Knowledge Base
OFFENSIVE SECURITY
SKILL STACK
Complete breakdown of the offensive cybersecurity methodology — from initial recon through reporting. Click any domain to expand skills and techniques.
01
RECON & ENUMERATION
4 skills
▶
OSINT
Public intelligence from social media, WHOIS, cert logs, job postings, and leaked credentials.
theHarvesterMaltegoShodan
Subdomain Enumeration
Finding forgotten subdomains exposing dev environments and admin panels.
AmassSubfinderdnsx
DNS Analysis
Extracting infrastructure layout, mail servers, SPF/DMARC misconfigs, and zone transfers.
digdnsenumfierce
Attack Surface Mapping
Aggregating all discovered assets into a unified external attack surface picture.
ShodanCensysNuclei
02
WEB EXPLOITATION
5 skills
▶
03
API SECURITY
4 skills
▶
04
NETWORK ATTACKS
4 skills
▶
05
EXPLOITATION
4 skills
▶
06
POST-EXPLOITATION
4 skills
▶
07
AUTOMATION & TOOLING
4 skills
▶
08
REPORTING
4 skills
▶
Quick Reference
TOOLS
ARSENAL
Recon
- Amass
- Subfinder
- theHarvester
- Shodan
- Maltego
- dnsx / dig
Web Testing
- Burp Suite
- OWASP ZAP
- sqlmap
- dalfox / XSStrike
- ffuf / gobuster
- Nikto
Network
- Nmap / Masscan
- Wireshark
- Responder
- CrackMapExec
- Bettercap
- enum4linux
Exploitation
- Metasploit / MSFvenom
- searchsploit
- LinPEAS / WinPEAS
- GTFOBins / LOLBAS
- pwncat / socat
- Impacket
AD / Windows
- BloodHound
- CrackMapExec
- Mimikatz
- Rubeus
- PowerView
- ldapsearch
Automation
- Python 3 / requests
- scapy / pwntools
- Nuclei
- Bash scripting
- jq / xargs
- paramiko