Oct 26 2023

Most Important Network Penetration Testing Checklist

Category: Cheat Sheet,Information Security,Pen Testdisc7 @ 9:25 am

Network Penetration Testing checklist determines vulnerabilities in the network posture by discovering Open ports, troubleshooting live systems, and services, and grabbing system banners.

The pen-testing helps the administrator to close unused ports, additional services, Hide or customize banners, troubleshoot services, and to calibrate firewall rules.

You should test in all ways to guarantee there is no security loophole.

Network penetration testing, also known as ethical hacking or white-hat hacking, is a systematic process of evaluating the security of a computer network infrastructure.

The goal of a network penetration test is to identify vulnerabilities and weaknesses in the network’s defenses that malicious actors could potentially exploit.

Let’s see how we conduct step-by-step Network penetration testing by using some famous network scanners.

1. Host Discovery

Footprinting is the first and most important phase where one gathers information about their target system.

DNS footprinting helps to enumerate DNS records like (A, MX, NS, SRV, PTR, SOA, and CNAME) resolving to the target domain.

  • A – A record is used to point the domain name such as gbhackers.com to the IP address of its hosting server.
  •  MX – Records responsible for Email exchange.
  • NS – NS records are to identify DNS servers responsible for the domain.
  • SRV – Records to distinguish the service hosted on specific servers.
  • PTR – Reverse DNS lookup, with the help of IP you can get domains associated with it.
  • SOA – Start of record, it is nothing but the information in the DNS system about DNS Zone and other DNS records.
  • CNAME – Cname record maps a domain name to another domain name.

We can detect live hosts, and accessible hosts in the target network by using network scanning tools such as Advanced IP scanner, NMAP, HPING3, and NESSUS.

Ping&Ping Sweep:

root@kali:~# nmap -sn 192.168.169.128root@kali:~# nmap -sn 192.168.169.128-20 To ScanRange of IProot@kali:~# nmap -sn 192.168.169.* Wildcardroot@kali:~# nmap -sn 192.168.169.128/24 Entire Subnet

Whois Information 

To obtain Whois information and the name server of a websiteroot@kali:~# whois testdomain.com

  1. http://whois.domaintools.com/
  2. https://whois.icann.org/en

Traceroute

Network Diagonastic tool that displays route path and transit delay in packetsroot@kali:~# traceroute google.com

Online Tools

  1. http://www.monitis.com/traceroute/
  2. http://ping.eu/traceroute/

2. Port Scanning

Perform port scanning using tools such as Nmap, Hping3, Netscan tools, and Network monitor. These tools help us to probe a server or host on the target network for open ports.

root@kali:~# nmap –open gbhackers.com             To find all open ports

root@kali:~# nmap -p 80 192.168.169.128           Specific Port

root@kali:~# nmap -p 80-200 192.168.169.128   Range of ports

root@kali:~# nmap -p “*” 192.168.169.128          To scan all ports

Online Tools

  1. http://www.yougetsignal.com/
  2. https://pentest-tools.com/information-gathering/find-subdomains-of-domain

3. Banner Grabbing/OS Fingerprinting

Perform banner Grabbing/OS fingerprinting such as Telnet, IDServe, and NMAP determines the operating system of the target host and the operating system.

Once you know the version and operating system of the target, you need to find the vulnerabilities and exploit them. Try to gain control over the system.

root@kali:~# nmap -A 192.168.169.128root@kali:~# nmap -v -A 192.168.169.128 with high verbosity level

IDserve is another good tool for Banner Grabbing.

Networkpentesting Flowchart

Online Tools

  1. https://www.netcraft.com/
  2. https://w3dt.net/tools/httprecon
  3. https://www.shodan.io/

4. Scan For Vulnerabilities

Scan the network using Vulnerabilities using GIFLanguard, Nessus, Ratina CS, SAINT.

These tools help us find vulnerabilities in the target and operating systems. With these steps, you can find loopholes in the target network system.

GFILanguard

It acts as a security consultant and offers patch management vulnerability assessment, and network auditing services.

Nessus

Nessus is a vulnerability scanner tool that searches for bugs in software and finds a specific way to violate the security of a software product.

  • Data gathering.
  • Host identification.
  • Port scan.
  • Plug-in selection.
  • Reporting of data.

5. Draw Network Diagrams

Draw a network diagram about the organization that helps you understand the logical connection path to the target host in the network.

The network diagram can be drawn by LANmanager, LANstate, Friendly pinger, and Network View.

6. Prepare Proxies

Proxies act as an intermediary between two networking devices. A proxy can protect the local network from outside access.

With proxy servers, we can anonymize web browsing and filter unwanted content, such as ads and many others.

Proxies such as Proxifier, SSL Proxy, Proxy Finder..etc, to hide from being caught.

6. Document All Findings

The last and very important step is to document all the findings from penetration testing.

This document will help you find potential vulnerabilities in your network. Once you determine the Vulnerabilities, you can plan counteractions accordingly.

You can download the rules and scope Worksheet here: Rules and Scope sheet 

Thus, penetration testing helps assess your network before it gets into real trouble that may cause severe loss in terms of value and finance.

important tools

Important Tools Used For Network Pentesting

Frameworks

Kali Linux, Backtrack5 R3, Security Onion

Reconnaisance

Smartwhois, MxToolbox, CentralOps, dnsstuff, nslookup, DIG, netcraft

Discovery

Angry IP scanner, Colasoft ping tool, nmap, Maltego, NetResident,LanSurveyor, OpManager

Port Scanning

Nmap, Megaping, Hping3, Netscan tools pro, Advanced port scannerService Fingerprinting Xprobe, nmap, zenmap

Enumeration

Superscan, Netbios enumerator, Snmpcheck, onesixtyone, Jxplorer, Hyena,DumpSec, WinFingerprint, Ps Tools, NsAuditor, Enum4Linux, nslookup, Netscan

Scanning

Nessus, GFI Languard, Retina,SAINT, Nexpose

Password Cracking

Ncrack, Cain & Abel, LC5, Ophcrack, pwdump7, fgdump, John The Ripper,Rainbow Crack

Sniffing

Wireshark, Ettercap, Capsa Network Analyzer

MiTM Attacks

Cain & Abel, Ettercap

Exploitation

 Metasploit, Core Impact

These are the Most important checklist you should concentrate with Network penetration Testing .

Also Read:

Penetration Testing – Protecting Networks and Systems

InfoSec tools | InfoSec services | InfoSec books | Follow our blog | DISC llc is listed on The vCISO Directory

Tags: Network Penetration Testing Checklist


Oct 04 2023

9 essential ransomware guides and checklists available for free

Category: Cheat Sheet,Ransomwaredisc7 @ 2:14 pm

According to Fortinet, ransomware activity has intensified, registering an increase of 13 times compared to the beginning of 2023 in terms of all malware detections. The rise of Ransomware-as-a-Service has primarily driven this surge in ransomware variations.

According to a recent study, 65% of organizations identified ransomware as one of their top three threats to their operational viability. Additionally, ransomware is the most significant threat for 13% of these organizations.

Here’s a collection of free ransomware guides and checklists you can access without registration.

#StopRansomware guide

This guide came from the Joint Cybersecurity and Infrastructure Security Agency (CISA) and Multi-State Information Sharing & Analysis Center (MS-ISAC) and was developed through the Joint Ransomware Task Force. This guide includes two primary resources:

  • Ransomware and Data Extortion Prevention Best Practice
  • Ransomware and Data Extortion Response Checklist

Mitigating malware and ransomware attacks

This guidance from the National Cyber Security Centre UK helps private and public sector organizations deal with malware’s effects (including ransomware). It provides actions to help organizations prevent a malware infection and steps to take if you’re already infected.

Definitive guide to ransomware

As more ransomware attacks and variants rise monthly, IBM Security X-Force believes ransomware will continue to threaten businesses in the coming years. This document provides guidance to organizations before and during a ransomware attack.

Mapping the ransomware landscape

In partnership with the DACG, ANSSI publishes the guide: Ransomware attacks, all concerned – How to prevent them and respond to an incident. The guide is very practical, particularly at general and IT managers in the private sector and local authorities.

Ransomware response checklist

If your organization is a victim of a ransomware incident, this checklist may assist in identification, containment, remediation, and system(s) recovery. Organizations are recommended to review and familiarize themselves with the steps in the checklist before an incident.

Ransomware survival guide: Recover from an attack

In this ransomware survival guide, the authors share lessons they’ve learned and best practices they’ve developed to help organizations coordinate their response to an attack and make timely, strategic decisions through all phases of the response.

The ultimate guide to ransomware

This guide explains what ransomware is, how it works, and how you can remove it and protect yourself.

Cybersecurity for small business: Ransomware

Learn the basics for protecting your business, take a quiz about what your learned. The tips were developed in partnership with the National Institute of Standards and Technology, the U.S. Small Business Administration, and the Department of Homeland Security.

Aspects of ransomware covered by the Budapest Convention

The Cybercrime Convention Committee just adopted a guidance note on ransomware. It shows how the provisions of the Convention on Cybercrime and its new Second Additional Protocol can be used to criminalize, investigate and prosecute ransomware-related offences and to engage in international cooperation.

InfoSec tools | InfoSec services | InfoSec books | Follow our blog | DISC llc is listed on The vCISO Directory

The Ransomware Hunting Team: A Band of Misfits’ Improbable Crusade to Save the World from Cybercrime

Tags: guides and checklists available for free


Sep 11 2023

Cybercriminals Using PowerShell to Steal NTLMv2 Hashes

Category: Cheat Sheet,PowerShell Securitydisc7 @ 1:19 pm

Cybercriminals Using PowerShell to Steal NTLMv2 Hashes from Compromised Windows

A new cyber attack campaign is leveraging the PowerShell script associated with a legitimate red teaming tool to plunder NTLMv2 hashes from compromised Windows systems primarily located in Australia, Poland, and Belgium.

The activity has been codenamed Steal-It by Zscaler ThreatLabz.

“In this campaign, the threat actors steal and exfiltrate NTLMv2 hashes using customized versions of Nishang’s Start-CaptureServer PowerShell script, executing various system commands, and exfiltrating the retrieved data via Mockbin APIs,” security researchers Niraj Shivtarkar and Avinash Kumar said.

Nishang is a framework and collection of PowerShell scripts and payloads for offensive security, penetration testing, and red teaming.

PowerShell to Steal NTLMv2 Hashes

The attacks leverage as many as five different infection chains, although they all leverage phishing emails containing ZIP archives as the starting point to infiltrate specific targets using geofencing techniques –

  • NTLMv2 hash stealing infection chain, which employs a custom version of the aforementioned Start-CaptureServer PowerShell script to harvest NTLMv2 hashes
  • System info stealing infection chain, which OnlyFans lures to target Australian users into downloading a CMD file that pilfers system information
  • Fansly whoami infection chain, which uses explicit images of Ukrainian and Russian Fansly models to entice Polish users into downloading a CMD file that exfiltrates the results of the whoami command
  • Windows update infection chain, which targets Belgium users with fake Windows update scripts designed to run commands like tasklist and systeminfo

It’s worth noting that the last attack sequence was highlighted by the Computer Emergency Response Team of Ukraine (CERT-UA) in May 2023 as part of an APT28 campaign directed against government institutions in the country.

This raises the possibility that the Steal-It campaign could also be the work of the Russian state-sponsored threat actor.

“The threat actors’ custom PowerShell scripts and strategic use of LNK files within ZIP archives highlights their technical expertise,” the researchers said. “The persistence maintained by moving files from the Downloads to Startup folder and renaming them underscores the threat actors’ dedication to prolonged access.”

Learn PowerShell in a Month of Lunches, Fourth Edition: Covers Windows, Linux, and macOS 

InfoSec tools | InfoSec services | InfoSec books | Follow our blog | DISC llc is listed on The vCISO Directory

Tags: cheat sheet, Compromised Windows, Hashes, PowerShell


Jul 01 2023

CISSP Cheat Sheet

Category: Cheat Sheet,CISSPdisc7 @ 10:16 am

CISSP booksOfficial (ISC)2® Guides

CISSP training

InfoSec tools | InfoSec services | InfoSec books

Tags: CISSP books, CISSP Cheat sheet, CISSP training


Jan 26 2023

Cloud Pentesting Cheatsheet

Category: Cheat Sheet,Cloud computing,Pen TestDISC @ 12:09 pm

Cloud Pentesting for Noobs. An introduction to peneration testing… | by Jon  Helmus | Medium

Checkout our previous posts on Cheat Sheet

InfoSec books | InfoSec tools | InfoSec services

Tags: cheat sheet, Cloud Pentesting


Jan 18 2023

Wireless Penetration Testing Checklist – A Detailed Cheat Sheet

Category: Cheat Sheet,Pen Test,Wi-Fi SecurityDISC @ 4:13 pm

Wireless Penetration testing actively examines the process of Information security Measures which is Placed in WiFi Networks and also analyses the Weakness, technical flows, and Critical wireless Vulnerabilities.

The most important countermeasures we should focus on are Threat  Assessment, Data theft Detection, security control auditing, Risk prevention and Detection, information system Management, and Upgrade infrastructure and a Detailed report should be prepared.What is Wireless Penetration Testing?

Wireless Penetration Testing is aimed to test wireless infrastructure to find vulnerabilities in the network. Testing involves both manual testing techniques and automated scans to simulate a real-world attack and identify risks.Why is wireless penetration testing important?

Usage of Wi-Fi access dramatically increased nowadays, and the quality of Wi-Fi security is in question. By using Wi-Fi access thousands of transaction processing every minute.
If the network is vulnerable it allows hackers to launch various attacks and intercept the data.

Common Wireless Network Vulnerabilities

  • Deployment of Vulnerable WEP Protocol
  • Man-in-the-Middle Attacks
  • Default SSIDs and Passwords
  • Misconfigured Firewalls
  • WPA2 Krack Vulnerability
  • NetSpectre – Remote Spectre Exploit
  • Warshipping
  • Packet Sniffing
  • Warshipping

Wireless Penetration Testing Checklist

Let’s take a detailed look at the Wireless Penetration Testing Checklist and the steps to be followed.

Framework for Wireless Penetration Testing

  1. Discover the Devices connected with  Wireless Networks.
  2. Document all the findings if Wireless Device is Found.
  3. If a wireless Device is found using Wifi Networks, then perform common wifi Attacks and check the devices using WEP Encryption.
  4. If you found WLAN using WEP Encryption then Perform WEP Encryption Pentesting.
  5. Check whether WLAN Using WPA/WPA2 Encryption. If yes then perform WPA/WPA2 pen-testing.
  6. Check Whether WLAN using LEAP Encryption. If yes then perform LEAP Pentesting.
  7. No other Encryption Method was used which I mentioned above, Then Check whether WLAN using unencrypted.
  8. If WLAN is unencrypted then perform common wifi network attacks, check the vulnerability which is placed in the unencrypted method and generate a report.
  9. Before generating a Report make sure no damage has been caused to the pentesting assets.

Wireless Pentesting with WEP Encrypted WLAN

  1. Check the SSID and analyze whether SSID is Visible or Hidden.
  2. Check for networks using WEP encryption.
  3. If you find the SSID as visible mode then try to sniff the traffic and check the packet capturing status.
  4. If the packet has been successfully captured and injected then it’s time to break the WEP  key by using a WiFi cracking tool such as Aircrack-ng, or WEPcrack.
  5. If packets are not reliably captured then sniff the traffic again and capture the Packet.
  6. If you find SSID is the Hidden mode, then do Deauthentication for the target client by using some deauthentication tools such as Commview and Airplay-ng.
  7. Once successfully Authenticated with the client and Discovered the SSID is, then again follow the Above Procedure which is already used for discovering SSID in earlier steps.
  8. Check if the Authentication method used is OPN (Open Authentication) or SKA (Shared Key Authentication). If SKA is used, then bypassing mechanism needs to be performed.
  9. Check if the STA (stations/clients) are connected to AP (Access Point) or not. This information is necessary to perform the attack accordingly.

If clients are connected to the AP, an Interactive packet replay or ARP replay attack needs to be performed to gather IV packets which can be then used to crack the WEP key.

If there’s no client connected to the AP, Fragmentation Attack or Korex Chop Chop attack needs to be performed to generate the keystream which will be further used to reply to ARP packets.

10. Once the WEP key is cracked, try to connect to the network using WPA-supplicant and check if the AP is allotting any IP address or not.”EAPOL handshake“.

Wireless Penetration Testing with WPA/WPA2 Encrypted WLAN

  1. Start and Deauthenticate with WPA/WPA2 Protected WLAN client by using WLAN tools Such as Hotspotter, Airsnarf, Karma, etc.
  2. If the Client is Deaauthenticated, then sniff the traffic and check the status of captured EAPOL Handshake.
  3. If the client is not Deauthenticate then do it again.
  4. Check whether the EAPOL handshake is captured or Not.
  5. Once you captured the EAPOL handshake, then perform a PSK Dictionary attack using coWPAtty, Aircrack-ng to gain confidential information.
  6. Add Time-memory trade-off method (Rainbow tables) also known as WPA-PSK Precomputation attack for cracking WPA/2 passphrase. Genpmk can be used to generate pre-computed hashes.
  7. If it’s Failed then Deauthenticate again and try to capture again and redo the above steps.

LEAP Encrypted WLAN

  1. Check and Confirm whether WLAN is protected by LEAP Encryption or not.
  2. De-authenticate the LEAP Protected Client using tools such as karma, hotspotter, etc.
  3. If the client is De authenticated then break the LEAP Encryption using a tool such as asleapto steal the confidential information
  4. If the process dropped then de-authenticate again

Wireless Penetration Testing with Unencrypted WLAN

  1. Check whether SSID is Visible or not
  2. Sniff for IP range if SSID is visible then check the status of MAC Filtering.
  3. If MAC filtering is enabled then spoof the MAC Address by using tools such as SMAC
  4. Try to connect to AP using IP within the discovered range.
  5. If SSID is hidden then discover the SSID using Aircrack-ng and follow the procedure of visible SSID which I Declared above.

Wireless Penetration Testing

Checkout our previous posts on InfoSec “Cheat Sheet”

InfoSec books | InfoSec tools | InfoSec services

Tags: cheat sheet


Jan 17 2023

Windows PowerShell Cheat Sheet

Powershell

Checkout our previous posts on “PowerShell Security”

More latest Titles on PowerShell…


InfoSec books | InfoSec tools | InfoSec services

Tags: Powershell Security


Jan 16 2023

Most Important Network Penetration Testing Checklist

Category: Cheat Sheet,Network security,Pen TestDISC @ 11:05 am

Network Penetration Testing determines vulnerabilities in the network posture by discovering Open ports, Troubleshooting live systems, services and grabbing system banners.

The pen-testing helps administrator to close unused ports, additional services, Hide or Customize banners, Troubleshooting services and to calibrate firewall rules.You should test in all ways to guarantee there is no security loophole.

Let’s see how we conduct a step by step Network penetration testing by using some famous network scanners.

Network Penetration Testing

1.HOST DISCOVERY

Footprinting is the first and important phase were one gather information about their target system.

DNS footprinting helps to enumerate DNS records like (A, MX, NS, SRV, PTR, SOA, CNAME) resolving to the target domain.

  • A – A record is used to point the domain name such as gbhackers.com to the IP address of it’s hosting server.
  •  MX – Records responsible for Email exchange.
  • NS – NS records are to identify DNS servers responsible for the domain.
  • SRV – Records to distinguish the service hosted on specific servers.
  • PTR – Reverse DNS lookup, with the help of IP you can get domain’s associated with it.
  • SOA – Start of record, it is nothing but the information in the DNS system about DNS Zone and other DNS records.
  • CNAME – Cname record maps a domain name to another domain name.

We can detect live hosts, accessible hosts in the target network by using network scanning tools such as Advanced IP scanner, NMAP, HPING3, NESSUS.

Ping&Ping Sweep:

root@kali:~# nmap -sn 192.168.169.128root@kali:~# nmap -sn 192.168.169.128-20 To ScanRange of IProot@kali:~# nmap -sn 192.168.169.* Wildcardroot@kali:~# nmap -sn 192.168.169.128/24 Entire Subnet

Whois Information 

To obtain Whois information and name server of a webisteroot@kali:~# whois testdomain.com

  1. http://whois.domaintools.com/
  2. https://whois.icann.org/en

Traceroute

Network Diagonastic tool that displays route path and transit delay in packetsroot@kali:~# traceroute google.com

Online Tools

  1. http://www.monitis.com/traceroute/
  2. http://ping.eu/traceroute/

2.PORT SCANNING

Perform port scanning using tools such as Nmap, Hping3, Netscan tools, Network monitor. These tools help us to probe a server or host on the target network for open ports.

Open ports are the gateway for attackers to enter in and to install malicious backdoor applications.root@kali:~# nmap –open gbhackers.com             To find all open portsroot@kali:~# nmap -p 80 192.168.169.128           Specific Portroot@kali:~# nmap -p 80-200 192.168.169.128   Range of portsroot@kali:~# nmap -p “*” 192.168.169.128          To scan all ports

Online Tools

  1. http://www.yougetsignal.com/
  2. https://pentest-tools.com/information-gathering/find-subdomains-of-domain

3.Banner Grabbing/OS Fingerprinting

Perform banner Grabbing/OS fingerprinting such as Telnet, IDServe, NMAP determines the operating system of the target host and the operating system.

Once you know the version and operating system of the target, we need to find the vulnerabilities and exploit.Try to gain control over the system.root@kali:~# nmap -A 192.168.169.128root@kali:~# nmap -v -A 192.168.169.128 with high verbosity level

IDserve another good tool for Banner Grabbing.

Networkpentesting Flowchart

Online Tools

  1. https://www.netcraft.com/
  2. https://w3dt.net/tools/httprecon
  3. https://www.shodan.io/

4.Scan for Vulnerabilities

Scan the network using Vulnerabilities using GIFLanguard, Nessus, Ratina CS, SAINT.

These tools help us in finding vulnerabilities with the target system and operating systems.With this steps, you can find loopholes in the target network system.

GFILanguard

It acts as a security consultant and offers patch Management, Vulnerability assessment, and network auditing services.

Nessus

Nessus a vulnerability scanner tool that searches bug in the software and finds a specific way to violate the security of a software product.

  • Data gathering.
  • Host identification.
  • Port scan.
  • Plug-in selection.
  • Reporting of data.

5.Draw Network Diagrams

Draw a network diagram about the organization that helps you to understand logical connection path to the target host in the network.

The network diagram can be drawn by LANmanager, LANstate, Friendly pinger, Network view.

6.Prepare Proxies

Proxies act as an intermediary between two networking devices. A proxy can protect the local network from outside access.

With proxy servers, we can anonymize web browsing and filter unwanted contents such as ads and many other.

Proxies such as Proxifier, SSL Proxy, Proxy Finder..etc, to hide yourself from being caught.

6.Document all Findings

The last and the very important step is to document all the Findings from Penetration testing.

This document will help you in finding potential vulnerabilities in your network. Once you determine the Vulnerabilities you can plan counteractions accordingly.

You can download rules and scope Worksheet here – Rules and Scope sheet 

Thus, penetration testing helps in assessing your network before it gets into real trouble that may cause severe loss in terms of value and finance.

Important Tools used for Network Pentesting

Frameworks

Kali Linux, Backtrack5 R3, Security Onion

Reconnaisance

Smartwhois, MxToolbox, CentralOps, dnsstuff, nslookup, DIG, netcraft

Discovery

Angry IP scanner, Colasoft ping tool, nmap, Maltego, NetResident,LanSurveyor, OpManager

Port Scanning

Nmap, Megaping, Hping3, Netscan tools pro, Advanced port scannerService Fingerprinting Xprobe, nmap, zenmap

Enumeration

Superscan, Netbios enumerator, Snmpcheck, onesixtyone, Jxplorer, Hyena,DumpSec, WinFingerprint, Ps Tools, NsAuditor, Enum4Linux, nslookup, Netscan

Scanning

Nessus, GFI Languard, Retina,SAINT, Nexpose

Password Cracking

Ncrack, Cain & Abel, LC5, Ophcrack, pwdump7, fgdump, John The Ripper,Rainbow Crack

Sniffing

Wireshark, Ettercap, Capsa Network Analyzer

MiTM Attacks

Cain & Abel, Ettercap

Exploitation

 Metasploit, Core ImpactThese are the Most important checklist you should concentrate with Network penetration Testing .

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity updates also you can take the Best Cybersecurity courses online to keep your self-updated.

Checkout our previous posts on Pen Testing…

Contact DISC InfoSec

InfoSec books | InfoSec tools | InfoSec services

Tags: Penetration Testing Checklist


Jan 02 2023

Windows PowerShell Tutorial and Cheat Sheet

PowerShell Cheat Sheet

Powershell : The Complete Ultimate Windows Powershell Beginners Guide. Learn Powershell Scripting In A Day!

Mastering PowerShell Scripting: Automate and manage your environment using PowerShell


Infosec books
 | InfoSec tools | InfoSec services

Tags: Powershell Security


Dec 29 2022

Active Directory Exploitation Cheat Sheet

Category: Cheat Sheet,Windows SecurityDISC @ 12:59 pm

https://ethicalhackersacademy.com/blogs/ethical-hackers-academy/active-directory

Active Directory is a Microsoft service run in the Server that predominantly used to manage various permission and resources around the network, also it performs an authenticates and authorizes all users and computers in a Windows domain type networks.

Recent cyber-attacks are frequently targeting the vulnerable active directory services used in enterprise networks where the organization handling the 1000’s of computers in the single point of control called “Domain controller” which is one of the main targeted services by the APT Hackers.

Though exploiting Active directory is a challenging task, It is certain to activate directory exploitation Cheat Sheet which contains common enumeration and attack methods which including the several following phases to make it simple.

  • Recon
  • Domain Enum
  • Local Privilege Escalation
  • User Hunting
  • Domain Admin Privileges
  • Database Hunting
  • Data Exfiltration
  • Active Directory Exploitation Tools

Reconnaissance

Recon Phase contains various modules, including Port scan that performs the following operations.

PORT SCAN
Import-Module Invoke-Portscan.ps1
<#
Invoke-Portscan -Hosts "websrv.domain.local,wsus.domain.local,apps.domain.local" -TopPorts 50 echo websrv.domain.local | Invoke-Portscan -oG test.gnmap -f -ports "80,443,8080" Invoke-Portscan -Hosts 172.16.0.0/24 -T 4 -TopPorts 25 -oA localnet
#>

AD MODULE WITHOUT RSAT

The secret to being able to run AD enumeration commands from the AD Powershell module on a system without RSAT installed, is the DLL located in C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.ActiveDirectory.Management on a system that has the RSAT installed.

Set up your AD VM, install RSAT, extract the dll and drop it to the target system used to enumerate the active directory.

Import-Module .\Microsoft.ActiveDirectory.Management.dll
Get-Command get-adcom*

Domain Enumeration

DOMAIN

  • Get current domain
Get-NetDomain (PowerView)
Get-ADDomain (ActiveDirectory Module)
  • Get object of another domain
Get-NetDomain -Domain domain.local
Get-ADDomain -Identity domain.local
  • Get domain SID for the current domain
Get-DomainSID
(Get-ADDomain).DomainSID
  • Get domain policy for the current domain
Get-DomainPolicy
(Get-DomainPolicy)."system access"
  • Get domain policy for another domain
(Get-DomainPolicy -domain domain.local)."system access"
  • Get domain controllers for the current domain
Get-NetDomainController
Get-ADDomainController
  • Get domain controllers for another domain
Get-NetDomainController -Domain domain.local
Get-ADDomainController -DomainName domain.local -Discover

NETUSER
More on: To Get a list of users in the current domain





Infosec books | InfoSec tools | InfoSec services






Tags: Active Directory Exploitation Cheat Sheet


Dec 21 2022

VirusTotal INTELLIGENCE CHEAT SHEET

Category: Antivirus,Cheat Sheet,MalwareDISC @ 9:21 am

VirusTotal cheat sheet makes it easy to search for specific results

Opening the Blackbox of VirusTotal, analyzing online phishing scan engines

The Antivirus Hacker’s Handbook

Mastering Malware Analysis

Infosec books | InfoSec tools | InfoSec services

Tags: VirusTotal, VirusTotal INTELLIGENCE CHEAT SHEET


Apr 13 2022

Cross-site scripting (XSS) cheat sheet

Category: Cheat Sheet,Security vulnerabilitiesDISC @ 10:41 am

This cross-site scripting (XSS) cheat sheet contains many vectors that can help you bypass WAFs and filters. You can select vectors by the event, tag or browser and a proof of concept is included for every vector.

You can download a PDF version of the XSS cheat sheet.

Cross-Site Scripting Attacks: Classification, Attack, and Countermeasures

Tags: cheat sheet, Cross-site scripting, Cross-Site Scripting Attacks


Jan 13 2022

CPRA Cheat sheet

Download ISO/IEC 27701 2019 Standard and Toolkit

CPRA compliance gap assessment tool 

Tags: CPRA, CPRA Cheat sheet, CPRA compliance gap assessment tool, ISO 27701 2019 Standard and Toolkit


Jan 08 2022

WireShark Cheat Sheet

Category: Cheat Sheet,Network securityDISC @ 11:08 am

Learn Wireshark: Confidently navigate the Wireshark interface and solve real-world networking problems

Tags: WireShark Cheat Sheet


Dec 23 2021

WireShark Cheat sheet

Category: Cheat Sheet,Network securityDISC @ 11:13 am

Tags: wireshark


Dec 13 2021

Hacking tools cheat sheet

Category: Cheat Sheet,Hacking,Security ToolsDISC @ 10:35 am

Tags: Hacking tools cheat sheet


Feb 24 2021

Nmap Cheat Sheet

Category: Cheat Sheet,Network security,Risk AssessmentDISC @ 9:52 am

Nmap Cheat Sheet – Infographic by SANS Institute

Tags: Nmap, Nmap network scanning


Apr 26 2020

Blue Team Cheat Sheets

Category: Blue team,Cheat Sheet,cyber security,HackingDISC @ 3:47 pm

Cyber Security Fundamentals: What is a Blue team?

Open a PDF file The best practice guide for an effective infoSec function.

Blue Team Cheat Sheets

Subscribe to DISC InfoSec blog by Email

Tags: Blue team, Red team


Apr 17 2019

Two-factor authentication: A cheat sheet

Category: 2FA,Cheat SheetDISC @ 10:55 am

A password alone will not protect sensitive information from hackers–two-factor authentication is also necessary. Here’s what security pros and users need to know about two-factor authentication.

Source: Two-factor authentication: A cheat sheet



 Subscribe in a reader




Tags: 2FA, two factor auth


Apr 06 2019

Metasploit Cheat Sheet

Category: Cheat Sheet,Security ToolsDISC @ 4:59 pm

Metasploit Cheat Sheet by TerrorByte


Enter your email address:

Delivered by FeedBurner





Next Page »