As cubs learn through play, I’m honing my pen-testing skills here, slowly but surely. Although I passed the class with an A, I still felt there was more to explore in the final penetration test and much more left to learn. I redacted any details I deemed necessary in the report below. Even though I obtained the credentials, I could not exploit one machine and overlooked testing the default credentials on the pfSense router/firewall. Towards the end, I began believing it was an unintended target outside my scope, but I still don’t know. I am grateful for my glimpse into offensive engagements throughout the course. Early in the class, I failed to enumerate my targets thoroughly during one engagement after failing to use Nikto/Dirb on a web server. After that misstep, I ensured I learned the importance of a thorough enumeration before engaging with targets, thanks to my Professor. During this final engagement, I relied heavily on Nmap and Metasploit, which underscored how much more I still have to learn. In hindsight, listing the other things I could’ve done differently is easy. Still, the experience was undoubtedly eye-opening and a worthy learning experience.