Penetration testing & ethical hacking concepts

Ctrlk

Introduction
💿Virtual Machines
- VirtualBox
- VMware Workstation
🕵️OSINT
Tools
😨Social Engineering
😈MitM attack
🔌UPnP exploitation
Network Reconnaissance & Attacks
- What is network recon & attacks?
1️⃣ Network live host discovery
2️⃣ Network port scan/services enumeration
3️⃣ Network services vulnerability scanning & exploitation
Vulnerability & exploitation
Misconfigurations
Reverse Engineering/Binary Exploitation
Hardware Exploitation
Other important skills
Research ideas
Past experiments
Web Exploitation
Webshell
Web API pentesting
OWASP
General web knowledge
Framework specific
Methodology
🛣️Attacks on routing protocols
- What are attacks on routing protocols?
- BGP hijacking
🏕️To explore
👤Anonymity
Credentials brute-force/cracking
Post-exploitation
Privilege escalation
- Linux
- Windows
Ⓜ️MITRE ATT&CK
- Introduction
- OS Credential Dumping (T1003)
🧰Tools/services
Professional report writing
- Report template
Tasks on-the-go
Practice
Forensics
- Steganography
Operational Security (OpSec)
- Hardening
Safe document viewer
Challenge write-ups
AI prompt
- ChatGPT
Windows/Active Directory
🐉OSCP
- Resources
- Practice labs

Powered by GitBook

On this page

Web Exploitation
Authentication/session management

OWASP WSTG-SESS-10 ~ JSON Web Token (JWT)

OWASP WSTG-SESS-10

wstg/document/4-Web_Application_Security_Testing/06-Session_Management_Testing/10-Testing_JSON_Web_Tokens.md at master · OWASP/wstgGitHub

PreviousAuthentication/session management NextOWASP WSTG-ATHZ-05 ~ OAuth weaknesses

Last updated 7 months ago