What to look for

Expectations based on course materials and provided as a short overview

1. Playing with HTTP requests, methods, headers, response codes, using cURL, basic auth, cookies, etc https://github.com/curl/curl-cheat-sheet

2. Front end vulnerabilities like

• sensitive data exposure

• html injection

• XSS (stored, reflected, dom-based.. session hijacking, defacing)

• CSRF

1. Back end vulnerabilities like

2. Broken authentication/access control

3. malicious file uploads

4. command injection (identifying filters, bypassing filters [ space, blacklisted characters, others, blacklisted commands, command obfuscation {by encoding}) https://github.com/Bashfuscator/Bashfuscator https://github.com/danielbohannon/Invoke-DOSfuscation

5. SQLi (in-band [union based, error based], blind [boolean based, time based], out-of-band [meaning that you have to direct the output to a remote location where you can read it])3.

Using Web Proxies like Burp Suite or OWASP ZAP -> crawling, intruder, repeater, decoder, encoder

Information gathering: domains and subdomains, virtual hosts, ip ranges, infrastructure (tech stack/server, CMS, API technology web services, database servers)

• Using whois, nslookup, dig, querying DNS records

• Checking for Instrusion detection systems (IDS), Web app firewalls (WAF) (e.g. with WafW00f https://github.com/EnableSecurity/wafw00f)

• Using WhatWeb, Wappalyzer

• Using Aquatone https://github.com/michenriksen/aquatone

• Checking for nameservers, zonetransfers

• Using Gobuster, ffuf, cewl (https://github.com/digininja/CeWL)

Finding javrascript files, deobfuscating them, understanding the code

• testing https://jsconsole.com/

• minifying https://javascript-minifier.com/

• packing http://beautifytools.com/javascript-obfuscator.php

• obfuscator https://obfuscator.io/

• obfuscator http://www.jsfuck.com/

• obfuscator https://utf-8.jp/public/jjencode.html

• obfuscator https://utf-8.jp/public/aaencode.html

• deobfuscator https://prettier.io/playground/

• deobfuscator https://beautifier.io/

• deobfuscator http://www.jsnice.org/

Using cyberchef, hash-identifier, base64 encoding/decoding, hex (xxd), https://www.boxentriq.com/code-breaking/cipher-identifier

Login brute forcing, hydra

Wordpress hacking, WPScan, enumeration, detecting plugins, RCE via the theme editor

File Upload Attacks (