⌘Ctrlk

Whoami
Notes
Portswigger Labs
owsap-top-10:2025
write up
How I Turned an Image Upload Feature into Full Server Access Using DNS Queries
How I Discovered a Dependency Confusion Vulnerability in a Ruby Application Leading to RCE
Privilege Escalation via Impersonation Features feature
How I Escalated Simple HTML Injection to SSRF via PDF Rendering
How I was able to discover ATO Via IDOR vulnerability
how I Bypassed SAML Authentication, and had access to Admin Panel.

Powered by GitBook

On this page

Notes
Active Directory Pentesting
Initial Attack Vectors

Some Other Attacks

Zerologon (CVE-2020-1472)PrintNightmare (CVE-2021-1675)

PreviousMethodology NextZerologon (CVE-2020-1472)