Analyze Microsoft Office Files
One of the most common file formats used by bad actors is microsoft office files, knowing how to analyze them for malware is a critical skill.
Admin
Cheatsheets
These are taken from my own experience, and various sources around the internet. I hope they help you as much as they've helped me! I generally add or update these as I learn something new, and provide reference to original sources where appropriate.
Directory Traversal
Discover interesting paths on a web application or file system.
Admin
Network Discovery
Critical skill for discovering services to attack.
Admin
NMap
NMap has been a dominate network scanning tool for a long time, knowing how to use it is critical.
Admin
Subdomains Enumeration
Often we can discovery additional attack suface by enumerating subdomains, DNS records, and other network information.
Admin
Account Takeover Exploits
Account Takeover Exploits
Admin
Active Directory Attacks
Active Directory Attacks
Admin
Brute Forcing Attacks
Brute Forcing Attacks
Admin
Cobalt Strike
Cobalt Strike
Admin
Command Injection Attacks
Command Injection Attacks
Admin
CRLF Injection Attack
CRLF Injection Attack
Admin
Attacks on Docker
Attacks on Docker
Admin
GraphQL Exploitation
GraphQL Exploitation
Admin
Insecure Deserialization Attacks
Insecure Deserialization Attacks
Admin
Insecure Direct Object Reference Attack
Insecure Direct Object Reference Attack
Admin
LaTeX Injection Attacks
LaTeX Injection Attacks
Admin
LDAP Injection Attacks
LDAP Injection Attacks
Admin
API Key Leak Attacks
API Key Leak Attacks
Admin
NoSQL Injection Attacks
NoSQL Injection Attacks
Admin
OAuth Attacks
OAuth Attacks
Admin
SAML Injection Attacks
SAML Injection Attacks
Admin
Server-Side Request Forgery Attacks
Server-Side Request Forgery Attacks
Admin
Template Injection Attacks
Template Injection Attacks
Admin
Cassandra Injection
Cassandra Injection tips
Admin
Hybrid Query Language Injection
Hybrid Query Language Injection tips
Admin
MSSQL Injection
MSSQL Injection tips
Admin
MySQL Injection
MySQL Injection tips
Admin
Oracle SQL Injection
Oracle SQL Injection tips
Admin
PostgreSQL Injection
PostgreSQL Injection tips
Admin
sqlite Injection
sqlite Injection tips
Admin
MSSQL Exploits
MSSQL Explitation and enumeration
Admin
SQL Injection Test Strings
A Set of strings to run through when manually testing for SQL injection
Admin
CORS Misconfiguration Exploit
CORS Misconfiguration Exploit
Admin
CSRF Misconfiguration Exploit
CSRF Misconfiguration Exploit
Admin
CSV Injection Exploit
CSV Injection Exploit
Admin
File Upload Exploits
File Upload Exploits
Admin
HTTP Parameter Pollution Exploits
HTTP Parameter Pollution Exploits
Admin
JWT Exploits
JWT Exploits
Admin
Open URL Redirection Exploit
Open URL Redirection Exploit
Admin
Springboot Exploits
Springboot Exploits
Admin
Tabnabbing Exploit
Tabnabbing Exploits
Admin
Type Juggling Exploits
Type Juggling Exploits
Admin
Web Cache Deception Exploits
Web Cache Deception Exploits
Admin
Web Socket Attacks
Web Socket Attacks
Admin
Cross Site Scripting Attacks
Cross Site Scripting Attacks
Admin
Wireless Penetration Testing
Wireless Penetration Testing
Admin
XPATH Injection Attacks
XPATH Injection Attacks
Admin
XSLT Injection Attacks
XSLT Injection Attacks
Admin
XXE Injection Attacks
XML Enternal Entity Injection Attacks
Admin
AWS
AWS
Admin
AWS S3
AWS S3
Admin
Azure
Azure
Admin
Bash
Bash
Admin
Kubernetes
Kubernetes
Admin
Linux Persistence Techniques
Linux Persistence Techniques
Admin
Linux Privilege Escalation Techniques
Linux Privilege Escalation Techniques
Admin
Network Pivoting Techniques
Network Pivoting Techniques
Admin
Windows - Download and execute methods
Windows - Download and execute methods
Admin
Koadic C3 C&C
Koadic C3 C&C
Admin
Mimikatz
Mimikatz
Admin
Windows Using Found Credentials
Windows Using Found Credentials
Admin
Windows Privilege Escalation
Windows Privilege Escalation
Admin
Insecure Source Code Management Leaks
Insecure Source Code Management Leaks
Admin