Pentesting Handbook¶
A compilation of Notes, methodology, and attack command examples. This isn't a textbook — it's a working reference built from lab time: a collection of practical commands as well as thought processes on what works, what order to do it in, and etc.
How to use this¶
Each chapter follows the same structure: a decision tree up front to orient you, followed by sections that go deep on each branch. Read the decision tree first — it tells you when to use the chapter and where you're routing next.
Chapters¶
| # | Chapter | What it covers |
|---|---|---|
| 01 | Recon & Target Mapping | Passive OSINT → active scanning → attack surface triage |
| 02 | Web Attack Surface | Enumeration, common vulns, exploitation patterns |
| 03 | Service & Protocol Exploitation | Non-HTTP services: SMB, FTP, SSH, databases, and more |
| 04 | Foothold Consolidation | Stabilising shells, persistence, situational awareness |
| 05 | Privilege Escalation | Linux and Windows privesc — enumeration to root/SYSTEM |
| 06 | Pivoting, Tunneling & Lateral Movement | Moving through segmented networks |
| 07 | Active Directory Attacks | AD enumeration, Kerberos abuse, domain compromise |
| 08 | Enterprise Kill Chain Capstone | Full attack chain tying all prior chapters together |
Scope & context¶
These notes assume you're working in an authorized engagement environment. Nothing here is meant for unauthorized use.