ワンクリックで
homeLab
homeLab には OmarElsahragty から収集した 13 個の skills があり、リポジトリ単位の職業カバレッジとサイト内 skill 詳細ページを表示します。
このリポジトリの skills
Active Directory penetration testing — BloodHound enumeration, Kerberoasting, AS-REP Roasting, lateral movement, DCSync, Pass-the-Hash, domain privilege escalation. Use when target network has Windows domain controllers.
Cloud security testing — AWS/Azure/GCP asset discovery, S3 public bucket enumeration, SSRF-to-metadata credential theft, IAM abuse, Kubernetes/container escape, secret scanning in repos, and automated misconfiguration auditing for authorized engagements.
Automated CVE and misconfiguration scanning using Nuclei — Project Discovery's template-based vulnerability scanner. Covers 10,000+ CVEs, misconfigurations, exposed panels, default credentials, and more. Combine with nmap for full coverage.
Email security testing — SMTP relay, open relay detection, user enumeration via VRFY/RCPT/EXPN, SPF/DKIM/DMARC auditing, email spoofing tests, IMAP/POP3 brute force, phishing simulation setup, and mail server misconfiguration for authorized engagements.
Exploitation tool reference covering Metasploit Framework (msfconsole, msfvenom), searchsploit (ExploitDB), and on-demand tools (crackmapexec/netexec, impacket, evil-winrm, responder, BeEF, SET). Use during the exploitation phase of a penetration test after vulnerabilities have been identified.
Network analysis, traffic capture, and MITM tool reference. Covers tshark/tcpdump (packet capture), hping3 (packet crafting), netcat/socat (connections), and on-demand tools (bettercap, ettercap, responder). Use for network traffic analysis, protocol inspection, and man-in-the-middle testing.
Passive OSINT (Open-Source Intelligence) gathering — domain enumeration, subdomain discovery, email harvesting, DNS analysis, WHOIS, Shodan queries, infrastructure mapping. Used at the START of every engagement.
Password attack tool reference covering hydra (network brute-forcing), john the ripper (hash cracking), hashcat (GPU-accelerated cracking), and supporting tools (cewl, crunch, hash-identifier). Use during authentication testing and credential attacks in a penetration test.
Post-exploitation and privilege escalation tool reference. Covers proxychains4 (pivoting), smbclient (file access), socat/netcat (relays), and on-demand tools (linpeas, chisel, ligolo-ng, pspy, mimikatz concepts). Use after gaining initial access to escalate privileges and move laterally.
Reconnaissance and information gathering tool reference. Covers nmap (port scanning, service detection, NSE scripts), whatweb, enum4linux, nbtscan, whois, dig, and on-demand tools (masscan, recon-ng, theHarvester, fierce, dnsenum, amass, subfinder). Use for any recon phase of a penetration test.
Social media OSINT, username enumeration across 400-2500+ platforms, email-to-account mapping, account security testing, OAuth/SSO weakness analysis, and social engineering recon for authorized engagements.
Web application penetration testing tool reference. Covers sqlmap (SQL injection), nikto (web scanner), gobuster/dirb (directory brute-forcing), wfuzz (fuzzing), commix (command injection), and on-demand tools (ffuf, feroxbuster, wpscan, nuclei, OWASP ZAP, XSStrike). Use for web app vulnerability scanning and exploitation.
WiFi penetration testing with the aircrack-ng suite. Covers monitor mode setup, network discovery, WPA/WPA2 handshake capture, deauthentication attacks, WEP cracking, PMKID attacks, and password cracking with aircrack-ng and hashcat.