Foundations
Reference pages for planning, authorisation, scoping, documentation and delivery logic.
domain hubselected links
Areas // Offensive domain map
A domain map for the offensive security surface.
Use Areas when you want the fastest route into a target class, technology stack or operator problem. Each card opens a dedicated hub with focused notes, selected public references and linked specialist material.
All domains
Core domains, specialist surfaces and support zones across the platform.
Internal Operations
Infrastructure-led offensive work from enumeration and credential pressure to pivoting and C2.
domain hubselected links
Escalation Paths
Host-level privilege paths across Linux, Windows and macOS with emphasis on verification and realism.
domain hubselected links
Application Security
Application-security coverage spanning workflow, browser behaviour and exploitation logic.
domain hubselected links
API Security
Dedicated endpoint, token, object and schema abuse coverage beyond classic browser-led testing.
domain hubselected links
Cloud Offensive Security
Provider identities, control planes, IaC drift, Kubernetes and cloud automation abuse.
domain hubselected links
Mobile App Pentesting
Android and iOS testing, instrumentation, pinning bypass, storage and mobile reversing.
domain hubselected links
Identity / SSO Abuse
Entra, Okta, federation, token theft, consent abuse and tenant trust failures.
domain hubselected links
Wireless Operations
Signal capture, protocol analysis, rogue infrastructure and client-side wireless attack paths.
domain hubselected links
Adversary Emulation / Tradecraft
Payload staging, OPSEC, AV/EDR pressure, client-side chains and C2 tradecraft.
domain hubselected links
DevSecOps / Supply Chain
Git, CI/CD, runner abuse, package trust, signing, SBOM and build-system compromise.
domain hubselected links
OT / ICS Security
Modbus, DNP3, PLC and HMI trust, segmentation drift and process manipulation risk.
domain hubselected links
AI Security
Prompt injection, agent compromise, retrieval abuse, model APIs and offensive AI ops.
domain hubselected links
Drone / Robotics Security
Autopilots, MAVLink, ROS, companion computers and field operator trust.
domain hubselected links
Exploit Development
Payload engineering, shellcoding, analysis and exploit-oriented custom tooling.
domain hubselected links
Reverse Engineering
Static and dynamic binary analysis across desktop and specialist targets.
domain hubselected links