sec-notes
  • Whoami
  • WEB-Pen
    • Checklists
      • 2FA bypass
      • admin panal
      • Authentication
      • bussiness logic
      • 403 bypass
      • idor
      • mass assignment
      • aem misconfiguration
      • ATO
      • csrf
      • exif_geo
      • xss
      • Session Management
      • Authorization
      • cookie
      • Django
      • Symfony
      • json
      • bypass rate limit
      • Rce
      • register vulnerability
      • reset_password_checklist
    • Reconnaissance
    • API Pentesting
      • API Discovry
      • Reverse Engineering API Documentation
      • Excessive Data Exposure
      • Vulnerability Scanning
      • API Authentication Attacks
        • Classic Authentication Attacks
        • API Token Attacks
      • API Authorization Attacks
        • Broken Object Level Authorization (BOLA)
        • Broken Function Level Authorization
      • Improper Assets Management
      • Mass Assignment
      • SSRF
      • Injection Attacks in API
      • Evasive Maneuvers
    • Injection Attacks
      • Cross Site Scripting
        • Cross Site Scripting
        • Exploitation
        • Protections
      • NoSQL Injection
      • SQL Injection
        • SQL Injection Overview
    • JWT Hacking
    • PostMessage Vulnerabilities
      • PostMessage Vulnerabilities
      • Blocking main page to steal postmessage
      • Bypassing SOP with Iframes - part 1
      • Bypassing SOP with Iframes - part 2
      • Steal postmessage modifying iframe location
    • GraphQL Vulnerabilities
    • CORS Miscofigration
    • write-ups
      • How i found a Privilege Escalation via Impersonation Features feature
      • How I Bypassed SAML Authentication, Leading to Admin Panel Access.
      • How I was able to discover ATO Via IDOR vulnerability
      • Easy full Account Takeover via Facebook OAuth Misconfiguration
  • NET-Pen
    • Active Directory Pentesting
      • Active Directory Components
      • Initial Attack Vectors
        • LLMNR Poisoning
        • SMB Relay Attacks
        • IPv6 Attacks ( IPv6 DNS Takeover )
        • Printer Hacking
        • Methodology
        • Some Other Attacks
          • Zerologon (CVE-2020-1472)
          • PrintNightmare (CVE-2021-1675)
      • Post-Compromise Attacks
        • Pass Attacks
        • Kerberoasting Attack
        • Token Impersonation Attack
        • LNK File Attack
        • GPP / cPassword Attacks
        • Mimikatz
        • Methodology
      • We've Compromised the Domain
        • Dumping the NTDS.dit
        • Golden Ticket Attacks
        • Methodology
      • Case Study
    • Attack Vectors by Port
      • FTP 21
      • SSH 22
      • Telnet 23 - 2323
      • SMTP 25
      • DNS 53
      • Kerberos 88
      • POP 110-995
      • RPC 111
      • Ident 113
      • NNTP 119
      • NetBIOS 137-138
      • SMB / Samba 135-139, 445
      • MSRPC 135
      • SNMP 161
      • LDAP 389,636
      • Modbus 502
      • OpenSSL 1337
      • Ms-SQL 1433
      • Oracle Listener 1521 1522 1529
      • NFS 2049
      • MySql 3306
      • RDP 3389
      • ADB Android Debug Bridge 5555
      • WinRM 5985 5986
      • VNC 5800 5900
      • Redis 6379
      • Unreal IRC 6667
      • Tomcat 8080
      • MongoDB 27017
      • http 80
    • Network basics
    • Information Gathering
    • Privilege Escalation
      • Windows Privilege Escalation
      • Linux Privilege Escalation
    • Password Attacks
Powered by GitBook
On this page

Whoami

hey there,

I am Ahmed Tarek ( 0x_xnum ) a 17yo Cyber Security Researcher from Egypt who loves learning about cyber security stuff, I enjoy researching about new things, creating automated cyber security tools and conducting security research.

This GitBook is a living document of my exploration in the cybersecurity space. I’ll keep updating it with insights, notes, and resources from my learning journey, hoping to help others learn and grow alongside me.

🚨 Disclaimer:

All content on this gitbook is for educational purposes only. I do not endorse or condone the use of any tools, techniques, or information shared here for malicious or harmful activities. I am not responsible for any misuse or damage caused by individuals who choose to apply the information for unethical purposes. Always act responsibly and within the law.

NextWEB-Pen

Last updated 4 days ago

Page cover image