Virtual machines

Introduction
- What?
- Why?
- How?
KVM on Ubuntu
Kali VM
Windows VM
- Using VMWare
- Using KVM
Computer aided investigative environment (CAINE)

Drives

Introduction
- What?
- Why?
- How?
Ventoy
- Installation

Reconnaissance

Introduction
- What?
- Why?
- How?
Recon-ng
- Resources
Using whois
Passive DNS recon with Shodan
- Shodan online
- Shodan CLI
Tools for DNS zone transfers
- dig
- fierce
- host
- nslookup
- dnsrecon
- Mitigations
Researching certificates
- Tools
Finding ASN numbers
Listing subdomains
- Amass
- Subfinder
- Findomain
- OneForAll
- assetfinder
- Sudomy
- vita
- theHarvester
- Crobat
- gau
- SubDomainizer
- Shodan
- Censys subdomain finder
- securitytrails.com
- chaos.projectdiscovery.io
- Resources
Tracing routes
Advanced searching
- Resources
Google dorking
Searching by image
- Resources
People search
Website footprinting
- Resources
Custom Word List Generator (CeWL)
DirBuster
Tools for Bluetooth device discovery
Discover vulnerabilities
- Ports
- Vulnerability databases

Enumeration

Introduction
- What?
- Why?
- How?
Network scanning
- nmap
- zenmap
NetBios enumeration
SNMP enumeration
LDAP enumeration
- Bloodhound
NTP enumeration
- ntptrace
- ntpdc
- ntpq
SMTP enumeration
DNS enumeration
- dnsenum
- dnsrecon
- nslookup
- nmap
- dig
- host
- fierce
- AltDNS
- DNSdumpster
macOS enumeration
- swiftbelt
Linux enumeration
Windows enumeration
- Sysinternals
- net
- smbmap
Automated vulnerability scanning
Web application scanners
- Burp Suite scanner
- Wapiti
- ZAP
- w3af
- WPScan
Database enumeration
- sqlmap
API scanners
- Burp API scanner
- ZAP API Scanner
Cloud enumeration

Web applications

Introduction
- What?
- Why?
- How?
Setting up Burp Suite (Kali)
- Resources
Setting up ZAP (Kali)
Using firefox as proxy for Burp and Zap
OAST alternatives
HTTP proxies and traffic analysers
Vulnerability discovery tools
Target recognition
- Knockpy
- HostileSubBruteforcer
- FFuf
- Assetfinder
- Nmap
- Rustscan
- Shodan
- What CMS
- Recon-ng
Browser extensions
Create recon scripts

APIs

Introduction
- What?
- Why?
- How?
Arjun
wfuzz
Postman’s Collection Runner
Burp intruder

Cloud

Introduction
- What?
- Why?
- How?
CloudSploit
AWS tools
Azure tools
GCP tools
truffleHog
Gitleaks
PACU
- Usage
MSOLSpray
Scout Suite
CloudCustodian
Bloodhound

Static analysis

Introduction
- What?
- Why?
- How?
file (Linux)
strings (Linux)
readelf (Linux)
PEiD (Windows)
TRiD (Win32, Linux)

Disassemblers

Introduction
- What?
- Why?
- How?
Ghidra
Radare2
IDA

Debuggers

Introduction
- What?
- Why?
- How?
GNU debugger (Linux)
- Usage examples
strace (Linux)
GNU nm
Immunity Debugger (Windows)
x64dbg (Windows)

Decompilers

Introduction
- What?
- Why?
- How?
APK Studio
ApkX
dotPeek
iLSpy

Program editing tools

Introduction
- What?
- Why?
- How?
xxd (Linux)
HxD hex editor (Windows)
BEYE

Analysis automation programming

Introduction
- What?
- Why?
- How?
Python
Yara
Visual Studio (Windows)

Exploitation tools

Introduction
- What?
- Why?
- How?
Metasploit
- Multi-handler
- Resources
Netcat
Socat
Windows escalation tools
Linux escalation tools

Exploit development

Introduction
- What?
- Why?
- How?
MSFvenom
- Note on meterpreter shells
MSFvenom Payload Creator (MSFPC)
Donut
Online shellcode resources

Assemblers

Introduction
- What?
- Why?
- How?
Netwide Assembler (NASM) on Linux
- Install nasm
- Editing, assembling, and running a NASM source file
Microsoft Assembler on Windows 10 with Visual Studio Community

Compilers

Introduction
- What?
- Why?
- How?
GNU compiler (gcc) on Linux
Using Windows Subsystem for Linux with Visual Studio Code

Steganography

Introduction
- What?
- Why?
- How?
Steghide
TinEye
Coagula
Snow
Steganography_Tools
- Installation

Social engineering

Introduction
- What?
- Why?
- How?
BeEF
The Social-Engineer Toolkit (SET)
Wifiphisher

Additional hardware

Introduction
- What?
- Why?
- How?
USB sticks
Mischievous network hardware
Wireless adapters for monitoring
- Alternative adapters
  - Atheros chipset AR9271
  - Realtek chipset RTL8812AU
- Kali VM notes

Network

Introduction
- What?
- Why?
- How?
tcpdump
Wireshark
hping3
- Cheatsheets
nmap
netcat
proxychains
Ettercap
Impacket
Responder
CrackMapExec (CME)
Mimikatz

Wireless

Introduction
- What?
- Why?
- How?
Kismet
Aircrack-ng Suite
Reaver
Wifite
Fern
MDK4
EAPHammer
Wifiphisher

Mobile devices

Introduction
- What?
- Why?
- How?
The Mobile Security Framework
Spooftooph
Drozer
Android Studio
- Installation
Android Debug Bridge (ADB)
- Installation
Frida
Objection

Data exfiltration

Introduction
- What?
- Why?
- How?
TryHackMe nodes
TryHackMe DNS configurations
PyExfil
Meek

Cryptanalysis

Introduction
- What?
- Why?
- How?
Sagemath
- Troubleshooting
Ganzúa
John the Ripper
Hashcat
Cain
RsaCtfTool
RSArmageddon
THC-Hydra
Cryptol

Threat analysis

Introduction
UrlScan.io
Abuse.ch
PhishTool
Cisco Talos Intelligence
- Scenario 1
- Scenario 2
On-line resources
OpenCTI

Vulnerability management

Introduction
Nessus
MiTRE
YARA
OpenVAS
- Scanning infrastructure
- Reporting and continuous monitoring
MISP

Network traffic analysis

Introduction
tcpdump
Wireshark
nmap
NetworkMiner
Zeek
Brim
- Brim vs Wireshark vs Zeek

Endpoint detection and response

Introduction
Sysinternals Live
Wazuh
- Resources

Security information and event management

Introduction
ELK stack
Splunk

Digital forensics and incident response

Introduction
First responder toolkit
- Physical evidence collection and preservation
- Physical acquisition tools
Audit trail tools
- Task warrior
SquashFS and fsfimage
Imaging tools
- Memory acquisition in Linux
- Memory acquisition in Windows
Carving tools
Commercial tools
RedLine
Guymager
Autopsy
Kroll Artifact Parser and Extractor (KAPE)
- Target options
- Module options
Volatility
Velociraptor
- Resources
TheHive project
- Resources
Libewf and ewf-tools
BMC-tools
Google container tools
libbde-utils
- Installation
- Resources
Linux artifact analysis tools
- Analysis of storage layout and volume management

Phishing analysis

Introduction
Malware sandboxes
PhishTool

Malware analysis

Introduction
REMnux
- Resources

The lodge

The lodge
Wizardry Unclass Writeups
Improbability Blog
About
Register

Introduction

What?

Build a virtual local testlab with tools for web application pentesting.

Why?

Labs, challenges, CTFs, application pentesting, teaming.

How?

Setting up Burp Suite (Kali)
Setting up ZAP (Kali)
Using firefox as proxy for Burp and Zap
OAST alternatives
HTTP proxies and traffic analysers
Vulnerability discovery tools
Target recognition
Browser extensions
Create recon scripts

Previous Next

Unseen University, 2023, with a forest garden fostered by /ut7.