Veil is a tool designed to generate metasploit payloads that bypass common anti-virus solutions.
Https://github.com/Veil-Framework/Veil
Https://github.com/Veil-Framework/Veil
GitHub
GitHub - Veil-Framework/Veil: Veil 3.1.X (Check version info in Veil at runtime)
Veil 3.1.X (Check version info in Veil at runtime) - Veil-Framework/Veil
The mission of OWASP Software Assurance Maturity Model (SAMM) is to be the prime maturity model for software assurance that provides an effective and measurable way for all types of organizations to analyze and improve their software security posture. OWASP SAMM supports the complete software lifecycle, including development and acquisition, and is technology and process agnostic. It is intentionally built to be evolutive and risk-driven in nature.
https://owaspsamm.org/model/
https://owaspsamm.org/model/
owaspsamm.org
The Model
The information presented below is for educational purposes only. Access to data located as a result of the reconnaissance may be subject to a breach of the law. Make sure you are working legally before use.
https://research.securitum.com/it-infrastructure-reconnaissance-part-1-google-hacking/
https://research.securitum.com/it-infrastructure-reconnaissance-part-2-shodan-censys-zoomeye/
https://research.securitum.com/it-infrastructure-reconnaissance-part-3/
https://research.securitum.com/it-infrastructure-reconnaissance-part-1-google-hacking/
https://research.securitum.com/it-infrastructure-reconnaissance-part-2-shodan-censys-zoomeye/
https://research.securitum.com/it-infrastructure-reconnaissance-part-3/
Securitum
Securitum - Security penetration testing.
Securitum is a pure pentesting company specialising in the security of IT systems. We have experience in performing security audits (including penetration tests) - mainly for
financial/e-commerce/industrial sectors. We have performed penetration tests and…
financial/e-commerce/industrial sectors. We have performed penetration tests and…
How to verify Digital Signatures of programs in Windows:
https://www.ghacks.net/2018/04/16/how-to-verify-digital-signatures-programs-in-windows/
https://www.ghacks.net/2018/04/16/how-to-verify-digital-signatures-programs-in-windows/
Windows on an external hard drive, USB flash drive or Thunderbolt drive, which means you can carry this portable Windows USB or Thunderbolt drive to anywhere and use it on any computer.
https://www.easyuefi.com/wintousb/
https://www.easyuefi.com/wintousb/
Easyuefi
Best Free Windows To Go Creator - Create Portable Windows
WinToUSB is the best free Windows To Go Creator. Install & run Windows on USB drive as portable Windows in minutes.
ySign is a new blockchain-based global platform for free communication and discreet conversations with 100% privacy, created as an opportunity to stay anonymous and secure.
https://www.ysign.io
https://www.ysign.io
Web Attack Visualization:
https://www.akamai.com/us/en/resources/our-thinking/state-of-the-internet-report/web-attack-visualization.jsp
https://www.akamai.com/us/en/resources/our-thinking/state-of-the-internet-report/web-attack-visualization.jsp
Akamai
State of the Internet Reports | Security Research | Akamai
State of the Internet (SOTI) reports summarize regional attack trends — and offer defensive actions — based on research by our Security Intelligence Group
Keeping Data Sanitization Policies Square With Enterprise Security
Data Point No. 1: Successful communication of data sanitization policies relies upon both the policy owner’s experience and organizational structure.
Data Point No. 2: Equipment left in storage areas is putting companies at risk of insider threats and data breaches.
Data Point No. 3: Flexible workers are most likely to compromise company data policy.
Data Point No. 4: Senior management is not taking direct responsibility for IT asset erasure.
Data Point No. 1: Successful communication of data sanitization policies relies upon both the policy owner’s experience and organizational structure.
Data Point No. 2: Equipment left in storage areas is putting companies at risk of insider threats and data breaches.
Data Point No. 3: Flexible workers are most likely to compromise company data policy.
Data Point No. 4: Senior management is not taking direct responsibility for IT asset erasure.
Configuration management software is a broad category of tools and services that enable administrators to manage configuration at scale in a policy driven, repeatable and automated approach.
Configuration Management Tools - Key Features:
• Configuration: By definition, configuration management tools all enable users to configure the options needed for deployment and operations.
• Automated deployment: The ability to automatically deploy software and virtual infrastructure, in a policy driven approach with defined configuration is a key attribute.
• Policy compliance: Keeping infrastructure and software inline with policy is a valuable feature for most organizations.
How to Choose a Configuration Management Tool:
• Scope: Identify what type of software or infrastructure that needs to be managed and make sure it's supported by the tool
• Complexity: Some tools are easier than others to manage both in terms of onboarding and ongoing control. Be sure to try out a tool in limited deployment before committing.
• Cost: Is the solution something that scales to cover different use-cases while remaining cost-effective?
Top Configuration Management Solutions:
• Chef
• CFEngine
• Hashicorp Terraform
• Puppet
• Red Hat Ansible
• Saltstack
Configuration Management Tools - Key Features:
• Configuration: By definition, configuration management tools all enable users to configure the options needed for deployment and operations.
• Automated deployment: The ability to automatically deploy software and virtual infrastructure, in a policy driven approach with defined configuration is a key attribute.
• Policy compliance: Keeping infrastructure and software inline with policy is a valuable feature for most organizations.
How to Choose a Configuration Management Tool:
• Scope: Identify what type of software or infrastructure that needs to be managed and make sure it's supported by the tool
• Complexity: Some tools are easier than others to manage both in terms of onboarding and ongoing control. Be sure to try out a tool in limited deployment before committing.
• Cost: Is the solution something that scales to cover different use-cases while remaining cost-effective?
Top Configuration Management Solutions:
• Chef
• CFEngine
• Hashicorp Terraform
• Puppet
• Red Hat Ansible
• Saltstack
International channel for Transmission Knowledge In the field of Cyber Security with a Focus on the Content of the CISSP-ISC2 course
@cissp
+also group:
@cisspgroup
@cissp
+also group:
@cisspgroup
Woow Content:😺
Need to brush up on Linux? Try
https://linuxjourney.com
Want help understanding a Linux command?
https://explainshell.com
Interested to explore coding? Check out https://www.codecademy.com
Want to review the basics of different types of attacks? Here’s some lessons for you
https://www.hacksplaining.com/exercises
How would you like to learn more about Metasploit and help out a great charity? Go here to find out
https://www.offensive-security.com/metasploit-unleashed
Need some more information on Windows Event Logs
https://www.ultimatewindowssecurity.com/securitylog/default.aspx
How about some free PowerShell video training direct from Microsoft?
https://mva.microsoft.com/en-US/training-courses/getting-started-with-microsoft-powershell-8276
,
https://mva.microsoft.com/en-US/training-courses/whats-new-in-powershell-v5-16434
For great sample policies and procedures, look here:
https://www.incidentresponse.com/resources/policies-plans
Looking for great video training in digital forensics? Check out
https://www.youtube.com/13cubed
👇🏻✌🏼
Free Digital Forensics and Incident Response Tools:
https://sumuri.com/software/paladin/
https://digital-forensics.sans.org/community/downloads
https://securityonion.net
https://docs.microsoft.com/en-us/sysinternals/downloads/
https://digital-forensics.sans.org/community/downloads
Capture the Flag and Other Challenges
Like capture the flag and similarly challenging games? You must check these out:
https://holidayhackchallenge.com/past-challenges
https://overthewire.org/wargames
https://www.vulnhub.com
https://www.azcwr.org
http://captf.com/practice-ctf
https://kali.training
Blue team more your things? Check out these challenges to hone your skills https://www.amanhardikar.com/mindmaps/ForensicChallenges.html
Pentesting
Want to learn more about web application pentesting? Check out https://www.owasp.org (a good overview of their projects is here https://www.owasp.org/images/0/01/Owasp_Dev_Guide.pdf) and also explore https://pentesterlab.com
https://www.hackthebox.eu
Need some good wordlists for password cracking? Try:
https://wiki.skullsecurity.org/passwords
https://crackstation.net/buy-crackstation-wordlist-password-cracking-dictionary.htm
Other
And here’s some other sites with great information for continuing your journey into penetration testing and incident response:
https://pen-testing.sans.org/blog
https://digital-forensics.sans.org/blog
https://cyber-defense.sans.org/blog
https://securityweekly.com
http://opensecuritytraining.info/Training.html
http://blog.commandlinekungfu.com/
http://unctad.org/en/pages/dtl/sti_and_icts/ict4d-legislation/ecom-global-legislation.aspx
https://www.unodc.org/cld/v3/cybrepo/legdb/index.html?lng=en
https://www.iana.org/domains/root/db
https://www.whois.com/whois
https://www.iana.org/whois
https://www.forwarddefense.com/en/article/references-pdf
https://mva.microsoft.com/en-us/training-courses/deep-dive-into-credential-guard-16651?l=cfGBPlIyC_9404300474
https://blogs.technet.microsoft.com/ash/2016/03/02/windows-10-device-guard-and-credential-guard-demystified
https://www.slideshare.net/erikvanbuggenhout/windows-10-credentialguard-vs-mimikatz-sec599
https://www.sans.org/webcasts/purple-team-updates-sec599-107810
https://www.sans.org/webcasts/kolide-osquery-build-solid-queries-packs-incident-detection-threat-hunting-108790
https://www.youtube.com/user/davisrichardg
https://tisiphone.net/2015/08/18/giac-testing
Need to brush up on Linux? Try
https://linuxjourney.com
Want help understanding a Linux command?
https://explainshell.com
Interested to explore coding? Check out https://www.codecademy.com
Want to review the basics of different types of attacks? Here’s some lessons for you
https://www.hacksplaining.com/exercises
How would you like to learn more about Metasploit and help out a great charity? Go here to find out
https://www.offensive-security.com/metasploit-unleashed
Need some more information on Windows Event Logs
https://www.ultimatewindowssecurity.com/securitylog/default.aspx
How about some free PowerShell video training direct from Microsoft?
https://mva.microsoft.com/en-US/training-courses/getting-started-with-microsoft-powershell-8276
,
https://mva.microsoft.com/en-US/training-courses/whats-new-in-powershell-v5-16434
For great sample policies and procedures, look here:
https://www.incidentresponse.com/resources/policies-plans
Looking for great video training in digital forensics? Check out
https://www.youtube.com/13cubed
👇🏻✌🏼
Free Digital Forensics and Incident Response Tools:
https://sumuri.com/software/paladin/
https://digital-forensics.sans.org/community/downloads
https://securityonion.net
https://docs.microsoft.com/en-us/sysinternals/downloads/
https://digital-forensics.sans.org/community/downloads
Capture the Flag and Other Challenges
Like capture the flag and similarly challenging games? You must check these out:
https://holidayhackchallenge.com/past-challenges
https://overthewire.org/wargames
https://www.vulnhub.com
https://www.azcwr.org
http://captf.com/practice-ctf
https://kali.training
Blue team more your things? Check out these challenges to hone your skills https://www.amanhardikar.com/mindmaps/ForensicChallenges.html
Pentesting
Want to learn more about web application pentesting? Check out https://www.owasp.org (a good overview of their projects is here https://www.owasp.org/images/0/01/Owasp_Dev_Guide.pdf) and also explore https://pentesterlab.com
https://www.hackthebox.eu
Need some good wordlists for password cracking? Try:
https://wiki.skullsecurity.org/passwords
https://crackstation.net/buy-crackstation-wordlist-password-cracking-dictionary.htm
Other
And here’s some other sites with great information for continuing your journey into penetration testing and incident response:
https://pen-testing.sans.org/blog
https://digital-forensics.sans.org/blog
https://cyber-defense.sans.org/blog
https://securityweekly.com
http://opensecuritytraining.info/Training.html
http://blog.commandlinekungfu.com/
http://unctad.org/en/pages/dtl/sti_and_icts/ict4d-legislation/ecom-global-legislation.aspx
https://www.unodc.org/cld/v3/cybrepo/legdb/index.html?lng=en
https://www.iana.org/domains/root/db
https://www.whois.com/whois
https://www.iana.org/whois
https://www.forwarddefense.com/en/article/references-pdf
https://mva.microsoft.com/en-us/training-courses/deep-dive-into-credential-guard-16651?l=cfGBPlIyC_9404300474
https://blogs.technet.microsoft.com/ash/2016/03/02/windows-10-device-guard-and-credential-guard-demystified
https://www.slideshare.net/erikvanbuggenhout/windows-10-credentialguard-vs-mimikatz-sec599
https://www.sans.org/webcasts/purple-team-updates-sec599-107810
https://www.sans.org/webcasts/kolide-osquery-build-solid-queries-packs-incident-detection-threat-hunting-108790
https://www.youtube.com/user/davisrichardg
https://tisiphone.net/2015/08/18/giac-testing