# Pentesting Quick Reference OSCP and Beyond

## Pentesting Quick Reference OSCP and Beyond

- [Basic Tools & Techniques](https://notes.cavementech.com/pentesting-quick-reference/basic-tools-and-techniques.md)
- [Linux Basics](https://notes.cavementech.com/pentesting-quick-reference/linux-basics.md): Essential Linux for Hackers.
- [LinEnum](https://notes.cavementech.com/pentesting-quick-reference/linux-basics/linenum.md)
- [Windows Basics](https://notes.cavementech.com/pentesting-quick-reference/windows-basics.md)
- [Automating local enumeration with JAWS](https://notes.cavementech.com/pentesting-quick-reference/windows-basics/automating-local-enumeration-with-jaws.md)
- [Shells](https://notes.cavementech.com/pentesting-quick-reference/shells.md)
- [Uploading Shells/ Transferring Files](https://notes.cavementech.com/pentesting-quick-reference/uploading-shells-transferring-files.md)
- [FootPrinting](https://notes.cavementech.com/pentesting-quick-reference/footprinting.md)
- [Host Discovery](https://notes.cavementech.com/pentesting-quick-reference/host-discovery.md)
- [Scanning](https://notes.cavementech.com/pentesting-quick-reference/scanning.md): Scanning tools Cheatsheat
- [Nmap Alternatives](https://notes.cavementech.com/pentesting-quick-reference/scanning/nmap-alternatives.md)
- [Metasploit scanners](https://notes.cavementech.com/pentesting-quick-reference/scanning/metasploit-scanners.md)
- [Vulnerability assessment](https://notes.cavementech.com/pentesting-quick-reference/vulnerability-assessment.md)
- [Vulnerability Scanning using Nmap](https://notes.cavementech.com/pentesting-quick-reference/vulnerability-assessment/vulnerability-scanning-using-nmap.md)
- [Metasploit and Meterpreter](https://notes.cavementech.com/pentesting-quick-reference/metasploit-and-meterpreter.md)
- [Payloads](https://notes.cavementech.com/pentesting-quick-reference/metasploit-and-meterpreter/payloads.md)
- [Importing Nmap Scan Results Into MSF](https://notes.cavementech.com/pentesting-quick-reference/metasploit-and-meterpreter/importing-nmap-scan-results-into-msf.md)
- [Post Exploitation Modules Meterpreter](https://notes.cavementech.com/pentesting-quick-reference/metasploit-and-meterpreter/post-exploitation-modules-meterpreter.md)
- [Pivoting on Metasploit](https://notes.cavementech.com/pentesting-quick-reference/metasploit-and-meterpreter/pivoting-on-metasploit.md)
- [Persistence](https://notes.cavementech.com/pentesting-quick-reference/metasploit-and-meterpreter/persistence.md)
- [Password Hash cracking](https://notes.cavementech.com/pentesting-quick-reference/metasploit-and-meterpreter/password-hash-cracking.md)
- [Brute Forcing/ Password Cracking](https://notes.cavementech.com/pentesting-quick-reference/brute-forcing-password-cracking.md)
- [Attacking LSASS Passwords](https://notes.cavementech.com/pentesting-quick-reference/brute-forcing-password-cracking/attacking-lsass-passwords.md)
- [Credentials Hunting Windows](https://notes.cavementech.com/pentesting-quick-reference/brute-forcing-password-cracking/credentials-hunting-windows.md)
- [Credential Hunting in Linux](https://notes.cavementech.com/pentesting-quick-reference/brute-forcing-password-cracking/credential-hunting-in-linux.md)
- [Passwd, Shadow & Opasswd](https://notes.cavementech.com/pentesting-quick-reference/brute-forcing-password-cracking/passwd-shadow-and-opasswd.md)
- [Pass the Hash (PtH)](https://notes.cavementech.com/pentesting-quick-reference/brute-forcing-password-cracking/pass-the-hash-pth.md)
- [Protected Files](https://notes.cavementech.com/pentesting-quick-reference/brute-forcing-password-cracking/protected-files.md)
- [Protected Archives](https://notes.cavementech.com/pentesting-quick-reference/brute-forcing-password-cracking/protected-archives.md)
- [Password Policies](https://notes.cavementech.com/pentesting-quick-reference/brute-forcing-password-cracking/password-policies.md)
- [Password Managers](https://notes.cavementech.com/pentesting-quick-reference/brute-forcing-password-cracking/password-managers.md)
- [Breached Credentials](https://notes.cavementech.com/pentesting-quick-reference/brute-forcing-password-cracking/breached-credentials.md)
- [Mimikatz](https://notes.cavementech.com/pentesting-quick-reference/brute-forcing-password-cracking/mimikatz.md)
- [Detecting Bruteforcing](https://notes.cavementech.com/pentesting-quick-reference/brute-forcing-password-cracking/detecting-bruteforcing.md)
- [Detecting Bruteforcing with Artifacts](https://notes.cavementech.com/pentesting-quick-reference/brute-forcing-password-cracking/detecting-bruteforcing-with-artifacts.md)
- [AI Based Bruteforcing](https://notes.cavementech.com/pentesting-quick-reference/brute-forcing-password-cracking/ai-based-bruteforcing.md)
- [Linux Remote Management Protocols](https://notes.cavementech.com/pentesting-quick-reference/linux-remote-management-protocols.md)
- [Windows Remote Management Protocols](https://notes.cavementech.com/pentesting-quick-reference/windows-remote-management-protocols.md)
- [Port 20/21 - FTP Pentesting](https://notes.cavementech.com/pentesting-quick-reference/port-20-21-ftp-pentesting.md): Port 20, 21 Pentesting - FTP Exploitation
- [Port 22 SSH](https://notes.cavementech.com/pentesting-quick-reference/port-22-ssh.md)
- [Port 23 Telnet](https://notes.cavementech.com/pentesting-quick-reference/port-23-telnet.md)
- [Port 25 - SMTP](https://notes.cavementech.com/pentesting-quick-reference/port-25-smtp.md)
- [Port 53 DNS](https://notes.cavementech.com/pentesting-quick-reference/port-53-dns.md): udp
- [Port 110/995 POP3 and IMAP 146/993](https://notes.cavementech.com/pentesting-quick-reference/port-110-995-pop3-and-imap-146-993.md): By default, ports 110 and 995 are used for POP3, and ports 143 and 993 are used for IMAP.
- [Port 111 -RPC Bind](https://notes.cavementech.com/pentesting-quick-reference/port-111-rpc-bind.md)
- [Port 135 - RPC](https://notes.cavementech.com/pentesting-quick-reference/port-135-rpc.md)
- [Port 137 NetBios](https://notes.cavementech.com/pentesting-quick-reference/port-137-netbios.md): used for file and printer sharing. port 137. Netbios name 16 characters. 15 chars define name and 16th character type of service
- [Port 137, 138 UDP NMDB](https://notes.cavementech.com/pentesting-quick-reference/port-137-138-udp-nmdb.md)
- [Port 161 SNMP](https://notes.cavementech.com/pentesting-quick-reference/port-161-snmp.md): Use SNMP (application layer protocol) to obtain a list of user accounts and devices on system
- [Port 445 - SMB](https://notes.cavementech.com/pentesting-quick-reference/port-445-smb.md)
- [SMB Relay Attack](https://notes.cavementech.com/pentesting-quick-reference/port-445-smb/smb-relay-attack.md)
- [Port 1433 - MSSQL](https://notes.cavementech.com/pentesting-quick-reference/port-1433-mssql.md)
- [Port 1521 Oracle TNS](https://notes.cavementech.com/pentesting-quick-reference/port-1521-oracle-tns.md)
- [Port 1833 - MQTT](https://notes.cavementech.com/pentesting-quick-reference/port-1833-mqtt.md): Port 1883
- [Port 2049 - NFS](https://notes.cavementech.com/pentesting-quick-reference/port-2049-nfs.md)
- [Port 3306 MySQL](https://notes.cavementech.com/pentesting-quick-reference/port-3306-mysql.md)
- [Port 3389 - RDP](https://notes.cavementech.com/pentesting-quick-reference/port-3389-rdp.md)
- [Port 5985 - WINRM](https://notes.cavementech.com/pentesting-quick-reference/port-5985-winrm.md)
- [Port 632 (UDP) IPMI](https://notes.cavementech.com/pentesting-quick-reference/port-632-udp-ipmi.md)
- [Redis (6379)](https://notes.cavementech.com/pentesting-quick-reference/redis-6379.md)
- [Port 10000 Webmin](https://notes.cavementech.com/pentesting-quick-reference/port-10000-webmin.md)
- [Jenkins](https://notes.cavementech.com/pentesting-quick-reference/jenkins.md)
- [Privilege Escalation](https://notes.cavementech.com/pentesting-quick-reference/privilege-escalation.md)
- [Windows Priv esc](https://notes.cavementech.com/pentesting-quick-reference/privilege-escalation/windows-priv-esc.md)
- [Initial Enumeration](https://notes.cavementech.com/pentesting-quick-reference/privilege-escalation/windows-priv-esc/initial-enumeration.md)
- [Automated Enumeration Tools](https://notes.cavementech.com/pentesting-quick-reference/privilege-escalation/windows-priv-esc/automated-enumeration-tools.md)
- [PowerUp Privilege Escalation](https://notes.cavementech.com/pentesting-quick-reference/privilege-escalation/windows-priv-esc/automated-enumeration-tools/powerup-privilege-escalation.md)
- [PrivescCheck.ps1](https://notes.cavementech.com/pentesting-quick-reference/privilege-escalation/windows-priv-esc/automated-enumeration-tools/privesccheck.ps1.md)
- [Winpeas](https://notes.cavementech.com/pentesting-quick-reference/privilege-escalation/windows-priv-esc/automated-enumeration-tools/winpeas.md): Requires .net 4.0 on the system
- [Meterpreter Exploit Suggester](https://notes.cavementech.com/pentesting-quick-reference/privilege-escalation/windows-priv-esc/automated-enumeration-tools/meterpreter-exploit-suggester.md)
- [Windows Exploit Suggester](https://notes.cavementech.com/pentesting-quick-reference/privilege-escalation/windows-priv-esc/automated-enumeration-tools/windows-exploit-suggester.md)
- [Kernel Exploits](https://notes.cavementech.com/pentesting-quick-reference/privilege-escalation/windows-priv-esc/kernel-exploits.md)
- [Impersonating access tokens](https://notes.cavementech.com/pentesting-quick-reference/privilege-escalation/windows-priv-esc/impersonating-access-tokens.md)
- [Potato Attacks](https://notes.cavementech.com/pentesting-quick-reference/privilege-escalation/windows-priv-esc/potato-attacks.md)
- [Autoruns](https://notes.cavementech.com/pentesting-quick-reference/privilege-escalation/windows-priv-esc/autoruns.md): An autorun file that everyone can modify can be exploited
- [Registry Escalation - AlwaysInstallElevated](https://notes.cavementech.com/pentesting-quick-reference/privilege-escalation/windows-priv-esc/registry-escalation-alwaysinstallelevated.md)
- [Sheduled Tasks](https://notes.cavementech.com/pentesting-quick-reference/privilege-escalation/windows-priv-esc/sheduled-tasks.md)
- [Runas](https://notes.cavementech.com/pentesting-quick-reference/privilege-escalation/windows-priv-esc/runas.md)
- [Weak Service Permissions](https://notes.cavementech.com/pentesting-quick-reference/privilege-escalation/windows-priv-esc/weak-service-permissions.md)
- [Unquoted service path vulnerability](https://notes.cavementech.com/pentesting-quick-reference/privilege-escalation/windows-priv-esc/unquoted-service-path-vulnerability.md)
- [Print Spooler](https://notes.cavementech.com/pentesting-quick-reference/privilege-escalation/windows-priv-esc/print-spooler.md)
- [Bypassing UAC using the UACME tool](https://notes.cavementech.com/pentesting-quick-reference/privilege-escalation/windows-priv-esc/bypassing-uac-using-the-uacme-tool.md)
- [UAC Bypass: Memory Injection (Metasploit)](https://notes.cavementech.com/pentesting-quick-reference/privilege-escalation/windows-priv-esc/uac-bypass-memory-injection-metasploit.md)
- [Windows Subsystem for Linux](https://notes.cavementech.com/pentesting-quick-reference/privilege-escalation/windows-priv-esc/windows-subsystem-for-linux.md)
- [Misc](https://notes.cavementech.com/pentesting-quick-reference/privilege-escalation/windows-priv-esc/misc.md)
- [Meterpreter Kiwi plugin](https://notes.cavementech.com/pentesting-quick-reference/privilege-escalation/windows-priv-esc/meterpreter-kiwi-plugin.md)
- [Group Policy Preference](https://notes.cavementech.com/pentesting-quick-reference/privilege-escalation/windows-priv-esc/group-policy-preference.md)
- [Escalate to SYSTEM from Administrator](https://notes.cavementech.com/pentesting-quick-reference/privilege-escalation/windows-priv-esc/escalate-to-system-from-administrator.md)
- [Linux Priv esc](https://notes.cavementech.com/pentesting-quick-reference/privilege-escalation/linux-priv-esc.md)
- [Active Directory](https://notes.cavementech.com/pentesting-quick-reference/active-directory.md)
- [AD Basics](https://notes.cavementech.com/pentesting-quick-reference/active-directory/ad-basics.md)
- [AD Management Basics](https://notes.cavementech.com/pentesting-quick-reference/active-directory/ad-basics/ad-management-basics.md)
- [Initial Enumeration of  AD](https://notes.cavementech.com/pentesting-quick-reference/active-directory/initial-enumeration-of-ad.md)
- [Enumerating AD Users](https://notes.cavementech.com/pentesting-quick-reference/active-directory/initial-enumeration-of-ad/enumerating-ad-users.md)
- [Password Spraying](https://notes.cavementech.com/pentesting-quick-reference/active-directory/password-spraying.md)
- [Enumerating & Retrieving Password Policies](https://notes.cavementech.com/pentesting-quick-reference/active-directory/password-spraying/enumerating-and-retrieving-password-policies.md)
- [Password Spraying - Making a Target User List](https://notes.cavementech.com/pentesting-quick-reference/active-directory/password-spraying/password-spraying-making-a-target-user-list.md)
- [Internal Password Spraying - from Linux](https://notes.cavementech.com/pentesting-quick-reference/active-directory/password-spraying/internal-password-spraying-from-linux.md)
- [Internal Password Spraying - from Windows](https://notes.cavementech.com/pentesting-quick-reference/active-directory/password-spraying/internal-password-spraying-from-windows.md)
- [Enumerating Security Controls](https://notes.cavementech.com/pentesting-quick-reference/active-directory/password-spraying/enumerating-security-controls.md)
- [LLMNR Poisoning](https://notes.cavementech.com/pentesting-quick-reference/active-directory/llmnr-poisoning.md)
- [SMB/ NTLM Relay Attacks](https://notes.cavementech.com/pentesting-quick-reference/active-directory/smb-ntlm-relay-attacks.md)
- [IPv6 Attacks](https://notes.cavementech.com/pentesting-quick-reference/active-directory/ipv6-attacks.md)
- [IPV6 DNS takeover](https://notes.cavementech.com/pentesting-quick-reference/active-directory/ipv6-attacks/ipv6-dns-takeover.md)
- [WPAD](https://notes.cavementech.com/pentesting-quick-reference/active-directory/ipv6-attacks/wpad.md)
- [Passback Attacks](https://notes.cavementech.com/pentesting-quick-reference/active-directory/passback-attacks.md)
- [AS-REP roasting](https://notes.cavementech.com/pentesting-quick-reference/active-directory/as-rep-roasting.md)
- [AD Shell](https://notes.cavementech.com/pentesting-quick-reference/active-directory/ad-shell.md)
- [AD Enumeration](https://notes.cavementech.com/pentesting-quick-reference/active-directory/ad-enumeration.md)
- [Credentialed Enumeration - from Linux](https://notes.cavementech.com/pentesting-quick-reference/active-directory/ad-enumeration/credentialed-enumeration-from-linux.md)
- [Credentialed Enumeration - from Windows](https://notes.cavementech.com/pentesting-quick-reference/active-directory/ad-enumeration/credentialed-enumeration-from-windows.md)
- [Living off the Land](https://notes.cavementech.com/pentesting-quick-reference/active-directory/ad-enumeration/living-off-the-land.md)
- [Powershell Additional Tricks](https://notes.cavementech.com/pentesting-quick-reference/active-directory/ad-enumeration/living-off-the-land/powershell-additional-tricks.md)
- [BloodHound](https://notes.cavementech.com/pentesting-quick-reference/active-directory/ad-enumeration/bloodhound.md)
- [Plumhound](https://notes.cavementech.com/pentesting-quick-reference/active-directory/ad-enumeration/plumhound.md): bloddhound for purple and blue teams
- [Bloodhound CE](https://notes.cavementech.com/pentesting-quick-reference/active-directory/ad-enumeration/bloodhound-ce.md): How to Install Bloodhound CE on Kali. Newest Sharphound collectors only work with bloodhound CE
- [ldapdomaindump](https://notes.cavementech.com/pentesting-quick-reference/active-directory/ad-enumeration/ldapdomaindump.md): Good and easy tool for remote dumping AD stuff
- [PingCastle](https://notes.cavementech.com/pentesting-quick-reference/active-directory/ad-enumeration/pingcastle.md)
- [Post Compromise](https://notes.cavementech.com/pentesting-quick-reference/active-directory/post-compromise.md)
- [Kerberosting](https://notes.cavementech.com/pentesting-quick-reference/active-directory/post-compromise/kerberosting.md)
- [Kerberos "Double Hop" Problem](https://notes.cavementech.com/pentesting-quick-reference/active-directory/post-compromise/kerberosting/kerberos-double-hop-problem.md)
- [Pass Attacks](https://notes.cavementech.com/pentesting-quick-reference/active-directory/post-compromise/pass-attacks.md)
- [Pass the Hash](https://notes.cavementech.com/pentesting-quick-reference/active-directory/post-compromise/pass-attacks/pass-the-hash.md)
- [Pass the Ticket](https://notes.cavementech.com/pentesting-quick-reference/active-directory/post-compromise/pass-attacks/pass-the-ticket.md)
- [Pass the Ticket (PtT) from Windows](https://notes.cavementech.com/pentesting-quick-reference/active-directory/post-compromise/pass-attacks/pass-the-ticket/pass-the-ticket-ptt-from-windows.md)
- [Pass the Ticket (PtT) from Linux](https://notes.cavementech.com/pentesting-quick-reference/active-directory/post-compromise/pass-attacks/pass-the-ticket/pass-the-ticket-ptt-from-linux.md)
- [Token Impersonation](https://notes.cavementech.com/pentesting-quick-reference/active-directory/post-compromise/token-impersonation.md)
- [LNK File Attacks](https://notes.cavementech.com/pentesting-quick-reference/active-directory/post-compromise/lnk-file-attacks.md): If we have access to a share, we can put there a malicious file. On the other end we can have responder. Once the file is opened we get the hash
- [Miscellaneous Misconfigurations](https://notes.cavementech.com/pentesting-quick-reference/active-directory/post-compromise/miscellaneous-misconfigurations.md)
- [Pivoting](https://notes.cavementech.com/pentesting-quick-reference/active-directory/pivoting.md)
- [Lateral Movement](https://notes.cavementech.com/pentesting-quick-reference/active-directory/lateral-movement.md)
- [Privilege Escalation](https://notes.cavementech.com/pentesting-quick-reference/active-directory/privilege-escalation.md)
- [Access Control List (ACL) Abuse Primer](https://notes.cavementech.com/pentesting-quick-reference/active-directory/access-control-list-acl-abuse-primer.md)
- [ACL Enumeration](https://notes.cavementech.com/pentesting-quick-reference/active-directory/access-control-list-acl-abuse-primer/acl-enumeration.md)
- [ACL Abuse Tactics](https://notes.cavementech.com/pentesting-quick-reference/active-directory/access-control-list-acl-abuse-primer/acl-abuse-tactics.md)
- [DCSync](https://notes.cavementech.com/pentesting-quick-reference/active-directory/access-control-list-acl-abuse-primer/dcsync.md)
- [DCSync Example Forest HTB](https://notes.cavementech.com/pentesting-quick-reference/active-directory/access-control-list-acl-abuse-primer/dcsync/dcsync-example-forest-htb.md)
- [Post Owning Domain](https://notes.cavementech.com/pentesting-quick-reference/active-directory/post-owning-domain.md)
- [Attacking Active Directory & NTDS.dit 1](https://notes.cavementech.com/pentesting-quick-reference/active-directory/post-owning-domain/attacking-active-directory-and-ntds.dit-1.md)
- [Golden Ticket Attacks](https://notes.cavementech.com/pentesting-quick-reference/active-directory/post-owning-domain/golden-ticket-attacks.md)
- [Silver Ticket](https://notes.cavementech.com/pentesting-quick-reference/active-directory/post-owning-domain/silver-ticket.md)
- [AD Common Vulnerablities](https://notes.cavementech.com/pentesting-quick-reference/active-directory/ad-common-vulnerablities.md)
- [Bleeding Edge Vulnerabilities](https://notes.cavementech.com/pentesting-quick-reference/active-directory/bleeding-edge-vulnerabilities.md)
- [Domain Trusts](https://notes.cavementech.com/pentesting-quick-reference/active-directory/domain-trusts.md)
- [Attacking Domain Trusts - Child -> Parent Trusts - from Windows](https://notes.cavementech.com/pentesting-quick-reference/active-directory/domain-trusts/attacking-domain-trusts-child-greater-than-parent-trusts-from-windows.md)
- [Attacking Domain Trusts - Child -> Parent Trusts - from Linux](https://notes.cavementech.com/pentesting-quick-reference/active-directory/domain-trusts/attacking-domain-trusts-child-greater-than-parent-trusts-from-linux.md)
- [Attacking Domain Trusts - Cross-Forest Trust Abuse - from Windows](https://notes.cavementech.com/pentesting-quick-reference/active-directory/domain-trusts/attacking-domain-trusts-cross-forest-trust-abuse-from-windows.md)
- [Attacking Domain Trusts - Cross-Forest Trust Abuse - from Linux](https://notes.cavementech.com/pentesting-quick-reference/active-directory/domain-trusts/attacking-domain-trusts-cross-forest-trust-abuse-from-linux.md)
- [Maintaining Access](https://notes.cavementech.com/pentesting-quick-reference/active-directory/maintaining-access.md)
- [Clean Up](https://notes.cavementech.com/pentesting-quick-reference/active-directory/clean-up.md)
- [Hardening Active Directory](https://notes.cavementech.com/pentesting-quick-reference/active-directory/hardening-active-directory.md)
- [Additional AD Auditing Techniques](https://notes.cavementech.com/pentesting-quick-reference/active-directory/additional-ad-auditing-techniques.md)
- [HTB AD Enumeration & Attacks - Skills Assessment Part I](https://notes.cavementech.com/pentesting-quick-reference/active-directory/htb-ad-enumeration-and-attacks-skills-assessment-part-i.md)
- [Game of Active Directory](https://notes.cavementech.com/pentesting-quick-reference/active-directory/game-of-active-directory.md)
- [Web Pentesting](https://notes.cavementech.com/pentesting-quick-reference/web-pentesting.md)
- [Subdomains, directories and Vhost listing](https://notes.cavementech.com/pentesting-quick-reference/web-pentesting/subdomains-directories-and-vhost-listing.md)
- [Command Injection](https://notes.cavementech.com/pentesting-quick-reference/web-pentesting/command-injection.md)
- [XSS](https://notes.cavementech.com/pentesting-quick-reference/web-pentesting/xss.md)
- [SQL Injection](https://notes.cavementech.com/pentesting-quick-reference/web-pentesting/sql-injection.md)
- [Authentication Bypass](https://notes.cavementech.com/pentesting-quick-reference/web-pentesting/authentication-bypass.md)
- [Misc Vulnerabilies](https://notes.cavementech.com/pentesting-quick-reference/web-pentesting/misc-vulnerabilies.md)
- [Web Certifications](https://notes.cavementech.com/pentesting-quick-reference/web-pentesting/web-certifications.md)
- [Cryptography](https://notes.cavementech.com/pentesting-quick-reference/cryptography.md)
- [More Resources](https://notes.cavementech.com/pentesting-quick-reference/more-resources.md)
- [Forensics](https://notes.cavementech.com/pentesting-quick-reference/forensics.md): Tools for conducting image forensics
- [IoT Security](https://notes.cavementech.com/pentesting-quick-reference/iot-security.md)
- [API Security](https://notes.cavementech.com/pentesting-quick-reference/api-security.md)
- [Binary Exploitation](https://notes.cavementech.com/pentesting-quick-reference/binary-exploitation.md)
- [Assembly Cheatsheat for Hackers](https://notes.cavementech.com/pentesting-quick-reference/binary-exploitation/assembly-cheatsheat-for-hackers.md)
- [Malware Analysis](https://notes.cavementech.com/pentesting-quick-reference/binary-exploitation/malware-analysis.md)
- [Basic Static Malware Analysis](https://notes.cavementech.com/pentesting-quick-reference/binary-exploitation/malware-analysis/basic-static-malware-analysis.md)
- [Boxes/ Machines](https://notes.cavementech.com/pentesting-quick-reference/boxes-machines.md)
- [Try Hack Me](https://notes.cavementech.com/pentesting-quick-reference/boxes-machines/try-hack-me.md)
- [Vulnversity](https://notes.cavementech.com/pentesting-quick-reference/boxes-machines/try-hack-me/vulnversity.md)
- [Basic Pentesting](https://notes.cavementech.com/pentesting-quick-reference/boxes-machines/try-hack-me/basic-pentesting.md)
- [Kenobi](https://notes.cavementech.com/pentesting-quick-reference/boxes-machines/try-hack-me/kenobi.md)
- [Steel Mountain](https://notes.cavementech.com/pentesting-quick-reference/boxes-machines/try-hack-me/steel-mountain.md): Windows box, HFS
- [Malware Analysis](https://notes.cavementech.com/pentesting-quick-reference/boxes-machines/try-hack-me/malware-analysis.md)
- [Summit](https://notes.cavementech.com/pentesting-quick-reference/boxes-machines/try-hack-me/malware-analysis/summit.md): Summit tryhackme basic Malware Analysis room walkthrough
- [Telnet](https://notes.cavementech.com/pentesting-quick-reference/boxes-machines/try-hack-me/telnet.md): https://tryhackme.com/jr/telnetcve2026
- [Vulnhub](https://notes.cavementech.com/pentesting-quick-reference/boxes-machines/vulnhub.md)
- [Tiki](https://notes.cavementech.com/pentesting-quick-reference/boxes-machines/vulnhub/tiki.md)
- [HTB](https://notes.cavementech.com/pentesting-quick-reference/boxes-machines/htb.md)
- [Beep](https://notes.cavementech.com/pentesting-quick-reference/boxes-machines/htb/beep.md): Beep HTB walkthrough 2023 tested on Kali. Beep has a very large list of running services, which can make it a bit challenging to find the correct entry method.
- [Active](https://notes.cavementech.com/pentesting-quick-reference/boxes-machines/htb/active.md): Active HTB Machine walkthrough 2023. Active directory Basics.
- [Forest](https://notes.cavementech.com/pentesting-quick-reference/boxes-machines/htb/forest.md): Forest HTB 2023 Walkthrough
- [Devel](https://notes.cavementech.com/pentesting-quick-reference/boxes-machines/htb/devel.md): Devel HTB 2023 Walkthrough. Devel is relatively simple Windows machine and demonstrates the security risks associated with some default program configurations.
- [Metasploitable 2](https://notes.cavementech.com/pentesting-quick-reference/boxes-machines/metasploitable-2.md): Metasploitable 2 is a purposely vulnerable virtual machine that is designed for security testing, training, and educational purposes. Here, we have complete walkthrough of the machine.
- [PWN.COLLEGE Talking Web](https://notes.cavementech.com/pentesting-quick-reference/boxes-machines/pwn.college-talking-web.md): Complete solutions for Talking web pwn college. Complete writeup of all challenges
- [PWN COLLGE Web Hacking](https://notes.cavementech.com/pentesting-quick-reference/boxes-machines/pwn-collge-web-hacking.md): Web hacking dojo walkthrough pwn.college
- [INE](https://notes.cavementech.com/pentesting-quick-reference/boxes-machines/ine.md)
- [Host & Network Penetration Testing: System-Host Based Attacks CTF 1](https://notes.cavementech.com/pentesting-quick-reference/boxes-machines/ine/host-and-network-penetration-testing-system-host-based-attacks-ctf-1.md)
- [Host & Network Penetration Testing: System-Host Based Attacks CTF 2 - INE](https://notes.cavementech.com/pentesting-quick-reference/boxes-machines/ine/host-and-network-penetration-testing-system-host-based-attacks-ctf-2-ine.md)
- [Host & Network Penetration Testing: Network-Based Attacks CTF 1](https://notes.cavementech.com/pentesting-quick-reference/boxes-machines/ine/host-and-network-penetration-testing-network-based-attacks-ctf-1.md)
- [Host & Network Penetration Testing: The Metasploit Framework CTF 1](https://notes.cavementech.com/pentesting-quick-reference/boxes-machines/ine/host-and-network-penetration-testing-the-metasploit-framework-ctf-1.md)
- [Host & Network Penetration Testing: The Metasploit Framework CTF 2](https://notes.cavementech.com/pentesting-quick-reference/boxes-machines/ine/host-and-network-penetration-testing-the-metasploit-framework-ctf-2.md)
- [Host & Network Penetration Testing: Exploitation CTF 1](https://notes.cavementech.com/pentesting-quick-reference/boxes-machines/ine/host-and-network-penetration-testing-exploitation-ctf-1.md)
- [Host & Network Penetration Testing: Exploitation CTF 2](https://notes.cavementech.com/pentesting-quick-reference/boxes-machines/ine/host-and-network-penetration-testing-exploitation-ctf-2.md)
- [Host & Network Penetration Testing: Exploitation CTF 3](https://notes.cavementech.com/pentesting-quick-reference/boxes-machines/ine/host-and-network-penetration-testing-exploitation-ctf-3.md)
- [Host & Network Penetration Testing: Post-Exploitation CTF 1](https://notes.cavementech.com/pentesting-quick-reference/boxes-machines/ine/host-and-network-penetration-testing-post-exploitation-ctf-1.md)
- [Host & Network Penetration Testing: Post-Exploitation CTF 2](https://notes.cavementech.com/pentesting-quick-reference/boxes-machines/ine/host-and-network-penetration-testing-post-exploitation-ctf-2.md)
- [Private Challenges](https://notes.cavementech.com/pentesting-quick-reference/private-challenges.md)
- [Pwn](https://notes.cavementech.com/pentesting-quick-reference/private-challenges/pwn.md)
- [Forensics](https://notes.cavementech.com/pentesting-quick-reference/private-challenges/forensics.md)
- [Misc tools](https://notes.cavementech.com/pentesting-quick-reference/misc-tools.md)
- [NetExec](https://notes.cavementech.com/pentesting-quick-reference/misc-tools/netexec.md): crack map exec alternative
- [Clearing Tracks](https://notes.cavementech.com/pentesting-quick-reference/clearing-tracks.md)
- [SOC Analyst Resources](https://notes.cavementech.com/pentesting-quick-reference/soc-analyst-resources.md)
- [OSCP Tips and Misc](https://notes.cavementech.com/pentesting-quick-reference/oscp-tips-and-misc.md)
- [Buffer Overflow](https://notes.cavementech.com/pentesting-quick-reference/buffer-overflow.md): Easy practical examples for buffer overflow for beginners
- [Linux Vulnerabilities](https://notes.cavementech.com/pentesting-quick-reference/linux-vulnerabilities.md)
- [Different Applications  Vulnerabilities](https://notes.cavementech.com/pentesting-quick-reference/different-applications-vulnerabilities.md)
- [WebDAV](https://notes.cavementech.com/pentesting-quick-reference/different-applications-vulnerabilities/webdav.md)
- [Web3 and Blockchain Security](https://notes.cavementech.com/pentesting-quick-reference/web3-and-blockchain-security.md)
- [WIFI Hacking](https://notes.cavementech.com/pentesting-quick-reference/wifi-hacking.md)
- [Misc Tricks](https://notes.cavementech.com/pentesting-quick-reference/misc-tricks.md)
- [CTF Writeups](https://notes.cavementech.com/pentesting-quick-reference/ctf-writeups.md)
- [Social Engineering](https://notes.cavementech.com/pentesting-quick-reference/social-engineering.md)
- [Mobile Hacking](https://notes.cavementech.com/pentesting-quick-reference/mobile-hacking/mobile-hacking.md)
- [Extracting APIs from Mobile applications](https://notes.cavementech.com/pentesting-quick-reference/mobile-hacking/extracting-apis-from-mobile-applications.md)
- [AWS](https://notes.cavementech.com/pentesting-quick-reference/cloud-pentesting/aws.md)
- [AI Based Pentesting tools](https://notes.cavementech.com/pentesting-quick-reference/ai-pentesting/ai-based-pentesting-tools.md)
- [OT Security Labs](https://notes.cavementech.com/pentesting-quick-reference/ot-security/ot-security-labs.md)
- [M5StickC](https://notes.cavementech.com/pentesting-quick-reference/ot-security/m5stickc.md)


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on a page URL with the `ask` query parameter:
```
GET https://notes.cavementech.com/pentesting-quick-reference/basic-tools-and-techniques.md?ask=<question>
```
The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.