# Introduction

<figure><img src="https://c.tenor.com/RvI_dsjz5Y8AAAAd/fullmetal-alchemist-roy-mustang.gif" alt=""><figcaption></figcaption></figure>

### About me

My name is Fabian. I started my penetration testing journey in Fall 2021 and have since worked through Hack The Box, Offensive Security's PWK labs, and Proving Grounds. I currently work as a Consultant/Penetration Tester and hold the following certifications: OSEP, OSCP, eCPPTv2, eJPT, and CARTP. This wiki is where I document the methodology, tools, and techniques I've developed and refined along the way. I hope you find it useful.

### How to use this wiki

This wiki is organized around the standard penetration testing lifecycle. Each section represents a phase of an engagement, with dedicated pages covering tools, commands, and decision logic for that phase. Whether you are working a CTF box or a real assessment, you can navigate directly to the relevant phase and follow along.

### Methodology phases

Enumeration — Identify all open ports and services. Build your attack surface map before touching anything.

Exploitation — Leverage identified vulnerabilities to gain initial access. Covers vulnerable services, web attacks, and password attacks.

Privilege Escalation — Move from a low-privileged shell to SYSTEM or root. Covers Windows token abuse, misconfigured services, and Linux SUID/sudo/cron paths.

Post-Exploitation — Actions taken after gaining elevated access: credential dumping, lateral movement, and persistence.

Active Directory — AD-specific attack chains: user enumeration, Kerberoasting, ASREPRoasting, and domain privilege escalation.

<figure><img src="https://3418038199-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FyTPWZkKJbJfX8uHiRzmn%2Fuploads%2FoT7fqUXfc0IY9RqmYqgn%2F2022-09-08_15-15.png?alt=media&#x26;token=6832361e-b9b9-460e-b008-be86f07033e1" alt=""><figcaption></figcaption></figure>

<figure><img src="https://3418038199-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FyTPWZkKJbJfX8uHiRzmn%2Fuploads%2FGsSOvD2Er0fvmt0uPnuH%2F2023-01-25%2010_32_56-Red%20Team%20Operator%20-%20Canvas%20Badges.png?alt=media&#x26;token=aaad2fff-bb74-4e7f-8b62-2ec62bb3b229" alt=""><figcaption></figcaption></figure>

<figure><img src="https://3418038199-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FyTPWZkKJbJfX8uHiRzmn%2Fuploads%2FwVtzPbAXLY7LBAWcvXJa%2F2022-09-08_13-49.png?alt=media&#x26;token=47a29a0c-2734-41fc-8ced-8412f77a2aaf" alt=""><figcaption></figcaption></figure>

<figure><img src="https://3418038199-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FyTPWZkKJbJfX8uHiRzmn%2Fuploads%2FrZ9nISgMpeEz0XjWGsCy%2F2022-09-08_13-56.png?alt=media&#x26;token=69db7965-0619-4208-b796-8f218826d3af" alt=""><figcaption></figcaption></figure>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://lyethar.gitbook.io/methodology/readme.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.