SUMMARY.md

Table of contents

• Spider Security

offensive security

• OSCP
  • WriteUps
    • PortSwigger
      • SQL injection labs
      • Exploiting XXE to retrieve data by repurposing a local DTD
    • PentesterLabs
      • Recon
    • HTB
      • BoardLight
      • Lame
    • THM
      • Walkthroughs
        • Attacktive Directory
        • LineKernel
        • Day 1 — Linux PrivEsc
      • CTF
        • Page
        • BLUE
        • mKingdom
        • RazorBlack
  • Module 1 (General Info)
  • Module 2 (Getting Kali)
    • Leason 1 - Booting Up Kali Linux
    • Leason 2 - The Kali Menu
    • Leason 4 - Finding Your Way Around Kali
    • Leason 5 - Managing Kali Linux Services
  • Module 3 (CLI)
    • The Bash Environment
    • Piping and Redirection
    • Text Searching and Manipulation
      • Regular
    • Managing Processes
    • File and Command Monitoring
  • Module 4 (Practical Tools)
    • Netcat
    • Socat
    • PowerShell & Powercat
    • Wireshark
    • Tcpdump
  • Module 5 (Bash Script)
  • Module 6 (Passive Info Gathering)
  • Module 7 ( Active Info Gathering)
  • Module 8 (Vulnerability Scanning)
  • Module 9 (Web Application Attacks)
    • Cross Site Scripting (XSS)
    • local file inclusion & remote file inclusion
      • Exploit LFI
    • SQL injection
      • Blind Boolean based SQL & Evasion Techniques
      • SQL
      • Login bypass List
    • File upload
    • Remote code execution
  • Module 10 ( Intro Buffer OverFlow)
  • Module 11 (Widows Buffer OverFlow)
    • Buffer OverFlow Challange
  • Module 12 (Linux Buffer OverFlows)
  • Module 13 (Clint Side Attacks)
  • Module 14 (Locating Public Exploits)
  • Module 15 (FIxing Exploits)
  • Module 16 (File Transfers)
  • Module 17 (Antivirus Evasion)
    • Windows
  • Module 18 (Privllege Escalation)
    • Windows
      • Checklist
      • THM - Windows PrivEsc Arena
    • Linux
      • Checklist
      • Linux PrivEsc Arena
  • Module 19 (Password Attacks)
  • Module 20 (Port Redirection and Tunneling)
  • Module 21 (Active Directory Attacks)
    • adbasics_v1.2
  • Module 22 (Metasploit Framwork)
  • Module 23 (Powershell Empire)
  • Course Materials
• Red Teaming
  • Red Team Fundamentals
    • Red Team Fundamentals
    • Red Team EngagementsRed Team Engagements
    • Red Team Threat IntelRed Team Threat Intel
    • Red Team OPSECRed Team OPSEC
    • Intro to C2
  • Initial Access
  • Post Compromise
  • Host Evasions
  • Network Security Evasion
  • Compromising Active Directory

SANS

• SEC573

AppSec

• EWAPTX
  • PHP Type Juggling
  • CSP
  • SqlI
    • Information_schema
    • WriteUps
  • SSTI & CSTI
  • XSS_HTML Injection
  • CORS Attack
  • Clickjacking
  • Open redirect
  • JSONP
  • LFI && LFD && RFI
  • HTTP Host header attacks
  • CSRF
  • XML injection
  • XML external entity (XXE) injection
  • APIs & JWT attacks
  • Insecure Deserialization
  • OAUTH 2.0 authentication vulnerabilities
  • Host Header Injection
  • Insecure Direct Object References (IDOR)

Reverse Eng & Malware dev

• Internals
  • Windows internals
    • Topics in GitHub
    • Chapter 1 Concepts and tools
    • Chapter 2. System architecture
    • Chapter 3. Processes and jobs
    • Chapter 4. Threads
    • Chapter 5. Memory management
    • Chapter 6. I/O system
    • Chapter 7. Security
  • Linux internals ⇒ Soon
  • MacOs X internals ⇒ Soon
• The Art of assembly Language
  • Chapter 1: Hello, World of Assembly Languageel
  • Chapter 2: Data Representation
  • Chapter 3: Memory Access and Organization
  • Chapter 4: Constants, Variables, and Data Types
  • Chapter 5: Procedures and Units
  • Chapter 6: Arithmetic
  • Chapter 7: Low-Level Control Structures
  • Chapter 8: Advanced Arithmetic
  • Chapter 9: Macros and the HLA Compile-Time Language
  • Chapter 10: Bit Manipulation
  • Chapter 11: The String Instructions
  • Chapter 12: Classes and Objects
  • Appendix: ASCII Character Set
• Reverse Code Engineering
  • Windows architecture

cheat sheet

• Pentest_Notes
• Linux BOF & Wireless Attacks
• WriteUps