Security Notes
My notes on cybersecurity topics.
Last updated: May 4th, 2023
Initial Access
- OSINT Coming Soon.
Searching the web, socials, shodan, and more for information about a target without them knowing about it. - Infrastructure
DNS, port scanning, and more. - Approaching FTP
How to approach a file transfer protocol server - Approaching SMB
How to approach an server message block server - Approaching Mail
How to approach an smtp, imap and pop3 - Approaching RDP
How to approach a remote desktop protocol server - Approaching an Unknown
Service
How to approach an unknown service - Password Attack
Dictionary, brute, spray. - Phishing
Teach a hacker to phish - Automated Recon
Maltego, Recon-ng - Weaponization
Making Payloads
Post
- Evasion
The art of stealth - Data Exfiltration
Moving files between systems - Pivoting
Creating tunnels and pivoting - Managing Shells
Fixing broken shells and escaping rbash - Windows Privilege
Escalation
Windows privilege escalation and post exploitation - Linux Privilege
Escalation
Linux privilege escalation and post exploitation
Web
- Injection Vulns
How I look for general input bugs and avoid character filters. - Authorization and
Authentication
All things auth - DOM
Dominating the DOM - API
Approaching API's and graphql - Logic
Finding and exploiting logic flaws
Reversing and Exploiting
- Reversing
An all-in-one post about reversing, split into theory and practice. - Linux Exploit Development
Goes over the basic theory, some intro stack smashing, exploit mitigations and bypasses, shellcoding and more. - Windows Exploit Development
Goes over the basic theory, some intro stack smashing, exploit mitigations and bypasses, shellcoding and more.
IoT
- Hardware
Finding schematics, patents and breaking down electronic devices without breaking them. - Firmware
Firmware analysis and exploitation - Radio and Wireless
Radio and wireless analysis and exploitation
Active Directory (Coming Soon)
- AD
Anatomy of an active directory network and how to hack it.