-
CTI: NOTES
Cyber Threat Intelligence (CTI) can be defined as evidence-based knowledge about adversaries, including their indicators, tactics, motivations, and actionable advice against them. These can be utilised to protect critical assets and inform cyber security teams and management business decisions. It would be typical to use…
-
UKC: NOTES
Threat modelling, in a cybersecurity context, is a series of steps to ultimately improve the security of a system. Threat modelling is about identifying risk and essentially boils down to: Threat modelling is an important procedure in reducing the risk within a system or application,…
-
Authentication Attacks:NOTES
Types: MFA Fatigue Attacks – Social Engineering Cyber attack repeatedly sending MFA requests; SPAM attack; Pass-The-Hash Attack – Steal Hashed user credentials then use them to create a new session; Pass-The-Ticket Attack – Steal Kerberos tickets and use them to move laterally through an organisations…
-
ReconTools:NOTES
Wayback Machine For reviewing internet archives; Free Via internet browser; archive.org/web ; Can see historical data about a website to identify new changes which may have vulnerabilities; Can potentially find out/recover sensitive information if published at a previous time; API Functionality; Maltego For Link…
-
Exploit Tools:NOTES
Metasploit Identifies potential exploits and provides ability to execute; Netcat Creates communication channels between two systems; Installed on linux, Install Nmap on windows to access ncat command; Put a system into listening state for remote connection later; Listening over ports; Remote connection to devices; Impacket…
-
AuthTools:NOTES
CrackMapExec Dump Hashes in for cracking and move laterally in network; Various Protocols – rdp, winrm, ldap, ssh, mssql, smb, ftp; —shares Enumerate shares to show accounts that are vulnerable; —sessions shows active sessions Get-Service script to check if antivirus is running on target machine…
-
THM Web App Resources
OWASP Favicon Database: Other places to find information only using basic tools: robots.txt, sitemap.xml, HTTP Headers, Framework Stack – developer tools Google Hacking / Dorking Google hacking / Dorking utilizes Google’s advanced search engine features, which allow you to pick out custom content. You can,…
-
MISP: NOTES
MISP – MALWARE INFORMATION SHARING PLATFORM MISP (Malware Information Sharing Platform) is an open-source threat information platform that facilitates the collection, storage and distribution of threat intelligence and Indicators of Compromise (IOCs) related to malware, cyber attacks, financial fraud or any intelligence within a community of trusted members.…
-
Cyber Kill Chain: NOTES
Reconnaissance is discovering and collecting information on the system and the victim. The reconnaissance phase is the planning phase for the adversaries. OSINT (Open-Source Intelligence) also falls under reconnaissance. OSINT is the first step an attacker needs to complete to carry out the further phases of…
-
Vulnerability Tools:NOTES
Nikto Open source tool used to scan web servers; Vulnerability scans for known issues; Checks for configuration errors; TruffleHog Scans for exposed secrets such as API Keys, Passwords and Token; Identifies sensitive information; Grype Open Source; Scans container images; Identifies known vulnerabilities;…
Blog
