AUTHORIZED USE ONLY — all techniques documented here assume a lawful, authorized engagement environment. nothing here is intended for unauthorized access.
Handbook Chapters
browse all →
$ ls -la ~/pentest-handbook/
drwxr-xr-x01
Recon & Target Mapping/
Passive OSINT → active scanning → attack surface triage
drwxr-xr-x02
Web Attack Surface/
Enumeration, common vulns, exploitation patterns
drwxr-xr-x03
Service & Protocol Exploitation/
Non-HTTP services: SMB, FTP, SSH, databases, and more
drwxr-xr-x04
Foothold Consolidation/
Stabilising shells, persistence, situational awareness
drwxr-xr-x05
Privilege Escalation/
Linux and Windows privesc — enumeration to root/SYSTEM
drwxr-xr-x06
Pivoting, Tunneling & Lateral Movement/
Moving through segmented networks
drwxr-xr-x07
Active Directory Attacks/
AD enumeration, Kerberos abuse, domain compromise
drwxr-xr-x08
Enterprise Kill Chain Capstone/
Full attack chain tying all prior chapters together
Latest Posts
browse all →
$ ls -lt ~/blog/