An "Open-source methodology on pentesting and risk mitigation" is a manual intended to be used as references when either seeking information on infosec risk mitigation or penetration testing.

The manual is split up into sections, one for common service testing and one for common privilege escalation techniques.

The services part contains information about common techniques and commands to try out on a particular server, in order to determine whether or not the service is vulnerable to certain attacks.

The privesc section contains articles for common pitfalls and quick checks as well as more subtle information gathering and scripts that help by automating a lot of the work.

my vision of this manual is to provide easy-to-read information about how to test the security of particular services and how to further strengthen the security of these, related to the described vulnerabilities or misconfigurations.

This manual is very much work in progress. Please read the "CONTRIBUTING.md" file and then see the Issues page for ideas on where to get started (or suggest other contributions entirely).