Practice Ops: Virtualization, firewalls, VLAN, WAF, SIEM, IDS/IPS...
Practice Red: Penetration testing of vulnerable machines while seeing what the blue team sees. Can you become stealthier?
Practice Blue: Firewall and IPS rules, SIEM analysis and dashboard development...
Purple teaming: Red and Blue working together to develop the ultimate set of rules
Protect: Deploy Kali-Purple to protect your network
A suite of WiFi/Bluetooth offensive and defensive tools for the ESP32.
OpenEDR is a sophisticated, free, open source endpoint detection and response solution. It provides analytic detection with Mitre ATT&CK visibility for event correlation and root cause analysis of adversarial threat activity and behaviors in real time. This world-class endpoint telemetry platform is available to all cyber-security professionals, and every sized organization, to defend against threat actors and cyber criminals.
The Federal Virtual Training Environment (FedVTE) provides the following courses free of charge and without login requirements. You must use a modern browser (Edge, Chrome, Firefox) and have cookies enabled to track your progress in these courses.
Securely store passwords using industry standard encryption, quickly auto-type them into desktop applications, and use our browser extension to log into websites.
Complete database encryption using industry standard 256-bit AES. Fully compatible with KeePass Password Safe formats. Your password database works offline and requires no internet connection.
Every feature looks, feels, works, and is tested on Windows, macOS, and Linux. You can expect a seamless experience no matter which operating system you are using.
A plugin for Firefox that lets you interface with a KeepassXC password manager.
Note that this is an official KeepassXC project, not somebody's third party code.
Suricata IDS is a free intrusion detection/prevention system and network security monitoring engine. This is a list of awesome things that go with it.
A somewhat silly website that talks about recently discovered 0-day vulnerabilities.
RSS feed: https://0dayfans.com/feed.rss
Inspiration for when you're stuck. Inspired by Brian Eno's Oblique Strategies.
Red team or blue team?
Kind of like the whacks of Heraclitus.
A compact and portable WiFi reconnaissance suite based on the ESP8266. Packet Monitor with 11 filter types. Deauthentication and Disassociation Detector (HAXX). FTP Honeypot with Canary Tokens. Web Server (WIP). CSV Data logging (WIP).
The custom PCB is basically glue for two pressbuttons, an OLED display, an LED, and a power cell. You could pretty easily bodge one together out of spare parts.
A collection of links to threat models for various pieces of software and protocols.
Crack legacy zip encryption with Biham and Kocher's known plaintext attack.
A ZIP archive may contain many entries whose content can be compressed and/or encrypted. In particular, entries can be encrypted with a password-based symmetric encryption algorithm referred to as traditional PKWARE encryption, legacy encryption or ZipCrypto. This algorithm generates a pseudo-random stream of bytes (keystream) which is XORed to the entry's content (plaintext) to produce encrypted data (ciphertext). The generator's state, made of three 32-bits integers, is initialized using the password and then continuously updated with plaintext as encryption goes on. This encryption algorithm is vulnerable to known plaintext attacks as shown by Eli Biham and Paul C. Kocher in the research paper A known plaintext attack on the PKZIP stream cipher. Given ciphertext and 12 or more bytes of the corresponding plaintext, the internal state of the keystream generator can be recovered. This internal state is enough to decipher ciphertext entirely as well as other entries which were encrypted with the same password. It can also be used to bruteforce the password with a complexity of nl-6 where n is the size of the character set and l is the length of the password.
Nginxpwner is a simple tool to look for common Nginx misconfigurations and vulnerabilities. Give it a list of URLs (Burp Suite is namechecked here) and turn it loose, and it'll look for misconfigurations.
DNS Reaper is yet another sub-domain takeover tool, but with an emphasis on accuracy, speed and the number of signatures in our arsenal!
We can scan around 50 subdomains per second, testing each one with over 50 takeover signatures. This means most organisations can scan their entire DNS estate in less than 10 seconds.
Currently only supports Route53, Cloudflare, and Azure.
An open project to list all known cloud vulnerabilitiesand Cloud Service Provider security issues.
A news aggregator of new and ongoing data breach cases.
A Mexican company that designs and sells hacker toys, security auditing tools, and educational devices. They even sell products suitable for teaching kids.
Threat Modeling is the process of building and analyzing representations of a system to highlight concerns about security characteristics.
Threat Modeling is a pro-active and iterative approach for identifying security issues and reducing risk. The output of a threat modeling exercise is a list of threats - or even better - risks, that further inform decisions in the continued operation of the system. This process can be performed prior to any code written or infrastructure deployed. This makes it very efficient in identifying potential threats, vulnerabilities and risks.
At the beginning of 2020, we discovered the Red Unlock technique that allows extracting Intel Atom Microcode. We were able to research the internal structure of the microcode and then x86 instruction implementation. Also, we recovered a format of microcode updates, algorithm and the encryption key used to protect the microcode.
This is the tools they used to take it apart.