Skip to content
HackTricks Press
Search
K
Main Navigation
Table of Contents
Appearance
Menu
Return to top
On this page
Table of contents
โ
๐พ Welcome!
โ
HackTricks
HackTricks Values & FAQ
About the author
๐คฉ Generic Methodologies & Resources
โ
Pentesting Methodology
External Recon Methodology
Wide Source Code Search
Github Dorks & Leaks
Pentesting Network
DHCPv6
EIGRP Attacks
GLBP & HSRP Attacks
IDS and IPS Evasion
Lateral VLAN Segmentation Bypass
Network Protocols Explained (ESP)
Nmap Summary (ESP)
Pentesting IPv6
Spoofing LLMNR, NBT-NS, mDNS/DNS and WPAD and Relay Attacks
Spoofing SSDP and UPnP Devices with EvilSSDP
Pentesting Wifi
Evil Twin EAP-TLS
Phishing Methodology
Clone a Website
Detecting Phishing
Phishing Files & Documents
Basic Forensic Methodology
Baseline Monitoring
Anti-Forensic Techniques
Docker Forensics
Image Acquisition & Mount
Linux Forensics
Malware Analysis
Memory dump analysis
Volatility - CheatSheet
Partitions/File Systems/Carving
File/Data Carving & Recovery Tools
Pcap Inspection
DNSCat pcap analysis
Suricata & Iptables cheatsheet
USB Keystrokes
Wifi Pcap Analysis
Wireshark tricks
Specific Software/File-Type Tricks
Decompile compiled python binaries (exe, elf) - Retreive from .pyc
Browser Artifacts
Deofuscation vbs (cscript.exe)
Local Cloud Storage
Office file analysis
PDF File analysis
PNG tricks
Video and Audio file analysis
ZIPs tricks
Windows Artifacts
Interesting Windows Registry Keys
Brute Force - CheatSheet
Python Sandbox Escape & Pyscript
Bypass Python sandboxes
LOAD_NAME / LOAD_CONST opcode OOB Read
Class Pollution (Python's Prototype Pollution)
Python Internal Read Gadgets
Pyscript
venv
Web Requests
Bruteforce hash (few chars)
Basic Python
Exfiltration
Tunneling and Port Forwarding
Threat Modeling
Search Exploits
Shells (Linux, Windows, MSFVenom)
MSFVenom - CheatSheet
Shells - Windows
Shells - Linux
Full TTYs
๐ง Linux Hardening
โ
Checklist - Linux Privilege Escalation
Linux Privilege Escalation
Arbitrary File Write to Root
Cisco - vmanage
Containerd (ctr) Privilege Escalation
D-Bus Enumeration & Command Injection Privilege Escalation
Docker Security
Abusing Docker Socket for Privilege Escalation
AppArmor
AuthZ& AuthN - Docker Access Authorization Plugin
CGroups
Docker --privileged
Docker Breakout / Privilege Escalation
release_agent exploit - Relative Paths to PIDs
Docker release_agent cgroups escape
Sensitive Mounts
Namespaces
CGroup Namespace
IPC Namespace
PID Namespace
Mount Namespace
Network Namespace
Time Namespace
User Namespace
UTS Namespace
Seccomp
Weaponizing Distroless
Escaping from Jails
euid, ruid, suid
Interesting Groups - Linux Privesc
lxd/lxc Group - Privilege escalation
Logstash
ld.so privesc exploit example
Linux Active Directory
Linux Capabilities
NFS no_root_squash/no_all_squash misconfiguration PE
Node inspector/CEF debug abuse
Payloads to execute
RunC Privilege Escalation
SELinux
Socket Command Injection
Splunk LPE and Persistence
SSH Forward Agent exploitation
Wildcards Spare tricks
Useful Linux Commands
Bypass Linux Restrictions
Bypass FS protections: read-only / no-exec / Distroless
DDexec / EverythingExec
Linux Environment Variables
Linux Post-Exploitation
PAM - Pluggable Authentication Modules
FreeIPA Pentesting
๐ MacOS Hardening
โ
macOS Security & Privilege Escalation
macOS Apps - Inspecting, debugging and Fuzzing
Objects in memory
Introduction to x64
Introduction to ARM64v8
macOS AppleFS
macOS Bypassing Firewalls
macOS Defensive Apps
macOS GCD - Grand Central Dispatch
macOS Kernel & System Extensions
macOS IOKit
macOS Kernel Extensions
macOS Kernel Vulnerabilities
macOS System Extensions
macOS Network Services & Protocols
macOS File Extension & URL scheme app handlers
macOS Files, Folders, Binaries & Memory
macOS Bundles
macOS Installers Abuse
macOS Memory Dumping
macOS Sensitive Locations & Interesting Daemons
macOS Universal binaries & Mach-O Format
macOS Objective-C
macOS Privilege Escalation
macOS Process Abuse
macOS Dirty NIB
macOS Chromium Injection
macOS Electron Applications Injection
macOS Function Hooking
macOS IPC - Inter Process Communication
macOS MIG - Mach Interface Generator
macOS XPC
macOS XPC Authorization
macOS XPC Connecting Process Check
macOS PID Reuse
macOS xpc_connection_get_audit_token Attack
macOS Thread Injection via Task port
macOS Java Applications Injection
macOS Library Injection
macOS Dyld Hijacking & DYLD_INSERT_LIBRARIES
macOS Dyld Process
macOS Perl Applications Injection
macOS Python Applications Injection
macOS Ruby Applications Injection
macOS .Net Applications Injection
macOS Security Protections
macOS Gatekeeper / Quarantine / XProtect
macOS Launch/Environment Constraints & Trust Cache
macOS Sandbox
macOS Default Sandbox Debug
macOS Sandbox Debug & Bypass
macOS Office Sandbox Bypasses
macOS SIP
macOS TCC
macOS Apple Events
macOS TCC Bypasses
macOS Apple Scripts
macOS TCC Payloads
macOS Dangerous Entitlements & TCC perms
macOS FS Tricks
macOS xattr-acls extra stuff
macOS Users
macOS Red Teaming
macOS MDM
Enrolling Devices in Other Organisations
macOS Serial Number
macOS Keychain
macOS Useful Commands
macOS Auto Start
๐ช Windows Hardening
โ
Checklist - Local Windows Privilege Escalation
Windows Local Privilege Escalation
Abusing Tokens
Access Tokens
ACLs - DACLs/SACLs/ACEs
AppendData/AddSubdirectory permission over service registry
Create MSI with WIX
COM Hijacking
Dll Hijacking
Writable Sys Path +Dll Hijacking Privesc
DPAPI - Extracting Passwords
From High Integrity to SYSTEM with Name Pipes
Integrity Levels
JuicyPotato
Leaked Handle Exploitation
MSI Wrapper
Named Pipe Client Impersonation
Privilege Escalation with Autoruns
RoguePotato, PrintSpoofer, SharpEfsPotato, GodPotato
SeDebug + SeImpersonate copy token
SeImpersonate from High To System
Windows C Payloads
Active Directory Methodology
Abusing Active Directory ACLs/ACEs
Shadow Credentials
AD Certificates
AD CS Account Persistence
AD CS Domain Escalation
AD CS Domain Persistence
AD CS Certificate Theft
AD information in printers
AD DNS Records
ASREPRoast
BloodHound & Other AD Enum Tools
Constrained Delegation
Custom SSP
DCShadow
DCSync
Diamond Ticket
DSRM Credentials
External Forest Domain - OneWay (Inbound) or bidirectional
External Forest Domain - One-Way (Outbound)
Golden Ticket
Kerberoast
Kerberos Authentication
Kerberos Double Hop Problem
LAPS
MSSQL AD Abuse
Over Pass the Hash/Pass the Key
Pass the Ticket
Password Spraying / Brute Force
PrintNightmare
Force NTLM Privileged Authentication
Privileged Groups
RDP Sessions Abuse
Resource-based Constrained Delegation
Security Descriptors
SID-History Injection
Silver Ticket
Skeleton Key
Unconstrained Delegation
Windows Security Controls
UAC - User Account Control
NTLM
Places to steal NTLM creds
Lateral Movement
AtExec / SchtasksExec
DCOM Exec
PsExec/Winexec/ScExec
SmbExec/ScExec
WinRM
WmicExec
Pivoting to the Cloud
Stealing Windows Credentials
Windows Credentials Protections
Mimikatz
WTS Impersonator
Basic Win CMD for Pentesters
Basic PowerShell for Pentesters
PowerView/SharpView
Antivirus (AV) Bypass
๐ฑ Mobile Pentesting
โ
Android APK Checklist
Android Applications Pentesting
Android Applications Basics
Android Task Hijacking
ADB Commands
APK decompilers
AVD - Android Virtual Device
Bypass Biometric Authentication (Android)
content:// protocol
Drozer Tutorial
Exploiting Content Providers
Exploiting a debuggeable application
Frida Tutorial
Frida Tutorial 1
Frida Tutorial 2
Frida Tutorial 3
Objection Tutorial
Google CTF 2018 - Shall We Play a Game?
Install Burp Certificate
Intent Injection
Make APK Accept CA Certificate
Manual DeObfuscation
React Native Application
Reversing Native Libraries
Smali - Decompiling/[Modifying]/Compiling
Spoofing your location in Play Store
Tapjacking
Webview Attacks
iOS Pentesting Checklist
iOS Pentesting
iOS App Extensions
iOS Basics
iOS Basic Testing Operations
iOS Burp Suite Configuration
iOS Custom URI Handlers / Deeplinks / Custom Schemes
iOS Extracting Entitlements From Compiled Application
iOS Frida Configuration
iOS Hooking With Objection
iOS Protocol Handlers
iOS Serialisation and Encoding
iOS Testing Environment
iOS UIActivity Sharing
iOS Universal Links
iOS UIPasteboard
iOS WebViews
Cordova Apps
Xamarin Apps
๐ฝ Network Services Pentesting
โ
Pentesting JDWP - Java Debug Wire Protocol
Pentesting Printers
Pentesting SAP
Pentesting VoIP
Basic VoIP Protocols
SIP (Session Initiation Protocol)
Pentesting Remote GdbServer
7/tcp/udp - Pentesting Echo
21 - Pentesting FTP
FTP Bounce attack - Scan
FTP Bounce - Download 2ยบFTP file
22 - Pentesting SSH/SFTP
23 - Pentesting Telnet
25,465,587 - Pentesting SMTP/s
SMTP Smuggling
SMTP - Commands
43 - Pentesting WHOIS
49 - Pentesting TACACS+
53 - Pentesting DNS
69/UDP TFTP/Bittorrent-tracker
79 - Pentesting Finger
80,443 - Pentesting Web Methodology
403 & 401 Bypasses
AEM - Adobe Experience Cloud
Angular
Apache
Artifactory Hacking guide
Bolt CMS
Buckets
Firebase Database
CGI
DotNetNuke (DNN)
Drupal
Drupal RCE
Electron Desktop Apps
Electron contextIsolation RCE via preload code
Electron contextIsolation RCE via Electron internal code
Electron contextIsolation RCE via IPC
Flask
NodeJS Express
Git
Golang
GWT - Google Web Toolkit
Grafana
GraphQL
H2 - Java SQL database
IIS - Internet Information Services
ImageMagick Security
JBOSS
JIRA
Joomla
JSP
Laravel
Moodle
Nginx
PHP Tricks
PHP - Useful Functions & disable_functions/open_basedir bypass
disable_functions bypass - php-fpm/FastCGI
disable_functions bypass - dl function
disable_functions bypass - PHP 7.0-7.4 (*nix only)
disable_functions bypass - Imagick <= 3.3.0 PHP >= 5.4 Exploit
disable_functions - PHP 5.x Shellshock Exploit
disable_functions - PHP 5.2.4 ionCube extension Exploit
disable_functions bypass - PHP <= 5.2.9 on windows
disable_functions bypass - PHP 5.2.4 and 5.2.5 PHP cURL
disable_functions bypass - PHP safe_mode bypass via proc_open() and custom environment Exploit
disable_functions bypass - PHP Perl Extension Safe_mode Bypass Exploit
disable_functions bypass - PHP 5.2.3 - Win32std ext Protections Bypass
disable_functions bypass - PHP 5.2 - FOpen Exploit
disable_functions bypass - via mem
disable_functions bypass - mod_cgi
disable_functions bypass - PHP 4 >= 4.2.0, PHP 5 pcntl_exec
PHP - RCE abusing object creation: new $_GET["a"]($_GET["b"])
PHP SSRF
Python
Rocket Chat
Special HTTP headers
Source code Review / SAST Tools
Spring Actuators
Symfony
Tomcat
Basic Tomcat Info
Uncovering CloudFlare
VMWare (ESX, VCenter...)
Web API Pentesting
WebDav
Werkzeug / Flask Debug
Wordpress
88tcp/udp - Pentesting Kerberos
Harvesting tickets from Windows
Harvesting tickets from Linux
110,995 - Pentesting POP
111/TCP/UDP - Pentesting Portmapper
113 - Pentesting Ident
123/udp - Pentesting NTP
135, 593 - Pentesting MSRPC
137,138,139 - Pentesting NetBios
139,445 - Pentesting SMB
rpcclient enumeration
143,993 - Pentesting IMAP
161,162,10161,10162/udp - Pentesting SNMP
Cisco SNMP
SNMP RCE
194,6667,6660-7000 - Pentesting IRC
264 - Pentesting Check Point FireWall-1
389, 636, 3268, 3269 - Pentesting LDAP
500/udp - Pentesting IPsec/IKE VPN
502 - Pentesting Modbus
512 - Pentesting Rexec
513 - Pentesting Rlogin
514 - Pentesting Rsh
515 - Pentesting Line Printer Daemon (LPD)
548 - Pentesting Apple Filing Protocol (AFP)
554,8554 - Pentesting RTSP
623/UDP/TCP - IPMI
631 - Internet Printing Protocol(IPP)
700 - Pentesting EPP
873 - Pentesting Rsync
1026 - Pentesting Rusersd
1080 - Pentesting Socks
1098/1099/1050 - Pentesting Java RMI - RMI-IIOP
1414 - Pentesting IBM MQ
1433 - Pentesting MSSQL - Microsoft SQL Server
Types of MSSQL Users
1521,1522-1529 - Pentesting Oracle TNS Listener
1723 - Pentesting PPTP
1883 - Pentesting MQTT (Mosquitto)
2049 - Pentesting NFS Service
2301,2381 - Pentesting Compaq/HP Insight Manager
2375, 2376 Pentesting Docker
3128 - Pentesting Squid
3260 - Pentesting ISCSI
3299 - Pentesting SAPRouter
3306 - Pentesting Mysql
3389 - Pentesting RDP
3632 - Pentesting distcc
3690 - Pentesting Subversion (svn server)
3702/UDP - Pentesting WS-Discovery
4369 - Pentesting Erlang Port Mapper Daemon (epmd)
4786 - Cisco Smart Install
4840 - OPC Unified Architecture
5000 - Pentesting Docker Registry
5353/UDP Multicast DNS (mDNS) and DNS-SD
5432,5433 - Pentesting Postgresql
5439 - Pentesting Redshift
5555 - Android Debug Bridge
5601 - Pentesting Kibana
5671,5672 - Pentesting AMQP
5800,5801,5900,5901 - Pentesting VNC
5984,6984 - Pentesting CouchDB
5985,5986 - Pentesting WinRM
5985,5986 - Pentesting OMI
6000 - Pentesting X11
6379 - Pentesting Redis
8009 - Pentesting Apache JServ Protocol (AJP)
8086 - Pentesting InfluxDB
8089 - Pentesting Splunkd
8333,18333,38333,18444 - Pentesting Bitcoin
9000 - Pentesting FastCGI
9001 - Pentesting HSQLDB
9042/9160 - Pentesting Cassandra
9100 - Pentesting Raw Printing (JetDirect, AppSocket, PDL-datastream)
9200 - Pentesting Elasticsearch
10000 - Pentesting Network Data Management Protocol (ndmp)
11211 - Pentesting Memcache
Memcache Commands
15672 - Pentesting RabbitMQ Management
24007,24008,24009,49152 - Pentesting GlusterFS
27017,27018 - Pentesting MongoDB
44134 - Pentesting Tiller (Helm)
44818/UDP/TCP - Pentesting EthernetIP
47808/udp - Pentesting BACNet
50030,50060,50070,50075,50090 - Pentesting Hadoop
๐ธ๏ธ Pentesting Web
โ
Web Vulnerabilities Methodology
Reflecting Techniques - PoCs and Polygloths CheatSheet
Web Vulns List
2FA/OTP Bypass
Account Takeover
Browser Extension Pentesting Methodology
BrowExt - ClickJacking
BrowExt - permissions & host_permissions
BrowExt - XSS Example
Bypass Payment Process
Captcha Bypass
Cache Poisoning and Cache Deception
Cache Poisoning to DoS
Clickjacking
Client Side Template Injection (CSTI)
Client Side Path Traversal
Command Injection
Content Security Policy (CSP) Bypass
CSP bypass: self + 'unsafe-inline' with Iframes
Cookies Hacking
Cookie Tossing
Cookie Jar Overflow
Cookie Bomb
CORS - Misconfigurations & Bypass
CRLF (%0D%0A) Injection
CSRF (Cross Site Request Forgery)
Dangling Markup - HTML scriptless injection
SS-Leaks
Dependency Confusion
Deserialization
NodeJS - __proto__ & prototype Pollution
Client Side Prototype Pollution
Express Prototype Pollution Gadgets
Prototype Pollution to RCE
Java JSF ViewState (.faces) Deserialization
Java DNS Deserialization, GadgetProbe and Java Deserialization Scanner
Basic Java Deserialization (ObjectInputStream, readObject)
PHP - Deserialization + Autoload Classes
CommonsCollection1 Payload - Java Transformers to Rutime exec() and Thread Sleep
Basic .Net deserialization (ObjectDataProvider gadget, ExpandedWrapper, and Json.Net)
Exploiting __VIEWSTATE knowing the secrets
Exploiting __VIEWSTATE without knowing the secrets
Python Yaml Deserialization
JNDI - Java Naming and Directory Interface & Log4Shell
Domain/Subdomain takeover
Email Injections
File Inclusion/Path traversal
phar:// deserialization
LFI2RCE via PHP Filters
LFI2RCE via Nginx temp files
LFI2RCE via PHP_SESSION_UPLOAD_PROGRESS
LFI2RCE via Segmentation Fault
LFI2RCE via phpinfo()
LFI2RCE Via temp file uploads
LFI2RCE via Eternal waiting
LFI2RCE Via compress.zlib + PHP_STREAM_PREFER_STUDIO + Path Disclosure
File Upload
PDF Upload - XXE and CORS bypass
Formula/CSV/Doc/LaTeX/GhostScript Injection
gRPC-Web Pentest
HTTP Connection Contamination
HTTP Connection Request Smuggling
HTTP Request Smuggling / HTTP Desync Attack
Browser HTTP Request Smuggling
Request Smuggling in HTTP/2 Downgrades
HTTP Response Smuggling / Desync
Upgrade Header Smuggling
hop-by-hop headers
IDOR
Integer Overflow
JWT Vulnerabilities (Json Web Tokens)
LDAP Injection
Login Bypass
Login bypass List
NoSQL injection
OAuth to Account takeover
Open Redirect
Parameter Pollution
Phone Number Injections
PostMessage Vulnerabilities
Blocking main page to steal postmessage
Bypassing SOP with Iframes - 1
Bypassing SOP with Iframes - 2
Steal postmessage modifying iframe location
Proxy / WAF Protections Bypass
Race Condition
Rate Limit Bypass
Registration & Takeover Vulnerabilities
Regular expression Denial of Service - ReDoS
Reset/Forgotten Password Bypass
SAML Attacks
SAML Basics
Server Side Inclusion/Edge Side Inclusion Injection
SQL Injection
MS Access SQL Injection
MSSQL Injection
MySQL injection
MySQL File priv to SSRF/RCE
Oracle injection
Cypher Injection (neo4j)
PostgreSQL injection
dblink/lo_import data exfiltration
PL/pgSQL Password Bruteforce
Network - Privesc, Port Scanner and NTLM chanllenge response disclosure
Big Binary Files Upload (PostgreSQL)
RCE with PostgreSQL Languages
RCE with PostgreSQL Extensions
SQLMap - Cheetsheat
Second Order Injection - SQLMap
SSRF (Server Side Request Forgery)
URL Format Bypass
SSRF Vulnerable Platforms
Cloud SSRF
SSTI (Server Side Template Injection)
EL - Expression Language
Jinja2 SSTI
Reverse Tab Nabbing
Unicode Injection
Unicode Normalization
WebSocket Attacks
Web Tool - WFuzz
XPATH injection
XSLT Server Side Injection (Extensible Stylesheet Language Transformations)
XXE - XEE - XML External Entity
XSS (Cross Site Scripting)
Abusing Service Workers
Chrome Cache to XSS
Debugging Client Side JS
Dom Clobbering
DOM Invader
DOM XSS
Iframes in XSS, CSP and SOP
JS Hoisting
Misc JS Tricks & Relevant Info
PDF Injection
Server Side XSS (Dynamic PDF)
Shadow DOM
SOME - Same Origin Method Execution
Sniff Leak
Steal Info JS
XSS in Markdown
XSSI (Cross-Site Script Inclusion)
XS-Search/XS-Leaks
Connection Pool Examples
Connection Pool by Destination Example
Cookie Bomb + Onerror XS Leak
URL Max Length - Client Side
performance.now example
performance.now + Force heavy task
Event Loop Blocking + Lazy images
JavaScript Execution XS Leak
CSS Injection
CSS Injection Code
โ๏ธ Cloud Security
โ
Pentesting Kubernetes
Pentesting Cloud (AWS, GCP, Az...)
Pentesting CI/CD (Github, Jenkins, Terraform...)
๐ Hardware/Physical Access
โ
Physical Attacks
Escaping from KIOSKs
Firmware Analysis
Bootloader testing
Firmware Integrity
๐ฏ Binary Exploitation
โ
Basic Binary Exploitation Methodology
ELF Basic Information
Exploiting Tools
PwnTools
Stack Overflow
Pointer Redirecting
Ret2win
Ret2win - arm64
Stack Shellcode
Stack Shellcode - arm64
Stack Pivoting - EBP2Ret - EBP chaining
Uninitialized Variables
ROP - Return Oriented Programing
BROP - Blind Return Oriented Programming
Ret2csu
Ret2dlresolve
Ret2esp / Ret2reg
Ret2lib
Leaking libc address with ROP
Leaking libc - template
One Gadget
Ret2lib + Printf leak - arm64
Ret2syscall
Ret2syscall - ARM64
Ret2vDSO
SROP - Sigreturn-Oriented Programming
SROP - ARM64
Array Indexing
Integer Overflow
Format Strings
Format Strings - Arbitrary Read Example
Format Strings Template
Heap
Bins & Memory Allocations
Heap Memory Functions
free
malloc & sysmalloc
unlink
Heap Functions Security Checks
Use After Free
First Fit
Double Free
Unlink Attack
Fast Bin Attack
Unsorted Bin Attack
Large Bin Attack
Off by one overflow
House of Spirit
House of Lore
House of Einherjar
House of Force
House of Orange
House of Rabbit
House of Roman
Heap Overflow
Common Binary Exploitation Protections & Bypasses
ASLR
Ret2plt
Ret2ret & Reo2pop
CET & Shadow Stack
Libc Protections
Memory Tagging Extension (MTE)
No-exec / NX
PIE
BF Addresses in the Stack
Relro
Stack Canaries
BF Forked & Threaded Stack Canaries
Print Stack Canary
Write What Where 2 Exec
WWW2Exec - atexit()
WWW2Exec - .dtors & .fini_array
WWW2Exec - GOT/PLT
WWW2Exec - __malloc_hook
Common Exploiting Problems
Windows Exploiting (Basic Guide - OSCP lvl)
๐ฉ Reversing
โ
Reversing Tools & Basic Methods
Angr
Angr - Examples
Z3 - Satisfiability Modulo Theories (SMT)
Cheat Engine
Blobrunner
Common API used in Malware
Word Macros
๐ฎ Crypto & Stego
โ
Cryptographic/Compression Algorithms
Unpacking binaries
Certificates
Cipher Block Chaining CBC-MAC
Crypto CTFs Tricks
Electronic Code Book (ECB)
Hash Length Extension Attack
Padding Oracle
RC4 - Encrypt&Decrypt
Stego Tricks
Esoteric languages
Blockchain & Crypto Currencies
๐ฆ C2
โ
Salseo
ICMPsh
Cobalt Strike
โ๏ธ TODO
โ
Other Big References
Rust Basics
More Tools
MISC
Pentesting DNS
Hardware Hacking
I2C
UART
Radio
JTAG
SPI
Industrial Control Systems Hacking
Modbus Protocol
Radio Hacking
Pentesting RFID
Infrared
Sub-GHz RF
iButton
Flipper Zero
FZ - NFC
FZ - Sub-GHz
FZ - Infrared
FZ - iButton
FZ - 125kHz RFID
Proxmark 3
FISSURE - The RF Framework
Low-Power Wide Area Network
Pentesting BLE - Bluetooth Low Energy
Industrial Control Systems Hacking
Burp Suite
Other Web Tricks
Interesting HTTP
Emails Vulnerabilities
Android Forensics
TR-069
6881/udp - Pentesting BitTorrent
Online Platforms with API
Stealing Sensitive Information Disclosure from a Web
Post Exploitation
Cookies Policy