Red Teaming Guide
A comprehensive, community-driven guide for red teaming and penetration testing. From fundamentals to advanced exploitation techniques.
Learning Path
1
Beginner - Foundations
2
Intermediate - Core Attacks
Server-Side Attacks
8 articles
SQL Injection, NoSQL, Command Injection, Authentication, JWT, GraphQL, API Testing
Client-Side Attacks
4 articles
XSS, CSRF, CORS misconfiguration, Clickjacking
Real-World Writeups
4 articles
Auth bypass, SSRF, Prompt Injection, RCE via sandbox escape
Language-Specific
4 articles
Java, Node.js, Python, PHP attack patterns
Security Tools
5 articles
Nmap, Metasploit, Nessus, Google Dorking, Subdomain enumeration
CTF Solutions
3 platforms
PicoCTF, TryHackMe, HackingHub walkthroughs
All Topics
Server-Side Attacks
- SQL Injection (SQLi)
- NoSQL Injection
- OS Command Injection
- Authentication
- Broken Access Control
- JWT Attacks
- GraphQL API Vulnerabilities
- API Testing
Client-Side Attacks
General Security
- OWASP Top 10
- Red Teaming Overview
- Cryptographic Failures
- Cookies
- Encoding & Decoding
- HTTP Headers
- Insecure Design
- Vulnerable Components
- Attack Vectors Table
Attacks by Language
Common Techniques
Tools
CTF Writeups
Real-World Writeups
- Auth Bypass to SSRF via JWT Parsing Flaw
- Direct Prompt Injection in Document AI
- Indirect Prompt Injection: Weaponizing Documents
- RCE via GraalVM Polyglot Sandbox Escape