Category

AI security focuses on attacking LLMs and agents via prompt injection, model extraction, RAG poisoning, tool abuse, and breaking trust boundaries.

API security covers attacking and securing modern REST, GraphQL, and gRPC endpoints via IDOR, BOLA, JWT flaws, and rate-limiting bypass techniques.

Application security focuses on identifying and mitigating vulnerabilities in software, including input validation, authentication, and access control.

Bug bounty focuses on platforms, writeups, and tools for ethical hackers participating in vulnerability disclosure programs via recon and reporting tasks.

This category covers professional cybersecurity certifications that validate offensive security skills, red teaming, and practical penetration testing.

Cloud security focuses on identifying misconfigurations and vulnerabilities within platforms like AWS, Azure, and GCP via IAM abuse and enumeration tools.

Exploit development covers crafting custom exploits for vulnerabilities in software, including shellcode, fuzzing, ROP chains, and memory corruption.

Infrastructure security covers internal and external network assessments, including port scanning, service enumeration, and Active Directory attacks.

Physical security addresses real-world attack vectors like badge cloning, RFID attacks, keyloggers, and lockpicking for onsite security assessments.

Reconnaissance covers gathering information through passive and active techniques like subdomain enumeration, asset discovery, and ASN/IP lookup tools.

Red team operations simulate real-world adversaries using C2 frameworks, OPSEC-aware tooling, payload generation, and stealthy post-exploitation methods.

Reporting includes tools and templates for professional documentation of findings, including PDF generators, Markdown builders, and pentest frameworks.

Reverse engineering focuses on analyzing binaries and software to discover vulnerabilities or dissect malware via disassembly and debugging environments.

Security firms list companies offering offensive services like pentesting, red teaming, and social engineering to simulate real-world security attacks.

Social engineering covers tactics used to manipulate individuals into revealing info. Includes phishing, pretexting, vishing, and human target testing.

Training features hands-on labs, self-paced platforms, and structured paths for learning exploit techniques, tool usage, and offensive methodology.

Curated databases, exploit indexes, and analytical resources for tracking vulnerabilities. Includes CVE feeds, PoC repositories, and prioritization tools.

Wireless security covers attacks against Wi-Fi, Bluetooth, and RF protocols. This includes sniffing, injection, rogue AP setups, and WPA cracking tools.