Cheat Sheets

Direct links to different PentestWiki sections with cheat sheets for easy access:

MsfvenomMeterpreterPrivilege EscalationPivotingDirectory TraversalEnumeration

INFRASTRUCTURE PENETRATION TESTING

The most important foundation in Penetration Testing and Read Team Operations based on standards such as PTES, CEH, OSSTMM among others

● PHASE I: Reconnaissance

● PHASE II: Scanning

● PHASE III: Enumeration

● PHASE IV: Exploitation

● PHASE V: Post exploitation

● PHASE VI: Covering Tracks

● PHASE VII: Lateral Movement

WEB APPLICATION PENETRATION TESTING

Learn how to perform Web Application Penetration Testing to test websites, APIs, SQL injections, SSL/TLS attacks and OWASP TOP 10

Intro to web application testing

Types of Web Application Attacks

OWASP TOP 10 explained

Attacks on SSL/TLS protocols

Webpentest through SOCKS proxy

Tools for Web Penetration Testing

MOBILE APPLICATION PENETRATION TESTING

Learn how to hack mobile apps for Android and iOS and protect them against tampering

Static Analysis for Android and iOS

Dynamic Analysis for Android and iOS

Protections to mitigate attacks

RED TEAMING

Red teaming tools to test defensive systems and simulate advanced attacks

Tools and Frameworks for RED TEAMS

Tools and Frameworks for BLUE TEAMS

Tools and Frameworks for APPLICATION SECURITY

BLOCKCHAIN SECURITY

Learn Blockchain attacks and smart contracts vulnerabilities.

Blockchain Security Attacks Review

● Smart Contract Security Tools

● Blockchain Block Explorers

Latest from blog

Because Computer Security matters…

Cybersecurity Android Apps

How to hijack Android OS calls with Frida

LEVEL: ADVANCED When we are performing a pentest on an Android app, sometimes is useful to get the parameters that the application is sending through a function or even hijack[…]

Read more

Web3 Security Cheat Sheet

Solidity Attacks var misusetx.origin vs. msg.sendersend() vs. transfer()DOS in for/while if user can control mapping lengthvariables scope in inheritance: public vs. internalunfiltered variablesinteger overflowsselfdestructInheritance methods overrideproxy constructors hijacking: initialize() or init()DELEGATECALL transferOwnership() exploitationfallback function() {} DeFi Attacks Amount encoding: 0xFFF, 1e-100change source address[…]

Read more
Cybersecurity Android Apps

How to reverse engineer any Android game using Unity

LEVEL: ADVANCED Download https://github.com/Perfare/Il2CppDumper (Unity il2cpp reverse engineer) Now open package_re\DummyDll\Assembly-CSharp.dll with DnSpy. Also you can use the following Frida wrapper to save time: https://github.com/vfsfitvnm/frida-il2cpp-bridge How useful was this post? Click on a star to rate[…]

Read more

How useful was this post?

Click on a star to rate it!

Average rating 4 / 5. Vote count: 84

No votes so far! Be the first to rate this post.