Information Technology Grimoire

Version .0.0.1

IT Notes from various projects because I forget, and hopefully they help you too.

Penetration Testing


You should never try to interfere with someone else’s system, illegally. Most likely, you will be caught. Getting into a system is the easy part! Bypassing IDS/IPS and the various alerting is where greater skill comes in to play. Everything has vulnerabilities, everything!

When you are caught, you will be prosecuted. Even if you “win” the court battle, you’ll be out the attorney fees and garbage fines that they will throw at you. Hack your own systems only OR get it in writing from your client that you will be doing a penetration test and let them know what that involves. We are not advocating that you use any technique we publish now or in the future to any illegal purpose.

Learn Pen Testing for Free

If you want to learn safely, and legally download MetaSploit, OWASPBWA, DVWA or other systems designed for the purpose of legal pen testing practice. You can even build your own vulnerable system to test various hacks using free versions of VmWare and use the suite of tools from Kali or Back Box, all of which are free.

With that said (now you have no excuse for doing pentests/hacks illegally), don your black hoodie, pour your caffeinated beverage of choice and engage in the following activities when you are legally able to do so using a combination of social engineering and technical prowess to help your clients secure their data using a variation of the PTES technical guideline:


Pre-engagement Interactions

What does client want to verify is safe/visible? Figure out what problems you are solving.

Intelligence Gathering

Gather basic reconnaissance from public and private sources

Initial Foothold

Social engineering and basic, more intrusive analysis


Scan and look for vulnerabilities

Local Privilege Escalation

Access one of the vulnerabilities you found

Backdoor Persistence

Install rootkits and other persistence vectors

Domain Privilege Escalation

Look for a domain admin or other higher level account

Post Exploitation/Data Dumps

Dump domain hashes or other data as per client requests

Data Identification/Exfiltration

Sort through and make sense of your data grabs


Make the pretty reports that all the clients like

When you end up working for a red team and get contracts to ethically hack a client’s resources, you will eventually come across the many flavors of commercial tool kits, such as:

  • Burp Suite
  • Canvas
  • Cobalt Strike
  • Core Impact
  • Nessus
  • Nexpose

To that end, here are a few articles on basic penetration testing techniques that will help with the various steps of white hat, ethical hacking for your clients:

Subcategories of Penetration Testing:

Articles, Tips, Tricks in the Penetration Testing Category:

Last updated on 28 Feb 2019
Published on 28 Feb 2019