mirror of
				https://github.com/HackTricks-wiki/hacktricks.git
				synced 2025-10-10 18:36:50 +00:00 
			
		
		
		
	
		
			
				
	
	
		
			933 lines
		
	
	
		
			88 KiB
		
	
	
	
		
			Markdown
		
	
	
	
	
	
			
		
		
	
	
			933 lines
		
	
	
		
			88 KiB
		
	
	
	
		
			Markdown
		
	
	
	
	
	
| # SUMMARY.md
 | |
| 
 | |
| # 👾 Welcome!
 | |
| 
 | |
| - [HackTricks](README.md)
 | |
| - [HackTricks Values & FAQ](welcome/hacktricks-values-and-faq.md)
 | |
| - [About the author](welcome/about-the-author.md)
 | |
| 
 | |
| # 🤩 Generic Methodologies & Resources
 | |
| 
 | |
| - [Pentesting Methodology](generic-methodologies-and-resources/pentesting-methodology.md)
 | |
| - [External Recon Methodology](generic-methodologies-and-resources/external-recon-methodology/README.md)
 | |
|   - [Wide Source Code Search](generic-methodologies-and-resources/external-recon-methodology/wide-source-code-search.md)
 | |
|   - [Github Dorks & Leaks](generic-methodologies-and-resources/external-recon-methodology/github-leaked-secrets.md)
 | |
| - [Pentesting Network](generic-methodologies-and-resources/pentesting-network/README.md)
 | |
|   - [DHCPv6](generic-methodologies-and-resources/pentesting-network/dhcpv6.md)
 | |
|   - [EIGRP Attacks](generic-methodologies-and-resources/pentesting-network/eigrp-attacks.md)
 | |
|   - [GLBP & HSRP Attacks](generic-methodologies-and-resources/pentesting-network/glbp-and-hsrp-attacks.md)
 | |
|   - [IDS and IPS Evasion](generic-methodologies-and-resources/pentesting-network/ids-evasion.md)
 | |
|   - [Lateral VLAN Segmentation Bypass](generic-methodologies-and-resources/pentesting-network/lateral-vlan-segmentation-bypass.md)
 | |
|   - [Network Protocols Explained (ESP)](generic-methodologies-and-resources/pentesting-network/network-protocols-explained-esp.md)
 | |
|   - [Nmap Summary (ESP)](generic-methodologies-and-resources/pentesting-network/nmap-summary-esp.md)
 | |
|   - [Pentesting IPv6](generic-methodologies-and-resources/pentesting-network/pentesting-ipv6.md)
 | |
|   - [Telecom Network Exploitation](generic-methodologies-and-resources/pentesting-network/telecom-network-exploitation.md)
 | |
|   - [WebRTC DoS](generic-methodologies-and-resources/pentesting-network/webrtc-dos.md)
 | |
|   - [Spoofing LLMNR, NBT-NS, mDNS/DNS and WPAD and Relay Attacks](generic-methodologies-and-resources/pentesting-network/spoofing-llmnr-nbt-ns-mdns-dns-and-wpad-and-relay-attacks.md)
 | |
|   - [Spoofing SSDP and UPnP Devices with EvilSSDP](generic-methodologies-and-resources/pentesting-network/spoofing-ssdp-and-upnp-devices.md)
 | |
| - [Pentesting Wifi](generic-methodologies-and-resources/pentesting-wifi/README.md)
 | |
|   - [Enable Nexmon Monitor And Injection On Android](generic-methodologies-and-resources/pentesting-wifi/enable-nexmon-monitor-and-injection-on-android.md)
 | |
|   - [Evil Twin EAP-TLS](generic-methodologies-and-resources/pentesting-wifi/evil-twin-eap-tls.md)
 | |
| - [Phishing Methodology](generic-methodologies-and-resources/phishing-methodology/README.md)
 | |
|   - [Clipboard Hijacking](generic-methodologies-and-resources/phishing-methodology/clipboard-hijacking.md)
 | |
|   - [Clone a Website](generic-methodologies-and-resources/phishing-methodology/clone-a-website.md)
 | |
|   - [Detecting Phishing](generic-methodologies-and-resources/phishing-methodology/detecting-phising.md)
 | |
|   - [Discord Invite Hijacking](generic-methodologies-and-resources/phishing-methodology/discord-invite-hijacking.md)
 | |
|   - [Homograph Attacks](generic-methodologies-and-resources/phishing-methodology/homograph-attacks.md)
 | |
|   - [Mobile Phishing Malicious Apps](generic-methodologies-and-resources/phishing-methodology/mobile-phishing-malicious-apps.md)
 | |
|   - [Phishing Files & Documents](generic-methodologies-and-resources/phishing-methodology/phishing-documents.md)
 | |
| - [Basic Forensic Methodology](generic-methodologies-and-resources/basic-forensic-methodology/README.md)
 | |
|   - [Baseline Monitoring](generic-methodologies-and-resources/basic-forensic-methodology/file-integrity-monitoring.md)
 | |
|   - [Anti-Forensic Techniques](generic-methodologies-and-resources/basic-forensic-methodology/anti-forensic-techniques.md)
 | |
|   - [Docker Forensics](generic-methodologies-and-resources/basic-forensic-methodology/docker-forensics.md)
 | |
|   - [Image Acquisition & Mount](generic-methodologies-and-resources/basic-forensic-methodology/image-acquisition-and-mount.md)
 | |
|   - [Ios Backup Forensics](generic-methodologies-and-resources/basic-forensic-methodology/ios-backup-forensics.md)
 | |
|   - [Linux Forensics](generic-methodologies-and-resources/basic-forensic-methodology/linux-forensics.md)
 | |
|   - [Malware Analysis](generic-methodologies-and-resources/basic-forensic-methodology/malware-analysis.md)
 | |
|   - [Memory dump analysis](generic-methodologies-and-resources/basic-forensic-methodology/memory-dump-analysis/README.md)
 | |
|     - [Volatility - CheatSheet](generic-methodologies-and-resources/basic-forensic-methodology/memory-dump-analysis/volatility-cheatsheet.md)
 | |
|   - [Partitions/File Systems/Carving](generic-methodologies-and-resources/basic-forensic-methodology/partitions-file-systems-carving/README.md)
 | |
|     - [File/Data Carving & Recovery Tools](generic-methodologies-and-resources/basic-forensic-methodology/partitions-file-systems-carving/file-data-carving-recovery-tools.md)
 | |
|   - [Pcap Inspection](generic-methodologies-and-resources/basic-forensic-methodology/pcap-inspection/README.md)
 | |
|     - [DNSCat pcap analysis](generic-methodologies-and-resources/basic-forensic-methodology/pcap-inspection/dnscat-exfiltration.md)
 | |
|     - [Suricata & Iptables cheatsheet](generic-methodologies-and-resources/basic-forensic-methodology/pcap-inspection/suricata-and-iptables-cheatsheet.md)
 | |
|     - [USB Keystrokes](generic-methodologies-and-resources/basic-forensic-methodology/pcap-inspection/usb-keystrokes.md)
 | |
|     - [Wifi Pcap Analysis](generic-methodologies-and-resources/basic-forensic-methodology/pcap-inspection/wifi-pcap-analysis.md)
 | |
|     - [Wireshark tricks](generic-methodologies-and-resources/basic-forensic-methodology/pcap-inspection/wireshark-tricks.md)
 | |
|   - [Specific Software/File-Type Tricks](generic-methodologies-and-resources/basic-forensic-methodology/specific-software-file-type-tricks/README.md)
 | |
|     - [Decompile compiled python binaries (exe, elf) - Retreive from .pyc](generic-methodologies-and-resources/basic-forensic-methodology/specific-software-file-type-tricks/.pyc.md)
 | |
|     - [Browser Artifacts](generic-methodologies-and-resources/basic-forensic-methodology/specific-software-file-type-tricks/browser-artifacts.md)
 | |
|     - [Deofuscation vbs (cscript.exe)](generic-methodologies-and-resources/basic-forensic-methodology/specific-software-file-type-tricks/desofuscation-vbs-cscript.exe.md)
 | |
|     - [Local Cloud Storage](generic-methodologies-and-resources/basic-forensic-methodology/specific-software-file-type-tricks/local-cloud-storage.md)
 | |
|     - [Office file analysis](generic-methodologies-and-resources/basic-forensic-methodology/specific-software-file-type-tricks/office-file-analysis.md)
 | |
|     - [PDF File analysis](generic-methodologies-and-resources/basic-forensic-methodology/specific-software-file-type-tricks/pdf-file-analysis.md)
 | |
|     - [PNG tricks](generic-methodologies-and-resources/basic-forensic-methodology/specific-software-file-type-tricks/png-tricks.md)
 | |
|     - [Structural File Format Exploit Detection](generic-methodologies-and-resources/basic-forensic-methodology/specific-software-file-type-tricks/structural-file-format-exploit-detection.md)
 | |
|     - [Video and Audio file analysis](generic-methodologies-and-resources/basic-forensic-methodology/specific-software-file-type-tricks/video-and-audio-file-analysis.md)
 | |
|     - [ZIPs tricks](generic-methodologies-and-resources/basic-forensic-methodology/specific-software-file-type-tricks/zips-tricks.md)
 | |
|   - [Windows Artifacts](generic-methodologies-and-resources/basic-forensic-methodology/windows-forensics/README.md)
 | |
|     - [Interesting Windows Registry Keys](generic-methodologies-and-resources/basic-forensic-methodology/windows-forensics/interesting-windows-registry-keys.md)
 | |
| - [Python Sandbox Escape & Pyscript](generic-methodologies-and-resources/python/README.md)
 | |
|   - [Bypass Python sandboxes](generic-methodologies-and-resources/python/bypass-python-sandboxes/README.md)
 | |
|     - [LOAD_NAME / LOAD_CONST opcode OOB Read](generic-methodologies-and-resources/python/bypass-python-sandboxes/load_name-load_const-opcode-oob-read.md)
 | |
|     - [Reportlab Xhtml2pdf Triple Brackets Expression Evaluation Rce Cve 2023 33733](generic-methodologies-and-resources/python/bypass-python-sandboxes/reportlab-xhtml2pdf-triple-brackets-expression-evaluation-rce-cve-2023-33733.md)
 | |
|   - [Class Pollution (Python's Prototype Pollution)](generic-methodologies-and-resources/python/class-pollution-pythons-prototype-pollution.md)
 | |
|   - [Keras Model Deserialization Rce And Gadget Hunting](generic-methodologies-and-resources/python/keras-model-deserialization-rce-and-gadget-hunting.md)
 | |
|   - [Python Internal Read Gadgets](generic-methodologies-and-resources/python/python-internal-read-gadgets.md)
 | |
|   - [Pyscript](generic-methodologies-and-resources/python/pyscript.md)
 | |
|   - [venv](generic-methodologies-and-resources/python/venv.md)
 | |
|   - [Web Requests](generic-methodologies-and-resources/python/web-requests.md)
 | |
|   - [Bruteforce hash (few chars)](generic-methodologies-and-resources/python/bruteforce-hash-few-chars.md)
 | |
|   - [Basic Python](generic-methodologies-and-resources/python/basic-python.md)
 | |
| - [Threat Modeling](generic-methodologies-and-resources/threat-modeling.md)
 | |
| - [Blockchain & Crypto](blockchain/blockchain-and-crypto-currencies/README.md)
 | |
| - [Lua Sandbox Escape](generic-methodologies-and-resources/lua/bypass-lua-sandboxes/README.md)
 | |
| 
 | |
| # 🧙♂️ Generic Hacking
 | |
| 
 | |
| - [Archive Extraction Path Traversal](generic-hacking/archive-extraction-path-traversal.md)
 | |
| - [Brute Force - CheatSheet](generic-hacking/brute-force.md)
 | |
| - [Esim Javacard Exploitation](generic-hacking/esim-javacard-exploitation.md)
 | |
| - [Exfiltration](generic-hacking/exfiltration.md)
 | |
| - [Reverse Shells (Linux, Windows, MSFVenom)](generic-hacking/reverse-shells/README.md)
 | |
|   - [MSFVenom - CheatSheet](generic-hacking/reverse-shells/msfvenom.md)
 | |
|   - [Reverse Shells - Windows](generic-hacking/reverse-shells/windows.md)
 | |
|   - [Reverse Shells - Linux](generic-hacking/reverse-shells/linux.md)
 | |
|   - [Expose local to the internet](generic-hacking/reverse-shells/expose-local-to-the-internet.md)
 | |
|   - [Full TTYs](generic-hacking/reverse-shells/full-ttys.md)
 | |
| - [Search Exploits](generic-hacking/search-exploits.md)
 | |
| - [Tunneling and Port Forwarding](generic-hacking/tunneling-and-port-forwarding.md)
 | |
| 
 | |
| # 🐧 Linux Hardening
 | |
| 
 | |
| - [Checklist - Linux Privilege Escalation](linux-hardening/linux-privilege-escalation-checklist.md)
 | |
| - [Linux Privilege Escalation](linux-hardening/privilege-escalation/README.md)
 | |
|   - [Android Rooting Frameworks Manager Auth Bypass Syscall Hook](linux-hardening/privilege-escalation/android-rooting-frameworks-manager-auth-bypass-syscall-hook.md)
 | |
|   - [Arbitrary File Write to Root](linux-hardening/privilege-escalation/write-to-root.md)
 | |
|   - [Cisco - vmanage](linux-hardening/privilege-escalation/cisco-vmanage.md)
 | |
|   - [Containerd (ctr) Privilege Escalation](linux-hardening/privilege-escalation/containerd-ctr-privilege-escalation.md)
 | |
|   - [D-Bus Enumeration & Command Injection Privilege Escalation](linux-hardening/privilege-escalation/d-bus-enumeration-and-command-injection-privilege-escalation.md)
 | |
|   - [Docker Security](linux-hardening/privilege-escalation/docker-security/README.md)
 | |
|     - [Abusing Docker Socket for Privilege Escalation](linux-hardening/privilege-escalation/docker-security/abusing-docker-socket-for-privilege-escalation.md)
 | |
|     - [AppArmor](linux-hardening/privilege-escalation/docker-security/apparmor.md)
 | |
|     - [AuthZ& AuthN - Docker Access Authorization Plugin](linux-hardening/privilege-escalation/docker-security/authz-and-authn-docker-access-authorization-plugin.md)
 | |
|     - [CGroups](linux-hardening/privilege-escalation/docker-security/cgroups.md)
 | |
|     - [Docker --privileged](linux-hardening/privilege-escalation/docker-security/docker-privileged.md)
 | |
|     - [Docker Breakout / Privilege Escalation](linux-hardening/privilege-escalation/docker-security/docker-breakout-privilege-escalation/README.md)
 | |
|       - [release_agent exploit - Relative Paths to PIDs](linux-hardening/privilege-escalation/docker-security/docker-breakout-privilege-escalation/release_agent-exploit-relative-paths-to-pids.md)
 | |
|       - [Docker release_agent cgroups escape](linux-hardening/privilege-escalation/docker-security/docker-breakout-privilege-escalation/docker-release_agent-cgroups-escape.md)
 | |
|       - [Sensitive Mounts](linux-hardening/privilege-escalation/docker-security/docker-breakout-privilege-escalation/sensitive-mounts.md)
 | |
|     - [Namespaces](linux-hardening/privilege-escalation/docker-security/namespaces/README.md)
 | |
|       - [CGroup Namespace](linux-hardening/privilege-escalation/docker-security/namespaces/cgroup-namespace.md)
 | |
|       - [IPC Namespace](linux-hardening/privilege-escalation/docker-security/namespaces/ipc-namespace.md)
 | |
|       - [PID Namespace](linux-hardening/privilege-escalation/docker-security/namespaces/pid-namespace.md)
 | |
|       - [Mount Namespace](linux-hardening/privilege-escalation/docker-security/namespaces/mount-namespace.md)
 | |
|       - [Network Namespace](linux-hardening/privilege-escalation/docker-security/namespaces/network-namespace.md)
 | |
|       - [Time Namespace](linux-hardening/privilege-escalation/docker-security/namespaces/time-namespace.md)
 | |
|       - [User Namespace](linux-hardening/privilege-escalation/docker-security/namespaces/user-namespace.md)
 | |
|       - [UTS Namespace](linux-hardening/privilege-escalation/docker-security/namespaces/uts-namespace.md)
 | |
|     - [Seccomp](linux-hardening/privilege-escalation/docker-security/seccomp.md)
 | |
|     - [Weaponizing Distroless](linux-hardening/privilege-escalation/docker-security/weaponizing-distroless.md)
 | |
|   - [Escaping from Jails](linux-hardening/privilege-escalation/escaping-from-limited-bash.md)
 | |
|   - [euid, ruid, suid](linux-hardening/privilege-escalation/euid-ruid-suid.md)
 | |
|   - [Interesting Groups - Linux Privesc](linux-hardening/privilege-escalation/interesting-groups-linux-pe/README.md)
 | |
|     - [lxd/lxc Group - Privilege escalation](linux-hardening/privilege-escalation/interesting-groups-linux-pe/lxd-privilege-escalation.md)
 | |
|   - [Logstash](linux-hardening/privilege-escalation/logstash.md)
 | |
|   - [ld.so privesc exploit example](linux-hardening/privilege-escalation/ld.so.conf-example.md)
 | |
|   - [Linux Active Directory](linux-hardening/privilege-escalation/linux-active-directory.md)
 | |
|   - [Linux Capabilities](linux-hardening/privilege-escalation/linux-capabilities.md)
 | |
|   - [NFS no_root_squash/no_all_squash misconfiguration PE](linux-hardening/privilege-escalation/nfs-no_root_squash-misconfiguration-pe.md)
 | |
|   - [Node inspector/CEF debug abuse](linux-hardening/privilege-escalation/electron-cef-chromium-debugger-abuse.md)
 | |
|   - [Payloads to execute](linux-hardening/privilege-escalation/payloads-to-execute.md)
 | |
|   - [RunC Privilege Escalation](linux-hardening/privilege-escalation/runc-privilege-escalation.md)
 | |
|   - [SELinux](linux-hardening/privilege-escalation/selinux.md)
 | |
|   - [Socket Command Injection](linux-hardening/privilege-escalation/socket-command-injection.md)
 | |
|   - [Splunk LPE and Persistence](linux-hardening/privilege-escalation/splunk-lpe-and-persistence.md)
 | |
|   - [SSH Forward Agent exploitation](linux-hardening/privilege-escalation/ssh-forward-agent-exploitation.md)
 | |
|   - [Wildcards Spare tricks](linux-hardening/privilege-escalation/wildcards-spare-tricks.md)
 | |
| - [Useful Linux Commands](linux-hardening/useful-linux-commands.md)
 | |
| - [Bypass Linux Restrictions](linux-hardening/bypass-bash-restrictions/README.md)
 | |
|   - [Bypass FS protections: read-only / no-exec / Distroless](linux-hardening/bypass-bash-restrictions/bypass-fs-protections-read-only-no-exec-distroless/README.md)
 | |
|     - [DDexec / EverythingExec](linux-hardening/bypass-bash-restrictions/bypass-fs-protections-read-only-no-exec-distroless/ddexec.md)
 | |
| - [Linux Environment Variables](linux-hardening/linux-environment-variables.md)
 | |
| - [Linux Post-Exploitation](linux-hardening/linux-post-exploitation/README.md)
 | |
|   - [PAM - Pluggable Authentication Modules](linux-hardening/linux-post-exploitation/pam-pluggable-authentication-modules.md)
 | |
| - [FreeIPA Pentesting](linux-hardening/freeipa-pentesting.md)
 | |
| 
 | |
| # 🍏 MacOS Hardening
 | |
| 
 | |
| - [macOS Security & Privilege Escalation](macos-hardening/macos-security-and-privilege-escalation/README.md)
 | |
|   - [macOS Apps - Inspecting, debugging and Fuzzing](macos-hardening/macos-security-and-privilege-escalation/macos-apps-inspecting-debugging-and-fuzzing/README.md)
 | |
|     - [Objects in memory](macos-hardening/macos-security-and-privilege-escalation/macos-apps-inspecting-debugging-and-fuzzing/objects-in-memory.md)
 | |
|     - [Introduction to x64](macos-hardening/macos-security-and-privilege-escalation/macos-apps-inspecting-debugging-and-fuzzing/introduction-to-x64.md)
 | |
|     - [Introduction to ARM64v8](macos-hardening/macos-security-and-privilege-escalation/macos-apps-inspecting-debugging-and-fuzzing/arm64-basic-assembly.md)
 | |
|   - [macOS AppleFS](macos-hardening/macos-security-and-privilege-escalation/macos-applefs.md)
 | |
|   - [macOS Bypassing Firewalls](macos-hardening/macos-security-and-privilege-escalation/macos-bypassing-firewalls.md)
 | |
|   - [macOS Defensive Apps](macos-hardening/macos-security-and-privilege-escalation/macos-defensive-apps.md)
 | |
|   - [Macos Dyld Hijacking And Dyld Insert Libraries](macos-hardening/macos-security-and-privilege-escalation/macos-dyld-hijacking-and-dyld_insert_libraries.md)
 | |
|   - [macOS GCD - Grand Central Dispatch](macos-hardening/macos-security-and-privilege-escalation/macos-gcd-grand-central-dispatch.md)
 | |
|   - [macOS Kernel & System Extensions](macos-hardening/macos-security-and-privilege-escalation/mac-os-architecture/README.md)
 | |
|     - [macOS IOKit](macos-hardening/macos-security-and-privilege-escalation/mac-os-architecture/macos-iokit.md)
 | |
|     - [macOS Kernel Extensions & Debugging](macos-hardening/macos-security-and-privilege-escalation/mac-os-architecture/macos-kernel-extensions.md)
 | |
|     - [macOS Kernel Vulnerabilities](macos-hardening/macos-security-and-privilege-escalation/mac-os-architecture/macos-kernel-vulnerabilities.md)
 | |
|     - [macOS System Extensions](macos-hardening/macos-security-and-privilege-escalation/mac-os-architecture/macos-system-extensions.md)
 | |
|   - [macOS Network Services & Protocols](macos-hardening/macos-security-and-privilege-escalation/macos-protocols.md)
 | |
|   - [macOS File Extension & URL scheme app handlers](macos-hardening/macos-security-and-privilege-escalation/macos-file-extension-apps.md)
 | |
|   - [macOS Files, Folders, Binaries & Memory](macos-hardening/macos-security-and-privilege-escalation/macos-files-folders-and-binaries/README.md)
 | |
|     - [macOS Bundles](macos-hardening/macos-security-and-privilege-escalation/macos-files-folders-and-binaries/macos-bundles.md)
 | |
|     - [macOS Installers Abuse](macos-hardening/macos-security-and-privilege-escalation/macos-files-folders-and-binaries/macos-installers-abuse.md)
 | |
|     - [macOS Memory Dumping](macos-hardening/macos-security-and-privilege-escalation/macos-files-folders-and-binaries/macos-memory-dumping.md)
 | |
|     - [macOS Sensitive Locations & Interesting Daemons](macos-hardening/macos-security-and-privilege-escalation/macos-files-folders-and-binaries/macos-sensitive-locations.md)
 | |
|     - [macOS Universal binaries & Mach-O Format](macos-hardening/macos-security-and-privilege-escalation/macos-files-folders-and-binaries/universal-binaries-and-mach-o-format.md)
 | |
|   - [macOS Objective-C](macos-hardening/macos-security-and-privilege-escalation/macos-basic-objective-c.md)
 | |
|   - [macOS Privilege Escalation](macos-hardening/macos-security-and-privilege-escalation/macos-privilege-escalation.md)
 | |
|   - [macOS Process Abuse](macos-hardening/macos-security-and-privilege-escalation/macos-proces-abuse/README.md)
 | |
|     - [macOS Dirty NIB](macos-hardening/macos-security-and-privilege-escalation/macos-proces-abuse/macos-dirty-nib.md)
 | |
|     - [macOS Chromium Injection](macos-hardening/macos-security-and-privilege-escalation/macos-proces-abuse/macos-chromium-injection.md)
 | |
|     - [macOS Electron Applications Injection](macos-hardening/macos-security-and-privilege-escalation/macos-proces-abuse/macos-electron-applications-injection.md)
 | |
|     - [macOS Function Hooking](macos-hardening/macos-security-and-privilege-escalation/macos-proces-abuse/macos-function-hooking.md)
 | |
|     - [macOS IPC - Inter Process Communication](macos-hardening/macos-security-and-privilege-escalation/macos-proces-abuse/macos-ipc-inter-process-communication/README.md)
 | |
|       - [macOS MIG - Mach Interface Generator](macos-hardening/macos-security-and-privilege-escalation/macos-proces-abuse/macos-ipc-inter-process-communication/macos-mig-mach-interface-generator.md)
 | |
|       - [macOS XPC](macos-hardening/macos-security-and-privilege-escalation/macos-proces-abuse/macos-ipc-inter-process-communication/macos-xpc/README.md)
 | |
|         - [macOS XPC Authorization](macos-hardening/macos-security-and-privilege-escalation/macos-proces-abuse/macos-ipc-inter-process-communication/macos-xpc/macos-xpc-authorization.md)
 | |
|         - [macOS XPC Connecting Process Check](macos-hardening/macos-security-and-privilege-escalation/macos-proces-abuse/macos-ipc-inter-process-communication/macos-xpc/macos-xpc-connecting-process-check/README.md)
 | |
|           - [macOS PID Reuse](macos-hardening/macos-security-and-privilege-escalation/macos-proces-abuse/macos-ipc-inter-process-communication/macos-xpc/macos-xpc-connecting-process-check/macos-pid-reuse.md)
 | |
|           - [macOS xpc_connection_get_audit_token Attack](macos-hardening/macos-security-and-privilege-escalation/macos-proces-abuse/macos-ipc-inter-process-communication/macos-xpc/macos-xpc-connecting-process-check/macos-xpc_connection_get_audit_token-attack.md)
 | |
|       - [macOS Thread Injection via Task port](macos-hardening/macos-security-and-privilege-escalation/macos-proces-abuse/macos-ipc-inter-process-communication/macos-thread-injection-via-task-port.md)
 | |
|     - [macOS Java Applications Injection](macos-hardening/macos-security-and-privilege-escalation/macos-proces-abuse/macos-java-apps-injection.md)
 | |
|     - [macOS Library Injection](macos-hardening/macos-security-and-privilege-escalation/macos-proces-abuse/macos-library-injection/README.md)
 | |
|       - [macOS Dyld Hijacking & DYLD_INSERT_LIBRARIES](macos-hardening/macos-security-and-privilege-escalation/macos-proces-abuse/macos-library-injection/macos-dyld-hijacking-and-dyld_insert_libraries.md)
 | |
|       - [macOS Dyld Process](macos-hardening/macos-security-and-privilege-escalation/macos-proces-abuse/macos-library-injection/macos-dyld-process.md)
 | |
|     - [macOS Perl Applications Injection](macos-hardening/macos-security-and-privilege-escalation/macos-proces-abuse/macos-perl-applications-injection.md)
 | |
|     - [macOS Python Applications Injection](macos-hardening/macos-security-and-privilege-escalation/macos-proces-abuse/macos-python-applications-injection.md)
 | |
|     - [macOS Ruby Applications Injection](macos-hardening/macos-security-and-privilege-escalation/macos-proces-abuse/macos-ruby-applications-injection.md)
 | |
|     - [macOS .Net Applications Injection](macos-hardening/macos-security-and-privilege-escalation/macos-proces-abuse/macos-.net-applications-injection.md)
 | |
|   - [macOS Security Protections](macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/README.md)
 | |
|     - [macOS Gatekeeper / Quarantine / XProtect](macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-gatekeeper.md)
 | |
|     - [macOS Launch/Environment Constraints & Trust Cache](macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-launch-environment-constraints.md)
 | |
|     - [macOS Sandbox](macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-sandbox/README.md)
 | |
|       - [macOS Default Sandbox Debug](macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-sandbox/macos-default-sandbox-debug.md)
 | |
|       - [macOS Sandbox Debug & Bypass](macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-sandbox/macos-sandbox-debug-and-bypass/README.md)
 | |
|         - [macOS Office Sandbox Bypasses](macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-sandbox/macos-sandbox-debug-and-bypass/macos-office-sandbox-bypasses.md)
 | |
|     - [macOS Authorizations DB & Authd](macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-authorizations-db-and-authd.md)
 | |
|     - [macOS SIP](macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-sip.md)
 | |
|     - [macOS TCC](macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-tcc/README.md)
 | |
|       - [macOS Apple Events](macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-tcc/macos-apple-events.md)
 | |
|       - [macOS TCC Bypasses](macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-tcc/macos-tcc-bypasses/README.md)
 | |
|         - [macOS Apple Scripts](macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-tcc/macos-tcc-bypasses/macos-apple-scripts.md)
 | |
|       - [macOS TCC Payloads](macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-tcc/macos-tcc-payloads.md)
 | |
|     - [macOS Dangerous Entitlements & TCC perms](macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-dangerous-entitlements.md)
 | |
|     - [macOS - AMFI - AppleMobileFileIntegrity](macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-amfi-applemobilefileintegrity.md)
 | |
|     - [macOS MACF - Mandatory Access Control Framework](macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-macf-mandatory-access-control-framework.md)
 | |
|     - [macOS Code Signing](macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-code-signing.md)
 | |
|     - [macOS FS Tricks](macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-fs-tricks/README.md)
 | |
|       - [macOS xattr-acls extra stuff](macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-fs-tricks/macos-xattr-acls-extra-stuff.md)
 | |
|   - [macOS Users & External Accounts](macos-hardening/macos-security-and-privilege-escalation/macos-users.md)
 | |
| - [macOS Red Teaming](macos-hardening/macos-red-teaming/README.md)
 | |
|   - [macOS MDM](macos-hardening/macos-red-teaming/macos-mdm/README.md)
 | |
|     - [Enrolling Devices in Other Organisations](macos-hardening/macos-red-teaming/macos-mdm/enrolling-devices-in-other-organisations.md)
 | |
|     - [macOS Serial Number](macos-hardening/macos-red-teaming/macos-mdm/macos-serial-number.md)
 | |
|   - [macOS Keychain](macos-hardening/macos-red-teaming/macos-keychain.md)
 | |
| - [macOS Useful Commands](macos-hardening/macos-useful-commands.md)
 | |
| - [macOS Auto Start](macos-hardening/macos-auto-start-locations.md)
 | |
| 
 | |
| # 🪟 Windows Hardening
 | |
| 
 | |
| - [Authentication Credentials Uac And Efs](windows-hardening/authentication-credentials-uac-and-efs.md)
 | |
| - [Checklist - Local Windows Privilege Escalation](windows-hardening/checklist-windows-privilege-escalation.md)
 | |
| - [Windows Local Privilege Escalation](windows-hardening/windows-local-privilege-escalation/README.md)
 | |
|   - [Abusing Auto Updaters And Ipc](windows-hardening/windows-local-privilege-escalation/abusing-auto-updaters-and-ipc.md)
 | |
|   - [Arbitrary Kernel Rw Token Theft](windows-hardening/windows-local-privilege-escalation/arbitrary-kernel-rw-token-theft.md)
 | |
|   - [Dll Hijacking](windows-hardening/windows-local-privilege-escalation/dll-hijacking.md)
 | |
|   - [Abusing Tokens](windows-hardening/windows-local-privilege-escalation/privilege-escalation-abusing-tokens.md)
 | |
|   - [Access Tokens](windows-hardening/windows-local-privilege-escalation/access-tokens.md)
 | |
|   - [ACLs - DACLs/SACLs/ACEs](windows-hardening/windows-local-privilege-escalation/acls-dacls-sacls-aces.md)
 | |
|   - [AppendData/AddSubdirectory permission over service registry](windows-hardening/windows-local-privilege-escalation/appenddata-addsubdirectory-permission-over-service-registry.md)
 | |
|   - [Create MSI with WIX](windows-hardening/windows-local-privilege-escalation/create-msi-with-wix.md)
 | |
|   - [COM Hijacking](windows-hardening/windows-local-privilege-escalation/com-hijacking.md)
 | |
|   - [Dll Hijacking](windows-hardening/windows-local-privilege-escalation/dll-hijacking/README.md)
 | |
|     - [Writable Sys Path +Dll Hijacking Privesc](windows-hardening/windows-local-privilege-escalation/dll-hijacking/writable-sys-path-+dll-hijacking-privesc.md)
 | |
|   - [DPAPI - Extracting Passwords](windows-hardening/windows-local-privilege-escalation/dpapi-extracting-passwords.md)
 | |
|   - [From High Integrity to SYSTEM with Name Pipes](windows-hardening/windows-local-privilege-escalation/from-high-integrity-to-system-with-name-pipes.md)
 | |
|   - [Integrity Levels](windows-hardening/windows-local-privilege-escalation/integrity-levels.md)
 | |
|   - [JuicyPotato](windows-hardening/windows-local-privilege-escalation/juicypotato.md)
 | |
|   - [Leaked Handle Exploitation](windows-hardening/windows-local-privilege-escalation/leaked-handle-exploitation.md)
 | |
|   - [MSI Wrapper](windows-hardening/windows-local-privilege-escalation/msi-wrapper.md)
 | |
|   - [Named Pipe Client Impersonation](windows-hardening/windows-local-privilege-escalation/named-pipe-client-impersonation.md)
 | |
|   - [Privilege Escalation with Autoruns](windows-hardening/windows-local-privilege-escalation/privilege-escalation-with-autorun-binaries.md)
 | |
|   - [RoguePotato, PrintSpoofer, SharpEfsPotato, GodPotato](windows-hardening/windows-local-privilege-escalation/roguepotato-and-printspoofer.md)
 | |
|   - [SeDebug + SeImpersonate copy token](windows-hardening/windows-local-privilege-escalation/sedebug-+-seimpersonate-copy-token.md)
 | |
|   - [SeImpersonate from High To System](windows-hardening/windows-local-privilege-escalation/seimpersonate-from-high-to-system.md)
 | |
|   - [Windows C Payloads](windows-hardening/windows-local-privilege-escalation/windows-c-payloads.md)
 | |
| - [Active Directory Methodology](windows-hardening/active-directory-methodology/README.md)
 | |
|   - [Abusing Active Directory ACLs/ACEs](windows-hardening/active-directory-methodology/acl-persistence-abuse/README.md)
 | |
|     - [BadSuccessor](windows-hardening/active-directory-methodology/acl-persistence-abuse/BadSuccessor.md)
 | |
|     - [Shadow Credentials](windows-hardening/active-directory-methodology/acl-persistence-abuse/shadow-credentials.md)
 | |
|   - [AD Certificates](windows-hardening/active-directory-methodology/ad-certificates/README.md)
 | |
|     - [AD CS Account Persistence](windows-hardening/active-directory-methodology/ad-certificates/account-persistence.md)
 | |
|     - [AD CS Domain Escalation](windows-hardening/active-directory-methodology/ad-certificates/domain-escalation.md)
 | |
|     - [AD CS Domain Persistence](windows-hardening/active-directory-methodology/ad-certificates/domain-persistence.md)
 | |
|     - [AD CS Certificate Theft](windows-hardening/active-directory-methodology/ad-certificates/certificate-theft.md)
 | |
|   - [Ad Certificates](windows-hardening/active-directory-methodology/ad-certificates.md)
 | |
|   - [AD information in printers](windows-hardening/active-directory-methodology/ad-information-in-printers.md)
 | |
|   - [AD DNS Records](windows-hardening/active-directory-methodology/ad-dns-records.md)
 | |
|   - [Adws Enumeration](windows-hardening/active-directory-methodology/adws-enumeration.md)
 | |
|   - [ASREPRoast](windows-hardening/active-directory-methodology/asreproast.md)
 | |
|   - [Badsuccessor Dmsa Migration Abuse](windows-hardening/active-directory-methodology/badsuccessor-dmsa-migration-abuse.md)
 | |
|   - [BloodHound & Other AD Enum Tools](windows-hardening/active-directory-methodology/bloodhound.md)
 | |
|   - [Constrained Delegation](windows-hardening/active-directory-methodology/constrained-delegation.md)
 | |
|   - [Custom SSP](windows-hardening/active-directory-methodology/custom-ssp.md)
 | |
|   - [DCShadow](windows-hardening/active-directory-methodology/dcshadow.md)
 | |
|   - [DCSync](windows-hardening/active-directory-methodology/dcsync.md)
 | |
|   - [Diamond Ticket](windows-hardening/active-directory-methodology/diamond-ticket.md)
 | |
|   - [DSRM Credentials](windows-hardening/active-directory-methodology/dsrm-credentials.md)
 | |
|   - [External Forest Domain - OneWay (Inbound) or bidirectional](windows-hardening/active-directory-methodology/external-forest-domain-oneway-inbound.md)
 | |
|   - [External Forest Domain - One-Way (Outbound)](windows-hardening/active-directory-methodology/external-forest-domain-one-way-outbound.md)
 | |
|   - [Golden Dmsa Gmsa](windows-hardening/active-directory-methodology/golden-dmsa-gmsa.md)
 | |
|   - [Golden Ticket](windows-hardening/active-directory-methodology/golden-ticket.md)
 | |
|   - [Kerberoast](windows-hardening/active-directory-methodology/kerberoast.md)
 | |
|   - [Kerberos Authentication](windows-hardening/active-directory-methodology/kerberos-authentication.md)
 | |
|   - [Kerberos Double Hop Problem](windows-hardening/active-directory-methodology/kerberos-double-hop-problem.md)
 | |
|   - [Lansweeper Security](windows-hardening/active-directory-methodology/lansweeper-security.md)
 | |
|   - [LAPS](windows-hardening/active-directory-methodology/laps.md)
 | |
|   - [MSSQL AD Abuse](windows-hardening/active-directory-methodology/abusing-ad-mssql.md)
 | |
|   - [Over Pass the Hash/Pass the Key](windows-hardening/active-directory-methodology/over-pass-the-hash-pass-the-key.md)
 | |
|   - [Pass the Ticket](windows-hardening/active-directory-methodology/pass-the-ticket.md)
 | |
|   - [Password Spraying / Brute Force](windows-hardening/active-directory-methodology/password-spraying.md)
 | |
|   - [PrintNightmare](windows-hardening/active-directory-methodology/printnightmare.md)
 | |
|   - [Force NTLM Privileged Authentication](windows-hardening/active-directory-methodology/printers-spooler-service-abuse.md)
 | |
|   - [Privileged Groups](windows-hardening/active-directory-methodology/privileged-groups-and-token-privileges.md)
 | |
|   - [RDP Sessions Abuse](windows-hardening/active-directory-methodology/rdp-sessions-abuse.md)
 | |
|   - [Resource-based Constrained Delegation](windows-hardening/active-directory-methodology/resource-based-constrained-delegation.md)
 | |
|   - [Sccm Management Point Relay Sql Policy Secrets](windows-hardening/active-directory-methodology/sccm-management-point-relay-sql-policy-secrets.md)
 | |
|   - [Security Descriptors](windows-hardening/active-directory-methodology/security-descriptors.md)
 | |
|   - [SID-History Injection](windows-hardening/active-directory-methodology/sid-history-injection.md)
 | |
|   - [Silver Ticket](windows-hardening/active-directory-methodology/silver-ticket.md)
 | |
|   - [Skeleton Key](windows-hardening/active-directory-methodology/skeleton-key.md)
 | |
|   - [Timeroasting](windows-hardening/active-directory-methodology/TimeRoasting.md)
 | |
|   - [Unconstrained Delegation](windows-hardening/active-directory-methodology/unconstrained-delegation.md)
 | |
| - [Windows Security Controls](windows-hardening/authentication-credentials-uac-and-efs/README.md)
 | |
|   - [UAC - User Account Control](windows-hardening/authentication-credentials-uac-and-efs/uac-user-account-control.md)
 | |
| - [NTLM](windows-hardening/ntlm/README.md)
 | |
|   - [Places to steal NTLM creds](windows-hardening/ntlm/places-to-steal-ntlm-creds.md)
 | |
| - [Lateral Movement](windows-hardening/lateral-movement/README.md)
 | |
|   - [AtExec / SchtasksExec](windows-hardening/lateral-movement/atexec.md)
 | |
|   - [DCOM Exec](windows-hardening/lateral-movement/dcomexec.md)
 | |
|   - [PsExec/Winexec/ScExec](windows-hardening/lateral-movement/psexec-and-winexec.md)
 | |
|   - [RDPexec](windows-hardening/lateral-movement/rdpexec.md)
 | |
|   - [SCMexec](windows-hardening/lateral-movement/scmexec.md)
 | |
|   - [WinRM](windows-hardening/lateral-movement/winrm.md)
 | |
|   - [WmiExec](windows-hardening/lateral-movement/wmiexec.md)
 | |
| - [Pivoting to the Cloud$$external:https://cloud.hacktricks.wiki/en/pentesting-cloud/azure-security/az-lateral-movement-cloud-on-prem/index.html$$]()
 | |
| - [Stealing Windows Credentials](windows-hardening/stealing-credentials/README.md)
 | |
|   - [Windows Credentials Protections](windows-hardening/stealing-credentials/credentials-protections.md)
 | |
|   - [Mimikatz](windows-hardening/stealing-credentials/credentials-mimikatz.md)
 | |
|   - [WTS Impersonator](windows-hardening/stealing-credentials/wts-impersonator.md)
 | |
| - [Basic Win CMD for Pentesters](windows-hardening/basic-cmd-for-pentesters.md)
 | |
| - [Basic PowerShell for Pentesters](windows-hardening/basic-powershell-for-pentesters/README.md)
 | |
|   - [PowerView/SharpView](windows-hardening/basic-powershell-for-pentesters/powerview.md)
 | |
| - [Antivirus (AV) Bypass](windows-hardening/av-bypass.md)
 | |
| - [Cobalt Strike](windows-hardening/cobalt-strike.md)
 | |
| - [Mythic](windows-hardening/mythic.md)
 | |
| 
 | |
| # 📱 Mobile Pentesting
 | |
| 
 | |
| - [Android APK Checklist](mobile-pentesting/android-checklist.md)
 | |
| - [Android Applications Pentesting](mobile-pentesting/android-app-pentesting/README.md)
 | |
|   - [Accessibility Services Abuse](mobile-pentesting/android-app-pentesting/accessibility-services-abuse.md)
 | |
|   - [Android Anti Instrumentation And Ssl Pinning Bypass](mobile-pentesting/android-app-pentesting/android-anti-instrumentation-and-ssl-pinning-bypass.md)
 | |
|   - [Android Applications Basics](mobile-pentesting/android-app-pentesting/android-applications-basics.md)
 | |
|   - [Android Task Hijacking](mobile-pentesting/android-app-pentesting/android-task-hijacking.md)
 | |
|   - [ADB Commands](mobile-pentesting/android-app-pentesting/adb-commands.md)
 | |
|   - [APK decompilers](mobile-pentesting/android-app-pentesting/apk-decompilers.md)
 | |
|   - [AVD - Android Virtual Device](mobile-pentesting/android-app-pentesting/avd-android-virtual-device.md)
 | |
|   - [Bypass Biometric Authentication (Android)](mobile-pentesting/android-app-pentesting/bypass-biometric-authentication-android.md)
 | |
|   - [content:// protocol](mobile-pentesting/android-app-pentesting/content-protocol.md)
 | |
|   - [Drozer Tutorial](mobile-pentesting/android-app-pentesting/drozer-tutorial/README.md)
 | |
|     - [Exploiting Content Providers](mobile-pentesting/android-app-pentesting/drozer-tutorial/exploiting-content-providers.md)
 | |
|   - [Exploiting a debuggeable application](mobile-pentesting/android-app-pentesting/exploiting-a-debuggeable-applciation.md)
 | |
|   - [Flutter](mobile-pentesting/android-app-pentesting/flutter.md)
 | |
|   - [Frida Tutorial](mobile-pentesting/android-app-pentesting/frida-tutorial/README.md)
 | |
|     - [Frida Tutorial 1](mobile-pentesting/android-app-pentesting/frida-tutorial/frida-tutorial-1.md)
 | |
|     - [Frida Tutorial 2](mobile-pentesting/android-app-pentesting/frida-tutorial/frida-tutorial-2.md)
 | |
|     - [Frida Tutorial 3](mobile-pentesting/android-app-pentesting/frida-tutorial/owaspuncrackable-1.md)
 | |
|     - [Objection Tutorial](mobile-pentesting/android-app-pentesting/frida-tutorial/objection-tutorial.md)
 | |
|   - [Google CTF 2018 - Shall We Play a Game?](mobile-pentesting/android-app-pentesting/google-ctf-2018-shall-we-play-a-game.md)
 | |
|   - [Insecure In App Update Rce](mobile-pentesting/android-app-pentesting/insecure-in-app-update-rce.md)
 | |
|   - [Install Burp Certificate](mobile-pentesting/android-app-pentesting/install-burp-certificate.md)
 | |
|   - [Intent Injection](mobile-pentesting/android-app-pentesting/intent-injection.md)
 | |
|   - [Make APK Accept CA Certificate](mobile-pentesting/android-app-pentesting/make-apk-accept-ca-certificate.md)
 | |
|   - [Manual DeObfuscation](mobile-pentesting/android-app-pentesting/manual-deobfuscation.md)
 | |
|   - [React Native Application](mobile-pentesting/android-app-pentesting/react-native-application.md)
 | |
|   - [Reversing Native Libraries](mobile-pentesting/android-app-pentesting/reversing-native-libraries.md)
 | |
|   - [Shizuku Privileged Api](mobile-pentesting/android-app-pentesting/shizuku-privileged-api.md)
 | |
|   - [Smali - Decompiling, Modifying, Compiling](mobile-pentesting/android-app-pentesting/smali-changes.md)
 | |
|   - [Spoofing your location in Play Store](mobile-pentesting/android-app-pentesting/spoofing-your-location-in-play-store.md)
 | |
|   - [Tapjacking](mobile-pentesting/android-app-pentesting/tapjacking.md)
 | |
|   - [Webview Attacks](mobile-pentesting/android-app-pentesting/webview-attacks.md)
 | |
| - [iOS Pentesting Checklist](mobile-pentesting/ios-pentesting-checklist.md)
 | |
| - [iOS Pentesting](mobile-pentesting/ios-pentesting/README.md)
 | |
|   - [Air Keyboard Remote Input Injection](mobile-pentesting/ios-pentesting/air-keyboard-remote-input-injection.md)
 | |
|   - [iOS App Extensions](mobile-pentesting/ios-pentesting/ios-app-extensions.md)
 | |
|   - [iOS Basics](mobile-pentesting/ios-pentesting/ios-basics.md)
 | |
|   - [iOS Basic Testing Operations](mobile-pentesting/ios-pentesting/basic-ios-testing-operations.md)
 | |
|   - [iOS Burp Suite Configuration](mobile-pentesting/ios-pentesting/burp-configuration-for-ios.md)
 | |
|   - [iOS Custom URI Handlers / Deeplinks / Custom Schemes](mobile-pentesting/ios-pentesting/ios-custom-uri-handlers-deeplinks-custom-schemes.md)
 | |
|   - [iOS Extracting Entitlements From Compiled Application](mobile-pentesting/ios-pentesting/extracting-entitlements-from-compiled-application.md)
 | |
|   - [iOS Frida Configuration](mobile-pentesting/ios-pentesting/frida-configuration-in-ios.md)
 | |
|   - [iOS Hooking With Objection](mobile-pentesting/ios-pentesting/ios-hooking-with-objection.md)
 | |
|   - [iOS Pentesting withuot Jailbreak](mobile-pentesting/ios-pentesting/ios-pentesting-without-jailbreak.md)
 | |
|   - [iOS Protocol Handlers](mobile-pentesting/ios-pentesting/ios-protocol-handlers.md)
 | |
|   - [iOS Serialisation and Encoding](mobile-pentesting/ios-pentesting/ios-serialisation-and-encoding.md)
 | |
|   - [iOS Testing Environment](mobile-pentesting/ios-pentesting/ios-testing-environment.md)
 | |
|   - [iOS UIActivity Sharing](mobile-pentesting/ios-pentesting/ios-uiactivity-sharing.md)
 | |
|   - [iOS Universal Links](mobile-pentesting/ios-pentesting/ios-universal-links.md)
 | |
|   - [iOS UIPasteboard](mobile-pentesting/ios-pentesting/ios-uipasteboard.md)
 | |
|   - [iOS WebViews](mobile-pentesting/ios-pentesting/ios-webviews.md)
 | |
| - [Cordova Apps](mobile-pentesting/cordova-apps.md)
 | |
| - [Xamarin Apps](mobile-pentesting/xamarin-apps.md)
 | |
| 
 | |
| # 👽 Network Services Pentesting
 | |
| 
 | |
| - [Pentesting JDWP - Java Debug Wire Protocol](network-services-pentesting/pentesting-jdwp-java-debug-wire-protocol.md)
 | |
| - [Pentesting Printers$$external:http://hacking-printers.net/wiki/index.php/Main_Page$$]()
 | |
| - [Pentesting SAP](network-services-pentesting/pentesting-sap.md)
 | |
| - [Pentesting VoIP](network-services-pentesting/pentesting-voip/README.md)
 | |
|   - [Basic VoIP Protocols](network-services-pentesting/pentesting-voip/basic-voip-protocols/README.md)
 | |
|     - [SIP (Session Initiation Protocol)](network-services-pentesting/pentesting-voip/basic-voip-protocols/sip-session-initiation-protocol.md)
 | |
| - [Pentesting Remote GdbServer](network-services-pentesting/pentesting-remote-gdbserver.md)
 | |
| - [7/tcp/udp - Pentesting Echo](network-services-pentesting/7-tcp-udp-pentesting-echo.md)
 | |
| - [21 - Pentesting FTP](network-services-pentesting/pentesting-ftp/README.md)
 | |
|   - [FTP Bounce attack - Scan](network-services-pentesting/pentesting-ftp/ftp-bounce-attack.md)
 | |
|   - [FTP Bounce - Download 2ºFTP file](network-services-pentesting/pentesting-ftp/ftp-bounce-download-2oftp-file.md)
 | |
| - [22 - Pentesting SSH/SFTP](network-services-pentesting/pentesting-ssh.md)
 | |
| - [23 - Pentesting Telnet](network-services-pentesting/pentesting-telnet.md)
 | |
| - [25,465,587 - Pentesting SMTP/s](network-services-pentesting/pentesting-smtp/README.md)
 | |
|   - [SMTP Smuggling](network-services-pentesting/pentesting-smtp/smtp-smuggling.md)
 | |
|   - [SMTP - Commands](network-services-pentesting/pentesting-smtp/smtp-commands.md)
 | |
| - [43 - Pentesting WHOIS](network-services-pentesting/43-pentesting-whois.md)
 | |
| - [49 - Pentesting TACACS+](network-services-pentesting/49-pentesting-tacacs+.md)
 | |
| - [53 - Pentesting DNS](network-services-pentesting/pentesting-dns.md)
 | |
| - [69/UDP TFTP/Bittorrent-tracker](network-services-pentesting/69-udp-tftp.md)
 | |
| - [79 - Pentesting Finger](network-services-pentesting/pentesting-finger.md)
 | |
| - [80,443 - Pentesting Web Methodology](network-services-pentesting/pentesting-web/README.md)
 | |
|   - [403 & 401 Bypasses](network-services-pentesting/pentesting-web/403-and-401-bypasses.md)
 | |
|   - [AEM - Adobe Experience Cloud](network-services-pentesting/pentesting-web/aem-adobe-experience-cloud.md)
 | |
|   - [Angular](network-services-pentesting/pentesting-web/angular.md)
 | |
|   - [Apache](network-services-pentesting/pentesting-web/apache.md)
 | |
|   - [Artifactory Hacking guide](network-services-pentesting/pentesting-web/artifactory-hacking-guide.md)
 | |
|   - [Bolt CMS](network-services-pentesting/pentesting-web/bolt-cms.md)
 | |
|   - [Buckets](network-services-pentesting/pentesting-web/buckets/README.md)
 | |
|     - [Firebase Database](network-services-pentesting/pentesting-web/buckets/firebase-database.md)
 | |
|   - [CGI](network-services-pentesting/pentesting-web/cgi.md)
 | |
|   - [Django](network-services-pentesting/pentesting-web/django.md)
 | |
|   - [DotNetNuke (DNN)](network-services-pentesting/pentesting-web/dotnetnuke-dnn.md)
 | |
|   - [Drupal](network-services-pentesting/pentesting-web/drupal/README.md)
 | |
|     - [Drupal RCE](network-services-pentesting/pentesting-web/drupal/drupal-rce.md)
 | |
|   - [Electron Desktop Apps](network-services-pentesting/pentesting-web/electron-desktop-apps/README.md)
 | |
|     - [Electron contextIsolation RCE via preload code](network-services-pentesting/pentesting-web/electron-desktop-apps/electron-contextisolation-rce-via-preload-code.md)
 | |
|     - [Electron contextIsolation RCE via Electron internal code](network-services-pentesting/pentesting-web/electron-desktop-apps/electron-contextisolation-rce-via-electron-internal-code.md)
 | |
|     - [Electron contextIsolation RCE via IPC](network-services-pentesting/pentesting-web/electron-desktop-apps/electron-contextisolation-rce-via-ipc.md)
 | |
|   - [Flask](network-services-pentesting/pentesting-web/flask.md)
 | |
|   - [Git](network-services-pentesting/pentesting-web/git.md)
 | |
|   - [Golang](network-services-pentesting/pentesting-web/golang.md)
 | |
|   - [Grafana](network-services-pentesting/pentesting-web/grafana.md)
 | |
|   - [GraphQL](network-services-pentesting/pentesting-web/graphql.md)
 | |
|   - [H2 - Java SQL database](network-services-pentesting/pentesting-web/h2-java-sql-database.md)
 | |
|   - [IIS - Internet Information Services](network-services-pentesting/pentesting-web/iis-internet-information-services.md)
 | |
|   - [ImageMagick Security](network-services-pentesting/pentesting-web/imagemagick-security.md)
 | |
|   - [Ispconfig](network-services-pentesting/pentesting-web/ispconfig.md)
 | |
|   - [JBOSS](network-services-pentesting/pentesting-web/jboss.md)
 | |
|   - [Jira & Confluence](network-services-pentesting/pentesting-web/jira.md)
 | |
|   - [Joomla](network-services-pentesting/pentesting-web/joomla.md)
 | |
|   - [JSP](network-services-pentesting/pentesting-web/jsp.md)
 | |
|   - [Laravel](network-services-pentesting/pentesting-web/laravel.md)
 | |
|   - [Microsoft Sharepoint](network-services-pentesting/pentesting-web/microsoft-sharepoint.md)
 | |
|   - [Moodle](network-services-pentesting/pentesting-web/moodle.md)
 | |
|   - [NextJS](network-services-pentesting/pentesting-web/nextjs.md)
 | |
|   - [Nginx](network-services-pentesting/pentesting-web/nginx.md)
 | |
|   - [NodeJS Express](network-services-pentesting/pentesting-web/nodejs-express.md)
 | |
|   - [PHP Tricks](network-services-pentesting/pentesting-web/php-tricks-esp/README.md)
 | |
|     - [PHP - Useful Functions & disable_functions/open_basedir bypass](network-services-pentesting/pentesting-web/php-tricks-esp/php-useful-functions-disable_functions-open_basedir-bypass/README.md)
 | |
|       - [disable_functions bypass - php-fpm/FastCGI](network-services-pentesting/pentesting-web/php-tricks-esp/php-useful-functions-disable_functions-open_basedir-bypass/disable_functions-bypass-php-fpm-fastcgi.md)
 | |
|       - [disable_functions bypass - dl function](network-services-pentesting/pentesting-web/php-tricks-esp/php-useful-functions-disable_functions-open_basedir-bypass/disable_functions-bypass-dl-function.md)
 | |
|       - [disable_functions bypass - PHP 7.0-7.4 (\-nix only)](network-services-pentesting/pentesting-web/php-tricks-esp/php-useful-functions-disable_functions-open_basedir-bypass/disable_functions-bypass-php-7.0-7.4-nix-only.md)
 | |
|       - [disable_functions bypass - Imagick <= 3.3.0 PHP >= 5.4 Exploit](network-services-pentesting/pentesting-web/php-tricks-esp/php-useful-functions-disable_functions-open_basedir-bypass/disable_functions-bypass-imagick-less-than-3.3.0-php-greater-than-5.4-exploit.md)
 | |
|       - [disable_functions - PHP 5.x Shellshock Exploit](network-services-pentesting/pentesting-web/php-tricks-esp/php-useful-functions-disable_functions-open_basedir-bypass/disable_functions-php-5.x-shellshock-exploit.md)
 | |
|       - [disable_functions - PHP 5.2.4 ionCube extension Exploit](network-services-pentesting/pentesting-web/php-tricks-esp/php-useful-functions-disable_functions-open_basedir-bypass/disable_functions-php-5.2.4-ioncube-extension-exploit.md)
 | |
|       - [disable_functions bypass - PHP <= 5.2.9 on windows](network-services-pentesting/pentesting-web/php-tricks-esp/php-useful-functions-disable_functions-open_basedir-bypass/disable_functions-bypass-php-less-than-5.2.9-on-windows.md)
 | |
|       - [disable_functions bypass - PHP 5.2.4 and 5.2.5 PHP cURL](network-services-pentesting/pentesting-web/php-tricks-esp/php-useful-functions-disable_functions-open_basedir-bypass/disable_functions-bypass-php-5.2.4-and-5.2.5-php-curl.md)
 | |
|       - [disable_functions bypass - PHP safe_mode bypass via proc_open() and custom environment Exploit](network-services-pentesting/pentesting-web/php-tricks-esp/php-useful-functions-disable_functions-open_basedir-bypass/disable_functions-bypass-php-safe_mode-bypass-via-proc_open-and-custom-environment-exploit.md)
 | |
|       - [disable_functions bypass - PHP Perl Extension Safe_mode Bypass Exploit](network-services-pentesting/pentesting-web/php-tricks-esp/php-useful-functions-disable_functions-open_basedir-bypass/disable_functions-bypass-php-perl-extension-safe_mode-bypass-exploit.md)
 | |
|       - [disable_functions bypass - PHP 5.2.3 - Win32std ext Protections Bypass](network-services-pentesting/pentesting-web/php-tricks-esp/php-useful-functions-disable_functions-open_basedir-bypass/disable_functions-bypass-php-5.2.3-win32std-ext-protections-bypass.md)
 | |
|       - [disable_functions bypass - PHP 5.2 - FOpen Exploit](network-services-pentesting/pentesting-web/php-tricks-esp/php-useful-functions-disable_functions-open_basedir-bypass/disable_functions-bypass-php-5.2-fopen-exploit.md)
 | |
|       - [disable_functions bypass - via mem](network-services-pentesting/pentesting-web/php-tricks-esp/php-useful-functions-disable_functions-open_basedir-bypass/disable_functions-bypass-via-mem.md)
 | |
|       - [disable_functions bypass - mod_cgi](network-services-pentesting/pentesting-web/php-tricks-esp/php-useful-functions-disable_functions-open_basedir-bypass/disable_functions-bypass-mod_cgi.md)
 | |
|       - [disable_functions bypass - PHP 4 >= 4.2.0, PHP 5 pcntl_exec](network-services-pentesting/pentesting-web/php-tricks-esp/php-useful-functions-disable_functions-open_basedir-bypass/disable_functions-bypass-php-4-greater-than-4.2.0-php-5-pcntl_exec.md)
 | |
|     - [Php Rce Abusing Object Creation New Usd Get A Usd Get B](network-services-pentesting/pentesting-web/php-tricks-esp/php-rce-abusing-object-creation-new-usd_get-a-usd_get-b.md)
 | |
|     - [PHP SSRF](network-services-pentesting/pentesting-web/php-tricks-esp/php-ssrf.md)
 | |
|   - [PrestaShop](network-services-pentesting/pentesting-web/prestashop.md)
 | |
|   - [Python](network-services-pentesting/pentesting-web/python.md)
 | |
|   - [Rocket Chat](network-services-pentesting/pentesting-web/rocket-chat.md)
 | |
|   - [Ruby Tricks](network-services-pentesting/pentesting-web/ruby-tricks.md)
 | |
|   - [Special HTTP headers$$external:network-services-pentesting/pentesting-web/special-http-headers.md$$]()
 | |
|   - [Source code Review / SAST Tools](network-services-pentesting/pentesting-web/code-review-tools.md)
 | |
|   - [Special Http Headers](network-services-pentesting/pentesting-web/special-http-headers.md)
 | |
|   - [Spring Actuators](network-services-pentesting/pentesting-web/spring-actuators.md)
 | |
|   - [Symfony](network-services-pentesting/pentesting-web/symphony.md)
 | |
|   - [Tomcat](network-services-pentesting/pentesting-web/tomcat/README.md)
 | |
|   - [Uncovering CloudFlare](network-services-pentesting/pentesting-web/uncovering-cloudflare.md)
 | |
|   - [Vuejs](network-services-pentesting/pentesting-web/vuejs.md)
 | |
|   - [VMWare (ESX, VCenter...)](network-services-pentesting/pentesting-web/vmware-esx-vcenter....md)
 | |
|   - [Web API Pentesting](network-services-pentesting/pentesting-web/web-api-pentesting.md)
 | |
|   - [WebDav](network-services-pentesting/pentesting-web/put-method-webdav.md)
 | |
|   - [Werkzeug / Flask Debug](network-services-pentesting/pentesting-web/werkzeug.md)
 | |
|   - [Wordpress](network-services-pentesting/pentesting-web/wordpress.md)
 | |
| - [88tcp/udp - Pentesting Kerberos](network-services-pentesting/pentesting-kerberos-88/README.md)
 | |
|   - [Harvesting tickets from Windows](network-services-pentesting/pentesting-kerberos-88/harvesting-tickets-from-windows.md)
 | |
|   - [Harvesting tickets from Linux](network-services-pentesting/pentesting-kerberos-88/harvesting-tickets-from-linux.md)
 | |
| - [110,995 - Pentesting POP](network-services-pentesting/pentesting-pop.md)
 | |
| - [111/TCP/UDP - Pentesting Portmapper](network-services-pentesting/pentesting-rpcbind.md)
 | |
| - [113 - Pentesting Ident](network-services-pentesting/113-pentesting-ident.md)
 | |
| - [123/udp - Pentesting NTP](network-services-pentesting/pentesting-ntp.md)
 | |
| - [135, 593 - Pentesting MSRPC](network-services-pentesting/135-pentesting-msrpc.md)
 | |
| - [137,138,139 - Pentesting NetBios](network-services-pentesting/137-138-139-pentesting-netbios.md)
 | |
| - [139,445 - Pentesting SMB](network-services-pentesting/pentesting-smb/README.md)
 | |
|   - [rpcclient enumeration](network-services-pentesting/pentesting-smb/rpcclient-enumeration.md)
 | |
| - [143,993 - Pentesting IMAP](network-services-pentesting/pentesting-imap.md)
 | |
| - [161,162,10161,10162/udp - Pentesting SNMP](network-services-pentesting/pentesting-snmp/README.md)
 | |
|   - [Cisco SNMP](network-services-pentesting/pentesting-snmp/cisco-snmp.md)
 | |
|   - [SNMP RCE](network-services-pentesting/pentesting-snmp/snmp-rce.md)
 | |
| - [194,6667,6660-7000 - Pentesting IRC](network-services-pentesting/pentesting-irc.md)
 | |
| - [264 - Pentesting Check Point FireWall-1](network-services-pentesting/pentesting-264-check-point-firewall-1.md)
 | |
| - [389, 636, 3268, 3269 - Pentesting LDAP](network-services-pentesting/pentesting-ldap.md)
 | |
| - [500/udp - Pentesting IPsec/IKE VPN](network-services-pentesting/ipsec-ike-vpn-pentesting.md)
 | |
| - [502 - Pentesting Modbus](network-services-pentesting/pentesting-modbus.md)
 | |
| - [512 - Pentesting Rexec](network-services-pentesting/512-pentesting-rexec.md)
 | |
| - [513 - Pentesting Rlogin](network-services-pentesting/pentesting-rlogin.md)
 | |
| - [514 - Pentesting Rsh](network-services-pentesting/pentesting-rsh.md)
 | |
| - [515 - Pentesting Line Printer Daemon (LPD)](network-services-pentesting/515-pentesting-line-printer-daemon-lpd.md)
 | |
| - [548 - Pentesting Apple Filing Protocol (AFP)](network-services-pentesting/584-pentesting-afp.md)
 | |
| - [554,8554 - Pentesting RTSP](network-services-pentesting/554-8554-pentesting-rtsp.md)
 | |
| - [623/UDP/TCP - IPMI](network-services-pentesting/623-udp-ipmi.md)
 | |
| - [631 - Internet Printing Protocol(IPP)](network-services-pentesting/pentesting-631-internet-printing-protocol-ipp.md)
 | |
| - [700 - Pentesting EPP](network-services-pentesting/700-pentesting-epp.md)
 | |
| - [873 - Pentesting Rsync](network-services-pentesting/873-pentesting-rsync.md)
 | |
| - [1026 - Pentesting Rusersd](network-services-pentesting/1026-pentesting-rusersd.md)
 | |
| - [1080 - Pentesting Socks](network-services-pentesting/1080-pentesting-socks.md)
 | |
| - [1098/1099/1050 - Pentesting Java RMI - RMI-IIOP](network-services-pentesting/1099-pentesting-java-rmi.md)
 | |
| - [1414 - Pentesting IBM MQ](network-services-pentesting/1414-pentesting-ibmmq.md)
 | |
| - [1433 - Pentesting MSSQL - Microsoft SQL Server](network-services-pentesting/pentesting-mssql-microsoft-sql-server/README.md)
 | |
|   - [Types of MSSQL Users](network-services-pentesting/pentesting-mssql-microsoft-sql-server/types-of-mssql-users.md)
 | |
| - [1521,1522-1529 - Pentesting Oracle TNS Listener](network-services-pentesting/1521-1522-1529-pentesting-oracle-listener.md)
 | |
| - [1723 - Pentesting PPTP](network-services-pentesting/1723-pentesting-pptp.md)
 | |
| - [1883 - Pentesting MQTT (Mosquitto)](network-services-pentesting/1883-pentesting-mqtt-mosquitto.md)
 | |
| - [2049 - Pentesting NFS Service](network-services-pentesting/nfs-service-pentesting.md)
 | |
| - [2301,2381 - Pentesting Compaq/HP Insight Manager](network-services-pentesting/pentesting-compaq-hp-insight-manager.md)
 | |
| - [2375, 2376 Pentesting Docker](network-services-pentesting/2375-pentesting-docker.md)
 | |
| - [3128 - Pentesting Squid](network-services-pentesting/3128-pentesting-squid.md)
 | |
| - [3260 - Pentesting ISCSI](network-services-pentesting/3260-pentesting-iscsi.md)
 | |
| - [3299 - Pentesting SAPRouter](network-services-pentesting/3299-pentesting-saprouter.md)
 | |
| - [3306 - Pentesting Mysql](network-services-pentesting/pentesting-mysql.md)
 | |
| - [3389 - Pentesting RDP](network-services-pentesting/pentesting-rdp.md)
 | |
| - [3632 - Pentesting distcc](network-services-pentesting/3632-pentesting-distcc.md)
 | |
| - [3690 - Pentesting Subversion (svn server)](network-services-pentesting/3690-pentesting-subversion-svn-server.md)
 | |
| - [3702/UDP - Pentesting WS-Discovery](network-services-pentesting/3702-udp-pentesting-ws-discovery.md)
 | |
| - [4369 - Pentesting Erlang Port Mapper Daemon (epmd)](network-services-pentesting/4369-pentesting-erlang-port-mapper-daemon-epmd.md)
 | |
| - [4786 - Cisco Smart Install](network-services-pentesting/4786-cisco-smart-install.md)
 | |
| - [4840 - OPC Unified Architecture](network-services-pentesting/4840-pentesting-opc-ua.md)
 | |
| - [5000 - Pentesting Docker Registry](network-services-pentesting/5000-pentesting-docker-registry.md)
 | |
| - [5353/UDP Multicast DNS (mDNS) and DNS-SD](network-services-pentesting/5353-udp-multicast-dns-mdns.md)
 | |
| - [5432,5433 - Pentesting Postgresql](network-services-pentesting/pentesting-postgresql.md)
 | |
| - [5439 - Pentesting Redshift](network-services-pentesting/5439-pentesting-redshift.md)
 | |
| - [5555 - Android Debug Bridge](network-services-pentesting/5555-android-debug-bridge.md)
 | |
| - [5601 - Pentesting Kibana](network-services-pentesting/5601-pentesting-kibana.md)
 | |
| - [5671,5672 - Pentesting AMQP](network-services-pentesting/5671-5672-pentesting-amqp.md)
 | |
| - [5800,5801,5900,5901 - Pentesting VNC](network-services-pentesting/pentesting-vnc.md)
 | |
| - [5984,6984 - Pentesting CouchDB](network-services-pentesting/5984-pentesting-couchdb.md)
 | |
| - [5985,5986 - Pentesting WinRM](network-services-pentesting/5985-5986-pentesting-winrm.md)
 | |
| - [5985,5986 - Pentesting OMI](network-services-pentesting/5985-5986-pentesting-omi.md)
 | |
| - [6000 - Pentesting X11](network-services-pentesting/6000-pentesting-x11.md)
 | |
| - [6379 - Pentesting Redis](network-services-pentesting/6379-pentesting-redis.md)
 | |
| - [8009 - Pentesting Apache JServ Protocol (AJP)](network-services-pentesting/8009-pentesting-apache-jserv-protocol-ajp.md)
 | |
| - [8086 - Pentesting InfluxDB](network-services-pentesting/8086-pentesting-influxdb.md)
 | |
| - [8089 - Pentesting Splunkd](network-services-pentesting/8089-splunkd.md)
 | |
| - [8333,18333,38333,18444 - Pentesting Bitcoin](network-services-pentesting/8333-18333-38333-18444-pentesting-bitcoin.md)
 | |
| - [9000 - Pentesting FastCGI](network-services-pentesting/9000-pentesting-fastcgi.md)
 | |
| - [9001 - Pentesting HSQLDB](network-services-pentesting/9001-pentesting-hsqldb.md)
 | |
| - [9042/9160 - Pentesting Cassandra](network-services-pentesting/cassandra.md)
 | |
| - [9100 - Pentesting Raw Printing (JetDirect, AppSocket, PDL-datastream)](network-services-pentesting/9100-pjl.md)
 | |
| - [9200 - Pentesting Elasticsearch](network-services-pentesting/9200-pentesting-elasticsearch.md)
 | |
| - [10000 - Pentesting Network Data Management Protocol (ndmp)](network-services-pentesting/10000-network-data-management-protocol-ndmp.md)
 | |
| - [11211 - Pentesting Memcache](network-services-pentesting/11211-memcache/README.md)
 | |
|   - [Memcache Commands](network-services-pentesting/11211-memcache/memcache-commands.md)
 | |
| - [15672 - Pentesting RabbitMQ Management](network-services-pentesting/15672-pentesting-rabbitmq-management.md)
 | |
| - [24007,24008,24009,49152 - Pentesting GlusterFS](network-services-pentesting/24007-24008-24009-49152-pentesting-glusterfs.md)
 | |
| - [27017,27018 - Pentesting MongoDB](network-services-pentesting/27017-27018-mongodb.md)
 | |
| - [44134 - Pentesting Tiller (Helm)](network-services-pentesting/44134-pentesting-tiller-helm.md)
 | |
| - [44818/UDP/TCP - Pentesting EthernetIP](network-services-pentesting/44818-ethernetip.md)
 | |
| - [47808/udp - Pentesting BACNet](network-services-pentesting/47808-udp-bacnet.md)
 | |
| - [50030,50060,50070,50075,50090 - Pentesting Hadoop](network-services-pentesting/50030-50060-50070-50075-50090-pentesting-hadoop.md)
 | |
| 
 | |
| # 🕸️ Pentesting Web
 | |
| 
 | |
| - [Less Code Injection Ssrf](pentesting-web/less-code-injection-ssrf.md)
 | |
| - [Web Vulnerabilities Methodology](pentesting-web/web-vulnerabilities-methodology.md)
 | |
| - [Reflecting Techniques - PoCs and Polygloths CheatSheet](pentesting-web/pocs-and-polygloths-cheatsheet/README.md)
 | |
|   - [Web Vulns List](pentesting-web/pocs-and-polygloths-cheatsheet/web-vulns-list.md)
 | |
| - [2FA/MFA/OTP Bypass](pentesting-web/2fa-bypass.md)
 | |
| - [Account Takeover](pentesting-web/account-takeover.md)
 | |
| - [Browser Extension Pentesting Methodology](pentesting-web/browser-extension-pentesting-methodology/README.md)
 | |
|   - [BrowExt - ClickJacking](pentesting-web/browser-extension-pentesting-methodology/browext-clickjacking.md)
 | |
|   - [BrowExt - permissions & host_permissions](pentesting-web/browser-extension-pentesting-methodology/browext-permissions-and-host_permissions.md)
 | |
|   - [BrowExt - XSS Example](pentesting-web/browser-extension-pentesting-methodology/browext-xss-example.md)
 | |
| - [Bypass Payment Process](pentesting-web/bypass-payment-process.md)
 | |
| - [Captcha Bypass](pentesting-web/captcha-bypass.md)
 | |
| - [Cache Poisoning and Cache Deception](pentesting-web/cache-deception/README.md)
 | |
|   - [Cache Poisoning via URL discrepancies](pentesting-web/cache-deception/cache-poisoning-via-url-discrepancies.md)
 | |
|   - [Cache Poisoning to DoS](pentesting-web/cache-deception/cache-poisoning-to-dos.md)
 | |
| - [Clickjacking](pentesting-web/clickjacking.md)
 | |
| - [Client Side Template Injection (CSTI)](pentesting-web/client-side-template-injection-csti.md)
 | |
| - [Client Side Path Traversal](pentesting-web/client-side-path-traversal.md)
 | |
| - [Command Injection](pentesting-web/command-injection.md)
 | |
| - [Content Security Policy (CSP) Bypass](pentesting-web/content-security-policy-csp-bypass/README.md)
 | |
|   - [CSP bypass: self + 'unsafe-inline' with Iframes](pentesting-web/content-security-policy-csp-bypass/csp-bypass-self-+-unsafe-inline-with-iframes.md)
 | |
| - [Cookies Hacking](pentesting-web/hacking-with-cookies/README.md)
 | |
|   - [Cookie Tossing](pentesting-web/hacking-with-cookies/cookie-tossing.md)
 | |
|   - [Cookie Jar Overflow](pentesting-web/hacking-with-cookies/cookie-jar-overflow.md)
 | |
|   - [Cookie Bomb](pentesting-web/hacking-with-cookies/cookie-bomb.md)
 | |
| - [CORS - Misconfigurations & Bypass](pentesting-web/cors-bypass.md)
 | |
| - [CRLF (%0D%0A) Injection](pentesting-web/crlf-0d-0a.md)
 | |
| - [CSRF (Cross Site Request Forgery)](pentesting-web/csrf-cross-site-request-forgery.md)
 | |
| - [Dangling Markup - HTML scriptless injection](pentesting-web/dangling-markup-html-scriptless-injection/README.md)
 | |
|   - [SS-Leaks](pentesting-web/dangling-markup-html-scriptless-injection/ss-leaks.md)
 | |
| - [DApps - Decentralized Applications](pentesting-web/dapps-DecentralizedApplications.md)
 | |
| - [Dependency Confusion](pentesting-web/dependency-confusion.md)
 | |
| - [Deserialization](pentesting-web/deserialization/README.md)
 | |
|   - [NodeJS - \_\_proto\_\_ & prototype Pollution](pentesting-web/deserialization/nodejs-proto-prototype-pollution/README.md)
 | |
|     - [Client Side Prototype Pollution](pentesting-web/deserialization/nodejs-proto-prototype-pollution/client-side-prototype-pollution.md)
 | |
|     - [Express Prototype Pollution Gadgets](pentesting-web/deserialization/nodejs-proto-prototype-pollution/express-prototype-pollution-gadgets.md)
 | |
|     - [Prototype Pollution to RCE](pentesting-web/deserialization/nodejs-proto-prototype-pollution/prototype-pollution-to-rce.md)
 | |
|   - [Java JSF ViewState (.faces) Deserialization](pentesting-web/deserialization/java-jsf-viewstate-.faces-deserialization.md)
 | |
|   - [Java DNS Deserialization, GadgetProbe and Java Deserialization Scanner](pentesting-web/deserialization/java-dns-deserialization-and-gadgetprobe.md)
 | |
|   - [Basic Java Deserialization (ObjectInputStream, readObject)](pentesting-web/deserialization/basic-java-deserialization-objectinputstream-readobject.md)
 | |
|   - [PHP - Deserialization + Autoload Classes](pentesting-web/deserialization/php-deserialization-+-autoload-classes.md)
 | |
|   - [CommonsCollection1 Payload - Java Transformers to Rutime exec() and Thread Sleep](pentesting-web/deserialization/java-transformers-to-rutime-exec-payload.md)
 | |
|   - [Basic .Net deserialization (ObjectDataProvider gadget, ExpandedWrapper, and Json.Net)](pentesting-web/deserialization/basic-.net-deserialization-objectdataprovider-gadgets-expandedwrapper-and-json.net.md)
 | |
|   - [Exploiting \_\_VIEWSTATE knowing the secrets](pentesting-web/deserialization/exploiting-__viewstate-knowing-the-secret.md)
 | |
|   - [Exploiting \_\_VIEWSTATE without knowing the secrets](pentesting-web/deserialization/exploiting-__viewstate-parameter.md)
 | |
|   - [Python Yaml Deserialization](pentesting-web/deserialization/python-yaml-deserialization.md)
 | |
|   - [JNDI - Java Naming and Directory Interface & Log4Shell](pentesting-web/deserialization/jndi-java-naming-and-directory-interface-and-log4shell.md)
 | |
|   - [Ruby Json Pollution](pentesting-web/deserialization/ruby-_json-pollution.md)
 | |
|   - [Ruby Class Pollution](pentesting-web/deserialization/ruby-class-pollution.md)
 | |
| - [Domain/Subdomain takeover](pentesting-web/domain-subdomain-takeover.md)
 | |
| - [Email Injections](pentesting-web/email-injections.md)
 | |
| - [File Inclusion/Path traversal](pentesting-web/file-inclusion/README.md)
 | |
|   - [phar:// deserialization](pentesting-web/file-inclusion/phar-deserialization.md)
 | |
|   - [LFI2RCE via PHP Filters](pentesting-web/file-inclusion/lfi2rce-via-php-filters.md)
 | |
|   - [LFI2RCE via Nginx temp files](pentesting-web/file-inclusion/lfi2rce-via-nginx-temp-files.md)
 | |
|   - [LFI2RCE via PHP_SESSION_UPLOAD_PROGRESS](pentesting-web/file-inclusion/via-php_session_upload_progress.md)
 | |
|   - [LFI2RCE via Segmentation Fault](pentesting-web/file-inclusion/lfi2rce-via-segmentation-fault.md)
 | |
|   - [LFI2RCE via phpinfo()](pentesting-web/file-inclusion/lfi2rce-via-phpinfo.md)
 | |
|   - [LFI2RCE Via temp file uploads](pentesting-web/file-inclusion/lfi2rce-via-temp-file-uploads.md)
 | |
|   - [LFI2RCE via Eternal waiting](pentesting-web/file-inclusion/lfi2rce-via-eternal-waiting.md)
 | |
|   - [LFI2RCE Via compress.zlib + PHP_STREAM_PREFER_STUDIO + Path Disclosure](pentesting-web/file-inclusion/lfi2rce-via-compress.zlib-+-php_stream_prefer_studio-+-path-disclosure.md)
 | |
| - [File Upload](pentesting-web/file-upload/README.md)
 | |
|   - [PDF Upload - XXE and CORS bypass](pentesting-web/file-upload/pdf-upload-xxe-and-cors-bypass.md)
 | |
| - [Formula/CSV/Doc/LaTeX/GhostScript Injection](pentesting-web/formula-csv-doc-latex-ghostscript-injection.md)
 | |
| - [gRPC-Web Pentest](pentesting-web/grpc-web-pentest.md)
 | |
| - [HTTP Connection Contamination](pentesting-web/http-connection-contamination.md)
 | |
| - [HTTP Connection Request Smuggling](pentesting-web/http-connection-request-smuggling.md)
 | |
| - [HTTP Request Smuggling / HTTP Desync Attack](pentesting-web/http-request-smuggling/README.md)
 | |
|   - [Browser HTTP Request Smuggling](pentesting-web/http-request-smuggling/browser-http-request-smuggling.md)
 | |
|   - [Request Smuggling in HTTP/2 Downgrades](pentesting-web/http-request-smuggling/request-smuggling-in-http-2-downgrades.md)
 | |
| - [HTTP Response Smuggling / Desync](pentesting-web/http-response-smuggling-desync.md)
 | |
| - [Upgrade Header Smuggling](pentesting-web/h2c-smuggling.md)
 | |
| - [hop-by-hop headers](pentesting-web/abusing-hop-by-hop-headers.md)
 | |
| - [IDOR](pentesting-web/idor.md)
 | |
| - [JWT Vulnerabilities (Json Web Tokens)](pentesting-web/hacking-jwt-json-web-tokens.md)
 | |
| - [JSON, XML and YAML Hacking](pentesting-web/json-xml-yaml-hacking.md)
 | |
| - [LDAP Injection](pentesting-web/ldap-injection.md)
 | |
| - [Login Bypass](pentesting-web/login-bypass/README.md)
 | |
|   - [Login bypass List](pentesting-web/login-bypass/sql-login-bypass.md)
 | |
| - [NoSQL injection](pentesting-web/nosql-injection.md)
 | |
| - [OAuth to Account takeover](pentesting-web/oauth-to-account-takeover.md)
 | |
| - [Open Redirect](pentesting-web/open-redirect.md)
 | |
| - [ORM Injection](pentesting-web/orm-injection.md)
 | |
| - [Parameter Pollution | JSON Injection](pentesting-web/parameter-pollution.md)
 | |
| - [Phone Number Injections](pentesting-web/phone-number-injections.md)
 | |
| - [PostMessage Vulnerabilities](pentesting-web/postmessage-vulnerabilities/README.md)
 | |
|   - [Blocking main page to steal postmessage](pentesting-web/postmessage-vulnerabilities/blocking-main-page-to-steal-postmessage.md)
 | |
|   - [Bypassing SOP with Iframes - 1](pentesting-web/postmessage-vulnerabilities/bypassing-sop-with-iframes-1.md)
 | |
|   - [Bypassing SOP with Iframes - 2](pentesting-web/postmessage-vulnerabilities/bypassing-sop-with-iframes-2.md)
 | |
|   - [Steal postmessage modifying iframe location](pentesting-web/postmessage-vulnerabilities/steal-postmessage-modifying-iframe-location.md)
 | |
| - [Proxy / WAF Protections Bypass](pentesting-web/proxy-waf-protections-bypass.md)
 | |
| - [Race Condition](pentesting-web/race-condition.md)
 | |
| - [Rate Limit Bypass](pentesting-web/rate-limit-bypass.md)
 | |
| - [Registration & Takeover Vulnerabilities](pentesting-web/registration-vulnerabilities.md)
 | |
| - [Regular expression Denial of Service - ReDoS](pentesting-web/regular-expression-denial-of-service-redos.md)
 | |
| - [Reset/Forgotten Password Bypass](pentesting-web/reset-password.md)
 | |
| - [Reverse Tab Nabbing](pentesting-web/reverse-tab-nabbing.md)
 | |
| - [RSQL Injection](pentesting-web/rsql-injection.md)
 | |
| - [SAML Attacks](pentesting-web/saml-attacks/README.md)
 | |
|   - [SAML Basics](pentesting-web/saml-attacks/saml-basics.md)
 | |
| - [Server Side Inclusion/Edge Side Inclusion Injection](pentesting-web/server-side-inclusion-edge-side-inclusion-injection.md)
 | |
| - [SQL Injection](pentesting-web/sql-injection/README.md)
 | |
|   - [MS Access SQL Injection](pentesting-web/sql-injection/ms-access-sql-injection.md)
 | |
|   - [MSSQL Injection](pentesting-web/sql-injection/mssql-injection.md)
 | |
|   - [MySQL injection](pentesting-web/sql-injection/mysql-injection/README.md)
 | |
|     - [MySQL File priv to SSRF/RCE](pentesting-web/sql-injection/mysql-injection/mysql-ssrf.md)
 | |
|   - [Oracle injection](pentesting-web/sql-injection/oracle-injection.md)
 | |
|   - [Cypher Injection (neo4j)](pentesting-web/sql-injection/cypher-injection-neo4j.md)
 | |
|   - [Sqlmap](pentesting-web/sql-injection/sqlmap.md)
 | |
|   - [PostgreSQL injection](pentesting-web/sql-injection/postgresql-injection/README.md)
 | |
|     - [dblink/lo_import data exfiltration](pentesting-web/sql-injection/postgresql-injection/dblink-lo_import-data-exfiltration.md)
 | |
|     - [PL/pgSQL Password Bruteforce](pentesting-web/sql-injection/postgresql-injection/pl-pgsql-password-bruteforce.md)
 | |
|     - [Network - Privesc, Port Scanner and NTLM chanllenge response disclosure](pentesting-web/sql-injection/postgresql-injection/network-privesc-port-scanner-and-ntlm-chanllenge-response-disclosure.md)
 | |
|     - [Big Binary Files Upload (PostgreSQL)](pentesting-web/sql-injection/postgresql-injection/big-binary-files-upload-postgresql.md)
 | |
|     - [RCE with PostgreSQL Languages](pentesting-web/sql-injection/postgresql-injection/rce-with-postgresql-languages.md)
 | |
|     - [RCE with PostgreSQL Extensions](pentesting-web/sql-injection/postgresql-injection/rce-with-postgresql-extensions.md)
 | |
|   - [SQLMap - CheatSheet](pentesting-web/sql-injection/sqlmap/README.md)
 | |
|     - [Second Order Injection - SQLMap](pentesting-web/sql-injection/sqlmap/second-order-injection-sqlmap.md)
 | |
| - [SSRF (Server Side Request Forgery)](pentesting-web/ssrf-server-side-request-forgery/README.md)
 | |
|   - [URL Format Bypass](pentesting-web/ssrf-server-side-request-forgery/url-format-bypass.md)
 | |
|   - [SSRF Vulnerable Platforms](pentesting-web/ssrf-server-side-request-forgery/ssrf-vulnerable-platforms.md)
 | |
|   - [Cloud SSRF](pentesting-web/ssrf-server-side-request-forgery/cloud-ssrf.md)
 | |
| - [SSTI (Server Side Template Injection)](pentesting-web/ssti-server-side-template-injection/README.md)
 | |
|   - [EL - Expression Language](pentesting-web/ssti-server-side-template-injection/el-expression-language.md)
 | |
|   - [Jinja2 SSTI](pentesting-web/ssti-server-side-template-injection/jinja2-ssti.md)
 | |
| - [Timing Attacks](pentesting-web/timing-attacks.md)
 | |
| - [Unicode Injection](pentesting-web/unicode-injection/README.md)
 | |
|   - [Unicode Normalization](pentesting-web/unicode-injection/unicode-normalization.md)
 | |
| - [UUID Insecurities](pentesting-web/uuid-insecurities.md)
 | |
| - [WebSocket Attacks](pentesting-web/websocket-attacks.md)
 | |
| - [Web Tool - WFuzz](pentesting-web/web-tool-wfuzz.md)
 | |
| - [XPATH injection](pentesting-web/xpath-injection.md)
 | |
| - [XS Search](pentesting-web/xs-search.md)
 | |
| - [XSLT Server Side Injection (Extensible Stylesheet Language Transformations)](pentesting-web/xslt-server-side-injection-extensible-stylesheet-language-transformations.md)
 | |
| - [XXE - XEE - XML External Entity](pentesting-web/xxe-xee-xml-external-entity.md)
 | |
| - [XSS (Cross Site Scripting)](pentesting-web/xss-cross-site-scripting/README.md)
 | |
|   - [Abusing Service Workers](pentesting-web/xss-cross-site-scripting/abusing-service-workers.md)
 | |
|   - [Chrome Cache to XSS](pentesting-web/xss-cross-site-scripting/chrome-cache-to-xss.md)
 | |
|   - [Debugging Client Side JS](pentesting-web/xss-cross-site-scripting/debugging-client-side-js.md)
 | |
|   - [Dom Clobbering](pentesting-web/xss-cross-site-scripting/dom-clobbering.md)
 | |
|   - [DOM Invader](pentesting-web/xss-cross-site-scripting/dom-invader.md)
 | |
|   - [DOM XSS](pentesting-web/xss-cross-site-scripting/dom-xss.md)
 | |
|   - [Iframes in XSS, CSP and SOP](pentesting-web/xss-cross-site-scripting/iframes-in-xss-and-csp.md)
 | |
|   - [Integer Overflow](pentesting-web/xss-cross-site-scripting/integer-overflow.md)
 | |
|   - [JS Hoisting](pentesting-web/xss-cross-site-scripting/js-hoisting.md)
 | |
|   - [Misc JS Tricks & Relevant Info](pentesting-web/xss-cross-site-scripting/other-js-tricks.md)
 | |
|   - [PDF Injection](pentesting-web/xss-cross-site-scripting/pdf-injection.md)
 | |
|   - [Server Side XSS (Dynamic PDF)](pentesting-web/xss-cross-site-scripting/server-side-xss-dynamic-pdf.md)
 | |
|   - [Shadow DOM](pentesting-web/xss-cross-site-scripting/shadow-dom.md)
 | |
|   - [SOME - Same Origin Method Execution](pentesting-web/xss-cross-site-scripting/some-same-origin-method-execution.md)
 | |
|   - [Sniff Leak](pentesting-web/xss-cross-site-scripting/sniff-leak.md)
 | |
|   - [Steal Info JS](pentesting-web/xss-cross-site-scripting/steal-info-js.md)
 | |
|   - [XSS in Markdown](pentesting-web/xss-cross-site-scripting/xss-in-markdown.md)
 | |
| - [XSSI (Cross-Site Script Inclusion)](pentesting-web/xssi-cross-site-script-inclusion.md)
 | |
| - [XS-Search/XS-Leaks](pentesting-web/xs-search/README.md)
 | |
|   - [Connection Pool Examples](pentesting-web/xs-search/connection-pool-example.md)
 | |
|   - [Connection Pool by Destination Example](pentesting-web/xs-search/connection-pool-by-destination-example.md)
 | |
|   - [Cookie Bomb + Onerror XS Leak](pentesting-web/xs-search/cookie-bomb-+-onerror-xs-leak.md)
 | |
|   - [URL Max Length - Client Side](pentesting-web/xs-search/url-max-length-client-side.md)
 | |
|   - [performance.now example](pentesting-web/xs-search/performance.now-example.md)
 | |
|   - [performance.now + Force heavy task](pentesting-web/xs-search/performance.now-+-force-heavy-task.md)
 | |
|   - [Event Loop Blocking + Lazy images](pentesting-web/xs-search/event-loop-blocking-+-lazy-images.md)
 | |
|   - [JavaScript Execution XS Leak](pentesting-web/xs-search/javascript-execution-xs-leak.md)
 | |
|   - [CSS Injection](pentesting-web/xs-search/css-injection/README.md)
 | |
|     - [CSS Injection Code](pentesting-web/xs-search/css-injection/css-injection-code.md)
 | |
| - [Iframe Traps](pentesting-web/iframe-traps.md)
 | |
| 
 | |
| # ⛈️ Cloud Security
 | |
| 
 | |
| - [Pentesting Kubernetes$$external:https://cloud.hacktricks.wiki/en/pentesting-cloud/kubernetes-security/index.html$$]()
 | |
| - [Pentesting Cloud (AWS, GCP, Az...)$$external:https://cloud.hacktricks.wiki/en/pentesting-cloud/pentesting-cloud-methodology.html$$]()
 | |
| - [Pentesting CI/CD (Github, Jenkins, Terraform...)$$external:https://cloud.hacktricks.wiki/en/pentesting-ci-cd/pentesting-ci-cd-methodology.html$$]()
 | |
| 
 | |
| # 😎 Hardware/Physical Access
 | |
| 
 | |
| - [Physical Attacks](hardware-physical-access/physical-attacks.md)
 | |
| - [Escaping from KIOSKs](hardware-physical-access/escaping-from-gui-applications.md)
 | |
| - [Firmware Analysis](hardware-physical-access/firmware-analysis/README.md)
 | |
|   - [Bootloader testing](hardware-physical-access/firmware-analysis/bootloader-testing.md)
 | |
|   - [Firmware Integrity](hardware-physical-access/firmware-analysis/firmware-integrity.md)
 | |
| 
 | |
| # 🎯 Binary Exploitation
 | |
| 
 | |
| - [Basic Stack Binary Exploitation Methodology](binary-exploitation/basic-stack-binary-exploitation-methodology/README.md)
 | |
|   - [ELF Basic Information](binary-exploitation/basic-stack-binary-exploitation-methodology/elf-tricks.md)
 | |
|   - [Exploiting Tools](binary-exploitation/basic-stack-binary-exploitation-methodology/tools/README.md)
 | |
|     - [PwnTools](binary-exploitation/basic-stack-binary-exploitation-methodology/tools/pwntools.md)
 | |
| - [Stack Overflow](binary-exploitation/stack-overflow/README.md)
 | |
|   - [Pointer Redirecting](binary-exploitation/stack-overflow/pointer-redirecting.md)
 | |
|   - [Ret2win](binary-exploitation/stack-overflow/ret2win/README.md)
 | |
|     - [Ret2win - arm64](binary-exploitation/stack-overflow/ret2win/ret2win-arm64.md)
 | |
|   - [Stack Shellcode](binary-exploitation/stack-overflow/stack-shellcode/README.md)
 | |
|     - [Stack Shellcode - arm64](binary-exploitation/stack-overflow/stack-shellcode/stack-shellcode-arm64.md)
 | |
|   - [Stack Pivoting - EBP2Ret - EBP chaining](binary-exploitation/stack-overflow/stack-pivoting-ebp2ret-ebp-chaining.md)
 | |
|   - [Uninitialized Variables](binary-exploitation/stack-overflow/uninitialized-variables.md)
 | |
| - [ROP - Return Oriented Programing](binary-exploitation/rop-return-oriented-programing/README.md)
 | |
|   - [BROP - Blind Return Oriented Programming](binary-exploitation/rop-return-oriented-programing/brop-blind-return-oriented-programming.md)
 | |
|   - [Ret2csu](binary-exploitation/rop-return-oriented-programing/ret2csu.md)
 | |
|   - [Ret2dlresolve](binary-exploitation/rop-return-oriented-programing/ret2dlresolve.md)
 | |
|   - [Ret2esp / Ret2reg](binary-exploitation/rop-return-oriented-programing/ret2esp-ret2reg.md)
 | |
|   - [Ret2lib](binary-exploitation/rop-return-oriented-programing/ret2lib/README.md)
 | |
|     - [Leaking libc address with ROP](binary-exploitation/rop-return-oriented-programing/ret2lib/rop-leaking-libc-address/README.md)
 | |
|       - [Leaking libc - template](binary-exploitation/rop-return-oriented-programing/ret2lib/rop-leaking-libc-address/rop-leaking-libc-template.md)
 | |
|     - [One Gadget](binary-exploitation/rop-return-oriented-programing/ret2lib/one-gadget.md)
 | |
|     - [Ret2lib + Printf leak - arm64](binary-exploitation/rop-return-oriented-programing/ret2lib/ret2lib-+-printf-leak-arm64.md)
 | |
|   - [Ret2syscall](binary-exploitation/rop-return-oriented-programing/rop-syscall-execv/README.md)
 | |
|     - [Ret2syscall - ARM64](binary-exploitation/rop-return-oriented-programing/rop-syscall-execv/ret2syscall-arm64.md)
 | |
|   - [Ret2vDSO](binary-exploitation/rop-return-oriented-programing/ret2vdso.md)
 | |
|   - [SROP - Sigreturn-Oriented Programming](binary-exploitation/rop-return-oriented-programing/srop-sigreturn-oriented-programming/README.md)
 | |
|     - [SROP - ARM64](binary-exploitation/rop-return-oriented-programing/srop-sigreturn-oriented-programming/srop-arm64.md)
 | |
|   - [Synology Encrypted Archive Decryption](hardware-physical-access/firmware-analysis/synology-encrypted-archive-decryption.md)
 | |
|   - [Windows Seh Overflow](binary-exploitation/stack-overflow/windows-seh-overflow.md)
 | |
| - [Array Indexing](binary-exploitation/array-indexing.md)
 | |
| - [Chrome Exploiting](binary-exploitation/chrome-exploiting.md)
 | |
| - [Integer Overflow](binary-exploitation/integer-overflow.md)
 | |
| - [Format Strings](binary-exploitation/format-strings/README.md)
 | |
|   - [Format Strings - Arbitrary Read Example](binary-exploitation/format-strings/format-strings-arbitrary-read-example.md)
 | |
|   - [Format Strings Template](binary-exploitation/format-strings/format-strings-template.md)
 | |
| - [Libc Heap](binary-exploitation/libc-heap/README.md)
 | |
|   - [Bins & Memory Allocations](binary-exploitation/libc-heap/bins-and-memory-allocations.md)
 | |
|   - [Heap Memory Functions](binary-exploitation/libc-heap/heap-memory-functions/README.md)
 | |
|     - [free](binary-exploitation/libc-heap/heap-memory-functions/free.md)
 | |
|     - [malloc & sysmalloc](binary-exploitation/libc-heap/heap-memory-functions/malloc-and-sysmalloc.md)
 | |
|     - [unlink](binary-exploitation/libc-heap/heap-memory-functions/unlink.md)
 | |
|     - [Heap Functions Security Checks](binary-exploitation/libc-heap/heap-memory-functions/heap-functions-security-checks.md)
 | |
|   - [Use After Free](binary-exploitation/libc-heap/use-after-free/README.md)
 | |
|     - [First Fit](binary-exploitation/libc-heap/use-after-free/first-fit.md)
 | |
|   - [Double Free](binary-exploitation/libc-heap/double-free.md)
 | |
|   - [Overwriting a freed chunk](binary-exploitation/libc-heap/overwriting-a-freed-chunk.md)
 | |
|   - [Heap Overflow](binary-exploitation/libc-heap/heap-overflow.md)
 | |
|   - [Unlink Attack](binary-exploitation/libc-heap/unlink-attack.md)
 | |
|   - [Fast Bin Attack](binary-exploitation/libc-heap/fast-bin-attack.md)
 | |
|   - [Unsorted Bin Attack](binary-exploitation/libc-heap/unsorted-bin-attack.md)
 | |
|   - [Large Bin Attack](binary-exploitation/libc-heap/large-bin-attack.md)
 | |
|   - [Tcache Bin Attack](binary-exploitation/libc-heap/tcache-bin-attack.md)
 | |
|   - [Off by one overflow](binary-exploitation/libc-heap/off-by-one-overflow.md)
 | |
|   - [House of Spirit](binary-exploitation/libc-heap/house-of-spirit.md)
 | |
|   - [House of Lore | Small bin Attack](binary-exploitation/libc-heap/house-of-lore.md)
 | |
|   - [House of Einherjar](binary-exploitation/libc-heap/house-of-einherjar.md)
 | |
|   - [House of Force](binary-exploitation/libc-heap/house-of-force.md)
 | |
|   - [House of Orange](binary-exploitation/libc-heap/house-of-orange.md)
 | |
|   - [House of Rabbit](binary-exploitation/libc-heap/house-of-rabbit.md)
 | |
|   - [House of Roman](binary-exploitation/libc-heap/house-of-roman.md)
 | |
| - [Common Binary Exploitation Protections & Bypasses](binary-exploitation/common-binary-protections-and-bypasses/README.md)
 | |
|   - [ASLR](binary-exploitation/common-binary-protections-and-bypasses/aslr/README.md)
 | |
|     - [Ret2plt](binary-exploitation/common-binary-protections-and-bypasses/aslr/ret2plt.md)
 | |
|     - [Ret2ret & Reo2pop](binary-exploitation/common-binary-protections-and-bypasses/aslr/ret2ret.md)
 | |
|   - [CET & Shadow Stack](binary-exploitation/common-binary-protections-and-bypasses/cet-and-shadow-stack.md)
 | |
|   - [Libc Protections](binary-exploitation/common-binary-protections-and-bypasses/libc-protections.md)
 | |
|   - [Memory Tagging Extension (MTE)](binary-exploitation/common-binary-protections-and-bypasses/memory-tagging-extension-mte.md)
 | |
|   - [No-exec / NX](binary-exploitation/common-binary-protections-and-bypasses/no-exec-nx.md)
 | |
|   - [PIE](binary-exploitation/common-binary-protections-and-bypasses/pie/README.md)
 | |
|     - [BF Addresses in the Stack](binary-exploitation/common-binary-protections-and-bypasses/pie/bypassing-canary-and-pie.md)
 | |
|   - [Relro](binary-exploitation/common-binary-protections-and-bypasses/relro.md)
 | |
|   - [Stack Canaries](binary-exploitation/common-binary-protections-and-bypasses/stack-canaries/README.md)
 | |
|     - [BF Forked & Threaded Stack Canaries](binary-exploitation/common-binary-protections-and-bypasses/stack-canaries/bf-forked-stack-canaries.md)
 | |
|     - [Print Stack Canary](binary-exploitation/common-binary-protections-and-bypasses/stack-canaries/print-stack-canary.md)
 | |
| - [Write What Where 2 Exec](binary-exploitation/arbitrary-write-2-exec/README.md)
 | |
|   - [Aw2exec Sips Icc Profile](binary-exploitation/arbitrary-write-2-exec/aw2exec-sips-icc-profile.md)
 | |
|   - [WWW2Exec - atexit()](binary-exploitation/arbitrary-write-2-exec/www2exec-atexit.md)
 | |
|   - [WWW2Exec - .dtors & .fini_array](binary-exploitation/arbitrary-write-2-exec/www2exec-.dtors-and-.fini_array.md)
 | |
|   - [WWW2Exec - GOT/PLT](binary-exploitation/arbitrary-write-2-exec/aw2exec-got-plt.md)
 | |
|   - [WWW2Exec - \_\_malloc_hook & \_\_free_hook](binary-exploitation/arbitrary-write-2-exec/aw2exec-__malloc_hook.md)
 | |
| - [Common Exploiting Problems](binary-exploitation/common-exploiting-problems.md)
 | |
| - [Windows Exploiting (Basic Guide - OSCP lvl)](binary-exploitation/windows-exploiting-basic-guide-oscp-lvl.md)
 | |
| - [iOS Exploiting](binary-exploitation/ios-exploiting.md)
 | |
| 
 | |
| # 🤖 AI
 | |
| - [AI Security](AI/README.md)
 | |
|   - [Ai Assisted Fuzzing And Vulnerability Discovery](AI/AI-Assisted-Fuzzing-and-Vulnerability-Discovery.md)
 | |
|   - [AI Security Methodology](AI/AI-Deep-Learning.md)
 | |
|   - [AI MCP Security](AI/AI-MCP-Servers.md)
 | |
|   - [AI Model Data Preparation](AI/AI-Model-Data-Preparation-and-Evaluation.md)
 | |
|   - [AI Models RCE](AI/AI-Models-RCE.md)
 | |
|   - [AI Prompts](AI/AI-Prompts.md)
 | |
|   - [AI Risk Frameworks](AI/AI-Risk-Frameworks.md)
 | |
|   - [AI Supervised Learning Algorithms](AI/AI-Supervised-Learning-Algorithms.md)
 | |
|   - [AI Unsupervised Learning Algorithms](AI/AI-Unsupervised-Learning-Algorithms.md)
 | |
|   - [AI Reinforcement Learning Algorithms](AI/AI-Reinforcement-Learning-Algorithms.md)
 | |
|   - [LLM Training](AI/AI-llm-architecture/README.md)
 | |
|     - [0. Basic LLM Concepts](AI/AI-llm-architecture/0.-basic-llm-concepts.md)
 | |
|     - [1. Tokenizing](AI/AI-llm-architecture/1.-tokenizing.md)
 | |
|     - [2. Data Sampling](AI/AI-llm-architecture/2.-data-sampling.md)
 | |
|     - [3. Token Embeddings](AI/AI-llm-architecture/3.-token-embeddings.md)
 | |
|     - [4. Attention Mechanisms](AI/AI-llm-architecture/4.-attention-mechanisms.md)
 | |
|     - [5. LLM Architecture](AI/AI-llm-architecture/5.-llm-architecture.md)
 | |
|     - [6. Pre-training & Loading models](AI/AI-llm-architecture/6.-pre-training-and-loading-models.md)
 | |
|     - [7.0. LoRA Improvements in fine-tuning](AI/AI-llm-architecture/7.0.-lora-improvements-in-fine-tuning.md)
 | |
|     - [7.1. Fine-Tuning for Classification](AI/AI-llm-architecture/7.1.-fine-tuning-for-classification.md)
 | |
|     - [7.2. Fine-Tuning to follow instructions](AI/AI-llm-architecture/7.2.-fine-tuning-to-follow-instructions.md)
 | |
| 
 | |
| # 🔩 Reversing
 | |
| 
 | |
| - [Reversing Tools & Basic Methods](reversing/reversing-tools-basic-methods/README.md)
 | |
|   - [Angr](reversing/reversing-tools-basic-methods/angr/README.md)
 | |
|     - [Angr - Examples](reversing/reversing-tools-basic-methods/angr/angr-examples.md)
 | |
|   - [Z3 - Satisfiability Modulo Theories (SMT)](reversing/reversing-tools-basic-methods/satisfiability-modulo-theories-smt-z3.md)
 | |
|   - [Cheat Engine](reversing/reversing-tools-basic-methods/cheat-engine.md)
 | |
|   - [Blobrunner](reversing/reversing-tools-basic-methods/blobrunner.md)
 | |
| - [Common API used in Malware](reversing/common-api-used-in-malware.md)
 | |
| - [Word Macros](reversing/word-macros.md)
 | |
| 
 | |
| # 🔮 Crypto & Stego
 | |
| 
 | |
| - [Cryptographic/Compression Algorithms](crypto-and-stego/cryptographic-algorithms/README.md)
 | |
|   - [Unpacking binaries](crypto-and-stego/cryptographic-algorithms/unpacking-binaries.md)
 | |
| - [Certificates](crypto-and-stego/certificates.md)
 | |
| - [Cipher Block Chaining CBC-MAC](crypto-and-stego/cipher-block-chaining-cbc-mac-priv.md)
 | |
| - [Crypto CTFs Tricks](crypto-and-stego/crypto-ctfs-tricks.md)
 | |
| - [Electronic Code Book (ECB)](crypto-and-stego/electronic-code-book-ecb.md)
 | |
| - [Hash Length Extension Attack](crypto-and-stego/hash-length-extension-attack.md)
 | |
| - [Padding Oracle](crypto-and-stego/padding-oracle-priv.md)
 | |
| - [RC4 - Encrypt\&Decrypt](crypto-and-stego/rc4-encrypt-and-decrypt.md)
 | |
| - [Stego Tricks](crypto-and-stego/stego-tricks.md)
 | |
| - [Esoteric languages](crypto-and-stego/esoteric-languages.md)
 | |
| - [Blockchain & Crypto Currencies](crypto-and-stego/blockchain-and-crypto-currencies.md)
 | |
| 
 | |
| # ✍️ TODO
 | |
| 
 | |
| - [Interesting Http](todo/interesting-http.md)
 | |
| - [Rust Basics](todo/rust-basics.md)
 | |
| - [More Tools](todo/more-tools.md)
 | |
| - [Hardware Hacking](todo/hardware-hacking/README.md)
 | |
|   - [Fault Injection Attacks](todo/hardware-hacking/fault_injection_attacks.md)
 | |
|   - [I2C](todo/hardware-hacking/i2c.md)
 | |
|   - [Side Channel Analysis](todo/hardware-hacking/side_channel_analysis.md)
 | |
|   - [UART](todo/hardware-hacking/uart.md)
 | |
|   - [Radio](todo/hardware-hacking/radio.md)
 | |
|   - [JTAG](todo/hardware-hacking/jtag.md)
 | |
|   - [SPI](todo/hardware-hacking/spi.md)
 | |
| - [Industrial Control Systems Hacking](todo/industrial-control-systems-hacking/README.md)
 | |
|   - [Modbus Protocol](todo/industrial-control-systems-hacking/modbus.md)
 | |
| - [Radio Hacking](todo/radio-hacking/README.md)
 | |
|   - [Maxiprox Mobile Cloner](todo/radio-hacking/maxiprox-mobile-cloner.md)
 | |
|   - [Pentesting RFID](todo/radio-hacking/pentesting-rfid.md)
 | |
|   - [Infrared](todo/radio-hacking/infrared.md)
 | |
|   - [Sub-GHz RF](todo/radio-hacking/sub-ghz-rf.md)
 | |
|   - [iButton](todo/radio-hacking/ibutton.md)
 | |
|   - [Flipper Zero](todo/radio-hacking/flipper-zero/README.md)
 | |
|     - [FZ - NFC](todo/radio-hacking/flipper-zero/fz-nfc.md)
 | |
|     - [FZ - Sub-GHz](todo/radio-hacking/flipper-zero/fz-sub-ghz.md)
 | |
|     - [FZ - Infrared](todo/radio-hacking/flipper-zero/fz-infrared.md)
 | |
|     - [FZ - iButton](todo/radio-hacking/flipper-zero/fz-ibutton.md)
 | |
|     - [FZ - 125kHz RFID](todo/radio-hacking/flipper-zero/fz-125khz-rfid.md)
 | |
|   - [Proxmark 3](todo/radio-hacking/proxmark-3.md)
 | |
|   - [FISSURE - The RF Framework](todo/radio-hacking/fissure-the-rf-framework.md)
 | |
|   - [Low-Power Wide Area Network](todo/radio-hacking/low-power-wide-area-network.md)
 | |
|   - [Pentesting BLE - Bluetooth Low Energy](todo/radio-hacking/pentesting-ble-bluetooth-low-energy.md)
 | |
| - [Test LLMs](todo/test-llms.md)
 | |
| - [Burp Suite](todo/burp-suite.md)
 | |
| - [Other Web Tricks](todo/other-web-tricks.md)
 | |
| - [Interesting HTTP$$external:todo/interesting-http.md$$]()
 | |
| - [Android Forensics](todo/android-forensics.md)
 | |
| - [Online Platforms with API](todo/online-platforms-with-api.md)
 | |
| - [Stealing Sensitive Information Disclosure from a Web](todo/stealing-sensitive-information-disclosure-from-a-web.md)
 | |
| - [Post Exploitation](todo/post-exploitation.md)
 | |
| - [Investment Terms](todo/investment-terms.md)
 | |
| - [Cookies Policy](todo/cookies-policy.md)
 | |
|   
 |