# Notes

- [Product Security Engineering](/notes/notes/product-security-engineering.md)
- [DevSecOps](/notes/notes/product-security-engineering/devsecops.md)
- [Docker](/notes/notes/product-security-engineering/devsecops/docker.md)
- [How to Dockerize Applications with Docker Compose (Using SQLite and Flask)](/notes/notes/product-security-engineering/devsecops/docker/how-to-dockerize-applications-with-docker-compose-using-sqlite-and-flask.md)
- [SAST/SCA](/notes/notes/product-security-engineering/sast-sca.md)
- [How to setup a GitHub Action for Code Security analysis](/notes/notes/product-security-engineering/sast-sca/how-to-setup-a-github-action-for-code-security-analysis.md)
- [JavaScript Security Analysis](/notes/notes/product-security-engineering/sast-sca/javascript-security-analysis.md)
- [Java Security 101](/notes/notes/product-security-engineering/sast-sca/java-security-101.md)
- [Tools](/notes/notes/product-security-engineering/sast-sca/static-code-analysis.md)
- [CodeQL for Beginners](/notes/notes/product-security-engineering/sast-sca/codeql-for-beginners.md)
- [Product Security Hardening](/notes/notes/product-security-engineering/product-security-hardening.md)
- [Threat Modeling](/notes/notes/product-security-engineering/threat-modeling.md): Threat modeling with STRIDE, DREAD and PASTA
- [PHP Security](/notes/notes/product-security-engineering/php-security.md)
- [Product Security Governance](/notes/notes/product-security-engineering/product-security-governance.md)
- [Controversial Subjects](/notes/notes/product-security-engineering/product-security-governance/controversial-subjects.md)
- [Redis License Compliance in 2025](/notes/notes/product-security-engineering/product-security-governance/controversial-subjects/redis-license-compliance-in-2025.md)
- [AppSec Testing](/notes/notes/appsec.md)
- [Checklists](/notes/notes/appsec/checklists.md)
- [WEB APP PENTESTING CHECKLIST](/notes/notes/appsec/checklists/web-app-pentesting-checklist.md)
- [API Testing Checklist](/notes/notes/appsec/checklists/api-testing-checklist.md)
- [Android Pentesting Checklist](/notes/notes/appsec/checklists/android-pentesting-checklist.md)
- [IoS Pentesting Checklist](/notes/notes/appsec/checklists/ios-pentesting-checklist.md)
- [Thick Client Pentesting Checklist](/notes/notes/appsec/checklists/thick-client-pentesting-checklist.md)
- [Secure Code Review Checklist](/notes/notes/appsec/checklists/secure-code-review-checklist.md)
- [Targeted Test Cases](/notes/notes/appsec/targeted-test-cases.md)
- [Part 1](/notes/notes/appsec/targeted-test-cases/targeted-test-cases.md)
- [Part 2](/notes/notes/appsec/targeted-test-cases/part-2.md)
- [Ports and associated Vectors](/notes/notes/appsec/ports-and-associated-vectors.md)
- [DNS](/notes/notes/appsec/dns.md)
- [Web Tools](/notes/notes/appsec/tools.md)
- [Command Injection Testing](/notes/notes/appsec/command-injection-testing.md)
- [JWTs and JSON](/notes/notes/appsec/json.md)
- [Security Research](/notes/notes/security-research.md)
- [Publishing CVEs](/notes/notes/security-research/publishing-cves.md): This will guide you through the process of identifying, disclosing, and publishing a CVE responsibly.
- [Shodan Dork Cheatsheet](/notes/notes/security-research/shodan-dork-cheatsheet.md)
- [Github Dorks](/notes/notes/security-research/github-dorks.md)
- [Bug Bounty](/notes/notes/security-research/bug-bounty.md)
- [Bug Bounty Programs](/notes/notes/security-research/bug-bounty/bug-bounty-programs.md)
- [CVE Hunting Python Repos with VulnHunter](/notes/notes/security-research/cve-hunting-python-repos-with-vulnhunter.md)
- [Portable pyenv Setup for Python Vulnerability Research](/notes/notes/security-research/portable-pyenv-setup-for-python-vulnerability-research.md)
- [Programming](/notes/notes/coding-programming.md)
- [Secure Coding Practices Checklist](/notes/notes/coding-programming/secure-coding-practices-checklist.md)
- [JavaScript](/notes/notes/coding-programming/javascript.md)
- [Python](/notes/notes/coding-programming/python.md)
- [Quick Notes](/notes/notes/coding-programming/python/quick-notes.md): Notes from www.learnpython.org
- [Python Basics for Pentesters](/notes/notes/coding-programming/python/python-basics-for-pentesters.md): The entirety of this guide was written by Martian Defense, LLC
- [Python Snippets](/notes/notes/coding-programming/python/python.md)
- [XML Basics with Python](/notes/notes/coding-programming/python/xml-basics-with-python.md)
- [Golang](/notes/notes/coding-programming/golang.md)
- [Theory](/notes/notes/coding-programming/golang/theory.md)
- [Security](/notes/notes/coding-programming/golang/security.md)
- [Modules](/notes/notes/coding-programming/golang/modules.md)
- [Entry Points](/notes/notes/coding-programming/golang/entry-points.md)
- [File Forensics](/notes/notes/coding-programming/golang/file-forensics.md)
- [Cryptography and Encoding](/notes/notes/coding-programming/golang/cryptography-and-encoding.md)
- [Golang Snippets](/notes/notes/coding-programming/golang/golang-snippets.md)
- [PHP](/notes/notes/coding-programming/php.md): The entirety of this guide was written by Martian Defense, LLC
- [Setup](/notes/notes/coding-programming/php/setup.md)
- [Syntax](/notes/notes/coding-programming/php/syntax.md)
- [Variables and Data Types](/notes/notes/coding-programming/php/variables-and-data-types.md)
- [Control Structures](/notes/notes/coding-programming/php/control-structures.md)
- [Arrays](/notes/notes/coding-programming/php/arrays.md)
- [Functions](/notes/notes/coding-programming/php/functions.md)
- [OOP Concepts](/notes/notes/coding-programming/php/oop-concepts.md)
- [Database Integration](/notes/notes/coding-programming/php/database-integration.md)
- [Handling HTTP Methods](/notes/notes/coding-programming/php/handling-http-methods.md): (GET and POST) and Forms
- [Session Management](/notes/notes/coding-programming/php/session-management.md)
- [File Uploads](/notes/notes/coding-programming/php/file-uploads.md)
- [Email Function](/notes/notes/coding-programming/php/email-function.md)
- [Error Handling](/notes/notes/coding-programming/php/error-handling.md)
- [Advanced Topics and Best Practices](/notes/notes/coding-programming/php/advanced-topics-and-best-practices.md)
- [Packaging and Automation of Docker Linux Apps](/notes/notes/coding-programming/packaging-and-automation-of-docker-linux-apps.md)
- [Network Security](/notes/notes/network-security.md)
- [Domain Trust Enumeration](/notes/notes/network-security/domain-trust-enumeration.md)
- [Bleeding Edge Vulnerabilities](/notes/notes/network-security/bleeding-edge-vulnerabilities.md)
- [Post-Exploitation](/notes/notes/network-security/privileged-access.md)
- [Access Control Lists and Entries (ACL & ACE)](/notes/notes/network-security/access-control-lists-and-entries-acl-and-ace.md)
- [Credentialed Enumeration](/notes/notes/network-security/credentialed-enumeration.md)
- [Password Attacks](/notes/notes/network-security/password-attacks.md)
- [Internal Password Spraying](/notes/notes/network-security/password-attacks/internal-password-spraying.md): Password Spraying
- [Remote Password Attacks](/notes/notes/network-security/password-attacks/remote-password-attacks.md)
- [Linux Local Password Attacks](/notes/notes/network-security/password-attacks/linux-local-password-attacks.md)
- [Windows Local Password Attacks](/notes/notes/network-security/password-attacks/windows-local-password-attacks.md)
- [Windows Lateral Movement](/notes/notes/network-security/password-attacks/windows-lateral-movement.md)
- [PowerView](/notes/notes/network-security/powerview.md)
- [Pivoting, Tunneling and Forwarding](/notes/notes/network-security/pivoting-tunneling-and-forwarding.md)
- [Linux Privilege Escalation](/notes/notes/network-security/linux-privilege-escalation.md)
- [Windows Privesc](/notes/notes/network-security/windows-privesc.md)
- [OS Attacks](/notes/notes/network-security/windows-privesc/os-attacks.md)
- [Windows User Privileges](/notes/notes/network-security/windows-privesc/windows-user-privileges.md)
- [Windows Group Privileges](/notes/notes/network-security/windows-privesc/windows-group-privileges.md)
- [Manual Enumeration](/notes/notes/network-security/windows-privesc/manual-enumeration.md)
- [Credential Theft](/notes/notes/network-security/windows-privesc/credential-theft.md)
- [Kerberos Attacks](/notes/notes/network-security/kerberoasting.md)
- [Kerberos Quick Reference Sheet](/notes/notes/network-security/kerberoasting/kerberos-quick-reference-sheet.md)
- [Pentesting JumpCloud vs Active Directory (AD) vs Azure ADDS](/notes/notes/network-security/pentesting-jumpcloud-vs-active-directory-ad-vs-azure-adds.md)
- [Cloud Security Testing](/notes/notes/cloud-security-testing.md)
- [Red Teaming](/notes/notes/offensive-security.md)
- [Red Team Infrastructure](/notes/notes/offensive-security/red-team-infrastructure.md)
- [Red Team OPSEC Playbook](/notes/notes/offensive-security/red-team-opsec-playbook.md)
- [Incident Response](/notes/notes/defensive-security.md)
- [Splunk](/notes/notes/defensive-security/splunk.md): Replace the placeholder data from this section with your actual data
- [Basic Queries](/notes/notes/defensive-security/splunk/basic-queries.md)
- [Dashboards](/notes/notes/defensive-security/splunk/dashboards.md)
- [Forensics](/notes/notes/defensive-security/forensics.md)
- [Volatility](/notes/notes/defensive-security/forensics/volatility.md)
- [WireShark filters](/notes/notes/defensive-security/wireshark-filters.md)
- [Governance, Risk, Compliance](/notes/notes/governance-risk-compliance.md)
- [Vulnerability Management Lifecycle](/notes/notes/governance-risk-compliance/vulnerability-management-lifecycle.md)
- [Cheatsheets](/notes/notes/cheatsheets.md)
- [Web Security Testing](/notes/notes/cheatsheets/web-security-testing.md)
- [Information Gathering](/notes/notes/cheatsheets/web-security-testing/information-gathering.md)
- [Web Fuzzing](/notes/notes/cheatsheets/web-security-testing/web-fuzzing.md)
- [SQL Injection Fundamentals](/notes/notes/cheatsheets/web-security-testing/sql-injection-fundamentals.md)
- [Login Brute Forcing](/notes/notes/cheatsheets/web-security-testing/login-brute-forcing.md)
- [Assembly Language](/notes/notes/cheatsheets/assembly-language.md)
- [Capture-the-Flag Training](/notes/notes/cheatsheets/capture-the-flag-training.md)
- [Vulnerable Machine Checklist](/notes/notes/cheatsheets/capture-the-flag-training/vulnerable-machine-checklist.md)
- [Reverse Engineering Checklist](/notes/notes/cheatsheets/capture-the-flag-training/reverse-engineering-checklist.md)
- [Magic Bytes](/notes/notes/cheatsheets/capture-the-flag-training/reverse-engineering-checklist/magic-bytes.md)
- [Mobile Checklist](/notes/notes/cheatsheets/capture-the-flag-training/mobile-checklist.md)
- [Forensics Checklist](/notes/notes/cheatsheets/capture-the-flag-training/forensics-checklist.md)
- [Binary Exploitation](/notes/notes/cheatsheets/capture-the-flag-training/binary-exploitation.md)
- [Cryptography Checklist](/notes/notes/cheatsheets/capture-the-flag-training/cryptography-checklist.md)
- [Certifications](/notes/notes/certifications.md)
- [CSSLP](/notes/notes/certifications/csslp.md)
- [Domain 1: Secure Software Concepts](/notes/notes/certifications/csslp/domain-1-secure-software-concepts.md)
- [Domain 2: Secure Software Lifecycle Management](/notes/notes/certifications/csslp/domain-2-secure-software-lifecycle-management.md)
- [Domain 3: Secure Software Requirements](/notes/notes/certifications/csslp/domain-3-secure-software-requirements.md)
- [Domain 4: Secure Software Architecture and Design](/notes/notes/certifications/csslp/domain-4-secure-software-architecture-and-design.md)
- [Domain 5: Secure Software Implementation](/notes/notes/certifications/csslp/domain-5-secure-software-implementation.md)
- [Domain 6: Secure Software Testing](/notes/notes/certifications/csslp/domain-6-secure-software-testing.md)
- [Domain 7: Secure Software Deployment, Operations, Maintenance](/notes/notes/certifications/csslp/domain-7-secure-software-deployment-operations-maintenance.md)
- [Domain 8: Secure Software Supply Chain](/notes/notes/certifications/csslp/domain-8-secure-software-supply-chain.md)
- [Reporting](/notes/notes/reporting.md)
- [Common System Task Info](/notes/notes/common-system-task-info.md)
- [IT Tasks](/notes/notes/common-system-task-info/basic-it-tasks.md)
- [Linux Basics](/notes/notes/common-system-task-info/basic-linux-for-ctfs.md): Useful Find command reference
- [PowerShell](/notes/notes/common-system-task-info/powershell.md)
- [App Pentest Toolkit](/notes/notes/app-pentest-toolkit.md)