349 lines
12 KiB
Plaintext
349 lines
12 KiB
Plaintext
nmap scanning techniques and common flags
|
|
nmap OS detection and service version detection
|
|
nmap NSE script usage for vulnerability scanning
|
|
masscan usage for large-scale port scanning
|
|
netcat usage for port scanning and banner grabbing
|
|
port scanning with PowerShell
|
|
understanding TCP connect scan vs SYN scan
|
|
UDP port scanning techniques
|
|
evading firewalls with fragmented packets and decoys
|
|
service fingerprinting and banner grabbing
|
|
Wireshark packet capture and filter syntax
|
|
tcpdump command-line packet analysis
|
|
network traffic analysis for suspicious patterns
|
|
identifying open ports and services on a network
|
|
network mapping with traceroute and path analysis
|
|
SNMP enumeration for network device information
|
|
SMTP enumeration for user enumeration
|
|
DNS enumeration with dig and nslookup
|
|
subdomain enumeration techniques
|
|
virtual host discovery for web applications
|
|
SSL/TLS certificate analysis and misconfiguration detection
|
|
Shodan search queries for finding exposed devices
|
|
Google dorking techniques for reconnaissance
|
|
OSINT techniques for penetration testing
|
|
theHarvester usage for email and domain reconnaissance
|
|
recon-ng framework for automated reconnaissance
|
|
maltego usage for relationship analysis
|
|
social media OSINT gathering techniques
|
|
whois lookups and DNS history analysis
|
|
gathering information from public sources
|
|
SQL injection detection and exploitation
|
|
SQLmap usage for automated SQL injection
|
|
blind SQL injection techniques
|
|
time-based SQL injection exploitation
|
|
error-based SQL injection techniques
|
|
NoSQL injection attacks
|
|
second-order SQL injection
|
|
bypassing WAF for SQL injection
|
|
extracting data from databases via SQL injection
|
|
preventing SQL injection in web applications
|
|
Cross-Site Scripting (XSS) types and exploitation
|
|
stored XSS vs reflected XSS vs DOM-based XSS
|
|
XSS payload crafting and bypass techniques
|
|
exploiting XSS to steal cookies and session data
|
|
Content Security Policy (CSP) bypass techniques
|
|
preventing XSS vulnerabilities in web applications
|
|
Burp Suite proxy setup and usage
|
|
Burp Suite intruder for automated parameter fuzzing
|
|
Burp Suite repeater for manual request manipulation
|
|
Burp Suite scanner for automated vulnerability detection
|
|
Burp Suite extensions and BApp store
|
|
OWASP ZAP usage for web application scanning
|
|
web application directory brute-forcing with dirb and gobuster
|
|
parameter fuzzing for hidden endpoints
|
|
API endpoint discovery and testing
|
|
REST API security testing techniques
|
|
GraphQL API vulnerability testing
|
|
JWT token manipulation and attacks
|
|
CSRF attack and prevention techniques
|
|
SSRF (Server-Side Request Forgery) exploitation
|
|
XXE (XML External Entity) injection attacks
|
|
file inclusion vulnerabilities (LFI/RFI)
|
|
command injection detection and exploitation
|
|
template injection (SSTI) attacks
|
|
deserialization attacks in web applications
|
|
race condition exploitation
|
|
HTTP request smuggling techniques
|
|
web cache poisoning and deception
|
|
IDOR (Insecure Direct Object Reference) exploitation
|
|
broken authentication and session management testing
|
|
multi-factor authentication bypass techniques
|
|
OAuth 2.0 security testing
|
|
open redirect vulnerabilities
|
|
CORS misconfiguration exploitation
|
|
WebSocket security testing
|
|
server-side JavaScript injection
|
|
LDAP injection attacks
|
|
XPath injection techniques
|
|
metasploit basic commands and modules
|
|
metasploit payload generation with msfvenom
|
|
meterpreter post-exploitation commands
|
|
metasploit resource scripts for automation
|
|
exploit research and development basics
|
|
finding and using public exploits
|
|
compiling and modifying exploit code
|
|
buffer overflow exploitation basics
|
|
stack-based buffer overflow attacks
|
|
heap-based overflow techniques
|
|
SEH overwrite exploitation
|
|
return-oriented programming (ROP) basics
|
|
bypassing DEP and ASLR
|
|
shellcode development fundamentals
|
|
Windows kernel exploitation basics
|
|
Linux kernel exploitation techniques
|
|
Windows privilege escalation techniques
|
|
Linux privilege escalation techniques
|
|
kernel exploit identification for privilege escalation
|
|
service misconfiguration privilege escalation
|
|
scheduled task and cron job abuse
|
|
SUID and GUID binary exploitation
|
|
sudo misconfiguration exploitation
|
|
DLL hijacking for privilege escalation
|
|
unquoted service path exploitation
|
|
always install elevated registry abuse
|
|
token manipulation for privilege escalation
|
|
SeImpersonate and SeAssignPrimaryToken abuse
|
|
UAC bypass techniques
|
|
Linux capabilities abuse for escalation
|
|
Active Directory enumeration attacks
|
|
BloodHound usage for Active Directory mapping
|
|
active directory certificate services abuse
|
|
Kerberos attacks (Kerberoasting, AS-REP roasting)
|
|
golden ticket and silver ticket attacks
|
|
pass-the-hash and pass-the-ticket attacks
|
|
DCSync attack explained
|
|
SMB relay attacks
|
|
NTLM relay and NTLMv2 cracking
|
|
Active Directory delegation abuse
|
|
group policy object exploitation
|
|
domain controller exploitation techniques
|
|
cross-forest trust attacks
|
|
active directory federation services attacks
|
|
LAPS security analysis
|
|
password spraying in Active Directory
|
|
SMB enumeration and null session attacks
|
|
NetBIOS and LLMNR poisoning
|
|
Responder usage for network poisoning
|
|
IPv6 rogue DHCP and DNS attacks
|
|
password cracking with hashcat rules
|
|
john the ripper usage for password cracking
|
|
rainbow table attacks and defense
|
|
online password brute-forcing with hydra
|
|
offline password cracking techniques
|
|
dictionary attacks vs brute-force attacks
|
|
mimikatz usage for credential dumping
|
|
lsass dump techniques
|
|
Windows credential manager exploitation
|
|
Kerberos ticket extraction techniques
|
|
DPAPI abuse for credential theft
|
|
browser credential theft techniques
|
|
Wi-Fi password cracking with aircrack-ng
|
|
WPA3 security analysis
|
|
WPS pin brute-forcing
|
|
Evil Twin attack setup
|
|
Rogue access point deployment
|
|
Wi-Fi deauthentication attacks
|
|
Bluetooth security testing
|
|
NFC and RFID security analysis
|
|
SDR security testing fundamentals
|
|
GSM and LTE security basics
|
|
IoT security testing methodologies
|
|
ICS/SCADA security testing
|
|
automotive security testing basics
|
|
hardware hacking tools and techniques
|
|
JTAG and UART interface exploitation
|
|
firmware analysis and reverse engineering
|
|
TiK and TiKTok analysis
|
|
physical security assessment techniques
|
|
social engineering attack vectors
|
|
phishing campaign setup with GoPhish
|
|
spear phishing techniques
|
|
pretexting for social engineering
|
|
vishing and smishing attacks
|
|
physical tailgating and badge cloning
|
|
lock picking fundamentals for pentesters
|
|
HID attack tools (rubber ducky, bash bunny)
|
|
USB drop attack methodology
|
|
C2 (Command and Control) infrastructure setup
|
|
listener configuration for reverse shells
|
|
bind shell vs reverse shell explained
|
|
staged vs stageless payloads
|
|
DNS tunneling for C2 communication
|
|
HTTPS beaconing techniques
|
|
domain fronting for C2 hiding
|
|
cobalt strike beacon basics
|
|
empire framework for post-exploitation
|
|
Sliver C2 framework overview
|
|
PoshC2 usage
|
|
covenant C2 setup and usage
|
|
payload obfuscation and packers
|
|
encoding techniques for payload delivery
|
|
process injection techniques
|
|
reflective DLL injection
|
|
process hollowing detection and creation
|
|
APC injection explained
|
|
syscall direct execution for EDR bypass
|
|
ETW patching for evasion
|
|
AMSI bypass techniques
|
|
powershell obfuscation and evasion
|
|
Windows Defender and AV evasion
|
|
userland API hooking detection
|
|
sandbox detection and evasion
|
|
VM detection techniques
|
|
timing-based anti-analysis
|
|
log cleaning and forensic countermeasures
|
|
indicator removal on compromised systems
|
|
timestomp techniques for file timestamp manipulation
|
|
persistence mechanisms on Windows
|
|
persistence mechanisms on Linux
|
|
scheduled task persistence
|
|
WMI persistence techniques
|
|
registry run key persistence
|
|
startup folder persistence
|
|
service persistence on Windows
|
|
LD_PRELOAD persistence on Linux
|
|
.ssh authorized_keys backdoor
|
|
cron job persistence
|
|
log rotation and flushing
|
|
cover your tracks checklist
|
|
post-exploitation enumeration commands
|
|
lateral movement techniques in Windows
|
|
lateral movement with PowerShell remoting
|
|
RDP hijacking and pass-the-hash for lateral movement
|
|
SMB and WMI for lateral movement
|
|
PsExec usage for remote command execution
|
|
lateral movement with scheduled tasks
|
|
SSH tunneling for lateral movement
|
|
port forwarding and proxy chains
|
|
socks proxy setup with ssh
|
|
ssh local and remote port forwarding
|
|
iptables usage for traffic forwarding
|
|
chisel tunnel setup
|
|
ligolo-ng tunnelling
|
|
Proxychains configuration
|
|
metasploit routing through compromised hosts
|
|
pivoting through multiple hosts
|
|
data exfiltration techniques
|
|
DNS exfiltration methods
|
|
ICMP exfiltration techniques
|
|
HTTPS exfiltration for stealth
|
|
covert channel establishment
|
|
steganography for data hiding
|
|
file transfer techniques in restricted networks
|
|
common Windows logging mechanisms
|
|
event log analysis for incident detection
|
|
Sysmon usage for advanced monitoring
|
|
Windows Event IDs for security monitoring
|
|
Linux auditd configuration for monitoring
|
|
command logging and bash history analysis
|
|
network flow analysis for anomaly detection
|
|
IDS and IPS evasion techniques
|
|
detecting network scans and port scans
|
|
honeypot deployment strategies
|
|
MITER ATT&CK framework overview
|
|
understanding TTPs in penetration testing
|
|
Lockheed Martin Cyber Kill Chain
|
|
Diamond Model of intrusion analysis
|
|
pyramid of pain for adversary detection
|
|
penetration testing report writing
|
|
executive summary writing for pentest reports
|
|
technical findings documentation for pentests
|
|
remediation recommendations for vulnerabilities
|
|
risk rating methodologies (CVSS)
|
|
evidence collection and chain of custody
|
|
professional pentest report templates
|
|
penetration testing methodology overview
|
|
PTES (Penetration Testing Execution Standard)
|
|
OWASP Testing Guide overview
|
|
OSSTMM methodology
|
|
PCI DSS penetration testing requirements
|
|
SOC 2 penetration testing scope
|
|
red team vs blue team vs purple team
|
|
purple team exercise methodology
|
|
adversary emulation planning
|
|
tabletop exercise facilitation
|
|
rules of engagement for pentests
|
|
scope definition in penetration testing
|
|
third-party vendor risk assessment
|
|
cloud penetration testing basics
|
|
AWS security assessment techniques
|
|
Azure penetration testing methods
|
|
GCP security testing approaches
|
|
container security testing with Docker
|
|
Kubernetes security assessment
|
|
serverless application security testing
|
|
cloud IAM privilege escalation
|
|
cloud storage bucket enumeration
|
|
AWS SSM agent abuse for pentesting
|
|
Docker escape techniques
|
|
container breakout vulnerabilities
|
|
Kubernetes RBAC misconfiguration exploitation
|
|
service mesh security testing
|
|
CI/CD pipeline security assessment
|
|
infrastructure as code security review
|
|
Terraform security scanning
|
|
Kubernetes pod security policy review
|
|
OWASP Top 10 vulnerabilities explained
|
|
SANS Top 25 software errors
|
|
CWE classification system
|
|
understanding CVE scoring
|
|
responsible disclosure process
|
|
zero-day vulnerability discovery process
|
|
fuzzing techniques for vulnerability discovery
|
|
static application security testing (SAST)
|
|
dynamic application security testing (DAST)
|
|
interactive application security testing (IAST)
|
|
software composition analysis for open source risks
|
|
supply chain security attacks
|
|
malware analysis fundamentals
|
|
static malware analysis techniques
|
|
dynamic malware analysis in sandbox
|
|
ransomware analysis and decryption
|
|
trojan and backdoor analysis
|
|
rootkit detection techniques
|
|
memory forensics with volatility
|
|
disk forensics with Autopsy and Sleuth Kit
|
|
network forensics for incident response
|
|
PCAP analysis for forensic investigation
|
|
timeline analysis in forensic investigations
|
|
Windows registry forensics
|
|
prefetch and recent files forensics
|
|
USB device history forensics
|
|
email header analysis for phishing investigations
|
|
web proxy log analysis
|
|
firewall log analysis for security incidents
|
|
SQLite database forensics
|
|
mobile device forensics basics
|
|
iOS security testing limitations
|
|
Android application security testing
|
|
mobile API security testing
|
|
mobile app reverse engineering with jadx
|
|
Frida usage for dynamic instrumentation
|
|
bypassing SSL pinning in mobile apps
|
|
Android APK decompilation and analysis
|
|
iOS IPA analysis techniques
|
|
iOS jailbreak detection bypass
|
|
Android root detection bypass
|
|
wireless logical acquisition for mobile devices
|
|
exploit development with pwntools
|
|
return-oriented programming (ROP) chain construction
|
|
heap feng shui techniques
|
|
format string vulnerability exploitation
|
|
integer overflow attacks
|
|
use-after-free exploitation
|
|
double-free vulnerability analysis
|
|
arm exploitation basics
|
|
MIPS architecture exploitation basics
|
|
windows exploit development with WinDbg
|
|
Linux exploit development with GDB
|
|
Python exploit scripting for penetration testing
|
|
PowerShell scripting for pentesting
|
|
Bash scripting for Linux automation
|
|
Windows batch scripting for automation
|
|
JavaScript for web exploitation
|
|
Ruby for Metasploit module development
|
|
C for low-level exploit development
|
|
Go programming for pentesting tools
|
|
Rust programming for security tools
|