Penetration Testing Methodology

Practical Penetration Testing References

This repository provides a quick refence to PenTest techniques.

---

Thanks too all for your support by buying me coffee, thanks you so much \o/

---

Sections

• Active Directory Techniques

  • Reconnaissance Unauthenticated
    • Initial Network Enumeration
    • Passive Reconnaissance
    • Active Host Discovery
    • Detect Active Directory Domain
    • MITM - LLMNR/NBT-NS Poisoning
    • Crack NTLMv2 hashes stolen
  • Enumeration Unauthenticated
    • RID Bruteforce Enumerate
    • Brute Forcing
    • Username as Password Attack
    • Password Spraying
  • Authenticated Initial Access
    • AD Password Policy
    • Vulnerability Scanning
    • ESC7 Certificate Authority
    • Coercing Authentication
    • PetitPotam - Authenticated
    • Coercer Tool Identify vulnerabilities
    • Active Directory Enumeration
      • Computer Account Admin
      • Users Generic Write All
      • Targeted Kerberoasting attack
    • Relay Attacks
      • NTLM Relay
    • Kerberos
    • Convert kirbi to Ccache
    • Dump KRBTGT Hash
  • Persistence or Lateral
    • ESC8 NTLM Relay to AD CS
      • Lab CA Configuration
      • Check CA for NTLM
      • CA Enumeration
      • Start NTLM Relay
      • Coercing DC
      • Stolen Certificate
      • Authenticate as DC
      • Computer DCSYNC Attack
      • User DCSYNC Attack
    • Certificate Authority Exploit ESC1..ESC16
    • Other Relay & MITM References
    • IPv6 attacks

• Infrastructure Penetration Testing References

  • Arsenal inventory reference of pentest commands
  • Reconnaissance
  • Enumeration
  • Research
  • Exploitation
    • Hosting
    • File transfer
    • Shells & Payloads
    • Cracking
    • Exploits
    • Metasploit
    • Code Reverse Engineering
  • POST Exploitation
    • Microsoft Windows / AD
    • Linux
  • APIs & Web Applications
    • OWASP Web Application Testing
    • OWASP Large Language Model Apps
  • Attacking Systems
    • Active Directory
    • Email / SMTP / Microsoft Exchange / Outlook Web Access
    • Printers
    • DNS
    • Oracle
    • Wireless
    • OT, SCADA, PLC & EWS
  • Reporting
  • Foundation Skills
    • PenTest Practice Learning Platforms
    • Knowledge-Base

---

Frameworks

• MITRE ATT&CK
• OWASP Application Security Verification Standard - ASVS
• OWASP Artificial Intelligence Security Verification Standard AISVS - LLM
• NIST Cybersecurity Framework

---

Tools are only as powerfull as the hands that use them.  

Tools can reveal a crack in our armor.  

Our job is to find and seal the cracks in the armor.  

Best hackers think like attackers, but act as protectors.

Stay curious, stay ethical, and keep learning.