Posted inCheat Sheets
Sample Pentesting Contract
A penetration test contract should include the following:
Posted inCheat Sheets
Example Pentest/Red Team Exercise Policy
This policy framework document provides guidance for managing a penetration testing program and performing penetration testing activities with the goal of improving defensive IT security for {Company Name}'s infrastructure, systems, services, and applications. This document defines the roles and responsibilities of {Company Name}'s executives, managers, and IT security team personnel as well as external third-party security service providers.
Posted inCybersecurity News
Microsoft collaborates with the Central Bureau of Investigation (CBI) to dismantle Indian call centers involved in a Japanese tech support scam.
India's Central Bureau of Investigation (CBI) has announced the arrest of six individuals and the dismantling of two illegal call centers that were engaging in a sophisticated transnational tech support scam targeting Japanese citizens.
Posted inCybersecurity News
Trump Drops A Cybersecurity Bombshell With Biden-Era Policy Reversal
Less than 24 hours after President Trump’s public dispute with Elon Musk, a new cybersecurity executive order was issued on June 6, 2025. This order introduces major changes to the Biden administration’s final cybersecurity guidelines. It not only modifies key aspects of Biden’s January 2025 framework but also signals a broader shift in federal cybersecurity priorities. The focus has moved away from federal digital identity initiatives and has revised software security mandates that previously relied heavily on compliance.
Posted inLabs and Lessons
Sample scripts
Here are a few interesting (and useful) hacking related scripts.
Posted inLabs and Lessons
JAWS – Just Another Windows (Enum) Script
JAWS is PowerShell script designed to help penetration testers (and CTFers) quickly identify potential privilege escalation vectors on Windows systems. It is written using PowerShell 2.0 so ‘should’ run on every Windows version since Windows 7.
Posted inLabs and Lessons
Linuxprivchecker python privilege escalation script
This script is intended to be executed locally on a Linux box to enumerate basic system info and search for common privilege escalation vectors such as world writable files, misconfigurations, clear-text passwords and applicable exploits.
Posted inAI/Machine Learning
Machine learning glossary
Machine learning (ML) is a branch of artificial intelligence (AI) that focuses on developing computer systems capable of learning from data, identifying patterns, and making decisions or predictions with minimal human intervention. Instead of being explicitly programmed with step-by-step instructions for every task, a machine learning system is designed to improve its performance automatically as it is exposed to more data and experience.
Posted inExploitation
How do hackers transfer files to a comprimised server?
When hackers compromise a server, the ability to transfer files to and from that server is critical to achieving their goals. Here are the primary reasons why file transfer is so important for attackers:
Posted inExploitation
So what exactly what is a “shell” and why do hackers love them so much?
Once we compromise a system and exploit a vulnerability to execute commands on the compromised hosts remotely, we usually need a method of communicating with the system. To enumerate the system or take further control over it or within its network, we need a reliable connection that gives us direct access to the system’s shell, i.e., Bash or PowerShell, so we can thoroughly investigate the remote system for our next move. One method of accessing a compromised host for control and remote code execution is through shells.