Skip to content
HackAllTheThings
Security Metrics
Initializing search
GitHub
HackAllTheThings
GitHub
Hack All The Things
AI & LLMS
Adversary Simulation
Binary Exploitation
Data Protection
DevOps
DevSecOps
Development Resources
IAM, AuthN & AuthZ
Mail Security
OSINT
Security Metrics
Security Metrics
Table of contents
Resources
Segmentation Testing
Threat Modeling
Time-of-check-to-time-of-use
Vulnerability Scanning
Active Directory Assessment
Active Directory Assessment
Checklist
DNS Exfiltration
Delegation
Exchange
Fundmentals
Local Privilege Escalation - Work in progress
PowerView Dev Cheatsheet
Remote Enumeration
Mimikatz
Android Application Testing
Android Application Testing
Apache Cordova
Flutter
Frida
Learning Resources
My Testing Enviroment
Smali
Xamarin
Certifications
Certifications
OASP
OSEP
OSWE
Cheatsheets
Cheatsheets
AWS Cli Cheatsheet
Bettercap
Frida & Objection cheatsheet
WebApplication Tooling
Configure WinDBG
adb Cheatsheet
Drozer cheatsheet
Jdb cheatsheet
R2frida cheatsheet
Cloud
Cloud
AWS Assessment
Azure AD Assessment
Azure
Azure Hardening Checklist
Azure best practices for network security
GCP Assessement
Kubernetes Assessment
Platform Agnostic Testing
Terraform Assessment
Code Snippets
Code Snippets
Hooking events using Inotify in C
C Linux Bind Shell
CMD Library
Databases
Databases
HSQLDB
MySQL
PSQL
SqlLite
Desktop Application Testing
Desktop Application Testing
C++ Win32 Applications
Checklist
Frida Windows
Hooking into an ELF binary
Tips and tricks
Win32 Internals
Evasion
Evasion
AMSI Bypass
Abusing Signed Executables
DNS Staging
Resources
Exploit Development
Exploit Development
Learning Resources
WinDbg
Msfvenom
Infrastructure Pen test
Infrastructure Pen test
ARP
Automation
DNS
DNS Rebind Attacks
Fundamentals
IPv6
MSRPC
Port Scan
Resources
SMB
SMTP
SSH
Sniffing
gRPC
IoT Testing
IoT Testing
Embedded Linux
Linux
Linux
Convert Debain to Kali
Kerberos
Local Machine Persistence
Miscellaneous
Privilege Escalation Checklist
Miscellaneous
Miscellaneous
Binaries
Convert Debain to Kali
Crypto Attacks
Empire 4.0
Git
Hashcat
Interesting Reads
My host setup
PWN
Physical Attacks
Pivot & Tunnel
Scripting
Sharing Wifi from a Windows Device
Interactive Shells
Simple Servers
Social Engineering
Tunneling
Wordlists
jq
mTLS
neo4j
Research
Research
Request Smuggling
Risk & Severity Assessment
Risk & Severity Assessment
CVSS 3.1
CVSS Shortcomings
DREAD
OWASP Risk Rating
OWASP Shortcomings
Secure Architecture & Design
Secure Architecture & Design
Principles & High-Level Concepts
Secure Network Design
Security Consultation
Security Consultation
Obtaining Authorization
Scoping
Prerequisites checklists
Prerequisites checklists
Cloud Config Reviews
Web Application and API Penetration testing
Server Administration
Server Administration
2FA SSH
Headscale Work in progress
Nginx Work in Progress
SEO Optimization
VPNs
Source Code Review
Source Code Review
Bash Scripting
DotNet Debugging
Java
Database Logging
Methodology
Misc
Node
PHP
Python Debugging
Resources
Tooling
Java
Technical Writing
Technical Writing
Grammar
Public Pen test reports
Technical Writing for Educators - Work in progress
Technical Writing for Engineers
Writing Checklist
Writing Error Messages Checklist
Writing Helpful Error Messages
Technologies Explained
Technologies Explained
Tailscale
Web Applications testing
Web Applications testing
Burp Suite
CMS
Resources
Salesforce Testing
Technology Fingerprinting
Testing Payment Integration Platforms
Tips and Tricks
WAF & Directory Brute Forcing
API
API
API Testing Checklist
API Tooling
Resources
Attacks
Attacks
AWS LocalStack
CORS
CSRF
CSV Injection
ClickJacking
Dangling markup injection
OGN/Expression Language Injection
HTTP Host header
LDAP Injection
Logic Attacks
Methodoloy
Misc
Modern Web Bugs
OAuth Workflow
Padding Oracle Attack
SSL Certificate
SSRF
SSTI
Serialization
Server Side Include/SSI
WAF bypass
Web cache poisoning
WebSockets & WebWorkers
XSLT Engines
XSS
Mitigations & Compensating Controls
Mitigations & Compensating Controls
CORS
CSP and XSS Protection
MIME Sniffing
SSL Strip attack
Same Site Cookies
X-Frame-Options
iOS Application Testing
iOS Application Testing
Basics
Burp Suite Setup
Connect to Shell Over USB
Extract IPA From AppStore Application
Frida Setup
Frida
LLDB
Learning Resource
Mobile Device Management (MDM)
My Setup
Objection
Reversing iOS Apps
Tweaks
Xamarin
Table of contents
Resources
Security Metrics
Resources
Cross-Sector Cybersecurity Performance Goals | CISA