Red Teaming Guide

Red Teaming Overview
OWASP Top 10
Terminologies
Enumeration

SQL Injection
NoSQL Injection
OS Command Injection
Authentication
Broken Access Control
JWT Attacks
GraphQL Vulnerabilities
API Testing

Cross-Site Scripting (XSS)
CSRF
CORS Misconfiguration
Clickjacking

Cryptographic Failures
Cookies
Encoding & Decoding
HTTP Headers
Insecure Design
Vulnerable Components
Attack Vectors Table

Java
Node.js
Python
PHP

IDOR
RCE
Reverse Shell

Nmap
Metasploit
Nessus
Google Dorking
Subdomain Enumeration

PicoCTF
TryHackMe
HackingHub

Auth Bypass to SSRF
Direct Prompt Injection
Indirect Prompt Injection
RCE via GraalVM

Payloads & Wordlists

Client Side Attacks Overview

beginner

client-side overview

Cross-site scripting CORS (Cross Origin Resource Sharing) CSRF (Cross-site request forgery (CSRF))

Built with Jekyll | Contribute on GitHub | CC BY-SA 4.0