Tags
Posts are tagged across two axes: domain (what was targeted) and technique (how it was attacked).
Domain Target area
- Active Directory Windows domain attacks — Kerberoasting, AS-REP roasting, ACL abuse, GPO misconfiguration, and intra-domain lateral movement. —
- API Security REST, GraphQL, and gRPC vulnerabilities — broken object-level authorisation, mass assignment, OAuth flaws, and API enumeration. —
- Cloud Infrastructure AWS, Azure, and GCP misconfigurations — IAM privilege escalation, instance metadata service abuse, and public storage exposure. —
- Containers & K8s Docker breakout, Kubernetes RBAC abuse, privileged container escape, service account token theft, and namespace traversal. —
- Cryptography Weak cipher analysis, PKI vulnerabilities, TLS misconfiguration, padding oracle attacks, and key management failures. —
- Databases Direct database exposure, NoSQL injection, Redis/ElasticSearch unauthenticated access, and credential-free data exfiltration. —
- Forensics & DFIR Disk image and memory analysis, log triage, malware artefact identification, and incident response procedures. —
- IoT / Embedded Firmware extraction and analysis, UART/JTAG interfaces, hardcoded credentials, and embedded system attack surfaces. —
- Linux Systems Linux privilege escalation, kernel exploits, SUID/SGID abuse, cron job misconfiguration, and weak service permissions. 1
- Mobile Applications Android APK and iOS IPA analysis — insecure data storage, traffic interception, exported components, and runtime manipulation. —
- Network Services TCP/UDP service exploitation, protocol abuse, traffic interception, and network-level pivoting between segments. —
- OSINT Open-source reconnaissance — subdomain enumeration, metadata extraction, social footprinting, and passive recon techniques. —
- Reverse Engineering Binary disassembly, decompilation, anti-debug bypass, executable patching, and static/dynamic analysis workflows. —
- Web Applications HTTP services, browser-based targets, REST/GraphQL endpoints, and web-layer attacks against server-side logic. 1
- Windows Systems Windows internals exploitation — token impersonation, registry abuse, DLL hijacking, UAC bypass, and named pipe attacks. —
Technique Attack class
- Authentication Bypass Circumventing login and session controls — JWT algorithm confusion, type juggling, default credentials, and logic flaws. —
- Brute Force Credential stuffing, password spraying, rate-limit bypass, and dictionary attacks against authentication endpoints. —
- Buffer Overflow Memory corruption via buffer overflows — stack and heap overflows, return-oriented programming, and binary exploit development. —
- Command Injection Injecting OS commands through unsanitised input — shell metacharacter injection, argument injection, and blind variants. —
- Cross-Site Scripting Injecting client-side scripts — reflected, stored, and DOM-based XSS chains leading to session hijacking or credential phishing. —
- File Inclusion Local and remote file inclusion flaws — reading arbitrary files, log poisoning, and RCE escalation via LFI chains. —
- Insecure Deserialization Exploiting deserialisation of untrusted data — Java gadget chains, PHP object injection, Python pickle and YAML exploits. —
- Lateral Movement Moving through a network from an initial foothold — pass-the-hash, pass-the-ticket, WMI/RDP abuse, and SSH agent forwarding. —
- Path Traversal Reading or writing files outside the intended directory via `../` sequences, URL encoding bypasses, and zip-slip variants. —
- Privilege Escalation Elevating from low-privileged access to root or SYSTEM — SUID binaries, sudo rules, weak service configs, token impersonation. 1
- Remote Code Execution Achieving arbitrary code execution on a remote target via CVE exploits, web shells, or deserialization gadget chains. —
- Server-Side Request Forgery Forcing a server to issue requests to internal resources — cloud metadata services, internal APIs, and out-of-band exfiltration. —
- SQL Injection Manipulating SQL queries via unsanitised input — error-based, UNION-based, blind boolean, and time-based variants. 1
- Template Injection Server-side template injection — Jinja2, Twig, Freemarker, and Pebble engines evaluated with attacker-controlled input. —
- XML External Entity Exploiting XML parsers to read local files, probe internal hosts, or trigger SSRF via external entity references. —