Red Teaming and Malware Analysis
@sirpedrotavaresseguranca-informatica.pt0xSI_f33d
Search…
About
Red Teaming
Cheat Sheet
Active Directory 101
Fuzzing and Web
Initial Foothold
Privilege Escalation (Privesc)
Lateral Movement (Pivoting)
Persistence
Command and Control (C&C)
Data Exfiltration
CVE & Exploits / CTF
Tools
Intel
OSINT
DNS
WEB
API and WS Hacking
Web Discovery
Web Fuzzing
Path Traversal
GraphQL
JWT
Infrastructure and Network
Privilege Escalation
Exfiltration
Persistence
Password & Cracking
Static Code Analysis
Reporting
Resources
Malware Analysis
Unpacking
Basic tips
Malware instrumentation with frida
Tools
Resources
Mobile
Tools
Reverse iOS ipa
Reverse Android APKs
Basic tips
Resources
IoT / Reverse / Firmware
Basic tips
Reverse IoT devices
Tools
Resources
Powered By GitBook
GraphQL
​GraphQL: GraphQL IDE Monorepo.
​
GraphQLmap: A scripting engine to interact with a graphql endpoint for pentesting purposes.
InQL + burpsuite: InQL can be used as a stand-alone script, or as a Burp Suite extension (available for both Professional and Community editions).
Configuration Burpsuite
Add Bearer- token
Use the context menu to send it to the Repeater (inql: Sent to graphiQL)

References

https://busk3r.medium.com/hacking-graphql-for-fun-and-profit-part-1-understanding-graphql-basics-72bb3dd22efa
busk3r.medium.com
https://busk3r.medium.com/hacking-graphql-for-fun-and-profit-part-2-methodology-and-examples-5992093bcc24
busk3r.medium.com
Previous
Path Traversal
Next
JWT
Last modified 10mo ago
Copy link
Contents
References