Cyber Notes

The To-Do List

Within the To-Do List, are the subjects i intend to cover in the future

Methodology for all purpose websites
Directory Listing - Both General and common WordPress Specific paths/endpoints
UUID & GUID
BigIP Cookie
NetScaler Cookie
Amplified Asymmetric Resource Consumption
reCAPTCHA Bypass
Common Account Takeovers Techniques
WAF Bypass Techniques
Zip Bomb
403 Forbidden Bypass Techniques
Composer Resources
CRLF - Carriage Return Line Feed
CSRF - Cross-site Request Forgery
Expression Engine Language Injection
SMTP Command Injection
File Upload Techniques
Git Repository Extraction
Google API Keys
GraphQL
HTTP Request Smuggling
LDAP Injection
LFI - Local File Inclusion
Malware & Virus Detection
.NRMPC files
OS Command Injection
Parameter Protection Bypass
S3 Buckets
SQL Injection
NoSQL Injection
SSRF - Server Side Request Forgery
SSTI - Server Side Template Injection
XXE - XML External Entity
Web Cache Poisoning

BurpSuite Plugins
Path extraction from JavaScript Files
Linux Syntaxes - All purpose and good to know syntaxes eg merge wordlists or review PDF metadata on a mass scale or path shredding which may aid in creating wordlists.
Useful Scripts and Programs used during pentests
More Useful settings, such as Burp Quirks or remove annoying cached responses
Encodings - Learn to identify encoding and find secrets
Default Configurations in order to Fingerprint components

People Tracking via Social Engineering - Such as tricking a victim in clicking a link and accessing the Camera, Microphone, GPS and bypassing VPN in other to track the victims location via web browser (More advanced than Grabify)
Mathemdatics of WiFi Triangulation
DeAnonymization Of Onion Websites

Edit Sub-GHz signals on the phone and convert the signals from a RAW file to a normal signal

Small labs that may be done locally on your machine

HashCat Masks - Making password cracking faster with the knowledge of the passwords entropy