▒█████    █████▒ █████▒ ██████ ▓█████  ▄████▄ ██▒   █▓ ▄▄▄       █    ██  ██▓  ▄▄▄█████▓
▒██▒  ██▒▓██   ▒▓██   ▒▒██    ▒ ▓█   ▀ ▒██▀ ▀█▓██░   █▒▒████▄     ██  ▓██▒▓██▒  ▓  ██▒ ▓▒
▒██░  ██▒▒████ ░▒████ ░░ ▓██▄   ▒███   ▒▓█    ▄▓██  █▒░▒██  ▀█▄  ▓██  ▒██░▒██░  ▒ ▓██░ ▒░
▒██   ██░░▓█▒  ░░▓█▒  ░  ▒   ██▒▒▓█  ▄ ▒▓▓▄ ▄██▒▒██ █░░░██▄▄▄▄██ ▓▓█  ░██░▒██░  ░ ▓██▓ ░ 
░ ████▓▒░░▒█░   ░▒█░   ▒██████▒▒░▒████▒▒ ▓███▀ ░ ▒▀█░   ▓█   ▓██▒▒▒█████▓ ░██████▒▒██▒ ░ 
░ ▒░▒░▒░  ▒ ░    ▒ ░   ▒ ▒▓▒ ▒ ░░░ ▒░ ░░ ░▒ ▒  ░ ░ ▐░   ▒▒   ▓▒█░░▒▓▒ ▒ ▒ ░ ▒░▓  ░▒ ░░   
  ░ ▒ ▒░  ░      ░     ░ ░▒  ░ ░ ░ ░  ░  ░  ▒    ░ ░░    ▒   ▒▒ ░░░▒░ ░ ░ ░ ░ ▒  ░  ░    
░ ░ ░ ▒   ░ ░    ░ ░   ░  ░  ░     ░   ░           ░░    ░   ▒    ░░░ ░ ░   ░ ░   ░      
    ░ ░                      ░     ░  ░░ ░          ░        ░  ░   ░         ░  ░       
                                       ░           ░
OFFENSIVE | DEFENSIVE | CTF | TOOLS | ABOUT 





Hardening OS


Windows




Linux
Hardening Linux: Ubuntu 20.04







Protocols & Ports
HTTP or Hypertext Transfer Protocol | >>> 80 | TCP 
HTTPS or HTTP over TLS/SSL | >>> 443 | TCP/UDP 
DNS or Domain Name System | >>> 53 | UDP 
FTP or File Transfer protocol | >>> 20,21 | TCP 
SFTP or Secure File Transfer Protocol | >>> 115 | TCP 
SSH or Secure Shell | >>> 22 | TCP/UDP 
Telnet | >>> 23 | TCP 
NTP or Network Time Protocol | >>> 123 | UDP 
LDAP or Lightweight Directory Access Protocol | >>> 389 | TCP/UDP 
LDAP over TLS/SSL | >>> 636 | TCP 
LDAP Global Catalog | >>> 3268 | TCP 
SNMP or Simple Network Management Protocol | >>> 161,162 | TCP/UDP 
NetBIOS or Network Basic Input/Output System (session service) | >>> 135,139 | TCP/UDP 
MSRPC | >>> 135 | TCP/UDP 
NetBIOS Datagram Service | >>> 138 | UDP 
SMTP or Simple Mail Transfer Protocol | >>> 25 | TCP 
POP or Post Office Protocol | >>> 110 | TCP 
IMAP4 or Internet Message Access Protocol | >>> 143 | TCP/UDP 
RDP or Remote Desktop Protocol | >>> 3389 | TCP/UDP 
IRC or Internet Relay Chat | >>> 194 | TCP 
SMB or Server Message Block | >>> 445 | TCP 
TACACS or Terminal Access Controller Access-Control System | >>> 49 | TCP 
Kerberos | >>> 88 | TCP 
NFS or Network File System | >>> 2049 | TCP 
PPTP or Point to Point Tunneling Protocol | >>>  1723 | TCP 





Digital Forensics




Open Source Intelligence | OSINT


Domains | IP's




 bulkblacklist.com | >>> check reputation of IP addresses or domains in bulk.





 virustotal.com | >>> analyze suspicious files and URLs, hash, files, IP address & more.




 mxtoolbox.com | >>> check different info from domains, emails, IP addresses & more. 




 threatcrowd.org | >>> check threat information starting from domains, IP’s, email address  & more. 





 ipleak.net | >>> check IP’s or domains. 









Domains




 dnsdumpster.com | >>> dns recon, domains – subdomains & more.




 urlscan.io | >>> check for redirection, reputation and visualization of a webpage.




 urlvoid.com | >>> check for potential malicious websites.




 whois.net | >>> secure domain name searches.








IP Address




 ipinfo.io | >>>  check IP address location, ASN info & more. 




 robtex.com | >>> IP numbers, domain names, host names, autonomous systems, routes etc.




 talosintelligence.com | >>> analyze suspicious files and URLs, hash, files, IP address & more. 




 abuseipdb.com | >>> check IP address, network or domain location & reputation.








IOT




 camarasvialescr.com | >>> check info from webcams live-stream. country: Costa Rica. 




 shodan.io | >>> get information of lots of different IoT devices around the world. 








CVE's Database




 archive.org | >>> big timeline database of the internet.




 exploit-db.com | >>> very common exploit database.




 cve.mitre.org | >>> list of publicly disclosed cybersecurity vulnerabilities.




 cvedetails.com | >>> security vulnerability data-source.








Leaks




 dehashed.com | >>> get associated passwords leaked for specific email addresses.




 haveibeenpwned.com | >>> database of leaks, check if your email address was compromised or not.




 haveibeenzucked.com | >>> check if your personal data was part of the Facebook breach 2019.




 wikileaks.org | >>> search on Wikileaks.








Hardware




 devicehunt.com | >>> check info related to USB devices or system drivers.




 the-sz.com | >>> check for references about USB devices by Product ID, Vendor ID or name.








Web




 crxcavator.io | >>> check different Chrome extensions by ID to discover versioning, risk score & more.




 useragentstring.com | >>> check for different user_agents.








IoC's | Malware




 alienvault.com | >>> check for IoC’s.




 virustotal.com | >>> analyze suspicious files and URLs, hash, files, IP address & more.




 urlhaus.com | >>> find malicious URLs that are being used for malware distribution.




 malwarebazaar | >>> find malware samples.




 threatfox | >>> find IoC's from malware sample.








Human




 pimeyes.com | >>> face search engine & reverse image search.




 mailinator.com | >>> public email box.




 crunchbase.com | >>> find investors, companies, acquisitions & more.








GEO Localization




 maxmind.com | >>> GEO localization.








Decode | Decrypt




 unshorten.it | >>> inspect for real URLs behind a shortened URL.




 unicodelookup.com | >>> check for real unicode characters.










Active Defense & Cyber Deception
Canary Tokens - Type: adobe_pdf
md5:988a6b8993161c937aa53be041f5d709





Reverse Engineering
 crackmes.one | RE Challenges 
 ELF Architecture 



Tools
 hexdump 
 readelf 
 objdump 







Steganography
exiftool
rtfdump.py





Malware Analysis
 Malware Theory 
 better handling of samples: security tips 



Malware Lab
mounting FlareVM | FireEye Labs Advanced Reverse Engineering
network settings for malware analysis
INetSim configuration
mounting REMnux





Online Tools
 urlhaus | >>> malware database of URLs detected as part of malware distribution networks. 
 threatfox | >>> malware IoC’s database. 
 malpedia | >>> database of malware families. 
 malshare | >>> free malware repository, samples, YARA’s, feed’s & more. 
 file sigs | >>> from gary kessler. 
 any.run | >>> malware-trends. 
 virustotal | >>> analysis of files, links, hashes, & more. detect malware variants and categorize it. 



Sandboxing
hybrid-analysis
any.run
intezer
joe sandbox







Tools Usage
yarGen.py Tool | YARA rule generator
punbup.py Tool | McAfee decryptor for .bup files
md5:e4776e6dd105f950843ca5163ed42b31
strings Usage
base64 usage





Malware Samples
 The Zoo Project | >>> open available database created for malware analysis. 
 #mirrorblast | trehjugdr4et6u.msi 
 vxunderground github 
 zeltser.com | lookup malicious websites 
 Practical Malware Analysis & Triage Course 





Research
procmon common filters



Resources
NIST_SP_800-83r1.pdf





YARA Rules
.pdf files
md5:77d3f1e95d8c5bc1705a327929d3479b
.doc files
md5:21a6f501412637df38ca9b142fbc7397
mirrorblast rebol variant
md5:de560c8e2c5c91c496ef482a4439ef13









Threat Hunting
Windows Event ID's Collection
mounting Threat Persuit VM



Resources
red canary - 2021-Threat-Detection-Report.pdf
hunt-evil-practical-guide-threat-hunting.pdf
huntpedia.pdf
threat_hunting_for_dummies.pdf
ttp-based-hunting.pdf





MITRE ATT&CK®



MAPPING
QakBot / Pinkslipbot | .json file









Tools Usage
tcpdump Usage
docker Usage
wireshark usage





Engineering
Python Code
Bash Code