updated
This commit is contained in:
+348
@@ -0,0 +1,348 @@
|
||||
nmap scanning techniques and common flags
|
||||
nmap OS detection and service version detection
|
||||
nmap NSE script usage for vulnerability scanning
|
||||
masscan usage for large-scale port scanning
|
||||
netcat usage for port scanning and banner grabbing
|
||||
port scanning with PowerShell
|
||||
understanding TCP connect scan vs SYN scan
|
||||
UDP port scanning techniques
|
||||
evading firewalls with fragmented packets and decoys
|
||||
service fingerprinting and banner grabbing
|
||||
Wireshark packet capture and filter syntax
|
||||
tcpdump command-line packet analysis
|
||||
network traffic analysis for suspicious patterns
|
||||
identifying open ports and services on a network
|
||||
network mapping with traceroute and path analysis
|
||||
SNMP enumeration for network device information
|
||||
SMTP enumeration for user enumeration
|
||||
DNS enumeration with dig and nslookup
|
||||
subdomain enumeration techniques
|
||||
virtual host discovery for web applications
|
||||
SSL/TLS certificate analysis and misconfiguration detection
|
||||
Shodan search queries for finding exposed devices
|
||||
Google dorking techniques for reconnaissance
|
||||
OSINT techniques for penetration testing
|
||||
theHarvester usage for email and domain reconnaissance
|
||||
recon-ng framework for automated reconnaissance
|
||||
maltego usage for relationship analysis
|
||||
social media OSINT gathering techniques
|
||||
whois lookups and DNS history analysis
|
||||
gathering information from public sources
|
||||
SQL injection detection and exploitation
|
||||
SQLmap usage for automated SQL injection
|
||||
blind SQL injection techniques
|
||||
time-based SQL injection exploitation
|
||||
error-based SQL injection techniques
|
||||
NoSQL injection attacks
|
||||
second-order SQL injection
|
||||
bypassing WAF for SQL injection
|
||||
extracting data from databases via SQL injection
|
||||
preventing SQL injection in web applications
|
||||
Cross-Site Scripting (XSS) types and exploitation
|
||||
stored XSS vs reflected XSS vs DOM-based XSS
|
||||
XSS payload crafting and bypass techniques
|
||||
exploiting XSS to steal cookies and session data
|
||||
Content Security Policy (CSP) bypass techniques
|
||||
preventing XSS vulnerabilities in web applications
|
||||
Burp Suite proxy setup and usage
|
||||
Burp Suite intruder for automated parameter fuzzing
|
||||
Burp Suite repeater for manual request manipulation
|
||||
Burp Suite scanner for automated vulnerability detection
|
||||
Burp Suite extensions and BApp store
|
||||
OWASP ZAP usage for web application scanning
|
||||
web application directory brute-forcing with dirb and gobuster
|
||||
parameter fuzzing for hidden endpoints
|
||||
API endpoint discovery and testing
|
||||
REST API security testing techniques
|
||||
GraphQL API vulnerability testing
|
||||
JWT token manipulation and attacks
|
||||
CSRF attack and prevention techniques
|
||||
SSRF (Server-Side Request Forgery) exploitation
|
||||
XXE (XML External Entity) injection attacks
|
||||
file inclusion vulnerabilities (LFI/RFI)
|
||||
command injection detection and exploitation
|
||||
template injection (SSTI) attacks
|
||||
deserialization attacks in web applications
|
||||
race condition exploitation
|
||||
HTTP request smuggling techniques
|
||||
web cache poisoning and deception
|
||||
IDOR (Insecure Direct Object Reference) exploitation
|
||||
broken authentication and session management testing
|
||||
multi-factor authentication bypass techniques
|
||||
OAuth 2.0 security testing
|
||||
open redirect vulnerabilities
|
||||
CORS misconfiguration exploitation
|
||||
WebSocket security testing
|
||||
server-side JavaScript injection
|
||||
LDAP injection attacks
|
||||
XPath injection techniques
|
||||
metasploit basic commands and modules
|
||||
metasploit payload generation with msfvenom
|
||||
meterpreter post-exploitation commands
|
||||
metasploit resource scripts for automation
|
||||
exploit research and development basics
|
||||
finding and using public exploits
|
||||
compiling and modifying exploit code
|
||||
buffer overflow exploitation basics
|
||||
stack-based buffer overflow attacks
|
||||
heap-based overflow techniques
|
||||
SEH overwrite exploitation
|
||||
return-oriented programming (ROP) basics
|
||||
bypassing DEP and ASLR
|
||||
shellcode development fundamentals
|
||||
Windows kernel exploitation basics
|
||||
Linux kernel exploitation techniques
|
||||
Windows privilege escalation techniques
|
||||
Linux privilege escalation techniques
|
||||
kernel exploit identification for privilege escalation
|
||||
service misconfiguration privilege escalation
|
||||
scheduled task and cron job abuse
|
||||
SUID and GUID binary exploitation
|
||||
sudo misconfiguration exploitation
|
||||
DLL hijacking for privilege escalation
|
||||
unquoted service path exploitation
|
||||
always install elevated registry abuse
|
||||
token manipulation for privilege escalation
|
||||
SeImpersonate and SeAssignPrimaryToken abuse
|
||||
UAC bypass techniques
|
||||
Linux capabilities abuse for escalation
|
||||
Active Directory enumeration attacks
|
||||
BloodHound usage for Active Directory mapping
|
||||
active directory certificate services abuse
|
||||
Kerberos attacks (Kerberoasting, AS-REP roasting)
|
||||
golden ticket and silver ticket attacks
|
||||
pass-the-hash and pass-the-ticket attacks
|
||||
DCSync attack explained
|
||||
SMB relay attacks
|
||||
NTLM relay and NTLMv2 cracking
|
||||
Active Directory delegation abuse
|
||||
group policy object exploitation
|
||||
domain controller exploitation techniques
|
||||
cross-forest trust attacks
|
||||
active directory federation services attacks
|
||||
LAPS security analysis
|
||||
password spraying in Active Directory
|
||||
SMB enumeration and null session attacks
|
||||
NetBIOS and LLMNR poisoning
|
||||
Responder usage for network poisoning
|
||||
IPv6 rogue DHCP and DNS attacks
|
||||
password cracking with hashcat rules
|
||||
john the ripper usage for password cracking
|
||||
rainbow table attacks and defense
|
||||
online password brute-forcing with hydra
|
||||
offline password cracking techniques
|
||||
dictionary attacks vs brute-force attacks
|
||||
mimikatz usage for credential dumping
|
||||
lsass dump techniques
|
||||
Windows credential manager exploitation
|
||||
Kerberos ticket extraction techniques
|
||||
DPAPI abuse for credential theft
|
||||
browser credential theft techniques
|
||||
Wi-Fi password cracking with aircrack-ng
|
||||
WPA3 security analysis
|
||||
WPS pin brute-forcing
|
||||
Evil Twin attack setup
|
||||
Rogue access point deployment
|
||||
Wi-Fi deauthentication attacks
|
||||
Bluetooth security testing
|
||||
NFC and RFID security analysis
|
||||
SDR security testing fundamentals
|
||||
GSM and LTE security basics
|
||||
IoT security testing methodologies
|
||||
ICS/SCADA security testing
|
||||
automotive security testing basics
|
||||
hardware hacking tools and techniques
|
||||
JTAG and UART interface exploitation
|
||||
firmware analysis and reverse engineering
|
||||
TiK and TiKTok analysis
|
||||
physical security assessment techniques
|
||||
social engineering attack vectors
|
||||
phishing campaign setup with GoPhish
|
||||
spear phishing techniques
|
||||
pretexting for social engineering
|
||||
vishing and smishing attacks
|
||||
physical tailgating and badge cloning
|
||||
lock picking fundamentals for pentesters
|
||||
HID attack tools (rubber ducky, bash bunny)
|
||||
USB drop attack methodology
|
||||
C2 (Command and Control) infrastructure setup
|
||||
listener configuration for reverse shells
|
||||
bind shell vs reverse shell explained
|
||||
staged vs stageless payloads
|
||||
DNS tunneling for C2 communication
|
||||
HTTPS beaconing techniques
|
||||
domain fronting for C2 hiding
|
||||
cobalt strike beacon basics
|
||||
empire framework for post-exploitation
|
||||
Sliver C2 framework overview
|
||||
PoshC2 usage
|
||||
covenant C2 setup and usage
|
||||
payload obfuscation and packers
|
||||
encoding techniques for payload delivery
|
||||
process injection techniques
|
||||
reflective DLL injection
|
||||
process hollowing detection and creation
|
||||
APC injection explained
|
||||
syscall direct execution for EDR bypass
|
||||
ETW patching for evasion
|
||||
AMSI bypass techniques
|
||||
powershell obfuscation and evasion
|
||||
Windows Defender and AV evasion
|
||||
userland API hooking detection
|
||||
sandbox detection and evasion
|
||||
VM detection techniques
|
||||
timing-based anti-analysis
|
||||
log cleaning and forensic countermeasures
|
||||
indicator removal on compromised systems
|
||||
timestomp techniques for file timestamp manipulation
|
||||
persistence mechanisms on Windows
|
||||
persistence mechanisms on Linux
|
||||
scheduled task persistence
|
||||
WMI persistence techniques
|
||||
registry run key persistence
|
||||
startup folder persistence
|
||||
service persistence on Windows
|
||||
LD_PRELOAD persistence on Linux
|
||||
.ssh authorized_keys backdoor
|
||||
cron job persistence
|
||||
log rotation and flushing
|
||||
cover your tracks checklist
|
||||
post-exploitation enumeration commands
|
||||
lateral movement techniques in Windows
|
||||
lateral movement with PowerShell remoting
|
||||
RDP hijacking and pass-the-hash for lateral movement
|
||||
SMB and WMI for lateral movement
|
||||
PsExec usage for remote command execution
|
||||
lateral movement with scheduled tasks
|
||||
SSH tunneling for lateral movement
|
||||
port forwarding and proxy chains
|
||||
socks proxy setup with ssh
|
||||
ssh local and remote port forwarding
|
||||
iptables usage for traffic forwarding
|
||||
chisel tunnel setup
|
||||
ligolo-ng tunnelling
|
||||
Proxychains configuration
|
||||
metasploit routing through compromised hosts
|
||||
pivoting through multiple hosts
|
||||
data exfiltration techniques
|
||||
DNS exfiltration methods
|
||||
ICMP exfiltration techniques
|
||||
HTTPS exfiltration for stealth
|
||||
covert channel establishment
|
||||
steganography for data hiding
|
||||
file transfer techniques in restricted networks
|
||||
common Windows logging mechanisms
|
||||
event log analysis for incident detection
|
||||
Sysmon usage for advanced monitoring
|
||||
Windows Event IDs for security monitoring
|
||||
Linux auditd configuration for monitoring
|
||||
command logging and bash history analysis
|
||||
network flow analysis for anomaly detection
|
||||
IDS and IPS evasion techniques
|
||||
detecting network scans and port scans
|
||||
honeypot deployment strategies
|
||||
MITER ATT&CK framework overview
|
||||
understanding TTPs in penetration testing
|
||||
Lockheed Martin Cyber Kill Chain
|
||||
Diamond Model of intrusion analysis
|
||||
pyramid of pain for adversary detection
|
||||
penetration testing report writing
|
||||
executive summary writing for pentest reports
|
||||
technical findings documentation for pentests
|
||||
remediation recommendations for vulnerabilities
|
||||
risk rating methodologies (CVSS)
|
||||
evidence collection and chain of custody
|
||||
professional pentest report templates
|
||||
penetration testing methodology overview
|
||||
PTES (Penetration Testing Execution Standard)
|
||||
OWASP Testing Guide overview
|
||||
OSSTMM methodology
|
||||
PCI DSS penetration testing requirements
|
||||
SOC 2 penetration testing scope
|
||||
red team vs blue team vs purple team
|
||||
purple team exercise methodology
|
||||
adversary emulation planning
|
||||
tabletop exercise facilitation
|
||||
rules of engagement for pentests
|
||||
scope definition in penetration testing
|
||||
third-party vendor risk assessment
|
||||
cloud penetration testing basics
|
||||
AWS security assessment techniques
|
||||
Azure penetration testing methods
|
||||
GCP security testing approaches
|
||||
container security testing with Docker
|
||||
Kubernetes security assessment
|
||||
serverless application security testing
|
||||
cloud IAM privilege escalation
|
||||
cloud storage bucket enumeration
|
||||
AWS SSM agent abuse for pentesting
|
||||
Docker escape techniques
|
||||
container breakout vulnerabilities
|
||||
Kubernetes RBAC misconfiguration exploitation
|
||||
service mesh security testing
|
||||
CI/CD pipeline security assessment
|
||||
infrastructure as code security review
|
||||
Terraform security scanning
|
||||
Kubernetes pod security policy review
|
||||
OWASP Top 10 vulnerabilities explained
|
||||
SANS Top 25 software errors
|
||||
CWE classification system
|
||||
understanding CVE scoring
|
||||
responsible disclosure process
|
||||
zero-day vulnerability discovery process
|
||||
fuzzing techniques for vulnerability discovery
|
||||
static application security testing (SAST)
|
||||
dynamic application security testing (DAST)
|
||||
interactive application security testing (IAST)
|
||||
software composition analysis for open source risks
|
||||
supply chain security attacks
|
||||
malware analysis fundamentals
|
||||
static malware analysis techniques
|
||||
dynamic malware analysis in sandbox
|
||||
ransomware analysis and decryption
|
||||
trojan and backdoor analysis
|
||||
rootkit detection techniques
|
||||
memory forensics with volatility
|
||||
disk forensics with Autopsy and Sleuth Kit
|
||||
network forensics for incident response
|
||||
PCAP analysis for forensic investigation
|
||||
timeline analysis in forensic investigations
|
||||
Windows registry forensics
|
||||
prefetch and recent files forensics
|
||||
USB device history forensics
|
||||
email header analysis for phishing investigations
|
||||
web proxy log analysis
|
||||
firewall log analysis for security incidents
|
||||
SQLite database forensics
|
||||
mobile device forensics basics
|
||||
iOS security testing limitations
|
||||
Android application security testing
|
||||
mobile API security testing
|
||||
mobile app reverse engineering with jadx
|
||||
Frida usage for dynamic instrumentation
|
||||
bypassing SSL pinning in mobile apps
|
||||
Android APK decompilation and analysis
|
||||
iOS IPA analysis techniques
|
||||
iOS jailbreak detection bypass
|
||||
Android root detection bypass
|
||||
wireless logical acquisition for mobile devices
|
||||
exploit development with pwntools
|
||||
return-oriented programming (ROP) chain construction
|
||||
heap feng shui techniques
|
||||
format string vulnerability exploitation
|
||||
integer overflow attacks
|
||||
use-after-free exploitation
|
||||
double-free vulnerability analysis
|
||||
arm exploitation basics
|
||||
MIPS architecture exploitation basics
|
||||
windows exploit development with WinDbg
|
||||
Linux exploit development with GDB
|
||||
Python exploit scripting for penetration testing
|
||||
PowerShell scripting for pentesting
|
||||
Bash scripting for Linux automation
|
||||
Windows batch scripting for automation
|
||||
JavaScript for web exploitation
|
||||
Ruby for Metasploit module development
|
||||
C for low-level exploit development
|
||||
Go programming for pentesting tools
|
||||
Rust programming for security tools
|
||||
Reference in New Issue
Block a user