🐻
CTF Notes
  • Home
  • General
    • Hints
    • Formats
    • Links
    • Reversing
  • Binary
    • Basics
    • Vectors
    • Evasion
    • Payloads
    • Heap
    • Tools
  • Web
    • Web
    • Javascript
    • PHP
  • System
    • Escape
    • Escalation
    • Shells
  • Crypto
    • Hints
Powered by GitBook
On this page
  • Other notebooks
  • Open services
  • SSTI, SQLI, LFI, RFI, ...
  • Unicode normalization bypass
  • OSINT
  • Privesc
  • Windows and DOS
  1. General

Links

PreviousFormatsNextReversing

Last updated 3 years ago

A lot of these were found .

Other notebooks

  • (Korean)

Open services

contains a lot of information about pentesting specific protocols, as well as other gems.

SSTI, SQLI, LFI, RFI, ...

Anywhere user input is accepted, there's a possibility for format trickery.

has excellent lists of everything from server-side template injections to file traversal paths, etc. Take one of the intruder files and use it in your own scanning tool to quickly evaluate what's open and what's not.

contains a lot of tools and links.

Unicode normalization bypass

OSINT

Privesc

Windows and DOS

page is about open redirects, but contains a neat table of unicode replacements that normalize to numbers and letters.

for various microsoft platforms

here
TechNote
Hacktricks
0xFFsec
Kathan19
Hacktricks
PayloadsAllTheThings
This cheat sheet
This
jivoi
m0nad
Docs and such