By Got Root? | https://medium.com/@got-root

Hello everyone, and welcome back to Got Root?

The response to my previous OSCP blogs has been incredible — thank you so much for the shares, comments, and messages. Every bit of support keeps me going and motivates me to keep documenting what actually worked during my OSCP journey.

If you’ve been following along, we’ve covered Active Directory attacks, Linux privesc tactics, pivoting with Ligolo-ng, and exam rabbit hole strategies. Today we’re going deep on something I get asked about constantly — Windows enumeration.

Windows boxes tripped me up early in my labs. Linux had a clear flow — run linpeas, check SUID, check sudo, move on. Windows felt scattered. Too many places to look, too many dead ends, no clear starting point.

I remember spending 8 hours on a Windows box early in my lab journey going absolutely nowhere — checking random things, running tools without direction, eventually reverting the machine out of frustration. That changed the moment I built a structured flow and committed to following it on every single box.

These are the checks I learned after wasting hours on machines. After 70+ labs solved, this is the exact enumeration flow…