tags
index
table-of-contents
navigation
Pentest Reference Guide V4
[!info] How to use this guide
Each subchapter is a standalone .md file. Use Obsidian's quick switcher (Ctrl+O) to jump directly to any chapter. Internal links use the → XX.X notation throughout all files.
00 · Methodology & Checklists
#
Title
00.0[[00.0 Setup VM|Setup VM]]
00.1[[00.1-PTES-Phase-Overview|PTES Phase Overview]]
00.2[[00.2-Universal-Enumeration-Checklist|Universal Enumeration Checklist]]
00.3[[00.3-Credential-Reuse-Workflow|Credential Reuse Workflow]]
00.4[[00.4-Cross-Service-Attack-Path-Logic|Cross-Service Attack Path Logic]]
00.5[[00.5-OPSEC-Awareness|OPSEC Awareness]]
00.6[[00.6-Low-Hanging-Fruits|Low Hanging Fruits]]
00.7[[00.7 Quick List|Quick List]]
00.8[[00.8-Networking-Fundamentals|Networking Fundamentals]]
00.9[[00.9-Defensive-Networking|Defensive Networking — Firewalls, Segmentation & DMZ]]
00.10[[00.10-Zero-Trust-Architecture|Zero Trust Architecture]]
00.11[[00.11-IAM-PAM-PIM|IAM, PAM & PIM — Identity Fundamentals]]
#
Title
01.1[[01.1-OSINT|OSINT]]
01.2[[01.2-DNS-Enumeration|DNS Enumeration]]
01.3[[01.3-Cloud-Recon|Cloud Recon]]
01.4[[01.4-Scanning-and-Fingerprinting|Scanning & Fingerprinting (Nmap, hping3, NSE)]]
01.5[[01.5-Firewall-IDS-Evasion|Firewall / IDS Evasion]]
02 · Service Enumeration & Exploitation
#
Title
Ports
02.01[[02.01-FTP|FTP / TFTP]]
21, 20, 69/UDP
02.02[[02.02-SSH|SSH]]
22
02.03[[02.03-SMTP|SMTP / SMTPS]]
25, 587
02.04[[02.04-Finger|Finger]]
79
02.05[[02.05-WMI|WMI]]
135
02.06[[02.06-SMB|SMB / NetBIOS / CIFS]]
135, 137/UDP, 138/UDP, 139, 445
02.07[[02.07-IMAP-POP3|IMAP / POP3]]
143, 993, 110, 995
02.08[[02.08-SNMP|SNMP]]
161/UDP, 162/UDP
02.09[[02.09-IPMI|IPMI]]
623/UDP
02.10[[02.10-RSYNC|RSYNC]]
873
02.11[[02.11-NFS-RPC|NFS / RPC]]
2049, 111
02.12[[02.12-RDP|RDP]]
3389
02.13[[02.13-WinRM|WinRM]]
5985, 5986
02.14[[02.14-VNC|VNC]]
5800,5801,5900,5901
02.15[[02.15-Redis|Redis]]
6379
02.16[[02.16-Telnet|Telnet]]
23
03 · Web Application Testing
#
Title
03.1[[03.1-Web-Methodology|Methodology & Testing Order]]
03.2[[03.2-VHost-Subdomain-Enumeration|VHost & Subdomain Enumeration]]
03.3[[03.3-Directory-Content-Discovery|Directory & Content Discovery]]
03.4[[03.4-CMS-Fingerprinting|CMS Fingerprinting]]
03.4a[[03.4a-WordPress|WordPress — Complete Attack Guide]]
03.5[[03.5-Upload-Vulnerabilities|Upload Vulnerabilities]]
03.6[[03.6-SQLi|SQL Injection (Manual + SQLMap)]]
03.7[[03.7-XSS|Cross-Site Scripting (XSS)]]
03.8[[03.8-CSRF|Cross-Site Request Forgery (CSRF)]]
03.9[[03.9-SSRF|Server-Side Request Forgery (SSRF)]]
03.9b[[03.9b-Open-Redirects|Open Redirects]]
03.10[[03.10-SSTI|Server-Side Template Injection (SSTI)]]
03.11[[03.11-XXE|XML External Entity (XXE)]]
03.12[[03.12-LFI-RFI|Local File Inclusion (LFI) / Remote File Inclusion (RFI)]]
03.13[[03.13-IDOR|IDOR & Broken Access Control]]
03.14[[03.14-API-Testing|API Testing]]
03.14b[[03.14b-Prototype-Pollution|Prototype Pollution & npm Vulnerabilities]]
03.15[[03.15-OAuth-SAML|OAuth 2.0 & SAML]]
03.16[[03.16-GraphQL|GraphQL]]
03.17[[03.17-JWT|JWT Attacks]]
03.18[[03.18-Log4Shell|Log4Shell (CVE-2021-44228)]]
03.19[[03.19-BeEF|BeEF Framework]]
#
Title
04.0[[04.0-SQL-Basics|SQL — Language Reference]]
04.2[[04.2-MSSQL|MSSQL — Service Access & Injection Deep Dive]]
04.3[[04.3-MySQL|MySQL — Service Access & Injection Deep Dive]]
04.4[[04.4-Oracle|Oracle — Service Access & Injection Deep Dive]]
04.5[[04.5-PostgreSQL|PostgreSQL — Service Access & Injection Deep Dive]]
04.6[[04.6-SQLite|SQLite]]
04.7[[04.7-NoSQL-MongoDB|NoSQL / MongoDB]]
#
Title
05.0[[05.0-AD-Theory|Active Directory — Theory & Components]]
05.1[[05.1-AD-Enumeration|Enumeration (BloodHound, ldapdomaindump, enum4linux-ng)]]
05.2[[05.2-AD-Credential-Attacks|Credential Attacks (Kerberoasting, AS-REP, Spraying)]]
05.3[[05.3-AD-Hash-Attacks|Hash Attacks (PTH, PTT, Overpass-the-Hash)]]
05.4[[05.4-AD-Lateral-Movement|Lateral Movement (PSExec, WMIExec, SMBExec, Evil-WinRM)]]
05.5[[05.5-AD-Delegation-Attacks|Delegation Attacks (Unconstrained, Constrained, RBCD)]]
05.6[[05.6-ADCS|ADCS Attacks (Certipy, ESC1–ESC8)]]
05.7[[05.7-AD-Privilege-Escalation|Privilege Escalation (DCSync, Golden / Silver Ticket)]]
05.8[[05.8-AD-Persistence|Persistence]]
06 · Windows Post-Exploitation
#
Title
06.0[[06.0-Windows-CLI-Basics|Windows CLI Basics]]
06.1[[06.1-Windows-Information-Gathering|Windows — Post-Exploitation Information Gathering]]
06.2[[06.2-Windows-Privilege-Escalation|Windows — Privilege Escalation]]
06.3[[06.3-Windows-Credential-Dumping|Windows — Credential Dumping]]
06.4[[06.4-AV-EDR-Evasion|AV / EDR Evasion]]
06.5[[06.5-Buffer-Overflow-Windows|Binary Exploitation (Windows)]]
06.6[[06.6-C2-Frameworks|C2 Frameworks (Sliver, Havoc)]]
06.7[[06.7-Windows-Persistence|Persistence & Maintain Access]]
06.8[[06.8-Pivot-Shell-Upgrade-Listener|Shell Upgrade & Listener Routing Through Pivots]]
07 · Linux Post-Exploitation
#
Title
07.0[[07.0-Linux-CLI-Basics|Linux CLI Basics]]
07.1[[07.1-Linux-Information-Gathering|Information Gathering]]
07.2[[07.2-Linux-Privilege-Escalation|Privilege Escalation]]
07.3[[07.3-Linux-Credential-Hunting|Credential Hunting]]
07.4[[07.4-Buffer-Overflow-Linux|Buffer Overflow (Linux)]]
07.5[[07.5-Linux-Persistence|Persistence & Maintain Access]]
08 · Pivoting & Tunneling
#
Title
08.1[[08.1-Pivoting-Concepts|Pivoting & Tunneling — Theory & Concepts]]
08.2[[08.2-SSH-Tunneling|SSH Tunneling]]
08.3[[08.3-Chisel|Chisel]]
08.4[[08.4-Ligolo-ng|Ligolo-ng]]
08.5[[08.5-Metasploit-Pivoting|Metasploit Routing / Pivoting]]
08.6[[08.6-SOCKS-ProxyChains|SOCKS Proxies & ProxyChains]]
#
Title
09.1[[09.1-GCP|Google Cloud Platform (GCP)]]
09.2[[09.2-AWS|Amazon Web Services (AWS)]]
09.3[[09.3-Azure|Microsoft Azure]]
#
Title
10.0[[10.0-Wireless-Concepts|Wireless Concepts — 802.11 Fundamentals]]
10.1[[10.1-WiFi-Recon|WiFi — Reconnaissance & Discovery]]
10.2[[10.2-WEP-Attacks|WEP Cracking]]
10.3[[10.3-WPA2-Attacks|WPA2/WPA3 Cracking & Authentication Attacks]]
10.4[[10.4-WPA3-Attacks|WPA3 Attacks — SAE, Dragonblood & Protocol Vulnerabilities]]
10.5[[10.5-Evil-AP|Evil AP / Rogue Access Point]]
#
Title
11.1[[11.1-Sniffing|Network Sniffing]]
11.2[[11.2-ARP-Poisoning|ARP Poisoning]]
11.3[[11.3-HTTPS-Interception|HTTPS Interception]]
11.4[[11.4-NAC-Bypass|NAC Bypass — 802.1x, MAC Auth & VLAN Attacks]]
#
Title
12.1[[12.1-Reverse-Shells|Reverse Shells]]
12.2[[12.2-Bind-Shells|Bind Shells]]
12.3[[12.3-Web-Shells|Web Shells]]
12.4[[12.4-Shell-Stabilization|Shell Stabilisation & TTY Upgrade]]
12.5[[12.5-MSFVenom|MSFVenom — Payload Generation]]
#
Title
13.1[[13.1-Serving-Files|Serving Files (Attacker → Target)]]
13.2[[13.2-Downloading-Files|Downloading Files (Target Side)]]
13.3[[13.3-Data-Exfiltration|Data Exfiltration]]
13.4[[13.4-Steganography|Steganography]]
14 · Cracking & Wordlists
#
Title
14.1[[14.1-Hash-Cracking|Hash Cracking]]
14.2[[14.2-Hydra-Patator|Hydra & Online Brute Force]]
14.3[[14.3-Custom-Wordlists|Custom Wordlist Generation]]
14.4[[14.4-John|John the Ripper — Deep Reference]]
14.5[[14.5-Hashcat-Rules|Hashcat Rules]]
#
Title
15.0[[15.0-Deployment|Deployment — Web Servers & Cloud]]
15.1[[15.1-Bash-Scripting|Bash Scripting for Pentesting]]
15.2[[15.2-PowerShell-Scripting|PowerShell Scripting for Pentesting]]
15.3[[15.3-Python-Scripting|Python Scripting for Pentesting]]
15.4[[15.4-Go-Scripting|Go Scripting for Pentesting]]
15.5[[15.5-C-Code|C Code for Pentesting]]
15.6[[15.6-JavaScript-Web-Development|JavaScript & Web Development]]
#
Title
16.0[[16.0-Notetaking|Notetaking During an Engagement]]
16.1[[16.1-Findings-Structure|Finding Craft — CVSS, MITRE, Mitigations]]
16.2[[16.2-Executive-Summary|Report Structure & Executive Summary]]
16.3[[16.3-Finding-Card|Finding Card Examples]]
17 · Artificial Intelligence
#
Title
17.1[[17.1-LLM-Theory|LLMs — Tokens, Model Sizes, Context & MCP]]
17.2[[17.2-Prompt-Injection|Prompt Injection]]
17.3[[17.3-Prompting-for-Pentesting|Using LLMs & Agent CLIs for Pentesting]]
17.4[[17.4-AI-Agents|AI Agents — Architecture, MCP & Trust Model]]
17.5[[17.5-Agent-Exploitation|Agent Exploitation & MCP Poisoning]]
17.6[[17.6-Vibe-Coding|Vibe Coding — LLM-Assisted Security Tool Development]]
17.7[[17.7-RAG|RAG — Retrieval-Augmented Generation]]
#
Title
18.1[[18.1-ESP8266-ESP32|ESP8266 & ESP32]]
18.2[[18.2-Arduino|Arduino]]
18.3[[18.3-Signal-Processing|Signal Processing — Capture, Decode & Replay]]
18.4[[18.4-Firmware|Firmware Extraction & Analysis]]
18.5[[18.5-Hardware-Interfaces|Hardware Interfaces — UART, JTAG, SPI, I2C, SWD]]
18.6[[18.6-NFC-RFID|NFC & RFID]]
18.7[[18.7-Serial-Protocols|Serial Protocols — RS-232, RS-485, Modbus, CAN Bus]]
18.8[[18.8-Physical-C2|Physical C2 — Network Tapping & Drop Boxes]]
18.9[[18.9-Bluetooth-BLE|Bluetooth & BLE Hacking]]
18.10[[18.10-Zigbee-ZWave-802154|Zigbee / Z-Wave / 802.15.4 Attacks]]
#
Title
19.0[[19.0-Azure-Fundamentals|Azure Fundamentals — Architecture, Services & Compute]]
19.1[[19.1-Azure-Administrator|Azure Administrator — Entra ID, RBAC, Networking & Core Services]]
19.2[[19.2-Hybrid-Identity-Conditional-Access|Hybrid Identity & Conditional Access]]
19.3[[19.3-Microsoft-Security|Microsoft Security — Defender XDR, Sentinel & Cloud Security]]
19.4[[19.4-Microsoft-365-Licensing|Microsoft 365 — Services, Licensing & Attack Surface]]
#
Title
20.0[[20.0-DevOps-CICD-Concepts|DevOps & CI/CD — Concepts, Pipelines & Attack Surface]]
20.1[[20.1-Docker-Container-Security|Docker & Container Security]]
20.2[[20.2-Kubernetes-Architecture-Attack-Surface|Kubernetes — Architecture & Attack Surface]]
20.3[[20.3-Kubernetes-Exploitation|Kubernetes Exploitation]]
20.4[[20.4-CICD-Pipeline-Attacks|CI/CD Pipeline Attacks — Deeper Dive]]
#
Title
21.0[[21.0-Social-Engineering-Fundamentals|Social Engineering — Fundamentals & Psychology]]
21.1[[21.1-Phishing-Vishing|Phishing & Vishing]]
21.2[[21.2-Physical-Penetration-Testing|Physical Penetration Testing]]
21.3[[21.3-Post-Physical-Insider-Threat|Post-Physical Access & Insider Threat Simulation]]
#
Title
22.0[[22.0-Compliance-Audit-Methodology|Compliance Audit Methodology]]
22.1[[22.1-ISO27001-BSI|ISO 27001, BSI Grundschutz & BSI C5]]
22.2[[22.2-TISAX-SOC2-PCI-DSS|TISAX, SOC 2 & PCI-DSS]]
22.3[[22.3-NIS2-GDPR|NIS2 & DSGVO/GDPR — EU Regulatory Compliance]]
#
Title
23.0[[23.0-Cryptography-Fundamentals|Cryptography Fundamentals & Mathematics]]
23.1[[23.1-Applied-Cryptography|Applied Cryptography — TLS, PKI & Cryptographic Attacks]]
23.2[[23.2-Cryptocurrency-Blockchain|Cryptocurrency & Blockchain]]
#
Title
-
[[Skills/template.md|Page Structure & Layout Template]]