In this documenht I will post my Ethical Hacking cheatsheets. It covers the different areas of Ethical Hacking, including password cracking, obfuscation and exploit development (BOFs for noobies like me).

⚠️ The document is not finished, I have to add a lot more of content and sort everything in a better way. Also, the CyberSecurity area is always evolving, which means that is always generating new knowledge, for this reason this document will never be finished. ⚠️

This document is NOT for malicious porpouses.

In this section you will find different OSINT tools. This tools are divided in two groups:

• Passive Information Gathering: The tools presented in this section collect information without establishing direct communication between yourself and the target
• Active Information Gathering: This tools establish communication between you and the target (p.e. querying their DNS) to collect as much information as they can.

Here we have different tools and methods that will help us to enumerate the network (nmap) or a specific service such as FTP.

A short list of which steps to follow when performing a pentest on a webapp.

After we have enumerate, exploit a service and gain control of the target machine, we will need two priordial things:

• Upload/Download files to/from the target machine.
• Detect possible privilege escalation vectors such as Juicy Potato in Windows or a vulnerable cron job in Linux.

Different AV evasion techniques explained.

Here you will find a list of useful reverse shells done with different coding languages. The big part of them are made as one line. Also is explained how to upgrade a shell in Linux (where we will find with this problem a hundreds times).

Very noobie introduction to Windows and Linux Buffer Overflow.

Password cracking tools.

(⚠️ Under construction)