All Security Engineering Courses

Online services for IP address research: 1. IPQualityScore - Assesses IP addresses for involvement in fraudulent activities. - Detects VPN and Proxy - Tracks device changes at a specific address - Scans for malicious content - Checks links for redirects or malicious payload 2. IPInfo - Has a very simple and user-friendly interface. - Geolocation detection - IP range search - IP and VPN detection 3. Maxmind - Particular attention to the precise determination of the IP address geolocation using GeoIP2 - Fraud detector - VPN and Proxy detector 4. VirusTotal - Particular attention is paid to the reputation of the IP address and its presence in various illegal activities. - Uses about 100 different tools to detect and review the activity of the IP addresses being investigated. 5. MxToolBox - Particular attention is paid to IP addresses linked to a specific domain. - An excellent tool for mass domain searches 6. IPVoid - A large number of tools for IP address research - Attention to spam and malware distribution.

🚨 Top Exploitation Tools for Red Teamers 🚨 Red Teaming demands cutting-edge tools to simulate advanced threats and uncover vulnerabilities. Here are essential tools to elevate your engagements and strengthen defenses: 1. Cobalt Strike - A full-featured platform for adversary simulations, offering everything from beaconing to post-exploitation. Customize it with Aggressor Scripts to adapt to any scenario. 2. Metasploit Framework - An open-source tool that serves as a platform for developing, testing, & executing exploits. - Includes 1000's of exploit modules for different vulnerabilities & facilitates payload generation, post-exploitation actions, & privilege escalation through meterpreter sessions. 3. Empire - A post-exploitation framework that supports both PowerShell & Python agents, offering flexibility across Windows & Linux environments. - Allows for remote execution of scripts, file management, keylogging, & other persistence mechanisms. 4. BloodHound - Used for AD enumeration & exploitation. It helps visualize & analyze AD environments, identifying attack paths to escalate privileges. - Leverages graph theory to map out relationships between users, computers, & groups to find the shortest paths to compromise high-value targets. 5. SilentTrinity - C#/.NET post-exploitation tool for Red Teaming, bypassing PowerShell restrictions with in-memory payloads, lateral movement, and credential dumping. 6. SharpHound & CrackMapExec - SharpHound is the data collection tool for BloodHound, used to enumerate the AD environment. - CrackMapExec is a Swiss Army knife for pentesting networks, allowing for enumeration, credential validation, & exploitation. 7. Pupy - A cross-platform (Windows, Linux, macOS, android) remote administration tool that focuses on stealthy post-exploitation. 8. Mimikatz - A staple for credential dumping & Kerberos ticket extraction. Essential for lateral movement and persistence. 9. Nishang - A PowerShell toolkit for offensive security, with scripts for exploitation, privilege escalation, persistence, & credential harvesting. 10. Sliver - Open-source adversary emulation framework supporting multi-protocol C2, custom payloads, & multi-platform attacks for Red Team operations. 11. Covenant - .NET-based C2 framework with in-memory task execution, web interface, and modules for post-exploitation to evade security controls. 12. Impacket - A collection of Python classes for working with network protocols, useful for exploiting various SMB-related vulnerabilities. - Commonly used tools include psexec.py for remote code execution, secretsdump.py for dumping credentials, & wmiexec.py for executing cmd. Best Practices for Using Exploitation Tools Use in-memory execution & obfuscation for stealth. Customize scripts to bypass security controls. Maintain OpSec with encrypted communications & rotating C2. Clean up artifacts to limit exposure.

Below is a small list of standard cyber kill chains. Lockheed Martin Cyber Kill Chain https://www.lockheedmartin.com/en-us/capabilities/cyber/cyber-kill-chain.html Unified Kill Chain https://unifiedkillchain.com/ Varonis Cyber Kill Chain https://www.varonis.com/blog/cyber-kill-chain Active Directory Attack Cycle https://github.com/infosecn1nja/AD-Attack-Defense MITRE ATT&CK Framework https://attack.mitre.org/