Topics We Cover
Web
- Hidden routes, auth bypass, and session flaws
- Cookies, local storage, JWTs, and OAuth basics
- Cross-site scripting, SQL injection, command injection, and SSRF
- API testing with javascript, PHP, and python tooling
Cryptography
- Encoding vs encryption and when each matters
- Classical ciphers like Caesar, ROT, Atbash, and aristocrats
- Hashes, signatures, key exchange, and common crypto mistakes
- ASCII, HEX, base64, UTF-8, QR codes, and steganography workflows
Reverse Engineering
- Strings, symbols, and reading decompiled output
- Ghidra basics and reverse engineering challenge habits
- Python, android, and binary reversing patterns
Forensics
- PCAPs, disk artifacts, and memory snapshots
- Metadata, logs, timelines, and traceable breadcrumbs
- OSINT pivots and fast evidence triage
Binary Exploitation
- Stack and heap basics, calling conventions, and memory layout
- Buffer overflows, format strings, and unsafe input handling
- Pwntools, GDB, and mitigation-aware challenge solving
General Skills
- Linux commands, SSH, netcat, bash scripting, and vim survival
- TCP, UDP, sockets, ports, and packet flow intuition
- Virtual machines, containers, and repeatable lab setup
Cloud & Identity
- IAM basics, role assumptions, and secret handling
- Storage exposure, token leaks, and identity mistakes
- How cloud thinking shows up in modern web and infra challenges
Tools
- Python
- Wireshark
- Netcat
- Ghidra