Jobyer Ahmed

Bash Script Cheat Sheet

Hello Redtm Save as hello.sh , give it execute permission chmod +x hello.sh and run ./hello.sh Parameters $1 is the first parameters, second parameters should be $2 and so on. Variables Variables used to store data to use in future by referencing to the variable name! There are 4 type of variable we can use … Read more

MSDT-Follina Exploit for Initial Access

A new Remote Code Execution vulnerability for Microsoft Windows Support Diagnostic Tool(MSDT) which can be exploited using Microsoft Office Word(2013-2021). Developing the exploit Step 1 Create a docx file in your Microsoft Office Word Step 2: Edit Using 7z zip Step 3 Go to word\_rels\document.xml.rels , right click>edit The content should be exactly like: Step … Read more

Powershell Cheat Sheet

Hello World Files and Folders These are some example of working with files and folders Create folder and file Copy/Move/Delete Other CMDLET Variables Variables used to store data to use in future by referencing to the variable name! There are 4 type of variable we can use in bash. We can’t use Reserved word for … Read more

A quick cheat sheet on Python

This is not a complete python 3 tutorial. This just quick note to remember the python 3 syntax. Python Data Type: Name Type Description Integer int Numbers such as 100,200,1337 Strings str More than one characters such as “Cyber” Booleans bool Logical Value: True or False Floating Point float Numbers with decimal point such as: … Read more

Open Source Intelligence(OSINT)

Open-source Intelligence(OSINT) is the first step when it comes to red teaming. In this post, I will provide some reference and technique that is commonly used by penetration tester and red teamer for passive information gathering. Search Engine OSINT Search engines like Google is a powerful tool to find most of the publicly available information. … Read more

Penetration Testing Cheat Sheet

While Studying for OSCP from various sources, I took notes and made a quick cheat sheet so that I don’t need to search for the same thing repeatedly. I am sharing this cheat sheet as I think it might be helpful for someone. Note: If you need more help or have questions, mail me, or … Read more

Windows Privilege Escalation

In the OSCP exam, Only Gaining access is not enough. Most of the machines may require to escalate to higher privilege. To learn more about Windows privilege escalation, I have taken a course from Udemy watched the ippsec youtube video, and read tutorials from various sources. Whatever I have learned, I took note. I have … Read more

Linux Privilege Escalation

I have written a cheat sheet for windows privilege escalation recently and updating continually. Privilege Escalation is a very important skills in real world pentesting or even for OSCP. So Whatever i have learned during my OSCP Journey, took note. I have organized my notes as a cheat sheet and decided to share publicly, in … Read more

Red Team Tools Collection

This is a collection of red teaming tools that will help in red team engagements. The list is not complete, so i will keep updating it! Reconnaissance These tools are used to gather information passively or actively. Tools Name Descriptions Nmap Port/Service/Vulnerability Scanner DnsRecon, Amass DNS Enumeration Tool Nikto Website Misconfiguration Finder Burp Suite Pro … Read more

Essential Tools for Penetration Tester

Enumeration Information Gathering and Enumeration is the first stage for a penetration tester. Enumerating using some opensource tools speed up the process. Here are some tools commonly used by ethical hackers for enumeration. Dmitry Dmitry can search common information from various sources such as netcraft.com. Basic usage: Download: https://github.com/jaygreig86/dmitry DnsEnum This is a tool to … Read more