Penetration Testing Reference

A reference I compiled while studying for certs and different courses, covering Active Directory attacks, web application vulnerabilities, post-exploitation, and common tools.

Note that these notes were compiled while studying for PJPT (Completed), CRTP, CPTS, and OSCP. AI was used to restructure them into this publishing format.

Contents

• Methodology — Engagement process and pentest phases
• Reconnaissance — Passive OSINT and active scanning
• Enumeration — Network, service, and web enumeration
• Active Directory — Initial access through domain compromise
• Post-Exploitation — Linux and Windows privilege escalation
• Web Attacks — OWASP-class vulnerabilities with working exploits
• Tools — Full command references for common pentest tools
• Exploits & CVEs — Notable vulnerabilities with exploitation steps
• Cheatsheets — Quick-reference command tables

Each section includes attack steps, tool syntax, and remediation guidance. Feel free to make pull request to help expand the notebook.

Link-to-Notebook

---

← Back to projects