A practical, cross-linked reference kit for offensive security engagements, in three layers:
- Cheatsheets (21): command and payload references for tools and techniques.
- Checklists (25): phased, checkbox methodology guides (what to test, in order) per engagement type.
- Playbooks (18): end-to-end attack chains walked A to Z, with commands, decision branches, OPSEC, detection, and cleanup.
All techniques are for authorized security testing only. Content is current to 2024-2026.
Read top down: a Cheatsheet gives you the commands, the matching Checklist gives you the methodology, and a Playbook shows a specific chain end to end. Links between notes are relative and clickable on GitHub. The attack-graph diagram in Playbooks/Attack Graph.md renders natively on GitHub. For the full backlink graph and local search, clone and open the three folders as an Obsidian vault.
- API JWT and GraphQL
- AWS Pentest
- Active Directory and Kerberos
- Azure and Entra ID
- CICD and Supply Chain
- Hashcat
- Kubernetes and Container Breakout
- Linux Privilege Escalation
- MCP-Assisted Pentesting
- Mainframe Tooling
- Mobile App Testing
- NetExec and Impacket
- Nmap
- Nuclei Usage
- OSINT and Recon
- Phishing and Initial Access
- Pivoting and Tunneling
- Reverse Shells and File Transfer
- Web App and Payloads
- Windows Privilege Escalation
- Wireless
- AI and LLM Application
- API Security
- AWS Cloud Penetration Test
- Assumed Breach
- Azure and M365 Entra ID
- Build Review and VDI
- CICD Pipeline
- Compromise Assessment
- Database Security
- Email Security
- External Network Penetration Test
- Firewall and Network Device Review
- GCP Cloud Penetration Test
- Internal Network and Active Directory
- IoT Device
- Kubernetes and Containers
- Mobile Application
- OSINT and Reconnaissance
- OT and ICS
- Phishing and Social Engineering
- Physical Security
- Red Team Operation
- Thick Client Application
- Web Application
- Wireless Network Assessment
- Attack Graph (map of how the playbooks chain together)
- AWS IMDS SSRF to Account Takeover
- AWS Leaked Key to IAM Privilege Escalation
- Azure AiTM Token Theft to Global Admin
- Blind SSRF to Cloud Metadata RCE
- Coercion to ADCS ESC8 to Domain Admin
- DCSync to Golden Ticket Persistence
- Device Code Phishing to M365 Takeover
- Edge Device Exploit to Internal Foothold
- File Upload to Web Shell to Foothold
- GCP Service Account Impersonation to Org Admin
- IPv6 mitm6 Relay to RBCD Takeover
- Indirect Prompt Injection to Data Exfiltration
- Insecure Deserialization to RCE
- Kerberoasting to Domain Admin
- Kubernetes Pod to Cluster to Cloud
- Poisoned CI Pipeline to Cloud Admin
- SQL Injection to RCE to Pivot
- badSuccessor dMSA to Domain Admin