Logo

Virtual machines

  • Introduction
  • KVM on Ubuntu
  • Kali VM
  • SIFT with REMnux
  • Computer aided investigative environment (CAINE)
  • Windows VM
  • Binary analysis VM

Drives

  • Introduction
  • Ventoy

Reconnaissance

  • Introduction
  • Recon-ng
  • Using whois
  • Passive DNS recon with Shodan
  • Tools for DNS zone transfers
  • Researching certificates
  • Finding ASN numbers
  • Listing subdomains
  • Tracing routes
  • Advanced searching
  • Google dorking
  • Searching by image
  • People search
  • Website footprinting
  • Custom Word List Generator (CeWL)
  • DirBuster
  • Tools for Bluetooth device discovery
  • Discover vulnerabilities

Enumeration

  • Introduction
  • Network scanning
  • NetBios enumeration
  • SNMP enumeration
  • LDAP enumeration
  • NTP enumeration
  • SMTP enumeration
  • DNS enumeration
  • macOS enumeration
  • Linux enumeration
  • Windows enumeration
  • Automated vulnerability scanning
  • Web application scanners
  • Database enumeration
  • API scanners
  • Cloud enumeration

Web applications

  • Introduction
  • Setting up Burp Suite (Kali)
  • Setting up ZAP (Kali)
  • Using firefox as proxy for Burp and Zap
  • OAST alternatives
  • HTTP proxies and traffic analysers
  • Vulnerability discovery tools
  • Target recognition
  • Browser extensions
  • Create recon scripts

APIs

  • Introduction
  • Arjun
  • wfuzz
  • Postman’s Collection Runner
  • Burp intruder

Cloud

  • Introduction
  • CloudSploit
  • AWS tools
  • Azure tools
  • GCP tools
  • truffleHog
  • Gitleaks
  • PACU
  • MSOLSpray
  • Scout Suite
  • CloudCustodian
  • Bloodhound

Static analysis

  • Introduction
  • file (Linux)
  • strings (Linux)
  • readelf (Linux)
  • PEiD (Windows)
  • TRiD (Win32, Linux)

Disassemblers

  • Introduction
  • Ghidra
  • Radare2
  • IDA
  • Rizin/Cutter
  • JEB

Debuggers

  • Introduction
  • GNU debugger (Linux)
  • strace (Linux)
  • GNU nm
  • Immunity Debugger (Windows)
  • x64dbg (Windows)

Decompilers

  • Introduction
  • APK Studio
  • ApkX
  • dotPeek
  • iLSpy

Program editing tools

  • Introduction
  • xxd (Linux)
  • HxD hex editor (Windows)
  • BEYE

Analysis automation programming

  • Introduction
  • Python
  • Yara
  • Visual Studio (Windows)

Exploitation tools

  • Introduction
  • Metasploit
  • Netcat
  • Socat
  • Windows escalation tools
  • Linux escalation tools

Exploit development

  • Introduction
  • MSFvenom
  • MSFvenom Payload Creator (MSFPC)
  • Donut
  • Online shellcode resources

Assemblers

  • Introduction
  • Netwide Assembler (NASM) on Linux
  • Microsoft Assembler on Windows 10 with Visual Studio Community

Compilers

  • Introduction
  • GNU compiler (gcc) on Linux
  • Using Windows Subsystem for Linux with Visual Studio Code

Steganography

  • Introduction
  • Steghide
  • TinEye
  • Coagula
  • Snow
  • Steganography_Tools

Social engineering

  • Introduction
  • BeEF
  • The Social-Engineer Toolkit (SET)
  • Wifiphisher

Additional hardware

  • Introduction
  • Human interface devices
  • Wireless adapters for Kali
  • Mischievous network hardware

Network

  • Introduction
  • tcpdump
  • Wireshark
  • hping3
  • nmap
  • netcat
  • proxychains
  • Ettercap
  • Impacket
  • Responder
  • CrackMapExec (CME)
  • Mimikatz

Wireless

  • Introduction
  • Kismet
  • Aircrack-ng Suite
  • Reaver
  • Wifite
  • Fern
  • MDK4
  • EAPHammer
  • Wifiphisher

Mobile tools

  • Introduction
  • The Mobile Security Framework
  • Spooftooph
  • Drozer
  • Android Studio
  • Android Debug Bridge (ADB)
  • Frida
  • Objection
  • MVT (Mobile Verification Toolkit)
  • apkeep
  • BusyBox
  • jadx
  • droidlysis
  • androguard
  • PiRogue tool suite
  • Pithus
  • apktool

Data exfiltration

  • Introduction
  • TryHackMe nodes
  • TryHackMe DNS configurations
  • PyExfil
  • Meek

Cryptanalysis

  • Introduction
  • Sagemath
  • Ganzúa
  • John the Ripper
  • Hashcat
  • Cain
  • RsaCtfTool
  • RSArmageddon
  • THC-Hydra
  • Cryptol

Security information and event management

  • Introduction
    • Stacks
  • Wazuh
  • Graylog
  • Grafana
  • OpenCTI
  • MISP
  • Praeco
  • TheHIVE
  • Cortex
  • DFIR-Iris
  • Velociraptor
  • Shuffle
  • InfluxDB
  • ELK stack
  • Splunk
  • Wazuh single-node deployment with docker
  • Wazuh multi-node deployment with docker
  • Building Wazuh images

Threat intelligence

  • Introduction
  • UrlScan.io
  • Abuse.ch
  • PhishTool
  • Cisco Talos Intelligence
  • On-line resources
  • OpenCTI

Threat hunting

  • Introduction
  • Kibana
  • AIEngine
  • APT-Hunter
  • TekDefense-Automater
  • DeepBlueCLI
  • Phishing Catcher
  • Heimdal Threat-hunting and Action Center

Vulnerability management

  • Introduction
  • Nessus
  • MiTRE
  • YARA
  • OpenVAS
  • MISP
  • SOC Prime

Network traffic analysis

  • Introduction
  • tcpdump
  • Wireshark
  • nmap
  • NetworkMiner
  • Zeek
  • Brim

Endpoint detection and response

  • Introduction
  • Sysinternals Live
  • Wazuh

Digital forensics and incident response

  • Introduction
  • First responder toolkit
  • Audit trail tools
  • SquashFS and fsfimage
  • Imaging tools
  • Carving tools
  • Guymager
  • Commercial tools
  • RedLine
  • Autopsy on Kali
  • Autopsy on Windows
  • Kroll Artifact Parser and Extractor (KAPE)
  • Volatility
  • Velociraptor
  • TheHIVE
  • Libewf and ewf-tools
  • BMC-tools
  • libbde-utils
  • Linux artifact analysis tools
  • Google container tools
  • BusyBox

Phishing analysis

  • Introduction
  • Email header analysis
  • URL extractors
  • Online scanners
  • File reputation tools
  • Malware sandboxes
  • PhishTool

Malware analysis

  • Introduction
  • REMnux

Active defence

  • Introduction
  • Thug
  • T-Pot framework
  • Cowrie
  • GreedyBear
  • Nova
  • Molehunt
  • Honey Badger
  • SNARE and TANNER
  • OWASP Honeypot project
The lodge
  • Ty Myrddin Home
  • Unseen University
  • Improbability Blog
  • About
  • Contact

Introduction

SIEM stack

Most of these tools are Open Source, free, and together meet these requirements of a SIEM stack:

  • Wazuh

  • Graylog

  • Grafana

  • OpenCTI

  • MISP

  • Praeco

  • TheHIVE

  • Cortex

  • Velociraptor

  • Shuffle

  • InfluxDB

  • ELK stack

  • Splunk

Stacks

  • Wazuh single-node deployment with docker (bare-bones)

  • Wazuh multi-node deployment with docker

  • Building Wazuh images

Previous Next

Unseen University, 2025, with a forest garden fostered by /ut7.