A second-brain for everything I learn during HackTheBox machines, TryHackMe rooms, PortSwigger Web Security Academy labs, and CTFs — focused on Web Application Penetration Testing and Active Directory / Red Team tradecraft.
Each note here is:
- Practical — every command shown was run in a real lab, not copy-pasted from a wiki
- Concise — kept to the essentials I actually reach for during engagements
- Tested — only what I have validated in my own environment makes it in
This is my own working reference — if it's here, I have actually used it.
| Folder | What's inside |
|---|---|
web-security/ |
OWASP Top 10 walkthroughs — SQLi, XSS, SSRF, IDOR, SSTI, auth flaws |
active-directory/ |
AD attacks — Kerberoasting, AS-REP, ACL abuse, DCSync, lateral movement |
tools/ |
Tool-specific notes — Burp Suite, Nmap, BloodHound, Impacket, Metasploit |
methodology/ |
OWASP Testing Guide, PTES, Cyber Kill Chain, MITRE ATT&CK mapping |
writeups/ |
HTB / TryHackMe / CTF writeups (after machines retire) |
cheatsheets/ |
Quick-reference one-pagers for engagements |
resources/ |
Curated links — blogs, courses, books, CVE references |
- PTES Web Pentest Cheatsheet ✅ — task-oriented playbook (52 tasks, ~140 tools, ~95 websites)
- SQL Injection — Manual Exploitation Cheatsheet
- XSS — Reflected, Stored, DOM-based
- SSRF — Bypasses & Internal Service Discovery
- IDOR — Finding & Exploiting Access Control Flaws
- File Upload Bypass Techniques
- AD Enumeration Workflow
- Kerberoasting & AS-REP Roasting
- BloodHound — Attack Path Analysis
- Lateral Movement & Pivoting
⚠️ Some files above are work in progress — I add a new note after every machine I solve. Watch the repo to follow along.
- Recon —
nmap -sC -sV -p- target·ffuf· subdomain enumeration · technology fingerprinting - Mapping — Burp Suite passive crawl ·
gobuster dir· spider authenticated areas - OWASP Top 10 sweep — manual checks against each category
- Authenticated testing — IDOR, BAC, business-logic flaws
- Documentation — capture every step in Markdown for the report
- External recon —
nmap· service enumeration on 53/88/389/445/636 - Initial foothold — null session enumeration · password spraying · phishing simulation
- Domain enumeration — BloodHound + SharpHound ·
ldapsearch·rpcclient - Privilege escalation — Kerberoasting · AS-REP Roasting · ACL abuse · DACL chains
- Lateral movement — Pass-the-Hash · Pass-the-Ticket · psexec/wmiexec
- Domain dominance — DCSync · Golden/Silver Tickets · NTDS.dit dump
- Cleanup & report — log artifacts, write the engagement narrative
- Mastering Active Directory attack chains end-to-end (PEH / CRTP path)
- PortSwigger Web Security Academy — Advanced topics
- OSCP-style enumeration discipline
- Custom Python tooling for recon automation
- Pentest report writing (engagement narrative + technical findings)
If you spot something wrong, outdated, or unclear:
- Found a typo or unclear sentence? → open a PR
- Have a sharper way to explain a concept? → open a PR
- Want to add your own writeup? → open a PR with the file in
writeups/
PRs of any size welcome.
This repo grows with every machine I solve. Below is a rough running count of notes added per category — updated as I publish.
web-security/ ████████████░░░░░░░░ pending notes
active-directory/ ██████████░░░░░░░░░░ pending notes
tools/ ████████░░░░░░░░░░░░ pending notes
writeups/ ██████░░░░░░░░░░░░░░ pending notes
cheatsheets/ ████░░░░░░░░░░░░░░░░ pending notes
- HackTricks — https://book.hacktricks.xyz/
- PayloadsAllTheThings — https://github.com/swisskyrepo/PayloadsAllTheThings
- PortSwigger Web Security Academy — https://portswigger.net/web-security
- The Hacker Recipes — https://www.thehacker.recipes/
- Pentestmonkey — http://pentestmonkey.net/
- GTFOBins / LOLBAS — for living-off-the-land binaries
Notes are released under Creative Commons BY-SA 4.0 — free to share and adapt with attribution.
Code snippets are MIT.
Maintained by @nodirsafarov — Junior Penetration Tester from Tashkent, Uzbekistan.
