[ ITSEC ]

IN PROGRESS

REDTEAM

Most used tool by Redteam:

• Metasploit
• Colbalt Strike
• PowerShell Empire
• Mimikatz
• Bloodhound
• Responder
• Nmap
• Nessus
• Burp Suite
• Aircrack-ng

knowledge base for redteam:

• MITRE's ATT&CK framework
• OWASP Top 10
• NIST Cybersecurity Framework (CSF)
• SANS Institute's Top 25 Most Dangerous Software Errors
• Center for Internet Security (CIS) Critical Security Controls
• ISO 27001/27002
• PCI DSS
• NIST SP 800-53
• CIS Critical Security Controls for Effective Cyber Defense
• Common Vulnerabilities and Exposures (CVE) database
• The National Vulnerability Database (NVD)
• SecurityFocus Vulnerabilities Database
• The Open Web Application Security Project (OWASP)
• The SANS Institute's Reading Room
• The Center for Strategic and International Studies (CSIS)
• The Cyber Threat Intelligence Integration Center (CTIIC)
• The Cybersecurity and Infrastructure Security Agency (CISA)
• The Department of Homeland Security (DHS)
• The Federal Bureau of Investigation (FBI)
• The National Cyber-Forensics and Training Alliance (NCFTA)

Most usefull linux command to know for it security:

• curl
• wget
• grep
• sed
• awk
• tr
• cut
• find
• xargs
• ssh

Most usefull powershell command to know as redteam:

As a red teamer, some useful PowerShell commands to know include:

• Invoke-Mimikatz: This command can be used to extract sensitive information from memory, such as plaintext passwords and NTLM hashes.
• PowerShell Empire: This is a post-exploitation framework that can be used to establish persistence, execute arbitrary code, and move laterally through a network.
• PowerShell scripts: PowerShell scripts can be used to automate tasks and perform actions such as reconnaissance, enumeration, and privilege escalation.
• Invoke-Command: This command can be used to execute commands on remote systems, making it useful for lateral movement and privilege escalation.
• Get-NetUser: This command can be used to enumerate user accounts on a remote system.
• Get-NetGroup: This command can be used to enumerate groups on a remote system.

It's important to keep in mind that using these commands or related tools may be detected and can also lead to legal issues depending on the context of usage.

---

BLUETEAM

Most used siem used by BLUETEAM:

• Splunk
• ArcSight (HP)
• LogRhythm
• RSA NetWitness
• McAfee Enterprise Security Manager (ESM)
• IBM QRadar
• Symantec (Broadcom)
• AlienVault USM
• LogPoint
• SolarWinds Log & Event Manager (LEM)

Chinese search engine:

• Baidu
• Sogou
• 360 Search
• Shenma
• Haosou
• Bing China
• Yahoo China
• Google China (currently blocked in mainland China)

Russian search engine:

• Yandex
• Google Russia
• Mail.ru
• Rambler
• Bing Russia
• Yahoo Russia
• Ask.com Russia
• Aport Russia
• Sputnik
• Nigma

Best DNS Lookup cli command:

• nslookup (Windows, Linux, macOS)
• dig (Linux, macOS)
• host (Linux, macOS)
• whois (Linux, macOS)
• nslookup (Windows)
• drill (Linux, macOS)
• dnsquery (Windows)
• dnsenum (Linux, macOS)
• dnsrecon (Linux, macOS)
• dnswalk (Linux, macOS)

Note: These tools are typically used for command-line DNS lookups, and are not necessarily the only way to perform a DNS lookup.

List of most secure crypto qlgorythm

• AES (Advanced Encryption Standard)
• Twofish
• Serpent
• Blowfish
• Threefish
• RSA (Rivest-Shamir-Adleman)
• ECC (Elliptic Curve Cryptography)
• Ed25519
• Curve25519
• Salsa20

Note: The security of a cryptographic algorithm depends on the key size and the number of rounds used. Larger key sizes and more rounds generally result in more secure encryption. Also, security of a cryptographic algorithm is not only depend on the algorithm itself but also on the implementation and how it is used.

DNS alternative to Google:

• OpenDNS
• Cloudflare
• Quad9
• Norton ConnectSafe
• Comodo Secure DNS
• Verisign Public DNS
• Level3
• OpenNIC
• FreeDNS
• Yandex.DNS

Note: These are alternative DNS providers that can be used instead of Google's DNS service. They may offer different features such as additional security or privacy protections. It's recommended to test different providers and compare the results to find the one that works best for you.

ITSEC Skills:

• Network security
• Cloud security
• Endpoint security
• Application security
• Data security
• Identity and access management
• Compliance and regulatory knowledge
• Incident response and disaster recovery
• Penetration testing and vulnerability assessments
• Security operations and monitoring
• Risk management
• Cryptography
• Security architecture and design
• Security governance and management
• Security education and awareness

Note: These are some of the common skills needed for an IT security professional. It's important to note that the field of IT security is constantly evolving, and new skills and technologies are emerging all the time, so it is important to stay up-to-date.

How to pivot for pentest:

Pivoting is a technique used in penetration testing to move from an initial point of access to other systems on the same network. Once an attacker has access to a system, they may use that system to launch further attacks against other systems on the network that are not directly accessible from the Internet. Pivoting allows an attacker to use the compromised system as a "bridge" to access and exploit other systems on the same network. There are several ways to pivot for pentest, some of the most common methods include: Using a proxy: By configuring a proxy on the compromised system, an attacker can use that system as a gateway to access other systems on the same network. Port forwarding: By using tools such as SSH or Metasploit, an attacker can forward ports from the compromised system to other systems on the same network, allowing them to access those systems as if they were directly connected. Routing: By configuring routing tables on the compromised system, an attacker can redirect network traffic to other systems on the same network. VNC: By installing a VNC server on the compromised system, an attacker can remotely control the system and use its GUI to access other systems on the same network. Using tools like Metasploit, an attacker can leverage the compromised system to perform attacks such as network scanning, password cracking, and exploit execution. It's important to note that pivoting should be done carefully and by following the proper procedures to maintain the integrity of the evidence.

Information Gathering

• ace-voip
• Amap
• APT2
• arp-scan
• Automater
• bing-ip2hosts
• braa
• CaseFile
• CDPSnarf
• cisco-torch
• copy-router-config
• DMitry
• dnmap
• dnsenum
• dnsmap
• DNSRecon
• dnstracer
• dnswalk
• DotDotPwn
• enum4linux
• enumIAX
• EyeWitness
• Faraday
• Fierce
• Firewalk
• fragroute
• fragrouter
• Ghost Phisher
• GoLismero
• goofile
• hping3
• ident-user-enum
• InSpy
• InTrace
• iSMTP
• lbd
• Maltego Teeth
• masscan
• Metagoofil
• Miranda
• nbtscan-unixwiz
• Nikto
• Nmap
• ntop
• OSRFramework
• p0f
• Parsero
• Recon-ng
• SET
• SMBMap
• smtp-user-enum
• snmp-check
• SPARTA
• sslcaudit
• SSLsplit
• sslstrip
• SSLyze
• Sublist3r
• THC-IPV6
• theHarvester
• TLSSLed
• twofi
• Unicornscan
• URLCrazy
• Wireshark
• WOL-E
• Xplico

Sniffing & Spoofing

• bettercap
• Burp Suite
• DNSChef
• fiked
• hamster-sidejack
• HexInject
• iaxflood
• inviteflood
• iSMTP
• isr-evilgrade
• mitmproxy
• ohrwurm
• protos-sip
• rebind
• responder
• rtpbreak
• rtpinsertsound
• rtpmixsound
• sctpscan
• SIPArmyKnife
• SIPp
• SIPVicious
• SniffJoke
• SSLsplit
• sslstrip
• THC-IPV6
• VoIPHopper
• WebScarab
• Wifi Honey
• Wireshark
• xspy
• Yersinia
• zaproxy

Password Attacks

• BruteSpray
• Burp Suite
• CeWL
• chntpw
• cisco-auditing-tool
• CmosPwd
• creddump
• crowbar
• crunch
• findmyhash
• gpp-decrypt
• hash-identifier
• Hashcat
• HexorBase
• THC-Hydra
• John the Ripper
• Johnny
• keimpx
• Maltego Teeth
• Maskprocessor
• multiforcer
• Ncrack
• oclgausscrack
• ophcrack
• PACK
• patator
• phrasendrescher
• polenum
• RainbowCrack
• rcracki-mt
• RSMangler
• SecLists
• SQLdict
• Statsprocessor
• THC-pptp-bruter
• TrueCrack
• WebScarab
• wordlists
• zaproxy
• Maintaining Access
• CryptCat
• Cymothoa
• dbd
• dns2tcp
• HTTPTunnel
• Intersect
• Nishang
• polenum
• PowerSploit
• pwnat
• RidEnum
• sbd
• shellter
• U3-Pwn
• Webshells
• Weevely
• Winexe
• Hardware Hacking
• android-sdk
• apktool
• Arduino
• dex2jar
• Sakis3G
• smali
• Reverse Engineering
• apktool
• dex2jar
• diStorm3
• edb-debugger
• jad
• javasnoop
• JD-GUI
• OllyDbg
• smali
• Valgrind
• YARA
• Reporting Tools
• CaseFile
• cherrytree
• CutyCapt
• dos2unix
• Dradis
• MagicTree
• Metagoofil
• Nipper-ng
• pipal
• RDPY

Maintaining Access

• CryptCat
• Cymothoa
• dbd
• dns2tcp
• HTTPTunnel
• Intersect
• Nishang
• polenum
• PowerSploit
• pwnat
• RidEnum
• sbd
• shellter
• U3-Pwn
• Webshells
• Weevely
• Winexe

Reverse Engineering

• apktool
• dex2jar
• diStorm3
• edb-debugger
• jad
• javasnoop
• JD-GUI
• OllyDbg
• smali
• Valgrind
• YARA

Vulnerability Analysis

• BBQSQL
• BED
• cisco-auditing-tool
• cisco-global-exploiter
• cisco-ocs
• cisco-torch
• copy-router-config
• Doona
• DotDotPwn
• HexorBase
• jSQL Injection
• Lynis
• Nmap
• ohrwurm
• openvas
• Oscanner
• Powerfuzzer
• sfuzz
• SidGuesser
• SIPArmyKnife
• sqlmap
• Sqlninja
• sqlsus
• THC-IPV6
• tnscmd10g
• unix-privesc-check
• Yersinia

Exploitation Tools

• Armitage
• Backdoor Factory
• BeEF
• cisco-auditing-tool
• cisco-global-exploiter
• cisco-ocs
• cisco-torch
• Commix
• crackle
• exploitdb
• jboss-autopwn
• Linux Exploit Suggester
• Maltego Teeth
• Metasploit Framework
• MSFPC
• RouterSploit
• SET
• ShellNoob
• sqlmap
• THC-IPV6
• Yersinia

Wireless Attacks

• Airbase-ng
• Aircrack-ng
• Airdecap-ng and Airdecloak-ng
• Aireplay-ng
• airgraph-ng
• Airmon-ng
• Airodump-ng
• airodump-ng-oui-update
• Airolib-ng
• Airserv-ng
• Airtun-ng
• Asleap
• Besside-ng
• Bluelog
• BlueMaho
• Bluepot
• BlueRanger
• Bluesnarfer
• Bully
• coWPAtty
• crackle
• eapmd5pass
• Easside-ng
• Fern Wifi Cracker
• FreeRADIUS-WPE
• Ghost Phisher
• GISKismet
• Gqrx
• gr-scan
• hostapd-wpe
• ivstools
• kalibrate-rtl
• KillerBee
• Kismet
• makeivs-ng
• mdk3
• mfcuk
• mfoc
• mfterm
• Multimon-NG
• Packetforge-ng
• PixieWPS
• Pyrit
• Reaver
• redfang
• RTLSDR Scanner
• Spooftooph
• Tkiptun-ng
• Wesside-ng
• Wifi Honey
• wifiphisher
• Wifitap
• Wifite
• wpaclean

Forensics Tools

• Binwalk
• bulk-extractor
• Capstone
• chntpw
• Cuckoo
• dc3dd
• ddrescue
• DFF
• diStorm3
• Dumpzilla
• extundelete
• Foremost
• Galleta
• Guymager
• iPhone Backup Analyzer
• p0f
• pdf-parser
• pdfid
• pdgmail
• peepdf
• RegRipper
• Volatility
• Xplico

Web Applications

• Burp Suite
• CutyCapt
• DAVTest
• deblaze
• DIRB
• DirBuster
• fimap
• FunkLoad
• Gobuster
• Grabber
• hURL
• jboss-autopwn
• joomscan
• jSQL Injection
• Maltego Teeth
• Nikto
• PadBuster
• Paros
• Parsero
• plecost
• Powerfuzzer
• ProxyStrike
• Recon-ng
• Skipfish
• sqlmap
• Sqlninja
• sqlsus
• ua-tester
• Uniscan
• w3af
• WebScarab
• Webshag
• WebSlayer
• WebSploit
• Wfuzz
• WhatWeb
• WPScan
• XSSer
• zaproxy

Stress Testing

• DHCPig
• FunkLoad
• iaxflood
• Inundator
• inviteflood
• ipv6-toolkit
• mdk3
• Reaver
• rtpflood
• SlowHTTPTest
• t50
• Termineter
• THC-IPV6
• THC-SSL-DOS

Hardware Hacking

• android-sdk
• apktool
• Arduino
• dex2jar
• Sakis3G
• smali

Reporting Tools

• CaseFile
• cherrytree
• CutyCapt
• dos2unix
• Dradis
• MagicTree
• Metagoofil
• Nipper-ng
• pipal
• RDPY

Newsgroups

NZBVortex 3