├── .gitbook └── assets │ ├── OAuth-Standard-Flow.png │ ├── SAML-Standard_Flow.png │ ├── env-keep.png │ ├── invesalius-rce.png │ ├── invesalius.png │ ├── jsfck.png │ ├── jwt-none-algorithm │ ├── pdf-metadata.png │ └── sapnetweaver.png ├── README.md ├── SUMMARY.md ├── active-directory ├── README.md ├── domain-trusts.md ├── initial-access.md ├── internal-enumeration-and-lateral-movement.md └── privilege-escalation-to-domain-admin-using-known-exploits.md ├── bug-bounty-hunting ├── README.md └── bug-bounty-tools.md ├── information-gathering.md ├── linux-privilege-escalation ├── README.md ├── capabilities-abuse.md ├── enumerating-attack-vectors.md ├── environment-variables-abuse.md ├── miscellaneous-techniques.md ├── privileged-groups.md └── programs-jobs-and-services.md ├── protocols-and-services ├── README.md ├── dns.md ├── ftp.md ├── imap.md ├── ipmi.md ├── mssql.md ├── mysql.md ├── nfs.md ├── oracle-tns.md ├── pop3.md ├── rdp.md ├── smb.md ├── smtp.md └── snmp.md ├── utilities-scripts-and-payloads ├── README.md ├── file-transfers.md ├── metasploit-framework.md ├── password-attacks.md ├── pivoting-tunneling-port-forwarding.md └── shells-and-payloads.md ├── web-applications ├── README.md ├── fuzzing.md ├── web-attacks │ ├── README.md │ ├── cross-site-scripting-xss.md │ ├── file-uploads.md │ ├── http-verb-tampering.md │ ├── insecure-direct-object-references-idor.md │ ├── json-web-tokens-jwts.md │ ├── ldap-injection.md │ ├── local-file-inclusion-lfi.md │ ├── nosql-injection.md │ ├── oauth-attacks.md │ ├── os-command-injection.md │ ├── remote-file-inclusion-rfi.md │ ├── saml-attacks.md │ ├── sql-injection.md │ ├── ssrf.md │ ├── xml-external-entities-xxe.md │ └── xpath-injection.md └── web-technologies │ ├── README.md │ ├── cgi-applications.md │ ├── drupal.md │ ├── gitlab.md │ ├── ibm-websphere.md │ ├── jenkins.md │ ├── joomla.md │ ├── microsoft-iis.md │ ├── pdf-generators.md │ ├── sap-netweaver.md │ ├── tomcat.md │ ├── webdav.md │ └── wordpress.md └── windows-privilege-escalation ├── README.md ├── built-in-groups-abuse.md ├── enumerating-attack-vectors.md ├── excessive-user-rights-abuse.md ├── file-system-acls.md ├── living-off-the-land.md ├── unquoted-service-paths.md └── user-account-control-uac-bypass.md /.gitbook/assets/OAuth-Standard-Flow.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/alessio-romano/Sfoffo-Pentesting-Notes/HEAD/.gitbook/assets/OAuth-Standard-Flow.png -------------------------------------------------------------------------------- /.gitbook/assets/SAML-Standard_Flow.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/alessio-romano/Sfoffo-Pentesting-Notes/HEAD/.gitbook/assets/SAML-Standard_Flow.png -------------------------------------------------------------------------------- /.gitbook/assets/env-keep.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/alessio-romano/Sfoffo-Pentesting-Notes/HEAD/.gitbook/assets/env-keep.png -------------------------------------------------------------------------------- /.gitbook/assets/invesalius-rce.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/alessio-romano/Sfoffo-Pentesting-Notes/HEAD/.gitbook/assets/invesalius-rce.png -------------------------------------------------------------------------------- /.gitbook/assets/invesalius.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/alessio-romano/Sfoffo-Pentesting-Notes/HEAD/.gitbook/assets/invesalius.png -------------------------------------------------------------------------------- /.gitbook/assets/jsfck.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/alessio-romano/Sfoffo-Pentesting-Notes/HEAD/.gitbook/assets/jsfck.png -------------------------------------------------------------------------------- /.gitbook/assets/jwt-none-algorithm: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/alessio-romano/Sfoffo-Pentesting-Notes/HEAD/.gitbook/assets/jwt-none-algorithm -------------------------------------------------------------------------------- /.gitbook/assets/pdf-metadata.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/alessio-romano/Sfoffo-Pentesting-Notes/HEAD/.gitbook/assets/pdf-metadata.png -------------------------------------------------------------------------------- /.gitbook/assets/sapnetweaver.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/alessio-romano/Sfoffo-Pentesting-Notes/HEAD/.gitbook/assets/sapnetweaver.png -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/alessio-romano/Sfoffo-Pentesting-Notes/HEAD/README.md -------------------------------------------------------------------------------- /SUMMARY.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/alessio-romano/Sfoffo-Pentesting-Notes/HEAD/SUMMARY.md -------------------------------------------------------------------------------- /active-directory/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/alessio-romano/Sfoffo-Pentesting-Notes/HEAD/active-directory/README.md -------------------------------------------------------------------------------- /active-directory/domain-trusts.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/alessio-romano/Sfoffo-Pentesting-Notes/HEAD/active-directory/domain-trusts.md -------------------------------------------------------------------------------- /active-directory/initial-access.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/alessio-romano/Sfoffo-Pentesting-Notes/HEAD/active-directory/initial-access.md -------------------------------------------------------------------------------- /active-directory/internal-enumeration-and-lateral-movement.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/alessio-romano/Sfoffo-Pentesting-Notes/HEAD/active-directory/internal-enumeration-and-lateral-movement.md -------------------------------------------------------------------------------- /active-directory/privilege-escalation-to-domain-admin-using-known-exploits.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/alessio-romano/Sfoffo-Pentesting-Notes/HEAD/active-directory/privilege-escalation-to-domain-admin-using-known-exploits.md -------------------------------------------------------------------------------- /bug-bounty-hunting/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/alessio-romano/Sfoffo-Pentesting-Notes/HEAD/bug-bounty-hunting/README.md -------------------------------------------------------------------------------- /bug-bounty-hunting/bug-bounty-tools.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/alessio-romano/Sfoffo-Pentesting-Notes/HEAD/bug-bounty-hunting/bug-bounty-tools.md -------------------------------------------------------------------------------- /information-gathering.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/alessio-romano/Sfoffo-Pentesting-Notes/HEAD/information-gathering.md -------------------------------------------------------------------------------- /linux-privilege-escalation/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/alessio-romano/Sfoffo-Pentesting-Notes/HEAD/linux-privilege-escalation/README.md -------------------------------------------------------------------------------- /linux-privilege-escalation/capabilities-abuse.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/alessio-romano/Sfoffo-Pentesting-Notes/HEAD/linux-privilege-escalation/capabilities-abuse.md -------------------------------------------------------------------------------- /linux-privilege-escalation/enumerating-attack-vectors.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/alessio-romano/Sfoffo-Pentesting-Notes/HEAD/linux-privilege-escalation/enumerating-attack-vectors.md -------------------------------------------------------------------------------- /linux-privilege-escalation/environment-variables-abuse.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/alessio-romano/Sfoffo-Pentesting-Notes/HEAD/linux-privilege-escalation/environment-variables-abuse.md -------------------------------------------------------------------------------- /linux-privilege-escalation/miscellaneous-techniques.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/alessio-romano/Sfoffo-Pentesting-Notes/HEAD/linux-privilege-escalation/miscellaneous-techniques.md -------------------------------------------------------------------------------- /linux-privilege-escalation/privileged-groups.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/alessio-romano/Sfoffo-Pentesting-Notes/HEAD/linux-privilege-escalation/privileged-groups.md -------------------------------------------------------------------------------- /linux-privilege-escalation/programs-jobs-and-services.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/alessio-romano/Sfoffo-Pentesting-Notes/HEAD/linux-privilege-escalation/programs-jobs-and-services.md -------------------------------------------------------------------------------- /protocols-and-services/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/alessio-romano/Sfoffo-Pentesting-Notes/HEAD/protocols-and-services/README.md -------------------------------------------------------------------------------- /protocols-and-services/dns.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/alessio-romano/Sfoffo-Pentesting-Notes/HEAD/protocols-and-services/dns.md -------------------------------------------------------------------------------- /protocols-and-services/ftp.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/alessio-romano/Sfoffo-Pentesting-Notes/HEAD/protocols-and-services/ftp.md -------------------------------------------------------------------------------- /protocols-and-services/imap.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/alessio-romano/Sfoffo-Pentesting-Notes/HEAD/protocols-and-services/imap.md -------------------------------------------------------------------------------- /protocols-and-services/ipmi.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/alessio-romano/Sfoffo-Pentesting-Notes/HEAD/protocols-and-services/ipmi.md -------------------------------------------------------------------------------- /protocols-and-services/mssql.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/alessio-romano/Sfoffo-Pentesting-Notes/HEAD/protocols-and-services/mssql.md -------------------------------------------------------------------------------- /protocols-and-services/mysql.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/alessio-romano/Sfoffo-Pentesting-Notes/HEAD/protocols-and-services/mysql.md -------------------------------------------------------------------------------- /protocols-and-services/nfs.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/alessio-romano/Sfoffo-Pentesting-Notes/HEAD/protocols-and-services/nfs.md -------------------------------------------------------------------------------- /protocols-and-services/oracle-tns.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/alessio-romano/Sfoffo-Pentesting-Notes/HEAD/protocols-and-services/oracle-tns.md -------------------------------------------------------------------------------- /protocols-and-services/pop3.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/alessio-romano/Sfoffo-Pentesting-Notes/HEAD/protocols-and-services/pop3.md -------------------------------------------------------------------------------- /protocols-and-services/rdp.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/alessio-romano/Sfoffo-Pentesting-Notes/HEAD/protocols-and-services/rdp.md -------------------------------------------------------------------------------- /protocols-and-services/smb.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/alessio-romano/Sfoffo-Pentesting-Notes/HEAD/protocols-and-services/smb.md -------------------------------------------------------------------------------- /protocols-and-services/smtp.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/alessio-romano/Sfoffo-Pentesting-Notes/HEAD/protocols-and-services/smtp.md -------------------------------------------------------------------------------- /protocols-and-services/snmp.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/alessio-romano/Sfoffo-Pentesting-Notes/HEAD/protocols-and-services/snmp.md -------------------------------------------------------------------------------- /utilities-scripts-and-payloads/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/alessio-romano/Sfoffo-Pentesting-Notes/HEAD/utilities-scripts-and-payloads/README.md -------------------------------------------------------------------------------- /utilities-scripts-and-payloads/file-transfers.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/alessio-romano/Sfoffo-Pentesting-Notes/HEAD/utilities-scripts-and-payloads/file-transfers.md -------------------------------------------------------------------------------- /utilities-scripts-and-payloads/metasploit-framework.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/alessio-romano/Sfoffo-Pentesting-Notes/HEAD/utilities-scripts-and-payloads/metasploit-framework.md -------------------------------------------------------------------------------- /utilities-scripts-and-payloads/password-attacks.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/alessio-romano/Sfoffo-Pentesting-Notes/HEAD/utilities-scripts-and-payloads/password-attacks.md -------------------------------------------------------------------------------- /utilities-scripts-and-payloads/pivoting-tunneling-port-forwarding.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/alessio-romano/Sfoffo-Pentesting-Notes/HEAD/utilities-scripts-and-payloads/pivoting-tunneling-port-forwarding.md -------------------------------------------------------------------------------- /utilities-scripts-and-payloads/shells-and-payloads.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/alessio-romano/Sfoffo-Pentesting-Notes/HEAD/utilities-scripts-and-payloads/shells-and-payloads.md -------------------------------------------------------------------------------- /web-applications/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/alessio-romano/Sfoffo-Pentesting-Notes/HEAD/web-applications/README.md -------------------------------------------------------------------------------- /web-applications/fuzzing.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/alessio-romano/Sfoffo-Pentesting-Notes/HEAD/web-applications/fuzzing.md -------------------------------------------------------------------------------- /web-applications/web-attacks/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/alessio-romano/Sfoffo-Pentesting-Notes/HEAD/web-applications/web-attacks/README.md -------------------------------------------------------------------------------- /web-applications/web-attacks/cross-site-scripting-xss.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/alessio-romano/Sfoffo-Pentesting-Notes/HEAD/web-applications/web-attacks/cross-site-scripting-xss.md -------------------------------------------------------------------------------- /web-applications/web-attacks/file-uploads.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/alessio-romano/Sfoffo-Pentesting-Notes/HEAD/web-applications/web-attacks/file-uploads.md -------------------------------------------------------------------------------- /web-applications/web-attacks/http-verb-tampering.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/alessio-romano/Sfoffo-Pentesting-Notes/HEAD/web-applications/web-attacks/http-verb-tampering.md -------------------------------------------------------------------------------- /web-applications/web-attacks/insecure-direct-object-references-idor.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/alessio-romano/Sfoffo-Pentesting-Notes/HEAD/web-applications/web-attacks/insecure-direct-object-references-idor.md -------------------------------------------------------------------------------- /web-applications/web-attacks/json-web-tokens-jwts.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/alessio-romano/Sfoffo-Pentesting-Notes/HEAD/web-applications/web-attacks/json-web-tokens-jwts.md -------------------------------------------------------------------------------- /web-applications/web-attacks/ldap-injection.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/alessio-romano/Sfoffo-Pentesting-Notes/HEAD/web-applications/web-attacks/ldap-injection.md -------------------------------------------------------------------------------- /web-applications/web-attacks/local-file-inclusion-lfi.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/alessio-romano/Sfoffo-Pentesting-Notes/HEAD/web-applications/web-attacks/local-file-inclusion-lfi.md -------------------------------------------------------------------------------- /web-applications/web-attacks/nosql-injection.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/alessio-romano/Sfoffo-Pentesting-Notes/HEAD/web-applications/web-attacks/nosql-injection.md -------------------------------------------------------------------------------- /web-applications/web-attacks/oauth-attacks.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/alessio-romano/Sfoffo-Pentesting-Notes/HEAD/web-applications/web-attacks/oauth-attacks.md -------------------------------------------------------------------------------- /web-applications/web-attacks/os-command-injection.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/alessio-romano/Sfoffo-Pentesting-Notes/HEAD/web-applications/web-attacks/os-command-injection.md -------------------------------------------------------------------------------- /web-applications/web-attacks/remote-file-inclusion-rfi.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/alessio-romano/Sfoffo-Pentesting-Notes/HEAD/web-applications/web-attacks/remote-file-inclusion-rfi.md -------------------------------------------------------------------------------- /web-applications/web-attacks/saml-attacks.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/alessio-romano/Sfoffo-Pentesting-Notes/HEAD/web-applications/web-attacks/saml-attacks.md -------------------------------------------------------------------------------- /web-applications/web-attacks/sql-injection.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/alessio-romano/Sfoffo-Pentesting-Notes/HEAD/web-applications/web-attacks/sql-injection.md -------------------------------------------------------------------------------- /web-applications/web-attacks/ssrf.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/alessio-romano/Sfoffo-Pentesting-Notes/HEAD/web-applications/web-attacks/ssrf.md -------------------------------------------------------------------------------- /web-applications/web-attacks/xml-external-entities-xxe.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/alessio-romano/Sfoffo-Pentesting-Notes/HEAD/web-applications/web-attacks/xml-external-entities-xxe.md -------------------------------------------------------------------------------- /web-applications/web-attacks/xpath-injection.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/alessio-romano/Sfoffo-Pentesting-Notes/HEAD/web-applications/web-attacks/xpath-injection.md -------------------------------------------------------------------------------- /web-applications/web-technologies/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/alessio-romano/Sfoffo-Pentesting-Notes/HEAD/web-applications/web-technologies/README.md -------------------------------------------------------------------------------- /web-applications/web-technologies/cgi-applications.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/alessio-romano/Sfoffo-Pentesting-Notes/HEAD/web-applications/web-technologies/cgi-applications.md -------------------------------------------------------------------------------- /web-applications/web-technologies/drupal.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/alessio-romano/Sfoffo-Pentesting-Notes/HEAD/web-applications/web-technologies/drupal.md -------------------------------------------------------------------------------- /web-applications/web-technologies/gitlab.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/alessio-romano/Sfoffo-Pentesting-Notes/HEAD/web-applications/web-technologies/gitlab.md -------------------------------------------------------------------------------- /web-applications/web-technologies/ibm-websphere.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/alessio-romano/Sfoffo-Pentesting-Notes/HEAD/web-applications/web-technologies/ibm-websphere.md -------------------------------------------------------------------------------- /web-applications/web-technologies/jenkins.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/alessio-romano/Sfoffo-Pentesting-Notes/HEAD/web-applications/web-technologies/jenkins.md -------------------------------------------------------------------------------- /web-applications/web-technologies/joomla.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/alessio-romano/Sfoffo-Pentesting-Notes/HEAD/web-applications/web-technologies/joomla.md -------------------------------------------------------------------------------- /web-applications/web-technologies/microsoft-iis.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/alessio-romano/Sfoffo-Pentesting-Notes/HEAD/web-applications/web-technologies/microsoft-iis.md -------------------------------------------------------------------------------- /web-applications/web-technologies/pdf-generators.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/alessio-romano/Sfoffo-Pentesting-Notes/HEAD/web-applications/web-technologies/pdf-generators.md -------------------------------------------------------------------------------- /web-applications/web-technologies/sap-netweaver.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/alessio-romano/Sfoffo-Pentesting-Notes/HEAD/web-applications/web-technologies/sap-netweaver.md -------------------------------------------------------------------------------- /web-applications/web-technologies/tomcat.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/alessio-romano/Sfoffo-Pentesting-Notes/HEAD/web-applications/web-technologies/tomcat.md -------------------------------------------------------------------------------- /web-applications/web-technologies/webdav.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/alessio-romano/Sfoffo-Pentesting-Notes/HEAD/web-applications/web-technologies/webdav.md -------------------------------------------------------------------------------- /web-applications/web-technologies/wordpress.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/alessio-romano/Sfoffo-Pentesting-Notes/HEAD/web-applications/web-technologies/wordpress.md -------------------------------------------------------------------------------- /windows-privilege-escalation/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/alessio-romano/Sfoffo-Pentesting-Notes/HEAD/windows-privilege-escalation/README.md -------------------------------------------------------------------------------- /windows-privilege-escalation/built-in-groups-abuse.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/alessio-romano/Sfoffo-Pentesting-Notes/HEAD/windows-privilege-escalation/built-in-groups-abuse.md -------------------------------------------------------------------------------- /windows-privilege-escalation/enumerating-attack-vectors.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/alessio-romano/Sfoffo-Pentesting-Notes/HEAD/windows-privilege-escalation/enumerating-attack-vectors.md -------------------------------------------------------------------------------- /windows-privilege-escalation/excessive-user-rights-abuse.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/alessio-romano/Sfoffo-Pentesting-Notes/HEAD/windows-privilege-escalation/excessive-user-rights-abuse.md -------------------------------------------------------------------------------- /windows-privilege-escalation/file-system-acls.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/alessio-romano/Sfoffo-Pentesting-Notes/HEAD/windows-privilege-escalation/file-system-acls.md -------------------------------------------------------------------------------- /windows-privilege-escalation/living-off-the-land.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/alessio-romano/Sfoffo-Pentesting-Notes/HEAD/windows-privilege-escalation/living-off-the-land.md -------------------------------------------------------------------------------- /windows-privilege-escalation/unquoted-service-paths.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/alessio-romano/Sfoffo-Pentesting-Notes/HEAD/windows-privilege-escalation/unquoted-service-paths.md -------------------------------------------------------------------------------- /windows-privilege-escalation/user-account-control-uac-bypass.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/alessio-romano/Sfoffo-Pentesting-Notes/HEAD/windows-privilege-escalation/user-account-control-uac-bypass.md --------------------------------------------------------------------------------