OSCP – Windows Introduction Introduction to the Windows Shells Windows Permissions Windows Reverse Shells Cross Compilation SeImpersonate Exploitation SeImpersonatePrivilege Windows Services Windows Services Weak Service Permissions Unquoted Service Path DLL Hijacking UAC Bypass UAC Bypass Always Installed Elevated Sensitive Files, Hashes and Stored Credentials Files with Sensitive Data Windows Hashes Stored Credentials Critical Registry Paths Scheduled Tasks Scheduled Tasks Conclusion AMSI Bypass Useful Tools Cheatsheet and Methodology