[ ITSEC ]

IN PROGRESS

REDTEAM

Most used tool by Redteam:

• Metasploit
• Colbalt Strike
• PowerShell Empire
• Mimikatz
• Bloodhound
• Responder
• Nmap
• Nessus
• Burp Suite
• Aircrack-ng

knowledge base for redteam:

• MITRE's ATT&CK framework
• OWASP Top 10
• NIST Cybersecurity Framework (CSF)
• SANS Institute's Top 25 Most Dangerous Software Errors
• Center for Internet Security (CIS) Critical Security Controls
• ISO 27001/27002
• PCI DSS
• NIST SP 800-53
• CIS Critical Security Controls for Effective Cyber Defense
• Common Vulnerabilities and Exposures (CVE) database
• The National Vulnerability Database (NVD)
• SecurityFocus Vulnerabilities Database
• The Open Web Application Security Project (OWASP)
• The SANS Institute's Reading Room
• The Center for Strategic and International Studies (CSIS)
• The Cyber Threat Intelligence Integration Center (CTIIC)
• The Cybersecurity and Infrastructure Security Agency (CISA)
• The Department of Homeland Security (DHS)
• The Federal Bureau of Investigation (FBI)
• The National Cyber-Forensics and Training Alliance (NCFTA)

Most usefull linux command to know for it security:

• curl
• wget
• grep
• sed
• awk
• tr
• cut
• find
• xargs
• ssh

Most usefull powershell command to know as redteam:

As a red teamer, some useful PowerShell commands to know include:

• Invoke-Mimikatz: This command can be used to extract sensitive information from memory, such as plaintext passwords and NTLM hashes.
• PowerShell Empire: This is a post-exploitation framework that can be used to establish persistence, execute arbitrary code, and move laterally through a network.
• PowerShell scripts: PowerShell scripts can be used to automate tasks and perform actions such as reconnaissance, enumeration, and privilege escalation.
• Invoke-Command: This command can be used to execute commands on remote systems, making it useful for lateral movement and privilege escalation.
• Get-NetUser: This command can be used to enumerate user accounts on a remote system.
• Get-NetGroup: This command can be used to enumerate groups on a remote system.

It's important to keep in mind that using these commands or related tools may be detected and can also lead to legal issues depending on the context of usage.

---

BLUETEAM

Most used siem used by BLUETEAM:

• Splunk
• ArcSight (HP)
• LogRhythm
• RSA NetWitness
• McAfee Enterprise Security Manager (ESM)
• IBM QRadar
• Symantec (Broadcom)
• AlienVault USM
• LogPoint
• SolarWinds Log & Event Manager (LEM)

Chinese search engine:

• Baidu
• Sogou
• 360 Search
• Shenma
• Haosou
• Bing China
• Yahoo China
• Google China (currently blocked in mainland China)

Russian search engine:

• Yandex
• Google Russia
• Mail.ru
• Rambler
• Bing Russia
• Yahoo Russia
• Ask.com Russia
• Aport Russia
• Sputnik
• Nigma

Best DNS Lookup cli command:

• nslookup (Windows, Linux, macOS)
• dig (Linux, macOS)
• host (Linux, macOS)
• whois (Linux, macOS)
• nslookup (Windows)
• drill (Linux, macOS)
• dnsquery (Windows)
• dnsenum (Linux, macOS)
• dnsrecon (Linux, macOS)
• dnswalk (Linux, macOS)

Note: These tools are typically used for command-line DNS lookups, and are not necessarily the only way to perform a DNS lookup.

List of most secure crypto qlgorythm

• AES (Advanced Encryption Standard)
• Twofish
• Serpent
• Blowfish
• Threefish
• RSA (Rivest-Shamir-Adleman)
• ECC (Elliptic Curve Cryptography)
• Ed25519
• Curve25519
• Salsa20

Note: The security of a cryptographic algorithm depends on the key size and the number of rounds used. Larger key sizes and more rounds generally result in more secure encryption. Also, security of a cryptographic algorithm is not only depend on the algorithm itself but also on the implementation and how it is used.

DNS alternative to Google:

• OpenDNS
• Cloudflare
• Quad9
• Norton ConnectSafe
• Comodo Secure DNS
• Verisign Public DNS
• Level3
• OpenNIC
• FreeDNS
• Yandex.DNS

Note: These are alternative DNS providers that can be used instead of Google's DNS service. They may offer different features such as additional security or privacy protections. It's recommended to test different providers and compare the results to find the one that works best for you.

ITSEC Skills:

• Network security
• Cloud security
• Endpoint security
• Application security
• Data security
• Identity and access management
• Compliance and regulatory knowledge
• Incident response and disaster recovery
• Penetration testing and vulnerability assessments
• Security operations and monitoring
• Risk management
• Cryptography
• Security architecture and design
• Security governance and management
• Security education and awareness

Note: These are some of the common skills needed for an IT security professional. It's important to note that the field of IT security is constantly evolving, and new skills and technologies are emerging all the time, so it is important to stay up-to-date.

How to pivot for pentest:

Pivoting is a technique used in penetration testing to move from an initial point of access to other systems on the same network. Once an attacker has access to a system, they may use that system to launch further attacks against other systems on the network that are not directly accessible from the Internet. Pivoting allows an attacker to use the compromised system as a "bridge" to access and exploit other systems on the same network.
There are several ways to pivot for pentest, some of the most common methods include:
Using a proxy: By configuring a proxy on the compromised system, an attacker can use that system as a gateway to access other systems on the same network.
Port forwarding: By using tools such as SSH or Metasploit, an attacker can forward ports from the compromised system to other systems on the same network, allowing them to access those systems as if they were directly connected.
Routing: By configuring routing tables on the compromised system, an attacker can redirect network traffic to other systems on the same network.
VNC: By installing a VNC server on the compromised system, an attacker can remotely control the system and use its GUI to access other systems on the same network.
Using tools like Metasploit, an attacker can leverage the compromised system to perform attacks such as network scanning, password cracking, and exploit execution.

It's important to note that pivoting should be done carefully and by following the proper procedures to maintain the integrity of the evidence.

Information Gathering

  ace-voip
  Amap
  APT2
  arp-scan
  Automater
  bing-ip2hosts
  braa
  CaseFile
  CDPSnarf
  cisco-torch
  copy-router-config
  DMitry
  dnmap
  dnsenum
  dnsmap
  DNSRecon
  dnstracer
  dnswalk
  DotDotPwn
  enum4linux
  enumIAX
  EyeWitness
  Faraday
  Fierce
  Firewalk
  fragroute
  fragrouter
  Ghost Phisher
  GoLismero
  goofile
  hping3
  ident-user-enum
  InSpy
  InTrace
  iSMTP
  lbd
  Maltego Teeth
  masscan
  Metagoofil
  Miranda
  nbtscan-unixwiz
  Nikto
  Nmap
  ntop
  OSRFramework
  p0f
  Parsero
  Recon-ng
  SET
  SMBMap
  smtp-user-enum
  snmp-check
  SPARTA
  sslcaudit
  SSLsplit
  sslstrip
  SSLyze
  Sublist3r
  THC-IPV6
  theHarvester
  TLSSLed
  twofi
  Unicornscan
  URLCrazy
  Wireshark
  WOL-E
  Xplico

Sniffing & Spoofing

  bettercap
  Burp Suite
  DNSChef
  fiked
  hamster-sidejack
  HexInject
  iaxflood
  inviteflood
  iSMTP
  isr-evilgrade
  mitmproxy
  ohrwurm
  protos-sip
  rebind
  responder
  rtpbreak
  rtpinsertsound
  rtpmixsound
  sctpscan
  SIPArmyKnife
  SIPp
  SIPVicious
  SniffJoke
  SSLsplit
  sslstrip
  THC-IPV6
  VoIPHopper
  WebScarab
  Wifi Honey
  Wireshark
  xspy
  Yersinia
  zaproxy

Password Attacks

  BruteSpray
  Burp Suite
  CeWL
  chntpw
  cisco-auditing-tool
  CmosPwd
  creddump
  crowbar
  crunch
  findmyhash
  gpp-decrypt
  hash-identifier
  Hashcat
  HexorBase
  THC-Hydra
  John the Ripper
  Johnny
  keimpx
  Maltego Teeth
  Maskprocessor
  multiforcer
  Ncrack
  oclgausscrack
  ophcrack
  PACK
  patator
  phrasendrescher
  polenum
  RainbowCrack
  rcracki-mt
  RSMangler
  SecLists
  SQLdict
  Statsprocessor
  THC-pptp-bruter
  TrueCrack
  WebScarab
  wordlists
  zaproxy
  Maintaining Access
  CryptCat
  Cymothoa
  dbd
  dns2tcp
  HTTPTunnel
  Intersect
  Nishang
  polenum
  PowerSploit
  pwnat
  RidEnum
  sbd
  shellter
  U3-Pwn
  Webshells
  Weevely
  Winexe
  Hardware Hacking
  android-sdk
  apktool
  Arduino
  dex2jar
  Sakis3G
  smali
  Reverse Engineering
  apktool
  dex2jar
  diStorm3
  edb-debugger
  jad
  javasnoop
  JD-GUI
  OllyDbg
  smali
  Valgrind
  YARA
  Reporting Tools
  CaseFile
  cherrytree
  CutyCapt
  dos2unix
  Dradis
  MagicTree
  Metagoofil
  Nipper-ng
  pipal
  RDPY

Maintaining Access

  CryptCat
  Cymothoa
  dbd
  dns2tcp
  HTTPTunnel
  Intersect
  Nishang
  polenum
  PowerSploit
  pwnat
  RidEnum
  sbd
  shellter
  U3-Pwn
  Webshells
  Weevely
  Winexe

Reverse Engineering

  apktool
  dex2jar
  diStorm3
  edb-debugger
  jad
  javasnoop
  JD-GUI
  OllyDbg
  smali
  Valgrind
  YARA

Vulnerability Analysis

  BBQSQL
  BED
  cisco-auditing-tool
  cisco-global-exploiter
  cisco-ocs
  cisco-torch
  copy-router-config
  Doona
  DotDotPwn
  HexorBase
  jSQL Injection
  Lynis
  Nmap
  ohrwurm
  openvas
  Oscanner
  Powerfuzzer
  sfuzz
  SidGuesser
  SIPArmyKnife
  sqlmap
  Sqlninja
  sqlsus
  THC-IPV6
  tnscmd10g
  unix-privesc-check
  Yersinia

Exploitation Tools

  Armitage
  Backdoor Factory
  BeEF
  cisco-auditing-tool
  cisco-global-exploiter
  cisco-ocs
  cisco-torch
  Commix
  crackle
  exploitdb
  jboss-autopwn
  Linux Exploit Suggester
  Maltego Teeth
  Metasploit Framework
  MSFPC
  RouterSploit
  SET
  ShellNoob
  sqlmap
  THC-IPV6
  Yersinia

Wireless Attacks

  Airbase-ng
  Aircrack-ng
  Airdecap-ng and Airdecloak-ng
  Aireplay-ng
  airgraph-ng
  Airmon-ng
  Airodump-ng
  airodump-ng-oui-update
  Airolib-ng
  Airserv-ng
  Airtun-ng
  Asleap
  Besside-ng
  Bluelog
  BlueMaho
  Bluepot
  BlueRanger
  Bluesnarfer
  Bully
  coWPAtty
  crackle
  eapmd5pass
  Easside-ng
  Fern Wifi Cracker
  FreeRADIUS-WPE
  Ghost Phisher
  GISKismet
  Gqrx
  gr-scan
  hostapd-wpe
  ivstools
  kalibrate-rtl
  KillerBee
  Kismet
  makeivs-ng
  mdk3
  mfcuk
  mfoc
  mfterm
  Multimon-NG
  Packetforge-ng
  PixieWPS
  Pyrit
  Reaver
  redfang
  RTLSDR Scanner
  Spooftooph
  Tkiptun-ng
  Wesside-ng
  Wifi Honey
  wifiphisher
  Wifitap
  Wifite
  wpaclean

Forensics Tools

  Binwalk
  bulk-extractor
  Capstone
  chntpw
  Cuckoo
  dc3dd
  ddrescue
  DFF
  diStorm3
  Dumpzilla
  extundelete
  Foremost
  Galleta
  Guymager
  iPhone Backup Analyzer
  p0f
  pdf-parser
  pdfid
  pdgmail
  peepdf
  RegRipper
  Volatility
  Xplico

Web Applications

  apache-users
  Arachni
  BBQSQL
  BlindElephant
  Burp Suite
  CutyCapt
  DAVTest
  deblaze
  DIRB
  DirBuster
  fimap
  FunkLoad
  Gobuster
  Grabber
  hURL
  jboss-autopwn
  joomscan
  jSQL Injection
  Maltego Teeth
  Nikto
  PadBuster
  Paros
  Parsero
  plecost
  Powerfuzzer
  ProxyStrike
  Recon-ng
  Skipfish
  sqlmap
  Sqlninja
  sqlsus
  ua-tester
  Uniscan
  w3af
  WebScarab
  Webshag
  WebSlayer
  WebSploit
  Wfuzz
  WhatWeb
  WPScan
  XSSer
  zaproxy

Stress Testing

  DHCPig
  FunkLoad
  iaxflood
  Inundator
  inviteflood
  ipv6-toolkit
  mdk3
  Reaver
  rtpflood
  SlowHTTPTest
  t50
  Termineter
  THC-IPV6
  THC-SSL-DOS

Hardware Hacking

  android-sdk
  apktool
  Arduino
  dex2jar
  Sakis3G
  smali

Reporting Tools

  CaseFile
  cherrytree
  CutyCapt
  dos2unix
  Dradis
  MagicTree
  Metagoofil
  Nipper-ng
  pipal
  RDPY

Newsgroups

NZBVortex 3