Tactical glossary
Operational pentesting dictionary aimed at professional auditing and the OSCP exam. Not the Wikipedia definition: it is the X-ray of each concept under pressure. Each term has its own page — use Cmd/Ctrl + K to jump to any of them instantly.How to read each term
Active Directory · Kerberos & NTLM
- Kerberos — The Active Directory ticket system.
- NTLM (NT LAN Manager) — Windows’ legacy auth protocol.
- Pass-The-Hash (PtH) — You dumped an NTLM hash (via LSASS, Mimikatz, Responder).
- Kerberoasting — You request a TGS ticket for a service account (SPN).
Web · OWASP Top 10
- LFI (Local File Inclusion) — The application includes a server file based on a URL parameter.
- SQL Injection (SQLi) — The DB query is built by concatenating user text.
- IDOR (Insecure Direct Object Reference) — The app exposes object IDs in URL or body without verifying user ownership.
- Mass Assignment — The framework auto-maps incoming JSON to model DB fields.
- Type Confusion (in APIs) — The API expects a string.
Linux · Privilege Escalation
- SUID Binary + PATH Hijacking — You find a SUID program (runs as root) badly written: it calls ls instead of /bin/ls.
- Sudo misconfig (NOPASSWD) — /etc/sudoers allows a user to run a binary as root without password.
Reconnaissance
- SMB Null Sessions — Connecting to an SMB share without authentication.
- SSL Certificate Enumeration — Reading SSL/TLS certificate metadata.
Post-exploitation
- Mimikatz — Windows post-exploit Swiss Army knife.
- BloodHound — Active Directory relationship graphs.
WAF Evasion
- JA3/JA4 Fingerprint — Your machine and the server negotiate the HTTPS connection with a handshake (Client Hello) including supported cipher suites and extensions.
- Client Hints (sec-ch-ua) — Modern browsers (Chromium) send a sec-ch-ua-* header block describing brand, version, platform.