Niklas Heringer
hacking things
niklas heringer

security cheatsheets
that actually stick

Pentester-in-training, CTF player, and security blogger. These are the reference sheets I actually use; hands-on, no fluff, with quizzes to make the knowledge stick.

research penetration testing CTF / HackTheBox tooling deep dives
8Cheatsheets
50+Quiz questions
100%Free
web security3
🧩
Web Security

SSTI

Server-side template injection in Jinja2, Twig, Freemarker — detection, payloads, and RCE chains.

20 concepts · 10 quiz Qsmedium
📄
Web Security

XXE Injection

XML external entity attacks — file read, SSRF, blind/OOB exfiltration, and WAF bypass techniques.

22 concepts · 10 quiz Qsmedium
🔐
Web Security

SAML Attacks

Signature wrapping, XML injection, authentication bypass, and common SSO misconfigurations.

18 concepts · 10 quiz Qsadvanced
linux1
🔺
Privilege Escalation

Linux Privesc

SUID, sudo misconfigs, capabilities, cron jobs, writable paths, kernel exploits — the full methodology.

32 concepts · 10 quiz Qsmedium
auth & identity1
🔑
Auth & Identity

Sessions & Auth Tokens

JWT attacks, session fixation, cookie security, token storage mistakes — the full picture of broken auth.

25 concepts · 10 quiz Qsmedium
cves & specific vulns1
CVE Deep-Dive

SAMLStorm

Critical authentication bypass in ruby-saml — how it works, what's exploitable, and how to patch.

deep-dive · 8 quiz Qsadvanced
project management2
📋
Project Management

PM Part 1 — Fundamentals

Stacey Matrix, planning chain, network diagrams, Gantt charts, critical path and milestones — the core of classical PM.

5 topics · 8 quiz Qsmedium
🔄
Project Management

PM Part 2 — Scrum

Roles, artifacts, events, user stories, acceptance criteria, Planning Poker and story point estimation.

6 topics · 10 quiz Qsmedium
no results found; try a different search term