This repository contains detailed notes related to Hack The Box CWES/CPTS modules.
| Module | Description |
|---|---|
| API Attacks | Common vulnerabilities and attack vectors related to RESTful APIs. |
| Attacking Common Applications | Discovery. footprinting, enumeration and exploitation of common applications. |
| Attacking GraphQL | Common misconfigurations and vulnerabilities in GraphQL APIs |
| Attacking Web Applications with Ffuf | Web content discovery through enumeration of directories, pages, parameters and subdomains. |
| Broken Authentication | Common misconfigurations and vulnerabilities related to authentication. |
| Command Injections | Identification and exploitation of OS command injection vulnerabilities. |
| Cracking Passwords with Hashcat | Fundamentals of password cracking with implementations in Hashcat. |
| Cross-Site Scripting | Identification and exploitation of XSS vulnerabilities. |
| File Inclusion | Fundamentals of file inclusion attacks, including both LFI and RFI. |
| File Upload Attacks | Identification and exploitation of file upload vulnerabilities. |
| Incident Handling | Fundamentals of incident handling, including processes and security monitoring using SIEM. |
| Login Brute Forcing | Fundamentals of password brute-forcing with implementations in Hydra. |
| Network Enumeration with Nmap | Network enumeration and mapping using Nmap. |
| Password Attacks | Fundamentals of password attacks, including implementations in Hashcat, John The Ripper, Hydra, and NetExec. |
| Server-Side Attacks | Common server-side vulnerabilities, including SSRF, SSTI, SSI, and XSLT. |
| SQL Injection Fundamentals | Manual identification and exploitation of SQL injection vulnerabilities. |
| SQLMap Essentials | Automated identification and exploitation of SQL injection vulnerabilities. |
| Web Attacks | Common web vulnerabilities, including Verb tampering, IDOR, and XXE. |
Click the module name to open the full documentation.