StringManolo / methodology

Hacking Methodology

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Methodology

Hacking Methodology Self-Explanatory

Flaws

auth (passwords, tokens, cookies, ...)

  • autogen pass predictable
  • bruteforce resistence
  • insecure protocol
  • insecure storage
  • insuficient session expiration
  • missing hsts
  • password quality
  • unsafe distribution
  • unsafe transmision
  • username enumeration
  • username uniqueness

best practices

  • csp
  • directory listing
  • mixed content over https
  • inline scripts/css

clickjacking

command injection

csfr

csti

default config known insecure

DOS

  • lack of resources
  • rate limiting
  • slowloris (keep-alive)

hpp

htmli

  • form
  • dangling

IDOR

information leakage

  • credentials in source code
  • metadata
  • private data disclosure

insecure certificates

ldap

  • wildcard credentials

logic flaws

  • priv bypass
  • priv scalation
  • race condition

open redir

path traversal

referrer leak

response smuggling

response splitting

rce

smtp crlf

ssfr

ssti

sub/domain takeover

sqli

xss

  • Stored
  • Reflected
  • Dom

xxe

Post Exploitation

  • clear credentials in browser
  • clear credentials in memory

About

Hacking Methodology