Most Recent
-
AuthTools:NOTES
CrackMapExec Dump Hashes in for cracking and move laterally in network; Various Protocols – rdp, winrm, ldap, ssh, mssql, smb, ftp; —shares Enumerate shares to show accounts that are vulnerable; —sessions shows active sessions Get-Service script to check if antivirus is running on target machine…
-
THM Web App Resources
OWASP Favicon Database: Other places to find information only using basic tools: robots.txt, sitemap.xml, HTTP Headers, Framework Stack – developer tools Google Hacking / Dorking Google hacking / Dorking utilizes Google’s advanced search engine features, which allow you to pick out custom content. You can,…
-
MISP: NOTES
MISP – MALWARE INFORMATION SHARING PLATFORM MISP (Malware Information Sharing Platform) is an open-source threat information platform that facilitates the collection, storage and distribution of threat intelligence and Indicators of Compromise (IOCs) related to malware, cyber attacks, financial fraud or any intelligence within a community of trusted members.…
-
Cyber Kill Chain: NOTES
Reconnaissance is discovering and collecting information on the system and the victim. The reconnaissance phase is the planning phase for the adversaries. OSINT (Open-Source Intelligence) also falls under reconnaissance. OSINT is the first step an attacker needs to complete to carry out the further phases of…
-
Vulnerability Tools:NOTES
Nikto Open source tool used to scan web servers; Vulnerability scans for known issues; Checks for configuration errors; TruffleHog Scans for exposed secrets such as API Keys, Passwords and Token; Identifies sensitive information; Grype Open Source; Scans container images; Identifies known vulnerabilities;…