Pre-engagement
General methodology
DNS
Port scanning
SMB
NFS
Web
WebDav
Mysql
MsSql
SMTP
RPC (135)
FTP enumeration
TFTP
SSH
SSL
Simple Network Management Protocol (SNMP) enumeration
POP3
Finger
RDP
RPC
Kerberos
LDAP
Email addresses enumeration
Google search
Vulnerability scanning
Password cracking
Transfering files
Shellshock
HeartBleed
Tunneling your traffic through another host
Port forwarding
Local port forwarding
Remote port forwarding
Dynamic Port Forwarding
Pivoting
Double-pivoting
CVEs
Internet explorer 6
Lists
Minimal web server
Shells
Reverse shells
Proxy