Set Two
-
Certificate Transparency
-
Redis master‑slave replication RCE on Windows
-
How is Pass‑the‑Hash (PTH) exploited, and which port does NTLM authentication use?
-
Git and SVN (focusing on SVN)
-
How can Cobalt Strike be integrated with C# to perform process injection?
-
Which protocols can be exploited for JNDI injection?
-
What gadgets exist for FastJSON?
-
What common vulnerabilities affect Shiro? What are the exploitation conditions for the Padding Oracle attack, and what encryption method does Shiro employ?
-
Have you encountered any RMI‑based vulnerabilities?
-
What privilege escalation methods exist for Linux and Windows? Can an ordinary user perform Windows token stealing, and if not, why not?
-
What vulnerabilities exist in ThinkPHP 3? Have you exploited the RCE caused by lax routing controls in ThinkPHP 5?
-
Do you have any experience with phishing? If you and a roommate share the same router, what lateral movement methods could be used?