Skip to content
Notes & Writeups
TwoMillion
Initializing search
Welcome
Bug Bounty
CISSP Pre
HTB
Notes
OSWE
OffSec playground
Others
PortSwigger Labs
Notes & Writeups
Welcome
Bug Bounty
Bug Bounty
Overlong UTF-8 Encoding Attack
CISSP Pre
CISSP Pre
Glossaries
Question Review
1 Security and Risk Management
1 Security and Risk Management
Domain 1 Security and Risk Managment 16%
Chapter 1 Security Governance Through Principles and Policies
Chapter 2 Personnel Security and Risk Management Concepts
Chapter 3 Business Continuity Planning
Chapter 4 Laws, Regulations, and Compliance
2 Asset Security
2 Asset Security
Domain 2 Asset Security 10%
Chapter 5 Protecting Security of Assets
3 Security Architecture and Engineering
3 Security Architecture and Engineering
Domain 3 Security Architecture and Engineering 13%
Chapter 10 Physical Security Requirements
Chapter 6 Cryptography and Symmetric Key Algorithms
Chapter 7 PKI and Cryptographic Applications
Chapter 8 Principles of Security Models, Design, and Capabilities
Chapter 9 Security Vulnerabilities, Threats, and Countermeasures
4 Communication and Network Security
4 Communication and Network Security
Domain 4 Communication and Network Security 13%
Chapter 11 Secure Network Architecture and Components
Chapter 12 Secure Communications and Network Attacks
5 Identity and Access Managment
5 Identity and Access Managment
Domain 5 Identity and Access Management (IAM) 13%
Chapter 13 Managing Identity and Authentication
Chapter 14 Controlling and Monitoring Access
6 Security Assessment and Testing
6 Security Assessment and Testing
Domain 6 Security Assessment and Testing 12%
Chapter 15 Security Assessment and Testing
7 Security Operations
7 Security Operations
Domain 7 Security Operations 13%
Chapter 16 Managing Security Operations
Chapter 17 Preventing and Responding to Incidents
Chapter 18 Disaster Recovery Planning
Chapter 19 Investigations and Ethics
8 Software Development Security
8 Software Development Security
Domain 8 Software Development Security 10%
Chapter 20 Software Development Security
Chapter 21 Malicious Code and Application Attacks
HTB
HTB
Academy
Academy
API attack
Introduction to Bash Scripting
Introduction to Web APPs
Introduction to Windows Command Line
SOC Analyst Pathway
Web requests
Challenges
Challenges
ApacheBlaze
C.O.P
Distract and Destroy (Blockchain)
DoxPit
Neonify
Oxidized ROP
PDFy.md
Photon Lockdown (Hardware)
ProxyAsAService
RenderQuest
Watersnake
baby website rick
jscalc
Machines
Machines
Aero
Arkham
[Protected] Axlle
[Protected] Blazorized
[Protected] Blurry
[Protected] BoardLight
Bucket
Celestial
Cereal
[Protected] Compiled
Developer
[Protected] DOG
[Protected] Editorial - Season 5
Escape
[Protected] FormulaX - Season 4
[Protected] GreenHorn
[Protected] Headless - Season 4
[Protected] IClean - Released on 06 Apr 2024
[Protected] Intuition - Season 5
[Protected] Jab - Season 4
[Protected] Mailing - Season 5
[Protected] Mist - Season 4
[Protected] Monitored - Season 4
[Protected] Office - Season 4
Outdated
[Protected] Perfection - Season 4
[Protected] PermX
Popcorn
[Protected] Runner - Season 5
Scrambled
[Protected] Sea
[Protected] SolarLab
SteamCloud
Strutted
TwoMillion
Usage - Released on 13 Apr 2024
Vault
WifineticTwo - Season 4
Notes
Notes
Change root user's password in Mysql Linux
Create multiple shells from one shell
File upload
Transfer file from remote to local
VPN
payloads for SSRF
OSWE
OSWE
OSWE learning process
Challenge Labs
Challenge Labs
ATutor
Answer
Chat
DocEdit
Erka
Gallery
Notebook
POC script requirement
sqeakr
Course
Course
10. Guacamole Lite Prototype Pollution
11. Dolibarr Eval Filter Bypass RCE
12. RudderStack SQLi and Coraza WAF Bypass
3. ManageEngine Applications Manager AMUserResourcesSyncServlet SQL Injection RCE
4. DotNetNuke Cookie Deserialization RCE
5. ERPNext Authentication Bypass and Server Side Template Injection
6. openCRX Authentication Bypass and Remote Code Execution
7. openITCOCKPIT XSS and OS Command Injection - Blackbox
8. Concord Authentication Bypass to RCE
9. Server-Side Request Forgery
Source code analysis
.Net
Java
Python
Post course
Post course
Some Basic Commands
Why deserialization vulnerability exists?
Research: Exploiting Jsonpickle to Get RCE
Trouble1
Pre request
Pre request
Common commands of Docker
Regular Expression
Reset Timezone
apache2
PHP relevant
Tips
Tips
File transfer
MySQL
PostgreSQL
OffSec playground
OffSec playground
CVE-2024-25180
Hepet
OSCPExamTips
Others
Others
Ministry of Magic
Job
NZISM & PSR
Use WSL to Install Ubuntu on Windows 11
PortSwigger Labs
PortSwigger Labs
Access control vulnerabilities
Authentication
Cross-origin resource sharing (CORS)
Cross-site request forgery (CSRF)
Click jacking
File upload vulnerabilities
GraphQL API vulnerabilities
HTTP Host header attacks
Information disclosure
Insecure deserialization
JWT (Json Web Tokens)
NoSQL injection
OAuth authentication
OS command injection
Path traversal
Race conditions
SQL injection
Server-side request forgery (SSRF)
Web LLM (Large Language Model) attacks
Web cache poisoning
WebSockets
Cross-site script (XSS)
XML external entity (XXE) injection
Sever-side template injection
TwoMillion