Piosky's cheat sheet

Reconnaissance
- Intelligence
- Scan/Sniffer
Enumeration
- Services
- Active Directory
  - Generic infos
  - Exchange
  - Kerberos
  - Bloodhound
  - GPO
  - Security descriptors
  - Trust
- Authentication tests
  - BruteForce
  - Password Spray
- Unix
- Windows
  - Safety Checks
  - Generic info
Initial access
- Spear Phishing
  - Payload Delivery
- Physical access
Exploitation
- Exploitation Unix
- Exploitation Windows
- Exploitation AD
  - Exploitation Kerberos
  - DPAPI
  - GPO
  - NTLM
  - Security descriptors
- MITM
Post-Exploitation
Wi-Fi
Web
Misc
Forensic

Navigation :

Post-Exploitation

Post-Exploitation Unix

Privilege escalation

Collect credentials

Post-Exploitation Windows

Lateral movements

Privilege escalation

Patches Detection

Services and Processes

Schedules Tasks

Startup Applications

Password mining

Impersonation / tokens

Privilege abuse

Password mining

Enable/Disable services

Post-Exploitation AD

Pivoting / tunneling

Password cracking

MITM Post-Exploitation Unix