# Windows * [Windows Privilege Escalation](/windows-priv-esc/win-priv-esc.md) - Enumeration, weak permissions, kernel exploits, UAC bypasses, services, miscellaneous techniques * [Windows Privilege Abuse](/windows-priv-esc/windows-privilege-abuse.md) - SeImpersonate, SeDebug, SeTakeOwnership, SeBackup, DnsAdmins, Print Operators, Server Operators * [Windows Credential Hunting](/windows-priv-esc/windows-credential-hunting.md) - Config files, browser data, PowerShell history, WiFi passwords, mRemoteNG, cookies, VHDX/VMDK * [DLL Injection & Hijacking](/windows-priv-esc/dll-injection.md) - LoadLibrary, Reflective DLL, Manual Mapping, DLL Hijacking, DLL Proxying * [Citrix / Restricted Desktop Breakout](/windows-priv-esc/citrix-breakout.md) - Dialog box escapes, SMB access, shortcut abuse, post-breakout priv esc * [PowerShell Cheatsheet](/windows-priv-esc/powershell-cheatsheet.md) * [Anti-Virus Evasion](/windows-priv-esc/windows-antivirus.md) * [Windows Registry](/windows-priv-esc/windows-registry.md) * [Windows Kernel Vulnerabilities](/windows-priv-esc/windows-kernel-vulnerabilities.md) * [Windows Defender](/windows-priv-esc/windows-defender.md) * [AMSI Bypasses](/windows-priv-esc/amsi-bypasses.md) * [pktmon Packet Capture](/windows-priv-esc/pktmon-packet-capture-windows.md) * [PowerShell Constrained Language Mode](/windows-priv-esc/powershell-constrained-language-mode.md) * [Windows Survey](/windows-priv-esc/windows-survey.md) * [Windows Persistence](https://github.com/jtaubs1/OSCP-Prep/blob/main/windows-priv-esc/windows-persistence.md) * [Windows World Writeable Dirs](/windows-priv-esc/windows-world-writeable-dirs.md) * [netsh](/windows-priv-esc/netsh.md) {% file src="/files/4QbnpqAQhLToBOkhhtl6" %} --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://book.ice-wzl.xyz/windows-priv-esc.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.