Logo

Virtual machines

  • Introduction
    • What?
    • Why?
    • How?
  • KVM on Ubuntu
    • Requirement checks
    • Install essential packages
    • Add users to groups
    • Verify installation
    • Install virt manager GUI
  • Kali VM
    • Which hypervisor?
    • Installing hypervisor
    • Installing Kali box
    • Dockers
  • Windows VM
    • Using VMWare
    • Using KVM
  • Computer aided investigative environment (CAINE)
    • Installation
    • Usage
    • Resources

Drives

  • Introduction
    • What?
    • Why?
    • How?
  • Ventoy
    • Installation

Reconnaissance

  • Introduction
    • What?
    • Why?
    • How?
  • Recon-ng
    • Resources
  • Using whois
    • Whois CLI
    • Hacking WHOIS for more info
    • Whois history
    • Reverse lookup
    • Resources
  • Passive DNS recon with Shodan
    • Shodan online
    • Shodan CLI
  • Tools for DNS zone transfers
    • dig
    • fierce
    • host
    • nslookup
    • dnsrecon
    • Mitigations
  • Researching certificates
    • Tools
  • Finding ASN numbers
  • Listing subdomains
    • Amass
    • Subfinder
    • Findomain
    • OneForAll
    • assetfinder
    • Sudomy
    • vita
    • theHarvester
    • Crobat
    • gau
    • SubDomainizer
    • Shodan
    • Censys subdomain finder
    • securitytrails.com
    • chaos.projectdiscovery.io
    • Resources
  • Tracing routes
  • Advanced searching
    • Resources
  • Google dorking
  • Searching by image
    • Resources
  • People search
  • Website footprinting
    • Resources
  • Custom Word List Generator (CeWL)
  • DirBuster
  • Tools for Bluetooth device discovery
  • Discover vulnerabilities
    • Ports
    • Vulnerability databases

Enumeration

  • Introduction
    • What?
    • Why?
    • How?
  • Network scanning
    • nmap
    • zenmap
  • NetBios enumeration
    • nbtstat
    • Hyena
    • Winfingerprint
  • SNMP enumeration
    • OpUtils
    • SNScan
    • NS auditor
  • LDAP enumeration
    • Bloodhound
  • NTP enumeration
    • ntptrace
    • ntpdc
    • ntpq
  • SMTP enumeration
    • smtp-user-enum
    • Metasploit modules
    • nmap nse scripts
  • DNS enumeration
    • dnsenum
    • dnsrecon
    • nslookup
    • nmap
    • dig
    • host
    • fierce
    • AltDNS
    • DNSdumpster
  • macOS enumeration
    • swiftbelt
  • Linux enumeration
    • LinEnum
    • enum4linux
    • netcat
  • Windows enumeration
    • Sysinternals
    • net
    • smbmap
  • Automated vulnerability scanning
    • Nessus
    • Greenbone (OpenVAS)
    • Nikto
    • Resources
  • Web application scanners
    • Burp Suite scanner
    • Wapiti
    • ZAP
    • w3af
    • WPScan
  • Database enumeration
    • sqlmap
  • API scanners
    • Burp API scanner
    • ZAP API Scanner
  • Cloud enumeration

Web applications

  • Introduction
    • What?
    • Why?
    • How?
  • Setting up Burp Suite (Kali)
    • Resources
  • Setting up ZAP (Kali)
    • Installing Zap on Kali
    • Usage Zap
    • Resources
  • Using firefox as proxy for Burp and Zap
    • FoxyProxy
    • Burp certificate
    • Zap certificate
  • OAST alternatives
  • HTTP proxies and traffic analysers
    • Burp Suite
      • Proxy
      • Intruder
      • Repeater
      • Extensions
    • Zap
    • Fiddler
    • Wireshark
    • Firebug
    • Installing Firefox’s Developer edition
    • Other useful developer tools
  • Vulnerability discovery tools
  • Target recognition
    • Knockpy
    • HostileSubBruteforcer
    • FFuf
    • Assetfinder
    • Nmap
    • Rustscan
    • Shodan
    • What CMS
    • Recon-ng
  • Browser extensions
    • FoxyProxy
    • User-Agent Switcher
    • HackBar
    • Cookies Manager+
  • Create recon scripts

APIs

  • Introduction
    • What?
    • Why?
    • How?
  • Arjun
  • wfuzz
  • Postman’s Collection Runner
  • Burp intruder

Cloud

  • Introduction
    • What?
    • Why?
    • How?
  • CloudSploit
  • AWS tools
  • Azure tools
  • GCP tools
  • truffleHog
  • Gitleaks
  • PACU
    • Usage
  • MSOLSpray
  • Scout Suite
  • CloudCustodian
  • Bloodhound

Static analysis

  • Introduction
    • What?
    • Why?
    • How?
  • file (Linux)
  • strings (Linux)
  • readelf (Linux)
  • PEiD (Windows)
  • TRiD (Win32, Linux)

Disassemblers

  • Introduction
    • What?
    • Why?
    • How?
  • Ghidra
  • Radare2
  • IDA

Debuggers

  • Introduction
    • What?
    • Why?
    • How?
  • GNU debugger (Linux)
    • Usage examples
  • strace (Linux)
  • GNU nm
  • Immunity Debugger (Windows)
    • Installation
    • Mona
    • Configuration
  • x64dbg (Windows)

Decompilers

  • Introduction
    • What?
    • Why?
    • How?
  • APK Studio
  • ApkX
  • dotPeek
  • iLSpy

Program editing tools

  • Introduction
    • What?
    • Why?
    • How?
  • xxd (Linux)
  • HxD hex editor (Windows)
  • BEYE

Analysis automation programming

  • Introduction
    • What?
    • Why?
    • How?
  • Python
  • Yara
  • Visual Studio (Windows)

Exploitation tools

  • Introduction
    • What?
    • Why?
    • How?
  • Metasploit
    • Multi-handler
    • Resources
  • Netcat
    • Netcat bind shell
    • Netcat reverse shell
    • Stabilising netcat shells
  • Socat
    • Socat reverse shells
    • Socat bind shells
    • Socat encrypted shells
  • Windows escalation tools
  • Linux escalation tools

Exploit development

  • Introduction
    • What?
    • Why?
    • How?
  • MSFvenom
    • Note on meterpreter shells
  • MSFvenom Payload Creator (MSFPC)
  • Donut
  • Online shellcode resources

Assemblers

  • Introduction
    • What?
    • Why?
    • How?
  • Netwide Assembler (NASM) on Linux
    • Install nasm
    • Editing, assembling, and running a NASM source file
  • Microsoft Assembler on Windows 10 with Visual Studio Community
    • Install VSCode
    • Create a CLI prompt for MASM
    • Editing, assembling, and running a MASM source file
    • Create a project template

Compilers

  • Introduction
    • What?
    • Why?
    • How?
  • GNU compiler (gcc) on Linux
  • Using Windows Subsystem for Linux with Visual Studio Code

Steganography

  • Introduction
    • What?
    • Why?
    • How?
  • Steghide
  • TinEye
  • Coagula
  • Snow
  • Steganography_Tools
    • Installation

Social engineering

  • Introduction
    • What?
    • Why?
    • How?
  • BeEF
  • The Social-Engineer Toolkit (SET)
  • Wifiphisher

Additional hardware

  • Introduction
    • What?
    • Why?
    • How?
  • USB sticks
  • Mischievous network hardware
  • Wireless adapters for monitoring
    • Alternative adapters
      • Atheros chipset AR9271
      • Realtek chipset RTL8812AU
    • Kali VM notes

Network

  • Introduction
    • What?
    • Why?
    • How?
  • tcpdump
  • Wireshark
  • hping3
    • Cheatsheets
  • nmap
  • netcat
  • proxychains
  • Ettercap
  • Impacket
  • Responder
  • CrackMapExec (CME)
  • Mimikatz

Wireless

  • Introduction
    • What?
    • Why?
    • How?
  • Kismet
  • Aircrack-ng Suite
  • Reaver
  • Wifite
  • Fern
  • MDK4
  • EAPHammer
  • Wifiphisher

Mobile devices

  • Introduction
    • What?
    • Why?
    • How?
  • The Mobile Security Framework
  • Spooftooph
  • Drozer
  • Android Studio
    • Installation
  • Android Debug Bridge (ADB)
    • Installation
  • Frida
  • Objection

Data exfiltration

  • Introduction
    • What?
    • Why?
    • How?
  • TryHackMe nodes
  • TryHackMe DNS configurations
  • PyExfil
  • Meek

Cryptanalysis

  • Introduction
    • What?
    • Why?
    • How?
  • Sagemath
    • Troubleshooting
  • Ganzúa
  • John the Ripper
  • Hashcat
  • Cain
  • RsaCtfTool
  • RSArmageddon
  • THC-Hydra
  • Cryptol

Threat analysis

  • Introduction
  • UrlScan.io
  • Abuse.ch
    • MalwareBazaar
    • FeodoTracker
    • SSL Blacklist
    • URLHaus
    • ThreatFox
  • PhishTool
    • Core features
    • Scenario 1
    • Scenario 2
  • Cisco Talos Intelligence
    • Scenario 1
    • Scenario 2
  • On-line resources
    • Reverse engineering code
    • Indicators of Compromise
    • Anti-Phishing
  • OpenCTI

Vulnerability management

  • Introduction
  • Nessus
    • Installation on Debian/Kali and Ubuntu
      • Configuration
      • Troubleshooting
    • Host discovery
      • Default config
      • Scan
    • Basic network scan
      • Default config
      • Example scan
    • Web application scan
      • Default config
      • Settings
      • Example scan
  • MiTRE
    • ATT&CK® framework
      • ATT&CK® Matrix
      • ATT&CK® Navigator
    • CAR knowledge base
      • CAR ATT&CK® Navigator layer
    • ENGAGE
      • Categories
    • D3FEND
    • ENGENUITY
    • Resources
  • YARA
    • Installation and basic use on Linux
      • Package
      • From source
    • Scanning with Loki
      • Examples
    • Creating Yara rules with yarGen
      • Example
    • Resources
  • OpenVAS
    • Scanning infrastructure
      • Create task
      • Scoping a new target
      • Launch
    • Reporting and continuous monitoring
      • The report
      • Continuous monitoring
      • Creating schedules
      • Crafting alerts
  • MISP
    • Dashboard
      • Dashboard
      • Event management
      • Event creation
      • Attributes & attachments
      • Publish event
    • Feeds
    • Taxonomies
    • Tagging
      • Tagging at event level vs attribute level
      • The minimal subset of tags
    • Resources

Network traffic analysis

  • Introduction
  • tcpdump
  • Wireshark
  • nmap
  • NetworkMiner
    • Operating modes
    • Pros and cons
      • Pros
      • Cons
    • Differences between Wireshark and NetworkMiner
    • NetworkMiner version differences
      • Mac address processing
      • Sent/received packet processing
      • Frame processing
      • Parameter processing
      • Clear-text processing
  • Zeek
    • Differences between Snort and Zeek
    • Zeek architecture
    • Zeek frameworks
  • Brim
    • Brim vs Wireshark vs Zeek

Endpoint detection and response

  • Introduction
  • Sysinternals Live
    • Dependencies
    • Run the tool from the command line
    • Run the tool from a mapped drive
  • Wazuh
    • Resources

Security information and event management

  • Introduction
  • ELK stack
    • Components
    • Data flow
    • Resources
  • Splunk
    • Components
      • Splunk forwarder
      • Splunk indexer
      • Search head
    • Navigation
      • Splunk Bar
      • Apps Panel
      • Explore Splunk
      • Splunk Dashboard
    • Adding data

Digital forensics and incident response

  • Introduction
  • First responder toolkit
    • Physical evidence collection and preservation
    • Physical acquisition tools
  • Audit trail tools
    • Task warrior
      • todo.txt
      • Shell alias
      • Snoopy
  • SquashFS and fsfimage
    • Loop devices
    • SquashFS
    • sfsimage
  • Imaging tools
    • Memory acquisition in Linux
    • Memory acquisition in Windows
  • Carving tools
  • Commercial tools
    • Belkasoft
    • Forensic Toolkit (FTK)
    • EnCase
    • Magnet Forensics
    • X-Ways
  • RedLine
  • Guymager
  • Autopsy
  • Kroll Artifact Parser and Extractor (KAPE)
    • Target options
    • Module options
  • Volatility
    • Memory extraction
    • Identifying image info and profiles
    • Listing processes and connections
      • pslist
      • psscan
      • pstree
      • netstat
      • dlllist
    • Hunting and detection capabilities
    • Real world memory forensics
    • Hooking
      • SSDT
    • Driver files
      • modules
      • driverscan
    • Other plugins
  • Velociraptor
    • Resources
  • TheHive project
    • Resources
  • Libewf and ewf-tools
    • Installation
    • Usage
    • Resources
  • BMC-tools
  • Google container tools
  • libbde-utils
    • Installation
    • Resources
  • Linux artifact analysis tools
    • Analysis of storage layout and volume management

Phishing analysis

  • Introduction
  • Malware sandboxes
  • PhishTool

Malware analysis

  • Introduction
  • REMnux
    • Resources
The lodge
  • The lodge
  • Wizardry Unclass Writeups
  • Improbability Blog
  • About
  • Register

Introduction

What?

Notes on tools used for enumeration, and experimenting with new tools.

Why?

Move further and deeper into the scanning process.

How?

  • Network scanning

  • NetBios enumeration

  • SNMP enumeration

  • LDAP enumeration

  • NTP enumeration

  • SMTP enumeration

  • DNS enumeration

  • macOS enumeration

  • Linux enumeration

  • Windows enumeration

  • Automated vulnerability scanners

  • Web application scanners

  • Database enumeration

  • API scanners

  • Cloud enumeration

Previous Next
Unseen University, 2023, with a forest garden fostered by /ut7.