Josh Brade Technical Blog

Category: Security

  • A Few Cybersecurity Linux Tools to Explore

    A Few Cybersecurity Linux Tools to Explore

    Information Gathering & Reconnaissance

    1. Nmap: A network scanning tool for identifying hosts, open ports, and services. Commonly used for vulnerability assessments.
      Website: nmap.org
    2. Recon-NG: A reconnaissance framework for gathering and processing OSINT data. Modules can automate recon tasks.
      Website: Recon-NG GitHub
    3. theHarvester: Collects emails, subdomains, and hosts using sources like Google, Bing, and Shodan.
      Website: GitHub
    4. DNSRecon: DNS enumeration tool for zone transfers and DNS record collection (MX, SPF, SRV).
      Website: GitHub
    5. Netdiscover: A network scanning tool to identify active IPs in networks, particularly wireless networks.
      Website: Netdiscover SourceForge
    6. Unicornscan: A high-performance asynchronous port scanner capable of scanning large networks.
      Website: Unicornscan GitHub
    7. Masscan: Ultra-fast port scanner that can scan the entire internet within minutes.
      Website: masscan GitHub
    8. P0f: A passive fingerprinting tool to infer OS, uptime, and device information by analyzing traffic.
      Website: P0f GitHub

    Vulnerability Analysis & Exploitation

    1. Nikto: Web server vulnerability scanner that identifies misconfigurations, outdated software, and potential exploits.
      Website: CIRT.net
    2. OpenVAS: Open-source vulnerability scanner for automated network security assessments.
      Website: openvas.org
    3. Metasploit: A penetration testing framework for exploit development and vulnerability validation.
      Website: Rapid7
    4. jSQL Injection: A Java-based SQL injection exploitation tool.
      Website: GitHub
    5. OWASP ZAP: An intercepting proxy for web app security testing and identifying vulnerabilities.
      Website: OWASP ZAP
    6. Burp Suite: A web vulnerability scanner and exploitation platform with intercepting proxy capabilities.
      Website: PortSwigger
    7. SQL Ninja: An SQL injection tool for exploiting database vulnerabilities.
      Website: GitHub
    8. Sqlmap: An open-source tool for automating the detection and exploitation of SQL injection vulnerabilities.
      Website: sqlmap.org

    Wireless & Network Attacks

    1. Aircrack-ng: A suite of tools for Wi-Fi network security assessment, focusing on cracking WEP and WPA-PSK keys.
      Website: aircrack-ng.org
    2. Kismet: Wireless network detector and packet sniffer, useful for Wi-Fi reconnaissance.
      Website: kismetwireless.net
    3. Reaver: Exploits vulnerabilities in WPS to retrieve WPA/WPA2 passwords.
      Website: Reaver GitHub
    4. Wireshark: A powerful packet analyzer for network troubleshooting and analysis.
      Website: wireshark.org
    5. Ettercap: A suite for network sniffing and man-in-the-middle attacks, particularly for ARP poisoning.
      Website: ettercap GitHub
    6. PixieWPS: A tool to exploit WPS vulnerabilities via offline brute-force attacks.
      Website: PixieWPS GitHub
    7. Wifite: Automates attacks on Wi-Fi networks, including cracking WPA/2 and WEP keys.
      Website: GitHub
    8. Netcat: A versatile networking utility for debugging, backdoors, and transferring files.
      Website: Netcat Guide

    Forensics & Post-Exploitation

    1. Autopsy: A digital forensics platform for analyzing and recovering deleted files, email parsing, and more.
      Website: Autopsy.com
    2. Foremost: A file recovery tool for carving out files from disk images and raw data.
      Website: Foremost GitHub
    3. Mimikatz: A tool for credential dumping and Windows security testing.
      Website: GitHub
    4. PowerShell Empire: A post-exploitation framework leveraging PowerShell for remote access and persistence.
      Website: Empire Project
    5. Shellter: A tool for obfuscating and injecting payloads into Windows executables.
      Website: Shellter GitHub
    6. PowerSploit: A post-exploitation toolkit for executing PowerShell scripts on compromised systems.
      Website: PowerSploit GitHub
    7. Memdump: Captures live memory for forensic analysis.
      Website: GitHub

    Password & Hash Attacks

    1. Hydra: A parallelized login cracker supporting numerous protocols.
      Website: Hydra GitHub
    2. Rainbowcrack: Cracks hashes using precomputed rainbow tables.
      Website: Project
    3. John the Ripper: A fast password cracker supporting many hash types.
      Website: John the Ripper
    4. Crunch: A wordlist generator for brute-force attacks.
      Website: Crunch GitHub
    5. Hashcat: A GPU-accelerated password recovery tool.
      Website: hashcat.net
    6. Medusa: A parallelized, modular brute-forcer for password cracking.
      Website: GitHub
    7. Patator: A brute-forcing tool supporting many protocols and methods.
      Website: GitHub
    8. CeWL: Generates custom wordlists for brute-force attacks based on target website content.
      Website: CeWL GitHub

    Malware Analysis, Vulnerability Research, & Incident Response

    1. Ghidra: Reverse engineering tool for analyzing binaries and decompiling code.
      Website: ghidra-sre.org
    2. Radare2: An open-source framework for binary analysis and reverse engineering.
      Website: radare.org
    3. OllyDbg: A debugger for analyzing and manipulating executables.
      Website: OllyDbg
    4. DynamoRIO: A dynamic binary instrumentation framework.
      Website: dynamorio.org
    5. Cuckoo Sandbox: An automated malware analysis platform.
      Website: cuckoosandbox.org
    6. Volatility: A memory forensics tool for analyzing RAM dumps.
      Website: Volatility Foundation
    7. Binwalk: Firmware analysis tool for Website: Binwalk

  • Adobe Acrobat Is Scanning Your Documents

    Adobe Acrobat Is Scanning Your Documents

    The generative AI features in Adobe Acrobat are scanning your documents! This could possible lead to sensitive data leakage.

    You can turn this feature off through the windows registry.

    “Go to Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Adobe\Adobe Acrobat\DC\FeatureLockDown create a new dword key under feature lockdown, bEnableGentech

    1 will enable the feature, 0 will disable the feature and remove all entry points”

    You can also disable the generative AI features in Adobe Acrobat with PowerShell.

    “New-ItemProperty -Path ‘HKLM:\SOFTWARE\Policies\Adobe\Adobe Acrobat\DC\FeatureLockDown’ -Name “bEnableGentech” -PropertyType DWord -Value 0″

    References:

    https://infosec.exchange/@briankrebs/111965550971762920
    Turning off Adobe's ability to scan all of your organization's documents for generative AI
    byu/rb3po insysadmin
  • Starting a Journey through Cybersecurity: A Roadmap

    Starting a Journey through Cybersecurity: A Roadmap

    Embark on your cybersecurity journey with this well-rounded curriculum. These courses and learning paths equip you with fundamental knowledge and hands-on skills essential in the cybersecurity landscape. By completing these certifications, you’ll be well on your way to becoming a capable and well-rounded cybersecurity professional. Remember, continuous learning and practical application are key in this dynamic field. Good luck, and enjoy your learning experience!

    Introduction to Cybersecurity and Blue Teaming (TryHackMe):

    • Explore the fundamentals of cybersecurity and blue teaming.
    • Gain insights into defensive strategies and techniques.
    • Link: Blue Team Learning Path

    SOC (Security Operations Center) Level 1 (TryHackMe):

    • Deepen your understanding of Security Operations Center operations.
    • Learn about threat detection, incident response, and more.
    • Link: SOC Level 1 Learning Path

    Windows Event Logs: Finding Evil (Hack The Box Academy):

    • Explore the importance of Windows Event Logs in cybersecurity.
    • Learn how to identify and analyze potential threats within logs.
    • Link: Windows Event Logs Course

    Introduction to Active Directory (Hack The Box Academy):

    • Get acquainted with Active Directory and its significance.
    • Dive into the structure, functions, and security considerations.
    • Link: Active Directory Course

    Introduction to Network Traffic Analysis (Hack The Box Academy):

    Wireshark for Beginners: Capture Packets (Coursera):

    Analyze Network Traffic with Tcpdump (Coursera):

    Microsoft Windows Defender and Firewall for Beginners (Coursera):

    Mastering SQL Injection: The Ultimate Hands-On Course (Udemy):

    • Gain proficiency in understanding and preventing SQL injection attacks.
    • Learn how to secure databases from this common vulnerability.
    • Link: SQL Injection Course

    Google IT Automation Professional Certificate (Coursera):

  • Two Free Cybersecurity Training Platforms

    Two Free Cybersecurity Training Platforms

    Empowering Cybersecurity Enthusiasts

    In the dynamic landscape of cybersecurity, knowledge and skills are the armor that shields against digital threats. SecurityBlue Team and AntiSyphon Training, both dedicated to bolstering cyber defense proficiency, offer an invaluable opportunity to harness expertise in this critical field. Let’s dive into a comprehensive exploration of these two remarkable platforms that provide free cybersecurity courses.

    SecurityBlue Team: Uniting Learning and Practice

    Introduction: SecurityBlue Team stands as a beacon for those seeking to immerse themselves in the realm of cybersecurity. By seamlessly blending theoretical knowledge with practical application, this platform transcends traditional training approaches.

    Course Offerings: The array of free cybersecurity courses offered by SecurityBlue Team covers an extensive spectrum of topics. From beginner-friendly introductions to advanced penetration testing, each course is meticulously crafted to cater to diverse skill levels.

    Notable Features:

    Hands-On Labs: One of SecurityBlue Team’s standout features is its emphasis on practical experience. The inclusion of hands-on labs enables learners to apply theoretical concepts in real-world scenarios, enhancing their problem-solving skills.

    Community Interaction: A sense of community is fostered through SecurityBlue Team’s interactive platform. Learners can engage in discussions, seek guidance, and collaborate with like-minded individuals, further enriching the learning experience.

    Structured Pathways: The platform offers structured pathways for different cybersecurity career tracks, helping learners navigate their journey and achieve their professional goals systematically.

    AntiSyphon Training: Knowledge at Your Own Pace

    Introduction: AntiSyphon Training stands as a testament to the belief that quality cybersecurity education should be accessible to all, regardless of financial constraints. By offering a “pay what you can” model, it opens doors for individuals eager to fortify their cybersecurity expertise.

    Course Offerings: AntiSyphon Training’s courses span a wide range of cybersecurity domains, including ethical hacking, network defense, and incident response. Each course is designed to accommodate diverse learning styles and skill levels.

    Notable Features:

    Flexibility: The “pay what you can” approach grants learners the freedom to access high-quality cybersecurity training without the burden of financial limitations.

    Self-Paced Learning: AntiSyphon Training recognizes that learners have varying commitments. The self-paced nature of the courses allows participants to tailor their learning experience according to their schedules.

    Practical Focus: Much like SecurityBlue Team, AntiSyphon Training prioritizes hands-on experience. Practical exercises and simulations enable learners to grasp complex concepts through immersive application.

    Elevating Cybersecurity Competence for All

    SecurityBlue Team and AntiSyphon Training exemplify the democratization of cybersecurity education. By providing free courses that blend theory and practicality, these platforms empower individuals to cultivate skills vital to protecting digital landscapes. Whether you’re a beginner dipping your toes into the realm of cybersecurity or a seasoned professional seeking to enhance your expertise, these platforms are poised to be your partners on this transformative journey. Embrace the opportunities they offer, and embark on a voyage to fortify digital defenses and shape the future of cybersecurity.

    Sources:

    https://www.securityblue.team/

    https://www.antisyphontraining.com/pay-what-you-can/

  • Privacy Forward Operating Systems

    Privacy Forward Operating Systems

    Imagine you’re someone who wants to use the internet without others being able to easily see what you’re doing online. You also want to keep your personal information safe from hackers and prying eyes. That’s where operating systems like Tails and Whonix come in.

    Tails:

    Tails is like a special tool you can use when you want to browse the internet secretly. It’s designed to keep your online activities private and your identity hidden. When you use Tails, it’s kind of like wearing an invisible cloak while surfing the web. Nobody can easily know who you are or what websites you’re visiting.

    One cool thing about Tails is that you don’t need to install it on your computer. You can just put it on a USB stick or a DVD and use it on any computer. When you’re done, you take out the USB stick or DVD, and it’s like you were never there. It’s great for using public computers without leaving a trace.

    Tails Features

    • Anonymous Browsing: Tails routes your internet traffic through the Tor network by default, ensuring that your online activities remain anonymous and your IP address is concealed.
    • Live Operating System: Tails is designed to be a live operating system, meaning it can be run from a USB drive or DVD without the need for installation. This helps to prevent traces on the host system.
    • Data Encryption: Tails includes built-in tools for encrypting your files and communications, enhancing the privacy of your sensitive information.
    • Amnesic Design: Tails is designed to leave no trace of your activities on the computer you’re using. It automatically clears memory and wipes temporary data when you shut down.
    • Secure Communication: Tails comes with pre-configured communication tools like email clients and instant messengers that are configured to work securely with the Tor network.
    • Leak Prevention: Tails is configured to block non-Tor traffic, preventing accidental leaks that could compromise your privacy.
    • Access to Tor Services: Tails allows access to .onion websites, which are part of the Tor hidden services network, further enhancing anonymity and privacy.

    Whonix:

    Whonix is like having your own secret tunnel to the internet. It’s a bit more complex, but it’s also very secure. Whonix works by putting your online activities in a special box that’s really hard for anyone to peek into. It’s like putting your browsing in a safe room, away from the rest of your computer.

    Whonix also helps you use something called Tor, which is like a network that bounces your internet connection around the world, making it really hard for anyone to figure out where you’re really located. It’s like using a bunch of secret passages to get around.

    Whonix Features

    • Isolated Workstations: Whonix operates as a pair of virtual machines—one for your actual activities and another (the “Gateway”) for routing traffic through Tor. This isolation helps prevent leaks and enhances privacy.
    • Leak Protection: Whonix is designed to ensure that all internet traffic goes through the Tor network. It’s much harder for your real IP address to leak in Whonix due to its two-VM structure.
    • Security-Focused: Whonix is built with a strong focus on security. It’s designed to minimize the attack surface and reduce the risk of various security vulnerabilities.
    • Whonix Gateway: The Gateway VM routes all network traffic through Tor, providing an additional layer of anonymity and preventing accidental use of non-Tor traffic.
    • Application Isolation: All applications on Whonix are forced to use Tor, making it extremely difficult for any application to bypass the anonymizing network.
    • Protected Against Malware: Whonix’s design ensures that malware running in the Workstation VM is isolated from the Gateway, preventing it from compromising your anonymity.
    • Encrypted Communication: Whonix is designed to work with encrypted communication tools, helping you maintain secure and private conversations.

    So, which one should you choose? Well, it depends on what you want to do. If you just want to quickly use a secret browsing mode on any computer, Tails is great. If you’re more serious about staying hidden and you’re okay with a bit more complexity, Whonix might be better.

    Remember, both Tails and Whonix are like special tools for staying private online. Depending on what you’re comfortable with and what you’re trying to do, one of them could be a better fit for you. It’s like choosing between wearing an invisible cloak (Tails) or having your own secret tunnel (Whonix) while exploring the internet!