Overview When specially crafted user-controlled input containing SQL syntax is used as part of SQL queries without proper validation, it is possible to glean information from the database in ways ...
Active Directory
Overview Active Directory (AD) enables system administrators to build and manage domains, users, and objects on a network. Active Directory offers a means to categorize Users into logical groups a...
Assembly Overview
Overview Assembly programming is a low-level computer programming language that is used to write software that runs directly on a computer’s hardware. It is considered a low-level language because...
CAPEC 100 - Overflow Buffers
Overview Buffer overflow vulnerabilities are commonly targeted by exploiting buffer sizes. For example, if a buffer is set to allow 8 bytes however 10 are pushed to the buffer, the bytes can overf...
Building an Ubuntu Host on VMWare
Overview Ubuntu is a Linux distribution based on Debian and composed mostly of free and open-source software. Ubuntu is officially released in three editions: Desktop, Server, and Core for Interne...
Resource Development
Overview The adversary is trying to establish resources they can use to support operations. Resource Development consists of techniques that involve adversaries creating, purchasing, or compromis...
Obtain, Develop and Stage Capabilities
Overview Obtaining, Developing and Staging capabilities or resources is an integral part of attack Planning and Reconnaissance. Ensuring that capabilities are setup and configured prior to launchi...
BurpSuite
Overview Burp Suite is a Java application that can be used to secure or penetrate web applications. It comes pre-installed on Kali Linux and ParrotOS, however can be installed on your operating sy...
JumpListExplorer (JLE)
Overview The JumpListExplorer (JLE) is a tool that parsers Windows AutomaticDestinations files to provide information relating to application execution. Results are recorded per application Id (App...
Registry Explorer
Overview Registry Explorer allows Windows registry hives to be interrogated and parsed for a wide variety of forensic artifacts. The tool comes in two versions, a GUI and a commandline interface. ...