> For the complete documentation index, see [llms.txt](https://ttp.parzival.sh/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://ttp.parzival.sh/pentesting.md).

# Pentesting

- [Fortress](https://ttp.parzival.sh/pentesting/fortress.md): Notes on attacking the fortress (external perimiter)
- [Automation](https://ttp.parzival.sh/pentesting/fortress/automation.md)
- [Cisco](https://ttp.parzival.sh/pentesting/fortress/cisco.md)
- [Cisco Adaptive Security Appliance](https://ttp.parzival.sh/pentesting/fortress/cisco/cisco-adaptive-security-appliance.md)
- [Cisco Smart Install](https://ttp.parzival.sh/pentesting/fortress/cisco/cisco-smart-install.md)
- [CMS](https://ttp.parzival.sh/pentesting/fortress/cms.md)
- [Drupal](https://ttp.parzival.sh/pentesting/fortress/cms/drupal.md)
- [Wordpress](https://ttp.parzival.sh/pentesting/fortress/cms/wordpress.md)
- [Exchange](https://ttp.parzival.sh/pentesting/fortress/exchange.md)
- [Office365](https://ttp.parzival.sh/pentesting/fortress/spray_microsoft.md): A list of tools and resources that I use for password spraying Microsoft products.
- [Okta](https://ttp.parzival.sh/pentesting/fortress/okta.md)
- [Outlook Web Access (OWA)](https://ttp.parzival.sh/pentesting/fortress/outlook-web-access-owa.md)
- [SSH](https://ttp.parzival.sh/pentesting/fortress/ssh.md)
- [Subdomain Takeover](https://ttp.parzival.sh/pentesting/fortress/subdomain-takeovers.md): MITRE ATT\&CK, Resource Development, Sub-technique T1584.001
- [Infrastructure](https://ttp.parzival.sh/pentesting/infrastructure.md)
- [Active Directory](https://ttp.parzival.sh/pentesting/infrastructure/active-directory.md)
- [AD CS](https://ttp.parzival.sh/pentesting/infrastructure/active-directory/ad-cs.md)
- [Coercing Authentication](https://ttp.parzival.sh/pentesting/infrastructure/active-directory/coercing-authentication.md)
- [Credential Dumping](https://ttp.parzival.sh/pentesting/infrastructure/active-directory/os-credential-dumping.md): MITRE ATT\&CK, Credential Access, ID TA0006
- [Cached Domain Credentials](https://ttp.parzival.sh/pentesting/infrastructure/active-directory/os-credential-dumping/cached-domain-credentials.md): MITRE ATT\&CK, Credential Access, Sub-technique T1003.005
- [Data Protection API (DPAPI)](https://ttp.parzival.sh/pentesting/infrastructure/active-directory/os-credential-dumping/data-protection-api-dpapi.md)
- [Group Policy Preferences](https://ttp.parzival.sh/pentesting/infrastructure/active-directory/os-credential-dumping/group-policy-preferences.md): MITRE ATT\&CK, Credential Access, Sub-technique T1552.006
- [LSA Secrets](https://ttp.parzival.sh/pentesting/infrastructure/active-directory/os-credential-dumping/lsa-secrets.md): MITRE ATT\&CK, Credential Access, Sub-technique T1003.004
- [LSASS Memory](https://ttp.parzival.sh/pentesting/infrastructure/active-directory/os-credential-dumping/lsass-memory.md): MITRE ATT\&CK, Credential Access, Sub-technique T1003.001
- [NTDS](https://ttp.parzival.sh/pentesting/infrastructure/active-directory/os-credential-dumping/ntds.md)
- [Security Account Manager (SAM)](https://ttp.parzival.sh/pentesting/infrastructure/active-directory/os-credential-dumping/security-account-manager-sam.md): MITRE ATT\&CK, Credential Access, Sub-technique T1003.002
- [Kerberos Tickets](https://ttp.parzival.sh/pentesting/infrastructure/active-directory/os-credential-dumping/kerberos-tickets.md): MITRE ATT\&CK, Credential Access, Technique T1558
- [Unsecured Credentials](https://ttp.parzival.sh/pentesting/infrastructure/active-directory/os-credential-dumping/unsecured_credentials-1.md): MITRE ATT\&CK, Credential Access, Technique T1552
- [WDigest](https://ttp.parzival.sh/pentesting/infrastructure/active-directory/os-credential-dumping/wdigest.md)
- [WiFi Profiles](https://ttp.parzival.sh/pentesting/infrastructure/active-directory/os-credential-dumping/wifi-profiles.md)
- [Delegation Abuse](https://ttp.parzival.sh/pentesting/infrastructure/active-directory/delegation-abuse.md)
- [Constrained Delegation](https://ttp.parzival.sh/pentesting/infrastructure/active-directory/delegation-abuse/constrained-delegation.md)
- [Unconstrained Delegation](https://ttp.parzival.sh/pentesting/infrastructure/active-directory/delegation-abuse/unconstrained-delegation.md)
- [Domain Enumeration](https://ttp.parzival.sh/pentesting/infrastructure/active-directory/domain_enumeration.md)
- [Domain Dominance](https://ttp.parzival.sh/pentesting/infrastructure/active-directory/domain-dominance.md)
- [Forge Golden Ticket](https://ttp.parzival.sh/pentesting/infrastructure/active-directory/domain-dominance/create_golden_ticket.md): MITRE ATT\&CK, Credential Access, Technique T1558.001
- [Forge Silver Ticket](https://ttp.parzival.sh/pentesting/infrastructure/active-directory/domain-dominance/create-silver-ticket.md): MITRE ATT\&CK, Credential Access, Technique T1558.002
- [Forge Trust Ticket](https://ttp.parzival.sh/pentesting/infrastructure/active-directory/domain-dominance/forge-trust-ticket.md)
- [Skeleton Key](https://ttp.parzival.sh/pentesting/infrastructure/active-directory/domain-dominance/skeleton_key.md)
- [Group Policy Preferences](https://ttp.parzival.sh/pentesting/infrastructure/active-directory/group-policy-preferences.md)
- [Kerberos](https://ttp.parzival.sh/pentesting/infrastructure/active-directory/kerberos.md)
- [AS-REP Roasting](https://ttp.parzival.sh/pentesting/infrastructure/active-directory/kerberos/as-rep-roasting.md)
- [Kerberoasting](https://ttp.parzival.sh/pentesting/infrastructure/active-directory/kerberos/kerberoasting.md)
- [Kerberos Relaying](https://ttp.parzival.sh/pentesting/infrastructure/active-directory/kerberos/kerberos-relaying.md)
- [Lateral Movement](https://ttp.parzival.sh/pentesting/infrastructure/active-directory/lateral_movement.md): MITRE ATT\&CK, Lateral Movement, ID TA0008
- [PowerShell](https://ttp.parzival.sh/pentesting/infrastructure/active-directory/lateral_movement/exploitation_with_powershell.md): MITRE ATT\&CK, Execution, Technique T1059.001
- [Windows Remote Management (WinRM)](https://ttp.parzival.sh/pentesting/infrastructure/active-directory/lateral_movement/winrm.md): MITRE ATT\&CK, Lateral Movement, Sub-technique T1021.006
- [Local Administrator Password Solution (LAPS)](https://ttp.parzival.sh/pentesting/infrastructure/active-directory/local-administrator-password-solution-laps.md)
- [NoPac](https://ttp.parzival.sh/pentesting/infrastructure/active-directory/nopac.md)
- [NTLMv1](https://ttp.parzival.sh/pentesting/infrastructure/active-directory/ntlmv1.md)
- [Password Cracking](https://ttp.parzival.sh/pentesting/infrastructure/active-directory/password_cracking.md): MITRE ATT\&CK, Credential Access, Sub-technique T1110.002
- [Password Policy](https://ttp.parzival.sh/pentesting/infrastructure/active-directory/password-policy.md)
- [Password Spraying](https://ttp.parzival.sh/pentesting/infrastructure/active-directory/password-spraying.md): Methodology for performing password spraying attacks against active directory
- [Reconnaissance](https://ttp.parzival.sh/pentesting/infrastructure/active-directory/reconnaissance.md)
- [Relaying](https://ttp.parzival.sh/pentesting/infrastructure/active-directory/relaying.md)
- [LDAP Relaying](https://ttp.parzival.sh/pentesting/infrastructure/active-directory/relaying/ldap-relaying.md)
- [SMB Relaying](https://ttp.parzival.sh/pentesting/infrastructure/active-directory/relaying/smb-relaying.md)
- [Shadow Credentials](https://ttp.parzival.sh/pentesting/infrastructure/active-directory/shadow-credentials.md)
- [Zerologon](https://ttp.parzival.sh/pentesting/infrastructure/active-directory/zerologon.md)
- [Database Management System (DBMS)](https://ttp.parzival.sh/pentesting/infrastructure/database-management-system-dbms.md)
- [Microsoft SQL Server](https://ttp.parzival.sh/pentesting/infrastructure/database-management-system-dbms/sql-stored-procedures.md): Obtaining a shell after obtaining credentials to a Microsoft SQL Server.
- [Defense Evasion](https://ttp.parzival.sh/pentesting/infrastructure/defense_evasion.md): MITRE ATT\&CK, Defense Evasion, ID TA0005
- [Disable or Modify Tools](https://ttp.parzival.sh/pentesting/infrastructure/defense_evasion/disable_antivirus.md): MITRE ATT\&CK, Defense Evasion, Sub-technique T1562.001
- [Disable Windows Event Logging](https://ttp.parzival.sh/pentesting/infrastructure/defense_evasion/disable-windows-event-logging.md): MITRE ATT\&CK, Defense Evasion, Sub-technique T1562.002
- [Impair Command History Logging](https://ttp.parzival.sh/pentesting/infrastructure/defense_evasion/impair-command-history-logging.md): MITRE ATT\&CK, Defense Evasion, Sub-technique T1562.003
- [Timestomping](https://ttp.parzival.sh/pentesting/infrastructure/defense_evasion/timestomping.md)
- [Low-Hanging Fruit](https://ttp.parzival.sh/pentesting/infrastructure/easy_hacks.md): Easy ways to get a shell
- [Networks](https://ttp.parzival.sh/pentesting/infrastructure/networks.md)
- [IPv6](https://ttp.parzival.sh/pentesting/infrastructure/networks/ipv6.md)
- [LLMNR/NBT-NS Poisoning](https://ttp.parzival.sh/pentesting/infrastructure/networks/poisoning-with-responder.md)
- [Network Scanning](https://ttp.parzival.sh/pentesting/infrastructure/networks/network-scanning.md): MITRE ATT\&CK, Discovery, Technique T1046
- [Network Sniffing](https://ttp.parzival.sh/pentesting/infrastructure/networks/network-sniffing.md): MITRE ATT\&CK, Discovery, Technique T1040
- [Segmentation Testing](https://ttp.parzival.sh/pentesting/infrastructure/networks/segmentation_testing_notes.md): When performing segmentation tests for PCI compliance, there aside from my Nmap scans there are a few things I've wanted to keep jotted down. This section contains my notes.
- [Simple Network Management Protocol (SNMP)](https://ttp.parzival.sh/pentesting/infrastructure/networks/simple-network-management-protocol-snmp.md)
- [Subnet Enumeration](https://ttp.parzival.sh/pentesting/infrastructure/networks/subnet-enumeration.md)
- [Identifying Domain Information](https://ttp.parzival.sh/pentesting/infrastructure/networks/identifying-domain-information.md)
- [Persistence](https://ttp.parzival.sh/pentesting/infrastructure/persistence.md): MITRE ATT\&CK, Persistence, ID TA0003
- [Create Account](https://ttp.parzival.sh/pentesting/infrastructure/persistence/create-account.md): MITRE ATT\&CK, Persistence, Technique T1136
- [Remote Desktop](https://ttp.parzival.sh/pentesting/infrastructure/persistence/remote-desktop.md)
- [Services](https://ttp.parzival.sh/pentesting/infrastructure/persistence/services.md)
- [Service Privilege Escalation / Persistence](https://ttp.parzival.sh/pentesting/infrastructure/persistence/services/service-privilege-escalation-persistence.md)
- [Systemd Service Persistence](https://ttp.parzival.sh/pentesting/infrastructure/persistence/services/systemd-service-persistence.md): MITRE ATT\&CK, Persistence, Sub-technique T1543.002
- [Web Shell](https://ttp.parzival.sh/pentesting/infrastructure/persistence/web-shell.md): MITRE ATT\&CK, Persistence, Sub-technique T1505.003
- [DLL Hijacking](https://ttp.parzival.sh/pentesting/infrastructure/persistence/dll-hijacking.md)
- [Pivoting](https://ttp.parzival.sh/pentesting/infrastructure/protocol-tunneling.md): MITRE ATT\&CK, Command and Control, Technique T1572
- [Privilege Escalation](https://ttp.parzival.sh/pentesting/infrastructure/privilege_escalation.md): MITRE ATT\&CK, Privilege Escalation, ID TA0004
- [Linux](https://ttp.parzival.sh/pentesting/infrastructure/privilege_escalation/linux.md): List of commonly used escalation tools for Linux systems
- [Setuid and Setgid](https://ttp.parzival.sh/pentesting/infrastructure/privilege_escalation/linux/setuid-and-setgid.md): MITRE ATT\&CK, Privilege Escalation, Sub-technique T1548.001
- [Windows](https://ttp.parzival.sh/pentesting/infrastructure/privilege_escalation/windows.md): List of commonly used escalation tools for Windows systems
- [Privilege Abuse](https://ttp.parzival.sh/pentesting/infrastructure/privilege_escalation/windows/abusing-privileges.md)
- [SeImpersonatePrivilege](https://ttp.parzival.sh/pentesting/infrastructure/privilege_escalation/windows/abusing-privileges/seimpersonateprivilege.md)
- [SeLoadDriverPrivilege](https://ttp.parzival.sh/pentesting/infrastructure/privilege_escalation/windows/abusing-privileges/seloaddriverprivilege.md): Privilege escalation using the load and unload device drivers policy (SeLoadDriverPrivilege).
- [Service Exploitation](https://ttp.parzival.sh/pentesting/infrastructure/privilege_escalation/windows/service-exploitation.md): Basic commands when abusing services to elevate privileges after being identified with a tool such as WinPEAS.
- [Initial Access](https://ttp.parzival.sh/pentesting/initial_access.md): MITRE ATT\&CK, Initial Access, ID TA0001
- [Phishing](https://ttp.parzival.sh/pentesting/initial_access/phishing.md): MITRE ATT\&CK, Initial Access, Technique T1566
- [Creating Templates](https://ttp.parzival.sh/pentesting/initial_access/phishing/creating_templates.md)
- [Leveraging AI During Template Creation](https://ttp.parzival.sh/pentesting/initial_access/phishing/creating_templates/leveraging-ai-during-template-creation.md)
- [Payloads](https://ttp.parzival.sh/pentesting/initial_access/phishing/payloads.md)
- [Non-malicious Callback](https://ttp.parzival.sh/pentesting/initial_access/phishing/payloads/non-malicious-callback.md)
- [Macros](https://ttp.parzival.sh/pentesting/initial_access/phishing/payloads/macros.md)
- [OSINT](https://ttp.parzival.sh/pentesting/osint.md)
- [Identifying Users](https://ttp.parzival.sh/pentesting/osint/gather-victim-identity-information.md): MITRE ATT\&CK, Reconnaissance, Technique T1589
- [Network Information](https://ttp.parzival.sh/pentesting/osint/gather-victim-network-information.md): MITRE ATT\&CK, Reconnaissance, Technique T1590
- [Search Engines](https://ttp.parzival.sh/pentesting/osint/search-engines.md): MITRE ATT\&CK Reconnaissance, Technique T1596
- [Web Applications](https://ttp.parzival.sh/pentesting/web-applications.md)
- [Access Control](https://ttp.parzival.sh/pentesting/web-applications/access-control.md)
- [APIs](https://ttp.parzival.sh/pentesting/web-applications/apis.md)
- [Swagger API](https://ttp.parzival.sh/pentesting/web-applications/apis/swagger-api.md)
- [Authentication](https://ttp.parzival.sh/pentesting/web-applications/authentication.md)
- [Account Takeover](https://ttp.parzival.sh/pentesting/web-applications/authentication/account-takeover.md)
- [Clickjacking](https://ttp.parzival.sh/pentesting/web-applications/clickjacking.md)
- [Cross Origin Resource Sharing (CORS)](https://ttp.parzival.sh/pentesting/web-applications/cross-origin-resource-sharing-cors.md)
- [Cross Site Request Forgery (CSRF)](https://ttp.parzival.sh/pentesting/web-applications/cross-site-request-forgery-csrf.md)
- [Document Object Model (DOM)](https://ttp.parzival.sh/pentesting/web-applications/document-object-model-dom.md)
- [File Upload](https://ttp.parzival.sh/pentesting/web-applications/file-upload.md)
- [Google Dorking](https://ttp.parzival.sh/pentesting/web-applications/google-dorking.md)
- [GraphQL](https://ttp.parzival.sh/pentesting/web-applications/graphql.md)
- [HTTP Request Smuggling](https://ttp.parzival.sh/pentesting/web-applications/http-request-smuggling.md)
- [Information Disclosure](https://ttp.parzival.sh/pentesting/web-applications/information-disclosure.md)
- [Insecure Direct Object Reference (IDOR)](https://ttp.parzival.sh/pentesting/web-applications/insecure-direct-object-reference-idor.md)
- [Injection Vulnerabilities](https://ttp.parzival.sh/pentesting/web-applications/injection-vulnerabilities.md)
- [Cross-Site Scripting (XSS)](https://ttp.parzival.sh/pentesting/web-applications/injection-vulnerabilities/cross-site-scripting.md)
- [Blind Cross-Site Scripting](https://ttp.parzival.sh/pentesting/web-applications/injection-vulnerabilities/cross-site-scripting/blind-cross-site-scripting.md)
- [Finding Cross-Site Scripting](https://ttp.parzival.sh/pentesting/web-applications/injection-vulnerabilities/cross-site-scripting/finding-cross-site-scripting.md)
- [Stealing Cookies](https://ttp.parzival.sh/pentesting/web-applications/injection-vulnerabilities/cross-site-scripting/stealing-cookies.md)
- [XSS Payloads](https://ttp.parzival.sh/pentesting/web-applications/injection-vulnerabilities/cross-site-scripting/xss-payloads.md)
- [CSV Injection](https://ttp.parzival.sh/pentesting/web-applications/injection-vulnerabilities/csv-injection.md)
- [XML External Entity Injection (XXE)](https://ttp.parzival.sh/pentesting/web-applications/injection-vulnerabilities/external-entity-injection-xxe.md)
- [LDAP Injection](https://ttp.parzival.sh/pentesting/web-applications/injection-vulnerabilities/ldap-injection.md)
- [NoSQL Injection](https://ttp.parzival.sh/pentesting/web-applications/injection-vulnerabilities/nosql-injection.md)
- [Server-Side Template Injection](https://ttp.parzival.sh/pentesting/web-applications/injection-vulnerabilities/server-side-template-injection.md)
- [SQL Injection](https://ttp.parzival.sh/pentesting/web-applications/injection-vulnerabilities/sql-injection.md)
- [JSON Web Tokens (JWT)](https://ttp.parzival.sh/pentesting/web-applications/json-web-tokens-jwt.md)
- [Local File Inclusion (LFI)](https://ttp.parzival.sh/pentesting/web-applications/local-file-inclusion-lfi.md)
- [OAuth](https://ttp.parzival.sh/pentesting/web-applications/oauth.md)
- [Open Redirection](https://ttp.parzival.sh/pentesting/web-applications/open-redirection.md)
- [Password Reset Poisoning](https://ttp.parzival.sh/pentesting/web-applications/password-reset-poisoning.md)
- [Prototype Pollution](https://ttp.parzival.sh/pentesting/web-applications/prototype-pollution.md)
- [Race Condition](https://ttp.parzival.sh/pentesting/web-applications/race-condition.md)
- [Rate Limit Bypass](https://ttp.parzival.sh/pentesting/web-applications/rate-limit-bypass.md)
- [Remote Code Execution (RCE)](https://ttp.parzival.sh/pentesting/web-applications/remote-code-execution-rce.md)
- [Remote File Inclusion (RFI)](https://ttp.parzival.sh/pentesting/web-applications/remote-file-inclusion-rfi.md)
- [Suspicious Parameters](https://ttp.parzival.sh/pentesting/web-applications/suspicious-parameters.md)
- [Tooling](https://ttp.parzival.sh/pentesting/web-applications/tooling.md)
- [Burp Suite](https://ttp.parzival.sh/pentesting/web-applications/tooling/burp-suite.md): Notes around using and performing testing with Burp Suite
- [Authentication / Proxy Issues](https://ttp.parzival.sh/pentesting/web-applications/tooling/burp-suite/authentication-proxy-issues.md)
- [Intruder Attack Types](https://ttp.parzival.sh/pentesting/web-applications/tooling/burp-suite/intruder_attack_types.md): Brief descriptions of each attack type in Burp Suite Intruder.
- [Match and Replace](https://ttp.parzival.sh/pentesting/web-applications/tooling/burp-suite/match-and-replace.md)
- [Quality of Life](https://ttp.parzival.sh/pentesting/web-applications/tooling/burp-suite/quality-of-life.md)
- [Misc Tooling](https://ttp.parzival.sh/pentesting/web-applications/tooling/misc-tooling.md)
- [WAF Bypasses](https://ttp.parzival.sh/pentesting/web-applications/waf-bypasses.md)
- [WebSockets](https://ttp.parzival.sh/pentesting/web-applications/websockets.md)
- [Web Cache Deception](https://ttp.parzival.sh/pentesting/web-applications/web-cache-deception.md)
- [Web Cache Poisoning](https://ttp.parzival.sh/pentesting/web-applications/web-cache-poisoning.md)
- [Wireless](https://ttp.parzival.sh/pentesting/wireless.md)
- [WPA / WPA2](https://ttp.parzival.sh/pentesting/wireless/wpa-wpa2.md)
- [Alfa Troubleshooting](https://ttp.parzival.sh/pentesting/wireless/wpa-wpa2/alfa-troubleshooting.md)
- [Enterprise](https://ttp.parzival.sh/pentesting/wireless/wpa-wpa2/enterprise.md)
- [Personal](https://ttp.parzival.sh/pentesting/wireless/wpa-wpa2/personal.md)
- [Cloud](https://ttp.parzival.sh/pentesting/cloud.md)
- [Amazon Web Services (AWS)](https://ttp.parzival.sh/pentesting/cloud/amazon-web-services-aws.md)
- [Microsoft Azure](https://ttp.parzival.sh/pentesting/cloud/microsoft-azure.md)
