// THE CODEX · 必修 · MUST KNOW

TEN TECHNIQUES
EVERY HACKER MUST MASTER

ハッカー必読の秘伝

Not a course — a scroll. The core canon every operator carries in their head: the ten ideas that turn a script-kiddie into a hacker. Unlock each technique to master it and rank up.

◈ TECHNIQUES MASTERED0 / 10
👑 S-RANK HACKER UNLOCKED
01
TECHNIQUE 01RANK S
キルチェーン

SEVEN GATES

The Cyber Kill Chain

Every intrusion walks the same seven stages. Break a single link and the whole attack collapses.

  • Recon → Weaponize → Deliver → Exploit → Install → C2 → Actions — the seven gates of Lockheed Martin's model.
  • Attackers must pass all seven; defenders only need to break one.
  • Every tool and lesson on this site maps to a gate — recon (nmap), exploit (web/binary), C2 (reverse shell).
  • Ask of any finding: which gate does this open?
⚔ Train this · Network Security

✓ MASTERED · 秘伝伝授

02
TECHNIQUE 02RANK S
攻撃者の眼

ADVERSARY EYE

The Attacker Mindset

The rarest skill and the one no tool grants: seeing systems as goals and trust, not features.

  • Assume every input is hostile until proven otherwise.
  • Chase the weakest link, not the strongest wall — attackers pick the path, defenders must cover them all.
  • Abuse intended functionality; the best exploits use features exactly as designed.
  • Delete the phrase "no one would ever do that" from your vocabulary.
⚔ Train this · Cybersecurity Fundamentals

✓ MASTERED · 秘伝伝授

03
TECHNIQUE 03RANK A
偵察

GHOST WALK

Reconnaissance

You cannot hit what you cannot see. The bigger your map, the smaller the exploit you need.

  • Passive first (OSINT, DNS, TLS certs, Google dorks) — no packets, no trace.
  • Then active: nmap for ports/services/versions, dirb/ffuf for hidden paths.
  • Enumerate relentlessly — 80% of the work is mapping, 20% is the shot.
  • Every open port is a door; every version number is a lead.
⚔ Train this · OSINT

✓ MASTERED · 秘伝伝授

04
TECHNIQUE 04RANK S
十の罪

TEN SINS

OWASP Top 10

Nine out of ten web hacks are the same ten flaws. Learn them and you own most of the web.

  • Broken Access Control & Injection (SQLi) top the list year after year.
  • Also: Cryptographic Failures, Insecure Design, Misconfiguration, Vulnerable Components, Auth Failures, SSRF.
  • Every bug bounty payout is one of these wearing a disguise.
  • Memorise the ten; pattern-match everything you test against them.
⚔ Train this · Web Application Security

✓ MASTERED · 秘伝伝授

05
TECHNIQUE 05RANK A
逆シェル

CALLBACK JUTSU

Reverse Shells

Firewalls block what comes in — so make the target reach out and call you instead.

  • You listen: nc -lvnp 4444. The target connects back to you.
  • Bind shell = target opens a port (often blocked). Reverse shell = target dials out (usually allowed).
  • Upgrade a dumb shell to a real TTY: python3 -c 'import pty;pty.spawn("/bin/bash")'.
  • The moment a shell connects back is the moment you own the box.
⚔ Train this · Python for Hackers

✓ MASTERED · 秘伝伝授

06
TECHNIQUE 06RANK A
権限昇格

ASCENSION

Privilege Escalation

A foothold gets you uid=1000. The prize is uid=0. Ascension is the climb between.

  • Hunt SUID binaries, sudo misconfigs (GTFOBins), writable cron, and Linux capabilities.
  • Enumerate first (sudo -l, find / -perm -4000) — the box tells you how to own it.
  • On Windows the same idea = tokens, services, and unquoted paths.
  • Root/SYSTEM is not luck — it is a checklist walked patiently.
⚔ Train this · Linux for Hackers

✓ MASTERED · 秘伝伝授

07
TECHNIQUE 07RANK B
一方通行

ONE-WAY GATE

Hashing vs Encryption vs Encoding

Confuse these three and you will misjudge every finding. Know which door swings back.

  • Hashing = one-way, irreversible (passwords → bcrypt/argon2, always salted).
  • Encryption = two-way, needs a key (AES, RSA) — reversible by design.
  • Encoding (Base64, hex) = not security — just a costume, decode it instantly.
  • See a hash? You crack or bypass. See ciphertext? You hunt the key.
⚔ Train this · Cryptography for Hackers

✓ MASTERED · 秘伝伝授

08
TECHNIQUE 08RANK B
三柱

THREE PILLARS

The CIA Triad

All of security reduces to three words. Every attack breaks one pillar; every defence guards one.

  • Confidentiality — only the right eyes (leaks break this).
  • Integrity — data unaltered (tampering breaks this).
  • Availability — up when needed (DoS breaks this).
  • Explain any finding by which pillar it shatters — that is impact.
⚔ Train this · Cybersecurity Fundamentals

✓ MASTERED · 秘伝伝授

09
TECHNIQUE 09RANK B
港図

PORT MAP

Common Ports

Ports are doors. A real operator reads the usual suspects on sight, no lookup needed.

  • 22 SSH · 80/443 HTTP(S) · 21 FTP · 25 SMTP · 53 DNS
  • 445 SMB · 3389 RDP · 3306 MySQL · 5432 Postgres · 6379 Redis
  • An open port is an attack surface; a version banner is a lead.
  • Nmap shows the doors — knowing them by heart shows the way in.
⚔ Train this · Network Security

✓ MASTERED · 秘伝伝授

10
TECHNIQUE 10RANK A
弱点の名

THE NAMING

CVE & CVSS

Every known weakness has a true name and a danger score. Learn to read both at a glance.

  • CVE-YYYY-NNNNN — the unique name of a public vulnerability.
  • CVSS 0–10 — its severity score (9.0+ = drop everything).
  • Hunt them on NVD and exploit-db; a version + a CVE = a way in.
  • Patching is just breaking the exploit before the attacker fires it.
⚔ Train this · Bug Bounty Mastery

✓ MASTERED · 秘伝伝授

Scroll mastered. Now wield it.

The Codex is the map. The courses are the training ground — real Docker labs where you fire every technique at targets you own.

Enter the courses 🔥