# Interesting Links

3/21

* [HALF OF CURL’S VULNERABILITIES ARE C MISTAKES](https://daniel.haxx.se/blog/2021/03/09/half-of-curls-vulnerabilities-are-c-mistakes/)

2/21

* [(Very) Basic Intro to Elliptic Curve Cryptography
  ](https://qvault.io/2020/09/17/very-basic-intro-to-elliptic-curve-cryptography/)

1/21

* [It rather involved being on the other side of this airtight hatchway
  ](https://devblogs.microsoft.com/oldnewthing/20060508-22/?p=31283)
* [CVE Stuffing](https://jerrygamblin.com/2020/12/17/cve-stuffing/)
* [Privilege Escalation via Python Library Hijacking](https://rastating.github.io/privilege-escalation-via-python-library-hijacking/)
* [Linux Privilege Escalation Using Capabilities](https://materials.rangeforce.com/tutorial/2020/02/19/Linux-PrivEsc-Capabilities/)
* [Stealing Your Private YouTube Videos, One Frame at a Time](https://bugs.xdavidhu.me/google/2021/01/11/stealing-your-private-videos-one-frame-at-a-time/)
* [A Deep Dive Into Hyperjacking](https://www.securityweek.com/deep-dive-hyperjacking)
* [How I hijacked the top-level domain of a sovereign state](https://labs.detectify.com/2021/01/15/how-i-hijacked-the-top-level-domain-of-a-sovereign-state/)

12/20

* [Sockets In Your Shell](https://who23.github.io/2020/12/03/sockets-in-your-shell.html)
* [Turning the frustration of a mobile game into a reverse engineering training](https://medium.com/@xplodwild/turning-the-frustration-of-a-mobile-game-into-a-reverse-engineering-training-a9887043efdf)
* [Weaknesses in the Key Scheduling Algorithm of RC4](https://link.springer.com/chapter/10.1007%2F3-540-45537-X_1)
* [Removing Exponential Backoff from TCP](https://networks.cs.northwestern.edu/publications/extr.pdf)
* <https://readme.localtest.me/>
* [The Great iPwn
  : Journalists Hacked with Suspected NSO Group iMessage ‘Zero-Click’ Exploit](https://citizenlab.ca/2020/12/the-great-ipwn-journalists-hacked-with-suspected-nso-group-imessage-zero-click-exploit/)
* [Parsing JSON at the CLI: A Practical Introduction to \`jq\` (and more!)
  ](https://sequoia.makes.software/parsing-json-at-the-cli-a-practical-introduction-to-jq-and-more/)
* [Google Dork Techniques](https://securitytrails.com/blog/google-hacking-techniques)

11/20

* [SSH Pivoting](https://blog.ikuamike.io/posts/2020/grayhat_red_team_village_ctf_tunneler_writeup/) - Red Team Village CTF Writeup
* [.git hacking](https://medium.com/swlh/hacking-git-directories-e0e60fa79a36)
* [Off-the-Record Communication, or, Why Not To Use PGP](https://otr.cypherpunks.ca/otr-wpes.pdf)
* [Exploiting X11 Unauthenticated Access](https://resources.infosecinstitute.com/topic/exploiting-x11-unauthenticated-access/)
* [Windows Subsystem for Linux: The lost potential](https://jmmv.dev/2020/11/wsl-lost-potential.html)

10/20

* [Linux and Unix sha1sum command tutorial with examples](https://shapeshed.com/unix-sha1sum/)
* <https://github.com/horshark/thm\\_hacking\\_encyclopedia/blob/master/THM\\_hacking\\_encyclopedia.pdf>
* <https://blog.cyberhacktics.com/carving-files-from-memory-with-volatility/>
* <https://blog.cyberhacktics.com/memory-forensics-on-windows-10-with-volatility/>

9/20

* [Does CSRF prevention also prevent reflected XSS attack](https://security.stackexchange.com/questions/66225/does-csrf-prevention-also-prevent-reflected-xss-attack)
* [The 'javascript' resource identifier scheme](https://tools.ietf.org/html/draft-hoehrmann-javascript-scheme-00)
* [Sources and Sinks - Code Review Basics](https://www.youtube.com/watch?v=ZaOtY4i5w_U)
* [Let’s play a game: what is the deadly bug here?](https://www.youtube.com/watch?v=MpeaSNERwQA)
* <https://www.benkuhn.net/autocomplete/>

8/20

* [Architecture Playbook](https://nocomplexity.com/documents/arplaybook/introduction.html)
* LFI and RFI Attacks

7/20

* [A parable about privacy/encryption](https://cypherpunks.venona.com/date/1993/04/msg00559.html)
* [CrackMapExec](https://www.securenetworkinc.com/news/2017/8/22/crackmapexec-the-greatest-tool-youve-never-heard-of)
* [PDF Shadow Attacks](https://pdf-insecurity.org/)

6/20

* [Reverse Engineering Snapchat](https://hot3eed.github.io/2020/06/18/snap_p1_obfuscations.html)
* [SAT solver on top of regex matcher
  ](https://yurichev.com/news/20200621_regex_SAT/)
* [What happens when you update your DNS?
  ](https://jvns.ca/blog/how-updating-dns-works/)
* [Run Your Own Authoritative DNS Servers
  ](https://www.joshmcguigan.com/blog/run-your-own-dns-servers/)

5/20

* [PrintDemon: Print Spooler Privilege Escalation, Persistence & Stealth (CVE-2020-1048 & more)](https://windows-internals.com/printdemon-cve-2020-1048/)
* [Security Flaws in Adobe Acrobat Reader Allow Malicious Program to Gain Root on macOS Silently](< https://rekken.github.io/2020/05/14/Security-Flaws-in-Adobe-Acrobat-Reader-Allow-Malicious-Program-to-Gain-Root-on-macOS-Silently/>)
* <https://emaragkos.gr/resources/>
* [White hat social engineering: How to become an admin of a system
  ](https://ramon.dev/business/2020/05/11/become-an-admin.html)
* [STRIDE and Threat Modeling](https://paramsingh.github.io/notes/stride/)
* [Application Security Testing of Thick Client Applications](https://resources.infosecinstitute.com/application-security-testing-of-thick-client-applications/)
* [BSides SF 2020 CTF: Infrastructure Engineering and Lessons Learned](https://systemoverlord.com/2020/02/27/bsides-sf-2020-ctf-infrastructure-engineering.html)

4/20

* [Security 101 Series](https://systemoverlord.com/security-101)
* [Reverse shell with Netcat: some use cases](https://www.andreafortuna.org/2017/05/18/reverse-shell-with-netcat-some-use-cases/)
* [From DnsAdmins to SYSTEM to Domain Compromise](https://ired.team/offensive-security-experiments/active-directory-kerberos-abuse/from-dnsadmins-to-system-to-domain-compromise)
* [Microsoft Buys Corp.com So Bad Guys Can’t](https://krebsonsecurity.com/2020/04/microsoft-buys-corp-com-so-bad-guys-cant/)
* [HackTheBox Basic Setup Hosts File](https://sabebarker.com/writeups/hackthebox/getting-started/basic-setup/)


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://wiki.zacheller.dev/general/content-journal.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.