Symbols to keep in mind ⌘ is the command key aka the windows key ⇧ is the shift key ⌃ is the control key ⌥ is the alt key Switch between windows On Mac: ⌘ tab number For example: ⌘2 Resource: https://zellwk.com/blog/useful-vscode-keyboard-shortcuts/ Markdown This extension is great, install it: https://marketplace.visualstudio.com/items?itemName=yzhang.markdown-all-in-one&ssr=false#overview Show preview of MD file On Mac: ⌘⇧V On Windows and Linux: Ctrl Shift V Extensions via command line List existing extensions: code --list-extensions Install an extension: ...

XXE Valid use case This is a non-malicious example of how external entities are used: <?xml version="1.0" standalone="no" ?> <!DOCTYPE copyright [ <!ELEMENT copyright (#PCDATA)> <!ENTITY c SYSTEM "http://www.xmlwriter.net/copyright.xml"> ]> <copyright>&c;</copyright> Resource: https://xmlwriter.net/xml_guide/entity_declaration.shtml Testing methodology Once you’ve intercepted the POST to the vulnerable page, see if you can get the system to do what it would normally, but with entities: <?xml version="1.0"?> <!DOCTYPE a [ <!ENTITY test "THIS IS A STRING!">] > <methodCall><methodName>&test;</methodName></methodCall> If that worked, let’s see if you can read files off of the system: ...

Powershell Enable ISE using powershell In the few months that I’ve been developing powershell, I’ve found the ISE to be incredibly useful. If you get on a new machine and the ISE isn’t there, here’s how you can get it going in the powershell terminal: Import-Module ServerManager Add-WindowsFeature Powershell-ISE Securely store credentials in XML for Import Start out by storing your username and password (in a SecureString format) in a PSCredential object: ...