Red Team
-
BlackBox UploadVuln
We'll look at this as a step-by-step process. Let's say that we've been given a website to perform a security audit on.…
-
Authentication Attacks:NOTES
Types: MFA Fatigue Attacks – Social Engineering Cyber attack repeatedly sending MFA requests; SPAM attack; Pass-The-Hash Attack – Steal Hashed user credentials…
-
ReconTools:NOTES
Wayback Machine For reviewing internet archives; Free Via internet browser; archive.org/web ; Can see historical data about a website to identify new…
-
Exploit Tools:NOTES
Metasploit Identifies potential exploits and provides ability to execute; Netcat Creates communication channels between two systems; Installed on linux, Install Nmap on…
-
AuthTools:NOTES
CrackMapExec Dump Hashes in for cracking and move laterally in network; Various Protocols – rdp, winrm, ldap, ssh, mssql, smb, ftp; —shares…
-
THM Web App Resources
OWASP Favicon Database: Other places to find information only using basic tools: robots.txt, sitemap.xml, HTTP Headers, Framework Stack – developer tools Google…
-
Vulnerability Tools:NOTES
Nikto Open source tool used to scan web servers; Vulnerability scans for known issues; Checks for configuration errors; TruffleHog Scans…
