Pentest FTW
PentestFTW
This repo includes various tips & tricks related to Penetration Testing. The goal of this repo is to include all tips and tricks discovered while playing with real-life vulnerabilities and CTFs challenges.
For each section, the README page includes all useful commands and references to tools and resources related to the section topic. Each vulnerability comes with a PWNLists section including one or more links to files containing juicy payloads to test the vulnerability in my PWNLists GitHub Repository.
Great Articles / Resources
Misc
TicketTrick - How I hacked hundreds of companies through their helpdesk
Great article on how to abuse Helpdesk Ticketing features to gain access to communication tools (i.e. Slack)
WAF Bypass
SQLI
SQL Smuggling Or, The Attack That Wasn't There - Comsec Consulting Research By Avi Douglen
An interesting paper on WAF Bypass using SQL Smuggling
Active Directory
Last updated