Example Pentest/Red Team Exercise Policy
Posted inCheat Sheets

Example Pentest/Red Team Exercise Policy

This policy framework document provides guidance for managing a penetration testing program and performing penetration testing activities with the goal of improving defensive IT security for {Company Name}'s infrastructure, systems, services, and applications. This document defines the roles and responsibilities of {Company Name}'s executives, managers, and IT security team personnel as well as external third-party security service providers. 
Cybersecurity checklist
Posted inCheat Sheets

Windows privilege escalation checklist

System Info Obtain System information Search for kernel exploits using scripts Use Google to search for kernel exploits Use searchsploit to search for kernel exploits Interesting info in env vars? Passwords in PowerShell history? Interesting info in Internet settings? Drives? WSUS exploit?…
Cybersecurity checklist
Posted inCheat Sheets

Linux privilege escalation checklist

System Information Get OS information Check the PATH, any writable folder? Check env variables, any sensitive detail? Search for kernel exploits using scripts (DirtyCow?) Check if the sudo version is vulnerable Dmesg signature verification failed More system enum (date, system stats,…
Bind shell cheatsheet
Posted inCheat Sheets

Bind shell cheatsheet

A bind shell is a type of remote access shell in which the target (or victim) machine opens a specific network port and listens for incoming connections. Once this port is open, an attacker can connect to it from a remote location and gain command-line access to the target system, allowing them to execute commands as if they were physically present at the machine.
Reverse shell cheatsheet
Posted inCheat Sheets

Reverse shell cheatsheet

A reverse shell is a technique used to gain remote command-line access to a computer, typically as part of a cyberattack. Unlike a traditional remote shell (or “bind shell”), where an attacker connects directly to a target system that is listening for incoming connections, a reverse shell works by having the victim’s machine initiate an outbound connection to the attacker’s computer. This reversal of roles is what gives the technique its name.