Virtual machines

Introduction
KVM on Ubuntu
Kali VM
SIFT with REMnux
Computer aided investigative environment (CAINE)
Windows VM
Binary analysis VM

Drives

Introduction
Ventoy

Reconnaissance

Introduction
Recon-ng
Using whois
Passive DNS recon with Shodan
Tools for DNS zone transfers
Researching certificates
Finding ASN numbers
Listing subdomains
Tracing routes
Advanced searching
Google dorking
Searching by image
People search
Website footprinting
Custom Word List Generator (CeWL)
DirBuster
Tools for Bluetooth device discovery
Discover vulnerabilities

Enumeration

Introduction
- What?
- Why?
- How?
Network scanning
NetBios enumeration
SNMP enumeration
LDAP enumeration
NTP enumeration
SMTP enumeration
DNS enumeration
macOS enumeration
Linux enumeration
Windows enumeration
Automated vulnerability scanning
Web application scanners
Database enumeration
API scanners
Cloud enumeration

Web applications

Introduction
Setting up Burp Suite (Kali)
Setting up ZAP (Kali)
Using firefox as proxy for Burp and Zap
OAST alternatives
HTTP proxies and traffic analysers
Vulnerability discovery tools
Target recognition
Browser extensions
Create recon scripts

APIs

Introduction
Arjun
wfuzz
Postman’s Collection Runner
Burp intruder

Cloud

Introduction
CloudSploit
AWS tools
Azure tools
GCP tools
truffleHog
Gitleaks
PACU
MSOLSpray
Scout Suite
CloudCustodian
Bloodhound

Static analysis

Introduction
file (Linux)
strings (Linux)
readelf (Linux)
PEiD (Windows)
TRiD (Win32, Linux)

Disassemblers

Introduction
Ghidra
Radare2
IDA
Rizin/Cutter
JEB

Debuggers

Introduction
GNU debugger (Linux)
strace (Linux)
GNU nm
Immunity Debugger (Windows)
x64dbg (Windows)

Decompilers

Introduction
APK Studio
ApkX
dotPeek
iLSpy

Program editing tools

Introduction
xxd (Linux)
HxD hex editor (Windows)
BEYE

Analysis automation programming

Introduction
Python
Yara
Visual Studio (Windows)

Exploitation tools

Introduction
Metasploit
Netcat
Socat
Windows escalation tools
Linux escalation tools

Exploit development

Introduction
MSFvenom
MSFvenom Payload Creator (MSFPC)
Donut
Online shellcode resources

Assemblers

Introduction
Netwide Assembler (NASM) on Linux
Microsoft Assembler on Windows 10 with Visual Studio Community

Compilers

Introduction
GNU compiler (gcc) on Linux
Using Windows Subsystem for Linux with Visual Studio Code

Steganography

Introduction
Steghide
TinEye
Coagula
Snow
Steganography_Tools

Social engineering

Introduction
BeEF
The Social-Engineer Toolkit (SET)
Wifiphisher

Additional hardware

Introduction
Human interface devices
Wireless adapters for Kali
Mischievous network hardware

Network

Introduction
tcpdump
Wireshark
hping3
nmap
netcat
proxychains
Ettercap
Impacket
Responder
CrackMapExec (CME)
Mimikatz

Wireless

Introduction
Kismet
Aircrack-ng Suite
Reaver
Wifite
Fern
MDK4
EAPHammer
Wifiphisher

Mobile tools

Introduction
The Mobile Security Framework
Spooftooph
Drozer
Android Studio
Android Debug Bridge (ADB)
Frida
Objection
MVT (Mobile Verification Toolkit)
apkeep
BusyBox
jadx
droidlysis
androguard
PiRogue tool suite
Pithus
apktool

Data exfiltration

Introduction
TryHackMe nodes
TryHackMe DNS configurations
PyExfil
Meek

Cryptanalysis

Introduction
Sagemath
Ganzúa
John the Ripper
Hashcat
Cain
RsaCtfTool
RSArmageddon
THC-Hydra
Cryptol

Security information and event management

Introduction
Wazuh
Graylog
Grafana
OpenCTI
MISP
Praeco
TheHIVE
Cortex
DFIR-Iris
Velociraptor
Shuffle
InfluxDB
ELK stack
Splunk
Wazuh single-node deployment with docker
Wazuh multi-node deployment with docker
Building Wazuh images

Threat intelligence

Introduction
UrlScan.io
Abuse.ch
PhishTool
Cisco Talos Intelligence
On-line resources
OpenCTI

Threat hunting

Introduction
Kibana
AIEngine
APT-Hunter
TekDefense-Automater
DeepBlueCLI
Phishing Catcher
Heimdal Threat-hunting and Action Center

Vulnerability management

Introduction
Nessus
MiTRE
YARA
OpenVAS
MISP
SOC Prime

Network traffic analysis

Introduction
tcpdump
Wireshark
nmap
NetworkMiner
Zeek
Brim

Endpoint detection and response

Introduction
Sysinternals Live
Wazuh

Digital forensics and incident response

Introduction
First responder toolkit
Audit trail tools
SquashFS and fsfimage
Imaging tools
Carving tools
Guymager
Commercial tools
RedLine
Autopsy on Kali
Autopsy on Windows
Kroll Artifact Parser and Extractor (KAPE)
Volatility
Velociraptor
TheHIVE
Libewf and ewf-tools
BMC-tools
libbde-utils
Linux artifact analysis tools
Google container tools
BusyBox

Phishing analysis

Introduction
Email header analysis
URL extractors
Online scanners
File reputation tools
Malware sandboxes
PhishTool

Malware analysis

Introduction
REMnux

Active defence

Introduction
Thug
T-Pot framework
Cowrie
GreedyBear
Nova
Molehunt
Honey Badger
SNARE and TANNER
OWASP Honeypot project

The lodge

Ty Myrddin Home
Unseen University
Improbability Blog
About
Contact

Introduction

What?

Notes on tools used for enumeration, and experimenting with new tools.

Why?

Move further and deeper into the scanning process.

How?

Network scanning
NetBios enumeration
SNMP enumeration
LDAP enumeration
NTP enumeration
SMTP enumeration
DNS enumeration
macOS enumeration
Linux enumeration
Windows enumeration
Automated vulnerability scanners
Web application scanners
Database enumeration
API scanners
Cloud enumeration

Previous Next

Unseen University, 2024, with a forest garden fostered by /ut7.