• AuthTools:NOTES
    , ,

    AuthTools:NOTES

    CrackMapExec Dump Hashes in for cracking and move laterally in network; Various Protocols – rdp, winrm, ldap, ssh, mssql, smb, ftp; —shares Enumerate shares to show accounts that are vulnerable; —sessions shows active sessions Get-Service script to check if antivirus is running on target machine…

  • THM Web App Resources
    , ,

    THM Web App Resources

    OWASP Favicon Database: Other places to find information only using basic tools: robots.txt, sitemap.xml, HTTP Headers, Framework Stack – developer tools Google Hacking / Dorking Google hacking / Dorking utilizes Google’s advanced search engine features, which allow you to pick out custom content. You can,…

  • MISP: NOTES
    , ,

    MISP: NOTES

    MISP – MALWARE INFORMATION SHARING PLATFORM MISP (Malware Information Sharing Platform) is an open-source threat information platform that facilitates the collection, storage and distribution of threat intelligence and Indicators of Compromise (IOCs) related to malware, cyber attacks, financial fraud or any intelligence within a community of trusted members.…

  • Cyber Kill Chain: NOTES
    , ,

    Cyber Kill Chain: NOTES

      Reconnaissance is discovering and collecting information on the system and the victim. The reconnaissance phase is the planning phase for the adversaries. OSINT (Open-Source Intelligence) also falls under reconnaissance. OSINT is the first step an attacker needs to complete to carry out the further phases of…

  • Vulnerability Tools:NOTES
    , ,

    Vulnerability Tools:NOTES

      Nikto Open source tool used to scan web servers; Vulnerability scans for known issues; Checks for configuration errors;   TruffleHog Scans for exposed secrets such as API Keys, Passwords and Token; Identifies sensitive information;   Grype Open Source; Scans container images; Identifies known vulnerabilities;…