one2bla.me
Search
Search
Search
Dark mode
Light mode
Explorer
Breach operations
Active directory exploitation
Antivirus evasion
Attacking Active Directory Certificate Services
Attacking MS SQL
Bypassing application whitelisting
Configuring Meterpreter certificates
CSharp AppLocker bypass
DNS tunneling
Executing Win32 APIs in PowerShell
Jscript AppLocker bypass
Linux lateral movement
Linux post-exploitation
Meterpreter domain fronting
Phishing in Microsoft Office
PowerShell AppLocker bypass
Process injection and migration
Windows credentials
Windows lateral movement
Windows privilege escalation
Computer networks
Content distribution networks
Firewalls
Internet architecture
Network attacks
OpenFlow
OSI model
Path algorithms
Routing
Security
Software defined networks
Streaming
Transport layer
Data structures and algorithms
Arrays and strings
56
125
136
169
209
242
252
283
344
557
643
917
977
1004
1094
1413
1456
1480
2000
2090
2270
2575
Backtracking
17
22
37
39
40
46
47
52
77
78
93
131
216
491
797
967
980
1415
2305
Binary search
33
35
57
74
278
374
410
540
704
778
875
1231
1283
1482
1533
1631
1855
1870
1970
2141
2187
2226
2250
2251
2258
2300
2389
2476
2517
Bit manipulation
67
461
Dynamic programming
62
63
64
70
118
139
188
198
213
221
300
309
322
337
368
474
494
518
714
746
931
1027
1035
1137
1143
1155
1218
1406
1659
2140
2218
Greedy
11
409
455
502
881
1005
1024
1196
1323
1326
1338
1481
1663
1710
1833
2126
2136
2139
2178
2294
2384
2405
2410
2457
2486
Hashing
1
3
49
205
217
268
290
383
451
525
560
567
771
791
930
1133
1189
1207
1248
1394
1426
1436
1496
1512
1657
1695
1748
1832
1941
2225
2248
2260
2342
2351
2352
2958
3005
Heaps
215
295
347
373
480
632
658
692
703
973
1046
1167
1845
1962
2182
2208
2233
2336
2402
2462
Linked lists
19
21
24
82
83
92
141
203
206
234
328
707
876
1290
1721
2074
2095
2130
Stacks and queues
20
71
155
225
232
239
346
496
649
735
739
844
901
907
933
946
1047
1063
1438
1475
1544
1673
1944
2104
2390
2398
2434
Trees and graphs
98
100
101
102
103
104
110
111
112
113
127
199
200
208
226
235
236
270
323
399
433
437
450
463
515
530
542
543
547
637
695
700
701
733
743
752
787
841
863
872
909
938
990
994
997
1020
1026
1091
1129
1161
1268
1293
1302
1305
1306
1325
1372
1376
1448
1466
1557
1609
1615
1926
1971
2102
2192
2368
Machine learning for trading
Manipulating financial data with Python
Histograms and scatter plots
How to optimize a portfolio
Incomplete data
Optimizers
Reading and plotting stock data
Sharpe ratio and other portfolio statistics
Statistical analysis of time series
The power of NumPy
Working with multiple stocks
Portfolio management
Dealing with data
Efficient markets hypothesis
How hedge funds use the CAPM
Market mechanics
Portfolio optimization and the efficient frontier
So you want to be a hedge fund manager?
Technical analysis
The capital assets pricing model (CAPM)
The fundamental law of active portfolio management
What is a company worth?
Trading algorithms
Assessing a learning algorithm
Decision trees
Dyna
Ensemble learners
How machine learning is used at a hedge fund
Q-learning
Regression
Reinforcement learning
PortSwigger Web Security Academy
Access control vulnerabilities
Unprotected admin functionality
Unprotected admin functionality with unpredictable URL
User ID controlled by request parameter with password disclosure
User ID controlled by request parameter, with unpredictable user IDs
User role controlled by request parameter
API testing
3
Exploiting an API endpoint using documentation
Exploiting server-side parameter pollution in a query string
Finding and exploiting an unused API endpoint
Authentication
2FA simple bypass
Username enumeration via different responses
Cross site request forgery
CSRF vulnerability with no defenses
CSRF where token is duplicated in cookie
CSRF where token is not tied to user session
CSRF where token is tied to non-session cookie
CSRF where token validation depends on request method
CSRF where token validation depends on token being present
SameSite Lax bypass via method override
SameSite Strict bypass via client-side redirect
File upload vulnerabilities
Remote code execution via web shell upload
Web shell upload via Content-Type restriction bypass
OS command injection
OS command injection, simple case
Path traversal
File path traversal, simple case
Server side request forgery
Basic SSRF against another back-end system
Basic SSRF against the local server
SQL injection
Blind SQL injection with conditional errors
Blind SQL injection with conditional responses
Blind SQL injection with out-of-band data exfiltration
Blind SQL injection with out-of-band interaction
Blind SQL injection with time delays and information retrieval
SQL injection attack, listing the database contents on non-Oracle databases
SQL injection attack, querying the database type and version on MySQL and Microsoft
SQL injection UNION attack, determining the number of columns returned by the query
SQL injection UNION attack, finding a column containing text
SQL injection UNION attack, retrieving data from other tables
SQL injection UNION attack, retrieving multiple values in a single column
SQL injection vulnerability allowing login bypass
SQL injection vulnerability in WHERE clause allowing retrieval of hidden data
SQL injection with filter bypass via XML encoding
Visible error-based SQL injection
Websocket vulnerabilities
Manipulating the WebSocket handshake to exploit vulnerabilities
Manipulating WebSocket messages to exploit vulnerabilities
Software analysis
Automated test generation
Constraint based analysis
Dataflow analysis
Delta debugging
Dynamic symbolic execution
Pointer analysis
Program analysis
Random testing
Software testing
Statistical debugging
Type systems
The dark arts
Common vulnerabilities
Fastbin Dup
Heap buffer overflow
Heap grooming
House of Force
House of Orange
Race conditions
Single byte overflows
Stack buffer overflow
Uninitialized variables
Unsortedbin attack
Use after free (UAF)
Exploit mitigations
Address space layout randomization (ASLR)
Data execution prevention (DEP)
Exploiting PIEs
Position independent executables (PIEs)
Safe list unlinking
Stack canaries
Exploit primitives
Arbitrary read primitives
Arbitrary write primitives
Chaining primitives
Escalating privileges
Relative write primitives
Return oriented programming
Calling libc functions and syscalls
Chaining gadgets to execute code
Executing arbitrary shellcode
Finding gadgets
Overcoming ASLR/NX
Reverse engineering
Binary diffing
Binary diffing tools
Coverage-based fuzzing
Dumb fuzzing
Dynamic reverse engineering
Instrumentation
Static reverse engineering
Symbolic execution
Windows specific tactics
Egghunters
PEB walking
SEH overflows
Web app pentesting
Command injection
Cross origin mitigations
Cross-site request forgery
Cross-site scripting
Directory traversal
Insecure direct object referencing
JavaScript for hackers
Pwning HSQLDB
Pwning Jinja 2
Pwning PostgreSQL
Pwning serialization
Pwning XML
Reversing Java web applications
Reversing Python web applications
Server-side request forgery
Server-side template injection
Source code analysis methodology
Source code recovery
Sourcing wordlists
SQL enumeration
SQL injection
Web app enumeration
Web app reconnaissance
XML external entities
XSS mitigations
Home
❯
tags
❯
Tag: operations
Tag: operations
19 items with this tag.
May 18, 2025
Windows credentials
breach
operations
windows
credentials
sam
ntlm
privilege
privileges
escalating
escalation
active
directory
mimikatz
kerberos
impacket
May 18, 2025
Windows lateral movement
windows
lateral
movement
breach
operations
rdp
proxy
metasploit
sharprdp
mimikatz
hashing
pass
hash
socks
chisel
psexec
proxychains
May 18, 2025
Windows privilege escalation
breach
operations
windows
privilege
escalation
escalating
credentials
access
tokens
token
meterpreter
incognito
May 18, 2025
Antivirus evasion
breach
operations
antivirus
evasion
reflective
powershell
vba
jscript
javascript
amsi
wmi
May 18, 2025
Attacking Active Directory Certificate Services
breach
operations
attack
active
directory
certificates
services
service
certificate
certify
certipy
specter
ops
powersploit
powerview
rubeus
bloodhound
coercer
proxychains
certifried
impacket
metasploit
relay
May 18, 2025
Attacking MS SQL
breach
operations
sql
mssql
responder
impacket
relay
hash
hashing
smb
powershell
base64
assembly
encoded
May 18, 2025
Bypassing application whitelisting
breach
operations
bypass
application
whitelist
allowlist
applocker
python
jscript
ctypes
sysinternals
icacls
accesscheck
rundll32
May 18, 2025
Configuring Meterpreter certificates
breach
operations
meterpreter
certificates
bypass
ids
ips
May 18, 2025
CSharp AppLocker bypass
breach
operations
applocker
bypass
allowlist
csharp
whitelist
May 18, 2025
DNS tunneling
breach
operations
dns
tunneling
bypass
ids
ips
May 18, 2025
Executing Win32 APIs in PowerShell
breach
operations
win32api
api
powershell
execution
shellcode
May 18, 2025
Jscript AppLocker bypass
breach
operations
applocker
bypass
jscript
allowlist
whitelist
May 18, 2025
Linux lateral movement
breach
operations
linux
lateral
movement
ssh
keys
kerberos
impacket
proxy
proxychains
psexec
domain
credentials
May 18, 2025
Linux post-exploitation
breach
operations
linux
post
exploitation
bypass
antivirus
ids
ips
meterpreter
reverse
shellcode
May 18, 2025
Meterpreter domain fronting
breach
operations
domain
fronting
meterpreter
bypass
ids
ips
May 18, 2025
Phishing in Microsoft Office
breach
operations
phishing
microsoft
office
powershell
win32api
windows
api
vba
visual
basic
shellcode
execution
May 18, 2025
PowerShell AppLocker bypass
breach
operations
applocker
powershell
bypass
allowlist
whitelist
May 18, 2025
Process injection and migration
breach
operations
process
injection
migration
csharp
win32api
api
hollow
antivirus
evasion
May 18, 2025
Active directory exploitation
breach
operations
active
directory
kerberos
unconstrained
delegation