Pentesting

Introduction Brute force login attacks test authentication systems by systematically trying candidate credentials until a valid combination is found. In real assessments, this is usually a last-resort option after vulnerabilities and misconfigurations are exhausted, but it still delivers results when password hygiene is weak. The sections below combine strategy, scripts, and tooling so you can move from theory to execution quickly. Brute Force Process and Use Cases A brute force process begins with identifying the authentication surface, gathering usernames, and selecting the right attack mode. It is most effective when password policies are weak, default credentials exist, or a specific account is the target. ...

Introduction File transfer is a core step after initial access because tools, logs, and evidence must move between the attacker and the target. Host controls like application allowlists, AV, and EDR often block common utilities, which means you need more than one method. Network controls such as firewalls and IPS can also restrict ports or flag unusual protocols, so flexibility is essential. A solid operator keeps multiple options ready and chooses the least noisy path that still works. ...

Intro Enumeration blends passive discovery with active validation. OSINT stays passive and should be treated apart. The objective is a clean map of exposure, not access. Enumeration Principles We ask why something is visible and what it implies about the target, then compare that with what is missing or hidden to avoid assumption driven decisions. Multiple viewpoints reduce blind spots by forcing you to compare independent signals before deciding what to probe. Visible facts outweigh assumptions because they can be verified and repeated under the same conditions. More context improves accuracy and keeps the test focused on the most relevant assets and interfaces. Enumeration Methodology We use six layers to structure external work. The layers move from public presence to OS setup. This keeps testing organized. ...

Introduction Network enumeration is the phase where you discover what is reachable, what is listening, and how a system responds to probes. This is where you build a map of the target and decide which services are worth deeper testing. A clean approach saves time, reduces noise, and prevents the test from stalling later. The goal is not just to find open ports, but to understand how each service behaves and what it reveals. ...

Introduction Working effectively with Windows systems from a security or administration perspective requires a solid understanding of the available command-line interfaces. Unlike graphical tools, command-line environments expose the operating system in a direct and scriptable way, allowing fine‑grained control over system behavior, configuration, and automation. Windows ships with two primary command-line interfaces: Command Prompt (cmd.exe) and PowerShell. While both provide access to the underlying operating system, they differ significantly in design philosophy, capabilities, and use cases. Understanding when and how to use each one is a foundational skill for system administrators, blue team operators, and penetration testers alike. ...

Introduction USB Human Interface Devices (HID), such as keyboards and mice, are implicitly trusted by modern operating systems. This trust model enables seamless user interaction but also introduces a critical attack surface when abused. This post documents an educational laboratory project based on a Raspberry Pi Pico, designed to study USB HID-based attack techniques in a controlled, ethical environment. Rather than focusing on real-world exploitation, the goal is to understand the underlying mechanics, trust assumptions, and architectural decisions that make this attack vector possible. ...

Introduction Password cracking is an offline process where you attempt to recover plaintext from captured hashes or protected files. In penetration tests, weak or reused passwords are common, so success usually comes from smart wordlists and realistic mutations rather than raw brute force. Hashcat is the main tool for this workflow because it supports many algorithms and scales well on GPUs. Hashing, Salting, and Encryption Hashing turns input into a fixed-length digest and is designed to be one-way, so cracking depends on guessing candidates and comparing their hashes. Slow password hashes like PBKDF2 or bcrypt increase cost, while fast hashes like MD5 or SHA1 remain common in legacy systems and breach dumps, and salting reduces rainbow table value without preventing offline attacks. Encryption is reversible with a key and appears in data-at-rest or transport use cases, so it is a different problem from password hashing. The list below summarizes common encryption families, and the commands that follow show how salting changes a digest. ...

Reference & Disclaimer This article is based on my personal study notes from the Information Security Foundations track. Due to scope and readability constraints, theoretical explanations, command details, output interpretation, and script code examples are intentionally highly summarized in this article. For full explanations, complete command usage, real outputs, and detailed script implementations, readers are strongly encouraged to consult the full repository. Full repository: https://github.com/lameiro0x/pentesting-path-htb Introduction Linux privilege escalation starts with careful enumeration, then moves through environment weaknesses, permissions, services, and kernel internals. This guide blends theory with concrete commands you can reuse during post-exploitation. ...

Security Assessments Security assessments identify weaknesses in systems and processes. They provide evidence so teams can patch, mitigate, or remove risk. Clear scope and objectives keep the assessment useful and safe. Reports should be actionable for both technical and business teams. Security Assessment Overview Most assessments look for vulnerabilities, but depth varies by type. Some are checklist driven while others simulate real attacks. The choice depends on regulations, risk tolerance, and resources. Understanding the differences prevents mismatched expectations. ...

Intro Web reconnaissance is the foundation of a strong security test. It maps assets and technology choices before deeper testing begins and reduces blind spots. Types of Recon Recon uses two approaches: active and passive. Active touches systems directly, while passive relies on public sources. Active Recon Active recon interacts with the target to gather accurate data. It is effective but increases detection risk because requests are logged by servers and security tools. ...