SUMMARY.md

Table of contents

👾 Welcome!

• HackTricks
• HackTricks Values & faq
• About the author
• Getting Started in Hacking

🤩 Generic Methodologies & Resources

• Pentesting Methodology
• External Recon Methodology
  • Wide Source Code Search
  • Github Dorks & Leaks
• Pentesting Network
  • DHCPv6
  • EIGRP Attacks
  • GLBP & HSRP Attacks
  • IDS and IPS Evasion
  • Lateral VLAN Segmentation Bypass
  • Network Protocols Explained (ESP)
  • Nmap Summary (ESP)
  • Pentesting IPv6
  • Spoofing LLMNR, NBT-NS, mDNS/DNS and WPAD and Relay Attacks
  • Spoofing SSDP and UPnP Devices with EvilSSDP
• Pentesting Wifi
  • Evil Twin EAP-TLS
• Phishing Methodology
  • Clone a Website
  • Detecting Phishing
  • Phishing Files & Documents
• Basic Forensic Methodology
  • Baseline Monitoring
  • Anti-Forensic Techniques
  • Docker Forensics
  • Image Acquisition & Mount
  • Linux Forensics
  • Malware Analysis
  • Memory dump analysis
    • Volatility - CheatSheet
  • Partitions/File Systems/Carving
    • EXT
    • File/Data Carving & Recovery Tools
    • NTFS
  • Pcap Inspection
    • DNSCat pcap analysis
    • Suricata & Iptables cheatsheet
    • USB Keystrokes
    • Wifi Pcap Analysis
    • Wireshark tricks
  • Specific Software/File-Type Tricks
    • Decompile compiled python binaries (exe, elf) - Retreive from .pyc
    • Browser Artifacts
    • Desofuscation vbs (cscript.exe)
    • Local Cloud Storage
    • Office file analysis
    • PDF File analysis
    • PNG tricks
    • Video and Audio file analysis
    • ZIPs tricks
  • Windows Artifacts
    • Windows Processes
    • Interesting Windows Registry Keys
• Brute Force - CheatSheet
• Python Sandbox Escape & Pyscript
  • Bypass Python sandboxes
    • LOAD_NAME / LOAD_CONST opcode OOB Read
  • Class Pollution (Python's Prototype Pollution)
  • Python Internal Read Gadgets
  • Pyscript
  • venv
  • Web Requests
  • Bruteforce hash (few chars)
  • Basic Python
• Exfiltration
• Tunneling and Port Forwarding
• Search Exploits
• Shells (Linux, Windows, MSFVenom)
  • MSFVenom - CheatSheet
  • Shells - Windows
  • Shells - Linux
  • Full TTYs

🐧 Linux Hardening

• Checklist - Linux Privilege Escalation
• Linux Privilege Escalation
  • Cisco - vmanage
  • Containerd (ctr) Privilege Escalation
  • Docker Security
    • Abusing Docker Socket for Privilege Escalation
    • AppArmor
    • AuthZ& AuthN - Docker Access Authorization Plugin
    • CGroups
    • Docker --privileged
    • Docker Breakout / Privilege Escalation
      • release_agent exploit - Relative Paths to PIDs
      • Docker release_agent cgroups escape
      • Sensitive Mounts
    • Namespaces
      • CGroup Namespace
      • IPC Namespace
      • PID Namespace
      • Mount Namespace
      • Network Namespace
      • Time Namespace
      • User Namespace
      • UTS Namespace
    • Seccomp
    • Weaponizing Distroless
  • Escaping from Jails
  • euid, ruid, suid
  • Logstash
  • Node inspector/CEF debug abuse
  • D-Bus Enumeration & Command Injection Privilege Escalation
  • Interesting Groups - Linux Privesc
    • lxd/lxc Group - Privilege escalation
  • ld.so privesc exploit example
  • Linux Active Directory
  • Linux Capabilities
  • NFS no_root_squash/no_all_squash misconfiguration PE
  • Payloads to execute
  • RunC Privilege Escalation
  • SELinux
  • Socket Command Injection
  • Splunk LPE and Persistence
  • SSH Forward Agent exploitation
  • Wildcards Spare tricks
  • Arbitrary File Write to Root
• Useful Linux Commands
• Bypass Linux Shell Restrictions
  • DDexec
• Linux Environment Variables
• Linux Post-Exploitation
  • PAM - Pluggable Authentication Modules
• FreeIPA Pentesting

🍏 MacOS Hardening

• macOS Security & Privilege Escalation
  • macOS Apps - Inspecting, debugging and Fuzzing
    • Introduction to ARM64
  • macOS AppleFS
  • macOS Bypassing Firewalls
  • macOS Defensive Apps
  • macOS Kernel & System Extensions
    • macOS Kernel Extensions
    • macOS System Extensions
  • macOS Network Services & Protocols
  • macOS File Extension & URL scheme app handlers
  • macOS Files, Folders, Binaries & Memory
    • macOS Bundles
    • macOS Installers Abuse
    • macOS Memory Dumping
    • macOS Sensitive Locations
    • macOS Universal binaries & Mach-O Format
  • macOS Objective-C
  • macOS Proces Abuse
    • macOS IPC - Inter Process Communication
      • macOS PID Reuse
      • macOS Thread Injection via Task port
      • macOS XPC Connecting Process Check
      • macOS XPC Authorization
    • macOS Electron Applications Injection
    • macOS Function Hooking
    • macOS .Net Applications Injection
    • macOS Library Injection
      • macOS Dyld Hijacking & DYLD_INSERT_LIBRARIES
  • macOS Security Protections
    • macOS SIP
    • macOS Sandbox
      • macOS Sandbox Debug & Bypass
        • macOS Office Sandbox Bypasses
    • macOS TCC
      • macOS Apple Scripts
      • macOS TCC Bypasses
  • macOS Users
• macOS Red Teaming
  • macOS MDM
    • Enrolling Devices in Other Organisations
    • macOS Serial Number
  • macOS Keychain
• macOS Useful Commands
• macOS Auto Start Locations

🪟 Windows Hardening

• Checklist - Local Windows Privilege Escalation
• Windows Local Privilege Escalation
  • Abusing Tokens
    • Abuse SeLoadDriverPrivilege
  • Access Tokens
  • ACLs - DACLs/SACLs/ACEs
  • AppendData/AddSubdirectory permission over service registry
  • Create MSI with WIX
  • COM Hijacking
  • Dll Hijacking
    • Writable Sys Path +Dll Hijacking Privesc
  • DPAPI - Extracting Passwords
  • From High Integrity to SYSTEM with Name Pipes
  • Integrity Levels
  • JAWS
  • JuicyPotato
  • Leaked Handle Exploitation
  • MSI Wrapper
  • Named Pipe Client Impersonation
  • PowerUp
  • Privilege Escalation with Autoruns
  • RoguePotato, PrintSpoofer, SharpEfsPotato, GodPotato
  • RottenPotato
  • Seatbelt
  • SeDebug + SeImpersonate copy token
  • SeImpersonate from High To System
  • Windows C Payloads
• Active Directory Methodology
  • Abusing Active Directory ACLs/ACEs
    • Shadow Credentials
  • AD Certificates
    • AD CS Account Persistence
    • AD CS Domain Escalation
    • AD CS Domain Persistence
    • AD CS Certificate Theft
  • AD information in printers
  • AD DNS Records
  • ASREPRoast
  • BloodHound & Other AD Enum Tools
  • Constrained Delegation
  • Custom SSP
  • DCShadow
  • DCSync
  • Diamond Ticket
  • DSRM Credentials
  • External Forest Domain - OneWay (Inbound) or bidirectional
  • External Forest Domain - One-Way (Outbound)
  • Golden Ticket
  • Kerberoast
  • Kerberos Authentication
  • Kerberos Double Hop Problem
  • LAPS
  • MSSQL AD Abuse
  • Over Pass the Hash/Pass the Key
  • Pass the Ticket
  • Password Spraying
  • PrintNightmare
  • Force NTLM Privileged Authentication
  • Privileged Groups
  • RDP Sessions Abuse
  • Resource-based Constrained Delegation
  • Security Descriptors
  • SID-History Injection
  • Silver Ticket
  • Skeleton Key
  • Unconstrained Delegation
• Windows Security Controls
  • UAC - User Account Control
• NTLM
  • Places to steal NTLM creds
• Lateral Movement
  • AtExec / SchtasksExec
  • DCOM Exec
  • PsExec/Winexec/ScExec
  • SmbExec/ScExec
  • WinRM
  • WmicExec
• Pivoting to the Cloud
• Stealing Windows Credentials
  • Windows Credentials Protections
  • Mimikatz
• Basic Win CMD for Pentesters
• Basic PowerShell for Pentesters
  • PowerView/SharpView
• Antivirus (AV) Bypass

📱 Mobile Pentesting

• Android APK Checklist
• Android Applications Pentesting
  • Android Applications Basics
  • Android Task Hijacking
  • ADB Commands
  • APK decompilers
  • AVD - Android Virtual Device
  • Burp Suite Configuration for Android
  • Bypass Biometric Authentication (Android)
  • content:// protocol
  • Drozer Tutorial
    • Exploiting Content Providers
  • Exploiting a debuggeable applciation
  • Frida Tutorial
    • Frida Tutorial 1
    • Frida Tutorial 2
    • Frida Tutorial 3
    • Objection Tutorial
  • Google CTF 2018 - Shall We Play a Game?
  • Inspeckage Tutorial
  • Intent Injection
  • Make APK Accept CA Certificate
  • Manual DeObfuscation
  • React Native Application
  • Reversing Native Libraries
  • Smali - Decompiling/[Modifying]/Compiling
  • Spoofing your location in Play Store
  • Webview Attacks
• iOS Pentesting Checklist
• iOS Pentesting
  • Basic iOS Testing Operations
  • Burp Suite Configuration for iOS
  • Extracting Entitlements From Compiled Application
  • Frida Configuration in iOS
  • iOS App Extensions
  • iOS Basics
  • iOS Custom URI Handlers / Deeplinks / Custom Schemes
  • iOS Hooking With Objection
  • iOS Protocol Handlers
  • iOS Serialisation and Encoding
  • iOS Testing Environment
  • iOS UIActivity Sharing
  • iOS Universal Links
  • iOS UIPasteboard
  • iOS WebViews

👽 Network Services Pentesting

• Pentesting JDWP - Java Debug Wire Protocol
• Pentesting Printers
  • Accounting bypass
  • Buffer Overflows
  • Credentials Disclosure / Brute-Force
  • Cross-Site Printing
  • Document Processing
  • Factory Defaults
  • File system access
  • Firmware updates
  • Memory Access
  • Physical Damage
  • Software packages
  • Transmission channel
  • Print job manipulation
  • Print Job Retention
  • Scanner and Fax
• Pentesting SAP
• Pentesting VoIP
  • Basic VoIP Protocols
    • SIP (Session Initiation Protocol)
• Pentesting Remote GdbServer
• 7/tcp/udp - Pentesting Echo
• 21 - Pentesting FTP
  • FTP Bounce attack - Scan
  • FTP Bounce - Download 2ºFTP file
• 22 - Pentesting SSH/SFTP
• 23 - Pentesting Telnet
• 25,465,587 - Pentesting SMTP/s
  • SMTP - Commands
• 43 - Pentesting WHOIS
• 49 - Pentesting TACACS+
• 53 - Pentesting DNS
• 69/UDP TFTP/Bittorrent-tracker
• 79 - Pentesting Finger
• 80,443 - Pentesting Web Methodology
  • 403 & 401 Bypasses
  • AEM - Adobe Experience Cloud
  • Apache
  • Artifactory Hacking guide
  • Bolt CMS
  • Buckets
    • Firebase Database
  • CGI
  • Code Review Tools
  • DotNetNuke (DNN)
  • Drupal
  • Flask
  • NodeJS Express
  • Git
  • Golang
  • Grafana
  • GraphQL
  • H2 - Java SQL database
  • IIS - Internet Information Services
  • ImageMagick Security
  • JBOSS
  • JIRA
  • Joomla
  • JSP
  • Laravel
  • Moodle
  • Nginx
  • PHP Tricks
    • PHP - Useful Functions & disable_functions/open_basedir bypass
      • disable_functions bypass - php-fpm/FastCGI
      • disable_functions bypass - dl function
      • disable_functions bypass - PHP 7.0-7.4 (*nix only)
      • disable_functions bypass - Imagick <= 3.3.0 PHP >= 5.4 Exploit
      • disable_functions - PHP 5.x Shellshock Exploit
      • disable_functions - PHP 5.2.4 ionCube extension Exploit
      • disable_functions bypass - PHP <= 5.2.9 on windows
      • disable_functions bypass - PHP 5.2.4 and 5.2.5 PHP cURL
      • disable_functions bypass - PHP safe_mode bypass via proc_open() and custom environment Exploit
      • disable_functions bypass - PHP Perl Extension Safe_mode Bypass Exploit
      • disable_functions bypass - PHP 5.2.3 - Win32std ext Protections Bypass
      • disable_functions bypass - PHP 5.2 - FOpen Exploit
      • disable_functions bypass - via mem
      • disable_functions bypass - mod_cgi
      • disable_functions bypass - PHP 4 >= 4.2.0, PHP 5 pcntl_exec
    • PHP - RCE abusing object creation: new $_GET["a"]($_GET["b"])
    • PHP SSRF
  • Python
  • Rocket Chat
  • Special HTTP headers
  • Spring Actuators
  • Symfony
  • Tomcat
    • Basic Tomcat Info
  • Uncovering CloudFlare
  • VMWare (ESX, VCenter...)
  • WAF Bypass
  • Web API Pentesting
  • WebDav
  • Werkzeug / Flask Debug
  • Wordpress
  • XSS to RCE Electron Desktop Apps
    • Electron contextIsolation RCE via preload code
    • Electron contextIsolation RCE via Electron internal code
    • Electron contextIsolation RCE via IPC
• 88tcp/udp - Pentesting Kerberos
  • Harvesting tickets from Windows
  • Harvesting tickets from Linux
• 110,995 - Pentesting POP
• 111/TCP/UDP - Pentesting Portmapper
• 113 - Pentesting Ident
• 123/udp - Pentesting NTP
• 135, 593 - Pentesting MSRPC
• 137,138,139 - Pentesting NetBios
• 139,445 - Pentesting SMB
  • rpcclient enumeration
• 143,993 - Pentesting IMAP
• 161,162,10161,10162/udp - Pentesting SNMP
  • Cisco SNMP
  • SNMP RCE
• 194,6667,6660-7000 - Pentesting IRC
• 264 - Pentesting Check Point FireWall-1
• 389, 636, 3268, 3269 - Pentesting LDAP
• 500/udp - Pentesting IPsec/IKE VPN
• 502 - Pentesting Modbus
• 512 - Pentesting Rexec
• 513 - Pentesting Rlogin
• 514 - Pentesting Rsh
• 515 - Pentesting Line Printer Daemon (LPD)
• 548 - Pentesting Apple Filing Protocol (AFP)
• 554,8554 - Pentesting RTSP
• 623/UDP/TCP - IPMI
• 631 - Internet Printing Protocol(IPP)
• 873 - Pentesting Rsync
• 1026 - Pentesting Rusersd
• 1080 - Pentesting Socks
• 1098/1099/1050 - Pentesting Java RMI - RMI-IIOP
• 1433 - Pentesting MSSQL - Microsoft SQL Server
  • Types of MSSQL Users
• 1521,1522-1529 - Pentesting Oracle TNS Listener
  • Oracle Pentesting requirements installation
  • TNS Poison
  • Remote stealth pass brute force
  • Oracle RCE & more
• 1723 - Pentesting PPTP
• 1883 - Pentesting MQTT (Mosquitto)
• 2049 - Pentesting NFS Service
• 2301,2381 - Pentesting Compaq/HP Insight Manager
• 2375, 2376 Pentesting Docker
• 3128 - Pentesting Squid
• 3260 - Pentesting ISCSI
• 3299 - Pentesting SAPRouter
• 3306 - Pentesting Mysql
• 3389 - Pentesting RDP
• 3632 - Pentesting distcc
• 3690 - Pentesting Subversion (svn server)
• 3702/UDP - Pentesting WS-Discovery
• 4369 - Pentesting Erlang Port Mapper Daemon (epmd)
• 4786 - Cisco Smart Install
• 5000 - Pentesting Docker Registry
• 5353/UDP Multicast DNS (mDNS) and DNS-SD
• 5432,5433 - Pentesting Postgresql
• 5439 - Pentesting Redshift
• 5555 - Android Debug Bridge
• 5601 - Pentesting Kibana
• 5671,5672 - Pentesting AMQP
• 5800,5801,5900,5901 - Pentesting VNC
• 5984,6984 - Pentesting CouchDB
• 5985,5986 - Pentesting WinRM
• 5985,5986 - Pentesting OMI
• 6000 - Pentesting X11
• 6379 - Pentesting Redis
• 8009 - Pentesting Apache JServ Protocol (AJP)
• 8086 - Pentesting InfluxDB
• 8089 - Pentesting Splunkd
• 8333,18333,38333,18444 - Pentesting Bitcoin
• 9000 - Pentesting FastCGI
• 9001 - Pentesting HSQLDB
• 9042/9160 - Pentesting Cassandra
• 9100 - Pentesting Raw Printing (JetDirect, AppSocket, PDL-datastream)
• 9200 - Pentesting Elasticsearch
• 10000 - Pentesting Network Data Management Protocol (ndmp)
• 11211 - Pentesting Memcache
  • Memcache Commands
• 15672 - Pentesting RabbitMQ Management
• 24007,24008,24009,49152 - Pentesting GlusterFS
• 27017,27018 - Pentesting MongoDB
• 44134 - Pentesting Tiller (Helm)
• 44818/UDP/TCP - Pentesting EthernetIP
• 47808/udp - Pentesting BACNet
• 50030,50060,50070,50075,50090 - Pentesting Hadoop

🕸 Pentesting Web

• Web Vulnerabilities Methodology
  • Browser Extensions
• Reflecting Techniques - PoCs and Polygloths CheatSheet
  • Web Vulns List
• 2FA/OTP Bypass
• Account Takeover
• Bypass Payment Process
• Captcha Bypass
• Cache Poisoning and Cache Deception
• Clickjacking
• Client Side Template Injection (CSTI)
• Client Side Path Traversal
• Command Injection
• Content Security Policy (CSP) Bypass
  • CSP bypass: self + 'unsafe-inline' with Iframes
• Cookies Hacking
  • Cookie Tossing
  • Cookie Jar Overflow
  • Cookie Bomb
• CORS - Misconfigurations & Bypass
• CRLF (%0D%0A) Injection
• Cross-site WebSocket hijacking (CSWSH)
• CSRF (Cross Site Request Forgery)
• Dangling Markup - HTML scriptless injection
• Dependency Confusion
• Deserialization
  • NodeJS - __proto__ & prototype Pollution
    • Client Side Prototype Pollution
    • Express Prototype Pollution Gadgets
    • Prototype Pollution to RCE
  • Java JSF ViewState (.faces) Deserialization
  • Java DNS Deserialization, GadgetProbe and Java Deserialization Scanner
  • Basic Java Deserialization (ObjectInputStream, readObject)
  • PHP - Deserialization + Autoload Classes
  • CommonsCollection1 Payload - Java Transformers to Rutime exec() and Thread Sleep
  • Basic .Net deserialization (ObjectDataProvider gadget, ExpandedWrapper, and Json.Net)
  • Exploiting __VIEWSTATE knowing the secrets
  • Exploiting __VIEWSTATE without knowing the secrets
  • Python Yaml Deserialization
  • JNDI - Java Naming and Directory Interface & Log4Shell
• Domain/Subdomain takeover
• Email Injections
• File Inclusion/Path traversal
  • phar:// deserialization
  • LFI2RCE via PHP Filters
  • LFI2RCE via Nginx temp files
  • LFI2RCE via PHP_SESSION_UPLOAD_PROGRESS
  • LFI2RCE via Segmentation Fault
  • LFI2RCE via phpinfo()
  • LFI2RCE Via temp file uploads
  • LFI2RCE via Eternal waiting
  • LFI2RCE Via compress.zlib + PHP_STREAM_PREFER_STUDIO + Path Disclosure
• File Upload
  • PDF Upload - XXE and CORS bypass
• Formula/CSV/Doc/LaTeX Injection
• HTTP Connection Contamination
• HTTP Connection Request Smuggling
• HTTP Request Smuggling / HTTP Desync Attack
  • Browser HTTP Request Smuggling
  • Request Smuggling in HTTP/2 Downgrades
• HTTP Response Smuggling / Desync
• Upgrade Header Smuggling
• hop-by-hop headers
• IDOR
• Integer Overflow
• JWT Vulnerabilities (Json Web Tokens)
• LDAP Injection
• Login Bypass
  • Login bypass List
• NoSQL injection
• OAuth to Account takeover
  • OAuth - Happy Paths, XSS, Iframes & Post Messages to leak code & state values
• Open Redirect
• Parameter Pollution
• Phone Number Injections
• PostMessage Vulnerabilities
  • Blocking main page to steal postmessage
  • Bypassing SOP with Iframes - 1
  • Bypassing SOP with Iframes - 2
  • Steal postmessage modifying iframe location
• Race Condition
• Rate Limit Bypass
• Registration & Takeover Vulnerabilities
• Regular expression Denial of Service - ReDoS
• Reset/Forgotten Password Bypass
• SAML Attacks
  • SAML Basics
• Server Side Inclusion/Edge Side Inclusion Injection
• SQL Injection
  • MS Access SQL Injection
  • MSSQL Injection
  • MySQL injection
    • MySQL File priv to SSRF/RCE
  • Oracle injection
  • Cypher Injection (neo4j)
  • PostgreSQL injection
    • dblink/lo_import data exfiltration
    • PL/pgSQL Password Bruteforce
    • Network - Privesc, Port Scanner and NTLM chanllenge response disclosure
    • Big Binary Files Upload (PostgreSQL)
    • RCE with PostgreSQL Languages
    • RCE with PostgreSQL Extensions
  • SQLMap - Cheetsheat
    • Second Order Injection - SQLMap
• SSRF (Server Side Request Forgery)
  • URL Format Bypass
  • SSRF Vulnerable Platforms
  • Cloud SSRF
• SSTI (Server Side Template Injection)
  • EL - Expression Language
  • Jinja2 SSTI
• Reverse Tab Nabbing
• Unicode Injection
  • Unicode Normalization
• Web Tool - WFuzz
• XPATH injection
• XSLT Server Side Injection (Extensible Stylesheet Languaje Transformations)
• XXE - XEE - XML External Entity
• XSS (Cross Site Scripting)
  • Abusing Service Workers
  • Chrome Cache to XSS
  • Debugging Client Side JS
  • Dom Clobbering
  • DOM Invader
  • DOM XSS
  • Iframes in XSS, CSP and SOP
  • Misc JS Tricks & Relevant Info
  • PDF Injection
  • Server Side XSS (Dynamic PDF)
  • SOME - Same Origin Method Execution
  • Steal Info JS
  • XSS in Markdown
  • XSS Tools
• XSSI (Cross-Site Script Inclusion)
• XS-Search/XS-Leaks
  • Connection Pool Example
  • Connection Pool by Destination Example
  • Cookie Bomb + Onerror XS Leak
  • URL Max Length - Client Side
  • performance.now example
  • performance.now + Force heavy task
  • Event Loop Blocking + Lazy images
  • JavaScript Execution XS Leak
  • CSS Injection
    • CSS Injection Code

⛈ Cloud Security

• Pentesting Kubernetes
• Pentesting Cloud (AWS, GCP, Az...)
• Pentesting CI/CD (Github, Jenkins, Terraform...)

😎 Hardware/Physical Access

• Physical Attacks
• Escaping from KIOSKs
  • Show file extensions
• Firmware Analysis
  • Bootloader testing
  • Firmware Integrity

🦅 Reversing & Exploiting

• Reversing Tools & Basic Methods
  • Angr
    • Angr - Examples
  • Z3 - Satisfiability Modulo Theories (SMT)
  • Cheat Engine
  • Blobrunner
• Common API used in Malware
• Word Macros
• Linux Exploiting (Basic) (SPA)
  • Format Strings Template
  • ROP - call sys_execve
  • ROP - Leaking LIBC address
    • ROP - Leaking LIBC template
  • Bypassing Canary & PIE
  • Ret2Lib
  • Fusion
• Exploiting Tools
  • PwnTools
• Windows Exploiting (Basic Guide - OSCP lvl)

🔮 Crypto & Stego

• Cryptographic/Compression Algorithms
  • Unpacking binaries
• Certificates
• Cipher Block Chaining CBC-MAC
• Crypto CTFs Tricks
• Electronic Code Book (ECB)
• Hash Length Extension Attack
• Padding Oracle
• RC4 - Encrypt&Decrypt
• Stego Tricks
• Esoteric languages
• Blockchain & Crypto Currencies

🧐 External Platforms Reviews/Writeups

• BRA.I.NSMASHER Presentation
  • Basic Bruteforcer
  • Basic Captcha Breaker
  • BIM Bruteforcer
  • Hybrid Malware Classifier Part 1
  • ML Basics
    • Feature Engineering
• INE Courses and eLearnSecurity Certifications Reviews

🦂 C2

• Merlin
• Empire
• Salseo
• ICMPsh
• Cobalt Strike

✍ TODO

• Other Big References
• Rust Basics
• More Tools
• MISC
• Pentesting DNS
• Hardware Hacking
  • I2C
  • UART
  • Radio
  • JTAG
  • SPI
• Radio Hacking
  • Pentesting RFID
  • Infrared
  • Sub-GHz RF
  • iButton
  • Flipper Zero
    • FZ - NFC
    • FZ - Sub-GHz
    • FZ - Infrared
    • FZ - iButton
    • FZ - 125kHz RFID
  • Proxmark 3
  • FISSURE - The RF Framework
  • Low-Power Wide Area Network
  • Pentesting BLE - Bluetooth Low Energy
• Burp Suite
• Other Web Tricks
• Interesting HTTP
• Emails Vulnerabilities
• Android Forensics
• TR-069
• 6881/udp - Pentesting BitTorrent
• CTF Write-ups
  • challenge-0521.intigriti.io
  • Try Hack Me
    • hc0n Christmas CTF - 2019
    • Pickle Rick
• 1911 - Pentesting fox
• Online Platforms with API
• Stealing Sensitive Information Disclosure from a Web
• Post Exploitation
• Cookies Policy