PJPT
Notes for TCM Security Practical Junior Penetration Tester
Install / Use
/learn @ItsNishi/PJPTREADME
🎯 PJPT Study Notes
Personal notes for the Practical Junior Penetration Tester (PJPT) certification from TCM Security.
Based on the Practical Ethical Hacking course.
📚 Contents
🔧 Fundamentals
- Note Taking - Tools and methodology
- Networking - IP, MAC, TCP/UDP, ports, OSI model, subnetting
- Kali Linux - Commands, navigation, services, scripting
- Python - Basics through sockets and file I/O
📋 Methodology
🔍 Reconnaissance
- Information Gathering
- Passive recon, subdomains, website tech identification, Burp Suite
💻 Scanning and Exploitation
- Scanning and Enumeration
- Website enumeration (dirb, ffuf, gobuster, nikto)
- Exploitation Basics
- SMB/SSH enumeration, vulnerability research, password cracking, reverse shells
🏢 Active Directory
- AD Overview - Components, data store, logical structure
- Initial Attack Vectors
- LLMNR poisoning, SMB relay attacks
- IPv6 Attacks
- Post-Compromise Enumeration
- PowerView, BloodHound, ldapdomaindump
- Post-Compromise Attacks
- Pass attacks, token impersonation, Kerberoasting, GPP/cPassword, Mimikatz, Golden Ticket
🌐 Web Application Attacks
- Web Application Attacks
- SQL injection, XSS, command injection, IDOR, file inclusion, XXE
🚪 Post Exploitation
- Post Exploitation
- File transfers, pivoting, maintaining access, cleanup
📝 Report Writing
- Report Writing
- Legal documents, scope, report structure
📊 Progress
| Module | Status | |--------|--------| | Note Taking | ✅ Done | | Networking | ✅ Done | | Kali Linux | ✅ Done | | Python | ✅ Done | | Ethical Hacker Methodology | ✅ Done | | Information Gathering | ✅ Done | | Scanning and Enumeration | ✅ Done | | Exploitation Basics | ✅ Done | | Active Directory Overview | ✅ Done | | AD Initial Attack Vectors | ✅ Done | | AD Post-Compromise Enumeration | ✅ Done | | AD Post-Compromise Attacks | ✅ Done | | Web Application Attacks | ✅ Done | | Post Exploitation | ✅ Done | | Report Writing | ✅ Done |
🔗 Resources
⚠️ Disclaimer
These are personal study notes. For comprehensive learning, take the official course.
Security Score
Audited on Apr 4, 2026