Spindel 🕸️
A minimalist, quick search cybersecurity blog and cheatsheets
BLOG
- Hack The Box - Keeper
- Inspecting Javascript Codes
- Apache James
- SSL Heartbleed
- Papercut Print Logger
- Java Debug Wire Protocol (JDWP)
- FTP
- XSS and Deserialization Chain Attack
- Access ADB as root
- AI
- SNMP Extended Script
- Uploading malicuous JAR or WAR file
- Decyrpting Admin password using DNSpy debug
- SQL Injection - SQLite
- Dangerous Functions
- Dangerous Functions
- Nuxeo
- Splunk Wispherer
- Wordpress 5 RCE
- HTA Handler RCE (CVE-2017-0199)
- Redis 4 and 5 Unauthenticated RCE
- LSA Secrets
- DNS (Domain Name System)
- AD Recycle Bin
- NFS hidden mount
- Fuzzing and Binary Inspection Techniques
- Android APK Command Injection via msfvenom template
- Eternal Blue
- Eternal Blue - Exploits
- Wordpress Job-Manager Plugin File Disclosure
- LD_PRELOAD
- Gitlab LFI and Cookie Deserialization
- Python AES Encryption and Decryption
- Powershell Web Access
- Kerberoasting using Powershell
- Adminer File Disclosure
- Hashes
- ManageEngine Service Desk Plus (SDP)
- Java JSF ViewState Deserialization
- Node JS Deserialization - Cookie
- LFI - Using access logs (Log Poisoning)
- Complicated SQL Payloads
- Bypass PIE (32-bit) - Ret2libc
- DPAPI (Data Protection API)
- boot2docker
- Monitoring Processes via SNMP
- Python Pickle Deserialization
- Docker
- Kibana LFI to RCE
- PHP XDebug
- Kerberoasting - Impacket
- Kerberoasting - Rubeus
- AS-REP Roasting using Impacket
- PD4ML Attachment from DynamoDB
- Malicious DLL Injection
- Insecure Dynamic DNS Updates
- Gitlab
- SSH run-parts
- Network Scripts Command Injection
- October CMS
- Extracting creds from AD Connect
- MySQL
- Cookie/Session Hijacking
- Nibble
- Moodle
- XSS Port Scanning
- Ret2libc - system()
- Wordpress
- MS SQL
- NFS no_root_squash
- Zipped LNK files over SMB
- Malicious SCF File Upload
- IIS
- Core Dump Technique
- CMS Made Simple
- Bypass ASLR + NX (64-bit) - ROP Chain
- Padding Oracle Attack