Cybsersecurity Resources #
Sites #
Threat Feeds #
- Senki -
senki.org/operators-security-toolkit/open-source-threat-intelligence-feeds - Open Threat Exchange -
cybersecurity.att.com/open-threat-xchange - MISP Threat sharing -
www.misp-project.org/feeds - ThreadFeeds -
threadfeeds.io - US Cybesecurity & Infrastructure Security Agency (CISA) -
www.cisa.gov- Every country has such an agency and feed, get familiar with it, based where you work
- US Department of Defence Cyber Crime Center -
www.dc3.mil - CISA’s automated Indicator Sharing (AIS)
- Microsoft -
http://www.microsoft.com/en-us/security/blog/topic/threat-intelligence - Cisco
- SANS Internet Storm Center -
isc.sans.org - Virusshare -
virusshare.com- …
Tools #
General #
- https://www.metasploit.com/
- https://www.zaproxy.org/
- https://nmap.org/
- https://www.metasploit.com/
- https://www.wireshark.org/
- https://portswigger.net/burp
- https://www.wigle.net/
- https://www.openwall.com/john/
- https://www.aircrack-ng.org/
- https://finchsec.com/courses/wifi-exploitation-101/
- https://github.com/aircrack-ng/aircrack-ng
- git@github.com:xwmx/airport.git
netstatfor checking all active ports- Wireshark - Sniff packets in local machine or network
Grouped #
Vulnerability Assessment and Management: a. Nessus: A vulnerability scanner that identifies potential weaknesses in networks, systems, and applications. b. OpenVAS: An open-source vulnerability scanner and manager with a large database of plugins. c. Qualys: A cloud-based platform for vulnerability management, compliance, and web application security.
Intrusion Detection and Prevention Systems (IDS/IPS): a. Snort: An open-source network intrusion detection and prevention system. b. Suricata: A high-performance network IDS/IPS with multi-threading capabilities. c. Zeek (formerly Bro): A powerful network security monitoring tool with deep protocol analysis.
Security Information and Event Management (SIEM): a. Splunk: A data analytics platform that provides real-time monitoring, log management, and threat intelligence. b. LogRhythm: An integrated platform for threat detection, response, and compliance. c. OSSIM: An open-source SIEM solution that combines multiple security tools and intelligence feeds.
Network Firewalls: a. pfSense: An open-source firewall and router solution based on FreeBSD. b. Fortinet: A range of high-performance, integrated security appliances for various network sizes. c. Cisco ASA: A series of adaptive security appliances for enterprises, providing firewall, VPN, and intrusion prevention services.
Endpoint Protection: a. Microsoft Defender: An antivirus and endpoint protection solution, integrated with Windows operating systems. b. Symantec Endpoint Protection: A comprehensive endpoint security solution, providing antivirus, firewall, and intrusion prevention. c. CrowdStrike Falcon: A cloud-based endpoint protection platform, offering next-gen antivirus, endpoint detection and response (EDR), and threat intelligence.
Web Application Firewalls (WAF): a. ModSecurity: An open-source WAF that protects web applications from common threats like SQL injection and cross-site scripting (XSS). b. Cloudflare: A cloud-based WAF, offering protection against DDoS attacks and other web application threats. c. Imperva: A WAF solution providing protection for applications, data, and APIs from various attack vectors.
Encryption and Privacy Tools: a. OpenSSL: An open-source toolkit for implementing the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols. b. GnuPG: An open-source implementation of the OpenPGP standard, allowing secure communication and data encryption. c. VeraCrypt: A free, open-source disk encryption software for protecting sensitive data.
Password Management and Authentication: a. LastPass: A cloud-based password manager for securely storing and managing passwords. b. KeePass: An open-source password manager, allowing users to store and manage passwords in an encrypted database. c. Duo Security: A multi-factor authentication solution that verifies users’ identities before granting access to applications.
Digital Forensics and Incident Response (DFIR): a. Autopsy: An open-source digital forensics platform for analyzing disk images, file systems, and memory dumps. b. Volatility: An open-source memory forensics framework for incident response and malware analysis. c. EnCase: A digital forensics and e-discovery software, widely used by law enforcement and corporate security teams.
Penetration Testing: a. Kali Linux: A Linux distribution designed for penetration testing, with preinstalled security tools like Metasploit, Nmap.
Google Hacking #
- Type
allinurl:tsweb/default.htmin google, returns Remote access connection pages. - Type
"intitle:NEssus Scan Report" "This file was generated by nessus"in google, returns vulnerability scans. - https://www.exploit-db.com/google-hacking-database
- https://github.com/laramies/metagoofil
- https://github.com/laramies/theharvester
- https://github.com/xmendez/wfuzz
Web Mirroring / Website footprinting #
- HTTrack
- Black Widow
- [WebRippter](https://webripper.software.informer.com/download/ (Not OFFICIAL DOWNLOAD)
- Backstreet Browser
- Use WGET
Podcasts #
Learn #
Social Engineering #
Others #
- https://cloudsecurityalliance.org/
- https://radar.cncf.io/2021-09-devsecops
- https://www.microsoft.com/en-us/securityengineering
- https://www.microsoft.com/en-us/securityengineering/opensource/
- OOSTMM - Open Source Security Testing Methodology Manual
- https://www.tenable.com/products/nessus
- Way Back Machine - (In history, some interesting formation can be found on company sites or so)
- Website watcher - Wath websites and notify if anything changes
- https://www.shodan.io/ - Find anything connected