XML External Entity Injection | HackTheBox baby WAFfles order
We covered a simple demonstration of XML External Entity Injection vulnerability which is part of OWASP Top…
About the Author
Mastermind Study Notes is a group of talented authors and writers who are experienced and well-versed across different fields. The group is led by, Motasem Hamdan, who is a Cybersecurity content creator and YouTuber.
Fuzzing Web Applications with Wfuzz | HackTheBox baby todo or not todo
We covered Fuzzing Web Applications with Wfuzz specifically fuzzing API endpoints. This was part of HackTheBox OWASP…
Python Pickle Exploitation | HackTheBox OWASP Top 10 Baby Website Rick
We covered python pickle where we demonstrated the serialization and deserialization of python pickle objects. This was…
PHP Static-Eval Exploitation | HackTheBox Baby Breaking Grad
We covered basic white box penetration test by inspecting, analyzing and exploiting a web application source code…
Microsoft Exchange CVE-2021-34473 Exploit | TryHackMe LookBack
We covered a scenario where we performed a vulnerability scanning with Nikto on a vulnerable windows machine…
Microsoft Outlook NTLM Vulnerability | CVE-2023-23397 Demo
We covered the recent Microsoft Outlook NTLM Vulnerability CVE-2023-23397 that could lead to NTLM hash leak if…
Python Eval Function Exploitation | TryHackMe Devie
We covered a scenario that demonstrates python exploitation through Eval function. Additionally we covered an example of…
XML External Entity Injection Demonstration | HTB BountyHunter | CREST CRT Track
We covered a demo of XML External Entity Injection along with privilege escalation through exploiting Python eval…
Windows Privilege Escalation with PowerUp | HackTheBox Remote | CREST CRT Track
We covered HackTheBox Remote machine as part of CREST CRT (Registered Penetration Tester) Track. We demonstrated Umbraco…
Docker Privilege Escalation and SSTI Exploitation | HackTheBox GoodGames
We covered HackTheBox GoodGames as part of CREST CRT track. We went over SQL Injection, server side…
Windows Active Directory Exploiting Group Policy Preferences | HackTheBox Active
We covered HackTheBox Active as part of CREST CRT (registered penetration tester track). We went through Exploiting…
Python Privilege Escalation | HackTheBox Cap | CREST CRT Track
We covered Insecure Direct Object Reference vulnerability exploitation along with Python privilege escalation as part of HackTheBox…
DNS Zone Transfer and Python Privilege Escalation | HackTheBox FriendZone
We covered HackTheBox FriendZone as part of CREST CRT track. We went over DNS zone transfer, SMB…
Linux Privilege Escalation Through X11 Authorization | HackTheBox Squashed
We enumerate NFS shares, and upload a Web Shell . We also performed Linux privilege escalation by…
Demonstrating XSS,RCE and PostgreSQL Exploitation | HackTheBox Red Cross
RedCross From HackTheBox was like a maze, with several different paths to achieve shell and root. We’ll…
Understanding The Bypass Of File Upload Extension Filters P10 | TryHackMe Opacity
TryHackMe Opacity is an easy machine that can help you in the penetration testing learning process. We…
Active Directory Penetration Testing | TryHackMe Services
We come upon a website that lists some fictional firm employees’ entire names. We create some usernames…
Security Management Concepts Explained | TryHackMe
We covered information security management concepts such as information security governance, information security regulations, risk management and…
File Upload Vulnerabilities P12 | OverTheWire Natas 13
We covered another file upload vulnerability where the vulnerable code contained a PHP function exif_imagetype to check…
Encryption and Secure Remote Access | Linux Hardening TryHackMe
We explored encryption and secure remote access as methods to secure and harden Linux. Encryption makes data…