Penetration testing & ethical hacking concepts

CtrlK

Introduction
- Resources
💿Virtualbox network setup
🕵️OSINT
Tools
😨Social Engineering
😈MitM attack
🔌UPnP exploitation
Network Reconnaissance & Attacks
- What is network recon & attacks?
1️⃣ Network live host discovery
2️⃣ Network port scan/services enumeration
3️⃣ Network services vulnerability scanning & exploitation
Vulnerability & exploitation
Misconfigurations
- .DS_Store
Web Application Penetration Testing
Authentication/session management
- OWASP WSTG-SESS-10 ~ JSON Web Token (JWT)
- OWASP WSTG-ATHZ-05 ~ OAuth weaknesses
Webshell
Web API pentesting
Web app pentesting methodology
OWASP
General web knowledge
- URI standard (RFC 3986)
- HTTP headers
  - Exploitable headers
  - Request Smuggling
🛣️Attacks on routing protocols
- What are attacks on routing protocols?
- BGP hijacking
🏕️To explore
👤Anonymity
Credentials brute-force/cracking
Post-exploitation
- Gaining shell
- Repository
Privilege escalation
- Linux
- Windows
  - Password harvesting
  - Vulnerabilities exploit
    Scheduled tasks
    AlwaysInstallElevated
    Service misconfigurations
    Insecure permissions on service executable
    Unquoted service path
    Insecure service permission
    Abusing privileges
Ⓜ️MITRE ATT&CK
- Introduction
- OS Credential Dumping (T1003)
  - LSASS memory (T1003.001)
🧰Tools/services
Professional report writing
- Report template
  - Web applicaton pentesting
    OWASP report layout
Tasks on-the-go
- Note taking on-the-go
- Other tips
Practice
- Web Application Pentesting
- Metasploitable 2
Forensics
- Steganography
  - Resources
  - Tools
    xxd, hexdump
    strings
    binwalk
    exiftool
    stegcracker
Operational Security (OpSec)
- Hardening
Safe document viewer
- PDF
- .docx
Write-ups
AI prompt
- ChatGPT
Windows Active Directory
Reverse Engineering
- Resources

Powered by GitBook

On this page

General web knowledge

HTTP headers

Common HTTP header value descriptions that are exploited in various forms of attacks.

PreviousURI standard (RFC 3986)NextExploitable headers

Last updated 2 months ago