The Grey Corner

Stephen Bradshaw's blog about pentesting and computer security

Offensive Security Feed Offensive Security Notes

© 2024.

Tags

Amplify 1 antivirus 2 API Gateway 1 Authentication 1 AWS 1 backtrack 4 buffer overflow 10 Burp 1 C2 1 compiler 2 containerd 1 container 2 cryptographic attack 1 cryptography 2 ctf 1 CVE-2022-46164 1 dante 1 debugging 3 deserialization 1 discovery 1 domain fronting 1 dradis 1 egghunter 3 enumeration 1 exploit tutorial 10 extension 1 forwarding 1 Function URL 1 fuzzing 2 hacker-container 1 hackthebox 1 heap overflow 1 incident response 5 iPython 2 istio 1 JavaScript 1 java 1 jekyll 1 JWT 1 jwt 1 Kubernetes 2 Lambda 1 libnmap 1 links 2 malicious pdf 5 malware analysis 5 network enumeration 1 nmap 2 NodeBB 1 omlette 1 outside article 7 pentesting 11 poc 1 pods 1 prefix 1 prototype 1 Python 1 python 1 red team 1 restrictive proxies 4 review 1 rhino 2 RSA 1 SafeSEH 4 SEH 4 Serverless 1 service enumeration 1 services 1 service 1 shellcode 17 software 10 sql injection 1 sqlmap tamper script 1 sqlmap test payload 1 sqlmap troubleshooting 1 sqlmap 1 ssltest 5 stack based buffer overflow 10 stack overflow 10 suffix 1 theory 1 tips 1 tutorial 11 use after free 2 vulnserver 8 windows buffer overflow 10 windows stack based buffer overflow 9 x509 1 ysoserial 1

Amplify

AWS Service Command and Control HTTP traffic forwarding 30 Aug 2023

antivirus

API Gateway

AWS Service Command and Control HTTP traffic forwarding 30 Aug 2023

Authentication

Kubernetes Authentication Deep Dive 15 Nov 2023

AWS

AWS Service Command and Control HTTP traffic forwarding 30 Aug 2023

backtrack

buffer overflow

Burp

iPython for cyber security data processing and automation 16 Aug 2023

C2

AWS Service Command and Control HTTP traffic forwarding 30 Aug 2023

compiler

containerd

Kubernetes Authentication Deep Dive 15 Nov 2023

container

cryptographic attack

hlextend Pure Python hash length extension module 23 Aug 2014

cryptography

ctf

OpenSSL Conversion, Display and Encryption Commands for Pentesters 28 Sep 2015

CVE-2022-46164

CVE-2022-46164 Account takeover via prototype vulnerability in NodeBB 04 Jan 2023

dante

Hackthebox Dante Review 15 Dec 2021

debugging

deserialization

CommonCollections deserialization attack payloads from ysoserial failing on > JRE 8u72 01 May 2016

discovery

Kubernetes Internal Service Discovery 13 Dec 2023

domain fronting

AWS Service Command and Control HTTP traffic forwarding 30 Aug 2023

dradis

Running Dradis in Apache on Ubuntu 21 May 2011

egghunter

enumeration

Kubernetes Internal Service Discovery 13 Dec 2023

exploit tutorial

extension

iPython for cyber security data processing and automation 16 Aug 2023

forwarding

AWS Service Command and Control HTTP traffic forwarding 30 Aug 2023

Function URL

AWS Service Command and Control HTTP traffic forwarding 30 Aug 2023

fuzzing

hacker-container

Kubernetes Internal Service Discovery 13 Dec 2023

hackthebox

Hackthebox Dante Review 15 Dec 2021

heap overflow

The Difference Between Heap Overflow and Use After Free Vulnerabilities 31 Mar 2010

incident response

iPython

istio

Kubernetes Internal Service Discovery 13 Dec 2023

JavaScript

CVE-2022-46164 Account takeover via prototype vulnerability in NodeBB 04 Jan 2023

java

CommonCollections deserialization attack payloads from ysoserial failing on > JRE 8u72 01 May 2016

jekyll

Moving to Jekyll 08 Oct 2020

JWT

Kubernetes Internal Service Discovery 13 Dec 2023

jwt

Kubernetes Authentication Deep Dive 15 Nov 2023

Kubernetes

Lambda

AWS Service Command and Control HTTP traffic forwarding 30 Aug 2023

libnmap

List comprehension one liners to extract info from nmap scans using Python and libnmap 30 Apr 2016

links

malicious pdf

malware analysis

network enumeration

Kubernetes Internal Service Discovery 13 Dec 2023

nmap

NodeBB

CVE-2022-46164 Account takeover via prototype vulnerability in NodeBB 04 Jan 2023

omlette

Omlette Egghunter Shellcode 31 Oct 2013

outside article

pentesting

poc

CVE-2022-46164 Account takeover via prototype vulnerability in NodeBB 04 Jan 2023

pods

Kubernetes Internal Service Discovery 13 Dec 2023

prefix

Exploiting difficult SQL injection vulnerabilities using sqlmap: Part 1 05 Jan 2017

prototype

CVE-2022-46164 Account takeover via prototype vulnerability in NodeBB 04 Jan 2023

Python

iPython for cyber security data processing and automation 16 Aug 2023

python

List comprehension one liners to extract info from nmap scans using Python and libnmap 30 Apr 2016

red team

Kubernetes Internal Service Discovery 13 Dec 2023

restrictive proxies

review

Hackthebox Dante Review 15 Dec 2021

rhino

RSA

Kubernetes Authentication Deep Dive 15 Nov 2023

SafeSEH

SEH

Serverless

AWS Service Command and Control HTTP traffic forwarding 30 Aug 2023

service enumeration

Kubernetes Internal Service Discovery 13 Dec 2023

services

Kubernetes Internal Service Discovery 13 Dec 2023

service

Kubernetes Internal Service Discovery 13 Dec 2023

shellcode

software

sql injection

Exploiting difficult SQL injection vulnerabilities using sqlmap: Part 1 05 Jan 2017

sqlmap tamper script

Exploiting difficult SQL injection vulnerabilities using sqlmap: Part 1 05 Jan 2017

sqlmap test payload

Exploiting difficult SQL injection vulnerabilities using sqlmap: Part 1 05 Jan 2017

sqlmap troubleshooting

Exploiting difficult SQL injection vulnerabilities using sqlmap: Part 1 05 Jan 2017

sqlmap

Exploiting difficult SQL injection vulnerabilities using sqlmap: Part 1 05 Jan 2017

ssltest

stack based buffer overflow

stack overflow

suffix

Exploiting difficult SQL injection vulnerabilities using sqlmap: Part 1 05 Jan 2017

theory

The Difference Between Heap Overflow and Use After Free Vulnerabilities 31 Mar 2010

tips

Hackthebox Dante Review 15 Dec 2021

tutorial

use after free

vulnserver

windows buffer overflow

windows stack based buffer overflow

x509

Kubernetes Authentication Deep Dive 15 Nov 2023

ysoserial

CommonCollections deserialization attack payloads from ysoserial failing on > JRE 8u72 01 May 2016