A working methodology for ethical hacking and penetration testing engagements. Organized as a per-phase playbook, not a tutorial — open it during an engagement, not before one.
🚧 In progress. Modules are filled in incrementally as I complete labs, certifications, and real engagements.
A structured, modular reference for offensive security — covering enumeration, exploitation, post-exploitation, lateral movement, cloud, and reporting. Each module is built from:
- Open methodologies (PTES, OWASP WSTG, MITRE ATT&CK, NIST SP 800-115, OSSTMM)
- Public references (HackTricks, The Hacker Recipes, PayloadsAllTheThings, GTFOBins, LOLBAS)
- My own lab notes from HackTheBox, TryHackMe, PortSwigger Web Security Academy
- Practical experience and field-tested workflows
Every command, payload, and example is something I've actually run and verified.
| If you are… | Start here |
|---|---|
| New to pentesting | 01-methodology-and-mindset/ — read the entire folder first |
| Stuck on a CTF / box | Jump to the relevant module; check tools/ for tool-specific tips |
| Preparing for an engagement | Use this as your engagement checklist — work through phases in order |
| Studying for a cert | Pair with labs/ for guided practice |
| # | Module | Phase |
|---|---|---|
| 01 | Methodology & Mindset | Foundation |
| 02 | Information Gathering | Reconnaissance |
| 03 | Vulnerability Scanning | Discovery |
| 04 | Cryptography Essentials | Foundation |
| 05 | Web Application Attacks | Exploitation |
| 06 | Client-Side Attacks | Exploitation |
| 07 | Password Attacks | Exploitation |
| 08 | Public Exploits | Exploitation |
| 09 | Antivirus Evasion | Exploitation |
| 10 | Windows Privilege Escalation | Post-Exploitation |
| 11 | Linux Privilege Escalation | Post-Exploitation |
| 12 | Tunneling & Pivoting | Post-Exploitation |
| 13 | Metasploit Framework | Tool Mastery |
| 14 | Active Directory Fundamentals | AD |
| 15 | Attacking AD Authentication | AD |
| 16 | Lateral Movement in AD | AD |
| 17 | AWS Cloud Attacks | Cloud |
| 18 | Reporting | Deliverable |
Plus:
tools/— per-tool deep usage guides (Nmap, Burp Suite, Metasploit, sqlmap, BloodHound, etc.)labs/— practice lab plan with HTB/THM/Proving Grounds boxes per module
Throughout the modules:
- 💻 = command to run
- 🎯 = expected outcome
- 🚩 = pitfall / common mistake
- 📝 = note to record in your engagement notes
- 🔗 = external reference
Severity ratings follow CVSS v3.1.
All techniques documented here are for authorized testing only — your own lab, bug bounty programs within their stated scope, or engagements where you have explicit written authorization. Running these against systems you don't own or aren't authorized to test is illegal in most jurisdictions.
If you don't understand the legal context, stop and read 01-methodology-and-mindset/ before going further.
MIT for the original content I've written. External references retain their respective licenses (linked inline where used).
Maintained by @nodirsafarov. PRs and corrections welcome.