{"version":1,"pages":[{"id":"wySZfgwKigJpAskfMWyp","title":"Whoami","pathname":"/security-notes","siteSpaceId":"sitesp_YkFri","icon":"redhat","description":""},{"id":"LHwXZtsTD4vWt58vHlSC","title":"Notes","pathname":"/security-notes/notes","siteSpaceId":"sitesp_YkFri"},{"id":"Sn24Rl5mfZtNaahi5Fdv","title":"Qiuch Recon Methodology","pathname":"/security-notes/notes/qiuch-recon-methodology","siteSpaceId":"sitesp_YkFri","breadcrumbs":[{"label":"Notes"}]},{"id":"Hu3itnKNYz5bkTa2UUpR","title":"Enumeration","pathname":"/security-notes/notes/enumeration","siteSpaceId":"sitesp_YkFri","breadcrumbs":[{"label":"Notes"}]},{"id":"VmMN6zHYjo0bZLCNnZVY","title":"Active Directory Pentesting","pathname":"/security-notes/notes/active-directory-pentesting","siteSpaceId":"sitesp_YkFri","breadcrumbs":[{"label":"Notes"}]},{"id":"Q7yGerXdKHn0WNfLLFeE","title":"Active Directory Components","pathname":"/security-notes/notes/active-directory-pentesting/active-directory-components","siteSpaceId":"sitesp_YkFri","breadcrumbs":[{"label":"Notes"},{"label":"Active Directory Pentesting"}]},{"id":"cP26fy5HbLh6cdkKHDT6","title":"Initial Attack Vectors","pathname":"/security-notes/notes/active-directory-pentesting/initial-attack-vectors","siteSpaceId":"sitesp_YkFri","description":"","breadcrumbs":[{"label":"Notes"},{"label":"Active Directory Pentesting"}]},{"id":"q3GdNE0DJ2gC0ytgCVbF","title":"LLMNR Poisoning","pathname":"/security-notes/notes/active-directory-pentesting/initial-attack-vectors/llmnr-poisoning","siteSpaceId":"sitesp_YkFri","breadcrumbs":[{"label":"Notes"},{"label":"Active Directory Pentesting"},{"label":"Initial Attack Vectors"}]},{"id":"51Idg3Id8M3RQWBWnoR6","title":"SMB Relay Attacks","pathname":"/security-notes/notes/active-directory-pentesting/initial-attack-vectors/smb-relay-attacks","siteSpaceId":"sitesp_YkFri","breadcrumbs":[{"label":"Notes"},{"label":"Active Directory Pentesting"},{"label":"Initial Attack Vectors"}]},{"id":"wWSd2H8teNnFg3uR9LDR","title":"IPv6 Attacks ( IPv6 DNS Takeover )","pathname":"/security-notes/notes/active-directory-pentesting/initial-attack-vectors/ipv6-attacks-ipv6-dns-takeover","siteSpaceId":"sitesp_YkFri","breadcrumbs":[{"label":"Notes"},{"label":"Active Directory Pentesting"},{"label":"Initial Attack Vectors"}]},{"id":"tMRpGEYklT8K8XZ2C2dC","title":"Printer Hacking","pathname":"/security-notes/notes/active-directory-pentesting/initial-attack-vectors/printer-hacking","siteSpaceId":"sitesp_YkFri","description":"Passback Attacks","breadcrumbs":[{"label":"Notes"},{"label":"Active Directory Pentesting"},{"label":"Initial Attack Vectors"}]},{"id":"xBRLVyylbrcTW6bWiNXz","title":"Methodology","pathname":"/security-notes/notes/active-directory-pentesting/initial-attack-vectors/methodology","siteSpaceId":"sitesp_YkFri","description":"for the moment","breadcrumbs":[{"label":"Notes"},{"label":"Active Directory Pentesting"},{"label":"Initial Attack Vectors"}]},{"id":"Y2E2AKJKjAXAy0zi8GCn","title":"Some Other Attacks","pathname":"/security-notes/notes/active-directory-pentesting/initial-attack-vectors/some-other-attacks","siteSpaceId":"sitesp_YkFri","breadcrumbs":[{"label":"Notes"},{"label":"Active Directory Pentesting"},{"label":"Initial Attack Vectors"}]},{"id":"LQ03wNES6Bz94LCo2C5q","title":"Zerologon (CVE-2020-1472)","pathname":"/security-notes/notes/active-directory-pentesting/initial-attack-vectors/some-other-attacks/zerologon-cve-2020-1472","siteSpaceId":"sitesp_YkFri","breadcrumbs":[{"label":"Notes"},{"label":"Active Directory Pentesting"},{"label":"Initial Attack Vectors"},{"label":"Some Other Attacks"}]},{"id":"TKqYIqqhd88flGumEkdR","title":"PrintNightmare (CVE-2021-1675)","pathname":"/security-notes/notes/active-directory-pentesting/initial-attack-vectors/some-other-attacks/printnightmare-cve-2021-1675","siteSpaceId":"sitesp_YkFri","breadcrumbs":[{"label":"Notes"},{"label":"Active Directory Pentesting"},{"label":"Initial Attack Vectors"},{"label":"Some Other Attacks"}]},{"id":"OYZV6bHAyn61dpGFQL2g","title":"Post-Compromise Attacks","pathname":"/security-notes/notes/active-directory-pentesting/post-compromise-attacks","siteSpaceId":"sitesp_YkFri","breadcrumbs":[{"label":"Notes"},{"label":"Active Directory Pentesting"}]},{"id":"Mf77iueCc8pWUsyie8TU","title":"Pass Attacks","pathname":"/security-notes/notes/active-directory-pentesting/post-compromise-attacks/pass-attacks","siteSpaceId":"sitesp_YkFri","breadcrumbs":[{"label":"Notes"},{"label":"Active Directory Pentesting"},{"label":"Post-Compromise Attacks"}]},{"id":"AMAXUFJ9EjflDloSxfXJ","title":"Kerberoasting Attack","pathname":"/security-notes/notes/active-directory-pentesting/post-compromise-attacks/kerberoasting-attack","siteSpaceId":"sitesp_YkFri","breadcrumbs":[{"label":"Notes"},{"label":"Active Directory Pentesting"},{"label":"Post-Compromise Attacks"}]},{"id":"rwXu5ENMXsNcMRAXRu7O","title":"Token Impersonation Attack","pathname":"/security-notes/notes/active-directory-pentesting/post-compromise-attacks/token-impersonation-attack","siteSpaceId":"sitesp_YkFri","breadcrumbs":[{"label":"Notes"},{"label":"Active Directory Pentesting"},{"label":"Post-Compromise Attacks"}]},{"id":"9UR8eC32ZLWtKCCr90Lx","title":"LNK File Attack","pathname":"/security-notes/notes/active-directory-pentesting/post-compromise-attacks/lnk-file-attack","siteSpaceId":"sitesp_YkFri","breadcrumbs":[{"label":"Notes"},{"label":"Active Directory Pentesting"},{"label":"Post-Compromise Attacks"}]},{"id":"ww2phe0ylp4lLkurTNJ2","title":"GPP / cPassword Attacks","pathname":"/security-notes/notes/active-directory-pentesting/post-compromise-attacks/gpp-cpassword-attacks","siteSpaceId":"sitesp_YkFri","breadcrumbs":[{"label":"Notes"},{"label":"Active Directory Pentesting"},{"label":"Post-Compromise Attacks"}]},{"id":"yA0laJ2rKJac75KQswjr","title":"Mimikatz","pathname":"/security-notes/notes/active-directory-pentesting/post-compromise-attacks/mimikatz","siteSpaceId":"sitesp_YkFri","breadcrumbs":[{"label":"Notes"},{"label":"Active Directory Pentesting"},{"label":"Post-Compromise Attacks"}]},{"id":"z9agV526BhLUr8wXbN1j","title":"Methodology","pathname":"/security-notes/notes/active-directory-pentesting/post-compromise-attacks/methodology","siteSpaceId":"sitesp_YkFri","breadcrumbs":[{"label":"Notes"},{"label":"Active Directory Pentesting"},{"label":"Post-Compromise Attacks"}]},{"id":"frjzqUiXgMCXdP1c5NvA","title":"We've Compromised the Domain","pathname":"/security-notes/notes/active-directory-pentesting/weve-compromised-the-domain","siteSpaceId":"sitesp_YkFri","breadcrumbs":[{"label":"Notes"},{"label":"Active Directory Pentesting"}]},{"id":"9oorcsksjMsHNXSR5V6d","title":"Dumping the NTDS.dit","pathname":"/security-notes/notes/active-directory-pentesting/weve-compromised-the-domain/dumping-the-ntds.dit","siteSpaceId":"sitesp_YkFri","breadcrumbs":[{"label":"Notes"},{"label":"Active Directory Pentesting"},{"label":"We've Compromised the Domain"}]},{"id":"ZFz5rA0IK6kEkSfMp6OL","title":"Golden Ticket Attacks","pathname":"/security-notes/notes/active-directory-pentesting/weve-compromised-the-domain/golden-ticket-attacks","siteSpaceId":"sitesp_YkFri","breadcrumbs":[{"label":"Notes"},{"label":"Active Directory Pentesting"},{"label":"We've Compromised the Domain"}]},{"id":"YAbL3heTybiKnENIDKvS","title":"Methodology","pathname":"/security-notes/notes/active-directory-pentesting/weve-compromised-the-domain/methodology","siteSpaceId":"sitesp_YkFri","breadcrumbs":[{"label":"Notes"},{"label":"Active Directory Pentesting"},{"label":"We've Compromised the Domain"}]},{"id":"h75stpJbq9jG5UTyKAro","title":"Case Study","pathname":"/security-notes/notes/active-directory-pentesting/case-study","siteSpaceId":"sitesp_YkFri","breadcrumbs":[{"label":"Notes"},{"label":"Active Directory Pentesting"}]},{"id":"MGfpgRxzQsWcwBIVA5oJ","title":"Password Attacks","pathname":"/security-notes/notes/active-directory-pentesting/password-attacks","siteSpaceId":"sitesp_YkFri","breadcrumbs":[{"label":"Notes"},{"label":"Active Directory Pentesting"}]},{"id":"vVX8IlaNi8ULXwocIZFs","title":"API-Pen","pathname":"/security-notes/notes/api-pen","siteSpaceId":"sitesp_YkFri","breadcrumbs":[{"label":"Notes"}]},{"id":"cKzExFsvOgrNuX3cr1Q4","title":"API Discovry","pathname":"/security-notes/notes/api-pen/api-discovry","siteSpaceId":"sitesp_YkFri","breadcrumbs":[{"label":"Notes"},{"label":"API-Pen"}]},{"id":"PYwFS2dwKXqJzHQCeNXT","title":"Reverse Engineering API Documentation","pathname":"/security-notes/notes/api-pen/reverse-engineering-api-documentation","siteSpaceId":"sitesp_YkFri","breadcrumbs":[{"label":"Notes"},{"label":"API-Pen"}]},{"id":"FVNvrJxYNihCEOhU1jrq","title":"Excessive Data Exposure","pathname":"/security-notes/notes/api-pen/excessive-data-exposure","siteSpaceId":"sitesp_YkFri","breadcrumbs":[{"label":"Notes"},{"label":"API-Pen"}]},{"id":"q3YJ4Ad7xvwVaYsRYdZk","title":"Vulnerability Scanning","pathname":"/security-notes/notes/api-pen/vulnerability-scanning","siteSpaceId":"sitesp_YkFri","breadcrumbs":[{"label":"Notes"},{"label":"API-Pen"}]},{"id":"YZsmxYLL3TA6egx0pjZC","title":"API Authentication Attacks","pathname":"/security-notes/notes/api-pen/api-authentication-attacks","siteSpaceId":"sitesp_YkFri","breadcrumbs":[{"label":"Notes"},{"label":"API-Pen"}]},{"id":"vpF9N0qCTnRSKZYTiFts","title":"Classic Authentication Attacks","pathname":"/security-notes/notes/api-pen/api-authentication-attacks/classic-authentication-attacks","siteSpaceId":"sitesp_YkFri","breadcrumbs":[{"label":"Notes"},{"label":"API-Pen"},{"label":"API Authentication Attacks"}]},{"id":"OjvfTeu4mJf423TiwegE","title":"API Token Attacks","pathname":"/security-notes/notes/api-pen/api-authentication-attacks/api-token-attacks","siteSpaceId":"sitesp_YkFri","breadcrumbs":[{"label":"Notes"},{"label":"API-Pen"},{"label":"API Authentication Attacks"}]},{"id":"zrc2OwoZhmXz8Q2pzFQF","title":"API Authorization Attacks","pathname":"/security-notes/notes/api-pen/api-authorization-attacks","siteSpaceId":"sitesp_YkFri","breadcrumbs":[{"label":"Notes"},{"label":"API-Pen"}]},{"id":"zLeVgeL9sR8JVMW9Op2D","title":"Broken Object Level Authorization (BOLA)","pathname":"/security-notes/notes/api-pen/api-authorization-attacks/broken-object-level-authorization-bola","siteSpaceId":"sitesp_YkFri","description":"BOLA is all about accessing resources that do not belong to you","breadcrumbs":[{"label":"Notes"},{"label":"API-Pen"},{"label":"API Authorization Attacks"}]},{"id":"9DxR1VOCyiCuNLBzkCuU","title":"Broken Function Level Authorization","pathname":"/security-notes/notes/api-pen/api-authorization-attacks/broken-function-level-authorization","siteSpaceId":"sitesp_YkFri","description":"Where BOLA is all about accessing resources that do not belong to you, BFLA is all about performing unauthorized actions","breadcrumbs":[{"label":"Notes"},{"label":"API-Pen"},{"label":"API Authorization Attacks"}]},{"id":"TlYpCA5nrElmX76w1w8n","title":"Improper Assets Management","pathname":"/security-notes/notes/api-pen/improper-assets-management","siteSpaceId":"sitesp_YkFri","breadcrumbs":[{"label":"Notes"},{"label":"API-Pen"}]},{"id":"8LfcZvKqa5BvMlI3E0Bx","title":"Mass Assignment","pathname":"/security-notes/notes/api-pen/mass-assignment","siteSpaceId":"sitesp_YkFri","breadcrumbs":[{"label":"Notes"},{"label":"API-Pen"}]},{"id":"pDxzGdOHpICYRd6d0Sx3","title":"SSRF","pathname":"/security-notes/notes/api-pen/ssrf","siteSpaceId":"sitesp_YkFri","breadcrumbs":[{"label":"Notes"},{"label":"API-Pen"}]},{"id":"yyPKwqUj87X18saXZgRh","title":"Injection Attacks in API","pathname":"/security-notes/notes/api-pen/injection-attacks-in-api","siteSpaceId":"sitesp_YkFri","breadcrumbs":[{"label":"Notes"},{"label":"API-Pen"}]},{"id":"sWwy71Q8OqaOiaSYsK7A","title":"Evasive Maneuvers","pathname":"/security-notes/notes/api-pen/evasive-maneuvers","siteSpaceId":"sitesp_YkFri","breadcrumbs":[{"label":"Notes"},{"label":"API-Pen"}]},{"id":"DUPOr0QefYvJlSqQ7RBM","title":"GraphQL Vulnerabilities","pathname":"/security-notes/notes/api-pen/graphql-vulnerabilities","siteSpaceId":"sitesp_YkFri","breadcrumbs":[{"label":"Notes"},{"label":"API-Pen"}]},{"id":"rWyKc5yNdgnZHDgIJLUk","title":"Attack Vectors by Port","pathname":"/security-notes/notes/attack-vectors-by-port","siteSpaceId":"sitesp_YkFri","description":"A chill guide to what you can do with each open port","breadcrumbs":[{"label":"Notes"}]},{"id":"xvLz9HmIP8ax7nKnGjjf","title":"FTP","pathname":"/security-notes/notes/attack-vectors-by-port/ftp","siteSpaceId":"sitesp_YkFri","breadcrumbs":[{"label":"Notes"},{"label":"Attack Vectors by Port"}]},{"id":"Kym2TubE3DYJjGktzLlg","title":"SSH","pathname":"/security-notes/notes/attack-vectors-by-port/ssh","siteSpaceId":"sitesp_YkFri","breadcrumbs":[{"label":"Notes"},{"label":"Attack Vectors by Port"}]},{"id":"f6o5pASf0FXBmrBLIUxL","title":"Telnet","pathname":"/security-notes/notes/attack-vectors-by-port/telnet","siteSpaceId":"sitesp_YkFri","breadcrumbs":[{"label":"Notes"},{"label":"Attack Vectors by Port"}]},{"id":"pL8KNA3uPgYEK8YdlMGE","title":"SMTP","pathname":"/security-notes/notes/attack-vectors-by-port/smtp","siteSpaceId":"sitesp_YkFri","breadcrumbs":[{"label":"Notes"},{"label":"Attack Vectors by Port"}]},{"id":"kdAS9OgSoE16jX3cUC90","title":"DNS","pathname":"/security-notes/notes/attack-vectors-by-port/dns","siteSpaceId":"sitesp_YkFri","breadcrumbs":[{"label":"Notes"},{"label":"Attack Vectors by Port"}]},{"id":"sOqwP9l6oR7H6QaeTv3X","title":"Kerberos","pathname":"/security-notes/notes/attack-vectors-by-port/kerberos","siteSpaceId":"sitesp_YkFri","breadcrumbs":[{"label":"Notes"},{"label":"Attack Vectors by Port"}]},{"id":"tUaIlejaWsyAXEAbHoKD","title":"POP3","pathname":"/security-notes/notes/attack-vectors-by-port/pop3","siteSpaceId":"sitesp_YkFri","breadcrumbs":[{"label":"Notes"},{"label":"Attack Vectors by Port"}]},{"id":"LVopEnsb8x7WdluIdw9A","title":"NTP","pathname":"/security-notes/notes/attack-vectors-by-port/ntp","siteSpaceId":"sitesp_YkFri","breadcrumbs":[{"label":"Notes"},{"label":"Attack Vectors by Port"}]},{"id":"fD9a6zozz0g68mCqWO2J","title":"NetBIOS","pathname":"/security-notes/notes/attack-vectors-by-port/netbios","siteSpaceId":"sitesp_YkFri","breadcrumbs":[{"label":"Notes"},{"label":"Attack Vectors by Port"}]},{"id":"1UkiPICIjjr9loMdQqxe","title":"SMB","pathname":"/security-notes/notes/attack-vectors-by-port/smb","siteSpaceId":"sitesp_YkFri","breadcrumbs":[{"label":"Notes"},{"label":"Attack Vectors by Port"}]},{"id":"6ljDFkhDbCG1FZdC9Scc","title":"MSRPC","pathname":"/security-notes/notes/attack-vectors-by-port/msrpc","siteSpaceId":"sitesp_YkFri","breadcrumbs":[{"label":"Notes"},{"label":"Attack Vectors by Port"}]},{"id":"MmSXAKOco7FIa6diZinQ","title":"SNMP","pathname":"/security-notes/notes/attack-vectors-by-port/snmp","siteSpaceId":"sitesp_YkFri","breadcrumbs":[{"label":"Notes"},{"label":"Attack Vectors by Port"}]},{"id":"8AWdLpii7HUHzq8SI1tx","title":"LDAP","pathname":"/security-notes/notes/attack-vectors-by-port/ldap","siteSpaceId":"sitesp_YkFri","breadcrumbs":[{"label":"Notes"},{"label":"Attack Vectors by Port"}]},{"id":"ZmT9BrQ7zv37hi90x7h8","title":"Modbus","pathname":"/security-notes/notes/attack-vectors-by-port/modbus","siteSpaceId":"sitesp_YkFri","breadcrumbs":[{"label":"Notes"},{"label":"Attack Vectors by Port"}]},{"id":"ftw0IF3aw6gXT1ot0jdD","title":"Ms-SQL","pathname":"/security-notes/notes/attack-vectors-by-port/ms-sql","siteSpaceId":"sitesp_YkFri","breadcrumbs":[{"label":"Notes"},{"label":"Attack Vectors by Port"}]},{"id":"nGnSZAaieow7hHkKa90r","title":"Oracle Listener","pathname":"/security-notes/notes/attack-vectors-by-port/oracle-listener","siteSpaceId":"sitesp_YkFri","breadcrumbs":[{"label":"Notes"},{"label":"Attack Vectors by Port"}]},{"id":"S9qGzAaihpjIBozqjK2s","title":"NFS","pathname":"/security-notes/notes/attack-vectors-by-port/nfs","siteSpaceId":"sitesp_YkFri","breadcrumbs":[{"label":"Notes"},{"label":"Attack Vectors by Port"}]},{"id":"mSsggRA7TC8C1emMrXEl","title":"MySql","pathname":"/security-notes/notes/attack-vectors-by-port/mysql","siteSpaceId":"sitesp_YkFri","breadcrumbs":[{"label":"Notes"},{"label":"Attack Vectors by Port"}]},{"id":"5qy7l1OKPG92XQQlG48n","title":"RDP","pathname":"/security-notes/notes/attack-vectors-by-port/rdp","siteSpaceId":"sitesp_YkFri","breadcrumbs":[{"label":"Notes"},{"label":"Attack Vectors by Port"}]},{"id":"gYONhVxSoCH8TzlyREtX","title":"ADB Android Debug Bridge","pathname":"/security-notes/notes/attack-vectors-by-port/adb-android-debug-bridge","siteSpaceId":"sitesp_YkFri","breadcrumbs":[{"label":"Notes"},{"label":"Attack Vectors by Port"}]},{"id":"L25WKZeahoonxtDyi8IJ","title":"WinRM","pathname":"/security-notes/notes/attack-vectors-by-port/winrm","siteSpaceId":"sitesp_YkFri","breadcrumbs":[{"label":"Notes"},{"label":"Attack Vectors by Port"}]},{"id":"iRJa2miel3LQ0POIYGzG","title":"VNC","pathname":"/security-notes/notes/attack-vectors-by-port/vnc","siteSpaceId":"sitesp_YkFri","breadcrumbs":[{"label":"Notes"},{"label":"Attack Vectors by Port"}]},{"id":"tPhe9HlaW3dalXCl16Nj","title":"Redis","pathname":"/security-notes/notes/attack-vectors-by-port/redis","siteSpaceId":"sitesp_YkFri","breadcrumbs":[{"label":"Notes"},{"label":"Attack Vectors by Port"}]},{"id":"z7PinsX6X4NtXeYyZstZ","title":"IRC","pathname":"/security-notes/notes/attack-vectors-by-port/irc","siteSpaceId":"sitesp_YkFri","breadcrumbs":[{"label":"Notes"},{"label":"Attack Vectors by Port"}]},{"id":"E6amzHQcJMBhiCqUc7ew","title":"Tomcat 8080","pathname":"/security-notes/notes/attack-vectors-by-port/tomcat-8080","siteSpaceId":"sitesp_YkFri","breadcrumbs":[{"label":"Notes"},{"label":"Attack Vectors by Port"}]},{"id":"aa08g0FGklkfkr08siUK","title":"MongoDB 27017","pathname":"/security-notes/notes/attack-vectors-by-port/mongodb-27017","siteSpaceId":"sitesp_YkFri","breadcrumbs":[{"label":"Notes"},{"label":"Attack Vectors by Port"}]},{"id":"8ZXTFyOexJrCthtB5xsS","title":"http","pathname":"/security-notes/notes/attack-vectors-by-port/http","siteSpaceId":"sitesp_YkFri","breadcrumbs":[{"label":"Notes"},{"label":"Attack Vectors by Port"}]},{"id":"y8DAmDYY2Mn7CBQcaDsd","title":"Docker","pathname":"/security-notes/notes/attack-vectors-by-port/docker","siteSpaceId":"sitesp_YkFri","breadcrumbs":[{"label":"Notes"},{"label":"Attack Vectors by Port"}]},{"id":"09T5d2QLXxXg5T3KYbgS","title":"Elasticsearch","pathname":"/security-notes/notes/attack-vectors-by-port/elasticsearch","siteSpaceId":"sitesp_YkFri","breadcrumbs":[{"label":"Notes"},{"label":"Attack Vectors by Port"}]},{"id":"imghHwJemoGul6qKYGDR","title":"etcd","pathname":"/security-notes/notes/attack-vectors-by-port/etcd","siteSpaceId":"sitesp_YkFri","breadcrumbs":[{"label":"Notes"},{"label":"Attack Vectors by Port"}]},{"id":"5LdT9zf46LyHMnufHRaw","title":"Grafana","pathname":"/security-notes/notes/attack-vectors-by-port/grafana","siteSpaceId":"sitesp_YkFri","breadcrumbs":[{"label":"Notes"},{"label":"Attack Vectors by Port"}]},{"id":"2TBPZYVQipxBAjpUsF14","title":"IMAP","pathname":"/security-notes/notes/attack-vectors-by-port/imap","siteSpaceId":"sitesp_YkFri","breadcrumbs":[{"label":"Notes"},{"label":"Attack Vectors by Port"}]},{"id":"nYdsGeKpSalYt3UQWAAE","title":"ISCSI","pathname":"/security-notes/notes/attack-vectors-by-port/iscsi","siteSpaceId":"sitesp_YkFri","breadcrumbs":[{"label":"Notes"},{"label":"Attack Vectors by Port"}]},{"id":"5ocr4Ilz472KfrVIjLrY","title":"Jenkins","pathname":"/security-notes/notes/attack-vectors-by-port/jenkins","siteSpaceId":"sitesp_YkFri","breadcrumbs":[{"label":"Notes"},{"label":"Attack Vectors by Port"}]},{"id":"Ti76LJdV6ieop4T8efny","title":"Kafka","pathname":"/security-notes/notes/attack-vectors-by-port/kafka","siteSpaceId":"sitesp_YkFri","breadcrumbs":[{"label":"Notes"},{"label":"Attack Vectors by Port"}]},{"id":"aydol0xvdpK1RCcyDBR0","title":"Kibana","pathname":"/security-notes/notes/attack-vectors-by-port/kibana","siteSpaceId":"sitesp_YkFri","breadcrumbs":[{"label":"Notes"},{"label":"Attack Vectors by Port"}]},{"id":"Gfv3YtYcFw9QdlmQu1xE","title":"LPD","pathname":"/security-notes/notes/attack-vectors-by-port/lpd","siteSpaceId":"sitesp_YkFri","breadcrumbs":[{"label":"Notes"},{"label":"Attack Vectors by Port"}]},{"id":"VzQu1RpiMVIjsF3JHXk5","title":"Memcached","pathname":"/security-notes/notes/attack-vectors-by-port/memcached","siteSpaceId":"sitesp_YkFri","breadcrumbs":[{"label":"Notes"},{"label":"Attack Vectors by Port"}]},{"id":"4H6Dfv8jpxhyXvWOvLS0","title":"PostgreSQL","pathname":"/security-notes/notes/attack-vectors-by-port/postgresql","siteSpaceId":"sitesp_YkFri","breadcrumbs":[{"label":"Notes"},{"label":"Attack Vectors by Port"}]},{"id":"wNce2CZgCweov2cu4Eze","title":"RabbitMQ","pathname":"/security-notes/notes/attack-vectors-by-port/rabbitmq","siteSpaceId":"sitesp_YkFri","breadcrumbs":[{"label":"Notes"},{"label":"Attack Vectors by Port"}]},{"id":"pH3CDnsbfElTiHuiRnUn","title":"rpcbind","pathname":"/security-notes/notes/attack-vectors-by-port/rpcbind","siteSpaceId":"sitesp_YkFri","breadcrumbs":[{"label":"Notes"},{"label":"Attack Vectors by Port"}]},{"id":"oCzZUtEwBXxatIyPDTCs","title":"Rsync","pathname":"/security-notes/notes/attack-vectors-by-port/rsync","siteSpaceId":"sitesp_YkFri","breadcrumbs":[{"label":"Notes"},{"label":"Attack Vectors by Port"}]},{"id":"e8KBLj172LesOdzlrfLL","title":"RTSP","pathname":"/security-notes/notes/attack-vectors-by-port/rtsp","siteSpaceId":"sitesp_YkFri","breadcrumbs":[{"label":"Notes"},{"label":"Attack Vectors by Port"}]},{"id":"hJRgrg4Z8xxqarL4diNM","title":"Splunkd","pathname":"/security-notes/notes/attack-vectors-by-port/splunkd","siteSpaceId":"sitesp_YkFri","breadcrumbs":[{"label":"Notes"},{"label":"Attack Vectors by Port"}]},{"id":"hi3PxeQTGD8NXNgpRdeG","title":"TACACS","pathname":"/security-notes/notes/attack-vectors-by-port/tacacs","siteSpaceId":"sitesp_YkFri","breadcrumbs":[{"label":"Notes"},{"label":"Attack Vectors by Port"}]},{"id":"Sq5AryY4QZYkyQZNnl2u","title":"TFTP","pathname":"/security-notes/notes/attack-vectors-by-port/tftp","siteSpaceId":"sitesp_YkFri","breadcrumbs":[{"label":"Notes"},{"label":"Attack Vectors by Port"}]},{"id":"dabry0HkoNxZg0lYIbOT","title":"WebDAV","pathname":"/security-notes/notes/attack-vectors-by-port/webdav","siteSpaceId":"sitesp_YkFri","breadcrumbs":[{"label":"Notes"},{"label":"Attack Vectors by Port"}]},{"id":"FcEOEFPDewheTeCKbTJD","title":"WHOIS","pathname":"/security-notes/notes/attack-vectors-by-port/whois","siteSpaceId":"sitesp_YkFri","breadcrumbs":[{"label":"Notes"},{"label":"Attack Vectors by Port"}]},{"id":"xEqGly4Ybj6Ji8uacq0L","title":"Portswigger Labs","pathname":"/security-notes/portswigger-labs","siteSpaceId":"sitesp_YkFri"},{"id":"ltehNcAfIuy4Y9N6jwX3","title":"XSS","pathname":"/security-notes/portswigger-labs/xss","siteSpaceId":"sitesp_YkFri","breadcrumbs":[{"label":"Portswigger Labs"}]},{"id":"eTxvAgMMfXfOboJK6sEq","title":"DOM XSS","pathname":"/security-notes/portswigger-labs/dom-xss","siteSpaceId":"sitesp_YkFri","breadcrumbs":[{"label":"Portswigger Labs"}]},{"id":"IadbjBhEjG5kIYJzprCz","title":"SQL Injection","pathname":"/security-notes/portswigger-labs/sql-injection","siteSpaceId":"sitesp_YkFri","breadcrumbs":[{"label":"Portswigger Labs"}]},{"id":"f1HCiLWsF0EhQAr5ipFc","title":"Access Control","pathname":"/security-notes/portswigger-labs/access-control","siteSpaceId":"sitesp_YkFri","breadcrumbs":[{"label":"Portswigger Labs"}]},{"id":"s6czlNNa3Ii22q0O8JPU","title":"Authentication Bypass","pathname":"/security-notes/portswigger-labs/authentication-bypass","siteSpaceId":"sitesp_YkFri","breadcrumbs":[{"label":"Portswigger Labs"}]},{"id":"aaxc1E7xNOFwV3awF5ZD","title":"Business Logic","pathname":"/security-notes/portswigger-labs/business-logic","siteSpaceId":"sitesp_YkFri","breadcrumbs":[{"label":"Portswigger Labs"}]},{"id":"mnVYV3qhO1tG240OYKOv","title":"Information Disclosure","pathname":"/security-notes/portswigger-labs/information-disclosure","siteSpaceId":"sitesp_YkFri","breadcrumbs":[{"label":"Portswigger Labs"}]},{"id":"WM2qVTtmE0gDkT5vRltU","title":"File Upload Vulnerabilities","pathname":"/security-notes/portswigger-labs/file-upload-vulnerabilities","siteSpaceId":"sitesp_YkFri","breadcrumbs":[{"label":"Portswigger Labs"}]},{"id":"uAc9OWSSl3tLwk2Y9CRA","title":"Deserialization","pathname":"/security-notes/portswigger-labs/deserialization","siteSpaceId":"sitesp_YkFri","breadcrumbs":[{"label":"Portswigger Labs"}]},{"id":"Cm8dW9Hy8Jl8kGNuEU8E","title":"Prototype Pollution","pathname":"/security-notes/portswigger-labs/prototype-pollution","siteSpaceId":"sitesp_YkFri","breadcrumbs":[{"label":"Portswigger Labs"}]},{"id":"vE8R7MIwBg6q2XAxNIWs","title":"API Testing","pathname":"/security-notes/portswigger-labs/api-testing","siteSpaceId":"sitesp_YkFri","breadcrumbs":[{"label":"Portswigger Labs"}]},{"id":"XabZmdAHha9liAWOqN6c","title":"SSTI","pathname":"/security-notes/portswigger-labs/ssti","siteSpaceId":"sitesp_YkFri","breadcrumbs":[{"label":"Portswigger Labs"}]},{"id":"YVmrFqNb73fWjwKd8oEu","title":"JSON Web Tokens  ( JWT )","pathname":"/security-notes/portswigger-labs/json-web-tokens-jwt","siteSpaceId":"sitesp_YkFri","breadcrumbs":[{"label":"Portswigger Labs"}]},{"id":"uTwekRIkf5L1FJFQqDIb","title":"SSRF","pathname":"/security-notes/portswigger-labs/ssrf","siteSpaceId":"sitesp_YkFri","breadcrumbs":[{"label":"Portswigger Labs"}]},{"id":"BYvpFQClpGTReLaczCY5","title":"CSRF","pathname":"/security-notes/portswigger-labs/csrf","siteSpaceId":"sitesp_YkFri","breadcrumbs":[{"label":"Portswigger Labs"}]},{"id":"CH9AWdNXRrzBuqT3Ct74","title":"Cross-Origin Resource Sharing","pathname":"/security-notes/portswigger-labs/cross-origin-resource-sharing","siteSpaceId":"sitesp_YkFri","breadcrumbs":[{"label":"Portswigger Labs"}]},{"id":"vvoMspV0tIVOmWHUoJ0h","title":"Command Injection","pathname":"/security-notes/portswigger-labs/command-injection","siteSpaceId":"sitesp_YkFri","breadcrumbs":[{"label":"Portswigger Labs"}]},{"id":"ZyCOZsIP1dIiHiIQZuo4","title":"XXE","pathname":"/security-notes/portswigger-labs/xxe","siteSpaceId":"sitesp_YkFri","breadcrumbs":[{"label":"Portswigger Labs"}]},{"id":"BTX8RJeSNoCti7G5sLwh","title":"A10 Mishandling of Exceptional Conditions","pathname":"/security-notes/owsap-top-10-2025/a10-mishandling-of-exceptional-conditions","siteSpaceId":"sitesp_YkFri","breadcrumbs":[{"label":"owsap-top-10:2025"}]},{"id":"2v9cHWAVCn7014i5GzCQ","title":"Sensitive Data in Error Messages and Debug Code","pathname":"/security-notes/owsap-top-10-2025/a10-mishandling-of-exceptional-conditions/sensitive-data-in-error-messages-and-debug-code","siteSpaceId":"sitesp_YkFri","description":"CWE-209, CWE-215, CWE-550, CWE-756","breadcrumbs":[{"label":"owsap-top-10:2025"},{"label":"A10 Mishandling of Exceptional Conditions"}]},{"id":"8A2VU0KEmlELe1c6EoBe","title":"Uncaught Exceptions and Improper Recovery","pathname":"/security-notes/owsap-top-10-2025/a10-mishandling-of-exceptional-conditions/uncaught-exceptions-and-improper-recovery","siteSpaceId":"sitesp_YkFri","description":"CWE-248, CWE-252, CWE-390, CWE-391, CWE-394, CWE-396, CWE-397, CWE-460, CWE-703, CWE-754, CWE-755","breadcrumbs":[{"label":"owsap-top-10:2025"},{"label":"A10 Mishandling of Exceptional Conditions"}]},{"id":"XxOElBgphS93xsWxxtXn","title":"Fail-Open Vulnerabilities","pathname":"/security-notes/owsap-top-10-2025/a10-mishandling-of-exceptional-conditions/fail-open-vulnerabilities","siteSpaceId":"sitesp_YkFri","breadcrumbs":[{"label":"owsap-top-10:2025"},{"label":"A10 Mishandling of Exceptional Conditions"}]},{"id":"fVHLHycV4Oxw9U5URj8O","title":"A09 Security Logging and Alerting Failures","pathname":"/security-notes/owsap-top-10-2025/a09-security-logging-and-alerting-failures","siteSpaceId":"sitesp_YkFri","breadcrumbs":[{"label":"owsap-top-10:2025"}]},{"id":"edZ0eLaVJfOorHGOiwNG","title":"Logging Vulnerabilities","pathname":"/security-notes/owsap-top-10-2025/a09-security-logging-and-alerting-failures/logging-vulnerabilities","siteSpaceId":"sitesp_YkFri","description":"CWE-117, CWE-221, CWE-223, CWE-532, CWE-778","breadcrumbs":[{"label":"owsap-top-10:2025"},{"label":"A09 Security Logging and Alerting Failures"}]},{"id":"0d6DvwnHGqPgWO1WRCgz","title":"A08 Software or Data Integrity Failures","pathname":"/security-notes/owsap-top-10-2025/a08-software-or-data-integrity-failures","siteSpaceId":"sitesp_YkFri","breadcrumbs":[{"label":"owsap-top-10:2025"}]},{"id":"xUHXvjeE1DFwGA7zCFtb","title":"Dependencies and Malicious Code Inclusion","pathname":"/security-notes/owsap-top-10-2025/a08-software-or-data-integrity-failures/dependencies-and-malicious-code-inclusion","siteSpaceId":"sitesp_YkFri","breadcrumbs":[{"label":"owsap-top-10:2025"},{"label":"A08 Software or Data Integrity Failures"}]},{"id":"GfbZHfrTZcLzRqjvDYpo","title":"Embedded Malware and Dynamic Modification","pathname":"/security-notes/owsap-top-10-2025/a08-software-or-data-integrity-failures/embedded-malware-and-dynamic-modification","siteSpaceId":"sitesp_YkFri","breadcrumbs":[{"label":"owsap-top-10:2025"},{"label":"A08 Software or Data Integrity Failures"}]},{"id":"k8xwWQwZrnTtYgrITOvG","title":"Insecure deserialization","pathname":"/security-notes/owsap-top-10-2025/a08-software-or-data-integrity-failures/insecure-deserialization","siteSpaceId":"sitesp_YkFri","breadcrumbs":[{"label":"owsap-top-10:2025"},{"label":"A08 Software or Data Integrity Failures"}]},{"id":"nAsRgrt9sykbuflQx1aH","title":"DLL Hijacking","pathname":"/security-notes/owsap-top-10-2025/a08-software-or-data-integrity-failures/dll-hijacking","siteSpaceId":"sitesp_YkFri","breadcrumbs":[{"label":"owsap-top-10:2025"},{"label":"A08 Software or Data Integrity Failures"}]},{"id":"mcQEsvaajhE3XvJuKeLe","title":"A07 Authentication Failures","pathname":"/security-notes/owsap-top-10-2025/a07-authentication-failures","siteSpaceId":"sitesp_YkFri","breadcrumbs":[{"label":"owsap-top-10:2025"}]},{"id":"u2C35UV9p5Jy82qrtZMV","title":"JWT Hacking","pathname":"/security-notes/owsap-top-10-2025/a07-authentication-failures/jwt-hacking","siteSpaceId":"sitesp_YkFri","breadcrumbs":[{"label":"owsap-top-10:2025"},{"label":"A07 Authentication Failures"}]},{"id":"wHjjCVcfqq69VHBWFAg8","title":"Hardcoded & Default Credentials","pathname":"/security-notes/owsap-top-10-2025/a07-authentication-failures/hardcoded-and-default-credentials","siteSpaceId":"sitesp_YkFri","description":"CWE-258, CWE-259, CWE-259, CWE-798, CWE-1392, CWE-1393","breadcrumbs":[{"label":"owsap-top-10:2025"},{"label":"A07 Authentication Failures"}]},{"id":"VitbjAvF5EUivrGudzJS","title":"Authentication Bypass","pathname":"/security-notes/owsap-top-10-2025/a07-authentication-failures/authentication-bypass","siteSpaceId":"sitesp_YkFri","description":"CWE-288, CWE-289, CWE-290, CWE-302, CWE-305","breadcrumbs":[{"label":"owsap-top-10:2025"},{"label":"A07 Authentication Failures"}]},{"id":"PMI9I0IqtwI3pqRp1D6O","title":"Certificate Validation Failures","pathname":"/security-notes/owsap-top-10-2025/a07-authentication-failures/certificate-validation-failures","siteSpaceId":"sitesp_YkFri","description":"CWE-295, CWE-297, CWE-298, CWE-299, CWE-346:","breadcrumbs":[{"label":"owsap-top-10:2025"},{"label":"A07 Authentication Failures"}]},{"id":"s581jltzUJhFiGSAWgqR","title":"Session Security","pathname":"/security-notes/owsap-top-10-2025/a07-authentication-failures/session-security","siteSpaceId":"sitesp_YkFri","description":"CWE-384,  CWE-613, CWE-620, CWE-304, CWE-306","breadcrumbs":[{"label":"owsap-top-10:2025"},{"label":"A07 Authentication Failures"}]},{"id":"KojbjtiDZIAC977vRV31","title":"Dictionary Attacks and Recovery Exploits","pathname":"/security-notes/owsap-top-10-2025/a07-authentication-failures/dictionary-attacks-and-recovery-exploits","siteSpaceId":"sitesp_YkFri","description":"CWE-307, CWE-521, CWE-640, CWE-1391, CWE-294","breadcrumbs":[{"label":"owsap-top-10:2025"},{"label":"A07 Authentication Failures"}]},{"id":"hEHfEZvXOMLugr2EtShb","title":"Network-Based Authentication Flaws","pathname":"/security-notes/owsap-top-10-2025/a07-authentication-failures/network-based-authentication-flaws","siteSpaceId":"sitesp_YkFri","description":"CWE-291, CWE-293, CWE-300, CWE-350, CWE-940, CWE-941","breadcrumbs":[{"label":"owsap-top-10:2025"},{"label":"A07 Authentication Failures"}]},{"id":"UJPorXgGuxjDEg6vobx2","title":"A06 Insecure Design","pathname":"/security-notes/owsap-top-10-2025/a06-insecure-design","siteSpaceId":"sitesp_YkFri","breadcrumbs":[{"label":"owsap-top-10:2025"}]},{"id":"V3kTKiYitAS5hCiOvlv1","title":"Race Conditions","pathname":"/security-notes/owsap-top-10-2025/a06-insecure-design/race-conditions","siteSpaceId":"sitesp_YkFri","breadcrumbs":[{"label":"owsap-top-10:2025"},{"label":"A06 Insecure Design"}]},{"id":"nEVMHcircyEEOrUnVV39","title":"HTTP Request Smuggling","pathname":"/security-notes/owsap-top-10-2025/a06-insecure-design/http-request-smuggling","siteSpaceId":"sitesp_YkFri","breadcrumbs":[{"label":"owsap-top-10:2025"},{"label":"A06 Insecure Design"}]},{"id":"IMZu1w1mFi0gP2ZZvKG7","title":"UI Attacks","pathname":"/security-notes/owsap-top-10-2025/a06-insecure-design/ui-attacks","siteSpaceId":"sitesp_YkFri","breadcrumbs":[{"label":"owsap-top-10:2025"},{"label":"A06 Insecure Design"}]},{"id":"lTwBFBieBRjTsSyqkKNk","title":"Insecure File Upload and Path Traversal","pathname":"/security-notes/owsap-top-10-2025/a06-insecure-design/insecure-file-upload-and-path-traversal","siteSpaceId":"sitesp_YkFri","description":"CWE-73, CWE-434, CWE-646","breadcrumbs":[{"label":"owsap-top-10:2025"},{"label":"A06 Insecure Design"}]},{"id":"nm6K0gSUx3M68tkdYHdb","title":"Sensitive Data Storage: Encryption, Caching, and Cookies","pathname":"/security-notes/owsap-top-10-2025/a06-insecure-design/sensitive-data-storage-encryption-caching-and-cookies","siteSpaceId":"sitesp_YkFri","description":"CWE-256, CWE-311, CWE-312, CWE-313, CWE-316, CWE-522, CWE-525, CWE-539, CWE-598","breadcrumbs":[{"label":"owsap-top-10:2025"},{"label":"A06 Insecure Design"}]},{"id":"Svp9R9nhMRc2D8CtJTfG","title":"Privilege Escalation and Trust Boundaries","pathname":"/security-notes/owsap-top-10-2025/a06-insecure-design/privilege-escalation-and-trust-boundaries","siteSpaceId":"sitesp_YkFri","description":"CWE-266, CWE-269, CWE-286, CWE-501, CWE-602","breadcrumbs":[{"label":"owsap-top-10:2025"},{"label":"A06 Insecure Design"}]},{"id":"I3SiMcETv2G6oqgQh4kj","title":"A05 Injection","pathname":"/security-notes/owsap-top-10-2025/a05-injection","siteSpaceId":"sitesp_YkFri","breadcrumbs":[{"label":"owsap-top-10:2025"}]},{"id":"6Odd7HU1MFR6kFhB865R","title":"Cross Site Scripting","pathname":"/security-notes/owsap-top-10-2025/a05-injection/cross-site-scripting","siteSpaceId":"sitesp_YkFri","breadcrumbs":[{"label":"owsap-top-10:2025"},{"label":"A05 Injection"}]},{"id":"glQIQSaohEDVDjMYmDny","title":"Cross Site Scripting","pathname":"/security-notes/owsap-top-10-2025/a05-injection/cross-site-scripting/cross-site-scripting","siteSpaceId":"sitesp_YkFri","breadcrumbs":[{"label":"owsap-top-10:2025"},{"label":"A05 Injection"},{"label":"Cross Site Scripting"}]},{"id":"cv7ES5xkiLyFEphaLzg2","title":"Exploitation","pathname":"/security-notes/owsap-top-10-2025/a05-injection/cross-site-scripting/exploitation","siteSpaceId":"sitesp_YkFri","breadcrumbs":[{"label":"owsap-top-10:2025"},{"label":"A05 Injection"},{"label":"Cross Site Scripting"}]},{"id":"sHicDeTX4uFJUNa172RR","title":"Protections","pathname":"/security-notes/owsap-top-10-2025/a05-injection/cross-site-scripting/protections","siteSpaceId":"sitesp_YkFri","breadcrumbs":[{"label":"owsap-top-10:2025"},{"label":"A05 Injection"},{"label":"Cross Site Scripting"}]},{"id":"XLqxACXrE5yH6Ovo4J3E","title":"SQL Injection","pathname":"/security-notes/owsap-top-10-2025/a05-injection/sql-injection","siteSpaceId":"sitesp_YkFri","breadcrumbs":[{"label":"owsap-top-10:2025"},{"label":"A05 Injection"}]},{"id":"hcrPauRlV4KK1sSrCJtS","title":"SQLmap","pathname":"/security-notes/owsap-top-10-2025/a05-injection/sql-injection/sqlmap","siteSpaceId":"sitesp_YkFri","breadcrumbs":[{"label":"owsap-top-10:2025"},{"label":"A05 Injection"},{"label":"SQL Injection"}]},{"id":"EWnqaN19WyrBoyRpfvEq","title":"NoSQL Injection","pathname":"/security-notes/owsap-top-10-2025/a05-injection/nosql-injection","siteSpaceId":"sitesp_YkFri","breadcrumbs":[{"label":"owsap-top-10:2025"},{"label":"A05 Injection"}]},{"id":"2Eo28L62s1wi4yN14ocr","title":"CRLF Injection","pathname":"/security-notes/owsap-top-10-2025/a05-injection/crlf-injection","siteSpaceId":"sitesp_YkFri","breadcrumbs":[{"label":"owsap-top-10:2025"},{"label":"A05 Injection"}]},{"id":"7fvRMfD5Iicw7ZXQVVDa","title":"CST Injection ( CSTI )","pathname":"/security-notes/owsap-top-10-2025/a05-injection/cst-injection-csti","siteSpaceId":"sitesp_YkFri","breadcrumbs":[{"label":"owsap-top-10:2025"},{"label":"A05 Injection"}]},{"id":"mI8t7kY56O1RB688Ckha","title":"Command Injection","pathname":"/security-notes/owsap-top-10-2025/a05-injection/command-injection","siteSpaceId":"sitesp_YkFri","breadcrumbs":[{"label":"owsap-top-10:2025"},{"label":"A05 Injection"}]},{"id":"kL3DjHFtxXkqWgQIAeEZ","title":"A04 Cryptographic Failures","pathname":"/security-notes/owsap-top-10-2025/a04-cryptographic-failures","siteSpaceId":"sitesp_YkFri","breadcrumbs":[{"label":"owsap-top-10:2025"}]},{"id":"N85HLuui4zeyJkYidoLw","title":"Weak Algorithms and Inadequate Hashing","pathname":"/security-notes/owsap-top-10-2025/a04-cryptographic-failures/weak-algorithms-and-inadequate-hashing","siteSpaceId":"sitesp_YkFri","description":"CWE-327, CWE-326, CWE-328, CWE-759, CWE-760, CWE-916,CWE-780","breadcrumbs":[{"label":"owsap-top-10:2025"},{"label":"A04 Cryptographic Failures"}]},{"id":"nJl6zhBglOQk9XHYIrMO","title":"PRNG Failures and Predictable Secrets","pathname":"/security-notes/owsap-top-10-2025/a04-cryptographic-failures/prng-failures-and-predictable-secrets","siteSpaceId":"sitesp_YkFri","description":"CWE-330, CWE-331, CWE-332, CWE-334, CWE-335, CWE-336, CWE-337, CWE-338, CWE-340, CWE-342, CWE-1241","breadcrumbs":[{"label":"owsap-top-10:2025"},{"label":"A04 Cryptographic Failures"}]},{"id":"OIsmQHj6rC7vP2pSU5q6","title":"Cryptographic Failure","pathname":"/security-notes/owsap-top-10-2025/a04-cryptographic-failures/cryptographic-failure","siteSpaceId":"sitesp_YkFri","description":"this lab covers a lot of basic cwes like CWE-327, CWE-759, CWE-916, CWE-319, CWE-523","breadcrumbs":[{"label":"owsap-top-10:2025"},{"label":"A04 Cryptographic Failures"}]},{"id":"OZV6XMtTITBIdMYdzGOi","title":"Weak Encoding for Password","pathname":"/security-notes/owsap-top-10-2025/a04-cryptographic-failures/weak-encoding-for-password","siteSpaceId":"sitesp_YkFri","description":"CWE-261","breadcrumbs":[{"label":"owsap-top-10:2025"},{"label":"A04 Cryptographic Failures"}]},{"id":"NYRJBmEMVdvmwyybifuZ","title":"Improper Following of a Certificate's Chain of Trust","pathname":"/security-notes/owsap-top-10-2025/a04-cryptographic-failures/improper-following-of-a-certificates-chain-of-trust","siteSpaceId":"sitesp_YkFri","breadcrumbs":[{"label":"owsap-top-10:2025"},{"label":"A04 Cryptographic Failures"}]},{"id":"QBZy7L4qwcAQA4Rk70vD","title":"Understanding Digital Certificates :  Self-Signed and CA-Signed Certificate **","pathname":"/security-notes/owsap-top-10-2025/a04-cryptographic-failures/improper-following-of-a-certificates-chain-of-trust/understanding-digital-certificates-self-signed-and-ca-signed-certificate","siteSpaceId":"sitesp_YkFri","description":"extra knowledge","breadcrumbs":[{"label":"owsap-top-10:2025"},{"label":"A04 Cryptographic Failures"},{"label":"Improper Following of a Certificate's Chain of Trust"}]},{"id":"unLZPizlnSX0IOEEhLUj","title":"Transport Layer Security (TLS) and SSL **","pathname":"/security-notes/owsap-top-10-2025/a04-cryptographic-failures/improper-following-of-a-certificates-chain-of-trust/transport-layer-security-tls-and-ssl","siteSpaceId":"sitesp_YkFri","description":"extra knowledge","breadcrumbs":[{"label":"owsap-top-10:2025"},{"label":"A04 Cryptographic Failures"},{"label":"Improper Following of a Certificate's Chain of Trust"}]},{"id":"OLtn178v4ZgsKLtum9NU","title":"Clear Text Transmission Of Sensitive Data","pathname":"/security-notes/owsap-top-10-2025/a04-cryptographic-failures/clear-text-transmission-of-sensitive-data","siteSpaceId":"sitesp_YkFri","breadcrumbs":[{"label":"owsap-top-10:2025"},{"label":"A04 Cryptographic Failures"}]},{"id":"qMv68kRiG7CaKCKvimEB","title":"SSLStripping **","pathname":"/security-notes/owsap-top-10-2025/a04-cryptographic-failures/clear-text-transmission-of-sensitive-data/sslstripping","siteSpaceId":"sitesp_YkFri","description":"extra knowledge","breadcrumbs":[{"label":"owsap-top-10:2025"},{"label":"A04 Cryptographic Failures"},{"label":"Clear Text Transmission Of Sensitive Data"}]},{"id":"rhbCkxrC2a34apwmaCgk","title":"Cryptographic Key Management and Implementation","pathname":"/security-notes/owsap-top-10-2025/a04-cryptographic-failures/cryptographic-key-management-and-implementation","siteSpaceId":"sitesp_YkFri","description":"CWE-321, CWE-322, CWE-323, CWE-324, CWE-523, CWE-325, CWE-347, CWE-757, CWE-1240","breadcrumbs":[{"label":"owsap-top-10:2025"},{"label":"A04 Cryptographic Failures"}]},{"id":"gSzmyS4IaPzDn832DKOV","title":"A03 Software Supply Chain Failures","pathname":"/security-notes/owsap-top-10-2025/a03-software-supply-chain-failures","siteSpaceId":"sitesp_YkFri","breadcrumbs":[{"label":"owsap-top-10:2025"}]},{"id":"RyvY65gLn6kxpJWu8qtQ","title":"Use of Obsolete Function","pathname":"/security-notes/owsap-top-10-2025/a03-software-supply-chain-failures/use-of-obsolete-function","siteSpaceId":"sitesp_YkFri","breadcrumbs":[{"label":"owsap-top-10:2025"},{"label":"A03 Software Supply Chain Failures"}]},{"id":"HvyfkzSOflR2JjnYBUkW","title":"Vulnerable and Outdated Components","pathname":"/security-notes/owsap-top-10-2025/a03-software-supply-chain-failures/vulnerable-and-outdated-components","siteSpaceId":"sitesp_YkFri","description":"senarios cover : CWE-1035, CWE-1329, CWE-1357, CWE-1104, CWE-1395","breadcrumbs":[{"label":"owsap-top-10:2025"},{"label":"A03 Software Supply Chain Failures"}]},{"id":"1qLlQrDgNhfGTDpZYeOi","title":"A02 Security Misconfiguration","pathname":"/security-notes/owsap-top-10-2025/a02-security-misconfiguration","siteSpaceId":"sitesp_YkFri","breadcrumbs":[{"label":"owsap-top-10:2025"}]},{"id":"8Mu3dvOciTElkOkkl03i","title":"Cookie Security","pathname":"/security-notes/owsap-top-10-2025/a02-security-misconfiguration/cookie-security","siteSpaceId":"sitesp_YkFri","breadcrumbs":[{"label":"owsap-top-10:2025"},{"label":"A02 Security Misconfiguration"}]},{"id":"78tfvMXH329HSxK6MSuf","title":"XML External Entity","pathname":"/security-notes/owsap-top-10-2025/a02-security-misconfiguration/xml-external-entity","siteSpaceId":"sitesp_YkFri","breadcrumbs":[{"label":"owsap-top-10:2025"},{"label":"A02 Security Misconfiguration"}]},{"id":"GaptWGo22t75RtoYl8jf","title":"Improper Model Validation","pathname":"/security-notes/owsap-top-10-2025/a02-security-misconfiguration/improper-model-validation","siteSpaceId":"sitesp_YkFri","breadcrumbs":[{"label":"owsap-top-10:2025"},{"label":"A02 Security Misconfiguration"}]},{"id":"bwYrBOood6IKsFdoqWYU","title":"Data Transmission Without Encryption","pathname":"/security-notes/owsap-top-10-2025/a02-security-misconfiguration/data-transmission-without-encryption","siteSpaceId":"sitesp_YkFri","breadcrumbs":[{"label":"owsap-top-10:2025"},{"label":"A02 Security Misconfiguration"}]},{"id":"2cszskUrw7yWGGWBTx1m","title":"CORS Miscofigration","pathname":"/security-notes/owsap-top-10-2025/a02-security-misconfiguration/cors-miscofigration","siteSpaceId":"sitesp_YkFri","breadcrumbs":[{"label":"owsap-top-10:2025"},{"label":"A02 Security Misconfiguration"}]},{"id":"Geya6pA7L59Zw2zjWLHX","title":"Mail Server Misconfiguration","pathname":"/security-notes/owsap-top-10-2025/a02-security-misconfiguration/mail-server-misconfiguration","siteSpaceId":"sitesp_YkFri","breadcrumbs":[{"label":"owsap-top-10:2025"},{"label":"A02 Security Misconfiguration"}]},{"id":"dJGH7gFI8k89t9i1Ob4I","title":"Debug Binary Misconfiguration","pathname":"/security-notes/owsap-top-10-2025/a02-security-misconfiguration/debug-binary-misconfiguration","siteSpaceId":"sitesp_YkFri","breadcrumbs":[{"label":"owsap-top-10:2025"},{"label":"A02 Security Misconfiguration"}]},{"id":"ulCDv7gmdArVAjuBaQHU","title":"Exposure of Sensitive Information Through Environment Variables","pathname":"/security-notes/owsap-top-10-2025/a02-security-misconfiguration/exposure-of-sensitive-information-through-environment-variables","siteSpaceId":"sitesp_YkFri","breadcrumbs":[{"label":"owsap-top-10:2025"},{"label":"A02 Security Misconfiguration"}]},{"id":"628ouJl8nlgMSVKUAsns","title":"A01 Broken Access Control","pathname":"/security-notes/owsap-top-10-2025/a01-broken-access-control","siteSpaceId":"sitesp_YkFri","breadcrumbs":[{"label":"owsap-top-10:2025"}]},{"id":"am1GODy24ONeQeCWG0Y1","title":"Path Traversal","pathname":"/security-notes/owsap-top-10-2025/a01-broken-access-control/path-traversal","siteSpaceId":"sitesp_YkFri","description":"","breadcrumbs":[{"label":"owsap-top-10:2025"},{"label":"A01 Broken Access Control"}]},{"id":"Zj8OY2vC7af757Nlu6FX","title":"Open Redirect","pathname":"/security-notes/owsap-top-10-2025/a01-broken-access-control/open-redirect","siteSpaceId":"sitesp_YkFri","breadcrumbs":[{"label":"owsap-top-10:2025"},{"label":"A01 Broken Access Control"}]},{"id":"Mfh1orSUE0We7WUYtwqI","title":"Symlink or Hard Link Following","pathname":"/security-notes/owsap-top-10-2025/a01-broken-access-control/symlink-or-hard-link-following","siteSpaceId":"sitesp_YkFri","breadcrumbs":[{"label":"owsap-top-10:2025"},{"label":"A01 Broken Access Control"}]},{"id":"uwzMWhnFMOz4UfFAkczF","title":"Confused Deputy","pathname":"/security-notes/owsap-top-10-2025/a01-broken-access-control/confused-deputy","siteSpaceId":"sitesp_YkFri","breadcrumbs":[{"label":"owsap-top-10:2025"},{"label":"A01 Broken Access Control"}]},{"id":"BjcyHEdKV2Wm6hTm5TTI","title":"Incorrect Default Permissions","pathname":"/security-notes/owsap-top-10-2025/a01-broken-access-control/incorrect-default-permissions","siteSpaceId":"sitesp_YkFri","breadcrumbs":[{"label":"owsap-top-10:2025"},{"label":"A01 Broken Access Control"}]},{"id":"GSU28vH1s9OnPVCZvdXJ","title":"Forced Browsing","pathname":"/security-notes/owsap-top-10-2025/a01-broken-access-control/forced-browsing","siteSpaceId":"sitesp_YkFri","breadcrumbs":[{"label":"owsap-top-10:2025"},{"label":"A01 Broken Access Control"}]},{"id":"kLJbiElOBBKXu47Guprs","title":"Server-Side Request Forgery (SSRF)","pathname":"/security-notes/owsap-top-10-2025/a01-broken-access-control/server-side-request-forgery-ssrf","siteSpaceId":"sitesp_YkFri","breadcrumbs":[{"label":"owsap-top-10:2025"},{"label":"A01 Broken Access Control"}]},{"id":"HQrjUuvkaSuWFzWROz50","title":"CSRF","pathname":"/security-notes/owsap-top-10-2025/a01-broken-access-control/csrf","siteSpaceId":"sitesp_YkFri","breadcrumbs":[{"label":"owsap-top-10:2025"},{"label":"A01 Broken Access Control"}]},{"id":"jeq6eXOQJkrRnmqwhz9d","title":"Sensitive Cookie with Improper SameSite Attribute","pathname":"/security-notes/owsap-top-10-2025/a01-broken-access-control/csrf/sensitive-cookie-with-improper-samesite-attribute","siteSpaceId":"sitesp_YkFri","breadcrumbs":[{"label":"owsap-top-10:2025"},{"label":"A01 Broken Access Control"},{"label":"CSRF"}]},{"id":"IOveBAyx8IhoXXUpoVY7","title":"csrf checklist","pathname":"/security-notes/owsap-top-10-2025/a01-broken-access-control/csrf/csrf-checklist","siteSpaceId":"sitesp_YkFri","breadcrumbs":[{"label":"owsap-top-10:2025"},{"label":"A01 Broken Access Control"},{"label":"CSRF"}]},{"id":"zT35lw8zbM5eTCmskl4e","title":"checklists","pathname":"/security-notes/owsap-top-10-2025/a01-broken-access-control/checklists","siteSpaceId":"sitesp_YkFri","breadcrumbs":[{"label":"owsap-top-10:2025"},{"label":"A01 Broken Access Control"}]},{"id":"BMKr4N8cp4mKGDaYZFuD","title":"ATO","pathname":"/security-notes/owsap-top-10-2025/a01-broken-access-control/checklists/ato","siteSpaceId":"sitesp_YkFri","breadcrumbs":[{"label":"owsap-top-10:2025"},{"label":"A01 Broken Access Control"},{"label":"checklists"}]},{"id":"sofi0taUURIrKAOgEZ5P","title":"idor checklist","pathname":"/security-notes/owsap-top-10-2025/a01-broken-access-control/checklists/idor-checklist","siteSpaceId":"sitesp_YkFri","breadcrumbs":[{"label":"owsap-top-10:2025"},{"label":"A01 Broken Access Control"},{"label":"checklists"}]},{"id":"5jNWD8o0Fp6wYtfLLPPt","title":"admin panal checklist","pathname":"/security-notes/owsap-top-10-2025/a01-broken-access-control/checklists/admin-panal-checklist","siteSpaceId":"sitesp_YkFri","breadcrumbs":[{"label":"owsap-top-10:2025"},{"label":"A01 Broken Access Control"},{"label":"checklists"}]},{"id":"pJfLFcJOZArAmjSJBdft","title":"bussiness logic checklist","pathname":"/security-notes/owsap-top-10-2025/a01-broken-access-control/checklists/bussiness-logic-checklist","siteSpaceId":"sitesp_YkFri","breadcrumbs":[{"label":"owsap-top-10:2025"},{"label":"A01 Broken Access Control"},{"label":"checklists"}]},{"id":"fU1Pcpha8GgCLfl0NnO4","title":"403 bypass","pathname":"/security-notes/owsap-top-10-2025/a01-broken-access-control/checklists/403-bypass","siteSpaceId":"sitesp_YkFri","breadcrumbs":[{"label":"owsap-top-10:2025"},{"label":"A01 Broken Access Control"},{"label":"checklists"}]},{"id":"VJIl0aYkGRPqRNYElylh","title":"mass assignment","pathname":"/security-notes/owsap-top-10-2025/a01-broken-access-control/mass-assignment","siteSpaceId":"sitesp_YkFri","breadcrumbs":[{"label":"owsap-top-10:2025"},{"label":"A01 Broken Access Control"}]},{"id":"EbfjB20hg9GWkJPvn63n","title":"Uploading an Image Was All I Needed for Full Server Access","pathname":"/security-notes/uploading-an-image-was-all-i-needed-for-full-server-access","siteSpaceId":"sitesp_YkFri"},{"id":"Mee52qo7HRlnfmBpGxRE","title":"How I Discovered a Dependency Confusion Vulnerability in a Ruby Application Leading to RCE","pathname":"/security-notes/how-i-discovered-a-dependency-confusion-vulnerability-in-a-ruby-application-leading-to-rce","siteSpaceId":"sitesp_YkFri"},{"id":"d7cURWuzELQvC7HnEcqw","title":"Privilege Escalation via Impersonation Features feature","pathname":"/security-notes/privilege-escalation-via-impersonation-features-feature","siteSpaceId":"sitesp_YkFri"},{"id":"ce8Zs7UCD82ZRzfQx3G4","title":"How I Escalated Simple HTML Injection to SSRF via PDF Rendering","pathname":"/security-notes/how-i-escalated-simple-html-injection-to-ssrf-via-pdf-rendering","siteSpaceId":"sitesp_YkFri"},{"id":"7YcUv6KlWIBNhCTCEpGo","title":"How I was able to discover ATO Via IDOR vulnerability","pathname":"/security-notes/how-i-was-able-to-discover-ato-via-idor-vulnerability","siteSpaceId":"sitesp_YkFri"},{"id":"F3azk0Y9MiKQKDd3w6bM","title":"how I Bypassed SAML Authentication, and had access to Admin Panel.","pathname":"/security-notes/how-i-bypassed-saml-authentication-and-had-access-to-admin-panel.","siteSpaceId":"sitesp_YkFri"}]}