A personal learning hub for offensive security — web, API, network, Active Directory, Windows / Linux / macOS internals, reverse engineering, exploit development, mobile, cloud red team, red team operations, AI red teaming, smart contracts, applied crypto, code auditing, and bug bounty. Skills aim at real-world applicability — bug bounty, audit, red team, IR — with CTFs as the training ground. Notes are atomic (one topic per file) and cross-linked in Obsidian style — every <span class="wikilink wikilink-broken" title="Unresolved: topic">topic</span> is a jump to that page.

How to read this

🧭 New here? Read the Guide first — how to use this hub, learning patterns that work, realistic timelines, and the anti-patterns to avoid. The field is too big to master; the Guide is about turning that into an advantage.

• Learning paths are zero-to-hero tracks that string topics together in a recommended order with a target depth.
• Topics are atomic notes — one attack class, primitive, or concept per page.
• Playbooks are mermaid decision trees for the “I’m stuck — what next?” moments: recon → foothold, bug-class triage, Linux / Windows / AD privesc, lateral movement, bug-bounty workflow, cloud foothold.
• Tools and References index the tooling and external material the topics link out to.

Solid underline = written note. Dashed red = planned but not yet written.

Pick a starting point

Web and API

• web-application-security · api-security · bug-bounty-methodology · code-auditing

Network and identity

• network-pentesting · active-directory

OS internals, reverse, exploit dev

• reverse-engineering
• windows-internals · advanced-windows-exploitation
• linux-internals · macos-security

Mobile, blockchain, AI

• mobile-security · blockchain-security · ai-red-teaming

Operations and cloud

• red-team-operations · cloud-red-team

Applied disciplines

• Applied cryptography

Browse atomic topics

• Web · API · Network
• Windows · Linux · macOS
• Active Directory · Privilege escalation · Lateral movement
• Reverse engineering · Exploit dev · Red team
• Cloud · AI red teaming · Bug bounty
• Crypto · Forensics & misc · Mobile · Blockchain · Code auditing · AWD

Reference shelves

• Tools — categorised tool index.
• References — external wikis, labs, books, communities.

---

Public sources the notes lean on: HackTricks, HackTricks Cloud, ired.team, PortSwigger Web Security Academy, The Hacker Recipes, OWASP WSTG, and assorted research blogs, conference talks, and security books cited in references.