Notes

Information Gathering is the first and most critical phase of any penetration testing or offensive security engagement. The objective is to collect as much relevant information as possible about a target environment while maintaining accuracy, context, and efficiency. This section consolidates theoretical foundations and practical techniques used during the reconnaissance phase, combining structured study with real-world command usage. The focus is not on tools alone, but on understanding what information matters, why it matters, and how it guides later attack decisions. ...

Vulnerability Assessment is a core phase in offensive security and penetration testing, focused on identifying, analyzing, and understanding weaknesses within a target environment before exploitation. This section consolidates theoretical foundations and practical techniques used during vulnerability assessment, bridging reconnaissance data with security analysis. The emphasis is not solely on automated tools, but on understanding what constitutes a vulnerability, why it exists, how it can be abused, and how it impacts the attack surface. ...

Exploitation is the phase where identified vulnerabilities are actively abused to gain unauthorized access, execute code, or escalate privileges within a target environment. The objective is to reliably convert confirmed weaknesses into practical access, while maintaining control, stability, and situational awareness throughout the engagement. This section focuses on practical exploitation techniques, emphasizing understanding exploit conditions, payload behavior, and post-exploitation positioning rather than blind tool usage. This section contains distilled notes from my Hack The Box – Pentesting Path study. ...

Post-Exploitation begins once initial access has been obtained and focuses on consolidating control, escalating privileges, and deepening understanding of the compromised system. The primary objective of this phase is privilege escalation, both on Linux and Windows, transforming limited access into administrative or root-level control while maintaining operational security. This section contains distilled notes from my Hack The Box – Pentesting Path study. Full repository (expanded notes, diagrams, screenshots): https://github.com/lameiro0x/pentesting-path-htb

This section contains distilled notes from my Hack The Box – Information Security Foundations study. Full repository (expanded notes, diagrams, screenshots): https://github.com/lameiro0x/Information-Security-Foundations

A collection of exercises based on OverTheWire wargames, covering Linux fundamentals, Bash scripting, and core security concepts through hands-on experimentation.