Skip to content

Fox & Fish Cybersecurity — Knowledge Base

Auteur: Johan Beysen | Fox & Fish Cybersecurity

Wat is dit?

Persoonlijke kennisbank voor cybersecurity-onderwerpen, pentesting technieken, tool-documentatie en lab-aantekeningen. Opgebouwd tijdens stage bij Fox & Fish Cybersecurity.

Inhoud

Web Application Security

Pagina Onderwerp
SQL Injection SQLi detectie, UNION attacks, blind SQLi, cheat sheet
Broken Access Control IDOR, privilege escalation, 13 PortSwigger labs
Horizontal & Vertical Access Control Concept uitleg + lab walkthrough

API Security

Pagina Onderwerp
API Testing Recon, endpoints, server-side parameter pollution
API Testing Tasklist OWASP API Top 10 checklist
JWT Webtokens JWT structuur, aanvallen, algorithm confusion

Tools

Pagina Onderwerp
Nmap Port scanning, service detection, NSE scripts
Mimikatz Credential dumping, Kerberos, DCSync
Atomic Red Team Detection validation, purple teaming, ATT&CK
AMSI Testing Antimalware Scan Interface testing
EICAR Testing AV validatie met EICAR test file
Arya OT/ICS security scanner

Active Directory

Pagina Onderwerp
Null Byte Bypass URL encoding, null byte, upload bypass

Overig

Pagina Onderwerp
Server Side Vulnerabilities Path traversal, SSRF, file upload, command injection
Markdown Cheatsheet MkDocs/Material syntax referentie

MkDocs commando's

mkdocs serve    # Live preview op http://localhost:8000
mkdocs build    # Statische site genereren

Fox & Fish Cybersecurity | Intern gebruik