I post articles related to cyber security, threat intelligence, threat hunting tools and news to keep you aware of what’s happening in our space.
What you need to know to become an effective Cyber Security Professional? In my humble opinion, you need a little bit of programming, networking, TCP/IP, managing servers, problem solving, analytic skills (analyst), cyber, basically a little bit of everything. Then you need to specialized in Penetration Testing, Information Assurance, Cyber Analyst, Risk Management and other cool stuff securing your network environment. I’ll take it back, you need to build up your experience then specialization will follow.
For example, if you want to be a Penetration Tester (or PenTest) you start reading the Penetration Testing Execution Standard (PTES). It consists of seven (7) main section for you to learn.
- Pre-engagement Interactions
- Intelligence Gathering
- Threat Modelling
- Vulnerability Analysis
- Post Exploitation
Once comfortable with these topics and you still want to learn more. I highly recommend reading the NIST 800-53 Security and Privacy Controls and NIST 800-171. The document will reference other 800 series, read them too. For web security, strongly recommended reading the Open Web Application Security Program (OWASP) Top 10. If you want to learn and share your knowledge, post in our message forum or leave a comment at the end of this article.
List of tools updated by KING.NET
Open Source Vulnerability Assessment Tools. Test them all and see what fit to your work environment. I removed tools that is not a Open Source or Free for community use.
- Metasploit Framework Managed by Rapid7. You can download and install it using Linux/Mac OS X or Windows. You can download it through github.
- Retina Community managed by BeyondTrust, gives you powerful vulnerability management across your entire environment for up to 256 IPs FREE. Identify network vulnerabilities (including zero-day), configuration issues, and missing patches across operating systems, applications, devices, and virtual environments. You need to fill out the form to receive your FREE 256 IP license.
- OWASP Zed Attack Proxy Project a free tools to automatically find security vulnerabilities in your web applications while you are developing and testing your applications. Also another toolkit for pentester to use for manual security testing.
- Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 6700 potentially dangerous files/programs, checks for outdated versions of over 1250 servers, and version specific problems on over 270 servers. It also checks for server configuration items such as the presence of multiple index files, HTTP server options, and will attempt to identify installed web servers and software. Scan items and plugins are frequently updated and can be automatically updated.Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 6700 potentially dangerous files/programs, checks for outdated versions of over 1250 servers, and version specific problems on over 270 servers. It also checks for server configuration items such as the presence of multiple index files, HTTP server options, and will attempt to identify installed web servers and software. Scan items and plugins are frequently updated and can be automatically updated. Continue reading here and download it github.
- Burp Suite Free Edition is a software toolkit that contains everything needed to carry out manual security testing of Web applications. The community edition is a limited feature, I think the Professional Edition ($399/yr) will be ok to start if the additional fee is not an issue. The Enterprise Edition cost is $3,999/year.
Penetration Testing Books for your references. Register your own domain name at Moscom.com website.
Must have security tools.
- Kali Linux in USB, every penetration testing newbie must have this to this hacking tools.
- Nmap for port scanning.
- Netcat. I wrote an article on how to use this tool. Please search it here.
- check back for update.
Smart Directory Brute forcing.
Retire.js (cmd-line or Burp
Mapping/Vulnerability Discovery using OSINT (Open Source Intelligence)
Reddit XSS – /r/xss
XSS tool. Examples of filter bypass based polyglot payload examples. You can google the following XSS examples or using gitlab.
rsnake XSS Cheat Sheet
Ashar Javed XSS Research
Multi-context polyglot payload (Mathias Karlsson)
CSRF Cross Script Request Forgery. Many sites will have CSRF protection
- Remove CSRF token from request
- Remove CSRF token parameter value
- Add bad control chars to CSRF parameter value
- Use a second identical CSRF param
- Change POST to GET
Debasish Mandal wrote a python tool to automate finding CSRF bypasses called Burpy
Step 1. Enable logging in Burp. Crawl a site with Burp completely executing all functions.
Step 2. Create a template.
Watch this presentation by Jason Haddix at DEFCON explaining the tools mentioned above.
$ cat domain_list.txt | grep redirect
The domain_list.txt contains domain and subdomain of your target with url path.
The command “cat” is to read the filename, pipe (|) trim the result using “grep redirect”.
For your education, here are some examples on how to hack your target. I wrote these articles years ago, but still a good reference guide.
- CTF Hacking Mr. Robot – You will learn how to use Nmap port scanning tool, dirbuster, creating a simple WordPress plugin for your payload using the MSFVenom Payload Creator and meterpreter to discover the CTF keys.
- CTF Hacking Necromancer – You will start using Nmap to scan open ports, basic wireshark usage for network snipping tool and Netcat to discover the CTF keys.
Please come back again, we are continuously updating this page. Don’t hesitate to add your favorite tools not mention here. Use the form below to comment or use the message forum.