Skip to content

Releases: 0xn3va/cheat-sheets

Release v1.1.4

03 Jul 18:38
@0xn3va 0xn3va
v1.1.4
1fe06f1
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
Release v1.1.4 Latest
Latest

Added

  • Argument injection 2234bc6
    • ssh
      • Command execution via authorized_keys and id_*.pub
  • Command injection 0b8edca
    • Using PERL5OPT environment variable to execute commands
    • Using PERL5DB environment variable to execute commands
    • Using PERLLIB and PERL5LIB environment variables to execute commands
    • Using PYTHONWARNINGS environment variable to execute commands
    • Using NODE_OPTIONS environment variable to execute commands
    • Using RUBYOPT environment variable to execute commands
  • HTML injection d930245
    • Using link to exfiltrate data via DNS
  • Content Security Policy fd417e5
    • Common misconfigurations
    • Using third-party frameworks to bypass CSP
    • Abusing CSP to exfiltrate data
    • Script gadgets
  • GitHub Action fbe8adc
    • Using GITHUB_TOKEN to trigger workflow_dispatch and repository_dispatch workflows in the post-exploitation stage

Updated

  • HTML injection d930245
    • Refactoring
  • GitHub Action fbe8adc
    • Refactoring of the "potential impact of a compromised runner workflow" section
Assets 2
Loading

Release v1.1.3

14 May 18:00
@0xn3va 0xn3va
v1.1.3
382e3bb
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
Release v1.1.3

Added

  • Argument injection 0437b2f
    • awk
      • Command execution via system()
    • curl
      • Reading/writing/exfiltrating local files
    • find
      • Command execution via exec and execdir
      • Writing local files using fprintf
    • git
      • Command execution via core.pager in .git/config
      • git-diff
        • Reading local files using --no-index or diff against /dev/null
      • git-fetch
        • Command execution via --upload-pack
      • git-fetch-pack
        • Command execution via --upload-pack and --exec
      • git-grep
        • Command execution via -O/--open-files-in-pager
      • git-ls-remote
        • Command execution via --upload-pack
      • git-pull
        • Command execution via --upload-pack
    • ssh
      • Command execution via LocalCommand in ssh_config
    • ssh-keygen
      • Command execution via -D
    • tar
      • Command execution via --to-command
      • Command execution via -I/--use-compress-program
    • wget
      • Reading/writing/exfiltrating local files
    • zip
      • Command execution via -TT/--unzip-command
  • Docker Escaping 00adf5f
    • PID Namespace Sharing
  • Spring 33127c1
    • useSuffixPatternMatch misconfiguration
  • Command injection dac29c7
    • Link to an article that describes a case of remote LD_PRELOAD exploitation

Updated

  • Parameter Injection was renamed into Argument Injection 0437b2f
  • GitHub Actions 351807c
    • Prohibition to make changes in .github/workflow from forks using GITHUB_TOKEN (including pull requests merging)
  • Cookie Security 28fb2ab
    • Tiny notes
Assets 2
Loading

Release v1.1.2

19 Mar 12:05
@0xn3va 0xn3va
v1.1.2
6fd756f
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
Release v1.1.2

Added

  • Parameters injection c4853f9
    • Abusing .git/HEAD
    • --output parameter in git-blame
    • Maven and pom.xml

Updated

  • CI/CD e150e44
    • GitHub Actions:
      • Artifacts poisoning
      • Secrets disclosure for the workflow_call event
      • head.sha and head.ref confusion
      • Unclaimed actions
  • Weak random generation e8c2cce
    • Cracking org.apache.commons.lang3.RandomStringUtils in Java
  • Command injection 8e399cf and 02d58f8
    • Command injections for languages (refactoring and new cases)
Assets 2
Loading

Release v1.1.1

10 Feb 13:43
@0xn3va 0xn3va
v1.1.1
8caa2a1
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
Release v1.1.1

Added

  • Weak random generation 60983af
  • SVG abuse 41ac46c
  • Broken authentication 115b22a
    • Email confirmation vulnerabilities
  • Command injection 8f2a55a
    • Using /etc/environment to gain code execution
  • Parameters injection 32ef677
    • tar checkpoints

Updated

  • Container Escaping e92f379
    • Linux kernel CVE list
  • Cookie Security c0a6c5f
    • Difference between same-site and cross-site

All changes at #132

Assets 2
Loading

Release v1.1.0

27 Sep 19:25
@0xn3va 0xn3va
v1.1.0
461a53e
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
Release v1.1.0

Added

  • CI/CD 1b04bc4:
    • Dependency:
      • Add Dependency Confusion cheat sheet
      • Add Dependency Hijaking cheat sheet
      • Add Typosquatting cheat sheet
    • Github:
      • Add Github Actions cheat sheet
      • Add Code owners cheat sheet
      • Add Dependabot cheat sheet
      • Add Redirect cheat sheet
      • Add Releases cheat sheet

Updated

  • Cookie security 141f68d:
    • Rewrite attribute descriptions
    • Add the Max-Age attribute
    • Update values and their descriptions for the SameSite attribute
  • Command injection 8c20497
    • Update the link to a payload
Assets 2
Loading

Release v1.0.4

26 Jun 19:12
@0xn3va 0xn3va
v1.0.4
783d3e0
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
Release v1.0.4

Added

  • Container escaping:
    • containerd CRI plugin CVE d5c8aad
  • Links to writeups:
    • Container escaping via docker socket exposure 17001b0
    • F5 authentication bypass via abusing hop-by-hop headers dc3b507
    • WebView takeover 6ec024e
  • JavaScript prototype pollution whitepaper: 1501b1d
  • Command injection:
    • Abusing environment variables + ruby samples 5c9aee5
    • Abusing git config daf0046
Assets 2
Loading

Release v1.0.3

27 Mar 18:19
@0xn3va 0xn3va
v1.0.3
9742906
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
Release v1.0.3

Added

  • Container escaping:
  • Spring:
    • Exposing routes f3fc9eb
    • Spring Boot whitelabel error page SpEL injection 93feb8f
    • Spring Boot Actuators abusing 224816f
  • Broken Auth and 2FA cases 558fd21
  • Command injection:
    • Node.js samples and how to leak command line arguments d10f23b
    • git parameters abusing aabec9a
  • JWT: kid misusing 7e4b741
  • SSRF bc6e85c
    • Node.js URL scheme misusing
    • Java URL scheme misusing
    • Java directory listing
    • Windows-based spreadsheet exporting
Assets 2
Loading

Release v1.0.2

30 Jan 17:19
@0xn3va 0xn3va
v1.0.2
5a8caa2
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
Release v1.0.2

Added

  • AWS S3: add links to tools for scanning and checking permissions #123
  • Container Escaping: add info for CVE-2022-0185 in Linux Kernel #123
  • Android Deep Linking: Insecure parameter handling #123
  • Broken authentication: Session fixation #123
  • 2FA: Mixing 2FA modes #123

Removed

  • AWS S3: removed links from the Resources section #123
Assets 2
Loading

Release v1.0.1

17 Jan 15:26
@0xn3va 0xn3va
v1.0.1
016784c
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
Release v1.0.1

Added

  • Cookie Bomb #118
  • Cookie Jar Overflow #118
  • Cookie Tossing #118
  • Spring Framework: Routing Abuse #118
  • Spring Boot Actuators: Add gateway and logview actuators #118
  • AWS Cognito: Misconfigured user pool access #118
  • 2FA: Abuse of half-authenticated sessions #118
  • CORS Misconfiguration: Server-side cache poisoning #118
  • File Upload Vulnerabilities #118
    • File upload race condition
    • URL-based file upload race condition
  • Improper Rate Limits #118
    • Changing path
    • Extra characters in parameters
    • Reset a rate limit
  • SSRF Post-exploitation: Add Java RMI research #118

Changed

  • Exposed Docker Socket: add a link to a blog post with details #118
  • Bruteforce: add tips and links #118
  • SSRF: new links #118
Assets 2
Loading

Initial release

15 Jan 16:58
@0xn3va 0xn3va
v1.0.0
d468041
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
Initial release 
Merge pull request #117 from 0xn3va/develop

Parameters injection
Assets 2
Loading