- Stress testing for availability
- Exploit resources
- Exploit database (DB)
- Packet storm
- Attacks
- ARP poisoning
- Exploit chaining
- Password attacks
- Password spraying
- Hash cracking
- Brute force
- Dictionary
- On-path (previously known as man-in-the-middle)
- Kerberoasting
- DNS cache poisoning
- Virtual local area network (VLAN) hopping
- Network access control (NAC) bypass
- Media access control (MAC) spoofing
- Link-Local Multicast Name Resolution (LLMNR)/NetBIOS-Name Service (NBT-NS) poisoning
- New Technology LAN Manager (NTLM) relay attacks
- Tools
- Metasploit
- Netcat
- Nmap
- Attack methods
- Eavesdropping
- Data modification
- Data corruption
- Relay attacks
- Spoofing
- Deauthentication
- Jamming
- Capture handshakes
- On-path
- Attacks
- Evil twin
- Captive portal
- Bluejacking
- Bluesnarfing
- Radio-frequency identification (RFID) cloning
- Bluetooth Low Energy (BLE) attack
- Amplification attacks [Near-field communication (NFC)]
- WiFi protected setup (WPS) PIN attack
- Tools
- Aircrack-ng suite
- Amplified antenna
- OWASP Top 10
- Server-side request forgery
- Business logic flaws
- Injection attacks
- Structured Query Language (SQL) injection
- Blind SQL
- Boolean SQL
- Stacked queries
- Command injection
- Cross-site scripting
- Persistent
- Reflected
- Lightweight Directory Access Protocol (LDAP) injection
- Application vulnerabilities
- Race conditions
- Lack of error handling
- Lack of code signing
- Insecure data transmission
- Session attacks
- Session hijacking
- Cross-site request forgery (CSRF)
- Privilege escalation
- Session replay
- Session fixation
- API attacks
- Restful
- Extensible Markup Language- Remote Procedure Call (XML-RPC)
- Soap
- Directory traversal
- Tools
- Web proxies
- OWASP Zed Attack Proxy (ZAP)
- Burp Suite community edition
- SQLmap
- DirBuster
- Resources
- Word lists
- Attacks
- Credential harvesting
- Privilege escalation
- Account takeover
- Metadata service attack
- Misconfigured cloud assets
- Identity and access management (IAM)
- Federation misconfigurations
- Object storage
- Containerization technologies
- Resource exhaustion
- Cloud malware injection attacks
- Denial-of-service attacks
- Side-channel attacks
- Direct-to-origin attacks
- Tools
- Software development kit (SDK)
- Mobile
- Attacks
- Reverse engineering
- Sandbox analysis
- Spamming
- Vulnerabilities
- Insecure storage
- Passcode vulnerabilities
- Certificate pinning
- Using known vulnerable components
- Dependency vulnerabilities
- Patching fragmentation
- Execution of activities using root
- Over-reach of permissions
- Biometrics integrations
- Business logic vulnerabilities
- Tools
- Burp Suite
- Drozer
- Needle
- Mobile Security Framework (MobSF)
- Postman
- Ettercap
- Frida
- Objection
- Android SDK tools
- Androzer
- ApkX
- APK Studio
- Attacks
- Internet of Things (IoT) devices
- BLE attacks
- Special considerations
- Fragile environment
- Availability concerns
- Data corruption
- Data exfiltration
- Vulnerabilities
- Insecure defaults
- Cleartext communication
- Hard-coded configurations
- Outdated firmware/hardware
- Data leakage
- Use of insecure or outdated components
- Data storage system vulnerabilities
- Misconfigurations—on-premises and cloud-based
- Default/blank username/password
- Network exposure
- Lack of user input sanitization
- Underlying software vulnerabilities
- Error messages and debug handling
- Injection vulnerabilities
- Single quote method
- Misconfigurations—on-premises and cloud-based
- Management interface vulnerabilities
- Intelligent platform management interface (IPMI)
- Vulnerabilities related to supervisorycontrol and data acquisition (SCADA)/Industrial Internet of Things (IIoT)/ industrial control system (ICS)
- Vulnerabilities related to virtual environments
- Virtual machine (VM) escape
- Hypervisor vulnerabilities
- VM repository vulnerabilities
- Vulnerabilities related to containerized workloads
- Pretext for an approach
- Social engineering attacks
- Email phishing
- Whaling
- Spear phishing
- Vishing
- Short message service (SMS) phishing
- Universal Serial Bus (USB) drop key
- Watering hole attack
- Email phishing
- Physical attacks
- Tailgating
- Dumpster diving
- Shoulder surfing
- Badge cloning
- Impersonation
- Tools
- Browser exploitation framework (BeEF)
- Social engineering toolkit
- Call spoofing tools
- Methods of influence
- Authority
- Scarcity
- Social proof
- Urgency
- Likeness
- Fear
- Post-exploitation tools
- Empire
- Mimikatz
- BloodHound
- Lateral movement
- Pass the hash
- Network segmentation testing
- Privilege escalation
- Horizontal
- Vertical
- Upgrading a restrictive shell
- Creating a foothold/persistence
- Trojan
- Backdoor
- Bind shell
- Reverse shell
- Daemons
- Scheduled tasks
- Detection avoidance
- Living-off-the-land techniques/fileless malware - PsExec - Windows Management Instrumentation (WMI) - PowerShell (PS) remoting/Windows Remote Management (WinRM)
- Data exfiltration
- Covering your tracks
- Steganography
- Establishing a covert channel
- Enumeration
- Users
- Groups
- Forests
- Sensitive data
- Unencrypted files