HackTheCore

HackTheCore organizes web, API, cloud, identity, mobile, OT, AI and tradecraft content into domain hubs, field notes and assessment references that stay useful while work is in motion.

Offensive security material arranged for operators, not spectators.

Use Areas when you need the full surface map, Pentest when an engagement spans multiple disciplines, and Knowledge when you need fast terminology, exploit classes or protocol context.

Explore areas Open pentest
Areas16
Glossary177
ExamScenario
AccessSimpleX
Assessment focusWeb / Internal / Cloudapplication, infrastructure and control planes
Specialist surfacesIdentity / AI / OTtoken trust, model abuse and industrial risk
Reference depthBriefs / Knowledgetechnical notes, glossary and cross-linked material
Access pathSimpleXdirect contact with reduced exposure
signature
HACKTHECORE // SIGNED BY HACKCOREX
Operating modelDomain-first, evidence-driven.

Move by surface, not by course order. Each route is built to get you from the target class to validation logic, references and supporting notes with minimal overhead.

Assessment useBuilt for live work.

The structure supports scoping, reconnaissance, exploitation, escalation and reporting without forcing an academic reading path.

Reference qualityLow-noise, field-ready.

Pages are written as concise hubs and deeper notes so the material stays useful during active testing, review and documentation.

Primary domains

Start with the surface that matches the objective.

These entry points cover the domains most likely to drive day-to-day offensive work. Open Areas for the complete map when the target spans several technologies or trust zones.

Domain // 02

Pentest

Use the pentest portal when you want the broadest operational hub across the platform.

Open Pentest

Domain // 04

Web

Application trust boundaries, browser-side pressure and classic web exploitation routes.

Open Web

Domain // 05

API

REST, GraphQL, JWT, OAuth/OIDC, object abuse and API fuzzing as a dedicated surface.

Open API

Domain // 06

Cloud

AWS, Azure, GCP, Kubernetes, identities, CI/CD trust and cloud control-plane abuse.

Open Cloud

Domain // 07

Mobile

Android and iOS testing, instrumentation, pinning bypass, storage and mobile reversing.

Open Mobile

Domain // 08

Identity

Entra, Okta, SSO, tenant drift, token abuse, federation and conditional-access pressure.

Open Identity

Domain // 12

OT / ICS

Industrial protocols, PLC/HMI trust, segmentation failures and process-level risk.

Open OT / ICS

Domain // 13

AI Security

Prompt injection, jailbreaks, retrieval abuse, tool misuse and offensive AI operations.

Open AI

Directory

All areas

Open the full domain map to browse all 16 platform areas, including tradecraft, supply chain, knowledge and exam.

Browse all areas

Platform structure

A platform structure designed for real assessments.

HackTheCore is structured around attack surfaces, operator decisions and reference value. The goal is to reduce time spent hunting for context and increase time spent validating what matters.

  • Use Areas for the complete domain map and Academy when you want the broader reading order.
  • Use Pentest when you need the widest operational launch point for a mixed engagement.
  • Use Knowledge and Exam when you need terminology, verification or deliberate repetition.

Recommended routes

Choose the route that matches the objective.

Need broad offensive coverage?Open Pentest for mixed assessments, fast pivots and cross-domain movement.Testing applications or browsers?Go to Web for trust-boundary analysis, exploitation paths and browser-side pressure.Working inside the network?Use Internal Operations for trust mapping, credentials, movement and operator tradecraft.Need privilege escalation?Open Escalation Paths for host-level routes across Linux, Windows and macOS.Covering cloud, identity, AI or OT?Use Areas to pivot into specialist domains without losing the bigger picture.Want to validate recall?Use Exam for English-only practice, explanations and score tracking.