Service** platform bridges the current skill set gap by combining **global offensive security talent with smart automation**, providing real-time data you need to make informed decisions.
diff --git a/forensics/basic-forensic-methodology/specific-software-file-type-tricks/local-cloud-storage.md b/forensics/basic-forensic-methodology/specific-software-file-type-tricks/local-cloud-storage.md
index 2982fc3d6..0ac347a76 100644
--- a/forensics/basic-forensic-methodology/specific-software-file-type-tricks/local-cloud-storage.md
+++ b/forensics/basic-forensic-methodology/specific-software-file-type-tricks/local-cloud-storage.md
@@ -12,7 +12,7 @@
-
+
**Security Skills as a Service** platform bridges the current skill set gap by combining **global offensive security talent with smart automation**, providing real-time data you need to make informed decisions.
@@ -111,7 +111,7 @@ Other tables inside this database contain more interesting information:
* **deleted\_fields**: Dropbox deleted files
* **date\_added**
-
+
**Security Skills as a Service** platform bridges the current skill set gap by combining **global offensive security talent with smart automation**, providing real-time data you need to make informed decisions.
diff --git a/forensics/basic-forensic-methodology/specific-software-file-type-tricks/office-file-analysis.md b/forensics/basic-forensic-methodology/specific-software-file-type-tricks/office-file-analysis.md
index 31164bdf5..03c3d46ea 100644
--- a/forensics/basic-forensic-methodology/specific-software-file-type-tricks/office-file-analysis.md
+++ b/forensics/basic-forensic-methodology/specific-software-file-type-tricks/office-file-analysis.md
@@ -12,7 +12,7 @@
-
+
**Security Skills as a Service** platform bridges the current skill set gap by combining **global offensive security talent with smart automation**, providing real-time data you need to make informed decisions.
diff --git a/forensics/basic-forensic-methodology/specific-software-file-type-tricks/pdf-file-analysis.md b/forensics/basic-forensic-methodology/specific-software-file-type-tricks/pdf-file-analysis.md
index 60f946006..7c8d5dd89 100644
--- a/forensics/basic-forensic-methodology/specific-software-file-type-tricks/pdf-file-analysis.md
+++ b/forensics/basic-forensic-methodology/specific-software-file-type-tricks/pdf-file-analysis.md
@@ -12,7 +12,7 @@
-
+
**Security Skills as a Service** platform bridges the current skill set gap by combining **global offensive security talent with smart automation**, providing real-time data you need to make informed decisions.
diff --git a/generic-methodologies-and-resources/pentesting-network/eigrp-attacks.md b/generic-methodologies-and-resources/pentesting-network/eigrp-attacks.md
index 2bf75f6c8..64e79bed2 100644
--- a/generic-methodologies-and-resources/pentesting-network/eigrp-attacks.md
+++ b/generic-methodologies-and-resources/pentesting-network/eigrp-attacks.md
@@ -84,7 +84,7 @@ After that, the neighborhood between the legitimate EIGRP routers is established
EIGRP Neighborship with GW1 (10.10.100.100):
-.png)
 (1).png)
.png)
 (3).png)
.png)
 (1).png)
.png)
Dump of traffic during a neighborhood disruption
 (3).png)
Dump of traffic during a neighborhood disruption
.png)
GW1 router endlessly disconnects and reconnects EIGRP
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
+ (1).png)
**Security Skills as a Service** platform bridges the current skill set gap by combining **global offensive security talent with smart automation**, providing real-time data you need to make informed decisions.
@@ -508,7 +508,7 @@ If you only have `hostIPC=true`, you most likely can't do much. If any process o
The second technique explained in the post [https://labs.f-secure.com/blog/abusing-the-access-to-mount-namespaces-through-procpidroot/](https://labs.f-secure.com/blog/abusing-the-access-to-mount-namespaces-through-procpidroot/) indicates how you can abuse bind mounts with user namespaces, to affect files inside the host (in that specific case, delete files).
-
+
**Security Skills as a Service** platform bridges the current skill set gap by combining **global offensive security talent with smart automation**, providing real-time data you need to make informed decisions.
@@ -557,7 +557,7 @@ If you are in **userspace** (**no kernel exploit** involved) the way to find new
* [https://0xn3va.gitbook.io/cheat-sheets/container/escaping/exposed-docker-socket](https://0xn3va.gitbook.io/cheat-sheets/container/escaping/exposed-docker-socket)
* [https://bishopfox.com/blog/kubernetes-pod-privilege-escalation#Pod4](https://bishopfox.com/blog/kubernetes-pod-privilege-escalation#Pod4)
-
+
**Security Skills as a Service** platform bridges the current skill set gap by combining **global offensive security talent with smart automation**, providing real-time data you need to make informed decisions.
diff --git a/linux-hardening/useful-linux-commands/bypass-bash-restrictions.md b/linux-hardening/useful-linux-commands/bypass-bash-restrictions.md
index 3a8129618..cd1712014 100644
--- a/linux-hardening/useful-linux-commands/bypass-bash-restrictions.md
+++ b/linux-hardening/useful-linux-commands/bypass-bash-restrictions.md
@@ -12,7 +12,7 @@
-.png)
+ (1).png)
**Security Skills as a Service** platform bridges the current skill set gap by combining **global offensive security talent with smart automation**, providing real-time data you need to make informed decisions.
@@ -345,7 +345,7 @@ If you are inside a filesystem with the **read-only and noexec protections** the
* [https://medium.com/secjuice/web-application-firewall-waf-evasion-techniques-2-125995f3e7b0](https://medium.com/secjuice/web-application-firewall-waf-evasion-techniques-2-125995f3e7b0)
* [https://www.secjuice.com/web-application-firewall-waf-evasion/](https://www.secjuice.com/web-application-firewall-waf-evasion/)
-
+
**Security Skills as a Service** platform bridges the current skill set gap by combining **global offensive security talent with smart automation**, providing real-time data you need to make informed decisions.
diff --git a/mobile-pentesting/android-app-pentesting/android-burp-suite-settings.md b/mobile-pentesting/android-app-pentesting/android-burp-suite-settings.md
index 8877d2038..abe115825 100644
--- a/mobile-pentesting/android-app-pentesting/android-burp-suite-settings.md
+++ b/mobile-pentesting/android-app-pentesting/android-burp-suite-settings.md
@@ -12,7 +12,7 @@
-
+
**Security Skills as a Service** platform bridges the current skill set gap by combining **global offensive security talent with smart automation**, providing real-time data you need to make informed decisions.
@@ -86,7 +86,7 @@ After installing Certificate SSL endpoints also working fine tested using → [h
After installing the certificate this way Firefox for Android won't use it (based on my tests), so use a different browser.
{% endhint %}
-
+
**Security Skills as a Service** platform bridges the current skill set gap by combining **global offensive security talent with smart automation**, providing real-time data you need to make informed decisions.
diff --git a/mobile-pentesting/android-app-pentesting/frida-tutorial/frida-tutorial-1.md b/mobile-pentesting/android-app-pentesting/frida-tutorial/frida-tutorial-1.md
index ce38b690c..ebb256429 100644
--- a/mobile-pentesting/android-app-pentesting/frida-tutorial/frida-tutorial-1.md
+++ b/mobile-pentesting/android-app-pentesting/frida-tutorial/frida-tutorial-1.md
@@ -12,7 +12,7 @@
-
+
If you are interested in **hacking carer** and hack the unhackable - **we are hiring!** (_fluent polish written and spoken required_).
@@ -147,7 +147,7 @@ In this tutorial you have hooked methods using the name of the mathod and _.impl
You can see that in [the next tutorial](frida-tutorial-2.md).
-
+
If you are interested in **hacking carer** and hack the unhackable - **we are hiring!** (_fluent polish written and spoken required_).
diff --git a/mobile-pentesting/ios-pentesting-checklist.md b/mobile-pentesting/ios-pentesting-checklist.md
index 8488e5677..707b9eb23 100644
--- a/mobile-pentesting/ios-pentesting-checklist.md
+++ b/mobile-pentesting/ios-pentesting-checklist.md
@@ -1,6 +1,6 @@
# iOS Pentesting Checklist
-
+
**Security Skills as a Service** platform bridges the current skill set gap by combining **global offensive security talent with smart automation**, providing real-time data you need to make informed decisions.
@@ -118,7 +118,7 @@
-
+
**Security Skills as a Service** platform bridges the current skill set gap by combining **global offensive security talent with smart automation**, providing real-time data you need to make informed decisions.
diff --git a/mobile-pentesting/ios-pentesting/README.md b/mobile-pentesting/ios-pentesting/README.md
index c710b169c..99df65dd5 100644
--- a/mobile-pentesting/ios-pentesting/README.md
+++ b/mobile-pentesting/ios-pentesting/README.md
@@ -1,6 +1,6 @@
# iOS Pentesting
-
+
**Security Skills as a Service** platform bridges the current skill set gap by combining **global offensive security talent with smart automation**, providing real-time data you need to make informed decisions.
@@ -382,7 +382,7 @@ struct CGSize {
However, the best options to disassemble the binary are: [**Hopper**](https://www.hopperapp.com/download.html?) and [**IDA**](https://www.hex-rays.com/products/ida/support/download\_freeware/).
-
+
**Security Skills as a Service** platform bridges the current skill set gap by combining **global offensive security talent with smart automation**, providing real-time data you need to make informed decisions.
@@ -742,7 +742,7 @@ Jun 7 13:42:14 iPhone touch[9708]
+
**Security Skills as a Service** platform bridges the current skill set gap by combining **global offensive security talent with smart automation**, providing real-time data you need to make informed decisions.
@@ -1166,7 +1166,7 @@ You can find the **libraries used by an application** by running **`otool`** aga
* [https://github.com/authenticationfailure/WheresMyBrowser.iOS](https://github.com/authenticationfailure/WheresMyBrowser.iOS)
* [https://github.com/nabla-c0d3/ssl-kill-switch2](https://github.com/nabla-c0d3/ssl-kill-switch2)
-
+
**Security Skills as a Service** platform bridges the current skill set gap by combining **global offensive security talent with smart automation**, providing real-time data you need to make informed decisions.
diff --git a/mobile-pentesting/ios-pentesting/burp-configuration-for-ios.md b/mobile-pentesting/ios-pentesting/burp-configuration-for-ios.md
index 341928017..3a8a50484 100644
--- a/mobile-pentesting/ios-pentesting/burp-configuration-for-ios.md
+++ b/mobile-pentesting/ios-pentesting/burp-configuration-for-ios.md
@@ -12,7 +12,7 @@
-
+
**Security Skills as a Service** platform bridges the current skill set gap by combining **global offensive security talent with smart automation**, providing real-time data you need to make informed decisions.
@@ -118,7 +118,7 @@ Steps to configure Burp as proxy:
* Click on _**Ok**_ and the in _**Apply**_
-
+
**Security Skills as a Service** platform bridges the current skill set gap by combining **global offensive security talent with smart automation**, providing real-time data you need to make informed decisions.
diff --git a/network-services-pentesting/1099-pentesting-java-rmi.md b/network-services-pentesting/1099-pentesting-java-rmi.md
index 0e8ff4223..c731f1aa6 100644
--- a/network-services-pentesting/1099-pentesting-java-rmi.md
+++ b/network-services-pentesting/1099-pentesting-java-rmi.md
@@ -12,7 +12,7 @@
-
+
**Security Skills as a Service** platform bridges the current skill set gap by combining **global offensive security talent with smart automation**, providing real-time data you need to make informed decisions.
@@ -323,7 +323,7 @@ Entry_1:
Command: rmg enum {IP} {PORT}
```
-
+
**Security Skills as a Service** platform bridges the current skill set gap by combining **global offensive security talent with smart automation**, providing real-time data you need to make informed decisions.
diff --git a/network-services-pentesting/15672-pentesting-rabbitmq-management.md b/network-services-pentesting/15672-pentesting-rabbitmq-management.md
index 49fcdfc84..5227323a9 100644
--- a/network-services-pentesting/15672-pentesting-rabbitmq-management.md
+++ b/network-services-pentesting/15672-pentesting-rabbitmq-management.md
@@ -12,7 +12,7 @@
- (1) (1) (1) (1).png)
+ (1) (1) (1).png)
If you are interested in **hacking carer** and hack the unhackable - **we are hiring!** (_fluent polish written and spoken required_).
@@ -60,7 +60,7 @@ Content-Length: 267
* `port:15672 http`
-
+
If you are interested in **hacking carer** and hack the unhackable - **we are hiring!** (_fluent polish written and spoken required_).
diff --git a/network-services-pentesting/49-pentesting-tacacs+.md b/network-services-pentesting/49-pentesting-tacacs+.md
index a4b16b4ac..0e3667552 100644
--- a/network-services-pentesting/49-pentesting-tacacs+.md
+++ b/network-services-pentesting/49-pentesting-tacacs+.md
@@ -43,11 +43,11 @@ sudo loki_gtk.py
You also need to specify the path to the dictionary in order to bruteforce the encrypted key. Be sure to uncheck the **Use Bruteforce** option, otherwise Loki will bruteforce the password without using the dictionary.
- (3).png)
 (3).png)
 (2).png)
+
If you are interested in **hacking carer** and hack the unhackable - **we are hiring!** (_fluent polish written and spoken required_).
@@ -307,7 +307,7 @@ id_rsa
* You can find interesting guides on how to harden SSH in [https://www.ssh-audit.com/hardening\_guides.html](https://www.ssh-audit.com/hardening\_guides.html)
* [https://community.turgensec.com/ssh-hacking-guide](https://community.turgensec.com/ssh-hacking-guide)
-
+
If you are interested in **hacking carer** and hack the unhackable - **we are hiring!** (_fluent polish written and spoken required_).
diff --git a/network-services-pentesting/pentesting-web/flask.md b/network-services-pentesting/pentesting-web/flask.md
index 0c2d9a095..3cf3472d5 100644
--- a/network-services-pentesting/pentesting-web/flask.md
+++ b/network-services-pentesting/pentesting-web/flask.md
@@ -12,7 +12,7 @@
-
+
**Security Skills as a Service** platform bridges the current skill set gap by combining **global offensive security talent with smart automation**, providing real-time data you need to make informed decisions.
@@ -86,7 +86,7 @@ Command line tool to brute-force websites using cookies crafted with flask-unsig
[**This example**](../../pentesting-web/sql-injection/sqlmap/#eval) uses sqlmap `eval` option to **automatically sign sqlmap payloads** for flask using a known secret.
-
+
**Security Skills as a Service** platform bridges the current skill set gap by combining **global offensive security talent with smart automation**, providing real-time data you need to make informed decisions.
diff --git a/network-services-pentesting/pentesting-web/jboss.md b/network-services-pentesting/pentesting-web/jboss.md
index ff9ef9510..392250288 100644
--- a/network-services-pentesting/pentesting-web/jboss.md
+++ b/network-services-pentesting/pentesting-web/jboss.md
@@ -12,7 +12,7 @@
- (1) (1) (1) (1).png)
+ (1) (1) (1).png)
If you are interested in **hacking carer** and hack the unhackable - **we are hiring!** (_fluent polish written and spoken required_).
@@ -40,7 +40,7 @@ You can expose **management servlets** via the following paths within JBoss (dep
inurl:status EJInvokerServlet
```
-
+
If you are interested in **hacking carer** and hack the unhackable - **we are hiring!** (_fluent polish written and spoken required_).
diff --git a/network-services-pentesting/pentesting-web/moodle.md b/network-services-pentesting/pentesting-web/moodle.md
index 391970807..9b9d55a70 100644
--- a/network-services-pentesting/pentesting-web/moodle.md
+++ b/network-services-pentesting/pentesting-web/moodle.md
@@ -12,7 +12,7 @@
-
+
If you are interested in **hacking carer** and hack the unhackable - **we are hiring!** (_fluent polish written and spoken required_).
@@ -120,7 +120,7 @@ find / -name "config.php" 2>/dev/null | grep "moodle/config.php"
/usr/local/bin/mysql -u
+
If you are interested in **hacking carer** and hack the unhackable - **we are hiring!** (_fluent polish written and spoken required_).
diff --git a/network-services-pentesting/pentesting-web/php-tricks-esp/README.md b/network-services-pentesting/pentesting-web/php-tricks-esp/README.md
index 635decc44..777af9cea 100644
--- a/network-services-pentesting/pentesting-web/php-tricks-esp/README.md
+++ b/network-services-pentesting/pentesting-web/php-tricks-esp/README.md
@@ -40,7 +40,7 @@ If `==` is used in PHP, then there are unexpected cases where the comparison doe
PHP comparison tables: [https://www.php.net/manual/en/types.comparisons.php](https://www.php.net/manual/en/types.comparisons.php)
- (1).png>)
+.png>)
{% file src="../../../.gitbook/assets/EN-PHP-loose-comparison-Type-Juggling-OWASP (1).pdf" %}
diff --git a/network-services-pentesting/pentesting-web/web-api-pentesting.md b/network-services-pentesting/pentesting-web/web-api-pentesting.md
index a7898e9b7..482d33f12 100644
--- a/network-services-pentesting/pentesting-web/web-api-pentesting.md
+++ b/network-services-pentesting/pentesting-web/web-api-pentesting.md
@@ -12,7 +12,7 @@
-
+
**Security Skills as a Service** platform bridges the current skill set gap by combining **global offensive security talent with smart automation**, providing real-time data you need to make informed decisions.
@@ -133,7 +133,7 @@ AutoRepeater Burp Extension: Add a replacement rule
* `Match: v2 (higher version)`
* `Replace: v1 (lower version)`
-
+
**Security Skills as a Service** platform bridges the current skill set gap by combining **global offensive security talent with smart automation**, providing real-time data you need to make informed decisions.
@@ -223,7 +223,7 @@ kr brute https://domain.com/api/ -w /tmp/lang-english.txt -x 20 -d=0
* [**API-fuzzer**](https://github.com/Fuzzapi/API-fuzzer): API\_Fuzzer gem accepts a API request as input and returns vulnerabilities possible in the API.
* [**race-the-web**](https://github.com/TheHackerDev/race-the-web): Tests for race conditions in web applications by sending out a user-specified number of requests to a target URL (or URLs) _simultaneously_, and then compares the responses from the server for uniqueness.
-
+
**Security Skills as a Service** platform bridges the current skill set gap by combining **global offensive security talent with smart automation**, providing real-time data you need to make informed decisions.
diff --git a/network-services-pentesting/pentesting-web/wordpress.md b/network-services-pentesting/pentesting-web/wordpress.md
index eaf861321..6a0f6c158 100644
--- a/network-services-pentesting/pentesting-web/wordpress.md
+++ b/network-services-pentesting/pentesting-web/wordpress.md
@@ -12,7 +12,7 @@
-
+
**Security Skills as a Service** platform bridges the current skill set gap by combining **global offensive security talent with smart automation**, providing real-time data you need to make informed decisions.
@@ -99,7 +99,7 @@ curl -s -X GET https://wordpress.org/support/article/pages/ | grep -E 'wp-conten
curl -s -X GET https://wordpress.org/support/article/pages/ | grep http | grep -E '?ver=' | sed -E 's,href=|src=,THIIIIS,g' | awk -F "THIIIIS" '{print $2}' | cut -d "'" -f2
```
-
+
**Security Skills as a Service** platform bridges the current skill set gap by combining **global offensive security talent with smart automation**, providing real-time data you need to make informed decisions.
@@ -210,7 +210,7 @@ Using the correct credentials you can upload a file. In the response the path wi
Also there is a **faster way** to brute-force credentials using **`system.multicall`** as you can try several credentials on the same request:
-.png)
+
**Security Skills as a Service** platform bridges the current skill set gap by combining **global offensive security talent with smart automation**, providing real-time data you need to make informed decisions.
@@ -423,7 +423,7 @@ Also, **only install trustable WordPress plugins and themes**.
* **Limit login attempts** to prevent Brute Force attacks
* Rename **`wp-admin.php`** file and only allow access internally or from certain IP addresses.
-
+
**Security Skills as a Service** platform bridges the current skill set gap by combining **global offensive security talent with smart automation**, providing real-time data you need to make informed decisions.
diff --git a/pentesting-web/cache-deception.md b/pentesting-web/cache-deception.md
index e34589f7b..40b0c5e10 100644
--- a/pentesting-web/cache-deception.md
+++ b/pentesting-web/cache-deception.md
@@ -12,7 +12,7 @@
-
+
**Security Skills as a Service** platform bridges the current skill set gap by combining **global offensive security talent with smart automation**, providing real-time data you need to make informed decisions.
@@ -123,7 +123,7 @@ The [Web Cache Vulnerability Scanner](https://github.com/Hackmanit/Web-Cache-Vul
Example usage: `wcvs -u example.com`
-
+
**Security Skills as a Service** platform bridges the current skill set gap by combining **global offensive security talent with smart automation**, providing real-time data you need to make informed decisions.
@@ -227,7 +227,7 @@ Learn here about how to perform[ Cache Deceptions attacks abusing HTTP Request S
* [https://youst.in/posts/cache-poisoning-at-scale/](https://youst.in/posts/cache-poisoning-at-scale/)
* [https://bxmbn.medium.com/how-i-test-for-web-cache-vulnerabilities-tips-and-tricks-9b138da08ff9](https://bxmbn.medium.com/how-i-test-for-web-cache-vulnerabilities-tips-and-tricks-9b138da08ff9)
-
+
**Security Skills as a Service** platform bridges the current skill set gap by combining **global offensive security talent with smart automation**, providing real-time data you need to make informed decisions.
diff --git a/pentesting-web/clickjacking.md b/pentesting-web/clickjacking.md
index ea819ca12..b17bbd312 100644
--- a/pentesting-web/clickjacking.md
+++ b/pentesting-web/clickjacking.md
@@ -12,7 +12,7 @@
-
+
**Security Skills as a Service** platform bridges the current skill set gap by combining **global offensive security talent with smart automation**, providing real-time data you need to make informed decisions.
@@ -175,7 +175,7 @@ See the following documentation for further details and more complex examples:
* [**https://portswigger.net/web-security/clickjacking**](https://portswigger.net/web-security/clickjacking)
* [**https://cheatsheetseries.owasp.org/cheatsheets/Clickjacking\_Defense\_Cheat\_Sheet.html**](https://cheatsheetseries.owasp.org/cheatsheets/Clickjacking\_Defense\_Cheat\_Sheet.html)
-
+
**Security Skills as a Service** platform bridges the current skill set gap by combining **global offensive security talent with smart automation**, providing real-time data you need to make informed decisions.
diff --git a/pentesting-web/crlf-0d-0a.md b/pentesting-web/crlf-0d-0a.md
index 851452089..f7c09b604 100644
--- a/pentesting-web/crlf-0d-0a.md
+++ b/pentesting-web/crlf-0d-0a.md
@@ -12,7 +12,7 @@
-
+
If you are interested in **hacking carer** and hack the unhackable - **we are hiring!** (_fluent polish written and spoken required_).
@@ -231,7 +231,7 @@ The best prevention technique is to not use users input directly inside response
-
+
If you are interested in **hacking carer** and hack the unhackable - **we are hiring!** (_fluent polish written and spoken required_).
diff --git a/pentesting-web/deserialization/exploiting-__viewstate-parameter.md b/pentesting-web/deserialization/exploiting-__viewstate-parameter.md
index 2cec3b95f..8feb706c9 100644
--- a/pentesting-web/deserialization/exploiting-__viewstate-parameter.md
+++ b/pentesting-web/deserialization/exploiting-__viewstate-parameter.md
@@ -12,7 +12,7 @@
-
+
If you are interested in **hacking carer** and hack the unhackable - **we are hiring!** (_fluent polish written and spoken required_).
@@ -195,7 +195,7 @@ out of band request with the current username
* [**https://medium.com/@swapneildash/deep-dive-into-net-viewstate-deserialization-and-its-exploitation-54bf5b788817**](https://medium.com/@swapneildash/deep-dive-into-net-viewstate-deserialization-and-its-exploitation-54bf5b788817)\\
* [**https://soroush.secproject.com/blog/2019/04/exploiting-deserialisation-in-asp-net-via-viewstate/**](https://soroush.secproject.com/blog/2019/04/exploiting-deserialisation-in-asp-net-via-viewstate/)
-
+
If you are interested in **hacking carer** and hack the unhackable - **we are hiring!** (_fluent polish written and spoken required_).
diff --git a/pentesting-web/domain-subdomain-takeover.md b/pentesting-web/domain-subdomain-takeover.md
index 2e826c64b..6ac2e47f7 100644
--- a/pentesting-web/domain-subdomain-takeover.md
+++ b/pentesting-web/domain-subdomain-takeover.md
@@ -12,7 +12,7 @@
-
+
**Security Skills as a Service** platform bridges the current skill set gap by combining **global offensive security talent with smart automation**, providing real-time data you need to make informed decisions.
@@ -67,7 +67,7 @@ All of them vulnerable to subdomain takeover. All of them were big brands. Talki
Nevertheless, recent phishing campaigns host content on domains with long domain names that include name of the brand (see [Apple example](https://www.phishtank.com/target\_search.php?target\_id=183\&valid=y\&active=All\&Search=Search)). Having valid SSL certificate (more on that below), keyword in domain name and website which mimics the website of targeted brand, people tend to fall into these attacks. Think about chances with a legitimate subdomain of this brand.
-
+
**Security Skills as a Service** platform bridges the current skill set gap by combining **global offensive security talent with smart automation**, providing real-time data you need to make informed decisions.
@@ -159,7 +159,7 @@ Until next time!
[Patrik](https://twitter.com/0xpatrik)
-
+
**Security Skills as a Service** platform bridges the current skill set gap by combining **global offensive security talent with smart automation**, providing real-time data you need to make informed decisions.
diff --git a/pentesting-web/file-inclusion/phar-deserialization.md b/pentesting-web/file-inclusion/phar-deserialization.md
index 6b6f90a60..a1370801b 100644
--- a/pentesting-web/file-inclusion/phar-deserialization.md
+++ b/pentesting-web/file-inclusion/phar-deserialization.md
@@ -12,7 +12,7 @@
-
+
If you are interested in **hacking carer** and hack the unhackable - **we are hiring!** (_fluent polish written and spoken required_).
@@ -89,7 +89,7 @@ php vuln.php
{% embed url="https://blog.ripstech.com/2018/new-php-exploitation-technique/" %}
-
+
If you are interested in **hacking carer** and hack the unhackable - **we are hiring!** (_fluent polish written and spoken required_).
diff --git a/pentesting-web/http-request-smuggling/browser-http-request-smuggling.md b/pentesting-web/http-request-smuggling/browser-http-request-smuggling.md
index 2ed24391f..c972da8ad 100644
--- a/pentesting-web/http-request-smuggling/browser-http-request-smuggling.md
+++ b/pentesting-web/http-request-smuggling/browser-http-request-smuggling.md
@@ -45,7 +45,7 @@ Secondly, the request must be **triggerable in a web-browser cross-domain**. Bro
The way to test this missconfig is to **send 2 requests and smuggle one** in the **middle**. If the **smuggled** connection **affected** the response of the **second** **request**, it means that it's **vulnerable**:
- (2) (2).png>)
+ (2) (2) (1).png>)
{% hint style="warning" %}
Note that you **cannot** test this vuln by just sending a **Content-Length bigger** than the one sent and **looking for a timeout** because some servers **respond** even if they **didn't receive the whole body**.
diff --git a/stego/stego-tricks.md b/stego/stego-tricks.md
index 09ac550d7..b0e764fab 100644
--- a/stego/stego-tricks.md
+++ b/stego/stego-tricks.md
@@ -12,7 +12,7 @@
-
+
**Security Skills as a Service** platform bridges the current skill set gap by combining **global offensive security talent with smart automation**, providing real-time data you need to make informed decisions.
@@ -84,7 +84,7 @@ cmp original.jpg stego.jpg -b -l
If you find that a **text line** is **bigger** than it should be, then some **hidden information** could be included inside the **spaces** using invisible characters.\
To **extract** the **data**, you can use: [https://www.irongeek.com/i.php?page=security/unicode-steganography-homoglyph-encoder](https://www.irongeek.com/i.php?page=security/unicode-steganography-homoglyph-encoder)
-
+
**Security Skills as a Service** platform bridges the current skill set gap by combining **global offensive security talent with smart automation**, providing real-time data you need to make informed decisions.
@@ -218,7 +218,7 @@ To read a QR code: [https://online-barcode-reader.inliteresearch.com/](https://o
* [**https://0xrick.github.io/lists/stego/**](https://0xrick.github.io/lists/stego/)
* [**https://github.com/DominicBreuker/stego-toolkit**](https://github.com/DominicBreuker/stego-toolkit)
-
+
**Security Skills as a Service** platform bridges the current skill set gap by combining **global offensive security talent with smart automation**, providing real-time data you need to make informed decisions.
diff --git a/windows-hardening/active-directory-methodology/ad-certificates/domain-escalation.md b/windows-hardening/active-directory-methodology/ad-certificates/domain-escalation.md
index 112531421..47d627b96 100644
--- a/windows-hardening/active-directory-methodology/ad-certificates/domain-escalation.md
+++ b/windows-hardening/active-directory-methodology/ad-certificates/domain-escalation.md
@@ -489,11 +489,11 @@ Notice that the `userPrincipalName` in the certificate is `Administrator` and th
Then, we change back the `userPrincipalName` of `Jane` to be something else, like her original `userPrincipalName` `Jane@corp.local`.
- (1) (1).png)
 (1) (3).png)
 (2).png)
 (2) (2).png)
 (1).png)
 (2).png)
+
**Security Skills as a Service** platform bridges the current skill set gap by combining **global offensive security talent with smart automation**, providing real-time data you need to make informed decisions.
@@ -63,7 +63,7 @@ klist #List tickets in cache to cehck that mimikatz has loaded the ticket
* [https://www.tarlogic.com/blog/how-to-attack-kerberos/](https://www.tarlogic.com/blog/how-to-attack-kerberos/)
-
+
**Security Skills as a Service** platform bridges the current skill set gap by combining **global offensive security talent with smart automation**, providing real-time data you need to make informed decisions.
diff --git a/windows-hardening/active-directory-methodology/silver-ticket.md b/windows-hardening/active-directory-methodology/silver-ticket.md
index d008c4874..b849da4ac 100644
--- a/windows-hardening/active-directory-methodology/silver-ticket.md
+++ b/windows-hardening/active-directory-methodology/silver-ticket.md
@@ -12,7 +12,7 @@
-
+
If you are interested in **hacking carer** and hack the unhackable - **we are hiring!** (_fluent polish written and spoken required_).
@@ -168,7 +168,7 @@ mimikatz(commandline) # lsadump::dcsync /dc:pcdc.domain.local /domain:domain.loc
[dcsync.md](dcsync.md)
{% endcontent-ref %}
-
+
If you are interested in **hacking carer** and hack the unhackable - **we are hiring!** (_fluent polish written and spoken required_).
diff --git a/windows-hardening/lateral-movement/dcom-exec.md b/windows-hardening/lateral-movement/dcom-exec.md
index da2fd0a73..70d8462f6 100644
--- a/windows-hardening/lateral-movement/dcom-exec.md
+++ b/windows-hardening/lateral-movement/dcom-exec.md
@@ -39,7 +39,7 @@ The **MMC20.Application** object lacked explicit “[LaunchPermissions](https://
You can read more on that thread [here](https://twitter.com/tiraniddo/status/817532039771525120).\
Viewing which other objects that have no explicit LaunchPermission set can be achieved using [@tiraniddo](https://twitter.com/tiraniddo)’s [OleView .NET](https://github.com/tyranid/oleviewdotnet), which has excellent Python filters (among other things). In this instance, we can filter down to all objects that have no explicit Launch Permission. When doing so, two objects stood out to me: `ShellBrowserWindow` and `ShellWindows`:
- (1) (1) (1).png>)
+ (1) (1) (2).png>)
Another way to identify potential target objects is to look for the value `LaunchPermission` missing from keys in `HKCR:\AppID\{guid}`. An object with Launch Permissions set will look like below, with data representing the ACL for the object in Binary format:
diff --git a/windows-hardening/windows-local-privilege-escalation/dll-hijacking.md b/windows-hardening/windows-local-privilege-escalation/dll-hijacking.md
index 41a48ee8e..5e609bf2b 100644
--- a/windows-hardening/windows-local-privilege-escalation/dll-hijacking.md
+++ b/windows-hardening/windows-local-privilege-escalation/dll-hijacking.md
@@ -12,7 +12,7 @@
-
+
If you are interested in **hacking carer** and hack the unhackable - **we are hiring!** (_fluent polish written and spoken required_).
@@ -217,7 +217,7 @@ BOOL APIENTRY DllMain (HMODULE hModule, DWORD ul_reason_for_call, LPVOID lpReser
}
```
-
+
If you are interested in **hacking carer** and hack the unhackable - **we are hiring!** (_fluent polish written and spoken required_).
diff --git a/windows-hardening/windows-local-privilege-escalation/juicypotato.md b/windows-hardening/windows-local-privilege-escalation/juicypotato.md
index 1bc5f7773..17bb2397f 100644
--- a/windows-hardening/windows-local-privilege-escalation/juicypotato.md
+++ b/windows-hardening/windows-local-privilege-escalation/juicypotato.md
@@ -115,7 +115,7 @@ c:\Users\Public>
### Launch a new CMD (if you have RDP access)
- (1).png>)
+.png>)
## CLSID Problems
diff --git a/windows-hardening/windows-local-privilege-escalation/privilege-escalation-with-autorun-binaries.md b/windows-hardening/windows-local-privilege-escalation/privilege-escalation-with-autorun-binaries.md
index a7771ad76..1cc0ef5b9 100644
--- a/windows-hardening/windows-local-privilege-escalation/privilege-escalation-with-autorun-binaries.md
+++ b/windows-hardening/windows-local-privilege-escalation/privilege-escalation-with-autorun-binaries.md
@@ -12,7 +12,7 @@
-
+
If you are interested in **hacking carer** and hack the unhackable - **we are hiring!** (_fluent polish written and spoken required_).
@@ -351,7 +351,7 @@ Find more Autoruns like registries in [https://www.microsoftpressstore.com/artic
* [https://attack.mitre.org/techniques/T1547/001/](https://attack.mitre.org/techniques/T1547/001/)
* [https://www.microsoftpressstore.com/articles/article.aspx?p=2762082\&seqNum=2](https://www.microsoftpressstore.com/articles/article.aspx?p=2762082\&seqNum=2)
-
+
If you are interested in **hacking carer** and hack the unhackable - **we are hiring!** (_fluent polish written and spoken required_).