> ## Documentation Index
> Fetch the complete documentation index at: https://notes.chaelsoo.me/llms.txt
> Use this file to discover all available pages before exploring further.

# Windows

Windows post-exploitation centres on understanding where you sit in the local and domain privilege hierarchy, then escalating through misconfigs, token abuse, or credential access. These pages cover the core paths.

<CardGroup cols={2}>
  <Card title="Privilege Escalation" icon="shield" href="./privesc/privesc">
    Service misconfigs, unquoted paths, AlwaysInstallElevated, token impersonation, SeImpersonatePrivilege, and WinPEAS
  </Card>

  <Card title="Post Exploitation" icon="desktop" href="./postex/postex">
    Credential dumping, persistence, AV evasion basics, and lateral movement prep from a Windows foothold
  </Card>
</CardGroup>

## First Things After Shell

Run these immediately on landing to understand your position before escalating:

```cmd wrap theme={"theme":{"light":"night-owl","dark":"night-owl"}}
whoami /all                          :: current user, groups, and privileges
hostname                             :: machine name
systeminfo                           :: OS version, patch level, architecture
net user                             :: local accounts
net localgroup administrators        :: who is local admin
ipconfig /all                        :: interfaces and DNS (tells you if domain-joined)
netstat -ano                         :: active connections and listening ports
tasklist /svc                        :: running processes with service names
```

```powershell wrap theme={"theme":{"light":"night-owl","dark":"night-owl"}}
# Check if domain-joined
(Get-WmiObject Win32_ComputerSystem).PartOfDomain

# List all local users and their enabled status
Get-LocalUser | Select-Object Name, Enabled, LastLogon
```
