Flo Aberger | Cyber Notes Structured writeups for labs, CTFs, and security projects.

Web

Simple Commands

Notes and commands for Simple Commands.

2026-01-01
Tags websqlmapsimple-commands

Request forgery

Notes and commands for Request forgery.

2025-12-29
Tags webcsrfcsrf-tokenrequest-forgery

In GET Parameters

Notes and commands for In GET Parameters.

2025-12-29
Tags websqlmapin-get-parameters

In Cookie

Notes and commands for In Cookie.

2025-12-29
Tags websqlmapin-cookie

SSRF

Notes and commands for SSRF.

2025-06-06
Tags webssrf

File Injection

Notes and commands for File Injection.

2025-06-06
Tags websql-injection-databasesfile-injection

Blind Injection

Notes and commands for blind Injection.

2025-05-23
Tags webxxe-xmlblind-injection

Tools

Notes and commands for Tools.

2025-05-20
Tags webxxe-xmltools

Dir Fuzzing

Notes and commands for Dir Fuzzing.

2025-05-20
Tags webfuzzingdirfuzzing

Defense

Notes and commands for Defense.

2025-05-20
Tags webxxe-xmldefense

2min_rule

Notes and commands for 2min_rule.

2025-05-19
Tags webcsrfsamesite-cookies2min-rule

Using GET

Notes and commands for Using GET.

2025-05-18
Tags webcsrfsamesite-cookiesusing-get

Token==Cookie

Notes and commands for Token==Cookie.

2025-05-18
Tags webcsrfcsrf-tokentoken-cookie

Token tied to cookie

CSRF token tied to a cookie (not necessarily the session cookie).

2025-05-18
Tags webcsrfcsrf-token

Strict Gadgets

Notes and commands for Strict Gadgets.

2025-05-18
Tags webcsrfsamesite-cookiesstrict-gadgets

Removing

Notes and commands for Removing.

2025-05-18
Tags webcsrfcsrf-tokenremoving

Ref. XSS

Notes and commands for Ref. XSS.

2025-05-18
Tags webcsrfref-xss

Defense

Notes and commands for Defense.

2025-05-18
Tags webcsrfdefense

CORS: TLS Break

Notes and commands for CORS: TLS Break.

2025-05-18
Tags webcorscors-tls-break

CORS: Subdomains

Notes and commands for CORS: Subdomains.

2025-05-18
Tags webcorscors-subdomains

CORS: NULL

Notes and commands for CORS: NULL.

2025-05-17
Tags webcorscors-null

Basic (CORS: True)

Notes and commands for Basic (CORS: True).

2025-05-17
Tags webcorsbasic-cors-true

Unions

Notes and commands for Unions.

2025-05-16
Tags websql-injection-databasesunions

SQL in PHP

Notes and commands for SQL in PHP.

2025-05-16
Tags websql-injection-databasessql-in-php

Prevention

Notes and commands for Prevention.

2025-05-16
Tags websql-injection-databasesprevention

Injection

Notes and commands for Injection.

2025-05-16
Tags websql-injection-databasesinjection

General SQL

Notes and commands for General SQL.

2025-05-16
Tags websql-injection-databasesgeneral-sql

Fingerprinting

Notes and commands for Fingerprinting.

2025-05-16
Tags websql-injection-databasesfingerprinting

Phishing

Notes and commands for Phishing.

2025-05-15
Tags webxssphishing

Defacing

Notes and commands for Defacing.

2025-05-15
Tags webxssdefacing

Tools

Notes and commands for Tools.

2025-05-13
Tags webxsstools

Prevention

Notes and commands for Prevention.

2025-05-13
Tags webxssprevention

Basic Payloads

Notes and commands for Basic Payloads.

2025-05-13
Tags webxssbasic-payloads

NIS2 Readiness Consulting Site

Next.js site for NIS2 consulting with a quick-check API, MDX blog, and configurable branding.

2025-01-02 Status: active
Tools nextjsreacttypescripttailwindnode
Tags nis2consultingcomplianceweb

Example Lab: Initial Recon & Exploit

Baseline workflow for recon, foothold, and post-exploitation notes.

2025-01-02 Platform: HackTheBox Difficulty: easy Status: complete
Tools nmapgobusterlinpeas
Tags reconwebpriv-esc