# OFFENSIVE SECURITY - [External Infrastructure](/offensive-security/external-infrastructure.md) - [Discovery](/offensive-security/external-infrastructure/discovery.md) - [Email Address Discovery](/offensive-security/external-infrastructure/discovery/email-address-discovery.md): How to find email addresses. - [Subdomain Discovery](/offensive-security/external-infrastructure/discovery/subdomain-discovery.md): How to find subdomains. - [Data Discovery](/offensive-security/external-infrastructure/discovery/data-discovery.md): How to find sensitive data. - [Port & Service Discovery](/offensive-security/external-infrastructure/discovery/port-and-service-discovery.md): How to find open ports and services - [Exploitation](/offensive-security/external-infrastructure/exploitation.md) - [Password Spraying](/offensive-security/external-infrastructure/exploitation/password-spraying.md): How to password spray. - [Vulnerability Scanning](/offensive-security/external-infrastructure/exploitation/vulnerability-scanning.md): How to find security vulnerabilities. - [Internal Infrastructure](/offensive-security/internal-infrastructure.md) - [General Discovery](/offensive-security/internal-infrastructure/general-discovery.md) - [AD Attack Path Discovery](/offensive-security/internal-infrastructure/general-discovery/ad-attack-path-discovery.md): How to find exploitable active directory paths. - [Port & Service Discovery](/offensive-security/internal-infrastructure/general-discovery/port-and-service-discovery.md): How to find open ports and services on an internal network. - [Credential Discovery](/offensive-security/internal-infrastructure/credential-discovery.md) - [Passwords and NetNTLM](/offensive-security/internal-infrastructure/credential-discovery/passwords-and-netntlm.md): How to find cleartext passwords and NetNTLM hashes. - [SAM & LSA secrets](/offensive-security/internal-infrastructure/credential-discovery/sam-and-lsa-secrets.md): How to find local user passwords, hashes and secrets. - [NTDS.dit secrets](/offensive-security/internal-infrastructure/credential-discovery/ntds.dit-secrets.md): How to find sensitive data in NTDS.dit. - [LSASS secrets](/offensive-security/internal-infrastructure/credential-discovery/lsass-secrets.md): How to find sensitive data in the LSASS. - [DCSync](/offensive-security/internal-infrastructure/credential-discovery/dcsync.md): How to find sensitive data using a DCSync. - [DPAPI secrets](/offensive-security/internal-infrastructure/credential-discovery/dpapi-secrets.md): How to find local user sensitive data. - [Movement](/offensive-security/internal-infrastructure/movement.md) - [Credential Spraying](/offensive-security/internal-infrastructure/movement/credential-spraying.md): How to find and use internal credentials. - [SMB Relaying](/offensive-security/internal-infrastructure/movement/smb-relaying.md): How to relay credentials. - [Pass The Hash](/offensive-security/internal-infrastructure/movement/pass-the-hash.md): How to Pass The Hash Attack. - [Infiltration/Exfiltration](/offensive-security/internal-infrastructure/infiltration-exfiltration.md) - [Pivoting (Proxying)](/offensive-security/internal-infrastructure/infiltration-exfiltration/pivoting-proxying.md): How to pivot and proxy from an internal network - [Web Application](/offensive-security/web-application.md) - [Discovery](/offensive-security/web-application/discovery.md) - [Testing API Keys](/offensive-security/web-application/discovery/testing-api-keys.md): How to exploit an API key. - [Vulnerability Scan](/offensive-security/web-application/discovery/vulnerability-scan.md): How to vulnerability scan a web application and API. - [Web Content Discovery](/offensive-security/web-application/discovery/web-content-discovery.md): How to discover files and directories. - [Parameter Discovery](/offensive-security/web-application/discovery/parameter-discovery.md): How to discover web parameters. - [VHOST Discovery](/offensive-security/web-application/discovery/vhost-discovery.md): How to find virtual hosts on a web server. - [CMS Scanners](/offensive-security/web-application/discovery/cms-scanners.md): How to review a Content Management System. - [Exploitation](/offensive-security/web-application/exploitation.md) - [Authentication](/offensive-security/web-application/exploitation/authentication.md): How to exploit web application authentication - [Email Address Forms](/offensive-security/web-application/exploitation/authentication/email-address-forms.md): How to exploit login and forgotten password forms. - [AWS Cognito](/offensive-security/web-application/exploitation/authentication/aws-cognito.md): How to exploit AWS Cognito. - [JSON Web Tokens](/offensive-security/web-application/exploitation/json-web-tokens.md): How to exploit JSON Web Tokens. - [Injection Attacks](/offensive-security/web-application/exploitation/injection-attacks.md): How to exploit injection attacks. - [SQL Injection](/offensive-security/web-application/exploitation/injection-attacks/sql-injection.md): How to exploit SQL and noSQL Injection. - [Cross-Site Scripting](/offensive-security/web-application/exploitation/injection-attacks/cross-site-scripting.md): How to exploit cross-site scripting (XSS). - [HTTP Headers](/offensive-security/web-application/exploitation/injection-attacks/http-headers.md): How to exploit HTTP Headers. - [Bypasses](/offensive-security/web-application/bypasses.md) - [Cloudflare Bypass](/offensive-security/web-application/bypasses/cloudflare-bypass.md): How to bypass Cloudflare. - [HTTP 403 Bypass](/offensive-security/web-application/bypasses/http-403-bypass.md): How to bypass HTTP 403 statuses. - [Mobile (iOS/Android)](/offensive-security/mobile-ios-android.md) - [iOS](/offensive-security/mobile-ios-android/ios.md): How to perform an iOS Security Assessment - [IPA Decryption](/offensive-security/mobile-ios-android/ios/ipa-decryption.md): How to decrypt and IPA file. - [Filesystem Analysis](/offensive-security/mobile-ios-android/ios/filesystem-analysis.md): How to analyse an iOS filesystem. - [Static Analysis](/offensive-security/mobile-ios-android/ios/static-analysis.md): How to review an IPA file. - [Cloud](/offensive-security/cloud.md) - [AWS](/offensive-security/cloud/aws.md): How to perform an AWS security assessment - [Vulnerability Scanners](/offensive-security/cloud/aws/vulnerability-scanners.md): Tools to exploit AWS. - [S3 Buckets](/offensive-security/cloud/aws/s3-buckets.md): How to exploit S3 Buckets. - [Azure](/offensive-security/cloud/azure.md): How to perform an Azure security assessment - [Vulnerability Scanners](/offensive-security/cloud/azure/vulnerability-scanners.md): Tools to exploit Azure. - [m365 & Entra ID](/offensive-security/cloud/azure/m365-and-entra-id.md): Tools to exploit m365 and Entra ID.