Shelled

Bug Bounty Modules

CSRF

Cross-Site Request Forgery (CSRF) is an attack that tricks a victim into executing unwanted actions on a web application in which they are authenticated.

LFI

Local File Inclusion (LFI) is a vulnerability that occurs when an application allows user-supplied input to be used to include local files on the server.

Command Injection

Command injection is a security vulnerability that occurs when an attacker is able to inject malicious code or commands into an application or system that executes them without proper validation or sanitization.

SQL Injection

SQL injection is a vulnerability that occurs when an attacker manipulates an application's input in such a way that it allows unauthorized access to a database or the ability to execute malicious SQL statements.

AWS Cognito

Amazon Cognito is an identity platform for web and mobile apps. It's a user directory, an authentication server, and an authorization service for OAuth 2.0 access tokens and AWS credentials.

IIS Web Server

Internet Information Services is an extensible web server created by Microsoft for use with the Windows NT family.

CTF Modules

Linux Privilege Escalation

Linux privilege escalation refers to the process of gaining elevated privileges or administrative access on a Linux system beyond what is normally granted to a user.

Windows Privilege Escalation

Windows privilege escalation refers to the process of elevating user privileges on a Windows operating system to gain higher levels of access or administrative rights.

Buffer Overflow

Buffer overflow is a software vulnerability where a program writes data beyond the boundaries of a fixed-size buffer. This can lead to overwriting adjacent memory, potentially causing crashes, unauthorized access, or execution of arbitrary code.

Attacking Active Directory

Active Directory is a directory service developed by Microsoft. It provides centralized management and authentication for network resources in a Windows domain environment.

File Transfer

This is a cheatsheet for transfering files between systems on the same and different operating systems.

Attacking FTP (21)

FTP stands for File Transfer Protocol. It is a standard network protocol used to transfer files between a client and a server on a computer network.

Attacking MSSQL (1433)

MSSQL is a RDBMS developed by Microsoft. MSSQL is Microsoft's version of MySQL.

Attacking MySQL (3306)

MySQL is an open-source relational database management system.

Attacking SMB (445)

Server Message Block (SMB) is a communication protocol created for providing shared access to files and printers across nodes on a network.

Attacking SMTP (25)

When we press the `Send` button in our email application (email client), the program establishes a connection to an `SMTP` server on the network or Internet.

Attacking RDP (3389)

RDP stands for Remote Desktop Protocol. It is a proprietary protocol developed by Microsoft that allows a user to remotely access and control a computer or server over a network connection.

Pivoting

Pivoting is the technique of using a compromised system as a stepping stone to access other systems within a target network.

Writeups

Red

Red is an easy machine on TryHackMe that starts by exploiting an LFI using PHP filters, investigating system processes and CVE-2021-4034.

SQL Injection in Where Clause

This Portswigger SQL Injection lab contains a SQL injection vulnerability in the product category filter.

SQL Injection Login Bypass

This Portswigger SQL Injection lab contains a SQL injection vulnerability in the login function.

DOM XSS using Web Messages

This Portswigger DOM XSS lab contains a DOM-based redirection vulnerability that is triggered by web messaging.

DOM XSS using Web Messages

This Portswigger DOM XSS lab contains a DOM-based XSS vulnerability that is triggered by web messaging.

Uranium

Uranium is a "Hard" rated machine that has an interesting foothold which involves sending a reverse shell payload via an email over SMTP port 25.

DigiNinja postMessage - Login Lab

The login page is held in an `iframe` and on a successful login it sends the token up to the parent, this page, so it can also use it.

DigiNinja postMessage - Sender Lab

This page logs usage to the iframe, setup an environment where it is possible to spoof log messages from your own domain.

Blogs

CBBH Review

This blog post is a review on my experience taking the Certificed Bug Bounty Hunter (CBBH) certification on HackTheBox.

1'st Year Working in Cyber Security

This blog post is a quick overview of things that I learned in my first year of working in cyber security.

IIS Tilde Enumeration: Part 1

This blog post is a three part post on an investigation into IIS tilde enumation. In this blog we setup IIS server using AWS EC2.

IIS Tilde Enumeration: Part 2

This blog post is a three part post on an investigation into IIS tilde enumation. In this blog we exploit IIS tilde enumation.

IIS Tilde Enumeration: Part 3

This blog post is a three part post on an investigation into IIS tilde enumation. In this blog I explain how IIS Tilde requests are sent and also mitigations.

AWS

Learning AWS Athena

AWS Athena enables users to perform SQL queries on S3 buckets. In this project I documented how to setup AWS Athena and performed multiple SQL queries on the S3 bucket data.

Learning AWS CloudTrail

AWS CloudTrail enables users to capture information on activity in the AWS environment and optionally have more insight into specific resources.

Learning AWS Cognito User Pools: Part 1

Amazon Cognito user pools are a managed service that lets you add secure authentication and authorization to your apps. In this post I will show how to setup AWS Cognito.

Learning AWS Cognito User Pools: Part 2

In this post I will show how AWS Cognito can be used with a ReactJS application.

Learning AWS Cognito User Pools: Part 3

In this post I will show how you can find security misconfigurations in AWS Cognito.