Skip to the content.

Links

A list of security resources

Web application testing techniques

Security of web applications: vulnerabilities in upload mechanisms

PortSwigger HTTPS hidden attack surface

Exfiltration via CSS injection

CSS injection attacks

SQL injection

NetSPI SQL injection wiki

PHP

PHP Type Juggling

PHP Type Juggling 2

State of the Art Post Exploitation in Hardened PHP Environments

Java

Java Struts2

Expression Language Injection

Deserialization

Unexpected Deserialization pt 1 – JMS

Pwning Your Java Messaging With Deserialization Vulnerabilities

Exploiting Node.js deserialization bug for Remote Code Execution

SSL/TLS

BEAST

BREACH

gotofail 1

gotofail 2

gotofail 3

Crypto

Recovering ECDSA private keys for reuse of k

Ruby

Rails YAML CVE-2013-0156

Helpers/Utilities

One liner HTTP servers

Cloud security

Cloudberry Engineering cloud security tools list

Azure

Azure File shares for pentesters - NetSPI

Utilising Azure services for red team engagements - NetSPI

Azure Fundamental for Ethical Hackers and Special Ops Team

Azure Penetration Testing Category at NetSPI Blog

Azure AD Introduction for Red Teamers

[Red Teaming Microsoft: Part 1 – Active Directory Leaks via Azure](https://www.blackhillsinfosec.com/red-teaming-microsoft-part-1-active-directory-leaks-via-azure/

Head in the clouds - Microsoft Azure

GCP

Post exploitation and Privilege escalation in GCP

Active Directory/ Windows Enterprise

AD discovery on a Mac

Networking

Multiple ways of writing an IP address

Bug bounty reads

how-i-made-31500-by-submitting-a-bug-to-facebook

Signing with Apple

We Hacked Apple for 3 Months: Here’s What We Found

Just another bug bounty recon guide

Vulnerable/challenge apps

Acunetix Acuart

SECURITY PRACTICAL CHALLENGES - ONLINE AND LIVE

Red teaming blogs

Rastamouse

Harmjoy

Red teaming techniques

AmsiScanBuffer Bypass - Part 1

Kerberos

Kerberos in Active Directory

Abusing Kerberos from Linux

Kerberosity Killed the Domain: An Offensive Kerberos Overview

SMB/MSRPC

Impacket Guide

Lateral movement with named pipes

Client side protection bypasses

15 ways to bypass the Powershell execution policy

Vulnerability info

AttackerKB