GTFOBins is a curated list of Unix binaries that can be exploited by an attacker to bypass local security restrictions.

Big repo for Pentest Academy courses.

Component reference
Wifi cards

AC1200

AWUS1900, 50€ https://www.amazon.de/Network-AWUS1900-802-11ac-Ultra-adapter/dp/B01MZD7Z76/ref=sr_1_1?s=computers&ie=UTF8&qid=1547331669&sr=1-1&keywords=AWUS+1900 or the https://www.amazon.de/Alfa-AWUS036ACH-Dual-Adapter-AC1200/dp/B00VEEBOPG/ref=sr_1_1?s=computers&ie=UTF8&qid=1547331743&sr=1-1&keywords=alfa+ac1200
Raspberry PI 3B+

https://www.amazon.de/Raspberry-1373331-Pi-Modell-Mainboard/dp/B07BDR5PDW/ref=sr_1_5?s=computers&ie=UTF8&qid=1547331633&sr=1-5&keywords=raspberry+pi+3+b%2B
Adafruit UBEC

https://www.adafruit.com/product/1385

Burp Decoder : Send the token to the Decoder and try to decode the string

Burp Sequencer : Send request to sequencer and "Start Live Capture"
"Burp Sequencer will repeatedly issue the request and extract the relevant token from the application's responses."

Burp Intruder : Send request to Intruder, and select either "Character frobber" or "Bit flipper" payload type and then start attack.
The "Character frobber" payload type operates on a string input and modifies the value of each character position in turn.

e: Effective
This means the capability is “activated”.

p: Permitted
This means the capability can be used/is allowed.

i: Inherited
The capability is kept by child/subprocesses upon execve() for example.

https://www.insecure.ws/linux/getcap_setcap.html

tar cf /dev/null testfile --checkpoint=1 --checkpoint-action=exec=/bin/bash

www.decompileandroid.com
www.virustotal.com
https://github.com/pjlantz/droidbox

dot %2e
forward slash %2f
backslash %5c

dot %u002e
forward slash %u2215
backslash %u2216

....//
....\/
..../\
....\