https://daniyalahmed.dev/tags/red-team/Recent content in Red-Team on Daniyal Ahmed | Red Team & Cloud SecurityHugo -- gohugo.ioen-usdaniyal.ahmed@microtechx.com (Daniyal Ahmed)daniyal.ahmed@microtechx.com (Daniyal Ahmed)Fri, 01 May 2026 00:00:00 +0000https://daniyalahmed.dev/posts/ultimate-penetration-testing-notes/Fri, 01 May 2026 00:00:00 +0000daniyal.ahmed@microtechx.com (Daniyal Ahmed)https://daniyalahmed.dev/posts/ultimate-penetration-testing-notes/Over the past few years working through HackTheBox, TryHackMe, VulnHub, HackMyVM, VulNyx, DockerLabs, and realworld engagements, I have accumulated an enormous amount of notes, commands, techniques, and hardwon lessons. This document is the result of all of that compiled, organized, and formatted into something I can actually use under pressure. This is not a tutorial. It is not a beginner guide. It is a reference document built for people who are already in the middle of something and need to find a specific command, technique, or methodology fast.https://daniyalahmed.dev/posts/entra-default-user-permissions-the-open-app-registration-problem/Thu, 30 Apr 2026 00:00:00 +0000daniyal.ahmed@microtechx.com (Daniyal Ahmed)https://daniyalahmed.dev/posts/entra-default-user-permissions-the-open-app-registration-problem/In your Entra ID tenant right now, every one of your users can register an application, assign it Mail.Read permission, consent to it themselves, and start reading their own email programmatically with no admin approval, no alert, and no audit flag. That is the default configuration Microsoft ships. This article asks: who has already done this, what did they access, and how do you find out? This is not a vulnerability in the traditional sense.