Search Results

At my workplace I'm managing a course for apprentices inside the organization. As we are working in the IT Security we are presenting how the work is done in several teams. Splunk is an well known application and is needed everyday. Splunk is logging everythi...

Before we install splunk we need to change some settings. First we remove the "virbr0" network interface as it's useless for our project. Virbr0 is used for virtualization purposes and acts as a switch you can connect your guests and your host if you are virt...

Open Firewall When we try to access the login via internal network we won't be able to establish a connection. The problem is that our machine is refusing connections from outside via port 8000. We need to open the port on the firewall. The guide how to c...

There are several ways to create your own Hacking LAB Damn Vulnerable Web Application https://dvwa.co.uk/ Damn Vulnerable Web App (DVWA) is a PHP/MySQL web application that is damn vulnerable. Its main goals are to be an aid for security professionals to te...

Wappalizer Wappalyzer is a technology profiler that shows you what websites are built with.Find out what CMS a website is using, as well as any framework, ecommerce platform, JavaScript libraries and many more. https://addons.mozilla.org/de/firefox/addon/wap...

Pentest Tools https://github.com/S3cur3Th1sSh1t/Pentest-ToolsSeveral PenTest Tools   Phishing tool https://github.com/htr-tech/zphisherBeginner phishing tool   Web Attack Cheat Sheet https://github.com/riramar/Web-Attack-Cheat-SheetWeb attack cheat shee...

Reverse Shell https://www.revshells.com/Reverse Shell Generator where you can provide your parameters and the right code gets created. Convert Curl commands https://curl.trillworks.com/Convert any curl syntax to Python, Node.js, PHP, R, Go, Rust, Elixir, ...

This is a curated list of interactive platforms, games, CTFs, open-source intelligence tools, and educational resources for anyone interested in cybersecurity, threat hunting, or ethical hacking. Source:https://www.linkedin.com/posts/mohessa511_cybersecurity-...

Youtube Channels NetworkChuck https://www.youtube.com/user/NetworkChuck David Bombal https://www.youtube.com/user/ConfigTerm LiveOverflow https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w John Hammond https://www.youtube.com/user/RootOfThe...

BurpSuite is a tool which normally is used for Web Application Analysis. But it has some tools which allows to do brute force.To do this we intercept traffic where we try to log in ourselves. Once we have the request we forward it to the intruder.From there we...

Hydra is a parallelized login cracker which supports numerous protocols to attack. It is very fast and flexible, and new modules are easy to add. This tool makes it possible for researchers and security consultants to show how easy it would be to gain unauthor...

John in general John the Ripper (JTR) is a fast, free and open-source password cracker.We will use this program to crack the hash we obtained earlier. JohnTheRipper is 15 years old and other programs such as HashCat are one of several other cracking programs ...

Sometimes it can be that a target network is in another subnet and you are not able to access it because you are only connected to the one machine. Example of TryHackMe Internal. There we see that Jenkins is running in a container on IP 172.17.0.2:8080But ...

GoBuster scans the most common directories which are used on a WebApp / Website. To run this scan GoBuster needs to be installed first: sudo apt-get install gobuster Once GoBuster is installed we can run it as following: sudo gobuster dir -u http://<ip>:<por...

Enum4linux is a tool for enumerating information from Windows and Samba systems and is capable of discovering the following: Password policies on target The operating system of a remote target Shares on a device (drives and folders) User listings Domain a...

FTP Sometimes anonymous login is allowed on a FTP server. ftp <server/ip> During the login you'll get asked to provide a user name and ther you just enter: anonymous SAMBA Access without username or password There are also some cases where you are al...

Nessus vulnerability scanner is exactly what you think is it’s! A vulnerability scanner!It uses techniques similar to Nmap to find and report vulnerabilities, which are then, presented in a nice GUI for us to look at.Nessus is different from other scanners as ...

Nikto Nikto is a perl based security testing tool and this means it will run on most operating systems with the necessary Perl interpreter installed. We will guide you through using it on Ubuntu Linux, basically because it is our operating system of choice an...

NMAP in general NMAP is a free open source “Network Mapper” for network exploration or security auditing. You define an IP address which you want to scan and NMAP will list you all open accessible ports and more. This tool has so many options to scan an envir...

Sometimes your target has running a WordPress website running on their end. There is also a tool which allows you to scan such websites. This is how you run an overall scan wpscan --url http://10.10.10.10/wordpress -e vp,u   When you found a username you...