Techniques for collecting public and private information about a target system or organization, fundamental in the initial phase of an attack.

Methods for identifying open ports, active services, and connected devices through network and port scanning.

Strategies for identifying users, groups, and active services on a system with the aim of identifying potential weak points.

Techniques and tools for detecting known vulnerabilities in systems, applications, or network configurations.

Approaches used to gain access to remote systems and maintain presence over time without being detected.

Classification of malware and their modes of spread, execution, and behavior within a system.

Techniques for intercepting data and communications, as well as for hijacking active sessions of users or administrators.

Analysis of social engineering methods used to manipulate users and gain unauthorized access to systems or information.

Attack techniques aimed at vulnerabilities in web applications, such as SQL injection, XSS, and client-side attacks.