# Windows - [Scanning/Spraying](https://book.jorianwoltjer.com/windows/scanning-spraying.md): Finding your attack surface and testing credentials - [Exploitation](https://book.jorianwoltjer.com/windows/exploitation.md): When you find a vulnerability, Windows has some specific ways to exploit it that differ from Linux - [Local Enumeration](https://book.jorianwoltjer.com/windows/local-enumeration.md): Get information about a compromised machine from the to find possible ways to escalate privileges - [Local Privilege Escalation](https://book.jorianwoltjer.com/windows/local-privilege-escalation.md): Escalate privileges on a local computer to become a more powerful user - [Windows Authentication](https://book.jorianwoltjer.com/windows/windows-authentication.md): Kerberos & NTLM - [Kerberos](https://book.jorianwoltjer.com/windows/windows-authentication/kerberos.md): The newest Active Directory authentication protocol with less flaws than NetNTLM, but still some possible attacks - [NTLM](https://book.jorianwoltjer.com/windows/windows-authentication/ntlm.md): A legacy authentication protocol for Active Directory with many flaws and dangers - [Lateral Movement](https://book.jorianwoltjer.com/windows/lateral-movement.md): Moving between computers by re-using accounts to get more access - [Active Directory Privilege Escalation](https://book.jorianwoltjer.com/windows/active-directory-privilege-escalation.md): Traverse the Active Directory permissions to escalate your privileges and access more - [Persistence](https://book.jorianwoltjer.com/windows/persistence.md): When a computer or even the entire domain is compromised, how do you keep it that way? (note: not normally required in a pentest) - [Antivirus Evasion](https://book.jorianwoltjer.com/windows/antivirus-evasion.md): Getting your payload and tools through antivirus protections by obfuscating them or disabling protections - [Metasploit](https://book.jorianwoltjer.com/windows/metasploit.md): Using existing exploits from the Metasploit Framework (MSF) to quickly take over machines and escalate privileges - [Alternate Data Streams (ADS)](https://book.jorianwoltjer.com/windows/alternate-data-streams-ads.md): In a NTFS file system, files can have multiple streams with extra data --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://book.jorianwoltjer.com/windows.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.