1. Pen Testing
1.1. Web App
1.1.1. XXE - XML External Entity injection
1.1.1.1. Types
1.1.1.1.1. XXE
1.1.1.1.2. XEE
1.1.1.2. Tools
1.1.1.2.1. BurpSuit
1.1.1.2.2. Fiddler
1.1.1.2.3. Browsers
1.1.1.2.4. beef
1.1.1.3. Commands/Cheatsheet
1.1.1.3.1. For remote file/password file iteration in linux
1.1.1.4. References
1.1.1.4.1. What is XXE (XML external entity) injection? Tutorial & Examples | Web Security Academy
1.1.1.4.2. https://portswigger.net/web-security/xxe/blind
1.1.2. XSS
1.1.2.1. Persisted
1.1.2.2. Reflected
1.1.2.3. DOM based
1.1.3. CSRF
1.1.4. SSRF
1.1.5. Tools
1.1.5.1. BurpSuit
1.1.5.2. httrack
1.1.5.3. owaspzap
1.1.5.4. paros
1.2. Windows
1.2.1. Command Injection
1.2.1.1. Commix
1.2.2. commands
1.2.2.1. >type c:\boot.ini
1.2.2.2. net share
1.2.2.3. net user
1.2.2.4. net localgroup administrators bacon /ADD
1.2.2.5. set cmd type f:\\tools\\phi.txt in xp_cmd_shell
1.2.2.6. netsh firewall set opmode disable
1.2.2.7. NetSh Advfirewall set allprofiles state off.
1.2.2.8. type g:\phi.txt
1.2.2.9. runas /user:domainname\username program
1.2.2.10. runas /user:administrator regedit
1.2.2.11. runas /user:username "program argument1 argument2 ..."
1.3. Linux
1.4. Database
1.4.1. SQL Injection
1.4.1.1. Types
1.4.1.1.1. Blind
1.4.1.1.2. Timebased
1.4.1.2. Tools
1.4.1.2.1. SqlMap
1.4.1.3. Commands
1.4.1.4. References
1.5. Mobile
1.6. Network
1.6.1. wireshark
1.6.2. ettercap
1.6.3. nc -netcat
1.6.3.1. Linux and Unix Port Scanning With netcat [nc] Command - nixCraft
1.6.4. namp
1.6.4.1. Deeper Scanning with nmap
1.7. Forensic
1.7.1. binwalk
1.7.2. mimikatz
1.7.3. larger log analysis
1.8. Reporting
1.8.1. maltego
1.8.2. faryday
1.9. Recon
1.9.1. namp
1.9.2. SET
1.9.3. Nessus
1.9.4. Recon-ng
1.9.5. nikto
1.9.6. dnmap
1.9.7. Golismero
1.10. Other Tools
1.10.1. MetaSploit
1.10.2. SET
1.10.3. OWASP zap
1.10.4. Metasploitable
1.10.4.1. https://www.offensive-security.com/metasploit-unleashed/msfconsole-commands/
1.10.4.2. Commands
1.10.4.2.1. Grep
1.10.4.2.2. use
1.10.4.2.3. show
1.10.4.2.4. exploits
1.10.4.2.5. Payloads
1.10.4.2.6. encoders
1.10.4.2.7. nops
1.10.4.2.8. auxiliary
1.10.4.2.9. run or exploit
1.10.4.2.10. check
1.10.5. nishang
1.10.6. powersploit
1.11. Fuzzing
1.11.1. Boofuzz
1.12. Password
1.13. Cryptograpy
1.13.1. XOR
1.13.2. Base64
1.13.3. Ceaser
1.13.4. AES
1.13.5. Rolling cipher
1.14. Reverse Eingineering
1.14.1. Android
1.14.1.1. APK Toolkit
1.14.1.2. dex2jar
1.14.2. flasm
1.14.3. Windows
1.14.3.1. exe2hex
1.14.4. mimikatz
1.14.5. binwalk
1.15. Misc
1.15.1. proxychains
1.15.2. tor
1.15.3. proxies
1.15.4. grep
1.15.4.1. How to Use the Grep Command
1.15.5. Exploits
1.15.5.1. Offensive Security’s Exploit Database Archive
1.16. Practices Boxes
1.16.1. VulnHub
1.16.2. HackTheBox
1.16.3. OSCP Lab boxes
2. CTF
2.1. Sites
2.1.1. HackerOne CTF - Hacker101 CTF
2.1.1.1. my Findings Writeups link
3. Bug Bounties
3.1. Sites
3.1.1. Bug Bounty HackerOne
3.1.1.1. Project erors
3.1.1.1.1. No findings
4. Certifications
4.1. GDPR
4.2. Complete Cyber Security
4.3. OSCP
4.4. CISSP
4.5. CompTia Security+
4.6. CEH
4.7. SANS 401
4.8. OWASP ZAP
4.9. MetaSploit Rapid7
4.10. AWS Solution Architect
4.10.1. In-Progress