Monthly Shaarli

All links of one month in a single page.

May, 2024

Talos - An Immutable OS for Kubernetes
thumbnail

Talos is an operating system for Kubernetes. It is designed to be lightweight, secure, and easy to use. In this article, I will introduce Talos and its features.

Privilege Escalation - Windows · Total OSCP Guide
PayloadsAllTheThings/Server Side Template Injection/README.md at master · swisskyrepo/PayloadsAllTheThings · GitHub
thumbnail

A list of useful payloads and bypass for Web Application Security and Pentest/CTF - PayloadsAllTheThings/Server Side Template Injection/README.md at master · swisskyrepo/PayloadsAllTheThings

Template Injection Table - Hackmanit
GitHub - vladko312/SSTImap: Automatic SSTI detection tool with interactive interface
thumbnail

Automatic SSTI detection tool with interactive interface - vladko312/SSTImap

Method Confusion In Go SSTIs Lead To File Read And RCE

Delve into OnSecurity's research on Go's server-side template injection vulnerabilities, revealing potential for file reads and RCE exploits. Read more now.

Server-Side Template Injection
thumbnail

Template engines are widely used by web applications to present dynamic data via web pages and emails. Unsafely embedding user input in templates enables Server-Side Template Injection, a frequently c

Introduction - bootc
Conor Hughes: "During lunch a friend mentioned that you can just…" - Mastodon @ SDF

During lunch a friend mentioned that you can just supply a HTTP URL to vim on the command line and it would use curl to download that resource and allow you to edit the content. I jokingly asked whether if you enter :w it would then issue a HTTP POST back to the origin which is of course ridiculous. It issues a PUT

Hurl - Run and Test HTTP Requests

Hurl, run and test HTTP requests with plain text and curl. Hurl can run fast automated integration tests.

GitHub - containers/podman-desktop-extension-bootc: Support for bootable OS containers (bootc) and generating disk images
thumbnail

Support for bootable OS containers (bootc) and generating disk images - containers/podman-desktop-extension-bootc

ss cheat sheet

If you want to learn more about network connections on Linux, then the socket statistics tool, ss, is the tool to get the job done. Learn how to use it with this cheat sheet.

Online Cryptography Course by Dan Boneh
journalctl cheat sheet
FuzzySecurity | Windows Privilege Escalation Fundamentals
Windows Privilege Escalation For OSCP and beyond (Cheat Sheet)
thumbnail

This is a detailed cheat sheet for windows PE, its very handy in many certification like OSCP, OSCE and CRTE Checkout my personal notes on github, it’s a handbook i made using cherrytree that…

SSTI (Server Side Template Injection)
thumbnail
GitHub - epinna/tplmap: Server-Side Template Injection and Code Injection Detection and Exploitation Tool
thumbnail

Server-Side Template Injection and Code Injection Detection and Exploitation Tool - epinna/tplmap

GitHub - Hackmanit/TInjA: TInjA is a CLI tool for testing web pages for template injection vulnerabilities and supports 44 of the most relevant template engines for eight different programming languages.
thumbnail

TInjA is a CLI tool for testing web pages for template injection vulnerabilities and supports 44 of the most relevant template engines for eight different programming languages. - Hackmanit/TInjA

How to Use Flask, a Lightweight Python Framework - The New Stack
thumbnail

This tutorial shows how to use Flask, a lightweight, minimalistic Python framework.

LOLBAS
PayloadsAllTheThings/Methodology and Resources/Active Directory Attack.md at master · swisskyrepo/PayloadsAllTheThings · GitHub
thumbnail

A list of useful payloads and bypass for Web Application Security and Pentest/CTF - PayloadsAllTheThings/Methodology and Resources/Active Directory Attack.md at master · swisskyrepo/PayloadsAllTheThings

Linux Terminal Tools - Terminal Trove
thumbnail

Discover Linux based TUI and CLI tools for the terminal and other developer tools in more categories at Terminal Trove.

GitHub - xlmnxp/blue-recorder: Simple Screen Recorder written in Rust based on Green Recorder
thumbnail

Simple Screen Recorder written in Rust based on Green Recorder - xlmnxp/blue-recorder

OSCP Privilege Escalation Guide. After you’ve popped a shell on an OSCP…
thumbnail

After you’ve popped a shell on an OSCP machine, chances are you are going to need to escalate your privileges before getting that sweet root.txt. I’ve noticed that a lot of PWK students tend to…

ssti-payloads/Intruder/ssti-payloads.txt at master · payloadbox/ssti-payloads · GitHub
thumbnail

🎯 Server Side Template Injection Payloads. Contribute to payloadbox/ssti-payloads development by creating an account on GitHub.

GitHub - Hackmanit/template-injection-table: The Template Injection Table is intended to help during the testing of an application for template injection vulnerabilities.

The Template Injection Table is intended to help during the testing of an application for template injection vulnerabilities. - Hackmanit/template-injection-table

GitHub - DiogoMRSilva/websitesVulnerableToSSTI: Simple websites vulnerable to Server Side Template Injections(SSTI)
thumbnail

Simple websites vulnerable to Server Side Template Injections(SSTI) - DiogoMRSilva/websitesVulnerableToSSTI

serversidetemplateinjection.pdf
Kalender 2024 Hessen: Ferien, Feiertage, PDF-Vorlagen
thumbnail

Jahreskalender 2024 f�r Hessen mit Schulferien, Feiertagen, Kalenderwochen und PDF-Vorlagen zum Download und Ausdrucken (kostenlos)

Ilya 30u30
tmuxp
thumbnail

Session manager for tmux, which allows users to save and load tmux sessions through simple configuration files. Powered by libtmux. Python Package Docs Build status Code Coverage License New to tmu...

GitHub - kxxt/tracexec: A small utility for tracing execve{,at} and pre-exec behavior.
thumbnail

A small utility for tracing execve{,at} and pre-exec behavior. - kxxt/tracexec

Cheat sheets

All cheat sheets to simplify your system administration and Linux security activities. Something missing? Let it know.

Mastodon-Accounts und Hashtags via RSS-Feeds folgen
thumbnail

(via Online-Recherche Newsletter Sebastian Meineck #38): «Es genügt, die schlichte Zeichenfolge «.rss» ans Ende einer passenden Mastodon-URL zu packen. Fertig ist der RSS-Feed. Das k…