Scribd
Upload
44 views4 pages

Web Security Tools and Methodologie

Uploaded by

thnhng105
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
44 views4 pages

Web Security Tools and Methodologie

Uploaded by

thnhng105
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
You are on page 1/ 4

Web security tools and methodologies

Source code analysis


Persistent cross-site scripting
Session hijacking
.NET deserialization
Remote code execution
Blind SQL injections
Data exfiltration
Bypassing file upload restrictions and file extension filters
PHP type juggling with loose comparisons
PostgreSQL Extension and User Defined Functions
Bypassing REGEX restrictions
Magic hashes
Bypassing character restrictions
UDF reverse shells
PostgreSQL large objects
DOM-based cross site scripting (black box)
Server side template injection
Weak random token generation
XML External Entity Injection
RCE via database Functions
OS Command Injection via WebSockets (BlackBox)
Study Materials
timip-GitHub- Reference guide
noraj-GitHub - Reference guide
wetw0rk-Github - Reference guide
kajalNair-Github - Reference guide
s0j0hn-Github - Reference guide
deletehead-Github - Reference guide
z-r0crypt - Reference guide
rayhan0x01 - Reference guide
Nathan-Rague - Reference guide
Joas Content - Reference guide
Lawlez-Github - Reference guide
0xb120 - Reference Guide
Jaelkoh
Vulnerabilities
XXE Injection
CSRF
Cross-Site Scripting Exploitation
Cross-Site Scripting (XSS)
Unrestricted File Upload
Open Redirect
Remote File Inclusion (RFI)
HTML Injection
Path Traversal
Broken Authentication & Session Management
OS Command Injection
Multiple Ways to Banner Grabbing
Local File Inclusion (LFI)
Netcat for Pentester
WPScan:WordPress Pentesting Framework
WordPress Pentest Lab Setup in Multiple Ways
Multiple Ways to Crack WordPress login
Web Application Pentest Lab Setup on AWS
Web Application Lab Setup on Windows
Web Application Pentest Lab setup Using Docker
Web Shells Penetration Testing
SMTP Log Poisoning
HTTP Authentication
Understanding the HTTP Protocol
Broken Authentication & Session Management
Apache Log Poisoning through LFI
Beginner’s Guide to SQL Injection (Part 1)
Boolean Based
How to Bypass SQL Injection Filter
Form Based SQL Injection
Dumping Database using Outfile
IDOR
Reviews
OSWE Review - Portuguese Content
0xklaue
greenwolf security
Cristian R
21y4d - Exam Reviews
Marcin Szydlowski
Nathan Rague
Elias Dimopoulos
OSWE Review - Tips & Tricks - OSWE Review - Tips & Tricks
Alex-labs
niebardzo Github - Exam Review
Marcus Aurelius
yakuhito
donavan.sg
Alexei Kojenov
(OSWE)-Journey & Review - Offensive Security Web Expert (OSWE) - Journey & Review
Patryk Bogusz
svdwi GitHub - OSWE Labs POC
Werebug.com - OSWE and OSEP
jvesiluoma
ApexPredator
Thomas Peterson
NOH4TS
Alex
RCESecurity
Dhakal
Karol Mazurek
4PFSec
Cobalt.io
hakansonay
Jake Mayhew
Organic Security
Bitten Tech
Extra Content
OSWE labs - OSWE labs and exam's review/guide
HTB Machine
Deserialization
B1twis3
jangelesg GitHub
rootshooter
svdwi
OSEP
Content
Operating System and Programming Theory
Client Side Code Execution With Office
Client Side Code Execution With Jscript
Process Injection and Migration
Introduction to Antivirus Evasion
Advanced Antivirus Evasion
Application Whitelisting
Bypassing Network Filters
Linux Post-Exploitation
Kiosk Breakouts
Windows Credentials
Windows Lateral Movement
Linux Lateral Movement
Microsoft SQL Attacks
Active Directory Exploitation
Combining the Pieces
Trying Harder: The Labs
Study Materials
OSEP Code Snippets
Experienced Pentester OSEP
OSEP Pre
PEN 300 OSEP Prep
OSEP Thoughts
OSEP Code Snippets README
Osep
Google Drive File
Awesome Red Team Operations
OSEP Study Guide 2022 - João Paulo de Andrade Filho
OSEP PREP Useful Resources Payloads
OSEP in3x0rab13
Reviews
nullg0re
SpaceRaccoon Dev
HackSouth YouTube
Schellman
Cinzinga
YouTube iUPyiJbN4l4
BorderGate
Reddit OSEP Review
Reddit OSCP Review
Purpl3F0xSecur1ty
MakoSecBlog
YouTube iUPyiJbN4l4
YouTube 15sv5eZ0oCM
YouTube 0n3Li63PwnQ
YouTube BWNzB1wIEQ
SpaceRaccoon Dev
Cas van Cooten
BorderGate
MakoSecBlog
David Lebr1 GitBook
Offensive Security
João Paulo de Andrade Filho LinkedIn
YouTube R1apMwbVuDs
YouTube iUPyiJbN4l4
Cristian Cornea Medium
Security Boulevard
YouTube R1apMwbVuDs
Fluid Attacks
Heartburn.dev
YouTube FVZkVZKIyOA
RootJaxk
Dhruvagoyal
IT Security Labs
Benjamen Lim
Marmeus
Winslow
Jakob Bo Moller
swzhouu
Labs
SpaceRaccoon Dev - OSEP Review and Exam
Exploit-DB - Evasion Techniques Breaching Defenses
OSCP Exam Report Template Markdown
Offensive Security - OSEP Exam FAQ
CyberEagle - OSEP Review
PentestLab - Defense Evasion
PentestLab - Antivirus Evasion
PentestLaboratories - Process Herpaderping Windows Defender Evasion
YouTube - PentesterAcademyTV
YouTube - PacktVideo
YouTube - PentesterAcademyTV
GitHub - In3x0rabl3/OSEP
GitHub - timip/OSEP
OSED
Content
WinDbg tutorial
Stack buffer overflows
Exploiting SEH overflows
Intro to IDA Pro
Overcoming space restrictions: Egghunters
Shellcode from scratch
Reverse-engineering bugs
Stack overflows and DEP/ASLR bypass
Format string specifier attacks
Custom ROP chains and ROP payload decoders

You might also like