Logo

Virtual machines

  • Introduction
  • KVM on Ubuntu
  • Kali VM
  • SIFT with REMnux
  • Computer aided investigative environment (CAINE)
  • Windows VM
  • Binary analysis VM

Drives

  • Introduction
  • Ventoy

Reconnaissance

  • Introduction
  • Recon-ng
  • Using whois
  • Passive DNS recon with Shodan
  • Tools for DNS zone transfers
  • Researching certificates
  • Finding ASN numbers
  • Listing subdomains
  • Tracing routes
  • Advanced searching
  • Google dorking
  • Searching by image
  • People search
  • Website footprinting
  • Custom Word List Generator (CeWL)
  • DirBuster
  • Tools for Bluetooth device discovery
  • Discover vulnerabilities

Enumeration

  • Introduction
  • Network scanning
  • NetBios enumeration
  • SNMP enumeration
  • LDAP enumeration
  • NTP enumeration
  • SMTP enumeration
  • DNS enumeration
  • macOS enumeration
  • Linux enumeration
  • Windows enumeration
  • Automated vulnerability scanning
  • Web application scanners
  • Database enumeration
  • API scanners
  • Cloud enumeration

Web applications

  • Introduction
  • Setting up Burp Suite (Kali)
  • Setting up ZAP (Kali)
  • Using firefox as proxy for Burp and Zap
  • OAST alternatives
  • HTTP proxies and traffic analysers
  • Vulnerability discovery tools
  • Target recognition
  • Browser extensions
  • Create recon scripts

APIs

  • Introduction
  • Arjun
  • wfuzz
  • Postman’s Collection Runner
  • Burp intruder

Cloud

  • Introduction
  • CloudSploit
  • AWS tools
  • Azure tools
  • GCP tools
  • truffleHog
  • Gitleaks
  • PACU
  • MSOLSpray
  • Scout Suite
  • CloudCustodian
  • Bloodhound

Static analysis

  • Introduction
  • file (Linux)
  • strings (Linux)
  • readelf (Linux)
  • PEiD (Windows)
  • TRiD (Win32, Linux)

Disassemblers

  • Introduction
  • Ghidra
  • Radare2
  • IDA
  • Rizin/Cutter
  • JEB

Debuggers

  • Introduction
  • GNU debugger (Linux)
  • strace (Linux)
  • GNU nm
  • Immunity Debugger (Windows)
  • x64dbg (Windows)

Decompilers

  • Introduction
  • APK Studio
  • ApkX
  • dotPeek
  • iLSpy

Program editing tools

  • Introduction
  • xxd (Linux)
  • HxD hex editor (Windows)
  • BEYE

Analysis automation programming

  • Introduction
  • Python
  • Yara
  • Visual Studio (Windows)

Exploitation tools

  • Introduction
  • Metasploit
  • Netcat
  • Socat
  • Windows escalation tools
  • Linux escalation tools

Exploit development

  • Introduction
  • MSFvenom
  • MSFvenom Payload Creator (MSFPC)
  • Donut
  • Online shellcode resources

Assemblers

  • Introduction
  • Netwide Assembler (NASM) on Linux
  • Microsoft Assembler on Windows 10 with Visual Studio Community

Compilers

  • Introduction
  • GNU compiler (gcc) on Linux
  • Using Windows Subsystem for Linux with Visual Studio Code

Steganography

  • Introduction
  • Steghide
  • TinEye
  • Coagula
  • Snow
  • Steganography_Tools

Social engineering

  • Introduction
  • BeEF
  • The Social-Engineer Toolkit (SET)
  • Wifiphisher

Additional hardware

  • Introduction
  • Human interface devices
  • Wireless adapters for Kali
  • Mischievous network hardware

Network

  • Introduction
  • tcpdump
  • Wireshark
  • hping3
  • nmap
  • netcat
  • proxychains
  • Ettercap
  • Impacket
  • Responder
  • CrackMapExec (CME)
  • Mimikatz

Wireless

  • Introduction
  • Kismet
  • Aircrack-ng Suite
  • Reaver
  • Wifite
  • Fern
  • MDK4
  • EAPHammer
  • Wifiphisher

Mobile tools

  • Introduction
  • The Mobile Security Framework
  • Spooftooph
  • Drozer
  • Android Studio
  • Android Debug Bridge (ADB)
  • Frida
  • Objection
  • MVT (Mobile Verification Toolkit)
  • apkeep
  • BusyBox
  • jadx
  • droidlysis
  • androguard
  • PiRogue tool suite
  • Pithus
  • apktool

Data exfiltration

  • Introduction
  • TryHackMe nodes
  • TryHackMe DNS configurations
  • PyExfil
  • Meek

Cryptanalysis

  • Introduction
  • Sagemath
  • Ganzúa
  • John the Ripper
  • Hashcat
  • Cain
  • RsaCtfTool
  • RSArmageddon
  • THC-Hydra
  • Cryptol

Security information and event management

  • Introduction
  • Wazuh
    • Resources
  • Graylog
  • Grafana
  • OpenCTI
  • MISP
  • Praeco
  • TheHIVE
  • Cortex
  • DFIR-Iris
  • Velociraptor
  • Shuffle
  • InfluxDB
  • ELK stack
  • Splunk
  • Wazuh single-node deployment with docker
  • Wazuh multi-node deployment with docker
  • Building Wazuh images

Threat intelligence

  • Introduction
  • UrlScan.io
  • Abuse.ch
  • PhishTool
  • Cisco Talos Intelligence
  • On-line resources
  • OpenCTI

Threat hunting

  • Introduction
  • Kibana
  • AIEngine
  • APT-Hunter
  • TekDefense-Automater
  • DeepBlueCLI
  • Phishing Catcher
  • Heimdal Threat-hunting and Action Center

Vulnerability management

  • Introduction
  • Nessus
  • MiTRE
  • YARA
  • OpenVAS
  • MISP
  • SOC Prime

Network traffic analysis

  • Introduction
  • tcpdump
  • Wireshark
  • nmap
  • NetworkMiner
  • Zeek
  • Brim

Endpoint detection and response

  • Introduction
  • Sysinternals Live
  • Wazuh

Digital forensics and incident response

  • Introduction
  • First responder toolkit
  • Audit trail tools
  • SquashFS and fsfimage
  • Imaging tools
  • Carving tools
  • Guymager
  • Commercial tools
  • RedLine
  • Autopsy on Kali
  • Autopsy on Windows
  • Kroll Artifact Parser and Extractor (KAPE)
  • Volatility
  • Velociraptor
  • TheHIVE
  • Libewf and ewf-tools
  • BMC-tools
  • libbde-utils
  • Linux artifact analysis tools
  • Google container tools
  • BusyBox

Phishing analysis

  • Introduction
  • Email header analysis
  • URL extractors
  • Online scanners
  • File reputation tools
  • Malware sandboxes
  • PhishTool

Malware analysis

  • Introduction
  • REMnux

Active defence

  • Introduction
  • Thug
  • T-Pot framework
  • Cowrie
  • GreedyBear
  • Nova
  • Molehunt
  • Honey Badger
  • SNARE and TANNER
  • OWASP Honeypot project
The lodge
  • Ty Myrddin Home
  • Unseen University
  • Improbability Blog
  • About
  • Contact

Wazuh

The Wazuh Security Information and Event Management (SIEM) solution is a centralized platform for aggregating and analyzing telemetry in real time for threat detection and compliance. Wazuh collects event data from various sources like endpoints, network devices, cloud workloads, and applications for broader security coverage.

Resources

  • Wazuh installation elements

  • Wazuh Indexer Install - Installing SIEM Backend Storage

  • Wazuh Manager - Log Analyzer Install

  • Wazuh Agent Install - Endpoint detection and response

  • Ingest Firewall Logs Into Any SIEM

  • Detecting Abnormal Network Connections With Wazuh

  • Wazuh + MISP Automation - Automate Your SIEM Threat Intel

  • Quarantine Malware with Wazuh + YARA

  • Full Wazuh Install - The SOCFortress Way

Previous Next

Unseen University, 2025, with a forest garden fostered by /ut7.