Ports enum (always nc if not sure)

Webapps

Post Exploitation (netstat -tulnp 2>/dev/null)

Buffer overflow

wifi attacks

Tools

• business

files: exe? (mono) , xlsm? (olevba) search for bin for creds or smth

• useful vim & bash scripts
• Report samples