notes

XXE Injections

Abusing XML Parsers

Zinhart notes xxe awae

Server Side Request Forgery

API Architecture, SSRF, MicroServices

Zinhart notes ssrf awae

Network Modeling

Classless Internet Domain Routing

Zinhart notes networking awae

HTTPS?

Self Signed SSL Certificate Generation.

Zinhart notes ssl-certificates oscp

Socat

While Netcat is indeed my Swiss Army Knife, but Socat is my Katana

Zinhart notes oscp shells

Modern Browser Defenses

Browser Protections Against Cookie theft

Zinhart notes awae

CORS

Cross Origin Resource Sharing

Zinhart notes awae

Same Origin Policy

Zinhart notes awae

SSH Tunneling

Cucking Firewalls, IP Restrictions, and Network Based Access Control Mechanisms

Zinhart notes ssh tunneling firewall evasion

Restricted Admins part 2

Securing the domain admin account with restricted admins

Zinhart notes system administration active directory