The Practical Linux Handbook: A Beginner’s Guide to Mastering Everyday Tasks
InfoSec services | InfoSec books | Follow our blog | DISC llc is listed on The vCISO Directory | ISO 27k Chat bot
Jun 17 2024
Network enumeration with Nmap
Oct 26 2023
Most Important Network Penetration Testing Checklist
Network Penetration Testing checklist determines vulnerabilities in the network posture by discovering Open ports, troubleshooting live systems, and services, and grabbing system banners.
The pen-testing helps the administrator to close unused ports, additional services, Hide or customize banners, troubleshoot services, and to calibrate firewall rules.
You should test in all ways to guarantee there is no security loophole.
Network penetration testing, also known as ethical hacking or white-hat hacking, is a systematic process of evaluating the security of a computer network infrastructure.
The goal of a network penetration test is to identify vulnerabilities and weaknesses in the network’s defenses that malicious actors could potentially exploit.
Let’s see how we conduct step-by-step Network penetration testing by using some famous network scanners.
1. Host Discovery
Footprinting is the first and most important phase where one gathers information about their target system.
DNS footprinting helps to enumerate DNS records like (A, MX, NS, SRV, PTR, SOA, and CNAME) resolving to the target domain.
- A – A record is used to point the domain name such as gbhackers.com to the IP address of its hosting server.
- MX – Records responsible for Email exchange.
- NS – NS records are to identify DNS servers responsible for the domain.
- SRV – Records to distinguish the service hosted on specific servers.
- PTR – Reverse DNS lookup, with the help of IP you can get domains associated with it.
- SOA – Start of record, it is nothing but the information in the DNS system about DNS Zone and other DNS records.
- CNAME – Cname record maps a domain name to another domain name.
We can detect live hosts, and accessible hosts in the target network by using network scanning tools such as Advanced IP scanner, NMAP, HPING3, and NESSUS.
Ping&Ping Sweep:
root@kali:~# nmap -sn 192.168.169.128root@kali:~# nmap -sn 192.168.169.128-20 To ScanRange of IProot@kali:~# nmap -sn 192.168.169.* Wildcardroot@kali:~# nmap -sn 192.168.169.128/24 Entire Subnet
Whois Information
To obtain Whois information and the name server of a websiteroot@kali:~# whois testdomain.com
- http://whois.domaintools.com/
- https://whois.icann.org/en
Traceroute
Network Diagonastic tool that displays route path and transit delay in packetsroot@kali:~# traceroute google.com
Online Tools
- http://www.monitis.com/traceroute/
- http://ping.eu/traceroute/
2. Port Scanning
Perform port scanning using tools such as Nmap, Hping3, Netscan tools, and Network monitor. These tools help us to probe a server or host on the target network for open ports.
root@kali:~# nmap –open gbhackers.com To find all open ports
root@kali:~# nmap -p 80 192.168.169.128 Specific Port
root@kali:~# nmap -p 80-200 192.168.169.128 Range of ports
root@kali:~# nmap -p “*” 192.168.169.128 To scan all ports
Online Tools
- http://www.yougetsignal.com/
- https://pentest-tools.com/information-gathering/find-subdomains-of-domain
3. Banner Grabbing/OS Fingerprinting
Perform banner Grabbing/OS fingerprinting such as Telnet, IDServe, and NMAP determines the operating system of the target host and the operating system.
Once you know the version and operating system of the target, you need to find the vulnerabilities and exploit them. Try to gain control over the system.
root@kali:~# nmap -A 192.168.169.128root@kali:~# nmap -v -A 192.168.169.128 with high verbosity level
IDserve is another good tool for Banner Grabbing.
Online Tools
- https://www.netcraft.com/
- https://w3dt.net/tools/httprecon
- https://www.shodan.io/
4. Scan For Vulnerabilities
Scan the network using Vulnerabilities using GIFLanguard, Nessus, Ratina CS, SAINT.
These tools help us find vulnerabilities in the target and operating systems. With these steps, you can find loopholes in the target network system.
GFILanguard
It acts as a security consultant and offers patch management vulnerability assessment, and network auditing services.
Nessus
Nessus is a vulnerability scanner tool that searches for bugs in software and finds a specific way to violate the security of a software product.
- Data gathering.
- Host identification.
- Port scan.
- Plug-in selection.
- Reporting of data.
5. Draw Network Diagrams
Draw a network diagram about the organization that helps you understand the logical connection path to the target host in the network.
The network diagram can be drawn by LANmanager, LANstate, Friendly pinger, and Network View.
6. Prepare Proxies
Proxies act as an intermediary between two networking devices. A proxy can protect the local network from outside access.
With proxy servers, we can anonymize web browsing and filter unwanted content, such as ads and many others.
Proxies such as Proxifier, SSL Proxy, Proxy Finder..etc, to hide from being caught.
6. Document All Findings
The last and very important step is to document all the findings from penetration testing.
This document will help you find potential vulnerabilities in your network. Once you determine the Vulnerabilities, you can plan counteractions accordingly.
You can download the rules and scope Worksheet here: Rules and Scope sheet
Thus, penetration testing helps assess your network before it gets into real trouble that may cause severe loss in terms of value and finance.
Important Tools Used For Network Pentesting
Frameworks
Kali Linux, Backtrack5 R3, Security Onion
Reconnaisance
Smartwhois, MxToolbox, CentralOps, dnsstuff, nslookup, DIG, netcraft
Discovery
Angry IP scanner, Colasoft ping tool, nmap, Maltego, NetResident,LanSurveyor, OpManager
Port Scanning
Enumeration
Scanning
Nessus, GFI Languard, Retina,SAINT, Nexpose
Password Cracking
Ncrack, Cain & Abel, LC5, Ophcrack, pwdump7, fgdump, John The Ripper,Rainbow Crack
Sniffing
Wireshark, Ettercap, Capsa Network Analyzer
MiTM Attacks
Exploitation
These are the Most important checklist you should concentrate with Network penetration Testing .
Also Read:
- Penetration testing Android Application checklist
- Penetration testing with your WordPress website
- Advanced ATM penetration testing methods
- Web Server Penetration Testing Checklist
Penetration Testing – Protecting Networks and Systems
InfoSec tools | InfoSec services | InfoSec books | Follow our blog | DISC llc is listed on The vCISO Directory
Oct 04 2023
9 essential ransomware guides and checklists available for free
According to Fortinet, ransomware activity has intensified, registering an increase of 13 times compared to the beginning of 2023 in terms of all malware detections. The rise of Ransomware-as-a-Service has primarily driven this surge in ransomware variations.
According to a recent study, 65% of organizations identified ransomware as one of their top three threats to their operational viability. Additionally, ransomware is the most significant threat for 13% of these organizations.
Here’s a collection of free ransomware guides and checklists you can access without registration.
#StopRansomware guide
This guide came from the Joint Cybersecurity and Infrastructure Security Agency (CISA) and Multi-State Information Sharing & Analysis Center (MS-ISAC) and was developed through the Joint Ransomware Task Force. This guide includes two primary resources:
- Ransomware and Data Extortion Prevention Best Practice
- Ransomware and Data Extortion Response Checklist
Mitigating malware and ransomware attacks
This guidance from the National Cyber Security Centre UK helps private and public sector organizations deal with malware’s effects (including ransomware). It provides actions to help organizations prevent a malware infection and steps to take if you’re already infected.
Definitive guide to ransomware
As more ransomware attacks and variants rise monthly, IBM Security X-Force believes ransomware will continue to threaten businesses in the coming years. This document provides guidance to organizations before and during a ransomware attack.
Mapping the ransomware landscape
In partnership with the DACG, ANSSI publishes the guide: Ransomware attacks, all concerned – How to prevent them and respond to an incident. The guide is very practical, particularly at general and IT managers in the private sector and local authorities.
Ransomware response checklist
If your organization is a victim of a ransomware incident, this checklist may assist in identification, containment, remediation, and system(s) recovery. Organizations are recommended to review and familiarize themselves with the steps in the checklist before an incident.
Ransomware survival guide: Recover from an attack
In this ransomware survival guide, the authors share lessons they’ve learned and best practices they’ve developed to help organizations coordinate their response to an attack and make timely, strategic decisions through all phases of the response.
The ultimate guide to ransomware
This guide explains what ransomware is, how it works, and how you can remove it and protect yourself.
Cybersecurity for small business: Ransomware
Learn the basics for protecting your business, take a quiz about what your learned. The tips were developed in partnership with the National Institute of Standards and Technology, the U.S. Small Business Administration, and the Department of Homeland Security.
Aspects of ransomware covered by the Budapest Convention
The Cybercrime Convention Committee just adopted a guidance note on ransomware. It shows how the provisions of the Convention on Cybercrime and its new Second Additional Protocol can be used to criminalize, investigate and prosecute ransomware-related offences and to engage in international cooperation.
InfoSec tools | InfoSec services | InfoSec books | Follow our blog | DISC llc is listed on The vCISO Directory
The Ransomware Hunting Team: A Band of Misfits’ Improbable Crusade to Save the World from Cybercrime
Sep 11 2023
Cybercriminals Using PowerShell to Steal NTLMv2 Hashes
Cybercriminals Using PowerShell to Steal NTLMv2 Hashes from Compromised Windows
A new cyber attack campaign is leveraging the PowerShell script associated with a legitimate red teaming tool to plunder NTLMv2 hashes from compromised Windows systems primarily located in Australia, Poland, and Belgium.
The activity has been codenamed Steal-It by Zscaler ThreatLabz.
“In this campaign, the threat actors steal and exfiltrate NTLMv2 hashes using customized versions of Nishang’s Start-CaptureServer PowerShell script, executing various system commands, and exfiltrating the retrieved data via Mockbin APIs,” security researchers Niraj Shivtarkar and Avinash Kumar said.
Nishang is a framework and collection of PowerShell scripts and payloads for offensive security, penetration testing, and red teaming.
The attacks leverage as many as five different infection chains, although they all leverage phishing emails containing ZIP archives as the starting point to infiltrate specific targets using geofencing techniques –
- NTLMv2 hash stealing infection chain, which employs a custom version of the aforementioned Start-CaptureServer PowerShell script to harvest NTLMv2 hashes
- System info stealing infection chain, which OnlyFans lures to target Australian users into downloading a CMD file that pilfers system information
- Fansly whoami infection chain, which uses explicit images of Ukrainian and Russian Fansly models to entice Polish users into downloading a CMD file that exfiltrates the results of the whoami command
- Windows update infection chain, which targets Belgium users with fake Windows update scripts designed to run commands like tasklist and systeminfo
It’s worth noting that the last attack sequence was highlighted by the Computer Emergency Response Team of Ukraine (CERT-UA) in May 2023 as part of an APT28 campaign directed against government institutions in the country.
This raises the possibility that the Steal-It campaign could also be the work of the Russian state-sponsored threat actor.
“The threat actors’ custom PowerShell scripts and strategic use of LNK files within ZIP archives highlights their technical expertise,” the researchers said. “The persistence maintained by moving files from the Downloads to Startup folder and renaming them underscores the threat actors’ dedication to prolonged access.”
Learn PowerShell in a Month of Lunches, Fourth Edition: Covers Windows, Linux, and macOS
InfoSec tools | InfoSec services | InfoSec books | Follow our blog | DISC llc is listed on The vCISO Directory
Jul 01 2023
CISSP Cheat Sheet
CISSP books – Official (ISC)2® Guides
CISSP training
InfoSec tools | InfoSec services | InfoSec books
Jan 26 2023
Cloud Pentesting Cheatsheet
Jan 18 2023
Wireless Penetration Testing Checklist – A Detailed Cheat Sheet
Wireless Penetration testing actively examines the process of Information security Measures which is Placed in WiFi Networks and also analyses the Weakness, technical flows, and Critical wireless Vulnerabilities.
The most important countermeasures we should focus on are Threat Assessment, Data theft Detection, security control auditing, Risk prevention and Detection, information system Management, and Upgrade infrastructure and a Detailed report should be prepared.What is Wireless Penetration Testing?
Wireless Penetration Testing is aimed to test wireless infrastructure to find vulnerabilities in the network. Testing involves both manual testing techniques and automated scans to simulate a real-world attack and identify risks.Why is wireless penetration testing important?
Usage of Wi-Fi access dramatically increased nowadays, and the quality of Wi-Fi security is in question. By using Wi-Fi access thousands of transaction processing every minute.
If the network is vulnerable it allows hackers to launch various attacks and intercept the data.
Common Wireless Network Vulnerabilities
- Deployment of Vulnerable WEP Protocol
- Man-in-the-Middle Attacks
- Default SSIDs and Passwords
- Misconfigured Firewalls
- WPA2 Krack Vulnerability
- NetSpectre – Remote Spectre Exploit
- Warshipping
- Packet Sniffing
- Warshipping
Wireless Penetration Testing Checklist
- Framework for Wireless Penetration Testing
- Wireless Pentesting with WEP Encrypted WLAN
- Wireless Penetration Testing with WPA/WPA2 Encrypted WLAN
- LEAP Encrypted WLAN
- Wireless Penetration Testing with Unencrypted WLAN
Let’s take a detailed look at the Wireless Penetration Testing Checklist and the steps to be followed.
Framework for Wireless Penetration Testing
- Discover the Devices connected with Wireless Networks.
- Document all the findings if Wireless Device is Found.
- If a wireless Device is found using Wifi Networks, then perform common wifi Attacks and check the devices using WEP Encryption.
- If you found WLAN using WEP Encryption then Perform WEP Encryption Pentesting.
- Check whether WLAN Using WPA/WPA2 Encryption. If yes then perform WPA/WPA2 pen-testing.
- Check Whether WLAN using LEAP Encryption. If yes then perform LEAP Pentesting.
- No other Encryption Method was used which I mentioned above, Then Check whether WLAN using unencrypted.
- If WLAN is unencrypted then perform common wifi network attacks, check the vulnerability which is placed in the unencrypted method and generate a report.
- Before generating a Report make sure no damage has been caused to the pentesting assets.
Wireless Pentesting with WEP Encrypted WLAN
- Check the SSID and analyze whether SSID is Visible or Hidden.
- Check for networks using WEP encryption.
- If you find the SSID as visible mode then try to sniff the traffic and check the packet capturing status.
- If the packet has been successfully captured and injected then it’s time to break the WEP key by using a WiFi cracking tool such as Aircrack-ng, or WEPcrack.
- If packets are not reliably captured then sniff the traffic again and capture the Packet.
- If you find SSID is the Hidden mode, then do Deauthentication for the target client by using some deauthentication tools such as Commview and Airplay-ng.
- Once successfully Authenticated with the client and Discovered the SSID is, then again follow the Above Procedure which is already used for discovering SSID in earlier steps.
- Check if the Authentication method used is OPN (Open Authentication) or SKA (Shared Key Authentication). If SKA is used, then bypassing mechanism needs to be performed.
- Check if the STA (stations/clients) are connected to AP (Access Point) or not. This information is necessary to perform the attack accordingly.
If clients are connected to the AP, an Interactive packet replay or ARP replay attack needs to be performed to gather IV packets which can be then used to crack the WEP key.
If there’s no client connected to the AP, Fragmentation Attack or Korex Chop Chop attack needs to be performed to generate the keystream which will be further used to reply to ARP packets.
10. Once the WEP key is cracked, try to connect to the network using WPA-supplicant and check if the AP is allotting any IP address or not.”EAPOL handshake“.
Wireless Penetration Testing with WPA/WPA2 Encrypted WLAN
- Start and Deauthenticate with WPA/WPA2 Protected WLAN client by using WLAN tools Such as Hotspotter, Airsnarf, Karma, etc.
- If the Client is Deaauthenticated, then sniff the traffic and check the status of captured EAPOL Handshake.
- If the client is not Deauthenticate then do it again.
- Check whether the EAPOL handshake is captured or Not.
- Once you captured the EAPOL handshake, then perform a PSK Dictionary attack using coWPAtty, Aircrack-ng to gain confidential information.
- Add Time-memory trade-off method (Rainbow tables) also known as WPA-PSK Precomputation attack for cracking WPA/2 passphrase. Genpmk can be used to generate pre-computed hashes.
- If it’s Failed then Deauthenticate again and try to capture again and redo the above steps.
LEAP Encrypted WLAN
- Check and Confirm whether WLAN is protected by LEAP Encryption or not.
- De-authenticate the LEAP Protected Client using tools such as karma, hotspotter, etc.
- If the client is De authenticated then break the LEAP Encryption using a tool such as asleapto steal the confidential information
- If the process dropped then de-authenticate again
Wireless Penetration Testing with Unencrypted WLAN
- Check whether SSID is Visible or not
- Sniff for IP range if SSID is visible then check the status of MAC Filtering.
- If MAC filtering is enabled then spoof the MAC Address by using tools such as SMAC
- Try to connect to AP using IP within the discovered range.
- If SSID is hidden then discover the SSID using Aircrack-ng and follow the procedure of visible SSID which I Declared above.
Wireless Penetration Testing
Checkout our previous posts on InfoSec “Cheat Sheet”
InfoSec books | InfoSec tools | InfoSec services
Jan 17 2023
Windows PowerShell Cheat Sheet
Jan 16 2023
Most Important Network Penetration Testing Checklist
Network Penetration Testing determines vulnerabilities in the network posture by discovering Open ports, Troubleshooting live systems, services and grabbing system banners.
The pen-testing helps administrator to close unused ports, additional services, Hide or Customize banners, Troubleshooting services and to calibrate firewall rules.You should test in all ways to guarantee there is no security loophole.
Let’s see how we conduct a step by step Network penetration testing by using some famous network scanners.
1.HOST DISCOVERY
Footprinting is the first and important phase were one gather information about their target system.
DNS footprinting helps to enumerate DNS records like (A, MX, NS, SRV, PTR, SOA, CNAME) resolving to the target domain.
- A – A record is used to point the domain name such as gbhackers.com to the IP address of it’s hosting server.
- MX – Records responsible for Email exchange.
- NS – NS records are to identify DNS servers responsible for the domain.
- SRV – Records to distinguish the service hosted on specific servers.
- PTR – Reverse DNS lookup, with the help of IP you can get domain’s associated with it.
- SOA – Start of record, it is nothing but the information in the DNS system about DNS Zone and other DNS records.
- CNAME – Cname record maps a domain name to another domain name.
We can detect live hosts, accessible hosts in the target network by using network scanning tools such as Advanced IP scanner, NMAP, HPING3, NESSUS.
Ping&Ping Sweep:
Whois Information
To obtain Whois information and name server of a webisteroot@kali:~# whois testdomain.com
- http://whois.domaintools.com/
- https://whois.icann.org/en
Traceroute
Network Diagonastic tool that displays route path and transit delay in packetsroot@kali:~# traceroute google.com
Online Tools
- http://www.monitis.com/traceroute/
- http://ping.eu/traceroute/
2.PORT SCANNING
Perform port scanning using tools such as Nmap, Hping3, Netscan tools, Network monitor. These tools help us to probe a server or host on the target network for open ports.
Open ports are the gateway for attackers to enter in and to install malicious backdoor applications.root@kali:~# nmap –open gbhackers.com To find all open portsroot@kali:~# nmap -p 80 192.168.169.128 Specific Portroot@kali:~# nmap -p 80-200 192.168.169.128 Range of portsroot@kali:~# nmap -p “*” 192.168.169.128 To scan all ports
Online Tools
- http://www.yougetsignal.com/
- https://pentest-tools.com/information-gathering/find-subdomains-of-domain
3.Banner Grabbing/OS Fingerprinting
Perform banner Grabbing/OS fingerprinting such as Telnet, IDServe, NMAP determines the operating system of the target host and the operating system.
Once you know the version and operating system of the target, we need to find the vulnerabilities and exploit.Try to gain control over the system.root@kali:~# nmap -A 192.168.169.128root@kali:~# nmap -v -A 192.168.169.128 with high verbosity level
IDserve another good tool for Banner Grabbing.
Online Tools
- https://www.netcraft.com/
- https://w3dt.net/tools/httprecon
- https://www.shodan.io/
4.Scan for Vulnerabilities
Scan the network using Vulnerabilities using GIFLanguard, Nessus, Ratina CS, SAINT.
These tools help us in finding vulnerabilities with the target system and operating systems.With this steps, you can find loopholes in the target network system.
GFILanguard
It acts as a security consultant and offers patch Management, Vulnerability assessment, and network auditing services.
Nessus
Nessus a vulnerability scanner tool that searches bug in the software and finds a specific way to violate the security of a software product.
- Data gathering.
- Host identification.
- Port scan.
- Plug-in selection.
- Reporting of data.
5.Draw Network Diagrams
Draw a network diagram about the organization that helps you to understand logical connection path to the target host in the network.
The network diagram can be drawn by LANmanager, LANstate, Friendly pinger, Network view.
6.Prepare Proxies
Proxies act as an intermediary between two networking devices. A proxy can protect the local network from outside access.
With proxy servers, we can anonymize web browsing and filter unwanted contents such as ads and many other.
Proxies such as Proxifier, SSL Proxy, Proxy Finder..etc, to hide yourself from being caught.
6.Document all Findings
The last and the very important step is to document all the Findings from Penetration testing.
This document will help you in finding potential vulnerabilities in your network. Once you determine the Vulnerabilities you can plan counteractions accordingly.
You can download rules and scope Worksheet here – Rules and Scope sheet
Thus, penetration testing helps in assessing your network before it gets into real trouble that may cause severe loss in terms of value and finance.
Important Tools used for Network Pentesting
Frameworks
Kali Linux, Backtrack5 R3, Security Onion
Reconnaisance
Smartwhois, MxToolbox, CentralOps, dnsstuff, nslookup, DIG, netcraft
Discovery
Angry IP scanner, Colasoft ping tool, nmap, Maltego, NetResident,LanSurveyor, OpManager
Port Scanning
Enumeration
Scanning
Nessus, GFI Languard, Retina,SAINT, Nexpose
Password Cracking
Ncrack, Cain & Abel, LC5, Ophcrack, pwdump7, fgdump, John The Ripper,Rainbow Crack
Sniffing
Wireshark, Ettercap, Capsa Network Analyzer
MiTM Attacks
Exploitation
Metasploit, Core ImpactThese are the Most important checklist you should concentrate with Network penetration Testing .
You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity updates also you can take the Best Cybersecurity courses online to keep your self-updated.
Checkout our previous posts on Pen Testing…
Contact DISC InfoSec
InfoSec books | InfoSec tools | InfoSec services
Jan 02 2023
Windows PowerShell Tutorial and Cheat Sheet
Dec 29 2022
Active Directory Exploitation Cheat Sheet
https://ethicalhackersacademy.com/blogs/ethical-hackers-academy/active-directory
Active Directory is a Microsoft service run in the Server that predominantly used to manage various permission and resources around the network, also it performs an authenticates and authorizes all users and computers in a Windows domain type networks.
Recent cyber-attacks are frequently targeting the vulnerable active directory services used in enterprise networks where the organization handling the 1000’s of computers in the single point of control called “Domain controller” which is one of the main targeted services by the APT Hackers.
Though exploiting Active directory is a challenging task, It is certain to activate directory exploitation Cheat Sheet which contains common enumeration and attack methods which including the several following phases to make it simple.
- Recon
- Domain Enum
- Local Privilege Escalation
- User Hunting
- Domain Admin Privileges
- Database Hunting
- Data Exfiltration
- Active Directory Exploitation Tools
Reconnaissance
Recon Phase contains various modules, including Port scan that performs the following operations.
PORT SCAN
Import-Module Invoke-Portscan.ps1 <# Invoke-Portscan -Hosts "websrv.domain.local,wsus.domain.local,apps.domain.local" -TopPorts 50 echo websrv.domain.local | Invoke-Portscan -oG test.gnmap -f -ports "80,443,8080" Invoke-Portscan -Hosts 172.16.0.0/24 -T 4 -TopPorts 25 -oA localnet #>
AD MODULE WITHOUT RSAT
The secret to being able to run AD enumeration commands from the AD Powershell module on a system without RSAT installed, is the DLL located in C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.ActiveDirectory.Management on a system that has the RSAT installed.
Set up your AD VM, install RSAT, extract the dll and drop it to the target system used to enumerate the active directory.
Import-Module .\Microsoft.ActiveDirectory.Management.dll Get-Command get-adcom*
Domain Enumeration
DOMAIN
- Get current domain
Get-NetDomain (PowerView) Get-ADDomain (ActiveDirectory Module)
- Get object of another domain
Get-NetDomain -Domain domain.local Get-ADDomain -Identity domain.local
- Get domain SID for the current domain
Get-DomainSID (Get-ADDomain).DomainSID
- Get domain policy for the current domain
Get-DomainPolicy (Get-DomainPolicy)."system access"
- Get domain policy for another domain
(Get-DomainPolicy -domain domain.local)."system access"
- Get domain controllers for the current domain
Get-NetDomainController Get-ADDomainController
- Get domain controllers for another domain
Get-NetDomainController -Domain domain.local Get-ADDomainController -DomainName domain.local -Discover NETUSER More on: To Get a list of users in the current domain Infosec books | InfoSec tools | InfoSec services
Dec 21 2022
VirusTotal INTELLIGENCE CHEAT SHEET
VirusTotal cheat sheet makes it easy to search for specific results
Opening the Blackbox of VirusTotal, analyzing online phishing scan engines
The Antivirus Hacker’s Handbook
Infosec books | InfoSec tools | InfoSec services
Apr 13 2022
Cross-site scripting (XSS) cheat sheet
This cross-site scripting (XSS) cheat sheet contains many vectors that can help you bypass WAFs and filters. You can select vectors by the event, tag or browser and a proof of concept is included for every vector.
You can download a PDF version of the XSS cheat sheet.
Cross-Site Scripting Attacks: Classification, Attack, and Countermeasures
Jan 13 2022
CPRA Cheat sheet
Jan 08 2022
WireShark Cheat Sheet
Learn Wireshark: Confidently navigate the Wireshark interface and solve real-world networking problems
Apr 26 2020
Blue Team Cheat Sheets
Cyber Security Fundamentals: What is a Blue team?
Open a PDF file The best practice guide for an effective infoSec function.
Blue Team Cheat Sheets
Subscribe to DISC InfoSec blog by Email
Next Page »
