My Knownlegde and Archivement
TryHackMe
Ranked: Public Profile
The aim of this path is to teach you how to attack web applications. To successfully attack and exploit web applications, you need to understand how they work. The first section (Web Fundamentals) will give you all the pre-requisite knowledge on this.
The second section (Security Tools) focuses on learning how to use Industry Standard tooling to interact with your targets.
The third section (Vulnerabilities) covers various vulnerabilities found in web applications today. This section will go over root causes of these vulnerabilities and give you hands on experience on exploiting them.
The final section (Practise Makes Perfect) will help you apply what you’ve learnt in previous sections.
After completing this path, you should be able to:
understand how web applications work
utilise industry standard tooling when attacking web applications
explain and exploit common web vulnerabilities
apply this knowledge to other targets (be it within an interview or a professional web applications security assessment)
The beginner path aims to give a broad introduction to the different areas in Computer Security. This path will be looking at the following areas:
Basic Linux - Get familiar with the linux command line.
Web Application Security - Learn web application security concepts through the OWASP Top 10
Network Security - Using essential tools like NMAP to enumerate infrastructure.
Scripting Challenges - Using Python and Bash to carry out different tasks.
Privilege Escalation
Once you complete the beginner path, you should have learnt the fundamental knowledge for each specific area, and use these core concepts to build your understanding of more complex topics within the area.
This PenTest+ pathway allows individuals to practice the majority of practical skills required for the CompTIA PenTest+ exam. In this you will learn about
Industry standard penetration testing tools
Identifying and exploiting different network services
Exploiting web applications through today’s most common vulnerabilities
Understanding Windows active directory and attacking Kerberos
Post exploitation techniques (with Powerview, Bloodhound and Mimikatz)
CompTIA PenTest+ is for cybersecurity professionals tasked with penetration testing and vulnerability management.
Bug Reported
Dorks:
https://cxsecurity.com/issue/WLB-2021020160
CVE:
https://access.redhat.com/security/cve/cve-2021-20262/details=6
https://bugzilla.redhat.com/show_bug.cgi?id=1933639#c4