01
TECHNIQUE 01 RANK S
キルチェーン
SEVEN GATES
The Cyber Kill Chain
Every intrusion walks the same seven stages. Break a single link and the whole attack collapses.
◈ Reveal technique
Recon → Weaponize → Deliver → Exploit → Install → C2 → Actions — the seven gates of Lockheed Martin's model.
Attackers must pass all seven; defenders only need to break one .
Every tool and lesson on this site maps to a gate — recon (nmap), exploit (web/binary), C2 (reverse shell).
Ask of any finding: which gate does this open?
⚔ Train this · Network Security
✓ MASTERED · 秘伝伝授
02
TECHNIQUE 02 RANK S
攻撃者の眼
ADVERSARY EYE
The Attacker Mindset
The rarest skill and the one no tool grants: seeing systems as goals and trust, not features.
◈ Reveal technique
Assume every input is hostile until proven otherwise.
Chase the weakest link , not the strongest wall — attackers pick the path, defenders must cover them all.
Abuse intended functionality; the best exploits use features exactly as designed.
Delete the phrase "no one would ever do that" from your vocabulary.
⚔ Train this · Cybersecurity Fundamentals
✓ MASTERED · 秘伝伝授
03
TECHNIQUE 03 RANK A
偵察
GHOST WALK
Reconnaissance
You cannot hit what you cannot see. The bigger your map, the smaller the exploit you need.
◈ Reveal technique
Passive first (OSINT, DNS, TLS certs, Google dorks) — no packets, no trace.
Then active : nmap for ports/services/versions, dirb/ffuf for hidden paths.
Enumerate relentlessly — 80% of the work is mapping, 20% is the shot.
Every open port is a door; every version number is a lead.
⚔ Train this · OSINT
✓ MASTERED · 秘伝伝授
04
TECHNIQUE 04 RANK S
十の罪
TEN SINS
OWASP Top 10
Nine out of ten web hacks are the same ten flaws. Learn them and you own most of the web.
◈ Reveal technique
Broken Access Control & Injection (SQLi) top the list year after year.
Also: Cryptographic Failures, Insecure Design, Misconfiguration, Vulnerable Components, Auth Failures, SSRF.
Every bug bounty payout is one of these wearing a disguise.
Memorise the ten; pattern-match everything you test against them.
⚔ Train this · Web Application Security
✓ MASTERED · 秘伝伝授
05
TECHNIQUE 05 RANK A
逆シェル
CALLBACK JUTSU
Reverse Shells
Firewalls block what comes in — so make the target reach out and call you instead.
◈ Reveal technique
You listen: nc -lvnp 4444. The target connects back to you.
Bind shell = target opens a port (often blocked). Reverse shell = target dials out (usually allowed).
Upgrade a dumb shell to a real TTY: python3 -c 'import pty;pty.spawn("/bin/bash")'.
The moment a shell connects back is the moment you own the box.
⚔ Train this · Python for Hackers
✓ MASTERED · 秘伝伝授
06
TECHNIQUE 06 RANK A
権限昇格
ASCENSION
Privilege Escalation
A foothold gets you uid=1000. The prize is uid=0. Ascension is the climb between.
◈ Reveal technique
Hunt SUID binaries , sudo misconfigs (GTFOBins), writable cron, and Linux capabilities .
Enumerate first (sudo -l, find / -perm -4000) — the box tells you how to own it.
On Windows the same idea = tokens, services, and unquoted paths.
Root/SYSTEM is not luck — it is a checklist walked patiently.
⚔ Train this · Linux for Hackers
✓ MASTERED · 秘伝伝授
07
TECHNIQUE 07 RANK B
一方通行
ONE-WAY GATE
Hashing vs Encryption vs Encoding
Confuse these three and you will misjudge every finding. Know which door swings back.
◈ Reveal technique
Hashing = one-way, irreversible (passwords → bcrypt/argon2, always salted).
Encryption = two-way, needs a key (AES, RSA) — reversible by design.
Encoding (Base64, hex) = not security — just a costume, decode it instantly.
See a hash? You crack or bypass. See ciphertext? You hunt the key.
⚔ Train this · Cryptography for Hackers
✓ MASTERED · 秘伝伝授
08
TECHNIQUE 08 RANK B
三柱
THREE PILLARS
The CIA Triad
All of security reduces to three words. Every attack breaks one pillar; every defence guards one.
◈ Reveal technique
Confidentiality — only the right eyes (leaks break this).
Integrity — data unaltered (tampering breaks this).
Availability — up when needed (DoS breaks this).
Explain any finding by which pillar it shatters — that is impact.
⚔ Train this · Cybersecurity Fundamentals
✓ MASTERED · 秘伝伝授
09
TECHNIQUE 09 RANK B
港図
PORT MAP
Common Ports
Ports are doors. A real operator reads the usual suspects on sight, no lookup needed.
◈ Reveal technique
22 SSH · 80/443 HTTP(S) · 21 FTP · 25 SMTP · 53 DNS
445 SMB · 3389 RDP · 3306 MySQL · 5432 Postgres · 6379 Redis
An open port is an attack surface; a version banner is a lead.
Nmap shows the doors — knowing them by heart shows the way in.
⚔ Train this · Network Security
✓ MASTERED · 秘伝伝授
10
TECHNIQUE 10 RANK A
弱点の名
THE NAMING
CVE & CVSS
Every known weakness has a true name and a danger score. Learn to read both at a glance.
◈ Reveal technique
CVE-YYYY-NNNNN — the unique name of a public vulnerability.
CVSS 0–10 — its severity score (9.0+ = drop everything).
Hunt them on NVD and exploit-db; a version + a CVE = a way in.
Patching is just breaking the exploit before the attacker fires it.
⚔ Train this · Bug Bounty Mastery
✓ MASTERED · 秘伝伝授