Red Teaming

Malware: Unpacking the Potential of Shellcode Execution

Malware: Unpacking the Potential of Shellcode Execution

In this modern world, Malware infection is still one of the biggest threats to individuals and organizations. There are different ways used by cyber criminals to get their malware into someone’s computer. One of the most quickly used methods is called “Shellcode Execution + Social Engineering.”, It’s also called “Shellcode Runner”. On the 27th of … Read more

MSDT-Follina Exploit for Initial Access

A new Remote Code Execution vulnerability for Microsoft Windows Support Diagnostic Tool(MSDT) which can be exploited using Microsoft Office Word(2013-2021). Developing the exploit Step 1 Create a docx file in your Microsoft Office Word Step 2: Edit Using 7z zip Step 3 Go to word\_rels\document.xml.rels , right click>edit The content should be exactly like: Step … Read more

Open Source Intelligence(OSINT)

Open-source Intelligence(OSINT) is the first step when it comes to red teaming. In this post, I will provide some reference and technique that is commonly used by penetration tester and red teamer for passive information gathering. Search Engine OSINT Search engines like Google is a powerful tool to find most of the publicly available information. … Read more

Red Team Tools Collection

This is a collection of red teaming tools that will help in red team engagements. The list is not complete, so i will keep updating it! Reconnaissance These tools are used to gather information passively or actively. Tools Name Descriptions Nmap Port/Service/Vulnerability Scanner DnsRecon, Amass DNS Enumeration Tool Nikto Website Misconfiguration Finder Burp Suite Pro … Read more

Microsoft Word Macro Payload

[toc] Delivering reverse shell payload via the office macro is old but still works if you can bypass AV.  Get your code ready Start Microsoft Office 2016 Pro Plus and Go View Tab and Click Macros>View Macros Give a macro name, Select Macros in Document1 and Click Create Paste the below code and save as … Read more

PoshC2 Command Reference

PoshC2 is an open-source command and control framework written in python3 which can be downloaded from I was learning about this framework. Need to study more ;). But yeah, here some command i tested to see how they works! Configure PoshC2 To make PoshC2 work, few things should be done. Install in Kali Linux: … Read more