The Digital Library

Meticulously curated cybersecurity book reviews. Each title is hand-selected and reviewed to help you architect your expertise.

Cross-Site Scripting Exploitation Cover

Cross-Site Scripting Exploitation

by Web Application Security Labs

An advanced execution manual that elevates Cross-Site Scripting (XSS) from simple browser pop-ups to catastrophic network compromise, including Reverse Shell generation and NTLM Hash harvesting.

Aug 2023 Read Review

Credential Dumping: Phishing Windows Credentials Cover

Credential Dumping: Phishing Windows Credentials

by Active Directory Lab Manuals

An exploration into the psychology and tooling of local credential harvesting, detailing how attackers force Windows endpoints to generate fake authentication prompts to deceive active users.

Jul 2023 Read Review

Credential Dumping: NTDS.dit Cover

Credential Dumping: NTDS.dit

by Active Directory Lab Manuals

An authoritative guide to extracting, parsing, and leveraging the Windows NTDS.dit database—the crown jewel of Active Directory—via both network-native and offline Volume Shadow Copy methodologies.

Jun 2023 Read Review

Credential Dumping: gMSA Cover

Credential Dumping: gMSA

by Active Directory Lab Manuals

A deep dive into exploiting modern Group Managed Service Accounts (gMSA), detailing how improper delegation allows attackers to extract highly privileged service credentials directly from Active Directory.

May 2023 Read Review

Credential Dumping: DCSync Attack Cover

Credential Dumping: DCSync Attack

by Active Directory Lab Manuals

An elite technical teardown of the DCSync methodology, demonstrating how attackers weaponize native Directory Replication Service (DRS) protocols to siphon Active Directory authentication databases.

Apr 2023 Read Review

Credential Dumping with NetExec Cover

Credential Dumping with NetExec (NXC)

by Active Directory Lab Manuals

An aggressive, tactical playbook detailing the total weaponization of NetExec (NXC) to harvest, decrypt, and exfiltrate enterprise credentials across internal Windows environments.

Mar 2023 Read Review

CISO Assistant: Pentest Report Cover

CISO Assistant: Pentest Report

by Quarkslab Security Assessment Team

An incredibly rare, unredacted look into a professional, commercial-grade web application penetration testing report, detailing real-world vulnerabilities like GitHub Actions Command Injection and Blind SSRF.

Feb 2023 Read Review

Burp Suite for Pentester: Web Scanner & Crawler Cover

Burp Suite for Pentester: Web Scanner & Crawler

by Web Application Security Labs

A definitive guide to mastering Burp Suite Professional’s autonomous execution engines, detailing how to correctly configure the unified Crawler and Vulnerability Scanner for massive domain audits.

Jan 2023 Read Review

Burp Suite for Pentester: Sequencer Cover

Burp Suite for Pentester: Sequencer

by Web Application Security Labs

An intensive guide on weaponizing Burp Suite's Sequencer to mathematically analyze the entropy and predictability of critical authentication tokens and session identifiers.

Dec 2022 Read Review

Burp Suite for Pentester: Repeater Cover

Burp Suite for Pentester: Repeater

by Web Application Security Labs

A fundamental exploration of mastering Burp Suite’s most critical manual testing module: The Repeater, focusing on request manipulation and engagement organization.

Nov 2022 Read Review

Page 4 of 7

Subscribe to my newsletter

Receive my case study and the latest articles on my WhatsApp Channel.

New Cyber Alert