Introduction to Session Management Session management is the process of securely maintaining a user’s state and identity across multiple requests in web applications. Since HTTP is stateless by de...

Introduction Session fixation is a web security vulnerability that allows an attacker to force a user to use a specific session identifier (session ID). The attack exploits applications that do no...

Introduction Weaponization is a critical phase in red team operations where offensive tools, payloads, and exploits are prepared for deployment against target environments. This phase follows reco...

Introduction During penetration testing, the initial shell you receive after exploitation is often limited in functionality (non-interactive). This document covers techniques to upgrade these basi...

Introduction to Red Teaming Red teaming is an advanced form of security assessment that simulates real-world attacks against an organization’s people, processes, and technology to identify vulnera...

Metasploit Framework Basics Starting and Updating Metasploit # Start Metasploit console msfconsole # Update Metasploit apt update && apt upgrade metasploit-framework # Or msfupdate Cor...

Introduction Command and Control (C2) frameworks are software platforms used during red team operations and penetration testing to maintain communication with compromised systems and control deplo...

What is XSLT Injection? XSLT (Extensible Stylesheet Language Transformations) injection occurs when an attacker can control or modify XSLT stylesheets that are processed by an application. Since X...

XML Entity Basics XML Custom/Internal Entities <!DOCTYPE foo [ <!ENTITY myentity "my entity value" > ]> Usage: &myentity; will be replaced with “my entity value” XML External Ent...

What is SSI Injection? Server-Side Includes (SSI) are directives in HTML pages that are evaluated on the server before the page is delivered to the client. SSI injection occurs when an attacker ca...