Notes
Loading… synced live from Notion. Use the sidebar to browse the tree or search across every note.
01Recon & Enumeration
3 notesHost discovery, port scans, general recon — always start here.
02Service Enumeration
10 notesPer-service deep dives — FTP (21), SSH (22), Telnet (23), SMTP (25/465/587), DNS (53), TFTP (69), Finger (79), Kerberos (88), POP3 (110/995), RPC/Portmap (111), MSRPC (135), NetBIOS (137/138), IMAP (143/993), SNMP (161/162), LDAP (389/636), HTTPS (443), SMB (139/445), IPMI (623), Rsync (873), MSSQL (1433), Oracle TNS (1521), NFS (2049), Docker API (2375/2376), MySQL (3306), RDP (3389), PostgreSQL (5432), WinRM (5985/5986), VNC (5900), X11 (6000), Redis (6379), IRC (6667), CouchDB (5984), Elasticsearch (9200), Memcached (11211), MongoDB (27017).
03Web Exploitation
26 notesOWASP Top 10 in practice — SQLi, XSS, SSRF, LFI/RFI, XXE, IDOR, SSTI, command/file-upload, auth bypass, JWT/OAuth, API/GraphQL, deserialization, path traversal, CMS (WordPress/Drupal/Joomla), WebDAV, and app-server bugs (Tomcat, IIS, Jenkins, Spring, Log4j).
- 🕸️Web Exploitation Cheatsheetguide
- 🧭Web Attack Chainguide
- 🕸️Apisguide
- 🕸️Brute Forcing And Sprayingguide
- 🕸️Checklistguide
- 🕸️Command Injectionguide
- 🕸️Compiling Exploitsguide
- 🕸️Directory Traversalguide
- 🕸️File Uploadguide
- 🕸️Footholdguide
- 🕸️LFI And RFIguide
- 🕸️LFI And RFI Php Wrappersguide
- 🕸️Miscguide
- 🕸️Node.Jsguide
- 🕸️Payloadsguide
- 🕸️Php Applicationsguide
- 🕸️Source Codeguide
- 🕸️SQL Injectionguide
- 🕸️SQL Injection MSSQL Cheatsheetguide
- 🕸️SQL Injection MySQL Cheatsheetguide
- 🕸️SQL Injection Pageguide
- 🕸️SQL Injection Payloadsguide
- 🕸️SQL Injection Postgres Cheatsheetguide
- 🕸️SQL Injection Sqlmapguide
- 🕸️SSRFguide
- 🕸️XSSguide
04Password Attacks
2 notesHash cracking, wordlists, spraying, brute force, credential re-use.
06Shells & File Transfers
2 notesReverse/bind shells, TTY upgrades, file-transfer tricks, webshells.
07PrivEsc — Linux
42 notesSudo, SUID, capabilities, cron, kernel, GTFOBins, LinPEAS.
- 🐧Linux PrivEsc Cheatsheetguide
- 🧭Linux PrivEsc Attack Chainguide
- ✅PrivEsc Checklistguide
- 🐧Automated Toolsguide
- 🐧Capabilitiesguide
- 🐧Checklistguide
- 🐧Cron Jobsguide
- 🐧Dockerguide
- 🐧Etc Passwd Overrideguide
- 🐧Groupsguide
- 🐧Groups Diskguide
- 🐧Groups Lxd Lxcguide
- 🐧Groups Mlocateguide
- 🐧Initial Enumerationguide
- 🐧Initial Enumeration Network Enumerationguide
- 🐧Initial Enumeration Password Huntingguide
- 🐧Initial Enumeration System Enumerationguide
- 🐧Initial Enumeration User Enumerationguide
- 🐧Kernel Exploitsguide
- 🐧Miscguide
- 🐧Misc Abusing Scriptsguide
- 🐧Misc Freebsdguide
- 🐧Misc Library Hijackingguide
- 🐧Misc Php Web Applicationsguide
- 🐧Misc Restricted Shell Escapingguide
- 🐧Misc Wild Cardsguide
- 🐧NFS Root Squashingguide
- 🐧Nginxguide
- 🐧Passwords And File Permissionsguide
- 🐧Passwords And File Permissions Passwordsguide
- 🐧Passwords And File Permissions SSH Keysguide
- 🐧Passwords And File Permissions Weak File Permissionsguide
- 🐧Path Variablesguide
- 🐧Sudoguide
- 🐧Sudo CVE 2019 14287 Sudo U 1 Bin Bashguide
- 🐧Sudo CVE 2019 18634 Pwfeedbackguide
- 🐧Sudo Intended Functionalityguide
- 🐧Sudo Ld Preloadguide
- 🐧Sudo Shell Escapingguide
- 🐧Sudo Simple Ctfguide
- 🐧Suidguide
- 🐧Suid Vulnversityguide
08PrivEsc — Windows
38 notesWinPEAS, token abuse, service misconfig, UAC bypass, potato family.
- 🪟Windows PrivEsc Cheatsheetguide
- 🧭Windows PrivEsc Attack Chainguide
- 🥔SeImpersonatePrivilegeguide
- 📋Post-Exploitation Checklistguide
- 🪟Checklistguide
- 🪟CVE 2019 1388guide
- 🪟CVE 2024 26229 Newguide
- 🪟Dll Hijackingguide
- 🪟Executable Filesguide
- 🪟Getsystemguide
- 🪟Impersonation And Potato Attacksguide
- 🪟Initial Enumeration Automatedguide
- 🪟Initial Enumeration Automated Methodology Greater Than Toolsguide
- 🪟Initial Enumeration Manualguide
- 🪟Initial Enumeration Manual Av And Firewall Enumerationguide
- 🪟Initial Enumeration Manual Network Enumerationguide
- 🪟Initial Enumeration Manual Password Huntingguide
- 🪟Initial Enumeration Manual System Enumerationguide
- 🪟Initial Enumeration Manual User Enumerationguide
- 🪟Kernel Exploitsguide
- 🪟Registyguide
- 🪟Registy Alwaysinstallelevatedguide
- 🪟Registy Autorunsguide
- 🪟Registy Regsvc Aclguide
- 🪟Runasguide
- 🪟Scheduled Tasksguide
- 🪟Service Permissionsguide
- 🪟Service Permissions Binary Pathsguide
- 🪟Service Permissions Unquoted Service Pathsguide
- 🪟Startup Applicationsguide
- 🪟Stored Passwords And Port Forwardingguide
- 🪟User Switchingguide
- 🪟Whoami Privguide
- 🪟Whoami Priv Sebackupprivilegeguide
- 🪟Whoami Priv Semanagevolumeprivilegeguide
- 🪟Whoami Priv Serestoreprivilegeguide
- 🪟Windows Subsystem For Linuxguide
- 🪟Xamppguide
09Active Directory
49 notesAD attack paths, Kerberos, BloodHound, ACLs, trusts, DCSync/DCShadow.
- 🏛️AD Attack Checklistguide
- 🔎AD Enumeration & Attacksguide
- 🎫Kerberos Delegationguide
- 📜ADCS Abuse (ESC1–ESC8)guide
- 🧭AD Attack Chainguide
- 🏛️Checklistguide
- 🏛️Critical Active Directory CVEsguide
- 🏛️Critical Active Directory CVEs Printnightmareguide
- 🏛️Critical Active Directory CVEs Zerologonguide
- 🏛️Initial Attack Strategyguide
- 🏛️Initial Attack Strategy As Rep Roastingguide
- 🏛️Initial Attack Strategy IPv6 Attacksguide
- 🏛️Initial Attack Strategy Kerbruteguide
- 🏛️Initial Attack Strategy Llmnr Poisoningguide
- 🏛️Initial Attack Strategy Miscguide
- 🏛️Initial Attack Strategy Passback Attackguide
- 🏛️Initial Attack Strategy Rpcguide
- 🏛️Initial Attack Strategy Shell Acessguide
- 🏛️Initial Attack Strategy SMB Relayguide
- 🏛️Lateral Movementguide
- 🏛️Lateral Movement DCOMguide
- 🏛️Lateral Movement Lotl WMI And WinRMguide
- 🏛️Lateral Movement Overpass The Hashguide
- 🏛️Lateral Movement Pass The Hashguide
- 🏛️Lateral Movement Pass The Ticketguide
- 🏛️Post Compromise Attacksguide
- 🏛️Post Compromise Attacks AD Cs Attacksguide
- 🏛️Post Compromise Attacks Dumping And Cracking Hashesguide
- 🏛️Post Compromise Attacks Gpp Cpassword Attacksguide
- 🏛️Post Compromise Attacks Kerberoastingguide
- 🏛️Post Compromise Attacks Knock And Pass Kerberosguide
- 🏛️Post Compromise Attacks Lnk File Attacksguide
- 🏛️Post Compromise Attacks Mimikatzguide
- 🏛️Post Compromise Attacks Miscguide
- 🏛️Post Compromise Attacks Nopac Or Nocapguide
- 🏛️Post Compromise Attacks Rpc Password Changeguide
- 🏛️Post Compromise Attacks Silver Ticketguide
- 🏛️Post Compromise Attacks Token Impersonationguide
- 🏛️Post Compromise Enumerationguide
- 🏛️Post Compromise Enumeration Bloodhoundguide
- 🏛️Post Compromise Enumeration Bloodhound Attack Pathsguide
- 🏛️Post Compromise Enumeration Ldapdomaindumpguide
- 🏛️Post Compromise Enumeration Ldapsearchguide
- 🏛️Post Compromise Enumeration Plumhoundguide
- 🏛️Post Domain Compromiseguide
- 🏛️Post Domain Compromise Dumping The Ntds.Ditguide
- 🏛️Post Domain Compromise Golden Ticket Attackguide
- 🏛️Post Domain Compromise Sam Cleanupguide
- 🏛️Post Domain Compromise Shadow Copiesguide
10Pivoting & Tunneling
29 notesPort forwarding, SOCKS, chisel, ligolo, proxychains, SSH tunnels.
- 🔀Pivoting & Tunnelingguide
- 🧭Pivoting Attack Chainguide
- 🚀Av Evasionguide
- 🚀Av Evasion Bypassing AMSIguide
- 🚀Av Evasion Bypassing UACguide
- 🚀Av Evasion Compiling Codeguide
- 🚀Av Evasion Disabling Windows Defenderguide
- 🚀Av Evasion Executable Obfuscationguide
- 🚀C2guide
- 🚀Cleanupguide
- 🚀DNS Tunnelingguide
- 🚀Exfiltrationguide
- 🚀Exfiltration Mimikatzguide
- 🚀Exfiltration Windows Pickleguide
- 🚀File Transfersguide
- 🚀Persistenceguide
- 🚀PGP Ascguide
- 🚀Pivotingguide
- 🚀Pivoting Chiselguide
- 🚀Pivoting Double Pivotguide
- 🚀Pivoting Eumerationguide
- 🚀Pivoting Good To Knowguide
- 🚀Pivoting Good To Know Metasploitguide
- 🚀Pivoting Good To Know Plink.Exeguide
- 🚀Pivoting Good To Know Port Forwarding Via Cguide
- 🚀Pivoting Good To Know Socatguide
- 🚀Pivoting Good To Know Tunnelingguide
- 🚀Pivoting Sshuttleguide
- 🚀Puttyguide
13Report & Methodology
3 notesExam report template, methodology, mental models, checklists.
99Misc
9 notesNotes that didn't match any category yet. Rename them or add keywords.
- 🧪Client Side Attacksguide
- 🧪Client Side Attacks Code Execution Via Windows Libraryguide
- 🧪Client Side Attacks Evil Iconguide
- 🧪Client Side Attacks Odt Filesguide
- 🧪Custom Wordlistsguide
- 🧪Decrypting Secure Stringsguide
- 🧪Fixing Exploitsguide
- 🧪Randomguide
- 🧪Tmuxguide