Skip to main content

The 3-Layer Question

At every foothold, answer these three before doing anything else:
1

What am I running on?

OS, version, and role. Determines your escalation path and which tools are available locally.
2

What can I talk to?

Network interfaces, open ports, reachable services, and protocols. Defines your lateral movement surface.
3

Who am I?

User context, privileges, and group memberships. Everything else depends on this answer.

Triage Speed Rule

Spend ≤10 minutes on a rabbit hole before pivoting. If enumeration stalls, switch dimensions.
  • Stuck on web? Try SMB, RPC, LDAP
  • No creds? Try null sessions, AS-REP roasting, OSINT

Mindset

  • Enumerate before exploiting: always
  • Take notes as you go, not after
  • If something feels like a rabbit hole, it probably is
  • Think about what the box maker wants you to find