This is my notes from the Junior Pentesting course at TryHackMe. This course takes you through the basics and some advanced topics regarding penetration testing. What is an SSRF? SSRF stands for Server-Side Request Forgery. It’s a vulnerability that allows a malicious user to cause the webserver to make an additional or edited HTTP request…
This is my notes from the Junior Pentesting course at TryHackMe. This course takes you through the basics and some advanced topics regarding penetration testing. Introduction What is File inclusion? In some scenarios, web applications are written to request access to files on a given system, including images, static text, and so on via parameters. Parameters…
This is my notes from the Junior Pentesting course at TryHackMe. This course takes you through the basics and some advanced topics regarding penetration testing. What is an IDOR? IDOR stands for Insecure Direct Object Reference and is a type of access control vulnerability. This type of vulnerability can occur when a web server receives…
This is my notes from the Junior Pentesting course at TryHackMe. This course takes you through the basics and some advanced topics regarding penetration testing. Username Enumeration A helpful exercise to complete when trying to find authentication vulnerabilities is creating a list of valid usernames Website error messages are great resources for collating this information…
This is my notes from the Junior Pentesting course at TryHackMe. This course takes you through the basics and some advanced topics regarding penetration testing. Brief Subdomain enumeration is the process of finding valid subdomains for a domain. We do this to expand our attack surface to try and discover more potential points of vulnerability….
This is my notes from the Junior Pentesting course at TryHackMe. This course takes you through the basics and some advanced topics regarding penetration testing. What is content Discovery? This content could be, for example, pages or portals intended for staff usage, older versions of the website, backup files, configuration files, administration panels, etc. There…
This is my notes from the Junior Pentesting course at TryHackMe. This course takes you through the basics and some advanced topics regarding penetration testing. Introduction View Source – Use your browser to view the human-readable source code of a website. Inspector – Learn how to inspect page elements and make changes to view usually blocked content….
This is my notes from the Junior Pentesting course at TryHackMe. This course takes you through the basics and some advanced topics regarding penetration testing. Principles of Privileges The levels of access given to individuals are determined on two primary factors: The individual’s role/function within the organisation The sensitivity of the information being stored on…
This is my notes from the Junior Pentesting course at TryHackMe. This course takes you through the basics and some advanced topics regarding penetration testing. Penetration testing ethics Hat Category Description Example White Hat These hackers are considered the “good people”. They remain within the law and use their skills to benefit others. For example,…
This is a continued series where I document my path through different tryhackme courses. I recommend everyone that wants to learn cyber security to subscribe to tryhackme.com and take the courses there. Direction og Privilege Escalation Two main privilege escalation variants. Horizontal privilege escalation Expand your reach over the compromised system by taking over a…
This is a continued series where I document my path through different tryhackme courses. I recommend everyone that wants to learn cyber security to subscribe to tryhackme.com and take the courses there. What is a shell? A shell is what we use when interfacing with a Command Line environment (CLI). Common bash or sh programs…
This is a continued series where I document my path through different tryhackme courses. I recommend everyone that wants to learn cyber security to subscribe to tryhackme.com and take the courses there. Introduction Active Directory is the directory service for Windows Domain Networks. What is Active Directory? It’s a collection of machine and servers connected…
This is a continued series where I document my path through different tryhackme courses. I recommend everyone that wants to learn cyber security to subscribe to tryhackme.com and take the courses there. Windows file system and permissions explained What is the file system? It Is the method and data structure that an operating system uses…
This is a continued series where I document my path through different tryhackme courses. I recommend everyone that wants to learn cyber security to subscribe to tryhackme.com and take the courses there. Key Terms Ciphertext – The result of encrypting a plaintext, encrypted data Cipher – A method of encrypting or decrypting data. Modern ciphers…
This is a continued series where I document my path through different tryhackme courses. I recommend everyone that wants to learn cyber security to subscribe to tryhackme.com and take the courses there. Cracking Basic Hashes John Basic Syntax Basic Syntax for John the Ripper commands: john – invokes the John the ripper program [path to…
