- Uploading malicuous JAR or WAR file
- Decyrpting Admin password using DNSpy debug
- Wordpress 5 RCE
- HTA Handler RCE (CVE-2017-0199)
- Redis 4 and 5 Unauthenticated RCE
- Android APK Command Injection via msfvenom template
- Eternal Blue
- Eternal Blue - Exploits
- Wordpress Job-Manager Plugin File Disclosure
- Gitlab LFI and Cookie Deserialization
- Kerberoasting using Powershell
- Adminer File Disclosure
- Java JSF ViewState Deserialization
- Node JS Deserialization - Cookie
- Monitoring Processes via SNMP
- Python Pickle Deserialization
- PHP XDebug
- Kerberoasting - Impacket
- AS-REP Roasting using Impacket
- PD4ML Attachment from DynamoDB
- Insecure Dynamic DNS Updates
- XSS Port Scanning
- Zipped LNK files over SMB
- Malicious SCF File Upload
- Padding Oracle Attack