#_JOHLEM.net_
"scientia potentia est" - Sir Francis Bacon( today: 2023-03-27 / last update: 2023-01-24 18:00:00 CET UTC+1 hour ) updated: added pages: ITSEC & CLI.
[ ITSEC ]
IN PROGRESS
REDTEAM
Most used tool by Redteam:
- Metasploit
- Colbalt Strike
- PowerShell Empire
- Mimikatz
- Bloodhound
- Responder
- Nmap
- Nessus
- Burp Suite
- Aircrack-ng
knowledge base for redteam:
- MITRE's ATT&CK framework
- OWASP Top 10
- NIST Cybersecurity Framework (CSF)
- SANS Institute's Top 25 Most Dangerous Software Errors
- Center for Internet Security (CIS) Critical Security Controls
- ISO 27001/27002
- PCI DSS
- NIST SP 800-53
- CIS Critical Security Controls for Effective Cyber Defense
- Common Vulnerabilities and Exposures (CVE) database
- The National Vulnerability Database (NVD)
- SecurityFocus Vulnerabilities Database
- The Open Web Application Security Project (OWASP)
- The SANS Institute's Reading Room
- The Center for Strategic and International Studies (CSIS)
- The Cyber Threat Intelligence Integration Center (CTIIC)
- The Cybersecurity and Infrastructure Security Agency (CISA)
- The Department of Homeland Security (DHS)
- The Federal Bureau of Investigation (FBI)
- The National Cyber-Forensics and Training Alliance (NCFTA)
Most usefull linux command to know for it security:
Most usefull powershell command to know as redteam:
As a red teamer, some useful PowerShell commands to know include:
- Invoke-Mimikatz: This command can be used to extract sensitive information from memory, such as plaintext passwords and NTLM hashes.
- PowerShell Empire: This is a post-exploitation framework that can be used to establish persistence, execute arbitrary code, and move laterally through a network.
- PowerShell scripts: PowerShell scripts can be used to automate tasks and perform actions such as reconnaissance, enumeration, and privilege escalation.
- Invoke-Command: This command can be used to execute commands on remote systems, making it useful for lateral movement and privilege escalation.
- Get-NetUser: This command can be used to enumerate user accounts on a remote system.
- Get-NetGroup: This command can be used to enumerate groups on a remote system.
It's important to keep in mind that using these commands or related tools may be detected and can also lead to legal issues depending on the context of usage.
BLUETEAM
Most used siem used by BLUETEAM:
- Splunk
- ArcSight (HP)
- LogRhythm
- RSA NetWitness
- McAfee Enterprise Security Manager (ESM)
- IBM QRadar
- Symantec (Broadcom)
- AlienVault USM
- LogPoint
- SolarWinds Log & Event Manager (LEM)
Chinese search engine:
- Baidu
- Sogou
- 360 Search
- Shenma
- Haosou
- Bing China
- Yahoo China
- Google China (currently blocked in mainland China)
Russian search engine:
- Yandex
- Google Russia
- Mail.ru
- Rambler
- Bing Russia
- Yahoo Russia
- Ask.com Russia
- Aport Russia
- Sputnik
- Nigma
Best DNS Lookup cli command:
- nslookup (Windows, Linux, macOS)
- dig (Linux, macOS)
- host (Linux, macOS)
- whois (Linux, macOS)
- nslookup (Windows)
- drill (Linux, macOS)
- dnsquery (Windows)
- dnsenum (Linux, macOS)
- dnsrecon (Linux, macOS)
- dnswalk (Linux, macOS)
Note: These tools are typically used for command-line DNS lookups, and are not necessarily the only way to perform a DNS lookup.
List of most secure crypto qlgorythm
- AES (Advanced Encryption Standard)
- Twofish
- Serpent
- Blowfish
- Threefish
- RSA (Rivest-Shamir-Adleman)
- ECC (Elliptic Curve Cryptography)
- Ed25519
- Curve25519
- Salsa20
Note: The security of a cryptographic algorithm depends on the key size and the number of rounds used. Larger key sizes and more rounds generally result in more secure encryption. Also, security of a cryptographic algorithm is not only depend on the algorithm itself but also on the implementation and how it is used.
DNS alternative to Google:
- OpenDNS
- Cloudflare
- Quad9
- Norton ConnectSafe
- Comodo Secure DNS
- Verisign Public DNS
- Level3
- OpenNIC
- FreeDNS
- Yandex.DNS
Note: These are alternative DNS providers that can be used instead of Google's DNS service. They may offer different features such as additional security or privacy protections. It's recommended to test different providers and compare the results to find the one that works best for you.
ITSEC Skills:
- Network security
- Cloud security
- Endpoint security
- Application security
- Data security
- Identity and access management
- Compliance and regulatory knowledge
- Incident response and disaster recovery
- Penetration testing and vulnerability assessments
- Security operations and monitoring
- Risk management
- Cryptography
- Security architecture and design
- Security governance and management
- Security education and awareness
Note: These are some of the common skills needed for an IT security professional. It's important to note that the field of IT security is constantly evolving, and new skills and technologies are emerging all the time, so it is important to stay up-to-date.
How to pivot for pentest:
Pivoting is a technique used in penetration testing to move from an initial point of access to other systems on the same network. Once an attacker has access to a system, they may use that system to launch further attacks against other systems on the network that are not directly accessible from the Internet. Pivoting allows an attacker to use the compromised system as a "bridge" to access and exploit other systems on the same network. There are several ways to pivot for pentest, some of the most common methods include: Using a proxy: By configuring a proxy on the compromised system, an attacker can use that system as a gateway to access other systems on the same network. Port forwarding: By using tools such as SSH or Metasploit, an attacker can forward ports from the compromised system to other systems on the same network, allowing them to access those systems as if they were directly connected. Routing: By configuring routing tables on the compromised system, an attacker can redirect network traffic to other systems on the same network. VNC: By installing a VNC server on the compromised system, an attacker can remotely control the system and use its GUI to access other systems on the same network. Using tools like Metasploit, an attacker can leverage the compromised system to perform attacks such as network scanning, password cracking, and exploit execution. It's important to note that pivoting should be done carefully and by following the proper procedures to maintain the integrity of the evidence.
Information Gathering
ace-voip Amap APT2 arp-scan Automater bing-ip2hosts braa CaseFile CDPSnarf cisco-torch copy-router-config DMitry dnmap dnsenum dnsmap DNSRecon dnstracer dnswalk DotDotPwn enum4linux enumIAX EyeWitness Faraday Fierce Firewalk fragroute fragrouter Ghost Phisher GoLismero goofile hping3 ident-user-enum InSpy InTrace iSMTP lbd Maltego Teeth masscan Metagoofil Miranda nbtscan-unixwiz Nikto Nmap ntop OSRFramework p0f Parsero Recon-ng SET SMBMap smtp-user-enum snmp-check SPARTA sslcaudit SSLsplit sslstrip SSLyze Sublist3r THC-IPV6 theHarvester TLSSLed twofi Unicornscan URLCrazy Wireshark WOL-E Xplico
Sniffing & Spoofing
bettercap Burp Suite DNSChef fiked hamster-sidejack HexInject iaxflood inviteflood iSMTP isr-evilgrade mitmproxy ohrwurm protos-sip rebind responder rtpbreak rtpinsertsound rtpmixsound sctpscan SIPArmyKnife SIPp SIPVicious SniffJoke SSLsplit sslstrip THC-IPV6 VoIPHopper WebScarab Wifi Honey Wireshark xspy Yersinia zaproxy
Password Attacks
BruteSpray Burp Suite CeWL chntpw cisco-auditing-tool CmosPwd creddump crowbar crunch findmyhash gpp-decrypt hash-identifier Hashcat HexorBase THC-Hydra John the Ripper Johnny keimpx Maltego Teeth Maskprocessor multiforcer Ncrack oclgausscrack ophcrack PACK patator phrasendrescher polenum RainbowCrack rcracki-mt RSMangler SecLists SQLdict Statsprocessor THC-pptp-bruter TrueCrack WebScarab wordlists zaproxy Maintaining Access CryptCat Cymothoa dbd dns2tcp HTTPTunnel Intersect Nishang polenum PowerSploit pwnat RidEnum sbd shellter U3-Pwn Webshells Weevely Winexe Hardware Hacking android-sdk apktool Arduino dex2jar Sakis3G smali Reverse Engineering apktool dex2jar diStorm3 edb-debugger jad javasnoop JD-GUI OllyDbg smali Valgrind YARA Reporting Tools CaseFile cherrytree CutyCapt dos2unix Dradis MagicTree Metagoofil Nipper-ng pipal RDPY
Maintaining Access
CryptCat Cymothoa dbd dns2tcp HTTPTunnel Intersect Nishang polenum PowerSploit pwnat RidEnum sbd shellter U3-Pwn Webshells Weevely Winexe
Reverse Engineering
apktool dex2jar diStorm3 edb-debugger jad javasnoop JD-GUI OllyDbg smali Valgrind YARA
Vulnerability Analysis
BBQSQL BED cisco-auditing-tool cisco-global-exploiter cisco-ocs cisco-torch copy-router-config Doona DotDotPwn HexorBase jSQL Injection Lynis Nmap ohrwurm openvas Oscanner Powerfuzzer sfuzz SidGuesser SIPArmyKnife sqlmap Sqlninja sqlsus THC-IPV6 tnscmd10g unix-privesc-check Yersinia
Exploitation Tools
Armitage Backdoor Factory BeEF cisco-auditing-tool cisco-global-exploiter cisco-ocs cisco-torch Commix crackle exploitdb jboss-autopwn Linux Exploit Suggester Maltego Teeth Metasploit Framework MSFPC RouterSploit SET ShellNoob sqlmap THC-IPV6 Yersinia
Wireless Attacks
Airbase-ng Aircrack-ng Airdecap-ng and Airdecloak-ng Aireplay-ng airgraph-ng Airmon-ng Airodump-ng airodump-ng-oui-update Airolib-ng Airserv-ng Airtun-ng Asleap Besside-ng Bluelog BlueMaho Bluepot BlueRanger Bluesnarfer Bully coWPAtty crackle eapmd5pass Easside-ng Fern Wifi Cracker FreeRADIUS-WPE Ghost Phisher GISKismet Gqrx gr-scan hostapd-wpe ivstools kalibrate-rtl KillerBee Kismet makeivs-ng mdk3 mfcuk mfoc mfterm Multimon-NG Packetforge-ng PixieWPS Pyrit Reaver redfang RTLSDR Scanner Spooftooph Tkiptun-ng Wesside-ng Wifi Honey wifiphisher Wifitap Wifite wpaclean
Forensics Tools
Binwalk bulk-extractor Capstone chntpw Cuckoo dc3dd ddrescue DFF diStorm3 Dumpzilla extundelete Foremost Galleta Guymager iPhone Backup Analyzer p0f pdf-parser pdfid pdgmail peepdf RegRipper Volatility Xplico
Web Applications
apache-users Arachni BBQSQL BlindElephant Burp Suite CutyCapt DAVTest deblaze DIRB DirBuster fimap FunkLoad Gobuster Grabber hURL jboss-autopwn joomscan jSQL Injection Maltego Teeth Nikto PadBuster Paros Parsero plecost Powerfuzzer ProxyStrike Recon-ng Skipfish sqlmap Sqlninja sqlsus ua-tester Uniscan w3af WebScarab Webshag WebSlayer WebSploit Wfuzz WhatWeb WPScan XSSer zaproxy
Stress Testing
DHCPig FunkLoad iaxflood Inundator inviteflood ipv6-toolkit mdk3 Reaver rtpflood SlowHTTPTest t50 Termineter THC-IPV6 THC-SSL-DOS
Hardware Hacking
android-sdk apktool Arduino dex2jar Sakis3G smali
Reporting Tools
CaseFile cherrytree CutyCapt dos2unix Dradis MagicTree Metagoofil Nipper-ng pipal RDPY