Posts
Notes from the field.
Offensive security writeups, research, and advisory-level thinking. Published when there's something worth saying.
33 posts
- Apr 14, 20267 min read
Hashcat Cheat Sheet
Hashcat is the most popular and faster hash cracker. In this cheat sheet we will see some quick usage of hashcat!
#hashcat#cheat-sheet#pentest - Apr 14, 202613 min read
Server-Side input validation testing
Here i have noted some server side input validation technique such as Sqli, RCE, SSRF etc
#sqli#rce#ssrf#lfi#cve - Apr 14, 20261 min read
Microsoft Word Macro Payload
Deliver your reverse shell via Microsoft office macros
#powershell#office-macro#initial-access - Apr 14, 20263 min read
MSDT-Follina Exploit for Initial Access
Exploit 0day Vulnerability like Microsoft Diagnostic Support Tool for Remote Code Execution
#rce#cve#windows#powershell#msdt - Apr 14, 20266 min read
Pentesting Web Auth
This is a cheat sheet based on OWASP testing guide and part of my web penetration testing cheat sheet which is compiled from real world situations!
#web#cheat-sheet#guide#web-pentest - Mar 18, 20252 min read
Stored XSS in Perfex CRM 3.2.1 Contracts Module
Stored Cross-Site Scripting in the Contracts Module of Perfex CRM 3.2.1 — root cause, proof-of-concept payload, and tracked as CVE-2025-2974.
#xss#linux#writeup - Sep 21, 20246 min read
Bash Script Cheat Sheet
Bash scripting cheat sheet covering variables, loops, conditionals, parameters, and functions. Quick reference for offensive ops and automation.
#red-team#blue-team#linux#bash#cheat-sheet - Sep 21, 20247 min read
Why Bangladeshi Businesses Are Vulnerable to Cyber Attacks
Why Bangladeshi businesses are increasingly vulnerable to cyber attacks, and the practical steps small and mid-size companies can take to harden their posture.
#oscp#osce3#red-team#active-directory#privilege-escalation - Sep 20, 20245 min read
A Career Guide for Bangladeshi Ethical Hackers
A practical career guide for Bangladeshi ethical hackers — what to study, certifications that matter, and how to land your first offensive-security role.
#oscp#web#guide#career#writeup - Sep 20, 20245 min read
How About Hiring a Freelance Cybersecurity Expert?
When and why hiring a freelance cybersecurity expert makes sense — vetting questions, scoping engagements, and the trade-offs versus full-time hires.
#oscp#osce3#cissp#web#career - Sep 20, 20248 min read
The Story of Being the Only OSCE³ from Bangladesh
How I became the only OSCE³ certified researcher from Bangladesh — the OSEP, OSWE, and OSED journey, study plan, and what each exam actually tests.
#oscp#osce3#osep#oswe#osed - Sep 20, 20242 min read
Start Your Cybersecurity Journey
A free, practical learning path to start your cybersecurity career — the topics to cover in order, and the labs and resources that build real skills.
#oscp#osce3#osep#security+#blue-team - Sep 20, 20244 min read
Top 5 Red Teaming Training and Certifications
Five red-team training programs and certifications worth the time — what each covers, who they suit, and how they map to real engagements.
#osep#red-team#blue-team#web#active-directory - Nov 6, 20233 min read
Penetration Testing Learning Path
This is a simple Penetration Testing Learning path i have published, because many guys asked me for this! Search, Learn, Experiment!
#sqli#buffer-overflow#privilege-escalation#lateral-movement#c2 - May 14, 20223 min read
Windows Persistence Cheatsheet
Persistence is important part in red team engagements. I have noted here some common technique for Persistence!
#red-team#persistence#windows#powershell#cheat-sheet - May 9, 20224 min read
Red Team Tools Collection
Here is some helpful tools for a red teamer!
#xss#red-team#web#active-directory#recon - Apr 19, 20225 min read
Bash Scripting Notes
Bash scripting reference — variables, loops, conditionals, parameters, and functions, with examples I keep coming back to.
#red-team#blue-team#bash#cheat-sheet#programming - Mar 26, 20221 min read
Microsoft Excel Payload
Creating Microsoft Excel Reverse Shell Payload
#powershell#office-macro#initial-access - Mar 21, 20224 min read
PoshC2 Commands Reference
An open-source Command and Control Framework red teamers.
#red-team#active-directory#privilege-escalation#persistence#lateral-movement - Mar 20, 20226 min read
Active Reconnaissance
Method of active reconnaissance and Vulnerability Assessments
#sqli#rce#web#recon#linux - Mar 19, 20228 min read
Open Source Intelligence (OSINT)
Open Source Intelligence techniques, sources, and tools for reconnaissance during penetration tests and red-team engagements.
#red-team#web#osint#recon#linux - Feb 21, 20224 min read
Useful Keyboard Shortcut in Linux
Linux, Google Chrome,Gnome-terminal, Nautilus, Gedit and Nano Keyboard Shortcut to speed up pentester/red teamer task!
#red-team#linux#misc - Feb 21, 20222 min read
Tmux Cheat Sheet
Tmux Cheat Sheet for Penetration Tester and Red Teamers
#red-team#windows#tmux#cheat-sheet#misc - Feb 6, 202214 min read
Essential Tools for Penetration Tester
Mostly used tools by white hat hackers!
#xss#sqli#red-team#web#active-directory - Nov 28, 20217 min read
Stack Overflow Egg Hunting (VulnServer)
Egg-hunter shellcode for cramped stack buffer overflows in VulnServer — staging payloads when there isn't room for the full reverse shell.
#malware#windows#python#assembly#exploit-dev - Nov 27, 20215 min read
SEH Stack Buffer Overflow
Walkthrough of an SEH-based stack buffer overflow exploit — finding the offset, locating a POP/POP/RET, and landing reliable shellcode execution on Windows.
#buffer-overflow#seh#malware#windows#python - Sep 9, 20214 min read
SQL Injection Cheat Sheet
Here is the sql injection cheat sheet for MYSQL, MSSQL, POSTGRES, and ORACLE.
#sqli#cheat-sheet#web-pentest - Aug 19, 20215 min read
A quick cheat sheet on Python
Quick Python cheat sheet covering syntax, data structures, control flow, and standard-library essentials for security tooling and scripting.
#python#cheat-sheet#guide#programming - Jan 14, 20215 min read
Web App Enumeration
Website enumeration or information gathering is the first phase of web hacking/pentesting. Here is some Common Technique used by pentesters/hackers!
#web#bash#guide#web-pentest - Jan 12, 20213 min read
Web Pentesting Checklist
This is a checklist for web pentesting!
#xss#sqli#lfi#web#active-directory - Jul 11, 202011 min read
Linux Privilege Escalation
Here is my Windows Privilege Escalation what i have created during my OSCP journey. These Techniques are also applicable in real situations too!
#oscp#active-directory#privilege-escalation#linux#windows - Jul 4, 202013 min read
Windows Privilege Escalation
Here is my Windows Privilege Escalation what i have created during my OSCP journey. These Techniques are also applicable in real world situations!
#oscp#privilege-escalation#linux#windows#python - Jul 2, 202016 min read
Penetration Testing CheatSheet
An Ultimate penetration testing that could be helpful for them who are preparing for OSCP exam.
#oscp#sqli#lfi#active-directory#malware