Methodology

I use obsidian as my primary notetaking app. I mention this because there is an extremely useful plugin (atleast for me) called dataviewjs which lets you treat your vault as a database and more importantly allows you to embed javascript in a note.
So basically you can create notes by querying other notes or you can conditionally display certain sections of your notes.
For example, if you are working on a standalone machine you can display linux or windows commands based only on the os. Likewise if you are dealing with multiple machines in a domain joined scenario you might want display some active directory related commands.
The other benefit of obsidian-dataview is that it is able to parse yaml, so you can use frontmatter to embed whatever kind of metadata you want.This is how we can create notes from other notes.
Either way I like having things at my fingertips, effortless, copy => paste style, with minimal effort put towards using man pages or google dorks to find proper syntax.

Disclamer !

My cheatsheet is a living document which changes with every service I encounter so pasting it here as a static document doesn’t really make much sense. Instead I’ve included the link the github repo which contains a working obsidian vault that you can play with yourself.
The CheatSheet

Alright but how does it look?

TOC & Recon

Ping Sweeps, TCP/UDP Scanning, Service enumeration

Service Enumeration

Post Initial Foothold Information Gathering: Linux

Post Initial Foothold Information Gathering: Windows

Privilege Escalation

Post Exploitation: Standalone Machines

Post Exploitation: Active Directory

But now that we have all of this data? It would be nice to aggregate it in and … Index

Here’s a snapshot of how my index looks for hack the box,
I’d show the pwk-labs but providing writeups for proving grounds/ offsec course material is against their policy.
It also devalues the cert, in an industry saturated with certification agencies….