Summary

Recon

• Public info gathering
• Root domains
• Subdomain Enum
• Webs recon
• Network Scanning
• Host Scanning
• Packet Scanning

Enumeration

• Files
• SSL/TLS
• Ports
• Web Attacks
  • General Info
  • Quick tricks
  • Header injections
  • Bruteforcing
  • Online hashes cracked
  • Crawl/Fuzz
  • LFI/RFI
  • File upload
  • SQLi
  • SSRF
  • Open redirects
  • XSS
  • CSP
  • XXE
  • Cookie Padding
  • Webshells
  • CORS
  • CSRF
  • Web Cache Poisoning
  • Broken Links
  • Clickjacking
  • HTTP Request Smuggling
  • Web Sockets
  • CRLF
  • IDOR
  • Web Cache Deception
  • Session fixation
  • Email attacks
  • Pastejacking
  • HTTP Parameter pollution
  • SSTI
  • Prototype Pollution
  • Command Injection
  • Deserialization
  • DNS rebinding
• Web Technologies
  • APIs
  • JS
  • ASP.NET
  • JWT
  • GitHub
  • GitLab
  • WAFs
  • Firebird
  • Wordpress
  • WebDav
  • Joomla
  • Jenkins
  • IIS
  • VHosts
  • Firebase
  • OWA
  • OAuth
  • Flask
  • Symfony && Twig
  • Drupal
  • NoSQL (MongoDB, CouchDB)
  • PHP
  • RoR (Ruby on Rails)
  • JBoss - Java Deserialization
  • OneLogin - SAML Login
  • Flash SWF
  • Nginx
  • Python
  • Tomcat
  • Adobe AEM
  • Magento
  • SAP
  • MFA/2FA
  • GWT
  • Jira
  • OIDC (Open ID Connect)
  • ELK
  • Sharepoint
  • others
• Cloud
  • General
  • Cloud Info Gathering
  • AWS
  • Azure
  • GCP
  • Docker && Kubernetes
  • CDN - Comain Fronting

Exploitation

• Payloads
• Reverse Shells
• File transfer

Post Exploitation

• Linux
• Pivoting
• Windows
  • AD
    • Kerberos
  • PS tips & tricks

Mobile

• General
• Android
• iOS

others

• Burp Suite
• Password cracking
• VirtualBox
• LLM/AI/ML/prompt testing
• Code review
• Pentesting Web checklist
• Internal Pentest
• Web fuzzers review
• Recon suites review
• Subdomain tools review
• Random
• Master assessment mindmaps
• BugBounty
• Exploiting
• tools everywhere