Liens par thème
Une liste de liens / tools mis de côté.
Pentest interne
tutos / méthodes
dump creds
- 2013 - Dumping Windows credentials : Méthodes et outils pour récupérer des hashs/passwords en environnement Windows.
- 2017 - NTLM relaying guide: Précisions sur les relais NTLM
- univershell_2017_dpapi.pdf : Présentation d’outils pour récupérer des secrets via DPAPI
bypass AV/EDR
- 2019 - Combining Direct System Calls and sRDI: Red Team Tactics: Combining Direct System Calls and sRDI to bypass AV/EDR
tools
- DeathStar with Empire : Présentation de DeathStar (byt3bl33d3r)
- RedSnarf: Tool for retrieving hashes and credentials from Windows using OpSec Safe Techniques
- applocker-bypass-installutil
- DockerRootPlease: Gain root shell on the hostOS, if you’re a member of docker group
- mimipenguin: mimikatz for Linux
upgrade your shells
payloads
- Undetectable Windows Payload Generation: Undetectable Windows Payload Generation with extras Running on Python2.7
- CactusTorch: A JavaScript and VBScript shellcode launcher. (doc)
OSINT
- Sublist3r : énumérer les sous-domaines
- DNStrails : Historique des entrées DNS, whois, de n’importe quel domaine.
- Domain Names enumeration : Techniques pour énumérer les sous domaines
- DNSgrep : outil pour pouvoir chercher efficacement dans la collection de DNS passif de Rapid7 (voir un serveur standalone ici)
- CTFR : Outil pour récupérer des sous domaines depuis les Certificate Transparency logs
Red Team
Set up the infrastructure
- Red-Team-Infrastructure-Wiki : Infrastructure pour le red team
Badge cloning
Blue Team
- HELK: A Hunting ELK (Elasticsearch, Logstash, Kibana) with advanced analytic capabilities.
Password Cracking
- Real-Passwords: Une belle liste de dico
- pemcracker: Cracking PEM files
Wi-Fi audits
- eaphammer = fake AP + responder
- fluxion : MitM WPA
- Wifite: Rewrite of the popular wireless network auditor, “wifite”
-
radius-audit: A RADIUS authentication server audit tool
- Modern Wireless Tradecraft: series of posts about Wi-Fi hacking technics by the creator of
eaphammer:
Web
Tools
- Autochrome: Chromium that does not pollute your Burp’s logs
- Quieter Firefox: Firefox that does not pollute your Burp’s logs
Cheat Sheets
- PayloadsAllTheThings: A list of useful payloads and bypass for Web Application Security and Pentest/CTF
- HTTP Security Headers: Everything you need to know about HTTP security headers
- CSRF cheat sheet: a good CSRF cheat sheet
- XSS Cheat Sheet: a nice XSS cheat sheet by PortSwigger
- JWT Attack Playbook: Tools and attacks on JWT (JSON Web Token)
applications mobiles
android
- Anbox : faire tourner les applis android sous linux sans émulateur
- Drozer : Un framework de tests de sécurité
iOS
- Needle : Un framework de tests de sécurité
Cryptographie
- cryptol.net : pour auditer les implémentations crypto
- tamarin-prover : pour auditer les designs crypto
- shattered : détails des collisions sur SHA-1
DFIR
Digital Forensics and Incident Response
- dfirtriage: Digital forensic acquisition tool for Windows-based incident response
- Kansa: A modular incident response framework in Powershell
Malware Sandboxes
- https://any.run/: Interactive Online Malware Sandbox
Citrix, Remote Desktop Web Access, etc
- Citrix escape: Many technics used to evade Citrix-like environments
Audit de configuration
Windows
- Windows-Secure-Host-Baseline: Configuration guidance for implementing the Windows 10 and Windows Server 2016 DoD Secure Host Baseline settings. #nsacyber
SSH
- SSH Pentesting Guide: Tools, technics, and vulnerabilities about SSH.
Cloud
- ScoutSuite: Multi-Cloud Security Auditing Tool
AWS
TODO
Azure/Office365
- O365 Logs Scripts: Security-Focused O365 Management and Log Resources
- O365-InvestigationTooling: low-volume activity data acquisition from the Office 365 Management Activity API
Architecture
Kubernetes
- Kubernetes Pentest Methodology - Part 1
- Kubernetes Pentest Methodology - Part 2
- Kubernetes Pentest Methodology - Part 3
Recommandations
Microsoft recommendations
Dark Web
- https://dark.fail/: kind of dark web indexer