├── README.md ├── Day 2 - Linux Fundamentals └── Readme.md ├── Day 4 - Web Fundamentals └── README.md ├── Day 3 - Shell Scripting └── readme.md ├── Day 11 - Hunter How : Advanced OSINT Search Engine └── README.md ├── Day 5 - Search Engines and Dorking └── README.md ├── Day 13 - Disk Imaging and Data Acquisition └── README.md ├── Day 15 - Network Forensics and Packet Analysis └── README.md ├── Day 10 - Hunter.io : Email Discovery and Verification └── README.md ├── Day 9 - crt.sh - Exploring Certificate Transparency Logs └── README.md ├── Day 6 - Shodan: The Search Engine For Hackers └── README.md ├── Day 8 - FOFA: The Cybersecurity Asset Search Engine └── README.md ├── Day 7 - Censys: The Search Engine for Internet Assets └── README.md ├── Day 12 - Introduction to Digital Forensics └── README.md ├── Day 14 - Memory Forensics and Malware Analysis └── README.md └── Day 1 - Networking Essentials └── README.md /README.md: -------------------------------------------------------------------------------- 1 | # Cyber Genesis 🚀 2 | 3 | **Cyber Genesis** is a series designed to guide beginners on their journey into the world of Cybersecurity. Whether you're a tech enthusiast, a student, or a budding hacker, this series provides structured and practical learning to kickstart your cybersecurity career. 4 | 5 | --- 6 | 7 | ## 🚀 About the Series 8 | 9 | Cyber Genesis is an initiative by **[Varad Mene](https://github.com/menevarad007)**, an Ethical Hacker and Security Researcher, to make cybersecurity education accessible, engaging, and impactful. This 10-day series is designed to introduce essential cybersecurity concepts, tools, and techniques in a beginner-friendly way. 10 | 11 | --- 12 | 13 | ## 🔥 What You'll Learn 14 | 15 | Here’s what you’ll gain from this journey: 16 | 17 | 1. **Cybersecurity Basics** 18 | 2. **Networking Essentials** 19 | 3. **Linux for Hackers** 20 | 4. **Windows Security 101** 21 | 5. **Web Application Security** 22 | 6. **Introduction to Ethical Hacking** 23 | 7. **Cryptography Fundamentals** 24 | 8. **Cyber Threat Intelligence** 25 | 9. **Bug Bounty Hunting** 26 | 10. **Career in Cybersecurity** 27 | 28 | --- 29 | 30 | 31 | ## 🛠 Tools You'll Need 32 | 33 | - A laptop or PC with internet access 34 | - Virtualization software (e.g., VirtualBox or VMware) 35 | - Tools such as Nmap, Burp Suite, and Wireshark (installation guides included in the series) 36 | 37 | --- 38 | 39 | ## 🤝 Contributing 40 | 41 | Contributions are welcome! If you have suggestions, corrections, or additional resources to share, feel free to open a pull request. 42 | 43 | --- 44 | 45 | ## 📢 About the Author 46 | 47 | This series is initiated by **[Varad Mene](https://github.com/varadmene)**, an Ethical Hacker dedicated to enhancing cybersecurity awareness. 48 | Connect with me: 49 | - [GitHub](https://github.com/menevarad007) 50 | - [LinkedIn](http://www.linkedin.com/in/varadmene) 51 | - [Twitter](https://x.com/varad_mene) 52 | 53 | --- 54 | 55 | ## 🌟 Support 56 | 57 | If you find this repository helpful, please star ⭐ it and share it with others in the cybersecurity community. Together, let’s make the digital world safer! 58 | -------------------------------------------------------------------------------- /Day 2 - Linux Fundamentals/Readme.md: -------------------------------------------------------------------------------- 1 | # **Complete Beginner: Cybersecurity Essentials** 2 | 3 | Welcome to the **Complete Beginner's Guide**! This repository is designed to provide foundational knowledge for those stepping into the world of cybersecurity. It covers essential tools, techniques, and methodologies required to master the basics of Linux, networking, process management, and more. 4 | 5 | --- 6 | 7 | ## **Table of Contents** 8 | 9 | 1. [Linux Fundamentals](#linux-fundamentals) 10 | 2. [Networking Concepts](#networking-concepts) 11 | 3. [Nmap and Port Scanning](#nmap-and-port-scanning) 12 | 4. [Process Management in Linux](#process-management-in-linux) 13 | 5. [Text Editors and File Operations](#text-editors-and-file-operations) 14 | 6. [Cybersecurity Labs and Practice Pathways](#cybersecurity-labs-and-practice-pathways) 15 | 16 | --- 17 | 18 | ## **Linux Fundamentals** 19 | 20 | Master the most popular operating system used in cybersecurity: **Linux**. 21 | 22 | ### **Key Commands** 23 | - **Navigation:** 24 | - `ls`, `cd`, `pwd`: Navigate directories. 25 | - `find`, `grep`: Search for files or specific text. 26 | - **File Operations:** 27 | - `cat`, `touch`, `cp`, `mv`: View, create, copy, and move files. 28 | - **User Management:** 29 | - `chmod`: Change file permissions (e.g., `chmod 755 file.txt`). 30 | - `su`: Switch users. 31 | 32 | ### **Shell Operators** 33 | - `&`: Run commands in the background. 34 | - `>`: Redirect output to a file (overwrites). 35 | - `>>`: Append output to a file. 36 | 37 | ### **File Transfers** 38 | - **Wget:** Download files (`wget `). 39 | - **SCP:** Securely transfer files over SSH. 40 | 41 | --- 42 | 43 | ## **Networking Concepts** 44 | 45 | Understand the foundation of how devices communicate. 46 | 47 | ### **OSI Model** 48 | 49 | A layered model explaining how applications communicate over a network: 50 | 1. **Application Layer**: End-user interaction. 51 | 2. **Transport Layer**: Data flow control (TCP/UDP). 52 | 3. **Network Layer**: IP addressing and routing. 53 | 54 | ### **Networking Tools** 55 | - **Ping:** Test connectivity (`ping `). 56 | - **Traceroute:** Trace packet paths (`traceroute `). 57 | - **Whois:** Retrieve domain registration info (`whois `). 58 | - **Dig:** Perform DNS lookups (`dig `). 59 | 60 | --- 61 | 62 | ## **Nmap and Port Scanning** 63 | 64 | Discover open ports and vulnerabilities on a target system. 65 | 66 | ### **Port Types** 67 | - **Well-Known Ports:** 0-1023 (e.g., HTTP on port 80). 68 | - **Registered Ports:** 1024-49151. 69 | - **Dynamic Ports:** 49152-65535, often used for temporary connections. 70 | 71 | ### **Why Nmap?** 72 | - Identifies open, closed, or filtered ports on a target system. 73 | - Enumerates services and vulnerabilities on open ports. 74 | 75 | ### **Scan Types** 76 | - **TCP Connect Scan (-sT):** Full three-way handshake. 77 | - **SYN Scan (-sS):** Faster "half-open" scan. 78 | - **UDP Scan (-sU):** Probes UDP ports for responses. 79 | 80 | ### **Useful Switches** 81 | - `-p`: Specify ports. 82 | - `-A`: Enable OS and version detection. 83 | - `--top-ports`: Scan top-used ports. 84 | 85 | --- 86 | 87 | ## **Process Management in Linux** 88 | 89 | Manage and monitor system processes. 90 | 91 | ### **Viewing Processes** 92 | - **Commands:** 93 | - `ps`: View active processes (`ps aux`). 94 | - `top`: Real-time process monitoring. 95 | 96 | ### **Killing Processes** 97 | - `kill `: Terminate a process by its ID. 98 | - `killall `: Terminate all processes by name. 99 | - **Signals:** 100 | - `SIGTERM`: Graceful termination. 101 | - `SIGKILL`: Forceful termination. 102 | 103 | --- 104 | 105 | ## **Text Editors and File Operations** 106 | 107 | Learn to edit files and manage data efficiently. 108 | 109 | ### **Text Editors** 110 | - **Nano:** Beginner-friendly. Example: `nano file.txt`. 111 | - **VIM:** Advanced editor for power users. 112 | 113 | ### **File Commands** 114 | - `touch`: Create a file. 115 | - `rm`: Remove files or directories. 116 | - `cp`, `mv`: Copy and move files. 117 | 118 | --- 119 | 120 | ## **Cybersecurity Labs and Practice Pathways** 121 | 122 | Hands-on learning for practical experience. 123 | 124 | ### **Recommended Resources** 125 | 1. **Linux Fundamentals:** 126 | - [TryHackMe: Linux Fundamentals](https://tryhackme.com/module/linux-fundamentals) 127 | 2. **YouTube Playlist - Linux Essentials:** 128 | - [Linux Essentials YouTube Playlist](https://www.youtube.com/watch?v=Byx4sgLR88E&list=PL0tP8lerTbX1m-Z1Dj7M-k-PuKDNJkRul) 129 | 3. **OverTheWire Wargames:** 130 | - [OverTheWire: Wargames](https://overthewire.org/wargames/) 131 | 132 | --- 133 | 134 | ## **Created by:** 135 | ***Varad Mene*** 136 | 137 | --- 138 | 139 | ## **Contributing** 140 | 141 | Feel free to contribute by suggesting edits, adding more resources, or sharing your learning experiences. 142 | 143 | 144 | -------------------------------------------------------------------------------- /Day 4 - Web Fundamentals/README.md: -------------------------------------------------------------------------------- 1 | 2 | # **Cyber Genesis - Day 4: Web Fundamentals** 🌐 3 | --- 4 | 5 | Welcome to **Day 4 of the Cyber Genesis series!** 🚀 6 | Today, we explore the **Web Fundamentals**, the essential building blocks of the modern internet. Understanding web technologies is critical for both securing applications and identifying potential vulnerabilities. 7 | 8 | --- 9 | 10 | ## **What You’ll Learn** 11 | 12 | ### **1. HTML (HyperText Markup Language)** 13 | - The backbone of web pages, used to structure content. 14 | - **Key Elements**: 15 | - ``, ``, ``: The basic structure of a web page. 16 | - `
`, ``: Grouping and organizing content. 17 | - ``, ``: Adding links and images. 18 | 19 | **Example**: 20 | 21 | ```markdown 22 | 23 | 24 | 25 | My First Web Page 26 | 27 | 28 |

Welcome to Cyber Genesis!

29 |

This is a simple web page using HTML.

30 | 31 | 32 | ``` 33 | 34 | --- 35 | 36 | ### **2. CSS (Cascading Style Sheets)** 37 | - Adds style and layout to HTML pages. 38 | - **Key Concepts**: 39 | - **Selectors**: Target HTML elements for styling (e.g., `div`, `.class`, `#id`). 40 | - **Properties**: Control appearance (e.g., `color`, `margin`, `padding`). 41 | - **Responsive Design**: Use media queries to create mobile-friendly designs. 42 | 43 | **Example**: 44 | ```css 45 | body { 46 | background-color: #f9f9f9; 47 | font-family: Arial, sans-serif; 48 | } 49 | h1 { 50 | color: #0056b3; 51 | } 52 | ``` 53 | 54 | --- 55 | 56 | ### **3. JavaScript (JS)** 57 | - A scripting language for interactivity and logic on web pages. 58 | - **Key Features**: 59 | - Manipulating the DOM (Document Object Model). 60 | - Handling user events (e.g., clicks, form submissions). 61 | - Fetching data asynchronously using APIs (e.g., `fetch`). 62 | 63 | **Example**: 64 | ```javascript 65 | document.getElementById("myButton").addEventListener("click", function() { 66 | alert("Button Clicked!"); 67 | }); 68 | ``` 69 | 70 | --- 71 | 72 | ### **4. HTTP/HTTPS (Web Communication)** 73 | - **HTTP**: The protocol for transferring data on the web. 74 | - **HTTPS**: Secures HTTP communication with encryption (SSL/TLS). 75 | - **Key Concepts**: 76 | - **Request Methods**: GET, POST, PUT, DELETE. 77 | - **Status Codes**: 200 OK, 404 Not Found, 500 Internal Server Error. 78 | 79 | **Example**: 80 | Use browser developer tools to inspect HTTP requests and responses. 81 | 82 | --- 83 | 84 | ### **5. Cookies & Sessions** 85 | - **Cookies**: Small pieces of data stored on the client’s browser to maintain state. 86 | - **Sessions**: Server-side storage of user data for secure interactions. 87 | - **Example Use Case**: Storing user preferences or managing login sessions. 88 | 89 | --- 90 | 91 | ## **Practical Exercises** 92 | 93 | ### **1. Build a Simple Web Page** 94 | - Create an HTML file with the basic structure. 95 | - Add a styled heading and paragraph using CSS. 96 | - Use JavaScript to add interactivity (e.g., a button that shows an alert). 97 | 98 | ### **2. Explore HTTP Requests** 99 | - Open browser developer tools (F12) and inspect the **Network** tab. 100 | - Observe how resources (e.g., images, scripts) are requested and loaded. 101 | - Use tools like **Postman** or **cURL** to test HTTP methods (GET, POST). 102 | 103 | ### **3. Experiment with Cookies** 104 | - Set and retrieve cookies in your browser console using JavaScript. 105 | ```javascript 106 | document.cookie = "user=CyberGenesis; expires=Fri, 31 Dec 2024 23:59:59 GMT"; 107 | console.log(document.cookie); 108 | ``` 109 | 110 | --- 111 | 112 | ## **Resources for Day 4** 113 | 114 | ### **Interactive Labs** 115 | - [DNS in Detail - TryHackMe](https://tryhackme.com/r/room/dnsindetail) 116 | - [HTTP in Detail - TryHackMe](https://tryhackme.com/r/room/httpindetail) 117 | - [How Websites Work - TryHackMe](https://tryhackme.com/r/room/howwebsiteswork) 118 | - [Putting It All Together - TryHackMe](https://tryhackme.com/r/room/puttingitalltogether) 119 | 120 | ### **Guides and Documentation** 121 | - [HTML Basics - MDN Web Docs](https://developer.mozilla.org/en-US/docs/Web/HTML) 122 | - [CSS Fundamentals - MDN Web Docs](https://developer.mozilla.org/en-US/docs/Web/CSS) 123 | - [JavaScript Guide - MDN Web Docs](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Guide) 124 | - [HTTP Basics - DigitalOcean](https://www.digitalocean.com/community/tutorials/an-introduction-to-http-and-rest) 125 | - [Web Basic Concepts - TutorialsPoint](https://www.tutorialspoint.com/web_developers_guide/web_basic_concepts.htm) 126 | 127 | ### **Video Tutorials** 128 | - [HTML, CSS & JavaScript for Beginners](https://www.youtube.com/playlist?list=PL0tP8lerTbX2b6uoTk8c17aSDueOymJYZ) 129 | - [Understanding HTTP](https://www.youtube.com/playlist?list=PL0tP8lerTbX2VuN9XZZdmHTfDwjeHji8p) 130 | 131 | --- 132 | 133 | ## **Created by:** 134 | 135 | **Varad Mene** 136 | 137 | --- 138 | 139 | ## **Contributing** 140 | 141 | Feel free to contribute by suggesting edits, adding more resources, or sharing your learning experiences. 142 | -------------------------------------------------------------------------------- /Day 3 - Shell Scripting/readme.md: -------------------------------------------------------------------------------- 1 | # **Shell Scripting: Automate Your Cybersecurity Tasks** 2 | 3 | Welcome to the **Shell Scripting Guide**! This guide is designed to help you understand and master the basics of shell scripting, a powerful tool for automating repetitive tasks, improving efficiency, and solving complex problems in cybersecurity. 4 | 5 | --- 6 | 7 | ## **What You’ll Learn** 8 | 9 | - **What is Shell Scripting?** 10 | Writing and executing scripts to automate repetitive tasks and streamline workflows. 11 | - **Key Concepts**: 12 | - **Shell**: A shell is a command-line interface that allows users to interact with the operating system. Popular shells include: 13 | - Bash (Bourne Again Shell) 14 | - Zsh (Z Shell) 15 | - Ksh (Korn Shell) 16 | - Fish (Friendly Interactive Shell) 17 | - **Scripting**: Shell scripting refers to writing a script (a file containing shell commands) that the shell can execute. Scripts allow users to automate complex or repetitive tasks, simplifying system administration, configuration, and deployment. 18 | - **Syntax**: Shell scripting has its own syntax, including: 19 | - **Variables**: Used to store values (e.g., `name="John"`). 20 | - **Control structures**: Like loops (`for`, `while`), conditional statements (`if`, `else`), and case statements. 21 | - **Functions**: To encapsulate reusable logic. 22 | - **Redirection**: Allows input and output to be redirected to files or other commands (e.g., `>`, `>>`, `|`). 23 | - **Pipes**: Used to pass the output of one command to another as input. 24 | - **Basic Components**: 25 | - **Shebang (#!)**: The first line in a script that specifies the interpreter (e.g., `#!/bin/bash`). 26 | - **Commands**: Basic Unix commands like `echo`, `ls`, `cat`, `cp`, `rm` etc., are commonly used in scripts. 27 | - **Arguments**: Scripts can take arguments from the command line to modify their behavior. 28 | - **Loops**: To repeat tasks (e.g., `for`, `while` loops). 29 | - **Conditionals**: To perform different actions based on conditions (e.g., `if`, `else`). 30 | - **Error Handling**: Using exit statuses (`$?`) and `trap` for handling errors or signals. 31 | 32 | --- 33 | 34 | ## **Resources for Learning Shell Scripting** 35 | 36 | ### **1. Shell Scripting Basics** 37 | **What it Covers:** 38 | - Introduction to shell scripting and its importance. 39 | - Basics of script writing, including syntax, variables, and loops. 40 | - How to execute a shell script (`bash script.sh`). 41 | 42 | **Suggested Resources:** 43 | - [Learn Shell - Interactive Tutorial](https://www.learnshell.org/) 44 | - [GeeksforGeeks: Introduction to Linux Shell and Shell Scripting](https://www.geeksforgeeks.org/introduction-linux-shell-shell-scripting/) 45 | - [YouTube Playlist - Shell Scripting Basics](https://www.youtube.com/watch?v=TtGM9GfBuok&list=PL0tP8lerTbX3MeIyMxGW2sLhWnPdn_xhd) 46 | 47 | --- 48 | 49 | ### **2. Use Cases in Cybersecurity** 50 | **What it Covers:** 51 | - Practical applications of shell scripting in cybersecurity: 52 | - **Automating Nmap scans**: Write scripts to run scans and save results. 53 | - **Log Parsing**: Use `grep`, `awk`, and `sed` for analyzing logs. 54 | - **File Monitoring**: Create scripts to detect changes in system directories. 55 | 56 | **Suggested Resources:** 57 | - [YouTube Playlist - Advanced Shell Scripting](https://www.youtube.com/watch?v=2733cRPudvI&list=PLT98CRl2KxKGj-VKtApD8-zCqSaN2mD4w) 58 | 59 | --- 60 | 61 | ### **3. Advanced Scripting for Real-World Scenarios** 62 | **What it Covers:** 63 | - Using shell scripts for advanced tasks like: 64 | - Creating **cron jobs** for scheduled backups and scans. 65 | - Automating system health checks and anomaly detection. 66 | 67 | **Suggested Resources:** 68 | - [Bash Scripting Cheatsheet - Devhints](https://devhints.io/bash) 69 | - [OverTheWire: Narnia Wargames](https://overthewire.org/wargames/narnia/) 70 | 71 | --- 72 | 73 | ### **4. Video Tutorials** 74 | **What it Covers:** 75 | - Hands-on demonstrations and real-world examples for beginners. 76 | - Debugging scripts and writing efficient code. 77 | 78 | **Suggested Resources:** 79 | - [YouTube - Shell Scripting for Beginners](https://www.youtube.com/watch?v=v-F3YLd6oMw) 80 | - [YouTube Playlist - Shell Scripting Basics](https://www.youtube.com/watch?v=TtGM9GfBuok&list=PL0tP8lerTbX3MeIyMxGW2sLhWnPdn_xhd) 81 | 82 | --- 83 | 84 | ## **Action Plan** 85 | 86 | 1. **Write a Script**: 87 | Create a shell script to: 88 | - List files in a directory. 89 | - Print "Hello, Cybersecurity!" to the terminal. 90 | 91 | 2. **Challenge Yourself**: 92 | Extend the script to monitor changes in a directory using a loop. 93 | 94 | 3. **Practice Use Cases**: 95 | Automate a simple task like scanning ports using Nmap and saving the output. 96 | 97 | --- 98 | 99 | ## **Why Shell Scripting?** 100 | 101 | Shell scripting is a foundational skill for cybersecurity professionals. It allows you to: 102 | - Automate tedious tasks, saving time and effort. 103 | - Customize workflows for unique scenarios. 104 | - Gain control over system processes and logs. 105 | - Enhance your understanding of Linux and its tools. 106 | 107 | --- 108 | 109 | ## **Discussion** 110 | 111 | What tasks have you automated with shell scripting? 112 | Share your insights or challenges in the **GitHub discussions** or your community forums. 113 | 114 | --- 115 | 116 | ## **Explore the Repository** 117 | 118 | For more details, check out the **Cyber Genesis Repository**: 119 | [**Cyber Genesis GitHub Repository**](https://github.com/HICA-SSPU/Cyber_Genesis/tree/main) 120 | 121 | --- 122 | 123 | ## **Created by:** 124 | 125 | **Varad Mene** 126 | 127 | --- 128 | 129 | ## **Contributing** 130 | 131 | Feel free to contribute by suggesting edits, adding more resources, or sharing your learning experiences. 132 | -------------------------------------------------------------------------------- /Day 11 - Hunter How : Advanced OSINT Search Engine/README.md: -------------------------------------------------------------------------------- 1 | # **Cyber Genesis - Day 11 : Hunter.How - Advanced OSINT Search Engine** 🌐 2 | 3 | Welcome to **Day 11 of the Cyber Genesis series!** 🚀 4 | Today, we’re exploring **Hunter How**, an advanced OSINT (Open-Source Intelligence) search engine. Designed for cybersecurity professionals and OSINT enthusiasts, Hunter How aggregates and organizes public data to uncover valuable insights about domains, IPs, and more. Let’s dive into this powerful tool! 🔍 5 | 6 | --- 7 | 8 | ## **What is Hunter.How?** 9 | 10 | **Hunter How** is an OSINT search engine that simplifies the process of collecting and analyzing public data. It enables users to search for critical information about: 11 | - **Domains**: Ownership, associated subdomains, and server details. 12 | - **IPs**: Geolocation, service banners, and open ports. 13 | - **Certificates**: SSL/TLS details and transparency logs. 14 | 15 | Hunter How is an essential tool for reconnaissance, vulnerability assessment, and threat hunting. 16 | 17 | --- 18 | 19 | ## **Key Features of Hunter How** 20 | 21 | 1. **Domain Information** 22 | - Collects ownership details, DNS records, and subdomains associated with a target domain. 23 | 24 | 2. **IP Analysis** 25 | - Provides information on IP geolocation, open ports, and running services. 26 | 27 | 3. **SSL/TLS Certificate Insights** 28 | - Tracks certificates issued for domains, their validity, and potential misconfigurations. 29 | 30 | 4. **Search Customization** 31 | - Supports filters and advanced queries for refining search results. 32 | 33 | 5. **Historical Data** 34 | - Tracks historical changes for domains, IPs, and certificates, useful for monitoring and investigations. 35 | 36 | --- 37 | 38 | ## **How to Use Hunter How** 39 | 40 | ### **1. Domain Search** 41 | - Enter the target domain (e.g., `example.com`) to uncover: 42 | - Subdomains. 43 | - DNS records (A, MX, CNAME, etc.). 44 | - Associated IP addresses. 45 | 46 | ### **2. IP Search** 47 | - Input an IP address to gather: 48 | - Location details. 49 | - Open ports and services running on them. 50 | - Associated domains or reverse DNS records. 51 | 52 | ### **3. Certificate Analysis** 53 | - Discover SSL/TLS certificates issued for a domain. 54 | - Verify certificate validity and look for expired or misconfigured certificates. 55 | 56 | --- 57 | 58 | ## **Practical Use Cases** 59 | 60 | ### **1. Reconnaissance** 61 | **Purpose**: Gather detailed information about a target organization. 62 | **Action**: Search for `example.com` to uncover subdomains, associated IPs, and DNS records. 63 | 64 | ### **2. Threat Hunting** 65 | **Purpose**: Identify exposed assets or misconfigured services. 66 | **Action**: Search for open ports on a specific IP range. 67 | 68 | ### **3. Monitoring Domain Security** 69 | **Purpose**: Detect changes in DNS records, certificates, or newly discovered subdomains. 70 | **Action**: Regularly search for updates related to a domain. 71 | 72 | --- 73 | 74 | ## **Hunter How vs Other Tools** 75 | 76 | | **Feature** | **Hunter How** | **Shodan** | **crt.sh** | 77 | |---------------------------|-------------------------------|----------------------------|----------------------------| 78 | | **Focus** | Comprehensive OSINT Data | Device Metadata | Certificate Transparency | 79 | | **Subdomain Enumeration**| Advanced | Moderate | Basic | 80 | | **Port Scanning** | Yes | Yes | No | 81 | | **Certificate Details** | Yes | Limited | Advanced | 82 | 83 | --- 84 | 85 | ## **Automating Hunter How** 86 | 87 | ### **Python Script for Domain Recon** 88 | Below is a Python script for automating domain recon using Hunter How's API: 89 | ```python 90 | import requests 91 | 92 | API_KEY = "your_api_key_here" 93 | DOMAIN = "example.com" 94 | 95 | url = f"https://hunter.how/api/search?domain={DOMAIN}&api_key={API_KEY}" 96 | response = requests.get(url) 97 | 98 | if response.status_code == 200: 99 | data = response.json() 100 | print(f"Results for {DOMAIN}:") 101 | for record in data.get("records", []): 102 | print(record) 103 | else: 104 | print(f"Error: Unable to fetch data for {DOMAIN}") 105 | ``` 106 | 107 | --- 108 | 109 | ## **Practical Exercises** 110 | 111 | ### **1. Domain Reconnaissance** 112 | Search for a target domain (`example.com`) and analyze: 113 | - Subdomains. 114 | - DNS records. 115 | - Associated IPs. 116 | 117 | ### **2. SSL/TLS Certificate Analysis** 118 | Find certificates issued to a domain and check for misconfigurations or expiry dates. 119 | 120 | ### **3. Threat Assessment** 121 | Search for open ports and services on a specific IP (`192.168.1.1`). 122 | 123 | --- 124 | 125 | ## **Ethics and Legal Considerations** 126 | 127 | **Responsible Use**: Hunter How provides powerful OSINT capabilities that must be used responsibly. Always ensure: 128 | - **You have authorization** to investigate domains, IPs, or certificates. 129 | - **You comply with laws and regulations** related to data usage and privacy. 130 | - **You avoid malicious or unethical behavior** while using the tool. 131 | 132 | --- 133 | 134 | ## **Resources for Day 11** 135 | 136 | ### **Official Resources** 137 | - [Hunter How Official Website](https://hunter.how/) 138 | 139 | ### **Interactive Labs** 140 | - Explore OSINT challenges on platforms like TryHackMe or HackTheBox using Hunter How. 141 | 142 | --- 143 | 144 | ## **Created by:** 145 | 146 | **Raman Mohurle & Varad Mene** 147 | 148 | --- 149 | 150 | ## **Contributing** 151 | 152 | Feel free to contribute by suggesting edits, adding more resources, or sharing your learning experiences. 153 | -------------------------------------------------------------------------------- /Day 5 - Search Engines and Dorking/README.md: -------------------------------------------------------------------------------- 1 | # **Cyber Genesis - Day 5: Search Engine and Dorking** 🔍 2 | 3 | Welcome to **Day 5 of the Cyber Genesis series!** 🚀 4 | Today, we’ll explore the fascinating world of **Search Engines and Dorking**, a powerful reconnaissance technique used in cybersecurity and OSINT. Dorking involves crafting advanced search queries to extract specific information from public sources. Let’s dive in! 5 | 6 | --- 7 | 8 | ## **1. What is Dorking?** 9 | 10 | **Dorking** (also known as Google Hacking) is a technique used to extract sensitive or hidden information from public search engines by using advanced operators and specific search queries. This method takes advantage of misconfigurations, indexing errors, and poorly managed data on websites. 11 | 12 | ### **Key Uses of Dorking**: 13 | - Identifying exposed sensitive files (e.g., `.pdf`, `.xls`, `.doc`). 14 | - Finding login portals, admin panels, or error pages. 15 | - Searching for misconfigured databases or IoT devices. 16 | - Gathering reconnaissance data during penetration testing or OSINT investigations. 17 | 18 | ### **Examples of Dorking**: 19 | - Find confidential PDFs: `site:example.com filetype:pdf confidential` 20 | - Discover login pages: `inurl:login site:example.com` 21 | - Exposed directories: `intitle:"index of" "passwords"` 22 | 23 | --- 24 | 25 | ## **2. 20 Common Dorks** 26 | 27 | Below are 20 useful dorks categorized by their purpose: 28 | 29 | ### **File Discovery**: 30 | 1. `filetype:pdf site:example.com` - Search for PDF files on a site. 31 | 2. `filetype:docx confidential` - Find Word documents marked as confidential. 32 | 3. `filetype:xls "email"` - Look for Excel files containing email addresses. 33 | 34 | ### **Open Directories**: 35 | 4. `intitle:"index of" "backup"` - Find directories containing backups. 36 | 5. `intitle:"index of" "private"` - Locate private directories. 37 | 38 | ### **Login Pages**: 39 | 6. `inurl:admin site:example.com` - Search for admin login pages on a site. 40 | 7. `intitle:"login" site:example.com` - Locate general login pages. 41 | 42 | ### **Configuration Files**: 43 | 8. `filetype:env DB_PASSWORD` - Look for `.env` files exposing database credentials. 44 | 9. `filetype:yaml credentials` - Discover YAML files containing credentials. 45 | 46 | ### **Vulnerable Devices**: 47 | 10. `inurl:camera intitle:"webcam"` - Search for exposed webcams. 48 | 11. `port:21 ftp` - Discover open FTP servers using Shodan. 49 | 50 | ### **Exposed APIs**: 51 | 12. `inurl:api` - Find public-facing API endpoints. 52 | 13. `filetype:json api_key` - Search for exposed API keys in JSON files. 53 | 54 | ### **Error Messages**: 55 | 14. `intitle:"error" "sql syntax"` - Find SQL error messages that reveal database structure. 56 | 15. `intitle:"error" "404"` - Locate broken links or error pages. 57 | 58 | ### **Sensitive Pages**: 59 | 16. `site:example.com "confidential"` - Search for pages marked as confidential. 60 | 17. `site:example.com "not for public distribution"` - Locate restricted content. 61 | 62 | ### **Usernames and Passwords**: 63 | 18. `filetype:txt "username" "password"` - Find text files with potential credentials. 64 | 19. `inurl:password filetype:log` - Discover log files containing passwords. 65 | 66 | ### **Source Code**: 67 | 20. `filetype:php site:example.com` - Locate PHP files on a specific site. 68 | 69 | --- 70 | 71 | ## **3. Dorking on Common Search Engines** 72 | 73 | ### **1. Google** 74 | Google is the most popular and versatile search engine for dorking. It supports advanced operators like `site:`, `intitle:`, `inurl:`, `filetype:`, and `cache:`. 75 | 76 | **Pros**: 77 | - Vast index covering most of the web. 78 | - Supports advanced and complex queries. 79 | 80 | **Cons**: 81 | - May block automated queries or frequent searches. 82 | 83 | ### **2. Bing** 84 | Bing is a great alternative to Google and often yields different results because of its indexing algorithm. 85 | 86 | **Unique Features**: 87 | - Supports similar operators like `site:` and `filetype:`. 88 | - Offers results that may not appear on Google due to different indexing policies. 89 | 90 | ### **3. DuckDuckGo** 91 | DuckDuckGo prioritizes privacy and does not track user data. It provides slightly different results and respects user anonymity. 92 | 93 | **Key Features**: 94 | - **Bang Commands**: Use `!g` to search Google or `!b` to search Bing directly. 95 | - Useful for OSINT when privacy is a concern. 96 | 97 | --- 98 | 99 | ## **4. Why Use Multiple Search Engines?** 100 | 101 | Using multiple search engines for the same task ensures: 102 | - **Comprehensive Results**: Each search engine uses a different indexing algorithm, providing varied results. 103 | - **Bypassing Restrictions**: Some content may be excluded from Google but appear on Bing or DuckDuckGo. 104 | - **Enhanced Privacy**: Using privacy-focused engines like DuckDuckGo prevents tracking and profiling. 105 | 106 | --- 107 | 108 | ## **Practical Exercises** 109 | 110 | ### **1. Google Dorking Challenge** 111 | - Use Google to find publicly accessible login pages or directories. 112 | - Example: `site:example.com inurl:admin`. 113 | 114 | ### **2. Compare Results Across Search Engines** 115 | - Perform the same query (e.g., `filetype:pdf site:example.com`) on Google, Bing, and DuckDuckGo. 116 | - Note differences in the results and identify the most comprehensive engine for your needs. 117 | 118 | --- 119 | 120 | ## **Resources for Day 5** 121 | 122 | ### **Guides and Cheat Sheets** 123 | - [Google Dorking Cheat Sheet - Exploit-DB](https://www.exploit-db.com/google-hacking-database) 124 | 125 | ### **Search Engine Links** 126 | - [Google Advanced Search](https://www.google.com/advanced_search) 127 | - [Bing Search](https://www.bing.com) 128 | - [DuckDuckGo](https://duckduckgo.com/) 129 | - [Bug Bounty Helper](https://dorks.faisalahmed.me/) 130 | - [Mr.dorker](https://mr-dorker.onrender.com/login) 131 | 132 | ### **YouTube Tutorials** 133 | - [Google Dorking Basics](https://www.youtube.com/playlist?list=PL0tP8lerTbX1bDQ2K1LhRXk1mHQ1ePhVj) 134 | 135 | --- 136 | 137 | ## **Created by:** 138 | 139 | **Raman Mohurle & Varad Mene** 140 | 141 | --- 142 | 143 | ## **Contributing** 144 | 145 | Feel free to contribute by suggesting edits, adding more resources, or sharing your learning experiences. 146 | 147 | ## **Upcoming!!** 148 | 149 | **Specialized search engines with detailed information will be updated in the coming days. Stay tuned!** 150 | -------------------------------------------------------------------------------- /Day 13 - Disk Imaging and Data Acquisition/README.md: -------------------------------------------------------------------------------- 1 | # **Cyber Genesis - Day 13: Disk Imaging and Data Acquisition** 🛠️🔍 2 | 3 | Welcome to **Day 13 of the Cyber Genesis series!** 🚀 4 | Today, we focus on one of the most critical stages of digital forensics: **Disk Imaging and Data Acquisition**. This step ensures evidence is preserved in a forensically sound manner, maintaining its integrity for analysis and legal admissibility. 5 | 6 | --- 7 | 8 | ## **What is Disk Imaging and Data Acquisition?** 9 | 10 | **Disk Imaging** is the process of creating a **bit-by-bit copy** of a digital storage device (e.g., hard drives, SSDs, USBs). This ensures that the original evidence remains untouched while investigators analyze the duplicate. 11 | 12 | **Data Acquisition** refers to securely collecting data from storage devices, ensuring no tampering or loss of integrity. 13 | 14 | --- 15 | 16 | ## **Why is Disk Imaging Important?** 17 | 18 | 1. **Preservation of Evidence** 19 | - Ensures the original evidence remains unaltered. 20 | - The forensic image serves as the “working copy” for analysis. 21 | 22 | 2. **Integrity Verification** 23 | - Hash values (MD5/SHA1/SHA256) are generated to verify the image’s integrity. 24 | 25 | 3. **Legal Admissibility** 26 | - Forensic imaging maintains a clear chain-of-custody, making evidence admissible in court. 27 | 28 | 4. **Repeatability** 29 | - Investigators can replicate the analysis using identical copies of the image. 30 | 31 | --- 32 | 33 | ## **Types of Disk Images** 34 | 35 | 1. **Raw Image Format (.dd/.img)** 36 | - A bit-for-bit copy of the original disk. 37 | - Tool: `dd` (Linux). 38 | 39 | 2. **E01 (Expert Witness Format)** 40 | - Compresses the disk image and stores metadata like hash values and acquisition logs. 41 | - Tool: FTK Imager. 42 | 43 | 3. **AFF (Advanced Forensic Format)** 44 | - Open-source format that allows for compression and encryption. 45 | 46 | --- 47 | 48 | ## **Tools for Disk Imaging and Data Acquisition** 49 | 50 | ### **1. FTK Imager** (GUI Tool) 51 | **Description**: FTK Imager is a user-friendly tool for creating forensic images and verifying their integrity. 52 | - **Features**: 53 | - Supports raw (`.dd`) and E01 formats. 54 | - Preview files without altering them. 55 | - Generate MD5/SHA hash values for verification. 56 | 57 | **Steps to Use FTK Imager**: 58 | 1. Download and install **FTK Imager**. 59 | 2. Connect the target device (e.g., hard drive or USB). 60 | 3. Open FTK Imager and select: 61 | - **File > Create Disk Image**. 62 | 4. Choose the source (physical drive) and output format (e.g., E01). 63 | 5. Verify integrity using generated hash values. 64 | 65 | --- 66 | 67 | ### **2. `dd` Command (Linux CLI)** 68 | **Description**: `dd` is a powerful command-line utility for creating raw disk images. 69 | 70 | **Syntax**: 71 | ```bash 72 | dd if=/dev/sdX of=/path/to/image.dd bs=4M status=progress 73 | ``` 74 | - **if**: Input file (source drive). 75 | - **of**: Output file (destination for image). 76 | - **bs**: Block size (recommended: 4M for faster imaging). 77 | - **status=progress**: Displays progress while creating the image. 78 | 79 | **Example**: 80 | ```bash 81 | dd if=/dev/sdb of=/home/user/forensic_image.dd bs=4M status=progress 82 | ``` 83 | 84 | **Verify Image Integrity**: 85 | Use `md5sum` or `sha256sum` to generate and compare hashes: 86 | ```bash 87 | md5sum /path/to/image.dd 88 | ``` 89 | 90 | --- 91 | 92 | ### **3. iMazing** (For Mobile Data Extraction) 93 | **Description**: iMazing is a tool for securely extracting data from iOS devices (iPhones/iPads). 94 | 95 | **Features**: 96 | - Recover messages, call logs, photos, and app data. 97 | - Useful for mobile forensics and iOS data acquisition. 98 | 99 | **Resource**: 100 | - [Read the iMazing Blog Guide](https://bytebloggerbase.com/main/6746138ef8f9136ee7864762). 101 | 102 | --- 103 | 104 | ### **4. Guymager** (Linux GUI Tool) 105 | **Description**: Guymager is an open-source disk imaging tool with a graphical interface. 106 | - **Features**: 107 | - Supports `.dd` and `.E01` formats. 108 | - Generates hash values for integrity verification. 109 | 110 | **Installation on Linux**: 111 | ```bash 112 | sudo apt-get install guymager 113 | ``` 114 | 115 | --- 116 | 117 | ## **Best Practices for Disk Imaging** 118 | 119 | 1. **Use Write-Blockers** 120 | - Write-blockers ensure no modifications are made to the target device during imaging. 121 | 122 | 2. **Generate Hash Values** 123 | - Calculate hash values before and after imaging to ensure integrity. 124 | 125 | 3. **Use Proper Storage** 126 | - Store forensic images on dedicated external storage or servers. 127 | 128 | 4. **Document Chain of Custody** 129 | - Maintain detailed logs of who handled the evidence, when, and how. 130 | 131 | --- 132 | 133 | ## **Practical Exercise** 134 | 135 | ### **Scenario:** 136 | A USB drive is suspected to contain malicious or stolen data. 137 | 138 | #### **Steps to Investigate**: 139 | 1. **Create a Forensic Image** 140 | - Use **FTK Imager** or the `dd` command to create an image of the USB. 141 | - Example (`dd`): 142 | ```bash 143 | dd if=/dev/sdb of=/home/user/usb_image.dd bs=4M status=progress 144 | ``` 145 | 146 | 2. **Verify Integrity** 147 | - Generate and compare MD5 or SHA256 hash values. 148 | - Example: 149 | ```bash 150 | md5sum /home/user/usb_image.dd 151 | ``` 152 | 153 | 3. **Analyze the Image** 154 | - Use tools like **Autopsy** or **Sleuth Kit** to search for deleted files, metadata, or suspicious data. 155 | 156 | --- 157 | 158 | ## **Resources for Day 13** 159 | 160 | ### **Official Resources** 161 | - [FTK Imager Download and Guide](https://www.exterro.com/digital-forensics-software/ftk-imager) 162 | - [iMazing Blog Guide](https://bytebloggerbase.com/main/6746138ef8f9136ee7864762) 163 | 164 | ### **Interactive Labs** 165 | - **TryHackMe**: [Disk Imaging Room](https://tryhackme.com/r/room/autopsy2ze0) 166 | - **Cyber Defenders**: Disk Imaging Challenges. 167 | 168 | --- 169 | 170 | ## **Ethics and Legal Considerations** 171 | 172 | 1. **Integrity**: Always use tools that preserve evidence without modification. 173 | 2. **Privacy**: Only analyze data when authorized to do so. 174 | 3. **Chain of Custody**: Maintain detailed logs to ensure evidence is admissible in court. 175 | 176 | --- 177 | 178 | ## **Created by:** 179 | 180 | **Varad Mene** 181 | 182 | --- 183 | 184 | ## **Contributing** 185 | Feel free to contribute by suggesting edits, adding more resources, or sharing your learning experiences. 186 | -------------------------------------------------------------------------------- /Day 15 - Network Forensics and Packet Analysis/README.md: -------------------------------------------------------------------------------- 1 | # **Cyber Genesis - Day 15: Network Forensics and Packet Analysis** 🌐📡 2 | 3 | Welcome to **Day 15 of the Cyber Genesis series!** 🚀 4 | Today, we dive into **Network Forensics and Packet Analysis**, where we learn how to investigate network traffic to detect anomalies, trace intrusions, and uncover malicious activities. This essential skill is crucial for identifying threats in real time and reconstructing past incidents. 5 | 6 | --- 7 | 8 | ## **What is Network Forensics?** 9 | 10 | **Network Forensics** is the process of capturing, recording, and analyzing network traffic to identify security incidents, detect data breaches, or troubleshoot network performance issues. 11 | 12 | --- 13 | 14 | ### **Why is Network Forensics Important?** 15 | 16 | 1. **Incident Detection and Response** 17 | - Identify unauthorized access, data exfiltration, or malware communication. 18 | 19 | 2. **Tracing Intrusion Sources** 20 | - Analyze attack paths and trace malicious actors back to their origin. 21 | 22 | 3. **Evidence Collection** 23 | - Provide actionable insights and evidence for legal or remediation purposes. 24 | 25 | --- 26 | 27 | ## **Key Concepts in Network Forensics** 28 | 29 | 1. **Packet Capture (PCAP)** 30 | - Capturing raw network traffic for analysis. 31 | 32 | 2. **Protocols to Analyze** 33 | - HTTP, HTTPS, FTP, DNS, TCP, UDP, and ICMP. 34 | 35 | 3. **Indicators of Compromise (IoCs)** 36 | - Suspicious IPs, unusual ports, unexpected protocols, and malicious payloads. 37 | 38 | 4. **File Extraction from Traffic** 39 | - Extracting files (e.g., images, executables) embedded in network traffic. 40 | 41 | --- 42 | 43 | ## **Tools for Network Forensics and Packet Analysis** 44 | 45 | ### **1. Wireshark** 46 | **Description**: A powerful GUI-based tool for packet capture and analysis. 47 | - **Features**: 48 | - Inspect packets for protocols like HTTP, DNS, TCP, and ICMP. 49 | - Reconstruct streams to view entire conversations. 50 | - Filter traffic using powerful display filters. 51 | 52 | **Example Wireshark Filter**: 53 | ```plaintext 54 | http.request or tcp.port == 443 55 | ``` 56 | 57 | --- 58 | 59 | ### **2. Tcpdump** 60 | **Description**: A command-line tool for capturing and analyzing packets. 61 | - **Usage**: 62 | - Capture all traffic on interface `eth0`: 63 | ```bash 64 | tcpdump -i eth0 -w capture.pcap 65 | ``` 66 | - Display DNS queries: 67 | ```bash 68 | tcpdump -i eth0 port 53 69 | ``` 70 | 71 | --- 72 | 73 | ### **3. Zeek (formerly Bro)** 74 | **Description**: A network security monitoring tool for analyzing network logs. 75 | - **Features**: 76 | - Generate logs for protocols (e.g., HTTP, DNS). 77 | - Detect anomalies in network traffic. 78 | 79 | --- 80 | 81 | ### **4. NetworkMiner** 82 | **Description**: A forensic analysis tool for extracting files and metadata from PCAPs. 83 | - **Features**: 84 | - File extraction: Extract files embedded in network traffic. 85 | - Metadata analysis: View details like IP addresses and hostnames. 86 | 87 | --- 88 | 89 | ### **5. Suricata** 90 | **Description**: An open-source intrusion detection and prevention system (IDS/IPS). 91 | - **Features**: 92 | - Analyze packets for signatures of known threats. 93 | - Detect unusual patterns in real-time traffic. 94 | 95 | --- 96 | 97 | ## **Network Forensics Workflow** 98 | 99 | ### **Step 1: Capture Traffic** 100 | - Use tools like **Wireshark** or **Tcpdump** to collect network traffic. 101 | - Save the traffic in `.pcap` format for further analysis. 102 | 103 | ### **Step 2: Filter and Inspect Traffic** 104 | - Use Wireshark or Tcpdump filters to narrow down traffic based on protocols or IPs. 105 | - Example: Filter HTTP requests in Wireshark: 106 | ```plaintext 107 | http.request 108 | ``` 109 | 110 | ### **Step 3: Extract Artifacts** 111 | - Use tools like **NetworkMiner** to extract files or credentials from the traffic. 112 | 113 | ### **Step 4: Detect Suspicious Patterns** 114 | - Look for unusual traffic, like communication with unknown IPs or abnormal protocol usage. 115 | - Use tools like **Zeek** or **Suricata** to identify anomalies. 116 | 117 | --- 118 | 119 | ## **Practical Exercise** 120 | 121 | ### **Scenario**: 122 | A company suspects that sensitive files are being exfiltrated over the network. 123 | 124 | #### **Steps to Investigate**: 125 | 1. **Capture Traffic** 126 | - Use **Wireshark** to monitor the company’s network. 127 | 128 | 2. **Analyze Packets** 129 | - Filter for suspicious traffic, like large data uploads: 130 | ```plaintext 131 | tcp.len > 1000 132 | ``` 133 | - Check DNS queries for unusual domain lookups: 134 | ```plaintext 135 | dns.qry.name contains "example.com" 136 | ``` 137 | 138 | 3. **Reconstruct the Traffic** 139 | - Use **NetworkMiner** to extract files from the captured packets. 140 | 141 | 4. **Identify IoCs** 142 | - Use **Zeek** or **Suricata** to detect unusual patterns and generate logs. 143 | 144 | --- 145 | 146 | ## **Key Commands for Tcpdump and Wireshark** 147 | 148 | - **Tcpdump**: 149 | - Capture all traffic on interface: 150 | ```bash 151 | tcpdump -i eth0 -w traffic.pcap 152 | ``` 153 | - Filter for DNS queries: 154 | ```bash 155 | tcpdump -i eth0 port 53 156 | ``` 157 | 158 | - **Wireshark Filters**: 159 | - Filter for HTTP requests: 160 | ```plaintext 161 | http.request 162 | ``` 163 | - Display traffic from a specific IP: 164 | ```plaintext 165 | ip.addr == 192.168.1.100 166 | ``` 167 | 168 | --- 169 | 170 | ## **Resources for Day 15** 171 | 172 | ### **Official Tools and Documentation** 173 | - [Wireshark Official Site](https://www.wireshark.org/) 174 | - [Tcpdump Manual](https://www.tcpdump.org/manpages/tcpdump.1.html) 175 | - [Zeek Documentation](https://docs.zeek.org/en/current/) 176 | 177 | ### **Interactive Labs** 178 | - **TryHackMe**: [Wireshark](https://tryhackme.com/r/module/wireshark). 179 | --- 180 | 181 | ## **Ethics and Legal Considerations** 182 | 183 | 1. **Authorization**: Always ensure you have permission to capture and analyze network traffic. 184 | 2. **Privacy**: Avoid inspecting private or sensitive data without consent. 185 | 3. **Integrity**: Preserve the original traffic data for legal and investigative purposes. 186 | 187 | --- 188 | 189 | ## **Created by:** 190 | 191 | **Varad Mene** 192 | 193 | --- 194 | 195 | ## **Contributing** 196 | Feel free to contribute by suggesting edits, adding more resources, or sharing your learning experiences. 197 | -------------------------------------------------------------------------------- /Day 10 - Hunter.io : Email Discovery and Verification/README.md: -------------------------------------------------------------------------------- 1 | # **Cyber Genesis - Day 10: Hunter.io - Email Discovery and Verification** 📧 2 | 3 | Welcome to **Day 10 of the Cyber Genesis series!** 🚀 4 | Today, we’ll explore **Hunter.io**, an essential tool for discovering, verifying, and managing professional email addresses. Whether you’re performing reconnaissance, conducting OSINT investigations, or building contact lists, Hunter.io is a go-to solution. Let’s dive into its features and practical applications! 🔍 5 | 6 | --- 7 | 8 | ## **What is Hunter.io?** 9 | 10 | **Hunter.io** is an email discovery and verification platform that collects publicly available information to identify professional email addresses associated with domains. It’s widely used for: 11 | - Discovering organizational email addresses. 12 | - Verifying email deliverability and authenticity. 13 | - Building and managing outreach campaigns. 14 | 15 | --- 16 | 17 | ## **Key Features of Hunter.io** 18 | 19 | 1. **Domain Search** 20 | - Finds all publicly available email addresses associated with a specific domain. 21 | - Displays information like names, email patterns, and sources. 22 | 23 | 2. **Email Finder** 24 | - Identifies a single email address based on a name and domain. 25 | 26 | 3. **Email Verification** 27 | - Verifies the deliverability of an email address by checking: 28 | - Format validity. 29 | - Mail server existence. 30 | - Inbox availability. 31 | 32 | 4. **Bulk Email Search** 33 | - Allows you to upload domain lists or names for mass email discovery. 34 | 35 | 5. **Campaigns** 36 | - Helps manage email outreach campaigns with templates and tracking features. 37 | 38 | --- 39 | 40 | ## **How to Use Hunter.io** 41 | 42 | ### **1. Domain Search** 43 | - Enter the target domain (e.g., `example.com`) in the **Domain Search** bar. 44 | - The results include: 45 | - Email addresses. 46 | - Associated names and positions. 47 | - Confidence scores. 48 | - Sources where the email was found. 49 | 50 | ### **2. Email Finder** 51 | - Provide a name and domain (e.g., `John Doe` and `example.com`). 52 | - Hunter.io generates a likely email address (e.g., `john.doe@example.com`) with a confidence score. 53 | 54 | ### **3. Email Verification** 55 | - Enter an email address to verify its authenticity. 56 | - Hunter.io will display verification results, such as: 57 | - **Valid**: Deliverable email address. 58 | - **Invalid**: Nonexistent or undeliverable address. 59 | - **Risky**: May exist but could result in a bounce. 60 | 61 | ### **4. Bulk Tasks** 62 | - Upload a list of domains, names, or email addresses for bulk discovery or verification. 63 | - Download results in CSV format for analysis or integration. 64 | 65 | --- 66 | 67 | ## **Practical Use Cases** 68 | 69 | ### **1. Reconnaissance** 70 | - Discover email addresses associated with a target organization during a penetration test or OSINT investigation. 71 | **Example**: Search for emails linked to `target.com` to identify key personnel for phishing simulation or contact enumeration. 72 | 73 | ### **2. Email Verification** 74 | - Verify the validity of email addresses before launching email campaigns to reduce bounce rates. 75 | 76 | ### **3. Social Engineering Preparation** 77 | - Identify specific email patterns (e.g., `firstname.lastname@domain.com`) to create realistic phishing emails. 78 | 79 | ### **4. Threat Hunting** 80 | - Check for leaked or compromised email addresses by comparing Hunter.io results with known breach databases. 81 | 82 | --- 83 | 84 | ## **Automating Hunter.io with API** 85 | 86 | Hunter.io provides an API for integrating its functionality into your workflows. 87 | 88 | ### **Example Python Script** 89 | ```python 90 | import requests 91 | 92 | API_KEY = "your_api_key_here" 93 | DOMAIN = "example.com" 94 | 95 | url = f"https://api.hunter.io/v2/domain-search?domain={DOMAIN}&api_key={API_KEY}" 96 | response = requests.get(url) 97 | 98 | if response.status_code == 200: 99 | data = response.json() 100 | emails = data.get("data", {}).get("emails", []) 101 | print(f"Email addresses found for {DOMAIN}:") 102 | for email in emails: 103 | print(email["value"]) 104 | else: 105 | print(f"Error: Unable to fetch data for {DOMAIN}") 106 | ``` 107 | 108 | ### **Automating Bulk Verification** 109 | Use the API to verify email addresses in bulk: 110 | ```bash 111 | curl "https://api.hunter.io/v2/email-verifier?email=john.doe@example.com&api_key=your_api_key_here" 112 | ``` 113 | 114 | --- 115 | 116 | ## **Hunter.io vs Other Tools** 117 | 118 | | **Feature** | **Hunter.io** | **EmailHippo** | **Voila Norbert** | 119 | |---------------------------|------------------------------|----------------------------|-----------------------------| 120 | | **Email Discovery** | Comprehensive | Limited | Moderate | 121 | | **Email Verification** | Advanced | Advanced | Basic | 122 | | **Bulk Search** | Yes | Yes | No | 123 | | **Campaign Management** | Integrated | No | No | 124 | 125 | --- 126 | 127 | ## **Practical Exercises** 128 | 129 | ### **1. Domain Search** 130 | Use Hunter.io to find all email addresses linked to a domain: 131 | - Search for `targetdomain.com` and analyze the results. 132 | 133 | ### **2. Verify Emails** 134 | Enter an email address like `john.doe@target.com` to check if it’s valid. 135 | 136 | ### **3. Analyze Patterns** 137 | Look for common patterns in email addresses (e.g., `firstname.lastname@domain.com`) to predict additional addresses. 138 | 139 | ### **4. Automate Tasks** 140 | Use the Python script provided to automate email discovery for a list of domains. 141 | 142 | --- 143 | 144 | ## **Ethics and Legal Considerations** 145 | 146 | **Responsible Use**: While Hunter.io is a powerful tool, it must be used responsibly. Always ensure: 147 | - **You have authorization** to investigate domains and email addresses. 148 | - **You comply** with GDPR, CAN-SPAM Act, and other email-related laws. 149 | - **You respect privacy** and avoid misusing the data for malicious purposes. 150 | 151 | --- 152 | 153 | ## **Resources for Day 10** 154 | 155 | ### **Official Resources** 156 | - [Hunter.io Official Website](https://hunter.io/) 157 | - [Hunter.io API Documentation](https://hunter.io/api) 158 | 159 | ### **Interactive Labs** 160 | - Explore related labs on platforms like TryHackMe or HackTheBox. 161 | 162 | --- 163 | 164 | ## **Created by:** 165 | 166 | **Raman Mohurle & Varad Mene** 167 | 168 | --- 169 | 170 | ## **Contributing** 171 | 172 | Feel free to contribute by suggesting edits, adding more resources, or sharing your learning experiences. 173 | -------------------------------------------------------------------------------- /Day 9 - crt.sh - Exploring Certificate Transparency Logs/README.md: -------------------------------------------------------------------------------- 1 | 2 | # **Cyber Genesis - Day 9 : crt.sh - Exploring Certificate Transparency Logs** 🔐 3 | 4 | Welcome to **Day 9 of the Cyber Genesis series!** 🚀 5 | Today, we’ll explore **crt.sh**, a powerful tool for accessing **Certificate Transparency (CT) logs**. This search engine provides insights into SSL/TLS certificates issued for specific domains, making it a vital resource for discovering subdomains, monitoring domain security, and identifying potential misconfigurations. Let’s dive in! 🌐 6 | 7 | --- 8 | 9 | ## **What is crt.sh?** 10 | 11 | **crt.sh** is a free online platform that provides access to **Certificate Transparency (CT) logs**, which are public records of SSL/TLS certificates issued by Certificate Authorities (CAs). 12 | It allows users to: 13 | 1. Discover **subdomains** linked to a target domain. 14 | 2. Monitor unauthorized or rogue certificates issued for their domain. 15 | 3. Analyze certificate details, such as issuer, validity, and fingerprints. 16 | 17 | --- 18 | 19 | ## **Key Features of crt.sh** 20 | 21 | 1. **Subdomain Enumeration** 22 | - Lists all subdomains associated with a target domain by searching for SSL/TLS certificates. 23 | 24 | 2. **Certificate Details** 25 | - Provides detailed information about certificates, including: 26 | - Issuer. 27 | - Validity period. 28 | - Serial number and fingerprints. 29 | 30 | 3. **Rogue Certificate Detection** 31 | - Identifies suspicious or unauthorized certificates issued for a domain. 32 | 33 | 4. **Historical Data** 34 | - Tracks the history of certificates issued for a domain, making it useful for monitoring changes. 35 | 36 | --- 37 | 38 | ## **How to Use crt.sh** 39 | 40 | 1. **Search for Certificates by Domain** 41 | - Visit [crt.sh](https://crt.sh/). 42 | - Enter your target domain (e.g., `example.com`) in the search bar. 43 | - The results will display certificates issued for the domain, including subdomains. 44 | 45 | 2. **Filter Results** 46 | - Use advanced queries to refine your searches: 47 | - `%.example.com`: Search for all subdomains of `example.com`. 48 | - `%example.com`: Search for `example.com` and any subdomains. 49 | 50 | 3. **Analyze Results** 51 | - Click on a certificate to view detailed information, such as: 52 | - Issuer Organization. 53 | - Validity period (start and expiry dates). 54 | - Public Key Algorithm. 55 | - Certificate fingerprints (SHA256, SHA1, MD5). 56 | 57 | --- 58 | 59 | ## **Practical Use Cases** 60 | 61 | ### **1. Subdomain Enumeration** 62 | **Purpose**: Identify subdomains associated with a target domain for reconnaissance. 63 | **Example**: 64 | Search for `%.example.com` on crt.sh to uncover subdomains like: 65 | - `admin.example.com` 66 | - `mail.example.com` 67 | - `api.example.com` 68 | 69 | ### **2. Monitoring Domain Security** 70 | **Purpose**: Detect unauthorized or rogue certificates issued for your domain. 71 | **Action**: Regularly search for your domain on crt.sh to identify certificates that shouldn’t exist. 72 | 73 | ### **3. Investigating Certificate Misconfigurations** 74 | **Purpose**: Ensure certificates are issued by trusted Certificate Authorities (CAs) and are valid. 75 | **Example**: Verify that certificates for `example.com` are issued by legitimate providers like Let’s Encrypt or DigiCert. 76 | 77 | --- 78 | 79 | ## **Automating crt.sh with Scripts** 80 | 81 | ### **Python Script for Subdomain Enumeration** 82 | Below is a Python script that automates subdomain enumeration using crt.sh: 83 | ```python 84 | import requests 85 | from bs4 import BeautifulSoup 86 | 87 | def fetch_subdomains(domain): 88 | url = f"https://crt.sh/?q=%25.{domain}&output=json" 89 | response = requests.get(url) 90 | if response.status_code == 200: 91 | data = response.json() 92 | subdomains = set() 93 | for entry in data: 94 | subdomains.add(entry['name_value']) 95 | return subdomains 96 | else: 97 | print(f"Error: Unable to fetch data for {domain}") 98 | return [] 99 | 100 | domain = input("Enter the domain: ") 101 | subdomains = fetch_subdomains(domain) 102 | 103 | if subdomains: 104 | print(f"Subdomains for {domain}:") 105 | for subdomain in sorted(subdomains): 106 | print(subdomain) 107 | else: 108 | print(f"No subdomains found for {domain}.") 109 | ``` 110 | 111 | ### **Automating with Bash** 112 | You can use tools like **curl** to fetch results from crt.sh in the terminal: 113 | ```bash 114 | curl -s "https://crt.sh/?q=%.example.com&output=json" | jq '.[] | .name_value' | sort -u 115 | ``` 116 | 117 | --- 118 | 119 | ## **crt.sh vs Other Tools** 120 | 121 | | **Feature** | **crt.sh** | **Sublist3r** | **Amass** | 122 | |-------------------------|------------------------------|------------------------------|--------------------------------| 123 | | **Focus** | Certificate Transparency Logs| Subdomain Enumeration | Comprehensive Enumeration | 124 | | **Real-Time Monitoring**| No | No | Yes | 125 | | **Ease of Use** | Web Interface & Scripts | CLI Tool | CLI/Automated | 126 | | **Historical Data** | Extensive | Limited | Limited | 127 | 128 | --- 129 | 130 | ## **Practical Exercises** 131 | 132 | ### **1. Find Subdomains** 133 | Search for all subdomains of a target domain: 134 | ```plaintext 135 | %.example.com 136 | ``` 137 | 138 | ### **2. Detect Rogue Certificates** 139 | Regularly monitor crt.sh for unauthorized certificates issued for your domain. 140 | 141 | ### **3. Analyze Historical Data** 142 | Use crt.sh to track how your organization’s certificates have evolved over time. 143 | 144 | --- 145 | 146 | ## **Ethics and Legal Considerations** 147 | 148 | **Responsible Use**: crt.sh is a powerful tool for reconnaissance and monitoring but must be used responsibly. Ensure that: 149 | - **You have authorization** to analyze the domain(s) you are investigating. 150 | - **You respect privacy** and do not misuse sensitive data. 151 | - **Your actions comply** with applicable laws and regulations. 152 | 153 | --- 154 | 155 | ## **Resources for Day 9** 156 | 157 | ### **Official Resources** 158 | - [crt.sh](https://crt.sh/) - Certificate Transparency Search Engine. 159 | 160 | ### **Interactive Labs** 161 | - Explore tools and platforms like TryHackMe or HackTheBox to practice subdomain enumeration. 162 | 163 | ### **YouTube Tutorials** 164 | - [crt.sh for Beginners](https://youtu.be/x-IUl6LgINw?si=bgH6zMYXfvQgfDL9) 165 | --- 166 | 167 | ## **Created by:** 168 | 169 | **Raman Mohurle & Varad Mene** 170 | 171 | --- 172 | 173 | ## **Contributing** 174 | 175 | Feel free to contribute by suggesting edits, adding more resources, or sharing your learning experiences. 176 | -------------------------------------------------------------------------------- /Day 6 - Shodan: The Search Engine For Hackers/README.md: -------------------------------------------------------------------------------- 1 | # **Cyber Genesis - Day 6: Shodan: The Search Engine for Hackers** 🌐 2 | 3 | Welcome to **Day 6 of the Cyber Genesis series!** 🚀 4 | Today, we explore **Shodan**, the search engine for Internet-connected devices. Shodan is a powerful tool used in cybersecurity to discover exposed services, vulnerable devices, and misconfigured systems. Let’s unlock its potential for reconnaissance, threat hunting, and monitoring! 🔍 5 | 6 | --- 7 | 8 | ## **What is Shodan?** 9 | 10 | **Shodan** is a specialized search engine that indexes information about Internet-connected devices, including webcams, routers, servers, IoT devices, and industrial control systems (ICS). Unlike traditional search engines, Shodan focuses on metadata, like open ports, banners, and device configurations. 11 | 12 | --- 13 | 14 | ## **Key Features of Shodan** 15 | 16 | 1. **Device Discovery** 17 | - Find webcams, printers, industrial systems, and more. 18 | - Identify devices by banner information, services, or open ports. 19 | 20 | 2. **Port and Service Scanning** 21 | - Search for open ports (e.g., `port:22`) or specific services (e.g., `ftp`, `http`). 22 | - Example: `port:3389` shows devices running Remote Desktop Protocol (RDP). 23 | 24 | 3. **Geolocation Data** 25 | - Locate devices based on IP address and physical location. 26 | - Useful for tracking regional vulnerabilities. 27 | 28 | 4. **Filters** 29 | - Use advanced filters like `country:`, `org:`, `product:`, and `os:` to refine results. 30 | - Example: `country:"US" product:"Apache"` shows Apache servers in the US. 31 | 32 | 5. **SSL and Hostname Filtering** 33 | - Search for specific SSL certificates or hostnames. 34 | - Examples: 35 | - `hostname:"target.com"`: Devices linked to a specific hostname. 36 | - `ssl.cert.subject.cn:"target.com"`: Devices with SSL certificates issued for a target domain. 37 | 38 | --- 39 | 40 | ## **Shodan Filtering Commands** 41 | 42 | Shodan offers a wide array of filters that allow you to narrow down search results for precise information. Below are examples of both basic and advanced filtering commands: 43 | 44 | ### **Basic Filters** 45 | 1. **Network and Location Filters** 46 | - `net:192.168.1.0/24`: Search within a specific IP range. 47 | - `country:"US"`: Filter results by country. 48 | - `city:"Mumbai"`: Filter results by city. 49 | 50 | 2. **Service and Protocol Filters** 51 | - `port:22`: Find devices running SSH. 52 | - `product:"nginx"`: Filter by product name. 53 | - `service:"http"`: Search for devices running HTTP services. 54 | 55 | 3. **Operating System Filters** 56 | - `os:"Windows"`: Devices running a Windows OS. 57 | 58 | 4. **Vulnerability Filters** 59 | - `vuln:"CVE-2021-44228"`: Devices affected by a specific CVE. 60 | 61 | --- 62 | 63 | ### **Advanced Filtering Commands** 64 | 65 | #### **Search for Specific SSL Information** 66 | ```plaintext 67 | ssl:"CERTIFICATE_NAME" -http.title:"Invalid URL" -http.title:"ERROR" -org:"HOSTING_PROVIDER_NAME" 68 | 69 | ``` 70 | Purpose: Search for devices using specific SSL certificates while excluding common error pages or results linked to certain hosting providers. 71 | **Purpose**: Search for devices using specific SSL certificates while excluding common error pages or results linked to certain hosting providers. 72 | 73 | #### **Combine Multiple Filters** 74 | ```plaintext 75 | hostname:"targetsite.com" port:443 -http.title:"Access Denied" -http.html:"Error Page" 76 | ``` 77 | **Purpose**: Focus on HTTPS servers of a specific site, excluding irrelevant or restricted pages. 78 | 79 | #### **Target Misconfigured Services** 80 | ```plaintext 81 | port:21 "230 Login successful" -ftp.banner:"ProFTPD" 82 | ``` 83 | **Purpose**: Look for open FTP servers with successful login banners while excluding specific server types. 84 | 85 | #### **Identify Vulnerable Systems by CVE** 86 | ```plaintext 87 | vuln:"CVE-2022-XXXXX" -org:"Specific Organization" 88 | ``` 89 | **Purpose**: Find systems affected by a particular vulnerability while excluding results from specific organizations. 90 | 91 | #### **Search for IoT Devices with Open Ports** 92 | ```plaintext 93 | product:"Webcam" port:554 -http.html:"Login required" 94 | ``` 95 | **Purpose**: Locate IoT webcams running on RTSP (Real-Time Streaming Protocol) while excluding login-restricted results. 96 | 97 | --- 98 | 99 | ## **Shodan CLI** 100 | 101 | The **Shodan CLI (Command-Line Interface)** enables users to perform Shodan searches and interact with its API directly from the command line, providing flexibility and automation capabilities. 102 | 103 | ### **Installation** 104 | Install the Shodan CLI using Python’s pip: 105 | ```bash 106 | pip install shodan 107 | ``` 108 | 109 | ### **Key Commands** 110 | 1. **Initialize the CLI** 111 | Add your Shodan API key: 112 | ```bash 113 | shodan init 114 | ``` 115 | 116 | 2. **Perform Searches** 117 | Use the Shodan CLI to run queries: 118 | ```bash 119 | shodan search apache country:US 120 | ``` 121 | 122 | 3. **Scan IPs** 123 | Scan a specific IP or domain for open ports: 124 | ```bash 125 | shodan host 126 | ``` 127 | 128 | 4. **Save Results** 129 | Export search results to a file for analysis: 130 | ```bash 131 | shodan search nginx --limit 100 --fields ip_str,port --separator , > results.csv 132 | ``` 133 | 134 | --- 135 | 136 | ## **Shodan Monitoring** 137 | 138 | **Shodan Monitoring** provides real-time tracking and alerts for your organization's Internet-facing assets. This feature ensures that you stay informed about vulnerabilities and new exposures. 139 | 140 | ### **How It Works** 141 | 1. **Asset Tracking** 142 | - Monitor your IP ranges, domains, or network blocks for changes. 143 | - Identify new devices or services added to your network. 144 | 145 | 2. **Alerts** 146 | - Set up alerts for specific queries (e.g., open ports, services). 147 | - Receive notifications when new results match your criteria. 148 | 149 | 3. **Integration** 150 | - Use Shodan Monitoring with third-party tools (e.g., Splunk, SIEMs) for enhanced visibility. 151 | 152 | ### **Creating an Alert** 153 | 1. Log in to your Shodan account. 154 | 2. Go to the **Alerts** section. 155 | 3. Set a query (e.g., `org:"YourOrganization"` or `port:22`) and enable notifications. 156 | 157 | --- 158 | 159 | ## **Resources for Day 6** 160 | 161 | ### **Official Resources** 162 | - [Shodan Official Website](https://www.shodan.io/) 163 | - [Shodan Filters and Syntax](https://help.shodan.io/) 164 | 165 | ### **Interactive Labs** 166 | - [Shodan Basics - TryHackMe](https://tryhackme.com/room/shodan) 167 | - [Exploring Shodan Data - Practical Lab](https://tryhackme.com/room/shodanexplorer) 168 | 169 | ### **YouTube Tutorials** 170 | - [Shodan for Beginners](https://www.youtube.com/watch?v=dtKv4IRnL-I&list=PLPeQDuymW04D4HUKJWBwoS61D4AVHvfNt) 171 | - [How To Use Shodan For Bug Bounty Hunters](https://www.youtube.com/watch?v=4CL_8GRNVTE) 172 | - [Power Of Shodan](https://www.youtube.com/watch?v=WgMGLlpznao) 173 | 174 | ### **Github Resources** 175 | - [Github Repo](https://github.com/lothos612/shodan) 176 | 177 | --- 178 | 179 | ## **Created by:** 180 | 181 | **Raman Mohurle & Varad Mene** 182 | 183 | --- 184 | 185 | ## **Contributing** 186 | Feel free to contribute by suggesting edits, adding more resources, or sharing your learning experiences. 187 | -------------------------------------------------------------------------------- /Day 8 - FOFA: The Cybersecurity Asset Search Engine/README.md: -------------------------------------------------------------------------------- 1 | 2 | # **Cyber Genesis - Day 8: FOFA - The Cyberspace Search Engine** 🌐 3 | 4 | Welcome to **Day 8 of the Cyber Genesis series!** 🚀 5 | Today, we’re diving into **FOFA (Fingerprint of All)**, a powerful cyberspace search engine used to identify exposed systems, services, and vulnerabilities across the internet. FOFA specializes in fingerprint-based searches, making it an invaluable tool for cybersecurity professionals, penetration testers, and OSINT researchers. Let’s get started! 🔍 6 | 7 | --- 8 | 9 | ## **What is FOFA?** 10 | 11 | **FOFA (Fingerprint of All)** is a cyberspace search engine that collects and indexes data from internet-facing devices and services. It enables users to find assets, vulnerabilities, and misconfigurations based on **fingerprints**, which are unique attributes associated with services, protocols, or devices. 12 | 13 | FOFA’s strength lies in its **rich query language** and the ability to perform advanced searches based on IPs, ports, protocols, domains, and device fingerprints. 14 | 15 | --- 16 | 17 | ## **Key Features of FOFA** 18 | 19 | 1. **Comprehensive Internet Asset Scanning** 20 | - Indexes data from IPs, domains, ports, and services. 21 | - Allows search based on device or service fingerprints. 22 | 23 | 2. **Protocol-Level Insights** 24 | - Provides in-depth details about specific protocols and exposed services, such as HTTP, SMTP, FTP, and more. 25 | 26 | 3. **Vulnerability Identification** 27 | - Detects vulnerabilities and misconfigurations in exposed services. 28 | 29 | 4. **Rich Query Language** 30 | - Offers advanced filtering options for precise searches. 31 | 32 | 5. **Monitoring and Alerts** 33 | - Enables users to monitor domains, IP ranges, or specific queries for changes or new vulnerabilities. 34 | 35 | 6. **Exporting Data** 36 | - Allows results to be exported for analysis or reporting. 37 | 38 | --- 39 | 40 | ## **FOFA Query Language** 41 | 42 | FOFA’s query language enables users to refine their searches with powerful filters. Below are some commonly used filters: 43 | 44 | ### **Basic Queries** 45 | 46 | 1. **Search by IP Address** 47 | ```plaintext 48 | ip="192.168.1.1" 49 | ``` 50 | 51 | 2. **Search by Port** 52 | ```plaintext 53 | port="443" 54 | ``` 55 | 56 | 3. **Search by Domain** 57 | ```plaintext 58 | domain="example.com" 59 | ``` 60 | 61 | 4. **Search by Protocol** 62 | ```plaintext 63 | protocol="http" 64 | ``` 65 | 66 | ### **Advanced Queries** 67 | 68 | 1. **Search by Header Content** 69 | - Look for specific text in HTTP headers: 70 | ```plaintext 71 | header="Apache" 72 | ``` 73 | 74 | 2. **Search for SSL Certificates** 75 | - Find certificates issued to specific domains: 76 | ```plaintext 77 | cert="example.com" 78 | ``` 79 | 80 | 3. **Search for Open Databases** 81 | - Locate exposed MongoDB instances: 82 | ```plaintext 83 | protocol="mongodb" 84 | ``` 85 | 86 | 4. **Combine Multiple Filters** 87 | - Refine your search with multiple conditions: 88 | ```plaintext 89 | domain="example.com" && port="80" 90 | ``` 91 | 92 | 5. **Search for Vulnerabilities** 93 | - Identify systems with specific CVEs: 94 | ```plaintext 95 | cve="CVE-2021-XXXX" 96 | ``` 97 | 98 | --- 99 | 100 | ## **Practical Use Cases** 101 | 102 | ### **1. Asset Discovery** 103 | - Discover all exposed assets for a target organization: 104 | ```plaintext 105 | org="Your Organization" 106 | ``` 107 | 108 | ### **2. Vulnerability Assessment** 109 | - Search for outdated or vulnerable software: 110 | ```plaintext 111 | protocol="http" && banner="nginx/1.14" 112 | ``` 113 | 114 | ### **3. Misconfiguration Detection** 115 | - Identify open databases or unsecured services: 116 | ```plaintext 117 | protocol="redis" && port="6379" 118 | ``` 119 | 120 | ### **4. SSL Certificate Analysis** 121 | - Locate expired or misconfigured SSL certificates: 122 | ```plaintext 123 | cert="example.com" && cert_valid=false 124 | ``` 125 | 126 | --- 127 | 128 | ## **FOFA CLI** 129 | 130 | FOFA provides a **Command-Line Interface (CLI)** for automation and advanced queries. 131 | 132 | ### **Installation** 133 | Install the FOFA CLI using Python’s pip: 134 | ```bash 135 | pip install fofa 136 | ``` 137 | 138 | ### **Key Commands** 139 | 140 | 1. **Set Up API Key** 141 | Add your FOFA API key to the CLI: 142 | ```bash 143 | fofa config 144 | ``` 145 | 146 | 2. **Perform Queries** 147 | Run a search query from the command line: 148 | ```bash 149 | fofa search protocol="http" && domain="example.com" 150 | ``` 151 | 152 | 3. **Export Results** 153 | Save query results to a file for analysis: 154 | ```bash 155 | fofa search protocol="http" --output results.json 156 | ``` 157 | 158 | 4. **Account Information** 159 | Check your API usage and account details: 160 | ```bash 161 | fofa account 162 | ``` 163 | 164 | --- 165 | 166 | ## **FOFA vs. Other Search Engines** 167 | 168 | | **Feature** | **FOFA** | **Shodan** | **Censys** | 169 | |-------------------------|-------------------------------------|--------------------------------------|--------------------------------------| 170 | | **Focus** | Fingerprint-based search | Banner-based search | Protocol and certificate analysis | 171 | | **Vulnerability Search**| Advanced | Moderate | Comprehensive | 172 | | **SSL Certificate Search** | Advanced | Limited | Advanced | 173 | | **Query Language** | Flexible | Moderate | Advanced | 174 | 175 | --- 176 | 177 | ## **Practical Exercises** 178 | 179 | ### **1. Discover HTTPS Servers** 180 | Search for all HTTPS servers: 181 | ```plaintext 182 | protocol="https" 183 | ``` 184 | 185 | ### **2. Find Open Databases** 186 | Identify open Redis databases: 187 | ```plaintext 188 | protocol="redis" 189 | ``` 190 | 191 | ### **3. Analyze SSL Certificates** 192 | Find expired SSL certificates for specific domains: 193 | ```plaintext 194 | cert="example.com" && cert_valid=false 195 | ``` 196 | 197 | ### **4. Combine Filters** 198 | Search for Apache servers running on port 80: 199 | ```plaintext 200 | banner="Apache" && port="80" 201 | ``` 202 | 203 | --- 204 | 205 | ## **Ethics and Legal Considerations** 206 | 207 | **Responsible Use**: FOFA is a powerful tool that must be used responsibly. Always ensure that: 208 | - **You have authorization** to analyze the systems you search. 209 | - **Your actions comply** with applicable laws and regulations. 210 | - **You respect privacy** and do not exploit sensitive information. 211 | 212 | --- 213 | 214 | ## **Resources for Day 8** 215 | 216 | ### **Official Resources** 217 | - [FOFA Official Website](https://fofa.info/) 218 | - [FOFA API Documentation](https://fofa.info/api) 219 | 220 | ### **Interactive Labs** 221 | - Look for FOFA-related labs on platforms like TryHackMe or HackTheBox. 222 | 223 | ### **YouTube Tutorials** 224 | - [FOFA Basics](www.youtube.com/@FofaInfo) 225 | 226 | --- 227 | 228 | ## **Created by:** 229 | 230 | **Varad Mene** 231 | 232 | --- 233 | 234 | ## **Contributing** 235 | 236 | Feel free to contribute by suggesting edits, adding more resources, or sharing your learning experiences. 237 | -------------------------------------------------------------------------------- /Day 7 - Censys: The Search Engine for Internet Assets/README.md: -------------------------------------------------------------------------------- 1 | 2 | # **Cyber Genesis - Day 7: Censys: The Search Engine for Internet Assets** 🌐 3 | 4 | Welcome to **Day 7 of the Cyber Genesis series!** 🚀 5 | Today, we’re exploring **Censys**, an advanced search engine designed for discovering and analyzing internet assets. Censys specializes in identifying devices, services, and vulnerabilities across the internet, making it an essential tool for cybersecurity professionals. Let’s dive in! 🔍 6 | 7 | --- 8 | 9 | ## **What is Censys?** 10 | 11 | **Censys** is a search engine that collects, analyzes, and indexes internet-facing systems, including servers, devices, and certificates. Unlike Shodan, which focuses on banners and device metadata, Censys provides detailed insights into the protocols, configurations, and vulnerabilities of internet assets. 12 | 13 | --- 14 | 15 | ## **Key Features of Censys** 16 | 17 | 1. **Internet-Wide Scans** 18 | - Censys scans the entire IPv4 address space to discover internet-facing devices and services. 19 | - Provides detailed protocol-level insights for ports like HTTP, HTTPS, SMTP, and more. 20 | 21 | 2. **SSL/TLS Certificate Search** 22 | - Find SSL certificates issued to domains and identify potential misconfigurations. 23 | - Analyze certificates for expiration, Common Name (CN), or fingerprint. 24 | 25 | 3. **Query Language** 26 | - Use a powerful query language to filter results by IP, protocol, port, certificate details, and vulnerabilities. 27 | 28 | 4. **Vulnerability Insights** 29 | - Identify exposed services and vulnerabilities, such as open databases, outdated software, or unpatched systems. 30 | 31 | 5. **Reports and Monitoring** 32 | - Set up **Censys Alerts** to monitor specific IP ranges, domains, or queries for changes or new vulnerabilities. 33 | 34 | --- 35 | 36 | ## **Censys Query Language** 37 | 38 | Censys uses an advanced query language to filter and refine searches. Below are some commonly used filters and examples: 39 | 40 | ### **Basic Filters** 41 | 1. **Search by IP Address** 42 | ```plaintext 43 | ip:192.168.1.1 44 | ``` 45 | 46 | 2. **Search by Port** 47 | ```plaintext 48 | services.port:443 49 | ``` 50 | 51 | 3. **Search by Protocol** 52 | ```plaintext 53 | services.service_name:"http" 54 | ``` 55 | 56 | 4. **Search by Domain** 57 | ```plaintext 58 | domain:"example.com" 59 | ``` 60 | 61 | ### **Advanced Filters** 62 | 1. **SSL Certificate Details** 63 | - Search for certificates issued to a specific domain: 64 | ```plaintext 65 | services.tls.certificates.leaf_data.subject.common_name:"example.com" 66 | ``` 67 | - Find certificates with specific fingerprints: 68 | ```plaintext 69 | services.tls.certificates.leaf_data.fingerprint_sha256:"" 70 | ``` 71 | 72 | 2. **Vulnerable Systems** 73 | - Identify systems with open Redis databases: 74 | ```plaintext 75 | services.service_name:"redis" 76 | ``` 77 | - Search for systems running outdated software: 78 | ```plaintext 79 | services.software.version: 80 | ``` 81 | 82 | 3. **Combining Filters** 83 | Combine multiple filters to refine searches: 84 | ```plaintext 85 | services.port:22 AND services.service_name:"ssh" 86 | ``` 87 | 88 | --- 89 | 90 | ## **Practical Use Cases** 91 | 92 | ### **1. Asset Discovery** 93 | - Identify all exposed services for a specific organization or domain. 94 | Example: 95 | ```plaintext 96 | autonomous_system.organization:"Your Organization" 97 | ``` 98 | 99 | ### **2. Vulnerability Assessment** 100 | - Search for outdated or vulnerable systems. 101 | Example: 102 | ```plaintext 103 | services.software.product:"nginx" AND services.software.version<"1.19" 104 | ``` 105 | 106 | ### **3. Certificate Analysis** 107 | - Locate misconfigured or expired SSL certificates. 108 | Example: 109 | ```plaintext 110 | services.tls.certificates.validation_level:"expired" 111 | ``` 112 | 113 | ### **4. Monitoring and Alerts** 114 | - Set up alerts to track specific domains, IP ranges, or services for changes or vulnerabilities. 115 | 116 | --- 117 | 118 | ## **Censys CLI** 119 | 120 | Censys also offers a **Command-Line Interface (CLI)** to perform queries, download results, and automate tasks. 121 | 122 | ### **Installation** 123 | Install the Censys CLI using Python’s pip: 124 | ```bash 125 | pip install censys 126 | ``` 127 | 128 | ### **Key Commands** 129 | 1. **Set Up API Key** 130 | Add your Censys API key to the CLI: 131 | ```bash 132 | censys config 133 | ``` 134 | 135 | 2. **Run Queries** 136 | Perform a search query from the command line: 137 | ```bash 138 | censys search services.port:443 139 | ``` 140 | 141 | 3. **Export Results** 142 | Save query results to a file for analysis: 143 | ```bash 144 | censys search services.service_name:"http" --output results.json 145 | ``` 146 | 147 | 4. **View Account Information** 148 | Check your API usage and account details: 149 | ```bash 150 | censys account 151 | ``` 152 | 153 | --- 154 | 155 | ## **Censys vs. Shodan** 156 | 157 | | **Feature** | **Censys** | **Shodan** | 158 | |-------------------------|--------------------------------------|--------------------------------------| 159 | | **Focus** | Detailed protocol-level insights | Device banners and metadata | 160 | | **Vulnerability Search**| Comprehensive | Basic | 161 | | **Certificate Search** | Advanced certificate analysis | Limited | 162 | | **Monitoring** | Alerts for domains and IP ranges | Alerts for IP ranges | 163 | | **Query Language** | Advanced | Moderate | 164 | 165 | --- 166 | 167 | ## **Practical Exercises** 168 | 169 | ### **1. Search for HTTPS Servers** 170 | Run a query to identify HTTPS servers: 171 | ```plaintext 172 | services.service_name:"https" 173 | ``` 174 | 175 | ### **2. Find Exposed Databases** 176 | Search for open MongoDB databases: 177 | ```plaintext 178 | services.service_name:"mongodb" 179 | ``` 180 | 181 | ### **3. Analyze SSL Certificates** 182 | Find expired SSL certificates for a specific domain: 183 | ```plaintext 184 | services.tls.certificates.leaf_data.subject.common_name:"example.com" AND services.tls.certificates.validation_level:"expired" 185 | ``` 186 | 187 | --- 188 | 189 | ## **Ethics and Legal Considerations** 190 | 191 | **Responsible Use**: Like Shodan, Censys is a powerful tool that must be used responsibly. Ensure that: 192 | - **You have authorization** to assess systems you search. 193 | - **Your actions comply** with applicable laws and regulations. 194 | - **You respect privacy** and avoid exploiting sensitive information. 195 | 196 | --- 197 | 198 | ## **Resources for Day 7** 199 | 200 | ### **Official Resources** 201 | - [Censys Official Website](https://censys.io/) 202 | - [Censys API Documentation](https://censys.io/api) 203 | 204 | ### **Blogs** 205 | - [Censys Intro Blog](https://warnerchad.medium.com/censys-search-engine-intro-d502d9839c1c) 206 | 207 | ### **YouTube Tutorials** 208 | - [Censys for Beginners](https://www.youtube.com/watch?v=6kuS_AFTcAM&list=PLM4JFCZlajSt5MLFlrnkRMNP9kZxtZ3mv) 209 | --- 210 | 211 | ## **Created by:** 212 | 213 | **Raman Mohurle & Varad Mene** 214 | 215 | --- 216 | 217 | ## **Contributing** 218 | 219 | Feel free to contribute by suggesting edits, adding more resources, or sharing your learning experiences. 220 | -------------------------------------------------------------------------------- /Day 12 - Introduction to Digital Forensics/README.md: -------------------------------------------------------------------------------- 1 | # **Cyber Genesis - Day 13: Introduction to Digital Forensics** 🔍 2 | 3 | Welcome to **Day 13 of the Cyber Genesis series!** 🚀 4 | Today, we dive into the fundamentals of **Digital Forensics**, a critical discipline in cybersecurity for investigating, identifying, and preserving evidence from digital systems. This session will provide an overview of digital forensics, its methodologies, tools, and applications. 5 | 6 | --- 7 | 8 | ## **What is Digital Forensics?** 9 | 10 | **Digital Forensics** is the science of collecting, analyzing, and preserving digital evidence in a manner that is admissible in a court of law. It involves investigating cybercrimes, data breaches, and unauthorized access while ensuring the integrity of evidence. 11 | 12 | --- 13 | 14 | ### **Key Objectives of Digital Forensics:** 15 | 1. **Preservation of Evidence**: Ensure the integrity and authenticity of digital data. 16 | 2. **Reconstruction of Events**: Reconstruct a timeline of activities based on the evidence. 17 | 3. **Attribution**: Identify the perpetrator of the incident. 18 | 4. **Reporting**: Document findings in a clear, accurate, and legally defensible manner. 19 | 20 | --- 21 | 22 | ## **Branches of Digital Forensics** 23 | 24 | 1. **Computer Forensics** 25 | - Investigates desktops, laptops, and storage devices. 26 | - Example: Recovering deleted files or analyzing malicious activity. 27 | 28 | 2. **Network Forensics** 29 | - Analyzes network traffic to uncover unauthorized access or data exfiltration. 30 | 31 | 3. **Mobile Forensics** 32 | - Recovers data from mobile devices such as SMS, photos, and app data. 33 | 34 | 4. **Cloud Forensics** 35 | - Examines data stored in cloud environments, including SaaS platforms. 36 | 37 | 5. **Memory Forensics** 38 | - Analyzes RAM dumps to detect malware, unencrypted credentials, or live threats. 39 | 40 | 6. **IoT Forensics** 41 | - Investigates IoT devices like smart home appliances and wearables for forensic evidence. 42 | 43 | --- 44 | 45 | ## **Stages of a Digital Forensics Investigation** 46 | 47 | 1. **Identification** 48 | - Determine the scope of the incident and identify the relevant evidence. 49 | 50 | 2. **Acquisition** 51 | - Collect evidence securely using write-blockers or forensic imaging. 52 | 53 | 3. **Analysis** 54 | - Process and analyze the evidence to uncover relevant artifacts. 55 | 56 | 4. **Documentation** 57 | - Record every action to ensure a clear chain of custody. 58 | 59 | 5. **Reporting** 60 | - Present findings in a legally defensible format. 61 | 62 | --- 63 | 64 | ## **Common Tools in Digital Forensics** 65 | 66 | ### **Disk Imaging and Analysis Tools** 67 | 1. **FTK Imager** 68 | - Create forensic disk images and preview evidence. 69 | - Example: Imaging a hard drive to analyze deleted files. 70 | 71 | 2. **Autopsy** 72 | - Open-source forensic suite for analyzing files, logs, and metadata. 73 | 74 | 3. **iMazing** 75 | - A powerful tool for extracting and analyzing data from iPhones and iPads. 76 | - Ideal for accessing messages, photos, call logs, and app data. 77 | - **[Read the iMazing Guide](https://bytebloggerbase.com/main/6746138ef8f9136ee7864762)** 78 | 79 | 4. **X-Ways Forensics** 80 | - Advanced forensic software for disk analysis, memory dumps, and deleted file recovery. 81 | 82 | 5. **R-Studio** 83 | - Data recovery software for retrieving deleted or corrupted files. 84 | 85 | --- 86 | 87 | ### **Memory Forensics Tools** 88 | 1. **Volatility Framework** 89 | - Analyze RAM dumps to identify malware, processes, and open network connections. 90 | 91 | 2. **DumpIt** 92 | - Capture memory dumps for analysis. 93 | 94 | 3. **Belkasoft Evidence Center** 95 | - Combines memory and disk analysis to uncover malware and other evidence. 96 | 97 | --- 98 | 99 | ### **Mobile Forensics Tools** 100 | 1. **Cellebrite UFED** 101 | - Industry-leading tool for extracting and analyzing data from mobile devices. 102 | 103 | 2. **iMazing** 104 | - Simplifies mobile device analysis, focusing on iOS devices. 105 | 106 | 3. **Magnet AXIOM** 107 | - Comprehensive forensic platform for recovering and analyzing data from Android, iOS, and cloud backups. 108 | 109 | 4. **Oxygen Forensics Suite** 110 | - Focuses on mobile devices, extracting data like calls, messages, and app artifacts. 111 | 112 | --- 113 | 114 | ### **Network Forensics Tools** 115 | 1. **Wireshark** 116 | - A powerful packet analyzer for examining network traffic. 117 | 118 | 2. **Zeek (formerly Bro)** 119 | - Analyzes network behavior and generates detailed logs. 120 | 121 | 3. **NetWitness Investigator** 122 | - Examines network packets for anomalies and security breaches. 123 | 124 | 4. **Tcpdump** 125 | - Command-line tool for capturing and analyzing network packets. 126 | 127 | --- 128 | 129 | ### **Cloud and IoT Forensics Tools** 130 | 1. **AWS CLI** 131 | - Investigates cloud resources, access logs, and storage. 132 | 133 | 2. **Forensic Explorer** 134 | - Advanced cloud forensic tool for investigating SaaS environments. 135 | 136 | 3. **IoT Inspector** 137 | - Analyzes IoT devices for security gaps and potential forensic evidence. 138 | 139 | --- 140 | 141 | ### **Email and Communication Analysis Tools** 142 | 1. **MailXaminer** 143 | - Analyzes email data for phishing attempts, fraud, and insider threats. 144 | 145 | 2. **Paraben E3** 146 | - Specialized in analyzing communication logs, including emails and instant messaging apps. 147 | 148 | 3. **Email Header Analyzer** 149 | - Free online tools for inspecting email headers and metadata. 150 | 151 | --- 152 | 153 | ## **Challenges in Digital Forensics** 154 | 155 | 1. **Data Volume** 156 | - Investigators must analyze terabytes of data efficiently while identifying relevant evidence. 157 | 158 | 2. **Encryption** 159 | - Decrypting files or devices can be time-consuming without proper access. 160 | 161 | 3. **Anti-Forensic Techniques** 162 | - Cybercriminals may use obfuscation, file wiping, or encryption to destroy evidence. 163 | 164 | 4. **Cloud and IoT Forensics** 165 | - Evidence stored in cloud environments or IoT devices often complicates data acquisition. 166 | 167 | --- 168 | 169 | ## **Practical Exercise** 170 | 171 | ### **Scenario:** 172 | A company suspects that an employee has leaked confidential files via email and deleted the evidence. 173 | 174 | #### **Steps to Investigate:** 175 | 1. **Disk Imaging**: Create a forensic image of the employee’s workstation using FTK Imager. 176 | 2. **File Recovery**: Analyze the disk image in Autopsy to recover deleted files. 177 | 3. **Email Metadata Analysis**: Extract email headers and metadata to identify recipients and timestamps. 178 | 4. **Reporting**: Create a timeline and compile a report with recovered evidence and conclusions. 179 | 180 | --- 181 | 182 | ## **Resources for Day 13** 183 | 184 | ### **Official Resources** 185 | - [Digital Forensics Field Guide (SANS)](https://www.sans.org/white-papers/ultimate-guide-getting-started-digital-forensics-incident-response/)) 186 | 187 | ### **Interactive Labs** 188 | - **TryHackMe**: [Introduction to Digital Forensics](https://tryhackme.com/r/room/introductoryroomdfirmodule) 189 | - **HackTheBox**: Forensic challenges 190 | 191 | --- 192 | 193 | ## **Ethics and Legal Considerations** 194 | 195 | 1. **Chain-of-Custody**: Maintain a record of who accessed the evidence, when, and how to ensure admissibility in court. 196 | 2. **Privacy**: Respect privacy laws and ensure evidence collection complies with local regulations. 197 | 3. **Authorization**: Always ensure you have explicit permission to conduct forensic investigations. 198 | 199 | --- 200 | 201 | ## **Created by:** 202 | 203 | **Varad Mene** 204 | 205 | --- 206 | 207 | ## **Contributing** 208 | 209 | Feel free to contribute by suggesting edits, adding more resources, or sharing your learning experiences. 210 | -------------------------------------------------------------------------------- /Day 14 - Memory Forensics and Malware Analysis/README.md: -------------------------------------------------------------------------------- 1 | # **Cyber Genesis - Day 14: Memory Forensics and Malware Analysis** 🧠💻 2 | 3 | Welcome to **Day 14 of the Cyber Genesis series!** 🚀 4 | Today, we dive into **Memory Forensics and Malware Analysis**, two critical components of digital forensics that focus on investigating volatile data (RAM) and analyzing malicious software to uncover security incidents. 5 | 6 | --- 7 | 8 | ## **What is Memory Forensics?** 9 | 10 | **Memory Forensics** involves analyzing volatile data captured from a system's memory (RAM) to identify malicious activities, hidden processes, or unencrypted credentials. 11 | 12 | ### **Why Memory Forensics is Important:** 13 | 1. **Volatile Evidence** 14 | - Memory contains ephemeral data like running processes, open network connections, and encryption keys. 15 | 16 | 2. **Rootkit and Malware Detection** 17 | - Malicious programs often hide in memory to avoid detection by traditional file-based methods. 18 | 19 | 3. **Incident Reconstruction** 20 | - Analyzing memory helps reconstruct events leading up to a security breach. 21 | 22 | --- 23 | 24 | ## **What is Malware Analysis?** 25 | 26 | **Malware Analysis** is the process of dissecting malicious software to understand its behavior, identify Indicators of Compromise (IoCs), and develop mitigation strategies. 27 | 28 | ### **Types of Malware Analysis:** 29 | 1. **Static Analysis** 30 | - Examines the file without executing it, analyzing strings, file headers, and metadata. 31 | 32 | 2. **Dynamic Analysis** 33 | - Executes the malware in a controlled environment to observe its runtime behavior. 34 | 35 | 3. **Code Analysis** 36 | - Involves reverse engineering the malware to study its source code. 37 | 38 | --- 39 | 40 | ## **Tools for Memory Forensics** 41 | 42 | ### **1. Volatility Framework** 43 | **Description**: A powerful open-source tool for analyzing memory dumps. 44 | - **Features**: 45 | - Identify running processes, DLLs, and hidden processes. 46 | - Detect network connections and loaded drivers. 47 | - Extract unencrypted credentials. 48 | 49 | **Example Command**: 50 | ```bash 51 | volatility -f memory_dump.raw --profile=Win10x64_19041 pslist 52 | ``` 53 | - `pslist`: Lists all running processes. 54 | 55 | --- 56 | 57 | ### **2. DumpIt** 58 | **Description**: A lightweight tool for creating memory dumps. 59 | - **Usage**: Run DumpIt on the target machine to capture a snapshot of the system's RAM. 60 | 61 | --- 62 | 63 | ### **3. Rekall Framework** 64 | **Description**: A memory forensics tool designed for live analysis. 65 | - **Features**: Similar to Volatility but optimized for speed and live investigations. 66 | 67 | --- 68 | 69 | ### **4. Redline** 70 | **Description**: A user-friendly tool for collecting and analyzing memory and file system activity. 71 | - **Features**: 72 | - Process analysis and memory artifact detection. 73 | - Focused investigations with guided workflows. 74 | 75 | --- 76 | 77 | ## **Tools for Malware Analysis** 78 | 79 | ### **1. Strings (Command-Line Tool)** 80 | **Description**: Extract readable text from binary files to reveal IoCs or hidden commands. 81 | **Command Example**: 82 | ```bash 83 | strings malware.exe 84 | ``` 85 | 86 | --- 87 | 88 | ### **2. IDA Pro** 89 | **Description**: An advanced disassembler for reverse engineering malware. 90 | - **Usage**: Study assembly code to understand malware behavior. 91 | 92 | --- 93 | 94 | ### **3. Ghidra** 95 | **Description**: A free, open-source reverse engineering tool by the NSA. 96 | - **Features**: Decompiles binaries into human-readable code for analysis. 97 | 98 | --- 99 | 100 | ### **4. Cuckoo Sandbox** 101 | **Description**: An open-source tool for dynamically analyzing malware in an isolated environment. 102 | - **Features**: 103 | - Observe file modifications, network traffic, and runtime behavior. 104 | 105 | --- 106 | 107 | ## **Memory Forensics Workflow** 108 | 109 | ### **Step 1: Capture Memory** 110 | - Use tools like **DumpIt** or **FTK Imager** to capture the memory dump of the target system. 111 | 112 | ### **Step 2: Analyze the Memory Dump** 113 | - Load the memory dump into **Volatility** or **Rekall**. 114 | - Key Commands: 115 | - List processes: 116 | ```bash 117 | volatility -f memory_dump.raw pslist 118 | ``` 119 | - Check network connections: 120 | ```bash 121 | volatility -f memory_dump.raw netscan 122 | ``` 123 | 124 | ### **Step 3: Extract Artifacts** 125 | - Extract malicious binaries, credentials, or files hidden in memory. 126 | 127 | --- 128 | 129 | ## **Malware Analysis Workflow** 130 | 131 | ### **Static Analysis Steps:** 132 | 1. **Inspect File Metadata** 133 | - Tools: ExifTool, Strings. 134 | - Example: 135 | ```bash 136 | strings malware.exe 137 | ``` 138 | 139 | 2. **Check Virus Total** 140 | - Upload the file to [VirusTotal](https://www.virustotal.com) for initial analysis. 141 | 142 | 3. **Decompile with Ghidra or IDA Pro** 143 | - Study the assembly or decompiled code to understand malicious logic. 144 | 145 | --- 146 | 147 | ### **Dynamic Analysis Steps:** 148 | 1. **Execute Malware in a Sandbox** 149 | - Use **Cuckoo Sandbox** or **Any.Run** to monitor runtime behavior. 150 | 151 | 2. **Monitor Network Traffic** 152 | - Tools: Wireshark, Zeek. 153 | - Example: Identify Command-and-Control (C2) traffic. 154 | 155 | 3. **Observe File System Changes** 156 | - Tools: Procmon, Sysinternals Suite. 157 | 158 | --- 159 | 160 | ## **Practical Exercise** 161 | 162 | ### **Scenario**: 163 | A suspicious process is detected on a Windows machine. 164 | 165 | #### **Steps to Investigate**: 166 | 1. **Capture Memory** 167 | - Use **DumpIt** to capture a memory dump. 168 | 169 | 2. **Analyze the Memory Dump** 170 | - Use Volatility to list running processes: 171 | ```bash 172 | volatility -f memory_dump.raw pslist 173 | ``` 174 | - Look for suspicious processes with high memory usage or unusual names. 175 | 176 | 3. **Extract Malware** 177 | - Dump the executable from memory using Volatility: 178 | ```bash 179 | volatility -f memory_dump.raw procdump -p -D /path/to/output 180 | ``` 181 | 182 | 4. **Perform Malware Analysis** 183 | - Conduct static analysis using **Strings** or **Ghidra**. 184 | - Use **Cuckoo Sandbox** for dynamic analysis. 185 | 186 | --- 187 | 188 | ## **Key Commands for Volatility** 189 | 190 | - **List running processes**: 191 | ```bash 192 | volatility -f memory_dump.raw pslist 193 | ``` 194 | 195 | - **Detect open network connections**: 196 | ```bash 197 | volatility -f memory_dump.raw netscan 198 | ``` 199 | 200 | - **Dump process memory**: 201 | ```bash 202 | volatility -f memory_dump.raw procdump -p -D /output/path 203 | ``` 204 | 205 | - **Check loaded DLLs**: 206 | ```bash 207 | volatility -f memory_dump.raw dlllist 208 | ``` 209 | 210 | --- 211 | 212 | ## **Resources for Day 14** 213 | 214 | ### **Official Tools and Documentation** 215 | - [Volatility Framework](https://www.volatilityfoundation.org/) 216 | - [Ghidra Official Site](https://ghidra-sre.org/) 217 | - [Cuckoo Sandbox](https://cuckoosandbox.org/) 218 | 219 | ### **Interactive Labs** 220 | - **TryHackMe**: [Volatility Room](https://tryhackme.com/r/room/volatility) 221 | - **TryHackMe**: [Memory Forensics Room](https://tryhackme.com/r/room/memoryforensics) 222 | 223 | ### **YouTube Tutorials** 224 | - [Memory Forensics with Volatility](https://youtu.be/Uk3DEgY5Ue8?si=37y2tWxxAumyizKb) 225 | 226 | --- 227 | 228 | ## **Ethics and Legal Considerations** 229 | 230 | 1. **Integrity**: Ensure memory dumps and analysis logs are unaltered. 231 | 2. **Authorization**: Perform memory analysis only on systems you are authorized to investigate. 232 | 3. **Privacy**: Protect sensitive data discovered during analysis. 233 | 234 | --- 235 | 236 | ## **Created by:** 237 | 238 | **Raman Mohurle & Varad Mene** 239 | 240 | --- 241 | 242 | ## **Contributing** 243 | Feel free to contribute by suggesting edits, adding more resources, or sharing your learning experiences. 244 | -------------------------------------------------------------------------------- /Day 1 - Networking Essentials/README.md: -------------------------------------------------------------------------------- 1 | # **Cyber Genesis - Day 1: Networking Essentials** 🌐 2 | 3 | Welcome to **Day 1 of the Cyber Genesis series**! 🚀 4 | Today, we’re diving deep into the essential concepts of **Networking**, which form the backbone of cybersecurity. Whether you’re looking to understand how data travels through networks or how to secure them, this is where your journey begins! 5 | 6 | --- 7 | 8 | ## **Key Networking Concepts to Know** 9 | 10 | ### **1. Networking Protocols** 11 | A networking protocol is a set of rules that define how data is transmitted and received across a network. Protocols ensure seamless communication between devices and software from different manufacturers. Every layer of the network depends on protocols to establish reliable and secure communication. 12 | 13 | #### **Important Protocols** 14 | - **TCP/IP (Transmission Control Protocol/Internet Protocol)** 15 | The core protocol suite for internet communication. 16 | - **TCP** ensures data is delivered reliably and in order. 17 | - **IP** handles addressing and routing packets. 18 | **Why it's important**: It’s the backbone of modern communication, making devices interact efficiently over networks. 19 | **Example**: When you send an email, TCP/IP ensures the email is broken into packets, sent to the recipient, and reassembled correctly. 20 | 21 | - **UDP (User Datagram Protocol)** 22 | A faster alternative to TCP but doesn’t guarantee delivery. 23 | **Example use cases**: Used in real-time applications like VoIP and live streaming. 24 | **Why it's important**: Crucial for scenarios where speed matters more than reliability. 25 | **Example**: During a live video stream, UDP ensures the video plays continuously, even if some data packets are dropped. 26 | 27 | - **HTTP/HTTPS (Hypertext Transfer Protocol/Secure)** 28 | - **HTTP**: Protocol for data exchange on the web. 29 | - **HTTPS**: Secured version of HTTP, using SSL/TLS to encrypt communication. 30 | **Why it's important**: Every website uses HTTP/HTTPS; HTTPS protects sensitive data from attackers. 31 | **Example**: When you log in to a bank website, HTTPS ensures your password and account details are encrypted. 32 | 33 | - **FTP (File Transfer Protocol)** 34 | Transfers files between computers over a network. 35 | **Why it's important**: Widely used for uploading/downloading files to/from servers. 36 | **Example**: FTP is often used by web developers to upload website files to a hosting server. 37 | 38 | - **SMTP (Simple Mail Transfer Protocol)** 39 | Sends emails between servers. 40 | **Why it's important**: Essential for email communication. 41 | **Example**: When you send an email from Gmail to Yahoo, SMTP ensures it’s routed between servers. 42 | 43 | - **POP3 and IMAP** 44 | Used for retrieving emails: 45 | - **POP3**: Downloads emails, removing them from the server. 46 | - **IMAP**: Keeps emails on the server, syncing them across devices. 47 | **Why it's important**: IMAP is better for multiple devices, while POP3 works well for offline access. 48 | **Example**: IMAP allows you to check the same emails on your phone and laptop. 49 | 50 | - **DNS (Domain Name System)** 51 | Translates domain names (e.g., `www.example.com`) into IP addresses. 52 | **Why it's important**: Allows users to access websites using simple names instead of complex IPs. 53 | **Example**: When you type `www.google.com`, DNS translates it to the IP `142.250.190.78` so your browser can connect. 54 | 55 | --- 56 | 57 | ### **2. HTTP Basics: Understanding Web Communication** 58 | HTTP is a stateless protocol used for web communication. It enables browsers and servers to exchange data. 59 | 60 | #### **How HTTP Works** 61 | 1. **Request**: The browser sends an HTTP request to a server for a resource (e.g., a webpage). 62 | 2. **Response**: The server sends back the resource with a status code indicating success or failure. 63 | 64 | #### **Common HTTP Methods** 65 | - **GET**: Retrieve data (e.g., loading a webpage). 66 | - **POST**: Send data to the server (e.g., form submissions). 67 | - **PUT**: Update existing resources. 68 | - **DELETE**: Remove resources. 69 | - **PATCH**: Partially update resources. 70 | 71 | #### **HTTP Status Codes** 72 | The HTTP response from the server contains a status code, which tells the client whether the request was successful or if there was an issue. Common HTTP status codes include: 73 | - **200 OK**: The request was successful, and the server returned the requested resource. 74 | - **404 Not Found**: The requested resource could not be found on the server. 75 | - **500 Internal Server Error**: The server encountered an error and could not process the request. 76 | 77 | #### **Grouping HTTP Status Codes for Simple Understanding** 78 | - **Informational responses** (`100` – `199`) 79 | - **Successful responses** (`200` – `299`) 80 | - **Redirection messages** (`300` – `399`) 81 | - **Client error responses** (`400` – `499`) 82 | - **Server error responses** (`500` – `599`) 83 | 84 | #### **HTTPS (HTTP Secure)** 85 | Uses SSL/TLS encryption to protect data during transmission. 86 | **Why HTTPS Matters**: 87 | - Secures data (e.g., passwords, payments). 88 | - Verifies website authenticity. 89 | - Builds user trust (e.g., padlock in the browser bar). 90 | 91 | --- 92 | 93 | ### **3. Subnetting & Implementation Logic** 94 | **Subnetting** divides a network into smaller, manageable sub-networks (subnets). This improves performance, security, and resource allocation. 95 | 96 | - **Subnet Mask**: Identifies the network and host parts of an IP address. 97 | - **CIDR Notation**: Compact way to denote subnets (e.g., `192.168.1.0/24`). 98 | 99 | **Example**: 100 | For `192.168.1.0/24`, creating 4 subnets involves borrowing 2 bits from the host portion: 101 | - Subnet 1: `192.168.1.0/26` 102 | - Subnet 2: `192.168.1.64/26` 103 | - Subnet 3: `192.168.1.128/26` 104 | - Subnet 4: `192.168.1.192/26` 105 | 106 | #### **Advantages of Subnetting** 107 | 1. **Faster Networks**: Reduces unnecessary traffic, improving speed. 108 | 2. **More Secure**: Separates different network areas, limiting access for attackers. 109 | 3. **Efficient IP Use**: Avoids wasting IP addresses. 110 | 4. **Easier Management**: Smaller networks are simpler to handle. 111 | 5. **Scalability**: Easy to add new subnets as needed. 112 | 113 | --- 114 | 115 | ### **4. Autonomous System Number (ASN)** 116 | An **ASN** is a unique number assigned to an Autonomous System (AS), which is a group of IP networks managed by one organization. 117 | - **Public ASN**: Used on the global internet. 118 | - **Private ASN**: Used internally within networks. 119 | 120 | --- 121 | 122 | ### **5. RFC (Request for Comments)** 123 | RFCs define internet standards and protocols, published by the IETF. 124 | - **[RFC 791](https://www.rfc-editor.org/rfc/rfc791)**: Defines the Internet Protocol (IP), which handles addressing and routing data. 125 | - **[RFC 2616](https://www.rfc-editor.org/rfc/rfc2616)**: Defines HTTP/1.1, the foundation of modern web communication. 126 | - **[RFC 2547](https://www.rfc-editor.org/rfc/rfc2547)**: Defines BGP (Border Gateway Protocol), which handles routing between autonomous systems. 127 | 128 | --- 129 | 130 | ## **Practical Implementation & Exercises** 131 | 132 | ### **HTTP Request and Response** 133 | - Use browser tools (e.g., Chrome Developer Tools) to inspect HTTP requests/responses. 134 | - Test HTTP methods (e.g., GET, POST) using **Postman** or **cURL**. 135 | 136 | ### **DNS Lookup** 137 | - Use `nslookup` or `dig` to resolve domain names to IPs. 138 | **Example**: `nslookup www.google.com`. 139 | 140 | ### **Subnetting Practice** 141 | - Divide the network `10.0.0.0/24` into smaller subnets and assign IPs. 142 | 143 | --- 144 | 145 | ## **Why Networking Matters in Cybersecurity** 146 | 147 | Networking knowledge is critical for cybersecurity. Understanding how data travels, identifying vulnerabilities, and securing communications are key to building strong defenses. 148 | 149 | --- 150 | 151 | ## **Today’s Learning Resources** 152 | 📚 **Networking Protocols** 153 | - [IETF RFC Process](https://www.ietf.org/standards/) 154 | - [Subnetting Practice Tool](https://www.subnettingpractice.com/) 155 | - [Networking Tutorial - DigitalOcean](https://www.digitalocean.com/community/tutorials) 156 | - [Common Network Port Numbers](https://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.xhtml) 157 | - **YouTube**: 158 | - [Networking Tutorials Playlist 1](https://www.youtube.com/playlist?list=PL0tP8lerTbX1aNiUwl7fHlX0yS5uBgtl7) 159 | - [Networking Tutorials Playlist 2](https://www.youtube.com/playlist?list=PL0tP8lerTbX1eRZGxtgTkIkoytM8KvvVG) 160 | 161 | --- 162 | 163 | ## *Created by:* 164 | 165 | *Raman Mohurle & Varad Mene & Harsh Navgale* 166 | 167 | --- 168 | 169 | ## *Contributing* 170 | 171 | Feel free to contribute by suggesting edits, adding more resources, or sharing your learning experiences. 172 | --------------------------------------------------------------------------------