Breaking into Information Security: Learning the Ropes 101

At first, I expected this book to be sort of a tutorial on how to be a script kiddie - I usually prefer low level technical details instead of the superficial concept, but luckily, the book provides not only different tools for the job as I'd anticipated, but also points to some links that I hope are going to be useful. Furthermore, the author advocates for trying to develop the tools yourself. Frankly, I wanted more guidance on that, not on familiarizing myself superficially with Burp's UI.

I summarized a few lists on cool tools/attacks that the author mentions throughout the book. Most of them I've never heard of, which is great, since it means the book served some purpose :)

Tools:
- Empire
- Poshc2
- Powersploit
- Nmap
- Massscan
- Metasploit
- Nikto
- Sqlmap
- Eyewitness
- Dirb
- Spiderfoot
- Maltego
- Recon-NG
- Subbrute
- Sublist3r
- Knockpy
- DNS Parallel Prober

- Theharvester

Terminology:
IDS - Intrusion detection system
IPS - Intrusion prevention system
Proxy chaining - Forwarding traffic from one proxy server to another
Google hacking - using operators in the Google search engine to locate specific sections of text on websites that are evidence of vulnerabilities

Vulnerabilities:
- Username enumeration
- Stealing/replaying session cookies
- Cross site request forgery
- Open redirection
- Reflected XSS
- Http header injection
- Arbitrary redirection
- Stored attacks
- OS command injection
- Path traversal
- File inclusion (remote, local)
- SOAP, LDAP, XPath, XXE, SMTP injection

Lastly, I really appreciate the links provided by the author to blogs and users posting content relevant to the book on their social media, because finding a community you can learn from and observe is hard, but immensely useful and encouraging.