-
- 🌐 Infrastructure Enumeration
- 🛡️ Firewall Evasion
- 🔍 Vulnerability Assessment
- 📂 File Transfer Methods
- 🐚 Shells & Payloads
- 🗄️ Database Services
- 📁 Network Services
- ⚔️ Attacking Common Services
- 🔀 Pivoting, Tunneling & Port Forwarding
- 📋 Module Overview
- 🔧 SSH Tunneling Complete Guide
- 🌐 Dynamic Port Forwarding
- 🔄 Remote Port Forwarding
- ⚡ Chisel SOCKS5 Tunneling
- 🛡️ SSHuttle Pivoting
- 🎯 Meterpreter Tunneling
- 🔗 Socat Redirection
- 🪟 Plink Windows Pivoting
- ⚙️ Netsh Port Forwarding
- 🔌 SocksOverRDP
- 🕸️ Rpivot Web Pivoting
- 🌐 DNS Tunneling with dnscat2
- 📡 ICMP Tunneling with ptunnel-ng
- 🏆 Complete Skills Assessment
- 🏰 Active Directory Enumeration & Attacks
- 🔍 Initial Domain Enumeration
- ☣️ LLMNR/NBT-NS Poisoning from Linux
- 🪟 LLMNR/NBT-NS Poisoning from Windows
- 🔐 Password Policy Enumeration
- 👥 Password Spraying - Target User Lists
- 🐧 Password Spraying from Linux
- 🪟 Password Spraying from Windows
- 🛡️ Security Controls Enumeration
- 🐧 Credentialed Enumeration from Linux
- 🪟 Credentialed Enumeration from Windows
- 🏴☠️ Living Off the Land
- 🎫 Kerberoasting from Linux
- 🎫 Kerberoasting from Windows
- 🔑 ACL Enumeration
- 🎯 ACL Abuse Tactics
- 💎 DCSync Attack
- 🔐 Privileged Access
- 🎭 Kerberos "Double Hop" Problem
- ⚡ Bleeding Edge Vulnerabilities
- 🔧 Miscellaneous Misconfigurations
- 🔗 Domain Trusts Primer
- ⬆️ Child → Parent Trust Attacks
- 🐧 Child → Parent Trust Attacks - from Linux
- 🌲 Cross-Forest Trust Abuse - from Windows
- 🐧 Cross-Forest Trust Abuse - from Linux
- 🎯 Skills Assessment Part I - Complete Walkthrough
- 🚀 Skills Assessment Part II - Advanced Professional Methodology
- 🖥️ Remote Management
- 🕷️ Web Enumeration
- 🌐 Web Application Attacks
- 🔥 Cross-Site Scripting (XSS)
- 📁 File Inclusion
- 📤 File Upload Attacks
- ⚡ Command Injection
- 🌐 Web Attacks
- ⚔️ Attacking Common Applications
- WordPress Discovery & Enumeration
- WordPress Attacks & Exploitation
- Joomla Discovery & Enumeration
- Joomla Attacks & Exploitation
- Drupal Discovery & Enumeration
- Drupal Attacks & Exploitation
- Tomcat Discovery & Enumeration
- Tomcat Attacks & Exploitation
- Jenkins Discovery & Enumeration
- Jenkins Attacks & Exploitation
- Splunk Discovery & Enumeration
- Splunk Attacks & Exploitation
- GitLab Discovery & Enumeration
- ColdFusion Discovery & Enumeration
- IIS Tilde Enumeration
- CGI Shellshock Attacks
- LDAP Injection Attacks
- osTicket Attacks
- PRTG Attacks
- Binary Reverse Engineering
- Other Notable Applications
- 🔐 Password Attacks & Lateral Movement
- 📋 Complete Assessment Workflows
- 🎯 Active Directory Attacks
- ⚔️ Lateral Movement Techniques
- 🪟 Windows Password Attacks
- 🐧 Linux Password Attacks
- 🌐 Network & Service Attacks
- 🔨 Hash Cracking & Tools
- 🪟 Windows Privilege Escalation
- 📋 Module Overview
- 🔍 Situational Awareness
- 📊 Initial Enumeration
- 🔄 Communication with Processes
- 🥔 SeImpersonate & SeAssignPrimaryToken
- 🔍 SeDebugPrivilege
- 🏠 SeTakeOwnershipPrivilege
- 🏛️ Windows Built-in Groups
- 📋 Event Log Readers
- 🌐 DnsAdmins
- 💻 Hyper-V Administrators
- 🖨️ Print Operators
- 🖥️ Server Operators
- 🛡️ UAC Bypass
- 🔐 Weak Permissions
- 💣 Kernel Exploits
- ⚡ Vulnerable Services
- 🔑 Credential Hunting
- 📁 Other Files
- 🕵️ Further Credential Theft
- 🚪 Citrix Breakout
- 👥 Interacting with Users
- 🎯 Pillaging
- 🔧 Miscellaneous Techniques
- 🖥️ Windows Server 2008
- 💻 Windows 7 Exploitation
- 🐧 Linux Privilege Escalation
- 📋 Module Overview
- 🔍 Environment Enumeration
- 🔧 Services & Internals Enumeration
- 🔍 Credential Hunting
- 🛤️ PATH Abuse
- 🌟 Wildcard Abuse
- 🚪 Escaping Restricted Shells
- 🔐 Special Permissions
- ⚡ Sudo Rights Abuse
- 👑 Privileged Groups
- 🎭 Capabilities
- ⚙️ Vulnerable Services
- ⏰ Cron Job Abuse
- 🐳 LXD Container Escape
- 🐋 Docker Container Escape
- 📜 Logrotate Exploitation
- 🔧 Miscellaneous Techniques
- 📚 Shared Libraries
- 🎯 Shared Object Hijacking
- 🐍 Python Library Hijacking
- 🚨 Sudo CVE Exploits
- 🔐 Polkit/Pwnkit
- 💧 Dirty Pipe
- 🌐 Netfilter Kernel Exploits
- 🛡️ Linux Hardening
- 📋 Documentation & Reporting
- 🌐 Attacking Enterprise Networks
-
- Injection Attacks
- Attacking Authentication Mechanisms
- Advanced XSS and CSRF Exploitation
- Lab Environment
- [CSRF Exploitation]
- [XSS Exploitation]
- Skills Assessment
- Abusing HTTP Misconfigurations
- [Host Header Attacks]
- [Web Cache Poisoning]
- [Session Puzzling]
- Skills Assessment
- HTTP Attacks
- [CRLF Injection]
- [HTTP Request Smuggling]
- [HTTP/2 Downgrading]
- Skills Assessment
- HTTPS/TLS Attacks
- [Introduction to HTTPS/TLS]
- [Padding Oracle Attacks]
- [Misc Attacks & Misconfigurations]
- [Further Attacks]
- Testing TLS Configuration
- Skills Assessment
- Blind SQL Injection
- Introduction to Blind SQLi
- [Boolean-based SQLi]
- [Time-based SQLi]
- [MSSQL-specific Attacks]
- Prevention
- Skills Assessment
- Whitebox Pentesting
- [Process]
- [Code Review Case Study]
- [Local Testing Case Study]
- [PoC Case Study]
- Applied Patching
- Modern Web Exploitation
- [DNS Rebinding]
- [Second-Order Attacks]
- [WebSocket Attacks]
- Skills Assessment
- [Deserialization Attacks]
- Introduction to Serialization
- Introduction to Deserialization Attacks
- [PHP Deserialization]
-
- 🎯 Quick Reference
- ✅ Master Checklist
- 📊 Mind Maps & Attack Flows
- 🎯 Active Directory Techniques
- 🌐 Web & Wireless