🔐 PEN1 — Complete Offensive Pentesting

Instructor: Bitten Tech | Goal: OSCP & beyond
Started: {{01/06/2026}}
Status: 🟡 In Progress

---

📌 My Learning Principles

• Notes are compression of understanding, not transcripts
• If I can derive or look it up in 10 seconds — skip it
• Only write what I couldn't derive logically myself
• Every concept has an Offensive and Defensive angle
• Always fill "My Understanding in Plain English" first

---

🗺️ Module Map

📁 01 - INTRODUCTION TO CYBER SECURITY

• [x] 1. Information_Security
• [x] 2. Ethical_Hacking
• [x] 3. Careers_in_Ethical_Hacking
• [x] 4. General_Terminology
• [x] 5. How_to_Become_a_Hacker

📁 02 - Fundamentals

• [x] 1. Basics+Lab_Setup
• [ ] 2. Networking_Basics
• [ ] 3. Linux_Basics
• [ ] 4. Bash_for_Beginners
• [ ] 5. Cryptography_Basics

📁 03 - Information Gathering

• [ ] [[Search_Engine_Footprinting]]
• [ ] [[OSINT_Basics]]
• [ ] [[Email_and_Web_Archive]]
• [ ] [[DNS_Footprinting]]
• [ ] [[Network_Footprinting]]
• [ ] [[Shodan_Footprinting]]
• [ ] [[Subdomain_Enumeration]]
• [ ] [[Google_Dorking]]

📁 04 - Target Scanning

• [ ] [[Scanning_Methodology]]
• [ ] [[Scanning_Technical_Background]]
• [ ] [[Port_Scanning_with_Nmap]]
• [ ] [[Types_of_Port_Scanning]]
• [ ] [[Advanced_Port_Scanning]]
• [ ] [[masscan_and_hping3]]
• [ ] [[Banner_Grabbing]]
• [ ] [[Nmap_Scripting_Engine]]
• [ ] [[Nikto_and_OpenVAS]]
• [ ] [[NetBIOS_Enumeration]]
• [ ] [[SMB_Enumeration]]
• [ ] [[SNMP_LDAP_SMTP_Enumeration]]
• [ ] [[DNS_Zones_and_Transfers]]
• [ ] [[nslookup_and_dig]]

📁 05 - Initial Access & Web App Pentesting

Initial Access

• [ ] [[Modern_Exploitation_Techniques]]
• [ ] [[Public_Exploits]]
• [ ] [[Client_Side_Attacks_Office_Macros]]
• [ ] [[Password_Guessing_with_Hydra]]
• [ ] [[Man_in_the_Middle_Attacks]]
• [ ] [[Password_Cracking_Hashcat_John]]
• [ ] [[Online_Password_Cracking]]
• [ ] [[Custom_Wordlist_Generation]]

Web Application Pentesting

• [ ] [[Web_Server_Security_Stack]]
• [ ] [[Web_Attack_Methodology]]
• [ ] [[SSH_and_Password_Cracking]]
• [ ] [[Directory_Traversal]]
• [ ] [[Directory_Listing_Attack]]
• [ ] [[Burpsuite_Basics]]
• [ ] [[Burpsuite_Modules_Deep_Dive]]
• [ ] [[Parameter_Tampering]]
• [ ] [[Information_Disclosure]]
• [ ] [[SQL_Injection]]
• [ ] [[Blind_SQL_Injection]]
• [ ] [[OS_Command_Injection]]
• [ ] [[Broken_Authentication]]
• [ ] [[Broken_Access_Control]]
• [ ] [[Cross_Site_Scripting]]
• [ ] [[Reflected_Stored_DOM_XSS]]
• [ ] [[Cross_Site_Request_Forgery]]
• [ ] [[Local_Remote_File_Inclusion]]
• [ ] [[Insecure_Direct_Object_References]]
• [ ] [[Server_Side_Request_Forgery]]
• [ ] [[XML_External_Entities]]
• [ ] [[Server_Side_Template_Injection]]
• [ ] [[Insecure_Deserialization]]
• [ ] [[Initial_Access_via_Web_Attacks]]
• [ ] [[Wordpress_Exploitation]]

📁 06 - Metasploit

• [ ] [[Metasploit_Introduction]]
• [ ] [[MSF_Walkthrough]]
• [ ] [[Searchsploit]]
• [ ] [[Exploiting_Windows_7]]
• [ ] [[Exploiting_Linux_MSF]]
• [ ] [[Post_Exploitation_Framework]]

📁 07 - File Transfer Techniques

• [ ] [[Linux_File_Transfers]]
• [ ] [[Windows_File_Transfers]]

📁 08 - Port Forwarding & Pivoting

• [ ] [[SSH_Local_Remote_Dynamic_Port_Forwarding]]
• [ ] [[Windows_Port_Forwarding_socat_chisel]]
• [ ] [[SOCKS_Proxy_Forwarding]]
• [ ] [[Tunneling_Complex_Exploits]]

📁 09 - Linux Privilege Escalation

• [ ] [[LinPEAS_Manual_Enumeration]]
• [ ] [[Linux_Sensitive_Credentials]]
• [ ] [[Weak_File_Permissions]]
• [ ] [[Cron_Jobs]]
• [ ] [[SUID_SGID_Executables]]
• [ ] [[Sudo_Exploitation]]
• [ ] 10 - Linux PrivEsc/Kernel_Exploitation
• [ ] [[Linux_Capabilities]]
• [ ] [[MySQL_User_Defined_Functions]]
• [ ] [[Network_File_System]]
• [ ] [[Process_Snooping]]

📁 10 - Windows Privilege Escalation

• [ ] [[WinPEAS_Manual_Enumeration]]
• [ ] [[Weak_Service_Permissions]]
• [ ] [[Unquoted_Service_Paths]]
• [ ] [[DLL_Hijacking]]
• [ ] [[Windows_Sensitive_Credentials]]
• [ ] [[Weak_Registry_Permissions]]
• [ ] [[AlwaysInstallElevated]]
• [ ] [[Token_Impersonation]]
• [ ] [[Potato_Attacks]]
• [ ] [[PrintSpoofer_Exploitation]]
• [ ] 11 - Windows PrivEsc/Kernel_Exploitation
• [ ] [[Scheduled_Tasks]]
• [ ] [[Startup_Apps]]
• [ ] [[Insecure_GUI_Apps]]
• [ ] [[Windows_UAC_Bypass]]
• [ ] [[Vulnerable_Software]]

📁 11 - Active Directory Attacks

• [ ] [[AD_Introduction_and_Architecture]]
• [ ] [[AD_Local_Lab_Setup]]
• [ ] [[Microsoft_Authentication]]
• [ ] [[NTLM_and_Kerberos_Authentication]]
• [ ] [[LLMNR_Poisoning_and_Kerberoasting]]
• [ ] [[NetNTLM_and_LDAP_Bind]]
• [ ] [[Enumeration_Config_Files]]
• [ ] [[Credential_Injection_and_MMC]]
• [ ] [[Powershell_and_Bloodhound_Enumeration]]
• [ ] [[Pass_the_Hash_and_Overpass_the_Hash]]
• [ ] [[Silver_and_Golden_Ticket_Attacks]]
• [ ] [[Lateral_Movement_PsExec]]
• [ ] [[Lateral_Movement_Mimikatz]]
• [ ] [[Abusing_User_Behavior]]
• [ ] [[Pass_the_Ticket]]
• [ ] [[Pivoting_Chisel_Socat]]
• [ ] [[Kerberos_Permission_Exploitation]]
• [ ] [[Exploiting_Automated_Relays]]
• [ ] [[Group_Policy_Exploitation]]
• [ ] [[Persistence_with_Credentials]]
• [ ] [[DCSync_Attacks]]
• [ ] [[GPOs_for_Persistence]]
• [ ] [[Credential_Extraction]]
• [ ] [[LSASS_Extraction]]
• [ ] [[Windows_Credential_Manager]]
• [ ] [[AS_REP_Roasting]]
• [ ] [[Domain_Dominance]]
• [ ] AD_Cheatsheet

📁 12 - Pentesting with Python

• [ ] [[Python_Footprinter]]
• [ ] [[Python_Packet_Sniffer]]
• [ ] [[Python_Network_Scanner]]
• [ ] [[Python_Port_Scanner]]
• [ ] [[Python_Banner_Grabber]]
• [ ] [[Port_Scanning_with_Scapy]]
• [ ] [[Python_ARP_Spoofer]]
• [ ] [[Python_DNS_Poisoning]]
• [ ] [[Multifunctional_C2_Malware]]
• [ ] [[Fast_Directory_Buster]]
• [ ] [[Python_Subdomain_Finder]]
• [ ] [[Recursive_Web_Crawler]]
• [ ] [[Web_Vulnerability_Scanner]]
• [ ] [[SSH_FTP_Brute_Forcer]]
• [ ] [[HTTP_Password_Guesser]]
• [ ] [[Hash_Password_Cracker]]
• [ ] [[Recon_Automation]]

📁 13 - Pentest Report Writing

• [ ] [[Bug_Bounty_and_Pentesting_Methodology]]
• [ ] [[Bug_Bounty_Report_Writing]]
• [ ] [[OSCP_Roadmap]]
• [ ] [[OSCP_Exam_Guide]]
• [ ] [[OSCP_Report_Writing]]

---

📊 Progress Tracker

Module	Topics	Completed	Status
01 - Intro	5	5	🟢
02 - Fundamentals	5	1	🟡
03 - Info Gathering	8	0	🔴
04 - Target Scanning	14	0	🔴
05 - Initial Access & Web App	33	0	🔴
06 - Metasploit	6	0	🔴
07 - File Transfers	2	0	🔴
08 - Port Forwarding & Pivoting	4	0	🔴
09 - Linux PrivEsc	11	0	🔴
10 - Windows PrivEsc	16	0	🔴
11 - Active Directory	28	0	🔴
12 - Python	17	0	🔴
13 - Report Writing	5	0	🔴
Total	154	0	🔴

🔴 Not Started | 🟡 In Progress | 🟢 Complete

---

💡 Key Insights Log

Your biggest "aha moments" as you progress

---

❓ Questions Parking Lot

Things you don't understand yet — come back to these

---

⚡ Cheatsheets

• AD_Cheatsheet
• Linux_PrivEsc_Cheatsheet
• Windows_PrivEsc_Cheatsheet
• Web_Attacks_Cheatsheet
• Nmap_Cheatsheet