Known Tools & Technologies

This list contains technologies and principles that I have learned through the years.

The horizon of my knowledge extends further than the following subjects but you get the idea.

You might find the same keyword twice or thrice if said keyword is linked to multiple categories.

Web Development

As a security specialist, back-end is my favorite but I'm also relatively fluent with front-end development.

PHP / Java / C# / Python
- RESTful (CRUD+ATOMIC) APIs
- Model-View-Controller (MVC)
- Laravel, Tomcat/J2EE, IIS, Flask
- etc
HTML/CSS
- General design
- Responsive design
- Bootstrap, Elementor, etc.
Javascript/Typescript
- Sync / Async
- Dynamic content
- Data handling
Apache2 / NginX / NodeJS
- Server management
- On-premise
- Cloud
- Reverse proxying
- Load balancing
- Redundancy
- Templating
- Runtime environment
HTTP/HTTP2/HTTP3
- Diffie exchange
- Certificate/keypair cryptography
- QUIC over UDP ( 0-RTT )
- Protocol fuzzing
- Weak ciphers exploitation
- TLS/SSL
  - Encryption
  - Cryptography
MQTT
- Publish / Subscribe
- Brokers
- Limited bandwidth
Hashing
- One-way functions
- Set reduction
- Collisions

Software Development

Malware development and analysis, web-scraping and parsing, and/or reverse-engineering. I don't consider myself a programmer but coding is in my daily routine and I am aware of design patterns, time complexity, and DevOps methodologies.

C# / .NET
Rust
Python
Java
C++
MariaDB - RDBMS
MongoDB - DoDBMS
Redis - IMDBMS
InfluxDB - TSDB
Ghidra / IDA
Kotlin
Android
Micro Controllers (Arduinos, ESP8266, ESP32)
Unity / Unreal Engine

Infrastructure & networking

Development often leads to deployment which lead to system and network administration.

Cisco
Active Directory
Kubernetes
PfSense
Docker
AWS/Azure/Linode/OVH
Terraform
Ansible
Bind9, Hostapd, Dhcpd
Batch & Shell scripting
Forti
VMware ESXI
Carbon Black

Security++

Active Directory
- Bloodhound mapping
- Offline infrastructure analysis
- Weak credentials brute-forcing
- Hash dump & hash cracking
- Kerberos
- Windows exploit development
- Cobalt Strike/RAT/Backdoor prevention, detection, and response
- YARA
- Malware persistence
Binary applications
- Buffer overflow
- ROP exploitation
- Dynamic library hijacking
- Software logic exploitation
- Dependencies, imports, and services hijacking
- Privilege escalation
Web applications
- API fuzzing
- Broken access control
- Cryptographic failures
- Injection (HTML, Javascript, SQL, etc)
- Insecure deserialization exploitation
- Server side request forgery
- Cross-site request forgery
- Sensitive data exposure
- Open redirects
WiFi hacking
- WEP,WPA,WPA2,WPA3 personal/enterprise (TKIP-AES-MGT)
- RADIUS
- WPS attacks
- Client/Clientless attacks (Krack, etc)
- Evil Twin attacks
- Denial Of Service (Fuzzing, spoofing, etc.)

PreviousWelcome NextKill Chain

Last updated 1 year ago

Was this helpful?

Web Development

As a security specialist, back-end is my favorite but I'm also relatively fluent with front-end development.

PHP / Java / C# / Python

RESTful (CRUD+ATOMIC) APIs
Model-View-Controller (MVC)
Laravel, Tomcat/J2EE, IIS, Flask
etc

HTML/CSS

General design
Responsive design
Bootstrap, Elementor, etc.

Javascript/Typescript

Sync / Async
Dynamic content
Data handling

Apache2 / NginX / NodeJS

Server management
On-premise
Cloud
Reverse proxying
Load balancing
Redundancy
Templating
Runtime environment

HTTP/HTTP2/HTTP3

Diffie exchange
Certificate/keypair cryptography
QUIC over UDP ( 0-RTT )
Protocol fuzzing
Weak ciphers exploitation
TLS/SSL
- Encryption
- Cryptography

MQTT

Publish / Subscribe
Brokers
Limited bandwidth

Hashing

One-way functions
Set reduction
Collisions

Software Development

C# / .NET

Rust

Python

Java

C++

MariaDB - RDBMS

MongoDB - DoDBMS

Redis - IMDBMS

InfluxDB - TSDB

Ghidra / IDA

Kotlin

Android

Micro Controllers (Arduinos, ESP8266, ESP32)

Unity / Unreal Engine

Security++

Active Directory

Bloodhound mapping
Offline infrastructure analysis
Weak credentials brute-forcing
Hash dump & hash cracking
Kerberos
Windows exploit development
Cobalt Strike/RAT/Backdoor prevention, detection, and response
YARA
Malware persistence

Binary applications

Buffer overflow
ROP exploitation
Dynamic library hijacking
Software logic exploitation
Dependencies, imports, and services hijacking
Privilege escalation

Web applications

API fuzzing
Broken access control
Cryptographic failures
Injection (HTML, Javascript, SQL, etc)
Insecure deserialization exploitation
Server side request forgery
Cross-site request forgery
Sensitive data exposure
Open redirects

WiFi hacking

WEP,WPA,WPA2,WPA3 personal/enterprise (TKIP-AES-MGT)
RADIUS
WPS attacks
Client/Clientless attacks (Krack, etc)
Evil Twin attacks
Denial Of Service (Fuzzing, spoofing, etc.)