👨‍💻👾👨‍💻👾👨‍💻👾

  • Bug_Bounty
    • Methodology
      • Low_Hangers
        • 7e-Discover Origin IP Address
        • 403 Bypass Automation
        • Account Takeover via Hidden Parameters
        • Broken Link Hijacking
        • Click Jacking
        • Clipboard Enabled
        • EXIF Geolocation Data not Stripped From Uploaded Images
        • JWT Tokens Email Disclosure
        • No Rate Limit
        • Password Link over HTTP
        • Profile Image Not Deleted
        • Subdomain Takeover
        • Token Not Validated After Usage
        • WP and Drupal Simple P1 Bug
        • XSS to ATO
      • 1-Find Seeds
      • 2-Subdomain Scrapping
      • 3-Github Dorking
      • 4-List Hosts
      • 5-Burp Suite Set Up
      • 6-Endpoints Discovery
      • 7-GF Patterns
      • 8-GF Automation
      • 9-Live Hosts Enumeration
      • 10-Endpoints Enumeration
      • 11-Payloads
      • Find Target
    • VDP
      • Hall of Fame
    • README
  • CVEs
    • Disclosed
      • CVE-2024-6066
      • CVE-2024-6067
      • CVE-2024-6213
      • CVE-2024-6214
      • CVE-2024-6215
      • CVE-2024-6216
      • CVE-2024-6217
      • CVE-2024-6418
      • CVE-2024-6419
      • CVE-2024-7942
      • CVE-2024-7948
      • CVE-2024-8140
      • CVE-2024-8141
      • CVE-2024-8142
      • CVE-2024-8151
      • CVE-2024-8152
      • CVE-2024-8153
      • CVE-2024-8154
      • CVE-2024-8170
      • CVE-2024-8172
      • CVE-2024-8380
      • CVE-2024-9092
      • CVE-2024-9093
      • CVE-2024-10153
      • CVE-2024-10154
      • CVE-2024-10155
      • CVE-2024-10156
      • CVE-2024-10157
      • CVE-2024-10158
      • CVE-2024-10159
      • CVE-2024-10160
      • CVE-2024-10161
      • CVE-2024-10162
      • CVE-2024-10191
      • CVE-2024-10192
      • CVE-2024-10414
      • CVE-2024-10423
      • CVE-2024-10424
      • CVE-2024-10425
      • CVE-2024-10432
      • CVE-2024-10433
      • CVE-2024-10446
      • CVE-2024-10447
    • README
  • Hackthebox
    • Linux🐧
      • HTB - Cronos
      • HTB- WifineticTwo
      • HTB-Bitlab
      • HTB-Blurry
      • HTB-Boardlight
      • HTB-BountyHunter
      • HTB-Cap
      • HTB-Editorial
      • HTB-Forge
      • HTB-FormulaX
      • HTB-GoodGames
      • HTB-GreenHorn
      • HTB-Headless
      • HTB-IClean
      • HTB-Intuition
      • HTB-Jarvis
      • HTB-Lightweight
      • HTB-MagicGardens
      • HTB-MetaTwo
      • HTB-Nibbles
      • HTB-Node
      • HTB-October
      • HTB-Pandora
      • HTB-Perfection
      • HTB-PermX
      • HTB-Poison
      • HTB-Runner
      • HTB-Sea
      • HTB-Skyfall
      • HTB-Solidstate
      • HTB-Usage
      • HTB-Vault
    • Windows📘
      • HTB- Silo
      • HTB-Access
      • HTB-Active
      • HTB-Atom
      • HTB-Axlle
      • HTB-Blackfield
      • HTB-Cascade
      • HTB-Chatterbox
      • HTB-Control
      • HTB-Crafty
      • HTB-Forest
      • HTB-Freelancer
      • HTB-Fuse
      • HTB-Jab
      • HTB-Jeeves
      • HTB-Love
      • HTB-Mailing
      • HTB-Mist
      • HTB-Monteverde
      • HTB-Netmon
      • HTB-Object
      • HTB-Office
      • HTB-Pov
      • HTB-Querier
      • HTB-Reel
      • HTB-Remote
      • HTB-Resolute
      • HTB-Sauna
      • HTB-Solarlab
      • HTB-Worker
    • README
  • Others
    • Cybersecurity Companies (Might apply one day)
  • Pentesting
    • Active Directory🌐
      • 1-Initial Enumeration🕵️
        • a-Introduction
        • b-External Recon
        • c-Internal Recon
      • 2-Foothold Sniff🐽
        • a-LLMNR/NBT-NS Poisoning - Responder
        • b-LLMNR/NBT-NS Poisoning - Inveigh
      • 3-Password Spraying🔫
        • a-Password Policy Enumeration
        • b-Create Target User List
        • c-Password Spraying - Linux
        • d-Password Spraying - Windows
      • 4-Enumeration From Beachhead🏖️
        • a-Security Control Enumeration
        • b-Enumeration from beachhead - Linux
        • c-Enumeration from beachhead - Windows
        • d-Enumeration Without Tools
      • 5-Kerberoasting🎫
        • a-Kerberoasting from Linux
        • b-Kerberoasting from Windows
      • 6-ACL🙈
        • a-ACL Overview
        • b-ACL Enumeration
        • c-ACL Abuse
        • d-DCSync Attack
      • 7-Privilege Escalation🔓
        • c-Known Vulnerabilities🩼
          • a-NoPac
          • b-PrintNightmare
          • c-PetitPotam
        • a-Privileged Access
        • b-Kerberos "Double Hop" Problem
        • d-Misconfigurations
    • File Transfer📁
      • File Transfer - Linux
      • File Transfer - More
      • File Transfer - Protected
      • File Transfer - Windows
      • File Transfer with code
    • Persistence and Dump🥷🏻
      • Dump🗑️
        • Attacking LSASS
        • Attacking NTDS.dit
        • Attacking SAM
      • Linux Persistence
      • Windows Persistence
    • Pivoting🔄
      • Socat🐱
        • Socat Bind Shell
        • Socat Reverse Shell
      • Tools🛠️
        • DNS Tunneling - Dnscat2
        • ICMP Tunneling - SOCKS
        • SOCKS5 - Chisel
        • Sshuttle
        • Web Server - Rpivot
        • Windows - Netsh
        • Windows - plink.exe
      • a-Discovery and Scan
      • b-Port Forwarding
      • c-Dynamic Port Forwarding
      • d-Reverse Port Forwarding w SSH
      • e-Meterpreter Tunneling
    • Privilege Escalation↗️
      • Crack Linux Hash
      • Credential Hunting
      • Interactive Shell
      • Linux Privilege Escalation
      • Pass the Hash
      • Pass the Ticket - Linux
      • Pass the Ticket - Windows
      • Windows Privilege Escalation
    • Services🛡️
      • Email Services
      • Port 21 - FTP
      • Port 53 - DNS
      • Port 80 - HTTP
      • Port 88 - Kerberos
      • Port 139,445 - SMB
      • Port 389 - LDAP
      • Port 445 - RPC
      • Port 1433 - MSSQL
      • Port 3306 - MySQL
      • Port 3389 - RDP
      • UDP 161 - SNMP
  • RedTeam
    • Sliver
      • Build_Full_Sliver_Lab
        • 01-Building a Full Sliver Lab with Detection Evasion
        • 02-Installation
        • 02-Sliver Protocols
  • Web_App
    • A-Web Requests
      • a-HyperText Transfer Protocol(HTTP)
      • b-Hypertest Transfer Protocol Secure (HTTPS)
      • c-HTTP Requests and Responses
      • d-HTTP Headers
      • e-Methods and Codes
      • M1-GET
      • M2-POST
      • M3-CRUD API
    • B-Intro to Web Apps
      • Back End Vulns
        • a-Common Web Vulns
      • Front End Vulns
        • a-Sensitive Data Exposure
        • b-HTML Injection
        • c-Cross Site Request Forgery (CSRF)
        • c-XSS
      • a-intro
      • b-Layout
      • c-Front End Back End
      • d-HTML
      • d-JavaScript
      • e-CSS
      • f-Web Servers
      • g-Databases
      • h-Development and APIs
    • C-Proxy
      • a-Proxy Tools
    • D-Ffuf
      • a-Fuff
    • E-JavaScript Deobfuscation
      • a-intro
      • b-Basic Obfuscation
      • c-Advanced Obfuscation
      • d-Deobfuscation
      • e-Decoding
    • F-XSS💀
      • XSS Attacks
        • a-Defacing
        • b-Phishing
        • c-Sessions Hijacking
      • a-Intro
      • b-Stored XSS
      • c-Reflected XSS
      • d-DOM XSS
      • e-XSS Discovery
      • f-XSS Prevention
    • G-SQLi💉
      • Exploitation
        • a-Database Enumeration
        • b-Reading Files
        • c-Writing Files
      • MySQL
        • a-Intro
        • b-SQL Basics
      • SQLMap🗺️
        • a-intro
        • b-Basics
        • c-Enumeration
        • d-OS Exploitation
      • a-intro
      • b-SQLi Basics
      • c-Subvert Query Logic
      • d-Using Comments
      • e-Union Clause
      • f-Mitigation
    • H-Command Injection
      • Exploitation
        • a-Detection
        • b-Injecting Commands
      • Filter Evasion
        • a-Identify Filters
        • b-Bypass Space Filters
        • Bypass Blacklisted Commands
        • c-Bypass Other Blacklisted Characters
        • e-Advanced Command Obfuscation
        • f-Evasion Tools
      • a-intro
      • b-Prevention
    • I-File Upload📤
      • Bypass Filter
        • a-Client-Side Validation
        • b-Blacklist Filters
        • c-Whitelist Filters
        • d-Type Filters
        • e-Limited File Uploads
        • f-Other Upload Attacks
        • Tips
      • a-Shell
      • b-Prevention
    • J-Server Side Attacks
      • SSI
        • a-intro
        • b-SSI Injection
      • SSRF
        • a-intro
        • b-Identify SSRF
        • c-Exploit SSRF
        • d-Blind SSRF
      • SSTI
        • a-Intro
        • b-Identify SSTI
        • c-Jinja2
        • d-Twig
        • e-SSTImap
      • XSLT Injection
        • a-intro
        • b-Exploit XSLT Injection
      • a-Intro
    • K-Login Bruteforce
      • a-Intro
      • b-Default Passwords
      • c-Username Bruteforce
      • d-Hydra Modules
      • e-Personalized Wordlists
      • f-Service Authentication Bruteforce
    • L-Broken Authentication
      • Authentication Bypass
        • a-Via Direct Access
        • b-Via Parameter Modification
      • Bruteforce
        • a-User Enumeration
        • c-Bruteforce Password Reset Tokens
        • d-Bruteforce 2FA Codes
        • e-Weak Bruteforce Protection
        • Password Bruteforce
      • Password Attacks
        • a-Default Credentials
        • b-Vulnerable Password Reset
      • Session Attacks
        • a-Session Tokens
        • b-Further Session Attacks
      • a-Intro
    • M-Web Attacks⚔️
      • HTTP Verb Tampering
        • a-intro
        • b-Bypass Basic Authentication
        • c-Bypass Security Filters
        • d-Prevention
      • IDOR
        • a-Intro
        • b-Identify IDOR
        • c-Mass IDOR Enumeration
        • d-Bypass Encoded References
        • e-IDOR in Insecure APIs
        • f-Chaining IDORs
      • XXE
        • a-intro
        • b-Local File Disclosure
        • c-Advanced File Disclosure
        • d-Blind Data Exfiltration
      • a-Intro
    • N-File Inclusion📁
      • Automation
        • a-Automated Scanning
        • b-Prevention
      • File Disclosure
        • a-LFI
        • b-Basic Bypasses
        • c-PHP Filters
      • RCE
        • a-PHP Wrappers
        • b-RFI
        • c-LFI and File Uploads
        • d-Log Poisoning
      • a-intro
    • O-Session Security
      • Session Attacks
        • a-Session Hijacking
        • b-Session Fixation
        • c-Obtain Session Identifier wo User Interaction
        • d-XSS
        • e-CSRF
        • f-GET Based CSRF
        • g-POST Based CSRF
        • h-Chain XSS CSRF
        • i-Weak CSRF Tokens
        • j-Bypasses
        • k-Open Redirect
      • a-intro
    • P-API Attacks
      • API Attacks
        • a-Attack Wordpress xmlrpc.php
        • c-Arbitrary File Upload
        • d-LFI
        • e-SSRF
        • e-XSS
        • g-ReDos
        • h-XXE
        • Information Disclosure w SQLi
      • a-intro
      • b-WSDL
      • c-SOAPAction Spoofing
      • d-Command Injection
    • Q-Wordpress
      • Enumeration
        • a-WP Core Version Enumeration
        • b-Plugins and Themes Enumeration
        • c-Directory Indexing
        • d-User Enumeration
        • e-Login
        • f-WPScan
      • Exploitation
        • a-Vulnerable Plugin
        • b-Attacker User
        • c-RCE
        • d-WP and Metasploit
      • a-intro
    • R-BBH Process
      • a-Bug Bounty Programs
      • b-Writing Report

Tag: applocker

1 item with this tag.

  • Dec 07, 2024

    HTB-Reel

    • htb
    • windows
    • hard
    • active-directory
    • ftp
    • ismtp
    • cve-2017-0199
    • rtf
    • pscredential
    • bloodhound
    • applocker
    • powerview-ps1
    • writeowner
    • writedacl

Created with Quartz v4.5.0 © 2025

  • GitHub
  • Discord Community