🔐
OffSec Wiki
  • Tools
    • Nim Reverse Shell
    • Webcopilot
    • ReconFTW
    • ATOR
    • ClientChecker
    • Vulnx
    • ReconAlzer
    • Bbot
    • Automation Bug Hunting
    • Kali
    • Super XRay
    • BirdAdmin
    • SAST
      • Sonar Cloud
    • WhoAmI
    • BurpSuite
    • Hashcat
    • Spray365
    • Log4j Scan
    • Bitvise
    • Linpeas
    • PimpMyKali
    • V3n0M - Scanner
    • Python-Sec-Tools
    • PowerSploit
    • OneX
    • Osmedeus
    • Omega DSToolkit
    • Vortex
    • Emp3r0r
    • Stratus
    • CryptoSteganography
    • Tyr
    • GO/Net
    • Dirhunt
    • SharpSQLPwn
    • KASM
    • CVE-2022-0995
    • Bettercap
    • Online Vuln Scanners
    • AutoRecon
    • Burp Extensions
    • Malware Samples
    • Arjun
    • GooFuzz
    • ReNgine
    • Fuxxsploider
    • AllHackingTools
    • HELK
    • Pretender - MITM
    • Spidex
    • Legion
    • F11snipe
    • DNS Shell
    • PS Recon
    • TheFatRat
    • Poiana
    • AppThreat - dep scan
    • Fruity WIFI
    • Chisel
    • PHP-Obfuscator
    • Hoaxshell
    • Veil
    • Ninjasploit
    • Egressbuster
    • IP LOGGER link
    • Rubeus
    • Reverse Shell Generator
    • PARTH
    • Psudohash
    • CredMaster
    • RedHat Security Scanner
  • Information Gathering
    • Five Stages of Ethical Hacking
    • Port Based Checks
    • NMAP Scans
      • Host Discovery
    • Firefox
    • Reconnoitre
    • Check for anonymous SMB
    • Find information about program versions
    • Fast Google Dorks Scan
    • Searchsploit
    • DNS and CERTS
    • Dirsearch
    • Curl[Banner Grabbing]
    • Recon-ng- The Metasploit of recon
    • proxy listener in burp
    • specific domain
    • Passive Recon
    • Ping Sweeper
    • Ports Recon
    • Web Recon
    • Pasive Recon
    • Website Technology
    • Threader3000
    • Dirsearch
    • Censys - DNS and CERTS
    • ThreatCop
  • Exploitation
    • Exploit Notes
    • Metasploit
      • Meterpreter listener reverse-https
    • Shells / Payloads
    • Spawn BASH
    • Netcat
    • PwnKit - CVE- 2021-4034
    • Hydra Brute Forcing
    • WFUZZ Brute Forcing
    • MySQL Interactive console
    • SQLMap
    • Redis
    • SMTP Email Shell
    • PHP Shells
    • SQL Shells
    • Oracle Padding Attack
    • WIN Shells
    • Web Shells
    • Upgrade Shell
    • Nmap nse vuln scripts
    • EvilPDF
    • BITB
    • Payload obfuscation & AV Evasion
    • SHHHHLOADER
    • PDF Obfuscation
    • CSV Injection
    • Malicious Macros
    • Eternal Blue
    • Google Dorks
    • QR code Hacking
    • TLS Attacks
    • Exploit collection
    • RevShell Generator
    • BadUSB attack vs AMSI
    • Bypass 4xx
  • Cracking
    • GPP
    • Ciphey
    • Online Tools
    • Hashes
    • Windows files
    • Pass Generator
    • John
    • crackmapexec
    • GPG
  • Enumeration
    • SMB
    • WinRM
    • SQL
    • Active Directory Enum - brief
    • GoBuster
    • DNS Enumeration
    • WebDav
    • Enumerating phpinfo.php
    • VNC
    • SMTP
    • SNMP
    • IMAP
    • Subdomains Enum
    • Windows
  • API Sec
    • API Recon
    • Passive Recon
    • Active Recon
    • Reverse Engineering an API
    • Classic Authentication Attacks
    • Token Analysis
    • Broken Object Level Authorization
    • Broken Function Level Authorization
    • Improper Assets Management
    • Mass Assignment Attacks
    • Exploiting SSRF
    • Injection Attacks
    • Evasive Maneuvers
      • Combining Techniques
  • Web Pentesting
    • JENKINS
    • OWASP top 10
    • OWASP Cheat Sheet
    • HTTP Headers
    • Webgoat
    • Access Controls Flaws
    • AJAX - DOM Injection
    • XML Injection
    • JSON Injection
    • AJAX - Silent Transaction Attacks
    • AJAX - Insecure Client Storage
    • AJAX - Dangerous Use of Eval
    • AJAX - Same Origin Policy Protection
    • Passwords
    • Off-by-One Overflows
    • Discover Clues in the HTML
    • Thread Safety Problems
    • XSS Notes
    • Phishing with XSS
    • DOM-Based XSS
    • Stored XSS Attacks
    • Cross Site Request Forgery
    • CSRF Prompt Bypass
    • CSRF Token Bypass
    • Fail Open Authentication Scheme
    • Command Injection
    • Log Spoofing
    • XPATH Injection
    • SQLi
      • Union Attacks
      • Examining the DB
        • Listing the database contents on Oracle
        • Listing the database contents on non-Oracle databases
      • Port Swigger SQLi
      • SQLi Cheatsheet
      • SQLi - fundamentals
      • String SQL Injection
      • Manual SQLi
      • noSQL injection
    • Database Backdoors
    • Zip Bomb
    • Denial of Service from Multiple Logins
    • Insecure Communication
    • Malicious File Execution
    • XML External Entity (XXE)
    • XXE Injection
    • Bypass Client Side JavaScript Validation
    • Spoof an Authentication Cookie
    • Insomnia
    • Web App Testing Methodology
    • Test for command injection
    • Check for apache home directories
    • Web App Enum
    • Broken Authentication
    • Sensitive Data Exposure
    • Broken Access
    • JWT Tokens
    • Insecure Deserialization
    • Using Components with Known Vulnerabilities
    • Insufficient Logging and Monitoring
    • LFI Wordlists
    • RFI
    • Bypass web page redirects
    • wget behind auth
    • SSRF
    • Broken Object Level Authorization
    • File Upload Attacks Explained
    • HTTP for hackers
    • OAST
    • WebSockets Hack
  • Linux
    • Bash for loops
    • Understanding /etc/passwd
    • sed
    • grep
    • Linux file recovery multiple ways
    • Bandit Wargames
    • view all files in subdirectories
    • std in, std out, std err
    • Services
    • WILDCARDS
    • Shellcode
    • tmux
    • Xvnc running as root
  • Wordpress
    • WP POCs and Exploits
    • WordPress - general stuff
    • Where uploads are stored
    • Scanning and Enumeration
    • How to Find Security Vulnerabilities
    • Spawn Shell From WP Admin Access
  • Post Exploitation
    • File Transfers
    • Creds Dumping
    • Linux
      • Password Gathering from Config Files
      • Linux Priv Esc
        • PKEXEC
      • Linux Priv Esc - TCM Course
        • System Enum
        • User Enum
        • Network Enum
        • Password Hunting
        • Automated Tools
        • Kernel Exploitation
        • Password and File Permissions
        • sudo escalation path
        • SUID Escalation
        • SUID - Environment Variables #1
        • SUID - Environmental Variables #2
        • Binary Symlinks Escalation
        • Capabilities
        • Scheduled Tasks - Cron - Path
        • CRON - Wildcards
        • CRON - File Overwrite
        • NFS Root Squashing
      • Sudo NoPasswd with Nano
      • Priv Esc with MySQL
      • Jailed Shell Escape
      • NetCat to Rev Shell
    • Windows
      • Local Priv Exploits
      • Windows Priv Esc
      • Win Priv Esc II
      • Windows Kernel Exploits
      • Win Priv Esc - TCM Course
      • Windows Process Dump
      • Impersonation
      • C2 Frameworks and Win Shells
      • Maintaining Access
      • Potato Attacks
      • Alternate Data Streams
      • Evade Defender
      • Disable Win Defender
      • PrivEsc Resources
    • Buffer Overflow
    • Cloud Priv Esc
    • LXC Privesc
  • Persistence
  • Powershell
    • Providers
    • Powershell Cheat Sheet
    • Powershell Training
    • Exfil to WebHook
    • Spawn Shell as a different user
  • RED Teaming
    • TryHackMe - Red Team Path
      • Red Team Fundamentals
        • Red Team - Fundamentals
        • Red Team Engagements
        • Red Team Threat Intel
        • Red Team OPSEC
        • Intro to C2
      • Initial Access
        • Red Team Recon
        • Weaponization
        • Password Attacks
        • Phishing
      • Post Compromise
        • The Lay of the Land
        • Enumeration
        • Windows Privilege Escalation
        • Windows Local Persistence
        • Lateral Movement and Pivoting
        • Data Exfiltration
      • Host Evasions
        • Windows Internals
        • Introduction to Windows API
        • Abusing Windows Internals
        • Introduction to Antivirus
        • AV Evasion: Shellcode
        • Obfuscation Principles
        • Signature Evasion
        • Bypassing UAC
        • Runtime Detection Evasion
        • Evading Logging and Monitoring
        • Living Off the Land
      • Network Security Evasion
        • Network Security Solutions
        • Firewalls
    • Resources
    • LOCKHEED MARTIN CHAIN
    • C2 Stuff
      • Caldera
      • Cobalt Strike
      • Covenant
      • Koadic
      • Sliver
      • Havoc
    • Tools
      • VECTR
  • Purple Teaming
  • Reverse Engineering
    • C Programming
    • Python - Connect
    • Python - Fuzz
    • Debugging -Immunity
    • Hex Codes
    • x86 Opcodes
    • Immunity
    • gdb
  • Pivoting
    • Port Forwarding/Redirection
    • SSH Tunneling
    • Proxychains
    • Sshuttle
    • HTTP Tunneling
    • Metasploit Pivoting
    • Ncat Pivoting
    • Chisel Pivoting
    • Pivot Suite
    • Tunna/Fulcrom (HTTP)
    • Socat
    • Ligolo-ng
    • Double Pivoting
    • How to proxy any tool
  • Metasploit
    • Msfvenom
    • Metasploit Console
    • Meterpreter Shell
  • Networking
    • Subnetting
    • OSI Model
    • Private IP Address
    • Common Ports and Protocols
    • MAC Address Lookup
    • IPtables
    • IPv6
  • OSINT
    • Resources
    • Tools
    • Sock Puppets
    • Search Engine Operators
    • Reverse Image Searching
    • View EXIF data
    • Identifying Geographical Locations
    • Email OSINT
    • Password OSINT
    • Username OSINT
    • Searching for People
    • Hunting Phone Numbers
    • Social Media
    • Twitter OSINT
    • Facebook OSINT
    • Instagram OSINT
    • SnapChat OSINT
    • Website OSINT
    • Wireless OSINT
    • OSINT lab
    • Phone number
    • OSINT Frameworks
  • Active Directory
    • AD PT Mindset
    • AD Lab creation
    • Physical AD Components
    • Logical AD Components
    • Exploits
    • LLMNR Poisoning - Responder
    • SMB Relay
    • Get SMB Shares
    • Gaining shell
    • IPv6 Attacks
    • Passback Attacks
    • Post-Compromise Enumeration
    • Bloodhound
    • Post Compromise Attacks
    • Token Impersonation
    • PowerUp
    • Group Policy Preferences (GPP)
    • URL file attacks
    • Print Nightmare
    • ADRecon
    • Mimikatz
    • Certifried & Bloodhound: Active Directory Certificate Services Abuse
    • Certificate Services: Domain Dominance
    • Kerberoasting
    • Kerberos: Golden Tickets
    • ZeroLogon
    • Pass-back
    • ldap enum
    • From Domain Admin to Enterprise Admin
    • Silver Ticketing
    • AS-REP Roasting
    • AD Attacks Automated Scripts
  • Cloud
    • Azure Pentesting
      • Azure AD Attacks
      • Azure Goat
    • AWS Pentesting
    • IAM protocols
    • OpenID Connect
    • SAML
    • OAuth
      • Implicit Grant Type
      • Client Credentials Grant Type
      • The Resource Owner Password Credentials (ROPC) Grant Type
      • Refresh Tokens
      • OAuth 2.1
      • Browser Based Applications
      • Native applications
      • Backend for Frontend
      • OAuth + OpenID Connect
      • Automatically configuring clients with OAuth Metadata
      • SAML & OAuth
      • Token Exchange
  • Containers
    • Docker audit
      • Docker Bench Security
      • Trivy
    • Kubernetes PT Methodologies
    • Kubernetes Tools
  • WIFI
    • Monitor Mode
    • Airo-dump + Crack
    • Wireless Pentesting
    • Wordlists
    • Crunch
  • Buffer Overflow
    • Anatomy of Memory
    • Spiking
    • Fuzzing
    • Finding the Offset
    • Overwrite the EIP
    • Finding bad characters
  • Code Review
    • CI/CD Pentesting
    • C#
    • .NET review with SonarCloud
  • Routers
    • TP-Link
  • Automotive CyberSec
    • Initial steps
    • Car hacking
    • Automotive CyberSecurity Key Concepts
    • Pentesting Methodology
    • TARA
    • Implementation Strategy for ISO/SAE 21434:2021
    • Tools
    • Resources
  • Threat Modeling
    • APT3
    • Intro to Threat Modeling
    • HowTo's
    • General Concepts / TM frameworks
    • OWASP Threat Modeling
    • Threat Modeling based on the MITRE Enterprise ATT&CK Matrix
    • STRIDE
    • PASTA
    • NIST 800-53
  • Hardware & Lock Bypassing
  • Scripting
    • Bash
  • General PT Methodology
    • General Scoping Thoughts
    • Infrastructure Scoping
    • API Scoping
    • WebApp Scoping
    • Mobile Scoping
    • Cloud Scoping
    • Kubernetes Scoping
  • Blockchain
    • Web3 Security Library
    • 5 ways to hack a Blockchain
  • Challenges
    • Network Break-In
    • Corporate Espionage
  • Flipper
    • BadUSB
  • CERTS
    • CRTP
    • OSCP
      • HTB - OSCP PREP
        • Linux Boxes
          • Bashed Writeup w/o Metasploit
          • Beep Writeup w/o Metasploit
          • Cronos Writeup w/o Metasploit
          • FriendZone Writeup w/o Metasploit
          • Irked Writeup w/o Metasploit
          • Jarvis Writeup w/o Metasploit
          • Lame Writeup w/o Metasploit
          • Magic Writeup w/o Metasploit
          • Networked Writeup w/o Metasploit
          • Nibbles Writeup w/o Metasploit
          • Nineveh Writeup w/o Metasploit
          • Node Writeup w/o Metasploit
          • Poison Writeup w/o Metasploit
          • Sense Writeup w/o Metasploit
          • Shocker Writeup w/o Metasploit
          • SolidState Writeup w/o Metasploit
          • Sunday Writeup w/o Metasploit
          • SwagShop Writeup w/o Metasploit
          • Tabby Writeup w/o Metasploit
          • TartarSauce Writeup w/o Metasploit
          • Valentine Writeup w/o Metasploit
        • Windows Boxes
          • Active Writeup w/o Metasploit
          • Arctic Writeup w/o Metasploit
          • Bastard Writeup w/o Metasploit
          • Blue Writeup w/o Metasploit
          • Bounty Writeup w/o Metasploit
          • Chatterbox Writeup w/o Metasploit
          • Conceal Writeup w/o Metasploit
          • Devel Writeup w/o Metasploit
          • Forest Writeup w/o Metasploit
          • Grandpa Writeup w/ Metasploit
          • Granny Writeup w/o and w/ Metasploit
          • Jerry Writeup w/o Metasploit
          • Legacy Writeup w/o Metasploit
          • Optimum Writeup w/o Metasploit
          • Silo Writeup w/o Metasploit
        • Harder than OSCP
          • Bart Writeup w/o Metasploit
          • DevOops Writeup w/o Metasploit
          • Falafel Writeup w/o Metasploit
          • Hawk Writeup w/o Metasploit
          • Jail Writeup w/o Metasploit
          • Jeeves Writeup w/o Metasploit
          • Kotarak Writeup w/o Metasploit
          • LaCasaDePapel Writeup w/o Metasploit
          • Lightweight Writeup w/o Metasploit
          • Netmon Writeup w/o Metasploit
          • Safe Writeup w/o Metasploit
          • Tally Writeup w/o Metasploit
        • Archetype
    • CCRTA
    • Burp Practitioner
  • Notes
    • Cert Recommendations & Paths
    • Cristian Cornea
    • PT Cheatsheets - ChronosPK
  • Hacking Kubernetes
    • Lab_01 - Running Workloads Imperatively
    • Lab_02 - The Declarative Model
    • Lab_03 - Persisting Data
    • Lab_04 - Networking
    • Lab_05 - Hardening K8s
    • Lab_06 - Hacking From the Outside
    • Lab_07 - Hacking From the Inside
    • Lab_08 - Kubernetes Post-Exploitation
    • Lab_09 - Kubernetes Post-Exploitation Part 2
    • Course Materials
    • Tools
    • Useful commands
Powered by GitBook
On this page

General PT Methodology

PreviousBashNextGeneral Scoping Thoughts

Last updated 1 year ago

General Scoping Thoughts
Infrastructure Scoping
API Scoping
WebApp Scoping
Mobile Scoping
Cloud Scoping
Kubernetes Scoping