Virtual machines

Introduction
- What?
- Why?
- How?
KVM on Ubuntu
Kali VM
Windows VM
- Using VMWare
- Using KVM
Computer aided investigative environment (CAINE)

Drives

Introduction
- What?
- Why?
- How?
Ventoy
- Installation

Reconnaissance

Introduction
- What?
- Why?
- How?
Recon-ng
- Resources
Using whois
Passive DNS recon with Shodan
- Shodan online
- Shodan CLI
Tools for DNS zone transfers
- dig
- fierce
- host
- nslookup
- dnsrecon
- Mitigations
Researching certificates
- Tools
Finding ASN numbers
Listing subdomains
- Amass
- Subfinder
- Findomain
- OneForAll
- assetfinder
- Sudomy
- vita
- theHarvester
- Crobat
- gau
- SubDomainizer
- Shodan
- Censys subdomain finder
- securitytrails.com
- chaos.projectdiscovery.io
- Resources
Tracing routes
Advanced searching
- Resources
Google dorking
Searching by image
- Resources
People search
Website footprinting
- Resources
Custom Word List Generator (CeWL)
DirBuster
Tools for Bluetooth device discovery
Discover vulnerabilities
- Ports
- Vulnerability databases

Enumeration

Introduction
- What?
- Why?
- How?
Network scanning
- nmap
- zenmap
NetBios enumeration
SNMP enumeration
LDAP enumeration
- Bloodhound
NTP enumeration
- ntptrace
- ntpdc
- ntpq
SMTP enumeration
DNS enumeration
- dnsenum
- dnsrecon
- nslookup
- nmap
- dig
- host
- fierce
- AltDNS
- DNSdumpster
macOS enumeration
- swiftbelt
Linux enumeration
Windows enumeration
- Sysinternals
- net
- smbmap
Automated vulnerability scanning
Web application scanners
- Burp Suite scanner
- Wapiti
- ZAP
- w3af
- WPScan
Database enumeration
- sqlmap
API scanners
- Burp API scanner
- ZAP API Scanner
Cloud enumeration

Web applications

Introduction
- What?
- Why?
- How?
Setting up Burp Suite (Kali)
- Resources
Setting up ZAP (Kali)
Using firefox as proxy for Burp and Zap
OAST alternatives
HTTP proxies and traffic analysers
Vulnerability discovery tools
Target recognition
- Knockpy
- HostileSubBruteforcer
- FFuf
- Assetfinder
- Nmap
- Rustscan
- Shodan
- What CMS
- Recon-ng
Browser extensions
Create recon scripts

APIs

Introduction
- What?
- Why?
- How?
Arjun
wfuzz
Postman’s Collection Runner
Burp intruder

Cloud

Introduction
- What?
- Why?
- How?
CloudSploit
AWS tools
Azure tools
GCP tools
truffleHog
Gitleaks
PACU
- Usage
MSOLSpray
Scout Suite
CloudCustodian
Bloodhound

Static analysis

Introduction
- What?
- Why?
- How?
file (Linux)
strings (Linux)
readelf (Linux)
PEiD (Windows)
TRiD (Win32, Linux)

Disassemblers

Introduction
- What?
- Why?
- How?
Ghidra
Radare2
IDA

Debuggers

Introduction
- What?
- Why?
- How?
GNU debugger (Linux)
- Usage examples
strace (Linux)
GNU nm
Immunity Debugger (Windows)
x64dbg (Windows)

Decompilers

Introduction
- What?
- Why?
- How?
APK Studio
ApkX
dotPeek
iLSpy

Program editing tools

Introduction
- What?
- Why?
- How?
xxd (Linux)
HxD hex editor (Windows)
BEYE

Analysis automation programming

Introduction
- What?
- Why?
- How?
Python
Yara
Visual Studio (Windows)

Exploitation tools

Introduction
- What?
- Why?
- How?
Metasploit
- Multi-handler
- Resources
Netcat
Socat
Windows escalation tools
Linux escalation tools

Exploit development

Introduction
- What?
- Why?
- How?
MSFvenom
- Note on meterpreter shells
MSFvenom Payload Creator (MSFPC)
Donut
Online shellcode resources

Assemblers

Introduction
- What?
- Why?
- How?
Netwide Assembler (NASM) on Linux
- Install nasm
- Editing, assembling, and running a NASM source file
Microsoft Assembler on Windows 10 with Visual Studio Community

Compilers

Introduction
- What?
- Why?
- How?
GNU compiler (gcc) on Linux
Using Windows Subsystem for Linux with Visual Studio Code

Steganography

Introduction
- What?
- Why?
- How?
Steghide
TinEye
Coagula
Snow
Steganography_Tools
- Installation

Social engineering

Introduction
- What?
- Why?
- How?
BeEF
The Social-Engineer Toolkit (SET)
Wifiphisher

Additional hardware

Introduction
- What?
- Why?
- How?
USB sticks
Mischievous network hardware
Wireless adapters for monitoring
- Alternative adapters
  - Atheros chipset AR9271
  - Realtek chipset RTL8812AU
- Kali VM notes

Network

Introduction
- What?
- Why?
- How?
tcpdump
Wireshark
hping3
- Cheatsheets
nmap
netcat
proxychains
Ettercap
Impacket
Responder
CrackMapExec (CME)
Mimikatz

Wireless

Introduction
- What?
- Why?
- How?
Kismet
Aircrack-ng Suite
Reaver
Wifite
Fern
MDK4
EAPHammer
Wifiphisher

Mobile devices

Introduction
- What?
- Why?
- How?
The Mobile Security Framework
Spooftooph
Drozer
Android Studio
- Installation
Android Debug Bridge (ADB)
- Installation
Frida
Objection

Data exfiltration

Introduction
- What?
- Why?
- How?
TryHackMe nodes
TryHackMe DNS configurations
PyExfil
Meek

Cryptanalysis

Introduction
- What?
- Why?
- How?
Sagemath
- Troubleshooting
Ganzúa
John the Ripper
Hashcat
Cain
RsaCtfTool
RSArmageddon
THC-Hydra
Cryptol

Threat analysis

Introduction
UrlScan.io
Abuse.ch
PhishTool
Cisco Talos Intelligence
- Scenario 1
- Scenario 2
On-line resources
OpenCTI

Vulnerability management

Introduction
Nessus
MiTRE
YARA
OpenVAS
- Scanning infrastructure
- Reporting and continuous monitoring
MISP

Network traffic analysis

Introduction
tcpdump
Wireshark
nmap
NetworkMiner
Zeek
Brim
- Brim vs Wireshark vs Zeek

Endpoint detection and response

Introduction
Sysinternals Live
Wazuh
- Resources

Security information and event management

Introduction
ELK stack
Splunk

Digital forensics and incident response

Introduction
First responder toolkit
- Physical evidence collection and preservation
- Physical acquisition tools
Audit trail tools
- Task warrior
SquashFS and fsfimage
Imaging tools
- Memory acquisition in Linux
- Memory acquisition in Windows
Carving tools
Commercial tools
RedLine
Guymager
Autopsy
Kroll Artifact Parser and Extractor (KAPE)
- Target options
- Module options
Volatility
Velociraptor
- Resources
TheHive project
- Resources
Libewf and ewf-tools
BMC-tools
Google container tools
libbde-utils
- Installation
- Resources
Linux artifact analysis tools
- Analysis of storage layout and volume management

Phishing analysis

Introduction
Malware sandboxes
PhishTool

Malware analysis

Introduction
REMnux
- Resources

The lodge

The lodge
Wizardry Unclass Writeups
Improbability Blog
About
Register

Introduction

What?

Notes on tools used for security testing cloud applications, and experimenting with new tools.

Why?

Assess the strength of the security controls in place.

How?

CloudSploit
AWS tools
Azure tools
GCP tools
truffleHog
Gitleaks
PACU
MSOLSpray
ScoutSuite
CloudCustodian
Bloodhound

Previous Next

Unseen University, 2023, with a forest garden fostered by /ut7.