Concepts

Foundational ideas, attack concepts, and reference material across the wiki.

99 pages in this category.

• 802.11 Frame Types
• ARP — Address Resolution Protocol
• 802.11 Standards Family (Wi-Fi 1 → Wi-Fi 7)
• 802.1X Port-Based Network Access Control
• Action Frames
• Active Directory Attacks
• AI Agents for Offensive Operations
• AirSnitch — Overview
• A-MSDU and A-MPDU Aggregation
• AppLocker Rules Abuse
• Authentication and Association
• Beacon Frames
• Beacon Object Files (BOFs)
• Bind Link EDR Tampering
• BSS Coloring (Wi-Fi 6)
• BSSID, SSID, and ESS
• Buffer Overflow / Memory Corruption
• Captive Portals
• CCMP, GCMP, and the AES-Based Wi-Fi Ciphers
• Chrome NTLM Hash Leak (DragonHash)
• Client Isolation
• Cloud Penetration Testing
• Command and Control (C2)
• Credential Guard Bypass
• Cyber Kill Chain — Lockheed Martin’s seven-stage model of how a targeted intrusion unfolds.
• DLL Hijacking & Sideloading
• DPP — Device Provisioning Protocol (Wi-Fi Easy Connect)
• External C2 (Cobalt Strike External C2 Spec)
• EAP Framework
• EAP-PWD
• EAP-TLS
• EDR Silencing
• Evasion Techniques
• Fast BSS Transition (802.11r)
• GAC Hijacking (.NET Assembly Tampering)
• GrimResource — MSC File Format Abuse
• HTML Smuggling
• Wi-Fi Handshakes
• JWT Attacks
• Kerberoasting
• Kubernetes Penetration Testing
• Lateral Movement
• Linux Process Injection
• LNK File Attacks
• LSASS Dumping
• macOS JIT Memory and Shellcode Execution
• MDT Credential Extraction
• Management Frame Protection (MFP / 802.11w)
• Mark-of-the-Web (MotW)
• MITRE ATT&CK — An empirical knowledge base of adversary tactics, techniques, and procedures observed in real intrusions.
• Mobile Security Testing
• Monitor Mode and Packet Injection
• Network Scanning
• Notepad++ Plugin Abuse
• Offensive Python
• Office Macro Tradecraft (VBA, XLM, SYLK, Word Fields)
• OFDM, OFDMA, MU-MIMO, Beamforming
• OPSEC — Operational security — keeping the operator’s signature below the defender’s noise floor.
• OWE — Opportunistic Wireless Encryption (Enhanced Open)
• Pass-the-Hash (PtH) / Pass-the-Ticket (PtT)
• Passpoint
• PEAP and EAP-TTLS
• Phishing
• Post-Exploitation
• Power Save, TIM, and DTIM
• Privilege Escalation — Linux
• Privilege Escalation — Windows
• Probe Requests and the Preferred Network List
• Purple Teaming
• Radio Resource Management (802.11k) and BSS Transition Management (802.11v)
• RADIUS
• Reconnaissance
• Red Teaming
• RSN Information Element
• SAE — Simultaneous Authentication of Equals (Dragonfly)
• Secure Enclaves for Offensive Operations (VBS / VTL1)
• Social Engineering
• SQL Injection
• Toast Notifications Abuse
• TWT — Target Wake Time
• Virtual Ports and the AP’s Internal Switch
• Windows Built-in VPN Abuse
• VSTO-Signed Phishing
• Vulnerability Assessment
• Web Application Testing
• WEP (Wired Equivalent Privacy)
• Wi-Fi Client Isolation Bypass
• Wi-Fi Direct, TDLS, and Wi-Fi Aware (NAN)
• Wi-Fi Frequency Bands, Channels, and Bandwidth
• Wi-Fi Key Hierarchy
• Wi-Fi Mesh (802.11s) and Vendor Mesh
• Windows Exploit Research — Overview
• Windows Service Triggers
• Wireless Attacks
• WNM, ANQP, and Hotspot 2.0
• WPA Versions and Modes
• WPS (Wi-Fi Protected Setup)
• WSUS Attacks — NTLM Relay
• Cross-Site Scripting (XSS)