SUMMARY.md

Table of contents

• ☢️ ../../../../hacking_methodology
• 🔎 Logical Port Enumeration
  • 🗃️ 21/FTP Enumeration
  • 🔐 22/SSH
    • 🔑 SSH Key Transfer
  • 🙀 23/Telnet
  • 📧 25/SMTP
  • 🔁 53/DNS
  • 🕸️ 80, 443/HTTP(s)
    • Directory Bruteforcing and Subdomains
  • ☠️ 88/Kerberos
  • ✉️ 110, 995/POP
  • ⌨️ 135/RPC
  • 🔥 137, 138, 139/Net-BIOS
  • 🔥 139, 445/SMB
  • 👷 161, 162, 10161, 10162/SNMP
  • 👀 389, 636, 3268, 3269/LDAP(s)
  • 📂 2049/NFS
  • 💵 3306/MYSQL
  • 🎮 5985, 5986/WINRM
• 💣 Binary Exploitation
  • 📖 Binary Exploitation Methodology
  • 🧨 Binex Methodology & Notes
  • 🤙 Remote Debugging, gdb-multiarch, and More!
  • ❌ Debugging Exploits
  • 🎓 Exploit Education
    • Nebula
      • LEVEL 00
      • LEVEL 01
    • 🦅 Phoenix
      • 0️⃣ 0️⃣ StackZero
      • 1️⃣ 1️⃣ StackOne
      • 2️⃣ 2️⃣ StackTwo
      • 3️⃣ 3️⃣ StackThree
      • 4️⃣ 4️⃣ StackFour
      • 5️⃣ 5️⃣ StackFive
      • 6️⃣ 6️⃣ StackSix
  • 🌊 Buffer Overflow Deep Dive
    • 🚰 Buffer Overflow
      • OVERFLOW1
      • OVERFLOW2
      • OVERFLOW3
  • 🐚 Shellcode
    • 🐚 ARM Shellcode
  • 🌐 Linux x86 Program Startup
  • 💔 Personal Binex Project
    • 0️⃣ 0️⃣ 00
    • 1️⃣ 1️⃣ 01
  • 🛡️ Memory Protections
    • 🥧 Position Independent Executable (PIE)
    • 🚫 No Execute (NX)
    • 🐤 Stack Canaries
    • 👽 Relocation Read-Only (RELRO)
    • 0️⃣ 0️⃣ Address Space Layout Randomization (ASLR)
  • 🖊️ Memory Corruption: Overwriting Local Variables
  • ⏪ ret2libc
    • ONE_GADGET
    • 😎 ret2libc all the things
  • ⚙️ Automating ret2libc GOT & PLT w/ pwntools
  • 🥵 Format String Vulnerabilities
  • 🥧 Leaking/Bypassing PIE and libc Base (ret2system)
  • ✏️ Overwriting Global Offset Table (GOT)
  • 🏴‍☠️ Bypass Stack Canaries (Leak + Write)
  • ☠️ Bypassing Address Space Layout Randomization & NX (ret2plt)
  • 🥷 Bypassing ASLR & NX/DEP (Diving Deeper)
  • ⛓️ ARM64 Return Oriented Programming (ROP)
  • 😍 Return-Oriented Programming (ROP)
    • ⛓️ ROP Chains 101
    • pwntools ROP Binary Exploitation
    • ROP Exercises
    • ☺️ ret2win
    • 💔 split
  • 🔃 LD_PRELOAD
  • 🌠 .got, .plt, & .got.plt
    • Revisiting: PLT & GOT
  • 🛑 Sigreturn-Oriented Programming (SROP)
  • 📲 Syscalls
    • Exploitation w/ Syscalls
    • Direct & Indirect Syscalls
  • ⁉️ ret2csu -- Lacking Gadgets?
  • 🧟‍♂️ Heap Exploitation
    • 🤷‍♀️ Use-After-Free
    • 📝 Write-What-Where
    • 2️⃣ 2️⃣ Double Free
    • Heap-based Buffer Overflows
    • Thread Cache (Tcache)
  • pwntools
    • pwntools Cheatsheet
  • ret2win
  • pwndbg
  • ARMv5 Challenges -- gdb-multiarch
  • PwnZeroToHero-0x05-labs
    • A Tour of x86
  • 📦 HTB- Pwn Challenges
    • 🏎️ Racecar
    • 👿 You know 0xDiablos
    • 🍽️ Restaurant
  • 🎨 The Art of Exploitation
    • The Bigger Picture
    • CPU Rabbit Hole
    • Assembly
    • Memory Playground
• 👨‍💻 Programming
  • The Beauty of Programming Languages (A low-to-high abstraction)
  • Chunks
  • Arenas
  • Stack VS Heap
  • Pointers
    • Deep Dive: Pointers
  • Nim
    • Reverse Shells
  • Assembly
    • ⚒️ ARM AARCH 64
      • for loop
      • while loop
      • Memory Allocation in ASM, Static & Dynamic
  • C++
    • User Input
  • C
    • Installing C -- The right way
    • GCC Conditional
    • Void Pointers
    • malloc
    • Multithreading
    • Primitives // Data Types
    • Exercises
    • Linked Lists
    • Socket Code
  • Python
    • Socket Code
    • Virtual Environments (venv)
    • Binary Exploitation with Python
    • AsyncIO & Asynchronous Programming
    • Arguments
  • Ghidra
  • Address Space Location Randomization (ASLR)
  • ChatGPT/OpenAI
  • 🐋 Docker
• ⏪ Reversing Engineering
  • Methodologies
  • x86 Architecture
    • Techniques
    • Types of Malware
    • Transistors & Memory
    • Bytes, Words, Double Words, etc.
    • Basic Architecture
    • General-Purpose Registers
  • Reversing Your First Program
  • Adjusting Binary's Base Address to Match Ghidra During Debugging
  • Crackmes!
    • "level1"
    • "GDB Basics"
    • "My first crackme"
    • arm_crack1
  • Debugging
  • Compiling, Assembling, Linking, Loading, Dumping Memory, Delinking, Disassemble, and more
  • Executable and Linkable Format (ELF)
• ☣️ Malware Development
  • 💉 Code & Process Injection
    • 🐚 Generating Shellcode w/ MSFVenom
    • 🎮 CreateRemoteProcess() Injection
    • 📚 DLL Injection
    • 🐦 APC Queue Injection -- "Early Bird Attack"
    • 🕳️ Process Hollowing
    • Thread Execution Hijacking Suspend, Inject, Resume (SIR)
    • PE Injection
    • Backdooring PE Files
  • Shadow Stack (Intel & ARM)
  • Windows API
  • x64dbg
  • Hacking Windows
  • Windows Internals
• 🍎 MacOS Security Research
• 📱 iOS Hacking
• 🤖 Android Hacking
  • Android Components
  • 📍 SSL Certificate Pinning
  • 🐙 Frida
  • 🌶️ FridaLab (Learning Frida)
    • 🔍 Static Analysis
    • 🤖 Using Frida
  • 🥸 Objection
  • GDB Remote Debugging (Android)
  • 🖊️ Android Security Research Setup
    • 🧩 Fuzzing
      • Practical Fuzzing
    • 🔎 Pinpointing Low-Level Bugs in Android: Stack Smashing
    • 🔍 Pinpointing Low-Level Bugs in Android: Heap Exploitation
    • 📵 Reverse Shells
    • 🤾‍♂️ Return/Jump-Oriented Programming -- ROP vs. JOP
    • Connecting to Android Virtual Device on Mac Host From Guest VM
• 🔮 Pivoting & Tunneling
• 📤 File Transfer
• 🕸️ Web Hacking Reloaded
  • Hacking API's
• 🧠 Virtual Memory
• 📦 Boxes
  • 👿 HTB
    • Windows
      • Object (Hard)
      • Support (Easy)
      • Scrambled (Medium)
      • Resolute (Medium)
      • Remote (Easy)
      • Monteverde (Medium)
      • Active (Easy)
      • Fuse (Medium)
      • Cascade (Medium)
      • Forest (Easy)
      • Intelligence (Medium)
      • Sauna (Easy)
      • Chatterbox (Medium)
      • Search (Hard)
      • Escape (Medium)
      • Flight (Hard)
      • Coder (Insane)
      • Absolute (Insane)
    • Linux
      • Meta (Medium)
      • Paper (Easy)
      • Pandora (Easy)
      • Cronos (Medium)
      • Traverxec
      • Precious (Easy)
      • Squashed (Easy)
      • Photobomb (Easy)
      • Trick (Easy)
      • Spectra (Easy)
      • Precious (Easy)
      • Busqueda (Easy)
      • MetaTwo (Easy)
      • SwagShop (Easy)
      • Networked (Easy)
  • 💀 PG-Practice
    • Windows
      • "Resourced" (Intermediate)
      • Nickel (Intermediate)
      • Slort (Intermediate)
      • Squid (Easy)
      • Algernon (Easy)
      • Billyboss (Intermediate) - Incomplete
      • Craft - Incomplete
      • Shenzi (Intermediate)
    • Linux
      • "Zino" (Intermediate)
      • "Sorcerer" (Intermediate)
      • "ClamAV" (Easy)
      • "Wombo" (Easy)
      • "Fail" (Intermediate)
      • "Nibbles" (Intermediate)
      • "Banzai" (Intermediate)
      • "Peppo" (Hard) - Incomplete
      • "Malbec" (Intermediate) - Incomplete
      • Exfiltrated (Easy)
      • Pelican (Intermediate)
      • Bratarina
      • Twiggy
      • Dibble
      • Walla (Intermediate)
      • Depreciated (Intermediate)
  • 😝 Vulnhub
    • Kioptrix 1
    • The Planets: Earth
  • Miscellaneous
    • "Alpine Box"
  • Conda Labs
    • Edge Machines
      • WEB-1
      • WEB-2
    • Internal Network
      • DB-1
      • DC-1
      • SERVER-1
      • SERVER-2
    • 🏴‍☠️ Loot
  • Template CTFs & More
• 😆 Hardware Hacking
  • Hardware Exploits
  • Extracting Firmware from Embedded Devices
  • Awesome Videos
  • MOSFET
  • ⚡ Hacking w/ Electricity
• 📻 Radio Frequency (RF) Hacking
  • Bluetooth Hacking Introduction
  • Ubertooth One Bluetooth Hacking
• 🛜 Wi-Fi Hacking
  • WEP
• 🔐 Crypto
  • Linear Feedback Shift Register (LFSR)
• 🤓 Privilege Escalation
  • 🐧 Linux
    • Escalation Techniques
    • TCM - Linux Priv Esc
      • Enumeration
      • Kernel Exploits
      • Passwords and Port Forward
  • 🪟 Windows
    • Escalation Techniques
• ☁️ Cloud Hacking
• 🌩️ Covert Cloud Infrastructure
  • Creating Your own VPN
    • Updating OpenVPN
• 💯 Red Teaming
  • Cobalt Strike C2
• 😇 AV Bypass
• 🔓 Password Cracking/Bruteforcing
• 💰 Ethereum Smart Contracts
  • Damn Vulnerable DeFi
    • Unstoppable
    • Naive Receiver
  • Solidity
  • Blockchain Cyber Security (Blue Team)
• 🛠️ Troubleshooting
• 💿 Linux Commands & Tricks
• 🫠 OSCP
  • 2️⃣ 2️⃣ Approach for 3rd Attempt
    • ▶️ Youtube References
    • 🥳 PNPT
      • The Five Stages of Ethical Hacking
      • PEH
        • Information Gathering (Recon)
          • Discovering Emails
          • Gathering Breached Credentials
          • Hunting Subdomains
          • Identifying Website Technologies
        • Scanning and Enumeration
          • Enumerating HTTP and HTTPs
          • Enumerating SMB
          • Enumerating SSH
        • Exploitation Basics
          • Reverse Shells vs Bind Shells
          • Staged vs Non-Staged Payloads
          • Brute Force Attacks
          • Credential Stuffing and Password Spraying
        • Active Directory Overview
          • Attacking AD: Initial Attack Vectors
          • Attacking AD: Post-Compromise Enumeration
          • Attacking AD: Post-Compromise Attacks
          • Post Exploitation
      • OSINT
        • Sock Puppets
        • Search Engine Operators
        • Viewing EXIF Data
        • Physical Location OSINT
        • Identifying Geographical Locations
        • Discovering Email Addresses
        • Website OSINT
      • External Pentest Playbook
    • 📑 Exam Notes Template
      • Summary
      • Enumeration
      • DNS
      • Web Services
      • Other Services
      • Exploitation
      • Privilege Escalation
      • Stuck?
      • Flags & Screenshots
      • 🏴‍☠️ Loot
  • ⚔️ Tools & Exploits
    • Potato Exploits
    • ZeroLogon Exploit
    • 🛡️ Mitigations
    • 🚓 Docker Escape
    • 👮‍♂️ Restricted Shell Escapes
  • 😎 Fully-Interactive Shell Upgrade
  • 🤕 Stuck?
  • 😉 Cheat Sheets
  • 👨‍💼 Client Side Attacks
  • 🖥️ Active Directory
    • HTB Academy: Intro to AD Enumeration & Attacks
      • Tools
      • Cheatsheet
      • External Recon and Enumeration
      • Initial Enumeration
      • LLMNR/NBT-NS Poisoning
      • Password Spraying
      • Enumerating & Retrieving Password Policies
      • Password Spraying - Making a Target User List
      • Internal Password Spraying
      • Enumerating Security Controls
      • Credential Enumeration - From Linux
      • Credentialed Enumeration - From Windows
      • Impacket Toolkit
      • Living Off the Land
      • Kerberoasting - From Linux
    • OSCP-AD-Scope Methodology
    • Exam Approach
    • AD Enumeration
    • AD Exploitation
      • Kerberoasting
      • AS-REP Roasting
      • Important Concepts
        • Golden Tickets
        • Silver Tickets
        • Kerberos Unconstrained Delegation
        • Kerberos Constrained Delegation
        • Kerberos Resource-based Constrained Delegation: Computer Object Takeover
        • Access to NTDS.dit -- Secretsdump
      • Found Potential Users?
    • THM- "Holo" Network
    • Cheat Sheet
  • 🕸️ Web Page Methodology
    • Proxies/Man in The Middle (MiTM)
    • Web Applications
    • OWASP Top 10 Checklist
    • File Upload
    • Web Login Page Checklist
    • Directory Bruteforcing
    • Directory Traversal
    • File Inclusion Vulnerabilities
    • XSS
    • 💉 Structured Query Language Injection (SQLi)
    • Command Injection RCE
    • Server-Side Request Forgery (SSRF)
    • Broken Authentication
    • Sensitive Data Exposure
    • XML External Entities Injection (XXE)
    • Broken Access Control
    • Insecure Deserialization
    • 🎃 Damn Vulnerable Web App (DVWA)
    • Juice Shop
• Crypto Trading Security Best Practices