Competencies: Security > Offensive Security

Offensive Security

Body of Knowledge

Topic	Description	Relevance	Career Tracks
Reconnaissance	OSINT gathering, DNS enumeration, subdomain discovery, port scanning (nmap), service fingerprinting, social engineering recon.	Critical	Penetration Tester, Red Team, Security Engineer
Vulnerability Scanning	Nessus, OpenVAS, Qualys, vulnerability identification, false positive analysis, scan scheduling, authenticated vs unauthenticated.	Critical	Vulnerability Analyst, Penetration Tester, Security Engineer
Web Application Testing	OWASP Testing Guide, Burp Suite, SQL injection, XSS, CSRF, authentication bypass, session management, API testing.	Critical	Penetration Tester, Application Security Engineer
Network Penetration Testing	Network pivoting, lateral movement, password spraying, Kerberoasting, LLMNR/NBT-NS poisoning, relay attacks.	High	Penetration Tester, Red Team
Exploitation Frameworks	Metasploit, Cobalt Strike, Sliver, payload generation, post-exploitation, privilege escalation, persistence mechanisms.	High	Penetration Tester, Red Team
Privilege Escalation	Linux privesc (SUID, sudo, kernel exploits), Windows privesc (token impersonation, UAC bypass), enumeration scripts.	High	Penetration Tester, Red Team
Password Attacks	Hashcat, John the Ripper, rainbow tables, password spraying, credential stuffing, hash extraction, cracking strategies.	High	Penetration Tester, Security Engineer
Active Directory Attacks	BloodHound, Mimikatz, DCSync, Golden/Silver tickets, AS-REP roasting, delegation attacks, forest trust abuse.	High	Penetration Tester, Red Team
Wireless Attacks	Aircrack-ng, evil twin, deauthentication, WPA handshake capture, PMKID attacks, rogue AP detection.	Medium	Penetration Tester, Wireless Security
Social Engineering	Phishing campaigns, pretexting, vishing, physical security testing, USB drops, security awareness assessment.	Medium	Penetration Tester, Red Team, Security Awareness
Red Team Operations	Adversary emulation, C2 infrastructure, OPSEC, TTPs mapping to MITRE ATT&CK, purple teaming, reporting.	Medium	Red Team, Security Architect

Topic

Description

Relevance

Career Tracks

Reconnaissance

OSINT gathering, DNS enumeration, subdomain discovery, port scanning (nmap), service fingerprinting, social engineering recon.

Critical

Penetration Tester, Red Team, Security Engineer

Vulnerability Scanning

Nessus, OpenVAS, Qualys, vulnerability identification, false positive analysis, scan scheduling, authenticated vs unauthenticated.

Critical

Vulnerability Analyst, Penetration Tester, Security Engineer

Web Application Testing

OWASP Testing Guide, Burp Suite, SQL injection, XSS, CSRF, authentication bypass, session management, API testing.

Critical

Penetration Tester, Application Security Engineer

Network Penetration Testing

Network pivoting, lateral movement, password spraying, Kerberoasting, LLMNR/NBT-NS poisoning, relay attacks.

High

Penetration Tester, Red Team

Exploitation Frameworks

Metasploit, Cobalt Strike, Sliver, payload generation, post-exploitation, privilege escalation, persistence mechanisms.

High

Penetration Tester, Red Team

Privilege Escalation

Linux privesc (SUID, sudo, kernel exploits), Windows privesc (token impersonation, UAC bypass), enumeration scripts.

High

Penetration Tester, Red Team

Password Attacks

Hashcat, John the Ripper, rainbow tables, password spraying, credential stuffing, hash extraction, cracking strategies.

High

Penetration Tester, Security Engineer

Active Directory Attacks

BloodHound, Mimikatz, DCSync, Golden/Silver tickets, AS-REP roasting, delegation attacks, forest trust abuse.

High

Penetration Tester, Red Team

Wireless Attacks

Aircrack-ng, evil twin, deauthentication, WPA handshake capture, PMKID attacks, rogue AP detection.

Medium

Penetration Tester, Wireless Security

Social Engineering

Phishing campaigns, pretexting, vishing, physical security testing, USB drops, security awareness assessment.

Medium

Penetration Tester, Red Team, Security Awareness

Red Team Operations

Adversary emulation, C2 infrastructure, OPSEC, TTPs mapping to MITRE ATT&CK, purple teaming, reporting.

Medium

Red Team, Security Architect

Personal Status

Topic	Level	Evidence	Active Projects	Gaps
To be populated	—	—	—	—

Topic

Level

Evidence

Active Projects

Gaps

To be populated

—