Skip to content

nodirsafarov/offensive-security-methodology

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Offensive Security Methodology

A working methodology for ethical hacking and penetration testing engagements. Organized as a per-phase playbook, not a tutorial — open it during an engagement, not before one.

🚧 In progress. Modules are filled in incrementally as I complete labs, certifications, and real engagements.


What this is

A structured, modular reference for offensive security — covering enumeration, exploitation, post-exploitation, lateral movement, cloud, and reporting. Each module is built from:

  • Open methodologies (PTES, OWASP WSTG, MITRE ATT&CK, NIST SP 800-115, OSSTMM)
  • Public references (HackTricks, The Hacker Recipes, PayloadsAllTheThings, GTFOBins, LOLBAS)
  • My own lab notes from HackTheBox, TryHackMe, PortSwigger Web Security Academy
  • Practical experience and field-tested workflows

Every command, payload, and example is something I've actually run and verified.


How to use

If you are… Start here
New to pentesting 01-methodology-and-mindset/ — read the entire folder first
Stuck on a CTF / box Jump to the relevant module; check tools/ for tool-specific tips
Preparing for an engagement Use this as your engagement checklist — work through phases in order
Studying for a cert Pair with labs/ for guided practice

Structure

# Module Phase
01 Methodology & Mindset Foundation
02 Information Gathering Reconnaissance
03 Vulnerability Scanning Discovery
04 Cryptography Essentials Foundation
05 Web Application Attacks Exploitation
06 Client-Side Attacks Exploitation
07 Password Attacks Exploitation
08 Public Exploits Exploitation
09 Antivirus Evasion Exploitation
10 Windows Privilege Escalation Post-Exploitation
11 Linux Privilege Escalation Post-Exploitation
12 Tunneling & Pivoting Post-Exploitation
13 Metasploit Framework Tool Mastery
14 Active Directory Fundamentals AD
15 Attacking AD Authentication AD
16 Lateral Movement in AD AD
17 AWS Cloud Attacks Cloud
18 Reporting Deliverable

Plus:

  • tools/ — per-tool deep usage guides (Nmap, Burp Suite, Metasploit, sqlmap, BloodHound, etc.)
  • labs/ — practice lab plan with HTB/THM/Proving Grounds boxes per module

Conventions used in this repo

Throughout the modules:

  • 💻 = command to run
  • 🎯 = expected outcome
  • 🚩 = pitfall / common mistake
  • 📝 = note to record in your engagement notes
  • 🔗 = external reference

Severity ratings follow CVSS v3.1.


Disclaimer

All techniques documented here are for authorized testing only — your own lab, bug bounty programs within their stated scope, or engagements where you have explicit written authorization. Running these against systems you don't own or aren't authorized to test is illegal in most jurisdictions.

If you don't understand the legal context, stop and read 01-methodology-and-mindset/ before going further.


License

MIT for the original content I've written. External references retain their respective licenses (linked inline where used).


Maintained by @nodirsafarov. PRs and corrections welcome.

About

Working offensive security methodology — per-phase playbook covering recon, exploitation, post-exploitation, Active Directory, cloud, and reporting. Built on PTES, OWASP, MITRE ATT&CK + lab experience.

Topics

Resources

License

Stars

0 stars

Watchers

0 watching

Forks

Releases

No releases published

Packages

 
 
 

Contributors