This repository documents my hands-on training and lab work while progressing through the Practical Network Penetration Tester (PNPT) program.
The purpose of this repository is to track technical learning, document attack methodology, and build a structured knowledge base of penetration testing techniques.
All labs, notes, and walkthroughs are based on practical exercises completed during the PNPT course and related lab environments.
The goals of this repository are to:
- Document penetration testing methodology
- Record commands and tools used during labs
- Capture troubleshooting steps and lessons learned
- Develop a repeatable workflow for offensive security testing
- Build a technical portfolio demonstrating practical cybersecurity skills
This repository includes labs and notes covering the following areas:
- Linux fundamentals
- Python fundamentals for security
- Ethical hacking methodology
- Open Source Intelligence (OSINT)
- Network scanning and enumeration
- Vulnerability scanning with Nessus
- Exploitation techniques
- Web application enumeration
- Testing common web application vulnerabilities
- Wireless penetration testing
- Phishing attack methodology
- Introduction to exploit development
- Active Directory attack techniques
- Post-exploitation methodology
- Legal documentation and report writing
A significant portion of the PNPT training focuses on Active Directory security and attack methodology.
Topics include:
- LDAP enumeration
- SMB enumeration
- Credential attacks
- NTLM relay attacks
- Domain privilege escalation
- Lateral movement
- Post-compromise enumeration
Throughout these labs, I use a variety of industry-standard offensive security tools, including:
- Nmap
- Responder
- Impacket
- BloodHound
- CrackMapExec
- Nessus
- Burp Suite
- Metasploit
- Netcat
Each lab includes:
- Objective
- Lab environment
- Tools used
- Commands executed
- Attack methodology
- Screenshots
- Troubleshooting notes
- Key takeaways
This structure helps reinforce repeatable penetration testing methodology.
PNPT training progress: 56% complete
The remaining sections include advanced Active Directory attacks, post-exploitation techniques, and capstone lab exercises.
All labs and demonstrations in this repository are conducted in controlled lab environments for educational purposes only.