# Notes - [Enumeration](/notes/my-certifications/cpts/notes/enumeration.md) - [Enum Cheklist](/notes/my-certifications/cpts/notes/enumeration/enum-checklist.md) - [Initial Enumeration](/notes/my-certifications/cpts/notes/enumeration/initial-enumeration.md) - [Nmap](/notes/my-certifications/cpts/notes/nmap.md) - [Nmap Full Flag](/notes/my-certifications/cpts/notes/nmap/nmap-full-flag.md) - [Protocol Scan](/notes/my-certifications/cpts/notes/nmap/protocol-scan.md) - [Scan-network-with-nmap](/notes/my-certifications/cpts/notes/nmap/scan-network-with-nmap.md) - [Attacking Common Applications](/notes/my-certifications/cpts/notes/attacking-common-applications.md) - [1.Content Management Systems (CMS)](/notes/my-certifications/cpts/notes/attacking-common-applications/1.content-management-systems-cms.md) - [1.-Wordpress-discovery-and-enumeration](/notes/my-certifications/cpts/notes/attacking-common-applications/1.content-management-systems-cms/1.-wordpress-discovery-and-enumeration.md) - [2.-Attacking-wordpress](/notes/my-certifications/cpts/notes/attacking-common-applications/1.content-management-systems-cms/2.-attacking-wordpress.md) - [3.-Joomla-discovery-and-enumeration](/notes/my-certifications/cpts/notes/attacking-common-applications/1.content-management-systems-cms/3.-joomla-discovery-and-enumeration.md) - [4.-Attacking-joomla](/notes/my-certifications/cpts/notes/attacking-common-applications/1.content-management-systems-cms/4.-attacking-joomla.md) - [5.-Drupal-discovery-and-enumeration](/notes/my-certifications/cpts/notes/attacking-common-applications/1.content-management-systems-cms/5.-drupal-discovery-and-enumeration.md) - [6.-Attacking-drupal](/notes/my-certifications/cpts/notes/attacking-common-applications/1.content-management-systems-cms/6.-attacking-drupal.md) - [2. Servlet Containers and Software Development](/notes/my-certifications/cpts/notes/attacking-common-applications/2.-servlet-containers-and-software-development.md) - [10.-Attacking-jenkins](/notes/my-certifications/cpts/notes/attacking-common-applications/2.-servlet-containers-and-software-development/10.-attacking-jenkins.md) - [7.-Tomcat-discovery-and-enumeration](/notes/my-certifications/cpts/notes/attacking-common-applications/2.-servlet-containers-and-software-development/7.-tomcat-discovery-and-enumeration.md) - [8.-Attacking-tomcat](/notes/my-certifications/cpts/notes/attacking-common-applications/2.-servlet-containers-and-software-development/8.-attacking-tomcat.md) - [Attacking Jenkins - Focused Commands & Key Points](/notes/my-certifications/cpts/notes/attacking-common-applications/2.-servlet-containers-and-software-development/9.-jenkins-discovery-and-enumeration.md) - [3. Infrastructure and Network Monitoring Tools](/notes/my-certifications/cpts/notes/attacking-common-applications/3.-infrastructure-and-network-monitoring-tools.md) - [11.-Aplunk-discovery-and-enumeration](/notes/my-certifications/cpts/notes/attacking-common-applications/3.-infrastructure-and-network-monitoring-tools/11.-splunk-discovery-and-enumeration.md) - [12.-Attacking-splunk](/notes/my-certifications/cpts/notes/attacking-common-applications/3.-infrastructure-and-network-monitoring-tools/12.-attacking-splunk.md) - [13.Prtg-network-monitor](/notes/my-certifications/cpts/notes/attacking-common-applications/3.-infrastructure-and-network-monitoring-tools/13.prtg-network-monitor.md) - [4. Customer Service Mgmt & Configuration Management](/notes/my-certifications/cpts/notes/attacking-common-applications/4.-customer-service-mgmt-and-configuration-management.md) - [14.-Osticket](/notes/my-certifications/cpts/notes/attacking-common-applications/4.-customer-service-mgmt-and-configuration-management/14.-osticket.md) - [15.Gitlab-discovery-and-enumeration](/notes/my-certifications/cpts/notes/attacking-common-applications/4.-customer-service-mgmt-and-configuration-management/15.gitlab-discovery-and-enumeration.md) - [16.-Attacking-gitlab](/notes/my-certifications/cpts/notes/attacking-common-applications/4.-customer-service-mgmt-and-configuration-management/16.-attacking-gitlab.md) - [5. Common Gateway Interfaces](/notes/my-certifications/cpts/notes/attacking-common-applications/5.-common-gateway-interfaces.md) - [17.-Attacking-tomcat-cgi](/notes/my-certifications/cpts/notes/attacking-common-applications/5.-common-gateway-interfaces/17.-attacking-tomcat-cgi.md) - [18.-Attacking-cgi-applications-shellshock](/notes/my-certifications/cpts/notes/attacking-common-applications/5.-common-gateway-interfaces/18.-attacking-cgi-applications-shellshock.md) - [6. Thick Client Applications](/notes/my-certifications/cpts/notes/attacking-common-applications/6.-thick-client-applications.md) - [19.-Attacking-thick-client-applications](/notes/my-certifications/cpts/notes/attacking-common-applications/6.-thick-client-applications/19.-attacking-thick-client-applications.md) - [20.Exploiting-web-vulnerabilities-in-thick-client-applications](/notes/my-certifications/cpts/notes/attacking-common-applications/6.-thick-client-applications/20.exploiting-web-vulnerabilities-in-thick-client-applications.md) - [7. Miscellaneous Applications](/notes/my-certifications/cpts/notes/attacking-common-applications/7.-miscellaneous-applications.md) - [21.-Coldfusion-discovery-and-enumeration](/notes/my-certifications/cpts/notes/attacking-common-applications/7.-miscellaneous-applications/21.-coldfusion-discovery-and-enumeration.md) - [ColdFusion Exploitation Guide](/notes/my-certifications/cpts/notes/attacking-common-applications/7.-miscellaneous-applications/22.attacking-coldfusion.md) - [23.-IIS-tilde-enumeration](/notes/my-certifications/cpts/notes/attacking-common-applications/7.-miscellaneous-applications/23.-iis-tilde-enumeration.md) - [24.Attacking-ldap](/notes/my-certifications/cpts/notes/attacking-common-applications/7.-miscellaneous-applications/24.attacking-ldap.md) - [25.-Web-mass-assignment-vulnerabilities](/notes/my-certifications/cpts/notes/attacking-common-applications/7.-miscellaneous-applications/25.-web-mass-assignment-vulnerabilities.md) - [26.Attacking-applications-connecting-to-services](/notes/my-certifications/cpts/notes/attacking-common-applications/7.-miscellaneous-applications/26.attacking-applications-connecting-to-services.md) - [27.Other-notable-applications](/notes/my-certifications/cpts/notes/attacking-common-applications/7.-miscellaneous-applications/27.other-notable-applications.md) - [8. Closing Out](/notes/my-certifications/cpts/notes/attacking-common-applications/8.-closing-out.md) - [28.Application-hardening](/notes/my-certifications/cpts/notes/attacking-common-applications/8.-closing-out/28.application-hardening.md) - [Attacking Common Services](/notes/my-certifications/cpts/notes/attacking-common-services.md) - [1.Protocol-specific-attacks](/notes/my-certifications/cpts/notes/attacking-common-services/1.protocol-specific-attacks.md) - [2.FTP](/notes/my-certifications/cpts/notes/attacking-common-services/2.ftp.md) - [3.SMB](/notes/my-certifications/cpts/notes/attacking-common-services/3.smb.md) - [4.SQL-databases](/notes/my-certifications/cpts/notes/attacking-common-services/4.sql-databases.md) - [5.RDP](/notes/my-certifications/cpts/notes/attacking-common-services/5.rdp.md) - [6.DNS](/notes/my-certifications/cpts/notes/attacking-common-services/6.dns.md) - [7.SMTP](/notes/my-certifications/cpts/notes/attacking-common-services/7.smtp.md) - [Active Directory Enumeration & Attacks](/notes/my-certifications/cpts/notes/active-directory-enumeration-and-attacks.md) - [0. AD Pentest](/notes/my-certifications/cpts/notes/active-directory-enumeration-and-attacks/0.-ad-pentest.md) - [Quick Guide To AD Pentesting](/notes/my-certifications/cpts/notes/active-directory-enumeration-and-attacks/0.-ad-pentest/quick-guide-to-ad-pentesting.md) - [Active Directory: Full Attack Name](/notes/my-certifications/cpts/notes/active-directory-enumeration-and-attacks/0.-ad-pentest/active-directory-full-attack-name.md) - [Active Directory Advanced Concepts](/notes/my-certifications/cpts/notes/active-directory-enumeration-and-attacks/0.-ad-pentest/active-directory-advanced-concepts.md) - [Active Directory Delegation](/notes/my-certifications/cpts/notes/active-directory-enumeration-and-attacks/0.-ad-pentest/active-directory-delegation.md) - [Beyond-Active-Directory](/notes/my-certifications/cpts/notes/active-directory-enumeration-and-attacks/0.-ad-pentest/beyond-active-directory.md) - [1.Initial Enumeration](/notes/my-certifications/cpts/notes/active-directory-enumeration-and-attacks/1.initial-enumeration.md) - [1.External Recon and Enumeration Principles](/notes/my-certifications/cpts/notes/active-directory-enumeration-and-attacks/1.initial-enumeration/1.external-recon-and-enumeration-principles.md) - [1.initial-enumeration-of-the-domain](/notes/my-certifications/cpts/notes/active-directory-enumeration-and-attacks/1.initial-enumeration/2.initial-enumeration-of-the-domain.md) - [Active-Directory-Basic-Command](/notes/my-certifications/cpts/notes/active-directory-enumeration-and-attacks/1.initial-enumeration/active-directory-basic-command.md) - [2.Sniffing out a Foothold](/notes/my-certifications/cpts/notes/active-directory-enumeration-and-attacks/2.sniffing-out-a-foothold.md) - [3. LLMNR-NBT-NS Poisoning - from Linux](/notes/my-certifications/cpts/notes/active-directory-enumeration-and-attacks/2.sniffing-out-a-foothold/3.-llmnr-nbt-ns-poisoning-from-linux.md) - [4.LLMNR-NBT-NS Poisoning - from Windows](/notes/my-certifications/cpts/notes/active-directory-enumeration-and-attacks/2.sniffing-out-a-foothold/4.llmnr-nbt-ns-poisoning-from-windows.md) - [3.Sighting In, Hunting For A User](/notes/my-certifications/cpts/notes/active-directory-enumeration-and-attacks/3.sighting-in-hunting-for-a-user.md) - [5.Password Spraying Overview](/notes/my-certifications/cpts/notes/active-directory-enumeration-and-attacks/3.sighting-in-hunting-for-a-user/5.password-spraying-overview.md) - [6.Enumerating & Retrieving Password Policies](/notes/my-certifications/cpts/notes/active-directory-enumeration-and-attacks/3.sighting-in-hunting-for-a-user/6.enumerating-and-retrieving-password-policies.md) - [7.Password Spraying - Making a Target User List](/notes/my-certifications/cpts/notes/active-directory-enumeration-and-attacks/3.sighting-in-hunting-for-a-user/7.password-spraying-making-a-target-user-list.md) - [4.Spray Responsibly](/notes/my-certifications/cpts/notes/active-directory-enumeration-and-attacks/4.spray-responsibly.md) - [8. Internal Password Spraying - from Linux](/notes/my-certifications/cpts/notes/active-directory-enumeration-and-attacks/4.spray-responsibly/8.-internal-password-spraying-from-linux.md) - [9.Internal Password Spraying - from Windows](/notes/my-certifications/cpts/notes/active-directory-enumeration-and-attacks/4.spray-responsibly/9.internal-password-spraying-from-windows.md) - [5.Deeper Down the Rabbit Hole](/notes/my-certifications/cpts/notes/active-directory-enumeration-and-attacks/5.deeper-down-the-rabbit-hole.md) - [10. Enumerating Security Controls](/notes/my-certifications/cpts/notes/active-directory-enumeration-and-attacks/5.deeper-down-the-rabbit-hole/10.-enumerating-security-controls.md) - [11. Credentialed Enumeration - from Linux](/notes/my-certifications/cpts/notes/active-directory-enumeration-and-attacks/5.deeper-down-the-rabbit-hole/11.-credentialed-enumeration-from-linux.md) - [12.Credentialed Enumeration - from Windows](/notes/my-certifications/cpts/notes/active-directory-enumeration-and-attacks/5.deeper-down-the-rabbit-hole/12.credentialed-enumeration-from-windows.md) - [13. Living Off the Land](/notes/my-certifications/cpts/notes/active-directory-enumeration-and-attacks/5.deeper-down-the-rabbit-hole/13.-living-off-the-land.md) - [6.Cooking with Fire](/notes/my-certifications/cpts/notes/active-directory-enumeration-and-attacks/6.cooking-with-fire.md) - [14.Kerberoasting - from Linux](/notes/my-certifications/cpts/notes/active-directory-enumeration-and-attacks/6.cooking-with-fire/14.kerberoasting-from-linux.md) - [15. Kerberoasting - from Windows](/notes/my-certifications/cpts/notes/active-directory-enumeration-and-attacks/6.cooking-with-fire/15.-kerberoasting-from-windows.md) - [Kerberoasting Attack Step by Step Guide](/notes/my-certifications/cpts/notes/active-directory-enumeration-and-attacks/6.cooking-with-fire/kerberoasting-attack-step-by-step-guide.md) - [Kerberoasting Attack Step by Step Guide](/notes/my-certifications/cpts/notes/active-directory-enumeration-and-attacks/6.cooking-with-fire/kerberoasting-attack-steps-and-commands.md) - [7.An ACE in the Hole](/notes/my-certifications/cpts/notes/active-directory-enumeration-and-attacks/7.an-ace-in-the-hole.md) - [16.Access Control List (ACL) Abuse Primer](/notes/my-certifications/cpts/notes/active-directory-enumeration-and-attacks/7.an-ace-in-the-hole/16.access-control-list-acl-abuse-primer.md) - [17. ACL Enumeration](/notes/my-certifications/cpts/notes/active-directory-enumeration-and-attacks/7.an-ace-in-the-hole/17.-acl-enumeration.md) - [18. ACL Abuse Tactics](/notes/my-certifications/cpts/notes/active-directory-enumeration-and-attacks/7.an-ace-in-the-hole/18.-acl-abuse-tactics.md) - [19. DCSync](/notes/my-certifications/cpts/notes/active-directory-enumeration-and-attacks/7.an-ace-in-the-hole/19.-dcsync.md) - [8.Stacking The Deck](/notes/my-certifications/cpts/notes/active-directory-enumeration-and-attacks/8.stacking-the-deck.md) - [20.Privileged Access](/notes/my-certifications/cpts/notes/active-directory-enumeration-and-attacks/8.stacking-the-deck/20.privileged-access.md) - [21.Kerberos Double Hop Problem](/notes/my-certifications/cpts/notes/active-directory-enumeration-and-attacks/8.stacking-the-deck/21.kerberos-double-hop-problem.md) - [22.Bleeding Edge Vulnerabilities](/notes/my-certifications/cpts/notes/active-directory-enumeration-and-attacks/8.stacking-the-deck/22.bleeding-edge-vulnerabilities.md) - [23.Miscellaneous Misconfigurations](/notes/my-certifications/cpts/notes/active-directory-enumeration-and-attacks/8.stacking-the-deck/23.miscellaneous-misconfigurations.md) - [9.Why So Trusting](/notes/my-certifications/cpts/notes/active-directory-enumeration-and-attacks/9.why-so-trusting.md) - [24.Domain Trusts Primer](/notes/my-certifications/cpts/notes/active-directory-enumeration-and-attacks/9.why-so-trusting/24.domain-trusts-primer.md) - [25.Attacking Domain Trusts - Child - Parent Trusts - from Windows](/notes/my-certifications/cpts/notes/active-directory-enumeration-and-attacks/9.why-so-trusting/25.attacking-domain-trusts-child-parent-trusts-from-windows.md) - [26. Attacking Domain Trusts - Child - Parent Trusts - from Linux](/notes/my-certifications/cpts/notes/active-directory-enumeration-and-attacks/9.why-so-trusting/26.-attacking-domain-trusts-child-parent-trusts-from-linux.md) - [10.Breaking Down Boundaries](/notes/my-certifications/cpts/notes/active-directory-enumeration-and-attacks/10.breaking-down-boundaries.md) - [27.Attacking Domain Trusts - Cross-Forest Trust Abuse - from Windows](/notes/my-certifications/cpts/notes/active-directory-enumeration-and-attacks/10.breaking-down-boundaries/27.attacking-domain-trusts-cross-forest-trust-abuse-from-windows.md) - [28.Attacking Domain Trusts - Cross-Forest Trust Abuse - from Linux](/notes/my-certifications/cpts/notes/active-directory-enumeration-and-attacks/10.breaking-down-boundaries/28.attacking-domain-trusts-cross-forest-trust-abuse-from-linux.md) - [11.Defensive Considerations](/notes/my-certifications/cpts/notes/active-directory-enumeration-and-attacks/11.defensive-considerations.md) - [29.Hardening-active-directory](/notes/my-certifications/cpts/notes/active-directory-enumeration-and-attacks/11.defensive-considerations/29.hardening-active-directory.md) - [30.Additional AD Auditing Techniques](/notes/my-certifications/cpts/notes/active-directory-enumeration-and-attacks/11.defensive-considerations/30.additional-ad-auditing-techniques.md) - [Linux Privilege Escalation](/notes/my-certifications/cpts/notes/linux-privilege-escalation.md) - [Linux-hardening](/notes/my-certifications/cpts/notes/linux-privilege-escalation/linux-hardening.md) - [Linux-priv-esc-to-quick-check-the-system](/notes/my-certifications/cpts/notes/linux-privilege-escalation/linux-priv-esc-to-quick-check-the-system.md) - [1.Information Gathering](/notes/my-certifications/cpts/notes/linux-privilege-escalation/linux-priv-esc-to-quick-check-the-system/1.information-gathering.md) - [1.Environment-enumeration](/notes/my-certifications/cpts/notes/linux-privilege-escalation/linux-priv-esc-to-quick-check-the-system/1.environment-enumeration.md) - [2.Linux-services-and-internals-enumeration](/notes/my-certifications/cpts/notes/linux-privilege-escalation/linux-priv-esc-to-quick-check-the-system/2.linux-services-and-internals-enumeration.md) - [3.Credential-hunting](/notes/my-certifications/cpts/notes/linux-privilege-escalation/linux-priv-esc-to-quick-check-the-system/3.credential-hunting.md) - [2.Environment-based Privilege Escalation](/notes/my-certifications/cpts/notes/linux-privilege-escalation/2.environment-based-privilege-escalation.md) - [4.Path-abuse](/notes/my-certifications/cpts/notes/linux-privilege-escalation/2.environment-based-privilege-escalation/4.path-abuse.md) - [5.Wildcard-abuse](/notes/my-certifications/cpts/notes/linux-privilege-escalation/2.environment-based-privilege-escalation/5.wildcard-abuse.md) - [6.Escaping-restricted-shells](/notes/my-certifications/cpts/notes/linux-privilege-escalation/2.environment-based-privilege-escalation/6.escaping-restricted-shells.md) - [3.Permissions-based Privilege Escalation](/notes/my-certifications/cpts/notes/linux-privilege-escalation/3.permissions-based-privilege-escalation.md) - [10.Capabilities](/notes/my-certifications/cpts/notes/linux-privilege-escalation/3.permissions-based-privilege-escalation/10.capabilities.md) - [7.-Special-permissions](/notes/my-certifications/cpts/notes/linux-privilege-escalation/3.permissions-based-privilege-escalation/7.-special-permissions.md) - [8.Sudo-rights-abuse](/notes/my-certifications/cpts/notes/linux-privilege-escalation/3.permissions-based-privilege-escalation/8.sudo-rights-abuse.md) - [9.Privileged-groups](/notes/my-certifications/cpts/notes/linux-privilege-escalation/3.permissions-based-privilege-escalation/9.privileged-groups.md) - [4.Service-based Privilege Escalation](/notes/my-certifications/cpts/notes/linux-privilege-escalation/4.service-based-privilege-escalation.md) - [11.Vulnerable-services](/notes/my-certifications/cpts/notes/linux-privilege-escalation/4.service-based-privilege-escalation/11.vulnerable-services.md) - [12.Cron-job-abuse](/notes/my-certifications/cpts/notes/linux-privilege-escalation/4.service-based-privilege-escalation/12.cron-job-abuse.md) - [LXC Privilege Escalation Techniques](/notes/my-certifications/cpts/notes/linux-privilege-escalation/4.service-based-privilege-escalation/13.-lxd.md) - [14.-Docker](/notes/my-certifications/cpts/notes/linux-privilege-escalation/4.service-based-privilege-escalation/14.-docker.md) - [15.Kubernetes](/notes/my-certifications/cpts/notes/linux-privilege-escalation/4.service-based-privilege-escalation/15.kubernetes.md) - [16.Logrotate](/notes/my-certifications/cpts/notes/linux-privilege-escalation/4.service-based-privilege-escalation/16.logrotate.md) - [17.Miscellaneous-techniques](/notes/my-certifications/cpts/notes/linux-privilege-escalation/4.service-based-privilege-escalation/17.miscellaneous-techniques.md) - [5.Linux Internals-based Privilege Escalation](/notes/my-certifications/cpts/notes/linux-privilege-escalation/5.linux-internals-based-privilege-escalation.md) - [18.Kernel-exploits](/notes/my-certifications/cpts/notes/linux-privilege-escalation/5.linux-internals-based-privilege-escalation/18.kernel-exploits.md) - [19.Shared-libraries](/notes/my-certifications/cpts/notes/linux-privilege-escalation/5.linux-internals-based-privilege-escalation/19.shared-libraries.md) - [20.Shared-object-hijacking](/notes/my-certifications/cpts/notes/linux-privilege-escalation/5.linux-internals-based-privilege-escalation/20.-shared-object-hijacking.md) - [21.Python-library-hijacking](/notes/my-certifications/cpts/notes/linux-privilege-escalation/5.linux-internals-based-privilege-escalation/21.python-library-hijacking.md) - [6.Recent 0-Days](/notes/my-certifications/cpts/notes/linux-privilege-escalation/6.recent-0-days.md) - [22.Sudo](/notes/my-certifications/cpts/notes/linux-privilege-escalation/6.recent-0-days/22.sudo.md) - [23.Polkit](/notes/my-certifications/cpts/notes/linux-privilege-escalation/6.recent-0-days/23.polkit.md) - [24.Dirty-pipe](/notes/my-certifications/cpts/notes/linux-privilege-escalation/6.recent-0-days/24.dirty-pipe.md) - [25.Netfilter](/notes/my-certifications/cpts/notes/linux-privilege-escalation/6.recent-0-days/25.netfilter.md) - [Windows Privilege Escalation](/notes/my-certifications/cpts/notes/windows-privilege-escalation.md) - [Priv-Esc](/notes/my-certifications/cpts/notes/windows-privilege-escalation/priv-esc.md) - [1.Getting the Lay of the Land](/notes/my-certifications/cpts/notes/windows-privilege-escalation/1.getting-the-lay-of-the-land.md) - [1.Situational-awareness](/notes/my-certifications/cpts/notes/windows-privilege-escalation/1.getting-the-lay-of-the-land/1.situational-awareness.md) - [2.Initial-enumeration](/notes/my-certifications/cpts/notes/windows-privilege-escalation/1.getting-the-lay-of-the-land/2.initial-enumeration.md) - [3.Communication-with-processes](/notes/my-certifications/cpts/notes/windows-privilege-escalation/1.getting-the-lay-of-the-land/3.communication-with-processes.md) - [2.Windows User Privileges](/notes/my-certifications/cpts/notes/windows-privilege-escalation/2.windows-user-privileges.md) - [4.windows-privileges-overview](/notes/my-certifications/cpts/notes/windows-privilege-escalation/2.windows-user-privileges/4.windows-privileges-overview.md) - [5.Seimpersonate-and-seassignprimarytoken](/notes/my-certifications/cpts/notes/windows-privilege-escalation/2.windows-user-privileges/5.seimpersonate-and-seassignprimarytoken.md) - [6.Sedebugprivilege](/notes/my-certifications/cpts/notes/windows-privilege-escalation/2.windows-user-privileges/6.-sedebugprivilege.md) - [Exploiting SeTakeOwnershipPrivilege](/notes/my-certifications/cpts/notes/windows-privilege-escalation/2.windows-user-privileges/7.-setakeownershipprivilege.md) - [3.Windows Group Privileges](/notes/my-certifications/cpts/notes/windows-privilege-escalation/3.windows-group-privileges.md) - [10.DNSadmins](/notes/my-certifications/cpts/notes/windows-privilege-escalation/3.windows-group-privileges/10.dnsadmins.md) - [11.Hyper-v-administrators](/notes/my-certifications/cpts/notes/windows-privilege-escalation/3.windows-group-privileges/11.-hyper-v-administrators.md) - [Key Concepts:](/notes/my-certifications/cpts/notes/windows-privilege-escalation/3.windows-group-privileges/12.-print-operators.md) - [Key Concepts:](/notes/my-certifications/cpts/notes/windows-privilege-escalation/3.windows-group-privileges/13.server-operators.md) - [8.Windows-built-in-groups](/notes/my-certifications/cpts/notes/windows-privilege-escalation/3.windows-group-privileges/8.-windows-built-in-groups.md) - [Exploiting Event Log Readers Group for Security Log Access](/notes/my-certifications/cpts/notes/windows-privilege-escalation/3.windows-group-privileges/9.event-log-readers.md) - [4.Attacking the OS](/notes/my-certifications/cpts/notes/windows-privilege-escalation/4.attacking-the-os.md) - [14.User-account-control](/notes/my-certifications/cpts/notes/windows-privilege-escalation/4.attacking-the-os/14.user-account-control.md) - [15.Weak-permissions](/notes/my-certifications/cpts/notes/windows-privilege-escalation/4.attacking-the-os/15.weak-permissions.md) - [16.Kernel-exploits](/notes/my-certifications/cpts/notes/windows-privilege-escalation/4.attacking-the-os/16.kernel-exploits.md) - [17.Vulnerable-services](/notes/my-certifications/cpts/notes/windows-privilege-escalation/4.attacking-the-os/17.vulnerable-services.md) - [18.DLL-injection](/notes/my-certifications/cpts/notes/windows-privilege-escalation/4.attacking-the-os/18.dll-injection.md) - [5.Credential Theft](/notes/my-certifications/cpts/notes/windows-privilege-escalation/5.credential-theft.md) - [19.Credential-hunting](/notes/my-certifications/cpts/notes/windows-privilege-escalation/5.credential-theft/19.credential-hunting.md) - [20.Other-files](/notes/my-certifications/cpts/notes/windows-privilege-escalation/5.credential-theft/20.-other-files.md) - [21.Further-credential-theft](/notes/my-certifications/cpts/notes/windows-privilege-escalation/5.credential-theft/21.further-credential-theft.md) - [6.Restricted Environments](/notes/my-certifications/cpts/notes/windows-privilege-escalation/6.restricted-environments.md) - [22.-Citrix-breakout](/notes/my-certifications/cpts/notes/windows-privilege-escalation/6.restricted-environments/22.-citrix-breakout.md) - [7.Additional Techniques](/notes/my-certifications/cpts/notes/windows-privilege-escalation/7.additional-techniques.md) - [23.Interacting-with-users](/notes/my-certifications/cpts/notes/windows-privilege-escalation/7.additional-techniques/23.-interacting-with-users.md) - [24.Pillaging](/notes/my-certifications/cpts/notes/windows-privilege-escalation/7.additional-techniques/24.pillaging.md) - [25.Miscellaneous-techniques](/notes/my-certifications/cpts/notes/windows-privilege-escalation/7.additional-techniques/25.miscellaneous-techniques.md) - [8.Dealing with End of Life Systems](/notes/my-certifications/cpts/notes/windows-privilege-escalation/8.dealing-with-end-of-life-systems.md) - [Key Points:](/notes/my-certifications/cpts/notes/windows-privilege-escalation/8.dealing-with-end-of-life-systems/26.-legacy-operating-systems.md) - [27.windows-server](/notes/my-certifications/cpts/notes/windows-privilege-escalation/8.dealing-with-end-of-life-systems/27.windows-server.md) - [28.windows-desktop-versions](/notes/my-certifications/cpts/notes/windows-privilege-escalation/8.dealing-with-end-of-life-systems/28.windows-desktop-versions.md) - [Server-side Attacks](/notes/my-certifications/cpts/notes/server-side-attacks.md) - [Server-side-vulnerabilities](/notes/my-certifications/cpts/notes/server-side-attacks/server-side-vulnerabilities.md) - [Web Attacks](/notes/my-certifications/cpts/notes/web-attacks.md) - [1.-HTTP-verb-tampering](/notes/my-certifications/cpts/notes/web-attacks/1.-http-verb-tampering.md) - [2.-Insecure-direct-object-references-idor](/notes/my-certifications/cpts/notes/web-attacks/2.-insecure-direct-object-references-idor.md) - [3.-XML-external-entity-xxe-injection](/notes/my-certifications/cpts/notes/web-attacks/3.-xml-external-entity-xxe-injection.md) - [Web-attacks-to-the-point](/notes/my-certifications/cpts/notes/web-attacks/web-attacks-to-the-point.md) - [Web Service & API Attacks](/notes/my-certifications/cpts/notes/web-service-and-api-attacks.md) - [web-service-and-api-attacks](/notes/my-certifications/cpts/notes/web-service-and-api-attacks/web-service-and-api-attacks.md) - [Command-injections](/notes/my-certifications/cpts/notes/command-injections.md) - [SQL-injection](/notes/my-certifications/cpts/notes/sql-injection.md) - [XSS](/notes/my-certifications/cpts/notes/xss.md) - [XSS-based Session Hijacking](/notes/my-certifications/cpts/notes/xss/xss-based-session-hijacking.md) - [Broken Authentication](/notes/my-certifications/cpts/notes/broken-authentication.md) - [Login-brute-forcing](/notes/my-certifications/cpts/notes/login-brute-forcing.md) - [Password-attacks](/notes/my-certifications/cpts/notes/password-attacks.md) - [Password-cracking](/notes/my-certifications/cpts/notes/password-cracking.md) - [Session Security Guide](/notes/my-certifications/cpts/notes/session-security.md) - [File-transfer](/notes/my-certifications/cpts/notes/file-transfer.md) - [File-upload-attacks](/notes/my-certifications/cpts/notes/file-upload-attacks.md) - [Shells and payloads](/notes/my-certifications/cpts/notes/shells-and-payloads.md) - [Upgrading-tty-shell](/notes/my-certifications/cpts/notes/upgrading-tty-shell.md) - [Using-the-metasploit-framework](/notes/my-certifications/cpts/notes/using-the-metasploit-framework.md) - [File Inclusion](/notes/my-certifications/cpts/notes/file-inclusion.md) - [1.File Disclosure](/notes/my-certifications/cpts/notes/file-inclusion/1.file-disclosure.md) - [1.Local-file-inclusion-lfi](/notes/my-certifications/cpts/notes/file-inclusion/1.file-disclosure/1.local-file-inclusion-lfi.md) - [2.Basic-bypasses](/notes/my-certifications/cpts/notes/file-inclusion/1.file-disclosure/2.-basic-bypasses.md) - [3.PHP-filters](/notes/my-certifications/cpts/notes/file-inclusion/1.file-disclosure/3.-php-filters.md) - [2.Remote Code Execution](/notes/my-certifications/cpts/notes/file-inclusion/2.remote-code-execution.md) - [4.PHP-wrappers](/notes/my-certifications/cpts/notes/file-inclusion/2.remote-code-execution/4.-php-wrappers.md) - [5.Remote-file-inclusion-rfi](/notes/my-certifications/cpts/notes/file-inclusion/2.remote-code-execution/5.-remote-file-inclusion-rfi.md) - [6.LFI-and-file-uploads](/notes/my-certifications/cpts/notes/file-inclusion/2.remote-code-execution/6.-lfi-and-file-uploads.md) - [7.LOG-poisoning](/notes/my-certifications/cpts/notes/file-inclusion/2.remote-code-execution/7.-log-poisoning.md) - [3.Automation and Prevention](/notes/my-certifications/cpts/notes/file-inclusion/3.automation-and-prevention.md) - [8.Automated-scanning](/notes/my-certifications/cpts/notes/file-inclusion/3.automation-and-prevention/8.-automated-scanning.md) - [9.File-inclusion-prevention](/notes/my-certifications/cpts/notes/file-inclusion/3.automation-and-prevention/9.-file-inclusion-prevention.md) - [Ligolo-ng](/notes/my-certifications/cpts/notes/ligolo-ng.md) - [Pivoting-tunneling-and-port-forwarding](/notes/my-certifications/cpts/notes/pivoting-tunneling-and-port-forwarding.md) - [TIPS](/notes/my-certifications/cpts/notes/cpts-tips.md) - [CheatSheet](/notes/my-certifications/cpts/notes/cheatsheet.md)