Knowledge Base
Johan Beysen
Wat is dit?
Persoonlijke kennisbank voor cybersecurity, netwerken, databanken en tools.
Inhoud
Web Application Security
| Pagina |
Onderwerp |
| SQL Injection |
SQLi detectie, UNION attacks, blind SQLi, cheat sheet |
| Broken Access Control |
IDOR, privilege escalation |
| Horizontal & Vertical Access Control |
Concept uitleg |
| XSS |
Reflected, stored, DOM-based, filter bypasses |
| CORS |
SOP, misconfiguraties, exploitatie |
| Information Disclosure |
Headers, error pages, .git exposure |
| Authentication Bypass |
Username enum, brute force, logic flaws, MFA bypass |
| SSRF |
Server-Side Request Forgery |
| Path Traversal |
Directory traversal aanvallen |
| File Upload Vulnerabilities |
Upload bypass technieken |
| Server Side Vulnerabilities |
Path traversal, SSRF, file upload, command injection |
| Webapp Pentest Stappenplan |
OWASP-gebaseerd stappenplan |
API Security
| Pagina |
Onderwerp |
| Nmap |
Port scanning, service detection, NSE scripts |
| Mimikatz |
Credential dumping, Kerberos, DCSync |
| Atomic Red Team |
Detection validation, purple teaming, ATT&CK |
| AMSI Testing |
Antimalware Scan Interface testing |
| EICAR Testing |
AV validatie met EICAR test file |
| Arya |
OT/ICS security scanner |
Overig
MkDocs commando's
mkdocs serve # Live preview op http://localhost:8000
mkdocs build # Statische site genereren