This guide is under active development and likely contains many broken links
Introduction
The free and open source manual for cyber security.
Our intention is to compile tactics from real-world pentesting and CTF write-ups to make an exhaustive resource for expanding your cyber security knoweldge at any level. Additionally, it can and should be used as a spoiler-free reference during CTFs and practical cyber security certification exams.
Pentesting Methodology
While it makes sense for most of the methodology to occur in the order listed, some steps may be optional or occur before others.
- ๐ Organization- Setting yourself up for success
- ๐ญ Recon - Perform active and passive scans
- ๐ Access - Get initial access on your target
- ๐ PrivEsc- Upgrade privileges on your target
- ๐ฆ Infil Exfil - Upload tools or download important information
- ๐งน Cleanup - Cover your tracks
Reading this Guide
Throughout this guide commands are presented in a format intended to quickly convey the correct syntax and meaning. If warranted, certain parts of the command are clarified in a list following the command.
Here are some common shorthand used in this guide:
localhostis interchangeable with127.0.0.1(see also host machine)target,target2, etc is the IP of a target machine or machinesuseris a username for whatever you are trying to access
Contributing
If there is any information that you think this guide is missing, please consider contributing to our project.