XSS (Cross Site Scripting) Cheat Sheet Last revision (mm/dd/yy): 07/4/2018 This cheat sheet lists a series of XSS attacks that can be used to bypass certain XSS defensive filters. Please note that input filtering is an incomplete defense for XSS which these tests can be used to illustrate. Basic XSS Test Without Filter Evasion This is a normal XSS JavaScript injection, and most likely to get caught but I suggest trying it first (the quotes are not required in any modern browser so they are omitted here): XSS Locator (Polygot) The following is a "polygot test XSS payload." javascript:/*--></title></style></textarea></script></xmp><svg/onload='+/"/+/onmouseover=1/+/[*/[]/+alert(1)//'> Image XSS using the JavaScript directive Image XSS using the JavaScript directive (IE7.0 doesn't support the JavaScript directive in context of an image, but it does in other contexts, but the following show the principles that would work in other tags as well: No quotes and no semicolon Case insensitive XSS attack vector HTML entities Malformed A tags <! <!
64 Things Every Geek Should Know « Caintech.co.uk If you consider yourself a geek, or aspire to the honor of geekhood, here’s an essential checklist of must-have geek skills. The term ‘geek’, once used to label a circus freak, has morphed in meaning over the years. What was once an unusual profession transferred into a word indicating social awkwardness. As time has gone on, the word has yet again morphed to indicate a new type of individual: someone who is obsessive over one (or more) particular subjects, whether it be science, photography, electronics, computers, media, or any other field. A techie geek is usually one who knows a little about everything, and is thus the person family and friends turn to whenever they have a question. USB – Universal Serial BusGPU – Graphics Processing UnitCPU – Central Processing UnitSATA – Serial ATAHTML – Hyper-text Markup LanguageHTTP – Hypertext Transfer ProtocolFTP – File Transfer ProtocolP2P – Peer-to-peer sharing (See 2. 1. 3. Here’s what one looks like: 4. 5.
Network Monitoring Tools Les Cottrell, SLAC. Last Update: December 14, 2015 ESnet | ESCC | PinGER Internet monitoring | Tutorial This is a list of tools used for Network (both LAN and WAN) Monitoring tools and where to find out more about them. The audience is mainly network administrators. You are welcome to provide links to this web page. Please do not make a copy of this web page and place it at your web site since it will quickly be out of date. Introduction [Contents] We welcome corrections such as identifying broken links (especially if you can provide an alternate/update), since over the years companies are absorbed by others, disappear, split up, change their web site etc. Suggesting Additions/Corrections etc. This is a volunteer, unfunded effort. Commercial Monitoring Tools, not integrated with an NMP [Contents] Public Domain or Free Network Monitoring Tools [Contents]