Browse Source

Few small tweaks, still no ATT&CK update. Coming later Today

pull/9/head
root 5 years ago
parent
commit
9ae8c04af0
12 changed files with 782 additions and 1862 deletions
  1. +78
    -100
      Draft/CTFs_Wargames.md
  2. +78
    -109
      Draft/Cheat sheets reference pages Checklists -.md
  3. +5
    -2
      Draft/CryptoCurrencies.md
  4. +24
    -49
      Draft/Darknets.md
  5. +1
    -6
      Draft/Disclosure.md
  6. +4
    -22
      Draft/Disinformation.md
  7. +201
    -330
      Draft/Open Source Intelligence.md
  8. +1
    -1
      Draft/Port_List.md
  9. +306
    -393
      Draft/Privilege Escalation & Post-Exploitation.md
  10. +72
    -23
      Draft/Red-Teaming.md
  11. +1
    -826
      Draft/things-added.md
  12. +11
    -1
      README.md

+ 78
- 100
Draft/CTFs_Wargames.md View File

@ -10,7 +10,7 @@
#### Cull
[CTF Scripts and PyInstaller (.py > .exe) ](http://www.primalsecurity.net/ctf-scripts-and-pyinstaller-py-exe/)
[Greenhorn](https://github.com/trailofbits/greenhorn)
* Greenhorn is a Windows Pwnable released during CSAW Quals 2014. It's meant to be an introduction to modern Windows binary exploitation.
@ -23,113 +23,91 @@ pentestit
pentestlab
root-me
#### end cull
-----
### <a name="general">General</a>
[ctf-time](https://ctftime.org/)
[Suggestions on Running a CTF](https://github.com/pwning/docs/blob/master/suggestions-for-running-a-ctf.markdown)
* This document describes some of the design decisions and technical details involved in running a CTF competition. It attempts to summarize some opinions held by the CTF community and list some specific pitfalls to avoid when designing problems.
[CTF Writeups](https://github.com/ctfs/write-ups)
[CTF write-ups 2015](https://github.com/ctfs/write-ups-2015)
General
* [ctf-time](https://ctftime.org/)
* 101
* [How to play your first OpenCTF](http://www.openctf.com/html/firstctf.html)
* [Capture The Flag (CTF): What Is It for a Newbie?](https://www.alienvault.com/blogs/security-essentials/capture-the-flag-ctf-what-is-it-for-a-newbie)
* [Advice for my first CTF? - Reddit Thread](https://www.reddit.com/r/hacking/comments/24py5h/advice_for_my_first_ctf/)
* Beginner Focused CTFs
* Challenge Archives
* [Archive of recent CTFs](http://repo.shell-storm.org/CTF/)
* Challenges (one-offs)
* [Forensics Contest](http://forensicscontest.com/)
* [List of themed Hacker challenges](http://counterhack.net/Counter_Hack/Challenges.html)
* [Sans Community Forensics Challenges](https://www.digital-forensics.sans.org/community/challenges)
* Challenge Sites
* [HacktheBox.eu](https://www.hackthebox.eu/)
* [Wechall](http://wechall.net/)
* An amazing site. Tracks, lists, scores, various challenge sites. If you’re looking for a challenge or two, and not a wargame, this is the site you want to hit up first.
* [XSS Challenge Wiki](https://github.com/cure53/xss-challenge-wiki/wiki)
* A wiki that contains various xss challenges.
* [Halls of Valhalla](http://halls-of-valhalla.org/beta/challenges)
* [EnigmaGroup](http://www.enigmagroup.org/)
* [cmdchallenge](https://github.com/jarv/cmdchallenge)
* This repo holds the challenges for cmdchallenge.co - command-line challenges - can add your own/modify existing challenges
* [Canyouhackit](http://canyouhack.it/)
* Can You Hack It is a Hacking Challenge site designed to not only allow you to test and improve your skills in a wide variety of categories but to socialise both on the forums and on our IRC channel with other security enthusiasts.
* [Tasteless](http://chall.tasteless.se/)
* [Hack This](https://www.hackthis.co.uk/)
* [XSS Challenge Wiki](https://github.com/cure53/xss-challenge-wiki/wiki)
* [List without spoilers:](https://github.com/cure53/xss-challenge-wiki/wiki/Older-Challenges-and-Write-Ups)
* Educational
* [Suggestions on Running a CTF](https://github.com/pwning/docs/blob/master/suggestions-for-running-a-ctf.markdown)
* This document describes some of the design decisions and technical details involved in running a CTF competition. It attempts to summarize some opinions held by the CTF community and list some specific pitfalls to avoid when designing problems.
* [The Many Maxims of Maximally Effective CTFs](http://captf.com/maxims.html)
* General
* [CTF Field Guide - TrailofBits](https://trailofbits.github.io/ctf/)
* [Golden Flag CTF Awards](http://golden-flags.com/)
* Handy Tools
* [pngcheck](http://www.libpng.org/pub/png/apps/pngcheck.html)
* pngcheck verifies the integrity of PNG, JNG and MNG files (by checking the internal 32-bit CRCs [checksums] and decompressing the image data); it can optionally dump almost all of the chunk-level information in the image in human-readable form. For example, it can be used to print the basic statistics about an image (dimensions, bit depth, etc.); to list the color and transparency info in its palette (assuming it has one); or to extract the embedded text annotations. This is a command-line program with batch capabilities.
* [pwntools](https://github.com/Gallopsled/pwntools)
* [CTF Scripts and PyInstaller (.py > .exe) ](http://www.primalsecurity.net/ctf-scripts-and-pyinstaller-py-exe/)
* Making Your Own CTF
* [AppJailLauncher](https://github.com/trailofbits/AppJailLauncher)
* CTF Challenge Framework for Windows 8 and above
* [CTFd](https://github.com/isislab/CTFd)
* CTFd is a CTF in a can. Easily modifiable and has everything you need to run a jeopardy style CTF.
* [iCTF Framwork](https://github.com/ucsb-seclab/ictf-framework)
* This is the framework that the UC Santa Barbara Seclab uses to host the iCTF, and that can be used to create your own CTFs at http://ictf.cs.ucsb.edu/framework. The framework creates several VMs: one for the organizers and one for every team.
* [NightShade](https://github.com/UnrealAkama/NightShade)
* NightShade is a simple security capture the flag framework that is designed to make running your own contest as easy as possible.
* [Mellivora](https://github.com/Nakiami/mellivora)
* Mellivora is a CTF engine written in PHP
* [SecGen](https://github.com/SecGen/SecGen)
* SecGen creates vulnerable virtual machines so students can learn security penetration testing techniques.
* Vulnerable Virtual Machines
* [Vulnhub](https://www.Vulnhub.com)
* [The Hacker Games](http://www.scriptjunkie.us/2012/04/the-hacker-games/)
* VM Setup to practice VM breakouts/defense. Hack the VM before it hacks you!
* [VM Download](http://www.scriptjunkie.us/files/TheHackerGames.zip)
* [VulnInjector](https://github.com/g0tmi1k/VulnInjector)
* Generates a 'vulnerable' machine using the end users own setup files & product keys.
* Wargames
* [Ringzer0 team CTF](http://ringzer0team.com/)
* Description: RingZer0 Team's online CTF offers you tons of challenges designed to test and improve your hacking skills thru hacking challenge. Register and get a flag for every challenges.
* [pwn0 Wargame](https://pwn0.com/)
* “pwn0 is a network where (almost) anything goes. Just sign up, connect to the VPN, and start hacking. pwn0 on freenode “
* [Microcorruption](https://microcorruption.com/login)
* Awesome wargame.
* [OverTheWire Wargames](http://overthewire.org/wargames/)
* OverTheWire provides several wargames publicly/freely available. All very good quality. Highly recommended.
* [Smash the Stack Wargames](http://smashthestack.org/)
* Smash the stack hosts several public wargames of very good quality for free use. Highly recommended.
* Writeups
* [CTF Writeups](https://github.com/ctfs/write-ups)
* [CTF write-ups 2015](https://github.com/ctfs/write-ups-2015)
* [CTF write-ups 2017](https://github.com/ctfs/write-ups-2017)
* [Pwning (sometimes) with style Dragons’ notes on CTFs](http://j00ru.vexillium.org/blog/24_03_15/dragons_ctf.pdf)
[CTF write-ups 2017](https://github.com/ctfs/write-ups-2017)
[Archive of recent CTFs](http://repo.shell-storm.org/CTF/)
[The Many Maxims of Maximally Effective CTFs](http://captf.com/maxims.html)
[Pwning (sometimes) with style Dragons’ notes on CTFs](http://j00ru.vexillium.org/blog/24_03_15/dragons_ctf.pdf)
[Golden Flag CTF Awards](http://golden-flags.com/)
-----
### <a name="wargames">Wargames</a>
* [Ringzer0 team CTF](http://ringzer0team.com/)
* Description: RingZer0 Team's online CTF offers you tons of challenges designed to test and improve your hacking skills thru hacking challenge. Register and get a flag for every challenges.
* [pwn0 Wargame](https://pwn0.com/)
* “pwn0 is a network where (almost) anything goes. Just sign up, connect to the VPN, and start hacking. pwn0 on freenode “
* [Microcorruption](https://microcorruption.com/login)
* Awesome wargame.
* [OverTheWire Wargames](http://overthewire.org/wargames/)
* OverTheWire provides several wargames publicly/freely available. All very good quality. Highly recommended.
* [Smash the Stack Wargames](http://smashthestack.org/)
* Smash the stack hosts several public wargames of very good quality for free use. Highly recommended.
-----
### Making/Hosting your own CTF
* [CTFd](https://github.com/isislab/CTFd)
* CTFd is a CTF in a can. Easily modifiable and has everything you need to run a jeopardy style CTF.
* [iCTF Framwork](https://github.com/ucsb-seclab/ictf-framework)
* This is the framework that the UC Santa Barbara Seclab uses to host the iCTF, and that can be used to create your own CTFs at http://ictf.cs.ucsb.edu/framework. The framework creates several VMs: one for the organizers and one for every team.
-----
### <a name="vulnvm">Vulnerable Virtual Machines</a>
[Vulnhub](https://www.Vulnhub.com)
[The Hacker Games](http://www.scriptjunkie.us/2012/04/the-hacker-games/)
* VM Setup to practice VM breakouts/defense. Hack the VM before it hacks you!
* [VM Download](http://www.scriptjunkie.us/files/TheHackerGames.zip)
[VulnInjector](https://github.com/g0tmi1k/VulnInjector)
* Generates a 'vulnerable' machine using the end users own setup files & product keys.
-----
### <a name="challenge">Challenge Sites</a>
* [HacktheBox.eu](https://www.hackthebox.eu/)
* [Wechall](http://wechall.net/)
* An amazing site. Tracks, lists, scores, various challenge sites. If you’re looking for a challenge or two, and not a wargame, this is the site you want to hit up first.
* [XSS Challenge Wiki](https://github.com/cure53/xss-challenge-wiki/wiki)
* A wiki that contains various xss challenges.
* [Halls of Valhalla](http://halls-of-valhalla.org/beta/challenges)
* [EnigmaGroup](http://www.enigmagroup.org/)
* [cmdchallenge](https://github.com/jarv/cmdchallenge)
* This repo holds the challenges for cmdchallenge.co - command-line challenges - can add your own/modify existing challenges
* [Canyouhackit](http://canyouhack.it/)
* Can You Hack It is a Hacking Challenge site designed to not only allow you to test and improve your skills in a wide variety of categories but to socialise both on the forums and on our IRC channel with other security enthusiasts.
* [Tasteless](http://chall.tasteless.se/)
* [Hack This](https://www.hackthis.co.uk/)
* [XSS Challenge Wiki](https://github.com/cure53/xss-challenge-wiki/wiki)
* [List without spoilers:](https://github.com/cure53/xss-challenge-wiki/wiki/Older-Challenges-and-Write-Ups)
-----
### <a name="puzzle">One-off Challenges and Puzzles</a>
* [Forensics Contest](http://forensicscontest.com/)
* [List of themed Hacker challenges](http://counterhack.net/Counter_Hack/Challenges.html)
* [Sans Community Forensics Challenges](https://www.digital-forensics.sans.org/community/challenges)
-----
### Tools handy for CTFs
* [pngcheck](http://www.libpng.org/pub/png/apps/pngcheck.html)
* pngcheck verifies the integrity of PNG, JNG and MNG files (by checking the internal 32-bit CRCs [checksums] and decompressing the image data); it can optionally dump almost all of the chunk-level information in the image in human-readable form. For example, it can be used to print the basic statistics about an image (dimensions, bit depth, etc.); to list the color and transparency info in its palette (assuming it has one); or to extract the embedded text annotations. This is a command-line program with batch capabilities.
-----
### <a name="make"></a>Making Your Own CTF
* [AppJailLauncher](https://github.com/trailofbits/AppJailLauncher)
* CTF Challenge Framework for Windows 8 and above
* [NightShade](https://github.com/UnrealAkama/NightShade)
* NightShade is a simple security capture the flag framework that is designed to make running your own contest as easy as possible.
* [Mellivora](https://github.com/Nakiami/mellivora)
* Mellivora is a CTF engine written in PHP
* [SecGen](https://github.com/SecGen/SecGen)
* SecGen creates vulnerable virtual machines so students can learn security penetration testing techniques.

+ 78
- 109
Draft/Cheat sheets reference pages Checklists -.md View File

@ -30,165 +30,134 @@ http://www.amanhardikar.com/mindmaps/Practice.html
#### end cull
## General
[How to Suck at Information Security](https://zeltser.com/suck-at-security-cheat-sheet/)
----------
### <a name="General">General Cheat Sheets</a>
[Tips for Troubleshooting Human Communications](https://zeltser.com/human-communications-cheat-sheet/)
[Nmap](https://highon.coffee/docs/nmap/)
[Security Architecture Cheat Sheet for Internet Applications](https://zeltser.com/security-architecture-cheat-sheet/)
[General Tricks](http://averagesecurityguy.info/cheat-sheet/)
[Penetration Testing Tools Cheat Sheet](https://highon.coffee/blog/penetration-testing-tools-cheat-sheet/)
[tmux Cheat Sheet](http://tmuxcheatsheet.com/)
**General Cheat Sheets**
* [How to Suck at Information Security](https://zeltser.com/suck-at-security-cheat-sheet/)
* [Tips for Troubleshooting Human Communications](https://zeltser.com/human-communications-cheat-sheet/)
* [Nmap](https://highon.coffee/docs/nmap/)
* [General Tricks](http://averagesecurityguy.info/cheat-sheet/)
* [Penetration Testing Tools Cheat Sheet](https://highon.coffee/blog/penetration-testing-tools-cheat-sheet/)
* [Security Architecture Cheat Sheet for Internet Applications](https://zeltser.com/security-architecture-cheat-sheet/)
* [tmux Cheat Sheet](http://tmuxcheatsheet.com/)
----------
### <a name="ASM">x86/64/ARM</a>
[x86 opcode structure and instruction overview](http://pnx.tf/files/x86_opcode_structure_and_instruction_overview.pdf)
[Intro to x86 calling conventions](http://codearcana.com/posts/2013/05/21/a-brief-introduction-to-x86-calling-conventions.html)
[Reading ASM](http://cseweb.ucsd.edu/classes/sp11/cse141/pdf/02/S01_x86_64.key.pdf)
[Assembler Language Instructions](http://www.laynetworks.com/assembly%20tutorials3.htm)
**ASM Cheat Sheets**
* [x86 opcode structure and instruction overview](http://pnx.tf/files/x86_opcode_structure_and_instruction_overview.pdf)
* [Intro to x86 calling conventions](http://codearcana.com/posts/2013/05/21/a-brief-introduction-to-x86-calling-conventions.html)
* [Reading ASM](http://cseweb.ucsd.edu/classes/sp11/cse141/pdf/02/S01_x86_64.key.pdf)
* [Assembler Language Instructions](http://www.laynetworks.com/assembly%20tutorials3.htm)
----------
### <a name="Android">Android Cheat Sheets</a>
[Android ADB cheat sheet](https://github.com/maldroid/adb_cheatsheet/blob/master/cheatsheet.pdf?raw=true)
**Android Cheat Sheets**
* [Android ADB cheat sheet](https://github.com/maldroid/adb_cheatsheet/blob/master/cheatsheet.pdf?raw=true)
----------
### <a name="ios">iOS Cheat Sheets</a>
----------
### <a name="Linux">Linux Cheat Sheets</a>
[Linux Syscall Table](http://www.informatik.htw-dresden.de/~beck/ASM/syscall_list.html)
* Complete listing of all Linux Syscalls
**Linux Cheat Sheets**
* [Linux Syscall Table](http://www.informatik.htw-dresden.de/~beck/ASM/syscall_list.html)
* Complete listing of all Linux Syscalls
----------
### <a name="Windows">Windows Cheat Sheets</a>
[Windows Startup Application Database](http://www.pacs-portal.co.uk/startup_content.php)
**Windows Cheat Sheets**
* [Windows Startup Application Database](http://www.pacs-portal.co.uk/startup_content.php)
----------
### <a name="Exploitation">Exploitation Cheat Sheets</a>
[Linux - Breaking out of shells](https://highon.coffee/docs/linux-commands/#breaking-out-of-limited-shells)
[AIX For Pentesters](http://www.giac.org/paper/gpen/6684/aix-penetration-testers/125890)
* Good paper on exploiting/pentesting AIX based machines. From the paper itself “ The paper proposes some basic methods to do comprehensive local security checks and how to exploit the vulnerabilities.”
[RootVG - Website Dedicated to AIX](http://www.rootvg.net/content/view/102/98/)
[Windows Privilege Escalation Cheat Sheet/Tricks](http://it-ovid.blogspot.fr/2012/02/windows-privilege-escalation.html)
**Exploitation Cheat Sheets**
* [AIX For Pentesters](http://www.giac.org/paper/gpen/6684/aix-penetration-testers/125890)
* Good paper on exploiting/pentesting AIX based machines. From the paper itself “ The paper proposes some basic methods to do comprehensive local security checks and how to exploit the vulnerabilities.”
* [Linux - Breaking out of shells](https://highon.coffee/docs/linux-commands/#breaking-out-of-limited-shells)
* [RootVG - Website Dedicated to AIX](http://www.rootvg.net/content/view/102/98/)
* [Windows Privilege Escalation Cheat Sheet/Tricks](http://it-ovid.blogspot.fr/2012/02/windows-privilege-escalation.html)
----------
### <a name="Exploitation">Exploit Dev Cheat Sheets</a>
[x86 opcode structure and instruction overview](http://pnx.tf/files/x86_opcode_structure_and_instruction_overview.pdf)
[Nasm x86 reference](https://www.cs.uaf.edu/2006/fall/cs301/support/x86/)
**Exploit Dev Cheat Sheets**
* [x86 opcode structure and instruction overview](http://pnx.tf/files/x86_opcode_structure_and_instruction_overview.pdf)
* [Nasm x86 reference](https://www.cs.uaf.edu/2006/fall/cs301/support/x86/)
----------
### <a name="Metasploit">Metasploit Cheat Sheets</a>
[Metasploit 4.2 documentation](https://community.rapid7.com/docs/DOC-1751)
[MSF Payload Cheat Sheet](http://aerokid240.blogspot.com/2009/11/msfpayload-goodness-cheatsheet.html)
**Metasploit Cheat Sheets**
* [Metasploit 4.2 documentation](https://community.rapid7.com/docs/DOC-1751)
* [MSF Payload Cheat Sheet](http://aerokid240.blogspot.com/2009/11/msfpayload-goodness-cheatsheet.html)
* [Metasploit Meterpreter Cheat Sheet](https://scadahacker.com/library/Documents/Cheat_Sheets/Hacking%20-%20Meterpreter%20Cheat%20%20Sheet.pdf)
* [Tips & Tricks](https://en.wikibooks.org/wiki/Metasploit/Tips_and_Tricks)
[Metasploit Meterpreter Cheat Sheet](https://scadahacker.com/library/Documents/Cheat_Sheets/Hacking%20-%20Meterpreter%20Cheat%20%20Sheet.pdf)
[Tips & Tricks](https://en.wikibooks.org/wiki/Metasploit/Tips_and_Tricks)
----------
### <a name="For">Forensics/IR Cheat Sheets</a>
[File Signature Table](http://www.garykessler.net/library/file_sigs.html)
[Mem forenics cheat sheet](http://forensicmethods.com/wp-content/uploads/2012/04/Memory-Forensics-Cheat-Sheet-v1.pdf)
[Security Incident Survey Cheat Sheet](https://zeltser.com/security-incident-survey-cheat-sheet/)
[Initial Security Incident Questionnaire for responders Cheat Sheet](https://zeltser.com/security-incident-questionnaire-cheat-sheet/)
[Critical Log Review Checklist for Security Incidents](https://zeltser.com/security-incident-log-review-checklist/)
[Network DDOS Incident Response Cheat Sheet](https://zeltser.com/ddos-incident-cheat-sheet/)
**Forensics/IR Cheat Sheets**
* [File Signature Table](http://www.garykessler.net/library/file_sigs.html)
* [Mem forenics cheat sheet](http://forensicmethods.com/wp-content/uploads/2012/04/Memory-Forensics-Cheat-Sheet-v1.pdf)
* [Security Incident Survey Cheat Sheet](https://zeltser.com/security-incident-survey-cheat-sheet/)
* [Initial Security Incident Questionnaire for responders Cheat Sheet](https://zeltser.com/security-incident-questionnaire-cheat-sheet/)
* [Critical Log Review Checklist for Security Incidents](https://zeltser.com/security-incident-log-review-checklist/)
* [Network DDOS Incident Response Cheat Sheet](https://zeltser.com/ddos-incident-cheat-sheet/)
----------
### <a name="Malware">Malware Cheat Sheet</a>
**Malware Cheat Sheets**
* [Reverse Engineering Malware Cheat Sheet](https://zeltser.com/reverse-malware-cheat-sheet/)
* [Analyzing Malicious Documents Cheat Sheet](https://zeltser.com/analyzing-malicious-documents/)
[Reverse Engineering Malware Cheat Sheet](https://zeltser.com/reverse-malware-cheat-sheet/)
[Analyzing Malicious Documents Cheat Sheet](https://zeltser.com/analyzing-malicious-documents/)
----------
### <a name="RE">Reverse Engineering Cheat Sheets</a>
[Radare2 Cheat-Sheet](https://github.com/pwntester/cheatsheets/blob/master/radare2.md)
[WinDbg Cheat Sheet/mindmap](http://tylerhalfpop.com/2014/08/16/windbg-cheatsheet/)
[Pdf of all WinDbg commands](http://windbg.info/download/doc/pdf/WinDbg_cmds.pdf)
[Arm instruction set](http://simplemachines.it/doc/arm_inst.pdf)
[IdaRef](https://github.com/nologic/idaref)
* IDA Pro Full Instruction Reference Plugin - It's like auto-comments but useful.
**RE Cheat Sheets**
* [Radare2 Cheat-Sheet](https://github.com/pwntester/cheatsheets/blob/master/radare2.md)
* [WinDbg Cheat Sheet/mindmap](http://tylerhalfpop.com/2014/08/16/windbg-cheatsheet/)
* [Pdf of all WinDbg commands](http://windbg.info/download/doc/pdf/WinDbg_cmds.pdf)
* [Arm instruction set](http://simplemachines.it/doc/arm_inst.pdf)
* [IdaRef](https://github.com/nologic/idaref)
* IDA Pro Full Instruction Reference Plugin - It's like auto-comments but useful.
----------
### <a name="Web">Web Cheat Sheets</a>
[WebAppSec Testing Checklist](http://tuppad.com/blog/wp-content/uploads/2012/03/WebApp_Sec_Testing_Checklist.pdf)
[Drupal Security Checklist](https://github.com/gfoss/attacking-drupal/blob/master/presentation/drupal-security-checklist.pdf)
[O-Auth Security Cheat Sheet](http://www.oauthsecurity.com/)
[OWASP Testing Checklist](https://www.owasp.org/index.php/Testing_Checklist)
[Securing Web Application Technologies Checklist](http://www.securingthehuman.org/developer/swat)
[SSRF Bible Cheatsheet](https://docs.google.com/document/d/1v1TkWZtrhzRLy0bYXBcdLUedXGb9njTNIJXa3u9akHM/edit)
**Web Cheat Sheets**
* [Drupal Security Checklist](https://github.com/gfoss/attacking-drupal/blob/master/presentation/drupal-security-checklist.pdf)
* [O-Auth Security Cheat Sheet](http://www.oauthsecurity.com/)
* [OWASP Testing Checklist](https://www.owasp.org/index.php/Testing_Checklist)
* [Securing Web Application Technologies Checklist](http://www.securingthehuman.org/developer/swat)
* [SSRF Bible Cheatsheet](https://docs.google.com/document/d/1v1TkWZtrhzRLy0bYXBcdLUedXGb9njTNIJXa3u9akHM/edit)
* [WebAppSec Testing Checklist](http://tuppad.com/blog/wp-content/uploads/2012/03/WebApp_Sec_Testing_Checklist.pdf)
----------
### Wireless Cheat Sheet
[Management Frames Reference Sheet](http://download.aircrack-ng.org/wiki-files/other/managementframes.pdf)
**Wireless Cheat Sheets**
* [Management Frames Reference Sheet](http://download.aircrack-ng.org/wiki-files/other/managementframes.pdf)
----------
### <a name="DB">Database Cheat Sheets</a>
[Checklist for mongodb](http://blog.mongodirector.com/10-tips-to-improve-your-mongodb-security/)
**DB Cheat Sheets**
* [Checklist for mongodb](http://blog.mongodirector.com/10-tips-to-improve-your-mongodb-security/)

+ 5
- 2
Draft/CryptoCurrencies.md View File

@ -18,15 +18,18 @@ ToC
-----
### <a name="bitcoin"></a> Bitcoin
* [Bitcoin Paper](https://bitcoin.org/bitcoin.pdf)
* [Bitcoin Paper Annotated - Genius](https://genius.com/2683753)
* [Bitcoin Paper Annotated - Fermats Library](https://fermatslibrary.com/s/bitcoin)
* [Bitcointalk](https://bitcointalk.org/)
* [/r/bitcoin](https://reddit.com/r/bitcoin)
-----
### <a name="eth"></a>Ethereum
* [Ethereum 'White Paper'](https://github.com/ethereum/wiki/wiki/White-Paper)
* [Cracking the Ethereum White Paper](https://medium.com/@FolusoOgunlana/cracking-the-ethereum-white-paper-e0e60c44126)
* [The Ether Thief](https://www.bloomberg.com/features/2017-the-ether-thief/)
-----
### <a name="talks"></a>Talks/Presentations
* [Deanonymisation of Clients in Bitcoin P2P Network](http://orbilu.uni.lu/bitstream/10993/18679/1/Ccsfp614s-biryukovATS.pdf)

+ 24
- 49
Draft/Darknets.md View File

@ -1,13 +1,7 @@
## Darknets
##### ToC
[Darknets intro vid - educational](https://www.youtube.com/watch?v=tjJYC2LuJl0)
[For Darknet Noobs](https://www.reddit.com/r/DarkNetMarketsNoobs)
#####ToC
Cull
* [General](#general)
* [Darknets](#darknets)
* [Discussions](#discussion)
@ -16,55 +10,36 @@ Cull
* [Tools](#tools)
Cull
http://www.deepdotweb.co/
Site list: (NO CP)
http://belsec.skynetblogs.be/deepnet-the-tor-onion-directory-of-things-that-work-today.html
Tor Search Engine
https://ahmia.fi/address/skunksworkedp2cg
Tor black-market-related arrests](http://www.gwern.net/Black-market%20arrests#evolution)
* I compile a table and discussion of all known arrests and prosecutions related to Tor-Bitcoin black-markets such as Silk Road 1, along with discussion of how they came to be arrested.
### <a name="general">General</a>
General
* Don't think that because information posted here is valid/trustworthy. This is a dumping spot for my personal reference. This does not mean that markets/sites I post are legit/safe.
* [Touring the Darkside of the Internet. An Introduction to Tor - Defcon22](https://www.youtube.com/watch?v=To5yarfAg_E)
* [Darknet Dictionary ](http://www.deepdotweb.co/2014/03/02/deepdotwebs-darknet-dictionary/)
* 101
* [Touring the Darkside of the Internet. An Introduction to Tor - Defcon22](https://www.youtube.com/watch?v=To5yarfAg_E)
* [Darknet Dictionary ](http://www.deepdotweb.co/2014/03/02/deepdotwebs-darknet-dictionary/)
* [Darknets intro vid - educational](https://www.youtube.com/watch?v=tjJYC2LuJl0)
* [For Darknet Noobs](https://www.reddit.com/r/DarkNetMarketsNoobs)
* Documentation
* [Tor black-market-related arrests](http://www.gwern.net/Black-market%20arrests#evolution)
* I compile a table and discussion of all known arrests and prosecutions related to Tor-Bitcoin black-markets such as Silk Road 1, along with discussion of how they came to be arrested.
* Educational
* [Ordering Checklist](https://www.reddit.com/r/DarkNetMarketsNoobs/wiki/completeorderingchecklist)
* General
* [Site list: (NO CP)](http://belsec.skynetblogs.be/deepnet-the-tor-onion-directory-of-things-that-work-today.html)
* [Deep Dot Web](http://www.deepdotweb.co/)
* Markets
* [Market Discussions](https://www.reddit.com/r/DarkNetMarkets)
* Tools
* [Tor Search engine.](https://ahmia.fi/search/)
* Wikis
### <a name="darknets">Darknets</a>
Darknets
* Freenet
* I2P
* Tor
I2P
Tor
### <a name="discussion">Discussions</a>
* [Market Discussions](https://www.reddit.com/r/DarkNetMarkets)
### <a name="ordering">Ordering</a>
* [Ordering Checklist](https://www.reddit.com/r/DarkNetMarketsNoobs/wiki/completeorderingchecklist)
### <a name="markets">Markets/Sites/Wikis</a>
### <a name="tools">Tools</a>
* [Tor Search engine.](https://ahmia.fi/search/)


+ 1
- 6
Draft/Disclosure.md View File

@ -1,9 +1,6 @@
# Disclosure
* Add asciinema/similar
-----
### General
* [Responsible Disclosure is Wrong](https://adamcaudill.com/2015/11/19/responsible-disclosure-is-wrong/)
@ -13,9 +10,7 @@
* [Good comparison of various forms of disclosure](http://blog.opensecurityresearch.com/2014/06/approaches-to-vulnerability-disclosure.html)
* [Clean writeup of Full-Disclosure release policy that is more similar to Coordinated Disclosure.](http://www.ilias.de/docu/goto_docu_wiki_1357_RFPolicy.html)
-------
### CVE
* [Request a CVE ID](http://cve.mitre.org/cve/request_id.html#cna_coverage)
* [My first CVE-2016-1000329 in BlogPHP](https://www.stevencampbell.info/2016/12/my-first-cve-2016-1000329-in-blogphp/)


+ 4
- 22
Draft/Disinformation.md View File

@ -1,37 +1,19 @@
## Disinformation
##### TOC
* [Talks](#talks)
* [Papers/Writeups](#papers)
##### Cull
https://web.archive.org/web/20150921054800id_/http://fair.org/home/down-the-memory-hole-nyt-erases-cias-efforts-to-overthrow-syrias-government/
https://meduza.io/en/feature/2015/02/02/a-man-who-s-seen-society-s-black-underbelly
[25 Rules of Disinformation](http://vigilantcitizen.com/latestnews/the-25-rules-of-disinformation/)
[8 Traits of the Disinformationalist](https://calloutjoe.wordpress.com/psyop/eight-traits-of-the-disinformationalist/)
###### End cull
-----
###<a name="talks">Talks</a>
### <a name="talks">
General
* [25 Rules of Disinformation](http://vigilantcitizen.com/latestnews/the-25-rules-of-disinformation/)
* [8 Traits of the Disinformationalist](https://calloutjoe.wordpress.com/psyop/eight-traits-of-the-disinformationalist/)
* [Governments and UFOs: A Historical Analysis of Disinformation and Deception - Richard Thieme](http://www.irongeek.com/i.php?page=videos/bsideslasvegas2013/1-2-7-governments-and-ufos-a-historical-analysis-of-disinformation-and-deception-richard-thieme)
* [[TROOPERS15] Azhar Desai, Marco Slaviero - Weapons of Mass Distraction](https://www.youtube.com/watch?v=jdaPJLJCK1M)
-----
###<a name="papers">Papers/Write-ups</a>
* [The Gentleperson’s Guide to Forum Spies]cryptome.org/2012/07/gent-forum-spies.htm)
* [Attribution As A Weapon & Marketing Tool: Hubris In INFOSEC & NATSEC](https://krypt3ia.wordpress.com/2014/12/30/attribution-as-a-weapon-marketing-tool-hubris-in-infosec-natsec/)
* [Disinformation of Charlie Hebdo and The Fake BBC Website](http://thetrendythings.com/read/18256)


+ 201
- 330
Draft/Open Source Intelligence.md View File

@ -25,33 +25,12 @@
#### Cull
http://computercrimeinfo.com/cleaningid.html
[OSINT - onstrat](http://www.onstrat.com/osint/)
* [SIMPLYEMAIL](https://github.com/killswitch-GUI/SimplyEmail)
* What is the simple email recon tool? This tool was based off the work of theHarvester and kind of a port of the functionality. This was just an expansion of what was used to build theHarvester and will incorporate his work but allow users to easily build Modules for the Framework. Which I felt was desperately needed after building my first module for theHarvester.
[tweets_analyzer](https://github.com/x0rz/tweets_analyzer)
* Tweets metadata scraper & activity analyzer
[dauntless](https://github.com/cmeister2/dauntless)
* Tools for analysing the forward DNS data set published at https://scans.io/study/sonar.fdns_v2
[SimplyEmail](https://github.com/killswitch-GUI/SimplyEmail)
* What is the simple email recon tool? This tool was based off the work of theHarvester and kind of a port of the functionality. This was just an expansion of what was used to build theHarvester and will incorporate his work but allow users to easily build Modules for the Framework. Which I felt was desperately needed after building my first module for theHarvester.
[PDF Creative Commons OSINT toolbag guide](http://www.phibetaiota.net/wp-content/uploads/2013/07/2013-07-11-OSINT-2ool-Kit-On-The-Go-Bag-O-Tradecraft.pdf)
http://toddington.com/resources/
[OSINT Through Sender Policy Framework Records](https://community.rapid7.com/community/infosec/blog/2015/02/23/osint-through-sender-policy-framework-spf-records)
www.osintinsight.com/shared.php?user=Mediaquest&folderid=0\
* Add list of Sources:
* UCC - Uniform Commercial Code; DOC - Current Industrial Patents; DMV - Vehicle Ownership applications; Patents - Patent DBs; Operating Licenses/Permits; Trade Journals;
#### End cull
@ -61,97 +40,58 @@ www.osintinsight.com/shared.php?user=Mediaquest&folderid=0\
### <a name="general"></a>General
General
* SWOT - Strengths, Weaknesses, Opportunities, Threats
[Open Source Intelligence - Wikipedia](http://en.wikipedia.org/wiki/Open-source_intelligence)
[Intelligence Gathering - PTES](http://www.pentest-standard.org/index.php/Intelligence_Gathering)
[Awesome-OSINT](https://github.com/jivoi/awesome-osint)
[OSINT Framework](http://osintframework.com/)
[OSINT Resources - greynetwork2](https://sites.google.com/site/greynetwork2/home/osint-resources)
[Fantastic OSINT and where to find it - blindseeker/malware focused](http://archive.is/sYzcP#selection-62.0-62.1)
[Corporate Espionage without the Hassle of Committing Felonies](https://www.slideshare.net/JohnCABambenek/corporate-espionage-without-the-hassle-of-committing-felonies)
[Google Trends](https://trends.google.com/trends/)
* See what are the popular related topics people are searching for. This will help widen your search scope.
[Google Alerts](https://www.google.com/alerts)
* Google Alerts are email updates of the latest relevant Google results (web, news, etc.) based on your queries.
[PasteLert](https://www.andrewmohawk.com/pasteLert/)
* PasteLert is a simple system to search pastebin.com and set up alerts (like google alerts) for pastebin.com entries. This means you will automatically recieve email whenever your term(s) is/are found in new pastebin entries!
[NATO Open Source Intelligence Handbook](http://www.oss.net/dynamaster/file_archive/030201/ca5fb66734f540fbb4f8f6ef759b258c/NATO%20OSINT%20Handbook%20v1.2%20%2d%20Jan%202002.pdf)
#### Miscellaneous Sites/Resources
[toddington - resources](https://www.toddington.com/resources/)
[onstrat - osint](http://www.onstrat.com/osint/)
[Intel Techniques - Links](http://www.inteltechniques.com/links.html)
[OSINTInsight](http://www.osintinsight.com/shared.php?user=Mediaquest&folderid=0)
[Janes](http://www.janes.com/)
[bell?ngcat](https://www.bellingcat.com/)
* By and for citizen investigative journalists
[NightWatch](http://www.kforcegov.com/Solutions/IAO/NightWatch/About.aspx)
* NightWatch is an executive commentary and analysis of events that pose or advance threats to US national security interests. It is deliberately edgy in the interest of clarity and brevity. As a product for executives, the distribution and all feedback comments are anonymous.
[JustSecurity](https://www.justsecurity.org/)
* Just Security is an online forum for the rigorous analysis of U.S. national security law and policy. We aim to promote principled and pragmatic solutions to national security problems that decision-makers face. Our Board of Editors includes individuals with significant government experience, civil society attorneys, academics, and other leading voices. Just Security is based at the Center for Human Rights and Global Justice at New York University School of Law.
* 101
* [Open Source Intelligence - Wikipedia](http://en.wikipedia.org/wiki/Open-source_intelligence)
* Alerting
* [Google Trends](https://trends.google.com/trends/)
* See what are the popular related topics people are searching for. This will help widen your search scope.
* [Google Alerts](https://www.google.com/alerts)
* Google Alerts are email updates of the latest relevant Google results (web, news, etc.) based on your queries.
* [PasteLert](https://www.andrewmohawk.com/pasteLert/)
* PasteLert is a simple system to search pastebin.com and set up alerts (like google alerts) for pastebin.com entries. This means you will automatically recieve email whenever your term(s) is/are found in new pastebin entries!
* Educational
* [Intelligence Gathering - PTES](http://www.pentest-standard.org/index.php/Intelligence_Gathering)
* [Corporate Espionage without the Hassle of Committing Felonies](https://www.slideshare.net/JohnCABambenek/corporate-espionage-without-the-hassle-of-committing-felonies)
* General
* [NATO Open Source Intelligence Handbook](http://www.oss.net/dynamaster/file_archive/030201/ca5fb66734f540fbb4f8f6ef759b258c/NATO%20OSINT%20Handbook%20v1.2%20%2d%20Jan%202002.pdf)
* OSINT Based News
* [JustSecurity](https://www.justsecurity.org/)
* Just Security is an online forum for the rigorous analysis of U.S. national security law and policy. We aim to promote principled and pragmatic solutions to national security problems that decision-makers face. Our Board of Editors includes individuals with significant government experience, civil society attorneys, academics, and other leading voices. Just Security is based at the Center for Human Rights and Global Justice at New York University School of Law.
* [OSINTInsight](http://www.osintinsight.com/shared.php?user=Mediaquest&folderid=0)
* [Janes](http://www.janes.com/)
* [bell?ngcat](https://www.bellingcat.com/)
* By and for citizen investigative journalists
* [NightWatch](http://www.kforcegov.com/Solutions/IAO/NightWatch/About.aspx)
* NightWatch is an executive commentary and analysis of events that pose or advance threats to US national security interests. It is deliberately edgy in the interest of clarity and brevity. As a product for executives, the distribution and all feedback comments are anonymous.
* Resources
* [Awesome-OSINT](https://github.com/jivoi/awesome-osint)
* [OSINT Framework](http://osintframework.com/)
* [OSINT Resources - greynetwork2](https://sites.google.com/site/greynetwork2/home/osint-resources)
* [Intel Techniques - Links](http://www.inteltechniques.com/links.html)
* [toddington - resources](https://www.toddington.com/resources/)
* [onstrat - osint](http://www.onstrat.com/osint/)
* http://osintinsight.com/shared.php?expand=169,175&folderid=0&user=Mediaquest
* Writeups
* [Fantastic OSINT and where to find it - blindseeker/malware focused](http://archive.is/sYzcP#selection-62.0-62.1)
* [Some blog posts describing/bringing you up to speed on OSINT by krypt3ia](http://krypt3ia.wordpress.com/2012/01/11/the-subtle-art-of-osint/)
* [Glass Reflections in Pictures + OSINT = More Accurate Location](http://blog.ioactive.com/2014/05/glass-reflections-in-pictures-osint.html)
* [Exploring the Github Firehose](http://blog.scalyr.com/2013/10/exploring-the-github-firehose/)
* [OSINT Through Sender Policy Framework (SPF) Records](https://community.rapid7.com/community/infosec/blog/2015/02/23/osint-through-sender-policy-framework-spf-records)
* Talks & Presentations
* [Cognitive Bias and Critical Thinking in Open Source Intelligence - Defcamp 2014](https://www.youtube.com/watch?v=pVAM21UERLU&index=24&list=PLnwq8gv9MEKgSryzYIFhpmCcqnVzdUWfH)
* [Dark Arts of OSINT Skydogcon](https://www.youtube.com/watch?v=062pLOoZhk8)
* [Developing a Open Source Threat Intelligence Program—Edward McCabe](http://www.irongeek.com/i.php?page=videos/circlecitycon2014/105-developing-a-open-source-threat-intelligence-program-edward-mccabe)
* What if you could get out in front of common threats such as botnets, scanners and malware? Good news, you can. Learn about one geeks struggle with life on the Internet of (bad) things when it comes to being online, identifying “odd” things, and developing an Open Source Threat Intelligence Program from Open Source Tools and Public Sources.
* [Corporate Espionage: Gathering Actionable Intelligence Via Covert Operations - Brent White - Defcon22](https://www.youtube.com/watch?v=D2N6FclMMTg)
* [How to Use Python to Spy on Your Friends: Web APIs, Recon ng, & OSINT](https://www.youtube.com/watch?v=BOjz7NfsLpA)
* [Practical OSINT - Shane MacDougall](https://www.youtube.com/watch?v=cLmEJLy7dv8)
* There’s more to life to OSINT than google scraping and social media harvesting. Learn some practical methods to automate information gathering, explore some of the most useful tools, and learn how to recognize valuable data when you see it. Not only will we explore various tools, attendees will get access to unpublished transforms they can use/modify for their own use.
* [Pwning People Personally - Josh Schwartz](https://www.youtube.com/watch?v=T2Ha-ZLZTz0)
* [You're Leaking Trade Secrets - Defcon22 Michael Schrenk](https://www.youtube.com/watch?v=JTd5TL6_zgY)
* Networks don't need to be hacked for information to be compromised. This is particularly true for organizations that are trying to keep trade secrets. While we hear a lot about personal privacy, little is said in regard to organizational privacy. Organizations, in fact, leak information at a much greater rate than individuals, and usually do so with little fanfare. There are greater consequences for organizations when information is leaked because the secrets often fall into the hands of competitors. This talk uses a variety of real world examples to show how trade secrets are leaked online, and how organizational privacy is compromised by seemingly innocent use of The Internet.
* [ZOMG Its OSINT Heaven Tazz Tazz](https://www.youtube.com/watch?v=cLmEJLy7dv8)
--------------------
### <a name="writeups"></a>Articles/Writeups
[Some blog posts describing/bringing you up to speed on OSINT by krypt3ia](http://krypt3ia.wordpress.com/2012/01/11/the-subtle-art-of-osint/)
[Glass Reflections in Pictures + OSINT = More Accurate Location](http://blog.ioactive.com/2014/05/glass-reflections-in-pictures-osint.html)
[Exploring the Github Firehose](http://blog.scalyr.com/2013/10/exploring-the-github-firehose/)
[OSINT Through Sender Policy Framework (SPF) Records](https://community.rapid7.com/community/infosec/blog/2015/02/23/osint-through-sender-policy-framework-spf-records)
### <a name="talks"></a>Presentations & Talks
[Pwning People Personally - Josh Schwartz](https://www.youtube.com/watch?v=T2Ha-ZLZTz0)
[Cognitive Bias and Critical Thinking in Open Source Intelligence - Defcamp 2014](https://www.youtube.com/watch?v=pVAM21UERLU&index=24&list=PLnwq8gv9MEKgSryzYIFhpmCcqnVzdUWfH)
[Dark Arts of OSINT Skydogcon](https://www.youtube.com/watch?v=062pLOoZhk8)
[Developing a Open Source Threat Intelligence Program—Edward McCabe](http://www.irongeek.com/i.php?page=videos/circlecitycon2014/105-developing-a-open-source-threat-intelligence-program-edward-mccabe)
* What if you could get out in front of common threats such as botnets, scanners and malware? Good news, you can. Learn about one geeks struggle with life on the Internet of (bad) things when it comes to being online, identifying “odd” things, and developing an Open Source Threat Intelligence Program from Open Source Tools and Public Sources.
[Corporate Espionage: Gathering Actionable Intelligence Via Covert Operations - Brent White - Defcon22](https://www.youtube.com/watch?v=D2N6FclMMTg)
[You're Leaking Trade Secrets - Defcon22 Michael Schrenk](https://www.youtube.com/watch?v=JTd5TL6_zgY)
* Networks don't need to be hacked for information to be compromised. This is particularly true for organizations that are trying to keep trade secrets. While we hear a lot about personal privacy, little is said in regard to organizational privacy. Organizations, in fact, leak information at a much greater rate than individuals, and usually do so with little fanfare. There are greater consequences for organizations when information is leaked because the secrets often fall into the hands of competitors. This talk uses a variety of real world examples to show how trade secrets are leaked online, and how organizational privacy is compromised by seemingly innocent use of The Internet.
[How to Use Python to Spy on Your Friends: Web APIs, Recon ng, & OSINT](https://www.youtube.com/watch?v=BOjz7NfsLpA)
[ZOMG Its OSINT Heaven Tazz Tazz](https://www.youtube.com/watch?v=cLmEJLy7dv8)
[Practical OSINT - Shane MacDougall](https://www.youtube.com/watch?v=cLmEJLy7dv8)
* There’s more to life to OSINT than google scraping and social media harvesting. Learn some practical methods to automate information gathering, explore some of the most useful tools, and learn how to recognize valuable data when you see it. Not only will we explore various tools, attendees will get access to unpublished transforms they can use/modify for their own use.
@ -162,148 +102,95 @@ General
-------------
### <a name="tools"></a>OSINT Tools/Resources
Reference Site: http://osintinsight.com/shared.php?expand=169,175&folderid=0&user=Mediaquest
[Maltego](https://www.paterva.com/web6/products/maltego.php)
* Description: What you use to tie everything together.
[PowerMeta](https://github.com/dafthack/PowerMeta)
* PowerMeta searches for publicly available files hosted on various websites for a particular domain by using specially crafted Google, and Bing searches. It then allows for the download of those files from the target domain. After retrieving the files, the metadata associated with them can be analyzed by PowerMeta. Some interesting things commonly found in metadata are usernames, domains, software titles, and computer names.
[Recon-ng](https://bitbucket.org/LaNMaSteR53/recon-ng)
* Description: Recon-ng is a full-featured Web Reconnaissance framework written in Python. Complete with independent modules, database interaction, built in convenience functions, interactive help, and command completion, Recon-ng provides a powerful environment in which open source web-based reconnaissance can be conducted quickly and thoroughly.
[DataSploit](https://github.com/DataSploit/datasploit)
* A tool to perform various OSINT techniques, aggregate all the raw data, and give data in multiple formats.
[OSINT Mantra](http://www.getmantra.com/hackery/osint.html)
[blacksheepwall](https://github.com/tomsteele/blacksheepwall)
* blacksheepwall is a hostname reconnaissance tool
[Oryon C Portable](http://osintinsight.com/oryon.php)
* Oryon C Portable is a web browser designed to assist researchers in conducting Open Source Intelligence investigations. Oryon comes with dozens of pre-installed tools and a select set of links cataloged by category – including those that can be found in the OI Shared Resources.
[Creepy.py](http://ilektrojohn.github.io/creepy/)
* Description: Creepy is a geolocation OSINT tool. Gathers geolocation related information from online sources, and allows for presentation on map, search filtering based on exact location and/or date, export in csv format or kml for further analysis in Google Maps.
[OpenRefine](https://github.com/OpenRefine/OpenRefine)
* Description: OpenRefine is a power tool that allows you to load data, understand it, clean it up, reconcile it to master database, and augment it with data coming from Freebase or other web sources. All with the comfort and privacy of your own computer.
[Tinfoleak](http://vicenteaguileradiaz.com/tools/)
* tinfoleak is a simple Python script that allow to obtain:
..* basic information about a Twitter user (name, picture, location, followers, etc.)
..* devices and operating systems used by the Twitter user
..* applications and social networks used by the Twitter user
..* place and geolocation coordinates to generate a tracking map of locations visited
..* show user tweets in Google Earth!
..* download all pics from a Twitter user
..* hashtags used by the Twitter user and when are used (date and time)
..* user mentions by the the Twitter user and when are occurred (date and time)
..* topics used by the Twitter user
[GoogD0rker](https://github.com/ZephrFish/GoogD0rker)
* GoogD0rker is a tool for firing off google dorks against a target domain, it is purely for OSINT against a specific target domain. Designed for OSX originally however googD0rker txt now works on all nix platforms.
[TouchGraph SEO Browser](http://www.touchgraph.com/seo)
* Use this free Java application to explore the connections between related websites.
[GlobalFileSearch](https://ftplike.com)
* An FTP Search Engine that may come in handy.
**Tools**
* [blacksheepwall](https://github.com/tomsteele/blacksheepwall)
* blacksheepwall is a hostname reconnaissance tool
* [Creepy.py](http://ilektrojohn.github.io/creepy/)
* Description: Creepy is a geolocation OSINT tool. Gathers geolocation related information from online sources, and allows for presentation on map, search filtering based on exact location and/or date, export in csv format or kml for further analysis in Google Maps.
* [Maltego](https://www.paterva.com/web6/products/maltego.php)
* Description: What you use to tie everything together.
* [OpenRefine](https://github.com/OpenRefine/OpenRefine)
* Description: OpenRefine is a power tool that allows you to load data, understand it, clean it up, reconcile it to master database, and augment it with data coming from Freebase or other web sources. All with the comfort and privacy of your own computer.
* [Oryon C Portable](http://osintinsight.com/oryon.php)
* Oryon C Portable is a web browser designed to assist researchers in conducting Open Source Intelligence investigations. Oryon comes with dozens of pre-installed tools and a select set of links cataloged by category – including those that can be found in the OI Shared Resources.
* [OSINT Mantra](http://www.getmantra.com/hackery/osint.html)
* [Recon-ng](https://bitbucket.org/LaNMaSteR53/recon-ng)
* Description: Recon-ng is a full-featured Web Reconnaissance framework written in Python. Complete with independent modules, database interaction, built in convenience functions, interactive help, and command completion, Recon-ng provides a powerful environment in which open source web-based reconnaissance can be conducted quickly and thoroughly.
* [TouchGraph SEO Browser](http://www.touchgraph.com/seo)
* Use this free Java application to explore the connections between related websites.
------------------
#### <a name="ppl"></a>Company/People Searching
[data.com](https://www.data.com/)
[LittleSis](https://littlesis.org/)
* LittleSis is a free database of who-knows-who at the heights of business and government.
[Jigsaw](http://jigsawbusinessgroup.com/what-we-do/people/)
* Jigsaw is a prospecting tool used by sales professionals, marketers and recruiters to get fresh and accurate sales leads and business contact information.
[Spokeo](https://www.spokeo.com/)
* Spokeo is a people search engine that organizes white pages listings, public records and social network information into simple profiles to help you safely find and learn about people.\
[Hoovers](http://www.hoovers.com/)
* Search over 85 million companies within 900 industry segments; Hoover's Reports Easy-to-read reports on key competitors, financials, and executives
[Market Visual](http://www.marketvisual.com/)
* Search Professionals by Name, Company or Title
[Glass Door](https://www.glassdoor.com/)
* Search jobs then look inside. Company salaries, reviews, interview questions, and more all posted anonymously by employees and job seekers.
[192](http://www.192.com/)
* Find people, businesses and places in the UK with 192.com. Directory enquiries, a people finder, business listings and detailed maps with aerial photos.
[corporationwiki](https://www.corporationwiki.com/)
[orbis](https://orbisdirectory.bvdinfo.com/version-2017821/OrbisDirectory/Companies)
* Company information across the globe
Company/People Searching
* [data.com](https://www.data.com/)
* [LittleSis](https://littlesis.org/)
* LittleSis is a free database of who-knows-who at the heights of business and government.
* [Jigsaw](http://jigsawbusinessgroup.com/what-we-do/people/)
* Jigsaw is a prospecting tool used by sales professionals, marketers and recruiters to get fresh and accurate sales leads and business contact information.
* [Spokeo](https://www.spokeo.com/)
* Spokeo is a people search engine that organizes white pages listings, public records and social network information into simple profiles to help you safely find and learn about people.\
* [Hoovers](http://www.hoovers.com/)
* Search over 85 million companies within 900 industry segments; Hoover's Reports Easy-to-read reports on key competitors, financials, and executives
* [Market Visual](http://www.marketvisual.com/)
* Search Professionals by Name, Company or Title
* [Glass Door](https://www.glassdoor.com/)
* Search jobs then look inside. Company salaries, reviews, interview questions, and more all posted anonymously by employees and job seekers.
* [192](http://www.192.com/)
* Find people, businesses and places in the UK with 192.com. Directory enquiries, a people finder, business listings and detailed maps with aerial photos.
* [corporationwiki](https://www.corporationwiki.com/)
* [orbis](https://orbisdirectory.bvdinfo.com/version-2017821/OrbisDirectory/Companies)
* Company information across the globe
-------------
#### <a name="cvs"></a>CVS/Git/Similar Focused
[repo-supervisor](https://github.com/auth0/repo-supervisor)
[GitPrey](https://github.com/repoog/GitPrey)
* GitPrey is a tool for searching sensitive information or data according to company name or key word something.The design mind is from searching sensitive data leakling in Github:
[git-all-secrets](https://github.com/anshumanbh/git-all-secrets)
* A tool to capture all the git secrets by leveraging multiple open source git searching tools
[github-firehose](https://www.npmjs.com/package/github-firehose)
* A library that will connect to github and emit events from the Github Event API in near-real-time
* [Exploring the Github Firehose](http://blog.scalyr.com/2013/10/exploring-the-github-firehose/)
[Gitem](https://github.com/mschwager/gitem)
* Gitem is a tool for performing Github organizational reconnaissance.
[Truffle Hog](https://github.com/dxa4481/truffleHog)
* Searches through git repositories for high entropy strings, digging deep into commit history and branches. This is effective at finding secrets accidentally committed that contain high entropy.
[dvcs-ripper](https://github.com/kost/dvcs-ripper)
* Rip web accessible (distributed) version control systems: SVN, GIT, Mercurial/hg, bzr, ... It can rip repositories even
CVS/Git/Similar Focused
* [repo-supervisor](https://github.com/auth0/repo-supervisor)
* [GitPrey](https://github.com/repoog/GitPrey)
* GitPrey is a tool for searching sensitive information or data according to company name or key word something.The design mind is from searching sensitive data leakling in Github:
* [git-all-secrets](https://github.com/anshumanbh/git-all-secrets)
* A tool to capture all the git secrets by leveraging multiple open source git searching tools
* [github-firehose](https://www.npmjs.com/package/github-firehose)
* A library that will connect to github and emit events from the Github Event API in near-real-time
* [Exploring the Github Firehose](http://blog.scalyr.com/2013/10/exploring-the-github-firehose/)
* [Gitem](https://github.com/mschwager/gitem)
* Gitem is a tool for performing Github organizational reconnaissance.
* [Truffle Hog](https://github.com/dxa4481/truffleHog)
* Searches through git repositories for high entropy strings, digging deep into commit history and branches. This is effective at finding secrets accidentally committed that contain high entropy.
* [dvcs-ripper](https://github.com/kost/dvcs-ripper)
* Rip web accessible (distributed) version control systems: SVN, GIT, Mercurial/hg, bzr, ... It can rip repositories even
when directory browsing is turned off.
[Truffle Hog](https://github.com/dxa4481/truffleHog)
* Searches through git repositories for high entropy strings, digging deep into commit history
* [Truffle Hog](https://github.com/dxa4481/truffleHog)
* Searches through git repositories for high entropy strings, digging deep into commit history
----------------
###### <a name="dns"></a>DNS Stuff
[typofinder](https://github.com/nccgroup/typofinder)
* Typofinder for domain typo discovery
[dnstwist](https://github.com/elceef/dnstwist)
* Domain name permutation engine for detecting typo squatting, phishing and corporate espionage
DNS Stuff
* [dauntless](https://github.com/cmeister2/dauntless)
* Tools for analysing the forward DNS data set published at https://scans.io/study/sonar.fdns_v2
* [dnstwist](https://github.com/elceef/dnstwist)
* Domain name permutation engine for detecting typo squatting, phishing and corporate espionage
* [typofinder](https://github.com/nccgroup/typofinder)
* Typofinder for domain typo discovery
-------------
#### <a name="email"></a>Email Gathering
[SimplyEmail](https://github.com/killswitch-GUI/SimplyEmail)
* Email recon made fast and easy, with a framework to build on
[Email Reconnaissance and Phishing Template Generation Made Simple](https://cybersyndicates.com/2016/05/email-reconnaissance-phishing-template-generation-made-simple/)
[theHarvester](https://github.com/laramies/theHarvester)
* theHarvester is a tool for gathering e-mail accounts, subdomain names, virtual hosts, open ports/ banners, and employee names from different public sources (search engines, pgp key servers).
[discover.sh](https://github.com/leebaird/discover)
* For use with Kali Linux. Custom bash scripts used to automate various pentesting tasks.
#### <a name="email"></a>Email Gathering/Reconnaissance
Email Gathering/Reconnaissance
* [OSINT Through Sender Policy Framework Records](https://community.rapid7.com/community/infosec/blog/2015/02/23/osint-through-sender-policy-framework-spf-records)
* Tools
* [SimplyEmail](https://github.com/killswitch-GUI/SimplyEmail)
* What is the simple email recon tool? This tool was based off the work of theHarvester and kind of a port of the functionality. This was just an expansion of what was used to build theHarvester and will incorporate his work but allow users to easily build Modules for the Framework. Which I felt was desperately needed after building my first module for theHarvester.
* [Email Reconnaissance and Phishing Template Generation Made Simple](https://cybersyndicates.com/2016/05/email-reconnaissance-phishing-template-generation-made-simple/)
* [theHarvester](https://github.com/laramies/theHarvester)
* theHarvester is a tool for gathering e-mail accounts, subdomain names, virtual hosts, open ports/ banners, and employee names from different public sources (search engines, pgp key servers).
* [discover.sh](https://github.com/leebaird/discover)
* For use with Kali Linux. Custom bash scripts used to automate various pentesting tasks.
@ -311,37 +198,32 @@ when directory browsing is turned off.
-------------
#### <a name="search"></a>Fancy Search Engines
[Entity Cube](http://entitycube.research.microsoft.com/)
* EntityCube is a research prototype for exploring object-level search technologies, which automatically summarizes the Web for entities (such as people, locations and organizations) with a modest web presence.
[Silobreaker](http://www.silobreaker.com/)
* Enterprise Semantic Search Engine, allows virtualisation of data, analytics and exploration of key data.
[iSeek](http://www.iseek.com/#/web)
* Another handy search engine that break results down into easy to manage categories.
[Carrot2](http://search.carrot2.org/stable/search)
* Carrot2 organizes your search results into topics. With an instant overview of what's available, you will quickly find what you're looking for.
[Sqoop](http://sqoop.com/)
* OSINT search engine of public documents(handy)
Fancy Search Engines
* [Entity Cube](http://entitycube.research.microsoft.com/)
* EntityCube is a research prototype for exploring object-level search technologies, which automatically summarizes the Web for entities (such as people, locations and organizations) with a modest web presence.
* [Silobreaker](http://www.silobreaker.com/)
* Enterprise Semantic Search Engine, allows virtualisation of data, analytics and exploration of key data.
* [iSeek](http://www.iseek.com/#/web)
* Another handy search engine that break results down into easy to manage categories.
* [Carrot2](http://search.carrot2.org/stable/search)
* Carrot2 organizes your search results into topics. With an instant overview of what's available, you will quickly find what you're looking for.
* [Sqoop](http://sqoop.com/)
* OSINT search engine of public documents(handy)
* [GlobalFileSearch](https://ftplike.com)
* An FTP Search Engine that may come in handy.
-------------
#### <a name="meta"></a>General Meta Data
[Just-Metadata](https://github.com/ChrisTruncer/Just-Metadata)
* Just-Metadata is a tool that can be used to gather intelligence information passively about a large number of IP addresses, and attempt to extrapolate relationships that might not otherwise be seen. Just-Metadata has "gather" modules which are used to gather metadata about IPs loaded into the framework across multiple resources on the internet. Just-Metadata also has "analysis" modules. These are used to analyze the data loaded Just-Metadata and perform various operations that can identify potential relationships between the loaded systems.
[MetaGooFil](https://code.google.com/p/metagoofil/)
* Description: Metagoofil is an information gathering tool designed for extracting metadata of public documents (pdf,doc,xls,ppt,docx,pptx,xlsx) belonging to a target company. The tool will perform a search in Google to identify and download the documents to local disk and then will extract the metadata with different libraries like Hachoir, PdfMiner and others. With the results it will generate a report with usernames, software versions and servers or machine names that will help Penetration testers in the information gathering phase.
[Metashield Analyzer](https://metashieldanalyzer.elevenpaths.com/)
* Description: Metadata documents can help a malicious user to obtain information that is beyond our control in an enterprise environment. Metashield Analyzer is an online service that allows easily check if your office documents contain metadata.
General Meta-Data
* [Just-Metadata](https://github.com/ChrisTruncer/Just-Metadata)
* Just-Metadata is a tool that can be used to gather intelligence information passively about a large number of IP addresses, and attempt to extrapolate relationships that might not otherwise be seen. Just-Metadata has "gather" modules which are used to gather metadata about IPs loaded into the framework across multiple resources on the internet. Just-Metadata also has "analysis" modules. These are used to analyze the data loaded Just-Metadata and perform various operations that can identify potential relationships between the loaded systems.
* [MetaGooFil](https://code.google.com/p/metagoofil/)
* Description: Metagoofil is an information gathering tool designed for extracting metadata of public documents (pdf,doc,xls,ppt,docx,pptx,xlsx) belonging to a target company. The tool will perform a search in Google to identify and download the documents to local disk and then will extract the metadata with different libraries like Hachoir, PdfMiner and others. With the results it will generate a report with usernames, software versions and servers or machine names that will help Penetration testers in the information gathering phase.
* [Metashield Analyzer](https://metashieldanalyzer.elevenpaths.com/)
* Description: Metadata documents can help a malicious user to obtain information that is beyond our control in an enterprise environment. Metashield Analyzer is an online service that allows easily check if your office documents contain metadata.
* [PowerMeta](https://github.com/dafthack/PowerMeta)
* PowerMeta searches for publicly available files hosted on various websites for a particular domain by using specially crafted Google, and Bing searches. It then allows for the download of those files from the target domain. After retrieving the files, the metadata associated with them can be analyzed by PowerMeta. Some interesting things commonly found in metadata are usernames, domains, software titles, and computer names.
@ -350,33 +232,28 @@ when directory browsing is turned off.
-------------
#### <a name="scrape"></a> General Data Scrapers
[XRAY](https://github.com/evilsocket/xray)
* XRay is a tool for recon, mapping and OSINT gathering from public networks.
[NameCheck](https://www.namecheck.com)
* Search usernames across multiple services/domain registries
[TheHarvester](From: https://code.google.com/p/theharvester/)
* Description: The objective of this program is to gather emails, subdomains, hosts, employee names, open ports and banners from different public sources like search engines, PGP key servers and SHODAN computer database. This tool is intended to help Penetration testers in the early stages of the penetration test in order to understand the customer footprint on the Internet. It is also useful for anyone that wants to know what an attacker can see about their organization.
[OSINT OPSEC Tool](https://github.com/hyprwired/osint-opsec-tool)
* Description: The OSINT OPSEC Tool monitors multiple 21st Century OSINT sources real-time for keywords, then analyses the results, generates alerts, and maps trends of the data, finding all sorts of info people probably don't want others to see...
General Data Scrapers
* [XRAY](https://github.com/evilsocket/xray)
* XRay is a tool for recon, mapping and OSINT gathering from public networks.
* [NameCheck](https://www.namecheck.com)
* Search usernames across multiple services/domain registries
* [TheHarvester](From: https://code.google.com/p/theharvester/)
* Description: The objective of this program is to gather emails, subdomains, hosts, employee names, open ports and banners from different public sources like search engines, PGP key servers and SHODAN computer database. This tool is intended to help Penetration testers in the early stages of the penetration test in order to understand the customer footprint on the Internet. It is also useful for anyone that wants to know what an attacker can see about their organization.
* [OSINT OPSEC Tool](https://github.com/hyprwired/osint-opsec-tool)
* Description: The OSINT OPSEC Tool monitors multiple 21st Century OSINT sources real-time for keywords, then analyses the results, generates alerts, and maps trends of the data, finding all sorts of info people probably don't want others to see...
-------------
#### <a name="gh"></a>Google Hacking
[Google Hacking for Penetration Testers](https://www.blackhat.com/presentations/bh-europe-05/BH_EU_05-Long.pdf)
[ExpoitDB archive of the google hacking database](http://www.exploit-db.com/google-dorks/)
[Google Hacking Database](http://www.hackersforcharity.org/ghdb/)
* We call them 'googledorks': Inept or foolish people as revealed by Google. Whatever you call these fools, you've found the center of the Google Hacking Universe!
[Google Hacking - Search Diggity tool](http://www.bishopfox.com/resources/tools/google-hacking-diggity/attack-tools/)
* SearchDiggity 3.1 is the primary attack tool of the Google Hacking Diggity Project. It is Bishop Fox’s MS Windows GUI application that serves as a front-end to the most recent versions of our Diggity tools: GoogleDiggity, BingDiggity, Bing LinkFromDomainDiggity, CodeSearchDiggity, DLPDiggity, FlashDiggity, MalwareDiggity, PortScanDiggity, SHODANDiggity, BingBinaryMalwareSearch, and NotInMyBackYard Diggity.
Google Hacking
* [Google Hacking for Penetration Testers](https://www.blackhat.com/presentations/bh-europe-05/BH_EU_05-Long.pdf)
* [ExpoitDB archive of the google hacking database](http://www.exploit-db.com/google-dorks/)
* [Google Hacking Database](http://www.hackersforcharity.org/ghdb/)
* We call them 'googledorks': Inept or foolish people as revealed by Google. Whatever you call these fools, you've found the center of the Google Hacking Universe!
* [Google Hacking - Search Diggity tool](http://www.bishopfox.com/resources/tools/google-hacking-diggity/attack-tools/)
* SearchDiggity 3.1 is the primary attack tool of the Google Hacking Diggity Project. It is Bishop Fox’s MS Windows GUI application that serves as a front-end to the most recent versions of our Diggity tools: GoogleDiggity, BingDiggity, Bing LinkFromDomainDiggity, CodeSearchDiggity, DLPDiggity, FlashDiggity, MalwareDiggity, PortScanDiggity, SHODANDiggity, BingBinaryMalwareSearch, and NotInMyBackYard Diggity.
* [GoogD0rker](https://github.com/ZephrFish/GoogD0rker)
* GoogD0rker is a tool for firing off google dorks against a target domain, it is purely for OSINT against a specific target domain. Designed for OSX originally however googD0rker txt now works on all nix platforms.
@ -384,71 +261,65 @@ when directory browsing is turned off.
-----------
### <a name="nin"></a>Network Information Search Engines
[Whoisology](https://whoisology.com/)
* Whoisology is a domain name ownership archive with literally billions of searchable and cross referenced domain name whois records.
[PDF Creative Commons OSINT toolbag guide](http://www.phibetaiota.net/wp-content/uploads/2013/07/2013-07-11-OSINT-2ool-Kit-On-The-Go-Bag-O-Tradecraft.pdf)
Network Information Search Engines
* [Whoisology](https://whoisology.com/)
* Whoisology is a domain name ownership archive with literally billions of searchable and cross referenced domain name whois records.
------------------------
##### <a name="site"></a>Site Specific
Site Specific Tools
* AWS
* [AWSBucketDump](https://github.com/jordanpotti/AWSBucketDump)
* AWSBucketDump is a tool to quickly enumerate AWS S3 buckets to look for loot. It's similar to a subdomain bruteforcer but is made specifically for S3 buckets and also has some extra features that allow you to grep for delicious files as well as download interesting files if you're not afraid to quickly fill up your hard drive.
* LinkedIn
* [InSpy](https://github.com/gojhonny/InSpy)
* A LinkedIn enumeration tool
* [linkedin](https://github.com/eracle/linkedin)
* Linkedin Scraper using Selenium Web Driver, Firefox 45, Ubuntu and Scrapy
* [LinkedInt: A LinkedIn scraper for reconnaissance during adversary simulation](https://github.com/mdsecactivebreach/LinkedInt)
* [LinkedIn Gatherer](https://github.com/DisK0nn3cT/linkedin-gatherer)
* [socilab](http://socilab.com/#home)
* This site allows users to visualize and analyze their LinkedIn network using methods derived from social-scientific research. Full sample output is shown here. The site is free and open-source. Have fun!
* Twitter
* [OneMillionTweetMap](http://onemilliontweetmap.com/)
* This page maps the last geolocalized tweets delivered by the twitter stream API. ... YES - IN REAL-TIME - and we keep "only" the last one million tweets.
* [tweets_analyzer](https://github.com/x0rz/tweets_analyzer)
* Tweets metadata scraper & activity analyzer
* [Tweet Archivist](https://www.tweetarchivist.com/)
* [tweets_analyzer](https://github.com/x0rz/tweets_analyzer)
* Tweets metadata scraper & activity analyzer
* [Tinfoleak](http://vicenteaguileradiaz.com/tools/)
* tinfoleak is a simple Python script that allow to obtain: basic information about a Twitter user (name, picture, location, followers, etc.); devices and operating systems used by the Twitter user; applications and social networks used by the Twitter user; place and geolocation coordinates to generate a tracking map of locations visited; show user tweets in Google Earth!; download all pics from a Twitter user; hashtags used by the Twitter user and when are used (date and time); user mentions by the the Twitter user and when are occurred (date and time); topics used by the Twitter user
* Github
* [Github dorks - finding vulns](http://blog.conviso.com.br/2013/06/github-hacking-for-fun-and-sensitive.html)
[linkedin](https://github.com/eracle/linkedin)
* Linkedin Scraper using Selenium Web Driver, Firefox 45, Ubuntu and Scrapy
[tweets_analyzer](https://github.com/x0rz/tweets_analyzer)
* Tweets metadata scraper & activity analyzer
[LinkedIn Gatherer](https://github.com/DisK0nn3cT/linkedin-gatherer)
[InSpy](https://github.com/gojhonny/InSpy)
* A LinkedIn enumeration tool
[Github dorks - finding vulns](http://blog.conviso.com.br/2013/06/github-hacking-for-fun-and-sensitive.html)
[socilab](http://socilab.com/#home)
* This site allows users to visualize and analyze their LinkedIn network using methods derived from social-scientific research. Full sample output is shown here. The site is free and open-source. Have fun!
[Tweet Archivist](https://www.tweetarchivist.com/)
[OneMillionTweetMap](http://onemilliontweetmap.com/)
* This page maps the last geolocalized tweets delivered by the twitter stream API. ... YES - IN REAL-TIME - and we keep "only" the last one million tweets.
[AWSBucketDump](https://github.com/jordanpotti/AWSBucketDump)
* AWSBucketDump is a tool to quickly enumerate AWS S3 buckets to look for loot. It's similar to a subdomain bruteforcer but is made specifically for S3 buckets and also has some extra features that allow you to grep for delicious files as well as download interesting files if you're not afraid to quickly fill up your hard drive.
---------------
### <a name="social"></a>Social Media Search/Enumeration
[NameCHK](https://namechk.com/)
* Check to see if your desired username or vanity url is still available at dozens of popular Social Networking and Social Bookmarking websites.
[Whos Talkin](http://www.whostalkin.com/)
* social media search tool that allows users to search for conversations surrounding the topics that they care about most.
[CheckUsernames](http://checkusernames.com/)
* Check the use of your brand or username on 160 Social Networks
[Scythe](https://github.com/ChrisJohnRiley/Scythe)
* The ability to test a range of email addresses across a range of sites (e.g. social media, blogging platforms, etc...) to find where those targets have active accounts. This can be useful in a social engineering test where you have email accounts for a company and want to list where these users have used their work email for 3rd party web based services.
* The ability to quickly create a custom testcase module and use it to enumerate for a list of active accounts. Using either a list of know usernames, email addresses, or a dictionary of common account names.
[Social Mention](http://www.socialmention.com/)
* Social Mention is a social media search engine that searches user-generated content such as blogs, comments, bookmarks, events, news, videos, and more
Social Media Search/Enumeration
* [CheckUsernames](http://checkusernames.com/)
* Check the use of your brand or username on 160 Social Networks
* [NameCHK](https://namechk.com/)
* Check to see if your desired username or vanity url is still available at dozens of popular Social Networking and Social Bookmarking websites.
* [Scythe](https://github.com/ChrisJohnRiley/Scythe)
* The ability to test a range of email addresses across a range of sites (e.g. social media, blogging platforms, etc...) to find where those targets have active accounts. This can be useful in a social engineering test where you have email accounts for a company and want to list where these users have used their work email for 3rd party web based services.
* [Social Mention](http://www.socialmention.com/)
* Social Mention is a social media search engine that searches user-generated content such as blogs, comments, bookmarks, events, news, videos, and more
* [Whos Talkin](http://www.whostalkin.com/)
* social media search tool that allows users to search for conversations surrounding the topics that they care about most.


+ 1
- 1
Draft/Port_List.md View File

@ -47,7 +47,7 @@
|264||Checkpoint Firewall||
|311|tcp|OS X Server Manager||
|389|tcp|ldap|ldap://*IP*/dc=com|
|443|tcp|https|openssl s_client -host www.yahoo.com -port 443<BR>sslscan www.yahoo.com<BR>tlssled www.yahoo.com 443<BR>nmap --script sslv2 www.yahoo.com<BR>nmap --script ssl-cert www.yahoo.com<BR>nmap --script ssl-date www.yahoo.com<BR>nmap --script ssl-enum-ciphers www.yahoo.com<BR>nmap --script ssl-google-cert-catalog www.yahoo.com<BR>msf > use auxiliary/pro/web_ssl_scan<BR>msf > use auxiliary/scanner/ssl/openssl_heartbleed<BR>msf > use auxiliary/server/openssl_heartbeat_client_memory|
|443|tcp|https|openssl s_client -host *ADDR* -port 443<BR>sslscan *ADDR*<BR>tlssled *ADDR* 443<BR>nmap --script sslv2 *ADDR*<BR>nmap --script ssl-cert *ADDR*<BR>nmap --script ssl-date *ADDR*<BR>nmap --script ssl-enum-ciphers *ADDR*<BR>nmap --script ssl-google-cert-catalog *ADDR*<BR>msf > use auxiliary/pro/web_ssl_scan<BR>msf > use auxiliary/scanner/ssl/openssl_heartbleed<BR>msf > use auxiliary/server/openssl_heartbeat_client_memory|
|445|tcp|Microsoft-DS Active Directory, Windows shares<BR>Microsoft-DS SMB file sharing|smbclient -U root -L *IP*<BR>smbclient -U root //*IP*/tmp<BR>rpcclient -U "" *IP*<BR>msf > auxiliary/admin/smb/samba_symlink_traversal|
|465|tcp|smtps||
|500|udp|ike||


+ 306
- 393
Draft/Privilege Escalation & Post-Exploitation.md
File diff suppressed because it is too large
View File


+ 72
- 23
Draft/Red-Teaming.md View File

@ -18,11 +18,9 @@
### Sort
To Do
* Sort articles better
* [LinkedInt: A LinkedIn scraper for reconnaissance during adversary simulation](https://github.com/mdsecactivebreach/LinkedInt)
* [PenTesting-Scripts - killswitch-GUI](https://github.com/killswitch-GUI/PenTesting-Scripts)
* [Software Distribution Malware Infection Vector](https://dl.packetstormsecurity.net/papers/general/Software.Distribution.Malware.Infection.Vector.pdf)
* [File Server Triage on Red Team Engagements](http://www.harmj0y.net/blog/redteaming/file-server-triage-on-red-team-engagements/)
#### End sort
@ -48,14 +46,15 @@ Articles
* [Raphael’s Magic Quadrant - Mudge](https://blog.cobaltstrike.com/2015/08/03/raphaels-magic-quadrant/)
* [RAT - Repurposing Adversarial Tradecraft - killswitch_GUI](https://speakerdeck.com/killswitch_gui/rat-repurposing-adversarial-tradecraft)
* [Penetration Testing considered Harmful Today](http://blog.thinkst.com/p/penetration-testing-considered-harmful.html)
* Domain Fronting
* [Red Team Insights on HTTPS Domain Fronting Google Hosts Using Cobalt Strike](https://www.cyberark.com/threat-research-blog/red-team-insights-https-domain-fronting-google-hosts-using-cobalt-strike/)
* [Planning a Red Team exercise](https://github.com/magoo/redteam-plan)
* Educational(Specific Tactics/Techniques/Misc)
* [#OLEOutlook - bypass almost every Corporate security control with a point’n’click GUI](https://doublepulsar.com/oleoutlook-bypass-almost-every-corporate-security-control-with-a-point-n-click-gui-37f4cbc107d0)
* [Offensive Encrypted Data Storage](http://www.harmj0y.net/blog/redteaming/offensive-encrypted-data-storage/)
* [Offensive Encrypted Data Storage (DPAPI edition)](https://posts.specterops.io/offensive-encrypted-data-storage-dpapi-edition-adda90e212ab)
* [Goodbye OODA Loop](http://armedforcesjournal.com/goodbye-ooda-loop/)
* [Planning a Red Team exercise](https://github.com/magoo/redteam-plan)
* Red Team Experiences
* [Passing the Torch: Old School Red Teaming, New School Tactics?](https://www.slideshare.net/harmj0y/derbycon-passing-the-torch)
* [Red Teaming Tips - Vincent Yiu](https://threatintel.eu/2017/06/03/red-teaming-tips-by-vincent-yiu/)
* [Red Team Tips as posted by @vysecurity on Twitter](https://github.com/vysec/RedTips)
* [Red Teams - Facebook Experiences Writeup - Ryan McGeehan](https://medium.com/starting-up-security/red-teams-6faa8d95f602)
@ -63,6 +62,9 @@ Articles
* [Red Teaming: Using Cutting-Edge Threat Simulation to Harden the Microsoft Enterprise Cloud](https://azure.microsoft.com/en-us/blog/red-teaming-using-cutting-edge-threat-simulation-to-harden-the-microsoft-enterprise-cloud/)
* [10 Red Teaming Lessons Learned over 20 Years](https://redteamjournal.com/2015/10/10-red-teaming-lessons-learned-over-20-years/)
* [Red team versus blue team: How to run an effective simulation - CSOonline](https://www.csoonline.com/article/2122440/disaster-recovery/emergency-preparedness-red-team-versus-blue-team-how-to-run-an-effective-simulation.html)
* [Red Teaming for Pacific Rim CCDC 2017](https://bluescreenofjeff.com/2017-05-02-red-teaming-for-pacific-rim-ccdc-2017/)
* [How I Prepared to Red Team at PRCCDC 2015](https://bluescreenofjeff.com/2015-04-15-how-i-prepared-to-red-team-at-prccdc-2015/)
* [Red Teaming for Pacific Rim CCDC 2016](https://bluescreenofjeff.com/2016-05-24-pacific-rim-ccdc_2016/)
* Papers
* [Red teaming - A Short Introduction (1.0) June 2009 - Mark Mateski](https://redteamjournal.com/papers/A%20Short%20Introduction%20to%20Red%20Teaming%20(1dot0).pdf)
* [Red Teaming Guide - UK Ministry of Defense](https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/142533/20130301_red_teaming_ed2.pdf)
@ -146,6 +148,8 @@ Cobalt Strike
* [Cobalt Strike over external C2 – beacon home in the most obscure ways](https://outflank.nl/blog/2017/09/17/blogpost-cobalt-strike-over-external-c2-beacon-home-in-the-most-obscure-ways/)
* [OPSEC Considerations for Beacon Commands - CobaltStrike](https://blog.cobaltstrike.com/2017/06/23/opsec-considerations-for-beacon-commands/)
* [Valid SSL Certificates with SSL Beacon - cs](https://www.cobaltstrike.com/help-malleable-c2#validssl)
* [Randomized Malleable C2 Profiles Made Easy](https://bluescreenofjeff.com/2017-08-30-randomized-malleable-c2-profiles-made-easy/)
* [OPSEC Considerations for beacon commands](https://blog.cobaltstrike.com/2017/06/23/opsec-considerations-for-beacon-commands/)
* Documentation
* [Malleable C2 Documenation - cs](https://www.cobaltstrike.com/help-malleable-c2)
* Other
@ -174,6 +178,8 @@ Command & Control (CnC)
* [WSC2](https://github.com/Arno0x/WSC2)
* WSC2 is a PoC of using the WebSockets and a browser process to serve as a C2 communication channel between an agent, running on the target system, and a controller acting as the actuel C2 server.
* PoCs
* [RemoteRecon](https://github.com/xorrior/RemoteRecon)
* RemoteRecon provides the ability to execute post-exploitation capabilities against a remote host, without having to expose your complete toolkit/agent. Often times as operator's we need to compromise a host, just so we can keylog or screenshot (or some other miniscule task) against a person/host of interest. Why should you have to push over beacon, empire, innuendo, meterpreter, or a custom RAT to the target? This increases the footprint that you have in the target environment, exposes functionality in your agent, and most likely your C2 infrastructure. An alternative would be to deploy a secondary agent to targets of interest and collect intelligence. Then store this data for retrieval at your discretion. If these compromised endpoints are discovered by IR teams, you lose those endpoints and the information you've collected, but nothing more.
* [Expand Your Horizon Red Team – Modern SaaS C2](https://cybersyndicates.com/2017/04/expand-your-horizon-red-team/)
* [JSBN](https://github.com/Plazmaz/JSBN)
* JSBN is a bot client which interprets commands through Twitter, requiring no hosting of servers or infected hosts from the command issuer. It is written purely in javascript as a Proof-of-Concept for javascript's botnet potentials.
@ -190,7 +196,17 @@ Command & Control (CnC)
* This is the Command & Control component of the PlugBot project
* [How to Build a 404 page not found C2](https://www.blackhillsinfosec.com/?p=5134)
* [404 File not found C2 PoC](https://github.com/theG3ist/404)
* [Command and Control Using Active Directory](http://www.harmj0y.net/blog/powershell/command-and-control-using-active-directory/)
* [C2 with twitter](https://pentestlab.blog/2017/09/26/command-and-control-twitter/)
* [C2 with DNS](https://pentestlab.blog/2017/09/06/command-and-control-dns/)
* [ICMP C2](https://pentestlab.blog/2017/07/28/command-and-control-icmp/)
* [C2 with Dropbox](https://pentestlab.blog/2017/08/29/command-and-control-dropbox/)
* [C2 with https](https://pentestlab.blog/2017/10/04/command-and-control-https/)
* [C2 with webdav](https://pentestlab.blog/2017/09/12/command-and-control-webdav/)
* [C2 with gmail](https://pentestlab.blog/2017/08/03/command-and-control-gmail/)
* [“Tasking” Office 365 for Cobalt Strike C2](https://labs.mwrinfosecurity.com/blog/tasking-office-365-for-cobalt-strike-c2/)
* [Simple domain fronting PoC with GAE C2 server](https://www.securityartwork.es/2017/01/31/simple-domain-fronting-poc-with-gae-c2-server/)
* [Using WebDAV features as a covert channel](https://arno0x0x.wordpress.com/2017/09/07/using-webdav-features-as-a-covert-channel/)
@ -206,6 +222,10 @@ Command & Control (CnC)
* [Domain Fronting - Infosec Institute](http://resources.infosecinstitute.com/domain-fronting/)
* [Simple domain fronting PoC with GAE C2 server](https://www.securityartwork.es/2017/01/31/simple-domain-fronting-poc-with-gae-c2-server/)
* In this entry we continue with domain fronting; on this occasion we will explore how to implement a simple PoC of a command and control and exfiltration server on Google App Engine (GAE), and we will see how to do the domain fronting from Windows, with a VBS or PowerShell script, to hide interactions with the C2 server.
* [TOR Fronting – Utilising Hidden Services for Privacy](https://www.mdsec.co.uk/2017/02/tor-fronting-utilising-hidden-services-for-privacy/)
* [Finding Domain frontable Azure domains - thoth / Fionnbharr (@a_profligate)](https://theobsidiantower.com/2017/07/24/d0a7cfceedc42bdf3a36f2926bd52863ef28befc.html)
* [Red Team Insights on HTTPS Domain Fronting Google Hosts Using Cobalt Strike](https://www.cyberark.com/threat-research-blog/red-team-insights-https-domain-fronting-google-hosts-using-cobalt-strike/)
* [Domain Fronting Via Cloudfront Alternate Domains](https://www.mdsec.co.uk/2017/02/domain-fronting-via-cloudfront-alternate-domains/)
* Domain Tools
* [Domain Hunter](https://github.com/minisllc/domainhunter)
* Checks expired domains, bluecoat categorization, and Archive.org history to determine good candidates for phishing and C2 domain names
@ -215,6 +235,7 @@ Command & Control (CnC)
* A tool for evading Proxy categorisation
* [CatMyFish](https://github.com/Mr-Un1k0d3r/CatMyFish)
* Search for categorized domain that can be used during red teaming engagement. Perfect to setup whitelisted domain for your Cobalt Strike beacon C&C. It relies on expireddomains.net to obtain a list of expired domains. The domain availability is validated using checkdomain.com
* [Finding Frontable Domain](https://github.com/rvrsh3ll/FindFrontableDomains)
* Domain Reputation Sites
* [Alien Vault](http://www.alienvault.com)
* [Isithacked?](http://www.isithacked.com)
@ -227,6 +248,17 @@ Command & Control (CnC)
* [VirusTotal](https://www.virustotal.com/)
* [WOT](http://www.mywot.com/en/scorecard)
* [Zeltser BL](http://zeltser.com)
* Redirectors
* [Apache2Mod Rewrite Setup](https://github.com/n0pe-sled/Apache2-Mod-Rewrite-Setup)
* [Redirecting Cobalt Strike DNS Beacons](http://www.rvrsh3ll.net/blog/offensive/redirecting-cobalt-strike-dns-beacons/)
* [High-reputation Redirectors and Domain Fronting](https://blog.cobaltstrike.com/2017/02/06/high-reputation-redirectors-and-domain-fronting/)
* [Cobalt Strike HTTP C2 Redirectors with Apache mod_rewrite - Jeff Dimmock](https://bluescreenofjeff.com/2016-06-28-cobalt-strike-http-c2-redirectors-with-apache-mod_rewrite/)
### <a name="egress"></a>Egress/Exfiltration
@ -245,6 +277,7 @@ Egress & Exfiltration
* [Egressing Bluecoat with CobaltStike & Let's Encrypt](https://cybersyndicates.com/2016/12/egressing-bluecoat-with-cobaltstike-letsencrypt/)
* [Project Loki - Phrack 7-49](http://phrack.org/issues/49/6.html)
* This whitepaper is intended as a complete description of the covert channel that exists in networks that allow ping traffic (hereon referred to in the more general sense of ICMP_ECHO traffic --see below) to pass.
* [Escape and Evasion Egressing Restricted Networks - Tom Steele and Chris Patten](https://www.optiv.com/blog/escape-and-evasion-egressing-restricted-networks)
* Talks
* [DIY Spy Covert Channels With Scapy And Python - Jen Allen - ANYCON 2017](http://www.irongeek.com/i.php?page=videos/anycon2017/diy-spy-covert-channels-with-scapy-and-python-jen-allen)
* [Goodbye Data, Hello Exfiltration - Itzik Kotler](https://www.youtube.com/watch?v=GwaIvm2HJKc)
@ -263,11 +296,28 @@ Egress & Exfiltration
--------------
### Empire
Empire
* [Using PowerShell Empire with a Trusted Certificate](https://www.blackhillsinfosec.com/using-powershell-empire-with-a-trusted-certificate/)
* [How to Make Empire Communication profiles - bluescreenofjeff](https://github.com/bluscreenofjeff/bluscreenofjeff.github.io/blob/master/_posts/2017-03-01-how-to-make-communication-profiles-for-empire.md)
* [Empire – Modifying Server C2 Indicators](http://threatexpress.com/2017/05/empire-modifying-server-c2-indicators/)
* [Hunting Red Team Empire C2 Infrastructure](http://www.chokepoint.net/2017/04/hunting-red-team-empire-c2.html)
* [Athena: The CIA’s RAT vs Empire](https://bneg.io/2017/05/22/athena-the-cias-rat-vs-empire/)
* Articles
* [Hunting Red Team Empire C2 Infrastructure](http://www.chokepoint.net/2017/04/hunting-red-team-empire-c2.html)
* [Athena: The CIA’s RAT vs Empire](https://bneg.io/2017/05/22/athena-the-cias-rat-vs-empire/)
* Customizing
* [Using PowerShell Empire with a Trusted Certificate](https://www.blackhillsinfosec.com/using-powershell-empire-with-a-trusted-certificate/)
* [How to Make Empire Communication profiles - bluescreenofjeff](https://github.com/bluscreenofjeff/bluscreenofjeff.github.io/blob/master/_posts/2017-03-01-how-to-make-communication-profiles-for-empire.md)
* [Empire – Modifying Server C2 Indicators](http://threatexpress.com/2017/05/empire-modifying-server-c2-indicators/)
* [Empire Domain Fronting](https://www.xorrior.com/Empire-Domain-Fronting/)
* [Empire without powershell](https://bneg.io/2017/07/26/empire-without-powershell-exe/)
--------------
##### <a name="hw"></a>HW
* [DigiDucky - How to setup a Digispark like a rubber ducky](http://www.redteamr.com/2016/08/digiducky/)
* [Bash Bunny](https://hakshop.com/products/bash-bunny)
* [How to Build Your Own Penetration Testing Drop Box - BHIS](https://www.blackhillsinfosec.com/?p=5156&)
* [P4wnP1](https://github.com/mame82/P4wnP1)
* P4wnP1 is a highly customizable USB attack platform, based on a low cost Raspberry Pi Zero or Raspberry Pi Zero W.
* [Contents of a Physical Pentester Backpack](https://www.tunnelsup.com/contents-of-a-physical-pen-testers-backpack/)
@ -289,18 +339,17 @@ Empire
--------------
##### <a name="hw"></a>HW
[DigiDucky - How to setup a Digispark like a rubber ducky](http://www.redteamr.com/2016/08/digiducky/)
[How to Build Your Own Penetration Testing Drop Box - BHIS](https://www.blackhillsinfosec.com/?p=5156&)
[P4wnP1](https://github.com/mame82/P4wnP1)
* P4wnP1 is a highly customizable USB attack platform, based on a low cost Raspberry Pi Zero or Raspberry Pi Zero W.
### Infrastructure
Infrastructure
* General
* [How to Build a C2 Infrastructure with Digital Ocean – Part 1](https://www.blackhillsinfosec.com/build-c2-infrastructure-digital-ocean-part-1/)
* [Infrastructure for Ongoing Red Team Operations](https://blog.cobaltstrike.com/2014/09/09/infrastructure-for-ongoing-red-team-operations/)
* [Automated Red Team Infrastructure Deployment with Terraform - Part 1](https://rastamouse.me/2017/08/automated-red-team-infrastructure-deployment-with-terraform---part-1/)
* [6 RED TEAM INFRASTRUCTURE TIPS](https://cybersyndicates.com/2016/11/top-red-team-tips/)
* [Migrating Your infrastructure](https://blog.cobaltstrike.com/2015/10/21/migrating-your-infrastructure/)
* Logging
* [Attack Infrastructure Log Aggregation and Monitoring](https://posts.specterops.io/attack-infrastructure-log-aggregation-and-monitoring-345e4173044e)
@ -334,10 +383,10 @@ Persistence Methods
--------------
### Tactics
Tactics
* Ideas
* [unindexed](https://github.com/mroth/unindexed/blob/master/README.md)
* The site is constantly searching for itself in Google, over and over and over, 24 hours a day. The instant it finds itself in Google search results, the site will instantaneously and irrevocably securely delete itself. Visitors can contribute to the public content of the site, these contributions will also be destroyed when the site deletes itself.
* [Hiding your process from sysinternals](https://riscybusiness.wordpress.com/2017/10/07/hiding-your-process-from-sysinternals/)
* Keying Payloads
* [Keying Payloads for Scripting Languages](https://adapt-and-attack.com/2017/11/15/keying-payloads-for-scripting-languages/)
* [GoGreen](https://github.com/leoloobeek/GoGreen/blob/master/README.md)


+ 1
- 826
Draft/things-added.md View File

@ -14,12 +14,6 @@
------------
## Anonymity/Privacy
[Discovering Browser Extensions via Web Accessible Resources - Chalmers security lab](http://www.cse.chalmers.se/research/group/security/publications/2017/extensions/codaspy-17-full.pdf)
[No boundaries: Exfiltration of personal data by session-replay scripts](https://freedom-to-tinker.com/2017/11/15/no-boundaries-exfiltration-of-personal-data-by-session-replay-scripts/)
[Data release: list of websites that have third-party “session replay” scripts ](https://webtransparency.cs.princeton.edu/no_boundaries/session_replay_sites.html)
@ -31,18 +25,10 @@
------------
## BIOS/UEFI
[Advanced Threat Research - Intel](http://www.intelsecurity.com/advanced-threat-research/index.html)
[Detecting BadBIOS, Evil Maids, Bootkits and Other Firmware Malware - Paul English and Lee Fisher](https://archive.org/details/seagl-2017)
* For attackers, platform firmware is the new Software. Most systems include hundreds of firmwares - UEFI or BIOS, PCIe expansion ROMs, USB controller drivers, storage controller host and disk/SSD drivers. Firmware-level hosted malware, bare-metal or virtualized, is nearly invisible to normal security detection tools, has full control of your system, and can often continue running even when the system is "powered off". Security Firms (eg, "Hacking Team" sell UEFI 0days to the highest bidder), and government agencies include firmware-level malware (eg, Wikileak'ed Vault7 CIA EFI malware). Defenders need to catch-up, and learn to defend their systems against firmware-level malware. In this presentation, we'll cover the NIST SP (147,147b,155,193) secure firmware guidance, for citizens, rather than vendors/enterprises. We'll discuss the problem of firmware-level malware, and cover some open source tools (FlashROM, CHIPSEC, etc.) to help detect malware on your system. We'll be discussing a new open source tool we've just released to help make it easier for you to do this check. You'll also get a nice paper tri-fold copy of our CHIPSEC Quick Reference for Sysadmins [note: we're all sysadmins for our own personal systems(!)], and some scary looking BadBIOS stickers for your laptop.
------------
## Building a Lab
[List of Vulnerable VMs](https://github.com/joe-shenouda/awesome-cyber-skills)
------------
## Car Hacking
@ -71,11 +57,6 @@
------------
## Crypto
[Applied-Crypto-Hardening](https://github.com/BetterCrypto/Applied-Crypto-Hardening)
* Best Current Practices regarding secure online communication and configuration of services using cryptography. https://bettercrypto.org
------------
## Crypto Currencies
@ -86,13 +67,6 @@
## Data Analysis/Visualization
[Just-Metadata](https://github.com/ChrisTruncer/Just-Metadata)
* Just-Metadata is a tool that can be used to gather intelligence information passively about a large number of IP addresses, and attempt to extrapolate relationships that might not otherwise be seen. Just-Metadata has "gather" modules which are used to gather metadata about IPs loaded into the framework across multiple resources on the internet. Just-Metadata also has "analysis" modules. These are used to analyze the data loaded Just-Metadata and perform various operations that can identify potential relationships between the loaded systems.
[Flowsynth](https://github.com/secureworks/Flowsynth)
* Flowsynth is a tool for rapidly modelling network traffic. Flowsynth can be used to generate text-based hexdumps of packets as well as native libpcap format packet captures.
------------
## Design
@ -106,7 +80,6 @@
------------
## Drones
[ArduPilot](http://ardupilot.org/ardupilot/index.html)
@ -124,10 +97,6 @@
## Embedded Devices/Hardware (Including Printers & PoS)
[Inside a low budget consumer hardware espionage implant](https://ha.cking.ch/s8_data_line_locator/)
@ -144,22 +113,12 @@
## Exploit Dev
[I want my EIP Mike Saunders AF - Derbycon7](https://www.youtube.com/watch?v=RceiWCFW8SU&index=9&list=PLNhlcxQZJSm-PKUZTYe1C94ymf0omysM3)
------------
## Forensics
[Practical Comprehensive Bounds on Surreptitious Communication Over DNS](http://www.icir.org/vern/papers/covert-dns-usec13.pdf)
[The art of iOS and iCloud forensics](https://blog.elcomsoft.com/2017/11/the-art-of-ios-and-icloud-forensics/)
[Fraud detection and forensics on telco networks - Hack.lu 2016](https://www.youtube.com/watch?v=09EAWT_F1ZA&app=desktop)
@ -177,21 +136,6 @@
## Game Hacking
[Introduction to Server Side Emulation - Corillian - tuts4you](https://tuts4you.com/download.php?view.2758)
[Creating a Packet Logger for Dragomon Hunter](https://0xbaadf00dsec.blogspot.com/2016/01/reverse-engineering-online-games.html)
[How to hack an MMO - Raph Koster - 2008](https://www.raphkoster.com/2008/04/17/how-to-hack-an-mmo/)
[Hack the Vote CTF "The Wall" Solution](https://zerosum0x0.blogspot.com/2016/11/hack-vote-wall-solution.html)
[OwnedCore](http://www.ownedcore.com/forums/)
[The Ultimate Online Game Hacking Resource](https://github.com/dsasmblr/hacking-online-games)
* From dissecting game clients to cracking network packet encryption, this is a go-to reference for those interested in the topic of hacking online games.
[+1,000,000 -0: Cloning a Game Using Game Hacking and Terabytes of Data](https://github.com/nickcano/gamehackingpres2016)
* In this talk, I'll provide a window into the warchest my team used to generate over a million lines of code. In particular, we created and used game hacks to process data from tens of millions of hours of in-game data and use the results to generate copies of a game's map, monsters, quests, items, spells, non-playable characters, and more. We also used a wiki crawler to obtain a large amount of data, generate additional code, and guide our cheat scripts in what to look for, clarify, and ignore. After explaining our end-game vision, I'll dive deep into the architecture of the game client, server and protocol. Once that's out of the way, I'll talk about the different types of hacks we used, how they work, and what data they were able to obtain. Once that's out of the way, I'll round out the story by explaining exactly what type of data we gathered and what parts of our toolkit we used to gather it.
@ -213,17 +157,6 @@
------------
## Interesting Things
[Ultimate beginners guide to phreaking v3.2 - 1999](http://web.textfiles.com/phreak/phreaking.txt)
[Kinetic to Digital Terrorism in the Digital Age Kyle Wilhoit](https://www.youtube.com/watch?v=IsaUuCrjXu4&index=24&list=PLNhlcxQZJSm-PKUZTYe1C94ymf0omysM3)
[How to safely conduct shenanigans EvilMog Renderman - Derbycon7](https://www.youtube.com/watch?v=Ca0DA9Dq1IA&index=61&list=PLNhlcxQZJSm-PKUZTYe1C94ymf0omysM3)
[Structured Text Tools](https://github.com/dbohdan/structured-text-tools)
* A list of command line tools for manipulating structured text data
[Blockchain Security research](https://gist.github.com/insp3ctre/403b8cb99eae2f52565874d8547fbc94)
* Open-source blockchain security research (contributions welcome!)
------------
@ -235,18 +168,6 @@
------------
## Malware
[IcoScript: using webmail to control malware](https://www.virusbulletin.com/virusbulletin/2014/08/icoscript-using-webmail-control-malware)
[To Catch a Spy Tyler Hudak - Derbycon7]()
[Malice](https://github.com/maliceio/malice)
* Malice's mission is to be a free open source version of VirusTotal that anyone can use at any scale from an independent researcher to a fortune 500 company.
[Interesting Malware - No, I’m not kidding... by Marion Marschalek](https://www.youtube.com/watch?v=u2Ry9HTBbZI)
[fastfluxanalysis](https://github.com/staaldraad/fastfluxanalysis)
* Scripts to detect Fast-Flux and DGA using DNS query responses
@ -260,83 +181,6 @@
------------
## Network Scanning and Attacks
[CVE-2017-7494](https://github.com/joxeankoret/CVE-2017-7494)
* Remote root exploit for the SAMBA CVE-2017-7494 vulnerability
Articles
[10 Places to Stick Your UNC Path - NetSPI](https://blog.netspi.com/10-places-to-stick-your-unc-path/)
[HPwn - HP printer security research code](https://github.com/foxglovesec/HPwn)
* This repository contains varios scripts and projects referenced in FoxGlove security's HP printer blogpost.
[HackerOne H1-212 Capture the Flag Solution - Corben Douglas](http://www.sxcurity.pro/H1-212%20CTF%20Solution.pdf)
LDAP
[Public Facing LDAP Enumeration](https://www.lanmaster53.com/2013/05/24/public-facing-ldap-enumeration/)
[Dangers of LDAP NULL Base and Bind](https://securitysynapse.blogspot.com/2013/09/dangers-of-ldap-null-base-and-bind.html)
NFS
[Using nfsshell to compromise older environments](https://www.pentestpartners.com/security-blog/using-nfsshell-to-compromise-older-environments/)
[Abusing Hardlinks Via NFS](http://pentestmonkey.net/blog/nfs-hardlink)
[Exploiting Network File System, (NFS), shares - vulnerabilityassessment.co.uk](http://www.vulnerabilityassessment.co.uk/nfs.htm)
[NFS: Network File System Protocol Specification - rfc1094](https://tools.ietf.org/html/rfc1094)
Pass-The-Hash
[Invoke-TheHash](https://github.com/Kevin-Robertson/Invoke-TheHash)
* Invoke-TheHash contains PowerShell functions for performing pass the hash WMI and SMB tasks. WMI and SMB services are accessed through .NET TCPClient connections. Authentication is performed by passing an NTLM hash into the NTLMv2 authentication protocol. Local administrator privilege is not required client-side.
Proxies
[SharpSocks](https://github.com/nettitude/SharpSocks)
* Tunnellable HTTP/HTTPS socks4a proxy written in C# and deployable via PowerShell
[ssf - Secure Socket Funneling](https://github.com/securesocketfunneling/ssf)
* Network tool and toolkit. It provides simple and efficient ways to forward data from multiple sockets (TCP or UDP) through a single secure TLS tunnel to a remote computer. SSF is cross platform (Windows, Linux, OSX) and comes as standalone executables.
[PowerCat](https://github.com/secabstraction/PowerCat)
* A PowerShell TCP/IP swiss army knife that works with Netcat & Ncat
Scanners
[PowerWebShot](https://github.com/dafthack/PowerWebShot)
* A PowerShell tool for taking screenshots of multiple web servers quickly.
[ScanCannon](https://github.com/johnnyxmas/ScanCannon)
* The speed of masscan with the reliability and detailed enumeration of nmap!
[Sn1per](https://github.com/1N3/Sn1per)
* Sn1per is an automated scanner that can be used during a penetration test to enumerate and scan for vulnerabilities.
Talks
[Secrets of DNS Ron Bowes - Derbycon4](https://www.youtube.com/watch?v=MgO-gPiVTSc)
Techniques
[A penetration tester’s guide to sub-domain enumeration](https://blog.appsecco.com/a-penetration-testers-guide-to-sub-domain-enumeration-7d842d5570f6)
[Sub-domain enumeration - Reference](https://gist.github.com/yamakira/2a36d3ae077558ac446e4a89143c69ab)
[SPEAR: Redirect to SMB](https://blog.cylance.com/content/dam/cylance/pdfs/white_papers/RedirectToSMB.pdf)
[Resurrection of the Living Dead: The “Redirect to SMB” Vulnerability](http://blog.trendmicro.com/trendlabs-security-intelligence/resurrection-of-the-living-dead-the-redirect-to-smb-vulnerability/)
[Shellshock and the Telnet USER Variable](https://digi.ninja/blog/telnet_shellshock.php)
* `telnet 10.1.1.1 -l "() { :;}; /usr/bin/id"`
Tools
[passivedns](https://github.com/gamelinux/passivedns)
* A tool to collect DNS records passively
[Dalton](https://github.com/secureworks/dalton)
* Dalton is a system that allows a user to quickly and easily run network packet captures ("pcaps") against an intrusion detection system ("IDS") sensor of his choice (e.g. Snort, Suricata) using defined rulesets and/or bespoke rules.
@ -345,30 +189,12 @@ Tools
------------
## Network Monitoring & Logging & Threat Hunting
[Infection Monkey](https://github.com/guardicore/monkey)
* The Infection Monkey is an open source security tool for testing a data center's resiliency to perimeter breaches and internal server infection. The Monkey uses various methods to self propagate across a data center and reports success to a centralized Command and Control(C&C) server.
[Hunting Red Team Empire C2 Infrastructure](http://www.chokepoint.net/2017/04/hunting-red-team-empire-c2.html)
[Get-InjectedThread.ps1](https://gist.github.com/jaredcatkinson/23905d34537ce4b5b1818c3e6405c1d2)
* Looks for threads that were created as a result of code injection.
------------