Every stage of the exam, mapped to the exact notes I reach for.
Host discovery, port scans, general recon — always start here.
Per-service deep dives — FTP (21), SSH (22), Telnet (23), SMTP (25/465/587), DNS (53), TFTP (69), Finger (79), Kerberos (88), POP3 (110/995), RPC/Portmap (111), MSRPC (135), NetBIOS (137/138), IMAP (143/993), SNMP (161/162), LDAP (389/636), HTTPS (443), SMB (139/445), IPMI (623), Rsync (873), MSSQL (1433), Oracle TNS (1521), NFS (2049), Docker API (2375/2376), MySQL (3306), RDP (3389), PostgreSQL (5432), WinRM (5985/5986), VNC (5900), X11 (6000), Redis (6379), IRC (6667), CouchDB (5984), Elasticsearch (9200), Memcached (11211), MongoDB (27017).
// no notes yet — add one in Notion and it'll land here
// no notes yet — add one in Notion and it'll land here
// no notes yet — add one in Notion and it'll land here
// no notes yet — add one in Notion and it'll land here
// no notes yet — add one in Notion and it'll land here
// no notes yet — add one in Notion and it'll land here
// no notes yet — add one in Notion and it'll land here
// no notes yet — add one in Notion and it'll land here
// no notes yet — add one in Notion and it'll land here
// no notes yet — add one in Notion and it'll land here
// no notes yet — add one in Notion and it'll land here
// no notes yet — add one in Notion and it'll land here
// no notes yet — add one in Notion and it'll land here
// no notes yet — add one in Notion and it'll land here
// no notes yet — add one in Notion and it'll land here
// no notes yet — add one in Notion and it'll land here
// no notes yet — add one in Notion and it'll land here
// no notes yet — add one in Notion and it'll land here
// no notes yet — add one in Notion and it'll land here
// no notes yet — add one in Notion and it'll land here
// no notes yet — add one in Notion and it'll land here
// no notes yet — add one in Notion and it'll land here
// no notes yet — add one in Notion and it'll land here
// no notes yet — add one in Notion and it'll land here
// no notes yet — add one in Notion and it'll land here
// no notes yet — add one in Notion and it'll land here
// no notes yet — add one in Notion and it'll land here
// no notes yet — add one in Notion and it'll land here
// no notes yet — add one in Notion and it'll land here
// no notes yet — add one in Notion and it'll land here
// no notes yet — add one in Notion and it'll land here
OWASP Top 10 in practice — SQLi, XSS, SSRF, LFI/RFI, XXE, IDOR, SSTI, command/file-upload, auth bypass, JWT/OAuth, API/GraphQL, deserialization, path traversal, CMS (WordPress/Drupal/Joomla), WebDAV, and app-server bugs (Tomcat, IIS, Jenkins, Spring, Log4j).
Hash cracking, wordlists, spraying, brute force, credential re-use.
Reverse/bind shells, TTY upgrades, file-transfer tricks, webshells.
Sudo, SUID, capabilities, cron, kernel, GTFOBins, LinPEAS.
WinPEAS, token abuse, service misconfig, UAC bypass, potato family.
AD attack paths, Kerberos, BloodHound, ACLs, trusts, DCSync/DCShadow.
Port forwarding, SOCKS, chisel, ligolo, proxychains, SSH tunnels.
Exam report template, methodology, mental models, checklists.
Notes that didn't match any category yet. Rename them or add keywords.
Looking for something specific? Search the full knowledge base.
Open notes →