nmap scanning techniques and common flags nmap OS detection and service version detection nmap NSE script usage for vulnerability scanning masscan usage for large-scale port scanning netcat usage for port scanning and banner grabbing port scanning with PowerShell understanding TCP connect scan vs SYN scan UDP port scanning techniques evading firewalls with fragmented packets and decoys service fingerprinting and banner grabbing Wireshark packet capture and filter syntax tcpdump command-line packet analysis network traffic analysis for suspicious patterns identifying open ports and services on a network network mapping with traceroute and path analysis SNMP enumeration for network device information SMTP enumeration for user enumeration DNS enumeration with dig and nslookup subdomain enumeration techniques virtual host discovery for web applications SSL/TLS certificate analysis and misconfiguration detection Shodan search queries for finding exposed devices Google dorking techniques for reconnaissance OSINT techniques for penetration testing theHarvester usage for email and domain reconnaissance recon-ng framework for automated reconnaissance maltego usage for relationship analysis social media OSINT gathering techniques whois lookups and DNS history analysis gathering information from public sources SQL injection detection and exploitation SQLmap usage for automated SQL injection blind SQL injection techniques time-based SQL injection exploitation error-based SQL injection techniques NoSQL injection attacks second-order SQL injection bypassing WAF for SQL injection extracting data from databases via SQL injection preventing SQL injection in web applications Cross-Site Scripting (XSS) types and exploitation stored XSS vs reflected XSS vs DOM-based XSS XSS payload crafting and bypass techniques exploiting XSS to steal cookies and session data Content Security Policy (CSP) bypass techniques preventing XSS vulnerabilities in web applications Burp Suite proxy setup and usage Burp Suite intruder for automated parameter fuzzing Burp Suite repeater for manual request manipulation Burp Suite scanner for automated vulnerability detection Burp Suite extensions and BApp store OWASP ZAP usage for web application scanning web application directory brute-forcing with dirb and gobuster parameter fuzzing for hidden endpoints API endpoint discovery and testing REST API security testing techniques GraphQL API vulnerability testing JWT token manipulation and attacks CSRF attack and prevention techniques SSRF (Server-Side Request Forgery) exploitation XXE (XML External Entity) injection attacks file inclusion vulnerabilities (LFI/RFI) command injection detection and exploitation template injection (SSTI) attacks deserialization attacks in web applications race condition exploitation HTTP request smuggling techniques web cache poisoning and deception IDOR (Insecure Direct Object Reference) exploitation broken authentication and session management testing multi-factor authentication bypass techniques OAuth 2.0 security testing open redirect vulnerabilities CORS misconfiguration exploitation WebSocket security testing server-side JavaScript injection LDAP injection attacks XPath injection techniques metasploit basic commands and modules metasploit payload generation with msfvenom meterpreter post-exploitation commands metasploit resource scripts for automation exploit research and development basics finding and using public exploits compiling and modifying exploit code buffer overflow exploitation basics stack-based buffer overflow attacks heap-based overflow techniques SEH overwrite exploitation return-oriented programming (ROP) basics bypassing DEP and ASLR shellcode development fundamentals Windows kernel exploitation basics Linux kernel exploitation techniques Windows privilege escalation techniques Linux privilege escalation techniques kernel exploit identification for privilege escalation service misconfiguration privilege escalation scheduled task and cron job abuse SUID and GUID binary exploitation sudo misconfiguration exploitation DLL hijacking for privilege escalation unquoted service path exploitation always install elevated registry abuse token manipulation for privilege escalation SeImpersonate and SeAssignPrimaryToken abuse UAC bypass techniques Linux capabilities abuse for escalation Active Directory enumeration attacks BloodHound usage for Active Directory mapping active directory certificate services abuse Kerberos attacks (Kerberoasting, AS-REP roasting) golden ticket and silver ticket attacks pass-the-hash and pass-the-ticket attacks DCSync attack explained SMB relay attacks NTLM relay and NTLMv2 cracking Active Directory delegation abuse group policy object exploitation domain controller exploitation techniques cross-forest trust attacks active directory federation services attacks LAPS security analysis password spraying in Active Directory SMB enumeration and null session attacks NetBIOS and LLMNR poisoning Responder usage for network poisoning IPv6 rogue DHCP and DNS attacks password cracking with hashcat rules john the ripper usage for password cracking rainbow table attacks and defense online password brute-forcing with hydra offline password cracking techniques dictionary attacks vs brute-force attacks mimikatz usage for credential dumping lsass dump techniques Windows credential manager exploitation Kerberos ticket extraction techniques DPAPI abuse for credential theft browser credential theft techniques Wi-Fi password cracking with aircrack-ng WPA3 security analysis WPS pin brute-forcing Evil Twin attack setup Rogue access point deployment Wi-Fi deauthentication attacks Bluetooth security testing NFC and RFID security analysis SDR security testing fundamentals GSM and LTE security basics IoT security testing methodologies ICS/SCADA security testing automotive security testing basics hardware hacking tools and techniques JTAG and UART interface exploitation firmware analysis and reverse engineering TiK and TiKTok analysis physical security assessment techniques social engineering attack vectors phishing campaign setup with GoPhish spear phishing techniques pretexting for social engineering vishing and smishing attacks physical tailgating and badge cloning lock picking fundamentals for pentesters HID attack tools (rubber ducky, bash bunny) USB drop attack methodology C2 (Command and Control) infrastructure setup listener configuration for reverse shells bind shell vs reverse shell explained staged vs stageless payloads DNS tunneling for C2 communication HTTPS beaconing techniques domain fronting for C2 hiding cobalt strike beacon basics empire framework for post-exploitation Sliver C2 framework overview PoshC2 usage covenant C2 setup and usage payload obfuscation and packers encoding techniques for payload delivery process injection techniques reflective DLL injection process hollowing detection and creation APC injection explained syscall direct execution for EDR bypass ETW patching for evasion AMSI bypass techniques powershell obfuscation and evasion Windows Defender and AV evasion userland API hooking detection sandbox detection and evasion VM detection techniques timing-based anti-analysis log cleaning and forensic countermeasures indicator removal on compromised systems timestomp techniques for file timestamp manipulation persistence mechanisms on Windows persistence mechanisms on Linux scheduled task persistence WMI persistence techniques registry run key persistence startup folder persistence service persistence on Windows LD_PRELOAD persistence on Linux .ssh authorized_keys backdoor cron job persistence log rotation and flushing cover your tracks checklist post-exploitation enumeration commands lateral movement techniques in Windows lateral movement with PowerShell remoting RDP hijacking and pass-the-hash for lateral movement SMB and WMI for lateral movement PsExec usage for remote command execution lateral movement with scheduled tasks SSH tunneling for lateral movement port forwarding and proxy chains socks proxy setup with ssh ssh local and remote port forwarding iptables usage for traffic forwarding chisel tunnel setup ligolo-ng tunnelling Proxychains configuration metasploit routing through compromised hosts pivoting through multiple hosts data exfiltration techniques DNS exfiltration methods ICMP exfiltration techniques HTTPS exfiltration for stealth covert channel establishment steganography for data hiding file transfer techniques in restricted networks common Windows logging mechanisms event log analysis for incident detection Sysmon usage for advanced monitoring Windows Event IDs for security monitoring Linux auditd configuration for monitoring command logging and bash history analysis network flow analysis for anomaly detection IDS and IPS evasion techniques detecting network scans and port scans honeypot deployment strategies MITER ATT&CK framework overview understanding TTPs in penetration testing Lockheed Martin Cyber Kill Chain Diamond Model of intrusion analysis pyramid of pain for adversary detection penetration testing report writing executive summary writing for pentest reports technical findings documentation for pentests remediation recommendations for vulnerabilities risk rating methodologies (CVSS) evidence collection and chain of custody professional pentest report templates penetration testing methodology overview PTES (Penetration Testing Execution Standard) OWASP Testing Guide overview OSSTMM methodology PCI DSS penetration testing requirements SOC 2 penetration testing scope red team vs blue team vs purple team purple team exercise methodology adversary emulation planning tabletop exercise facilitation rules of engagement for pentests scope definition in penetration testing third-party vendor risk assessment cloud penetration testing basics AWS security assessment techniques Azure penetration testing methods GCP security testing approaches container security testing with Docker Kubernetes security assessment serverless application security testing cloud IAM privilege escalation cloud storage bucket enumeration AWS SSM agent abuse for pentesting Docker escape techniques container breakout vulnerabilities Kubernetes RBAC misconfiguration exploitation service mesh security testing CI/CD pipeline security assessment infrastructure as code security review Terraform security scanning Kubernetes pod security policy review OWASP Top 10 vulnerabilities explained SANS Top 25 software errors CWE classification system understanding CVE scoring responsible disclosure process zero-day vulnerability discovery process fuzzing techniques for vulnerability discovery static application security testing (SAST) dynamic application security testing (DAST) interactive application security testing (IAST) software composition analysis for open source risks supply chain security attacks malware analysis fundamentals static malware analysis techniques dynamic malware analysis in sandbox ransomware analysis and decryption trojan and backdoor analysis rootkit detection techniques memory forensics with volatility disk forensics with Autopsy and Sleuth Kit network forensics for incident response PCAP analysis for forensic investigation timeline analysis in forensic investigations Windows registry forensics prefetch and recent files forensics USB device history forensics email header analysis for phishing investigations web proxy log analysis firewall log analysis for security incidents SQLite database forensics mobile device forensics basics iOS security testing limitations Android application security testing mobile API security testing mobile app reverse engineering with jadx Frida usage for dynamic instrumentation bypassing SSL pinning in mobile apps Android APK decompilation and analysis iOS IPA analysis techniques iOS jailbreak detection bypass Android root detection bypass wireless logical acquisition for mobile devices exploit development with pwntools return-oriented programming (ROP) chain construction heap feng shui techniques format string vulnerability exploitation integer overflow attacks use-after-free exploitation double-free vulnerability analysis arm exploitation basics MIPS architecture exploitation basics windows exploit development with WinDbg Linux exploit development with GDB Python exploit scripting for penetration testing PowerShell scripting for pentesting Bash scripting for Linux automation Windows batch scripting for automation JavaScript for web exploitation Ruby for Metasploit module development C for low-level exploit development Go programming for pentesting tools Rust programming for security tools