KNOWLEDGE BASE
Application Penetration Testing
- Cross-domain Referer Leakage
- Pentesting Basic Authentication
- Username Enumeration
- iOS Frida Objection Pentesting Cheat Sheet
- URL Redirection – Attack and Defense
- Jailbreaking iOS 13 with unc0ver
- X-Runtime Header Timing Attacks
- wkhtmltopdf File Inclusion Vulnerability
- API Mass Assignment Vulnerability
- Web Server TRACE Enabled
Network Penetration Testing
- F5 BIG-IP Cookie Remote Information Disclosure
- DNS Server Dynamic Update Record Injection
- rlogin Service Enabled
- Unauthenticated MongoDB – Attack and Defense
- SNMP ‘GETBULK’ Denial of Service
- Responder / MultiRelay Pentesting Cheatsheet
- NTP Mode 6 Vulnerabilities
- Cisco Information Disclosure (CVE-2014-3398 – CSCuq65542)
- SSH Tunneling for Pentesters
- .NET Handler Enumeration
- TLS_FALLBACK_SCSV Not Supported
- PHP Easter Eggs Enabled
- MySQL Multiple Vulnerabilities
- Debian Predictable Random Number Generator Weakness
- Cisco IKE Fragmentation Vulnerability