Skip to main content

Set Two

  1. Certificate Transparency

  2. Redis master‑slave replication RCE on Windows

  3. How is Pass‑the‑Hash (PTH) exploited, and which port does NTLM authentication use?

  4. Git and SVN (focusing on SVN)

  5. How can Cobalt Strike be integrated with C# to perform process injection?

  6. Which protocols can be exploited for JNDI injection?

  7. What gadgets exist for FastJSON?

  8. What common vulnerabilities affect Shiro? What are the exploitation conditions for the Padding Oracle attack, and what encryption method does Shiro employ?

  9. Have you encountered any RMI‑based vulnerabilities?

  10. What privilege escalation methods exist for Linux and Windows? Can an ordinary user perform Windows token stealing, and if not, why not?

  11. What vulnerabilities exist in ThinkPHP 3? Have you exploited the RCE caused by lax routing controls in ThinkPHP 5?

  12. Do you have any experience with phishing? If you and a roommate share the same router, what lateral movement methods could be used?