Offensive Security & Pentesting
Recon → exploit → escalate → report.
Full kill-chain methodology: enumeration, exploitation, post-exploitation, pivoting, and professional reporting. Builds toward OSCP-style boxes.
Pentest Methodology
The full kill chain a professional follows: recon, scanning, enumeration, exploitation, post-exploitation, pivoting, and the report that actually gets you paid.
The Pentest Methodology
The phases of an engagement, rules of engagement, scoping, and the mindset that ties recon to root.
Reconnaissance & OSINT
Passive and active recon - whois, DNS, certificate transparency, Google dorking, and footprinting a target.
Scanning & Enumeration
Mastering nmap, service/version detection, and enumerating SMB, web, and other services for a foothold.
Exploitation & Getting a Shell
Finding and running exploits, Metasploit basics, reverse vs bind shells, and stabilizing your access.
Post-Exploitation & Looting
After the shell: situational awareness, credential harvesting, persistence concepts, and privilege escalation.
Pivoting & Lateral Movement
Using a foothold to reach internal networks - port forwarding, tunneling, and SOCKS proxies.
Reporting & Disclosure
The deliverable that matters: writing clear findings, severity (CVSS), remediation, and responsible disclosure.