> For the complete documentation index, see [llms.txt](https://book.jorianwoltjer.com/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://book.jorianwoltjer.com/windows.md). # Windows - [Scanning/Spraying](https://book.jorianwoltjer.com/windows/scanning-spraying.md): Finding your attack surface and testing credentials - [Exploitation](https://book.jorianwoltjer.com/windows/exploitation.md): When you find a vulnerability, Windows has some specific ways to exploit it that differ from Linux - [Local Enumeration](https://book.jorianwoltjer.com/windows/local-enumeration.md): Get information about a compromised machine from the to find possible ways to escalate privileges - [Local Privilege Escalation](https://book.jorianwoltjer.com/windows/local-privilege-escalation.md): Escalate privileges on a local computer to become a more powerful user - [Windows Authentication](https://book.jorianwoltjer.com/windows/windows-authentication.md): Kerberos & NTLM - [Kerberos](https://book.jorianwoltjer.com/windows/windows-authentication/kerberos.md): The newest Active Directory authentication protocol with less flaws than NetNTLM, but still some possible attacks - [NTLM](https://book.jorianwoltjer.com/windows/windows-authentication/ntlm.md): A legacy authentication protocol for Active Directory with many flaws and dangers - [Lateral Movement](https://book.jorianwoltjer.com/windows/lateral-movement.md): Moving between computers by re-using accounts to get more access - [Active Directory Privilege Escalation](https://book.jorianwoltjer.com/windows/active-directory-privilege-escalation.md): Traverse the Active Directory permissions to escalate your privileges and access more - [Persistence](https://book.jorianwoltjer.com/windows/persistence.md): When a computer or even the entire domain is compromised, how do you keep it that way? (note: not normally required in a pentest) - [Antivirus Evasion](https://book.jorianwoltjer.com/windows/antivirus-evasion.md): Getting your payload and tools through antivirus protections by obfuscating them or disabling protections - [Metasploit](https://book.jorianwoltjer.com/windows/metasploit.md): Using existing exploits from the Metasploit Framework (MSF) to quickly take over machines and escalate privileges - [Alternate Data Streams (ADS)](https://book.jorianwoltjer.com/windows/alternate-data-streams-ads.md): In a NTFS file system, files can have multiple streams with extra data --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter: ``` GET https://book.jorianwoltjer.com/windows.md?ask=&goal= ``` `ask` is the immediate question: it should be specific, self-contained, and written in natural language. `goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.