Local Tech Repair: Information Security (InfoSec) Software, Books, and Resources

Thursday, September 17, 2015

Information Security (InfoSec) Software, Books, and Resources

Security training and resources. I am creating this post mostly to help myself keep track of all the different infosec resources, applications, and study material for exams like Comptia Security+, CEH, CISSP, OSCP, and others. This is a resource for offensive security practices and tools. This list will be updated as time goes on.

%Updated on 11/18/15%



Index

Software:
  • Probably the number one of all the software out there Metasploit is one of the top exploit deployment and research tool. It helps you quickly deploy and expedite the exploiting process. 
  • Armitage/Cobalt Strike are both tools to help leverage the Metasploit Framework to quickly and show examples of how to quickly and quietly leverage and suggest exploits to get access to network resources. All these resources require and are based off of the complexity of the metasploit framework. So if you know how to use metasploit very well you may find that these tools will just expedite your exploiting speed and help have a graphical place to work in. Though metasploit has its own Pro version that does close to the same thing. 
  • Subterfuge Framework will help you leverage and run a Man In the Middle Attack with out needing to worry about configuring sslstrip, arp poisioning, harvesting credentials, blocking vpn tunnels, and much more. Subterfuge allows you to build plugins onto subterfuge just like Metasploit Framework does.
  • Maltego is there for helping you gather information on people and companies. This will help you gather information on what is out there in your corporation and you will find those that you can later try to exploit to get into the corporation. The program will help you make a threat picture of your company or another company. 
  • Recon-ng is a recon tool to help you speed up finding information on the web. For instance there is a module to search the web on a email and compare it against the different dumps of password and email. some more basic uses of recon-ng can be found here.
  • Nessus is a software that will help you do vulnerability scan your network computers. This will help you determine which security patches are missing, configuration, and compliance problems. There is a wide array of plugins that can help you find more exploits not patched in your network and avoid compliance problems and breaches later down the road. 
  • Nexpose  is just like Nessus and helps you know what your assets in your corporation have vulnerabilities.  Nexpose proactively scans your environment for misconfigurations, vulnerabilities, and malware and provides guidance for mitigating risks.
  • OpenVAS is a open source vulnerability scanner on the market. So if your looking for a free vulnerability scanner like that of nexpose or nessus then this would be your tool.
  • SET is a toolkit that will help you perform advanced attacks against the human element in an organization.  
  • Both cryptohaze and oclhashcat are both great GPU based tools to help speed up the cracking process a lot. You can see what the difference is in our previous article on it.
  • Wireless auditing, Aircrack-ng, Pyrit, and reaver-wps are all great tools to help you get the edge on the wireless network. These allow you to do a wide variety of attacks on the wifi and the inherent trust of the different wifi systems. All these tools help you get into the network and from there you use other tools. 
    • WPS Cracking with Pyrit
    • WEP Cracking - Getting it setup on ubuntu
    • Wifite is an auditing suite for wep,wps, wpa and the likes. this tools is probably the easiest tool out there for auditing and automation. This tool is built into nethunter toolset.  
    • a guide and more details on how these attacks work can be found here
  • sslstrip is a tool to help you when your doing a man in the middle attack on a client. After you have poisoned them and having their network connection going through you for internet. sslstrip helps strip all ssl for their connections and turns them into http requests allowing you to grab the information that they are sending be it passwords or other sensitive information. 
  • sslscan is a tool that will go through a website and see what types of ssl/tls that the site accepts. this way you can see if there are weaknesses known to the web servers encryption. 
  • Nmap you can't go into security with out hearing about nmap it is used in a lot of tools for port scanning and identifying OS of their computers. This is a very loud tool and can easily be identified on a network traffic and on host logs. so it is best to pipe the scans though a botnet  so that they can not identify who is attacking them. Also it is useful to learn how to use the tool and not just do a full scan on everything. identify the OS then use the knowledge of your exploits to selectively scan the ports that they may have vulnerabilities in them. 
  • Yersinia is a tool to attack the protocol layer to take advantage of some weakeness in different network protocols. It pretends to be a solid framework for analyzing and testing the deployed networks and systems
  • nikto2 is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 6700 potentially dangerous files/programs, checks for outdated versions of over 1250 servers, and version specific problems on over 270 servers
  • Wapiti  this framework is different than a lot of web vulnerability scanners as it does not look at the source code to find places to inject. it looks at the app it self and then tries to find places to inject. this just gives a different way of looking for places to inject.
  • Aircrack-ng is one of the top tools used for cracking wifi and doing attacks on wifi. This tool is used in many underlining script and programs that attack wifi. If you are going to attack a wifi you can't not know about aircrack-ng.  
  • PwnSTAR is a tool developed by  SilverFoxx/Vulpi. The tool speeds up the process of creating an evil maid attack and then doing a MiTM attack on the clients. some examples on how it can run on Kali linux can be found on the Kali Linux forum
  • THC Hydra is a great tool if you need to run a dictionary attack on platforms from over 30 different protocals. THC Hydra is extremely fast at attacking telnet, smb, databases, ftp and much more.
  • wireshark is a go to default for me when it comes to packet sniffing of network and analysis of packets on a network. wireshark is a must have tool to learn if your wanting to know what is going across the wire and there are many plugins to it to help you do many other things. Though wireshark does have its own vulnerabilities so best only run it on networks that you trust or on machines you don't care about.
  • sqlmap tool will help you when trying to find exploits in web applications and getting access to the back end database. Though this does not mean that if will find the exploit for you all the time so best to learn how to do the sql injection your first and use this tool to help speed up the exploit development for the web site. 
  • sqlninja another tool for website injections and penetration testing. This also is not the solve all solution to finding exploits on web applications but this greatly increases speed of penetration testing and also gaining access to the database server. So once you have discovered a sql injection in your web application you can use the sqlninja tool to help you exploit it and gain access.
  • BBQSQL this ds another automated sql testing tool.  Haven't used it yet to here is explanation from kali group"It is extremely useful when attacking tricky SQL injection vulnerabilities. BBQSQL is also a semi-automatic tool, allowing quite a bit of customization for those hard to trigger SQL injection findings. The tool is built to be database agnostic and is extremely versatile. It also has an intuitive UI to make setting up attacks much easier. Python gevent is also implemented, making BBQSQL extremely fast."
  • Veil-Framework is a anti virus bypassing framework. This allows you to install and run a virus on a computer with out being detected by the anti virus vendors. This gives you different methods of injection into ram so that you can get a reverse shell and then disable AV and others. 
  • powersploit using powersploit to speedup your pentest. this is a great way to bypass some ways if the domain administrators lock down other areas of the OS but leave powershell open to be used.  
  • PowerView another powershell tool to help survey the network and help you gain lateral movement. 
  •  Burp Suite or Zed Attack Proxy both allow you to audit packets before they are sent and modify them on the fly. 
  • WebScarab is another proxy web application testing tool this is a little more useful if your a programmer and want to test more items directly with the application. 
  • w3af is the www attack framework. so another great tool in the bunch for web test. 
  • ws attacker framework  is a modular framework for web services penetration testing. It is a free and easy to use software solution, which provides an all-in-one security checking interface with only a few clicks.
  • Smartphone Pentest Framework is a framework to make it easier to launch attacks against smartphones. Think it as SET for smartphones. 
  • Overpass the Hash/Mimikatz is a method for getting the hash dump on a domain controller and then creating a Golden Ticket so that you can privileged escalate to a different user
  • Incagnito if your needing to get the tokens for the accounts on the computer.
  • BeEF:  is a penetration testing tool that focuses on the web browser. Unlike other security frameworks, BeEF looks past the hardened network perimeter and client system, and examines exploitability within the context of the one open door: the web browser.
  • Dradis: is a tool to help effectively manage information that you gather. parses a lot of the output for lots of different security tools so that you get the information you need quickly and managing multiple pen tests at one time. 
  • MagicTree MagicTree is a penetration tester productivity tool. It is designed to allow easy and straightforward data consolidation, querying, external command execution and (yeah!) report generation 
  • Additional list of tools and descriptions can be found here at  Blackarch Linux
Books:
  Security Training books are always a good stop shop for information though nothing beats practicing it. You will always have your coding books and what not though i am going to skip those and go towards the specialty books and the cert books.

    Websites:
    • SecurityTube.net is a great resource to watch and learn new security information. They have videos from a lot of the different security conferences, training programs, groups of videos for things like metasploit,  assembly learning, exploit research, and more.  Their goal is to bring quality InfoSec learning to the general public for free. They also have a newer Certification program and a very reasonable training program. 
    • Cybrary.it/ is a website with a few classes for information security like "python for security professionals" and "post exploitation hacking"
    • Exploit Database is a good way to keep up on exploits that are coming out and them being organized in good fashion. This helps you see actual code for the vulnerability and how you can use that vulnerbility that was published and exploit it. Great place to learn how to write exploits and use them or learn about which ones are out there. 
    • CVE There may not be an exploit written for metasploit for a vulnerability though you can find lots of the publicly known vulnerabilities out there and help you speed up the process of writing new exploits for vulnerabilities that come out.
    • Rainbow tables sadly rainbow tables are still useful for a lot of websites and even large company websites that for some odd reason do not salt their passwords. so you may find running these against your hash may find good results. 
    •  Links to other Great security related websites. http://www.techexams.net/forums/off-topic/51719-best-security-websites.html this form has a wide range of websites from ethical hacking network to sectools.org to government websites.
    • SecTools is a great website to help you find more and review documentation and install guides for things like nmap and other security tools int he industry.
    • OpenSecurityTraining  is a wide range of Security related topics and training for free to the info security industry.  
    • SkillSet.com is a good website for testing your knowledge of CEH and CISSP certification exams that you may be trying to pass after learning all these topics on this page. 
    • IT_Sec_Catalog for exploitation. this has links to many old and new articles on exploitation and learning how to do exploitation. Great resource for those learning to hack.
    • Anarchy resources - WARNING! This website is not per say the most trusted source. so take extra security measures when accessing information on this website. resources may be infected and more. I put it here because it has more of the blackhat hacking side of information security training. so suggested only visit website behind network firewall on separate subnet of your rest of your network and in a vm and monitor your traffic on the network to make sure nothing escapes the network. So with that said I can't guarantee the safety or legal information on the website but its a good resource to understand how people think and history of hacking. Though this website has a huge resource of other information in the sub directories. also murdercube has almost the same collection. 
    • Kernel Level Programing Site helping you learn how to program modules for the kernel. This is an essential beginning to learning how to program and make your own kernel RATs.
    • EDGAR is used for gathering public information on a organization to help find weaknesses. 
    • webdns, ping, and other onlinetools: domaintools, CentralOps, and digitalpoint
    • Reverse Engineering Malware
    • Red Teaming basics  if your just starting to get into red teaming then this is a series for you. Goes over the basics of red teaming and how as a offensive security professional you can think of how an attacker would exploit my network. Only negative is that its coming from a heavy cobalt strike perspective of a tool. though still a great starting point. 
    • Hacking Team Dump of knowledge.  This has  a huge list of resources, books, and topics on hacking and how a pay for service for governments taught their staff on how to hack. 
    • Cyber aces has tutorials on basics linux, windows, networking, powershell scripting, bash, and web scripting. If your looking at stating out in these areas this may be a good place to start to get a general understanding of them. 
    • Hacking Tutorials has a list of tutorials on hacking.  "We will be posting beginner Hacking Tutorials about hacking with Kali Linux and other operating systems to show home and office users how easy it often is to breach security and bad passwords. We will be covering subjects like Wifi hacking, fingerprinting, vulnerability scanning, malware and exploiting, penetration testing and ethical hacking."
    • Metasploit Unleashed  is a guide and free online materials for learning the materials framework and how to do pen-testing through the framework. it is a good read if you have not done it. 
    • Windows internals 
      Mobile apps:
      • Hackers Reference and InfoSec Reference are both good solutions to learning security topics on the go. They go over different tools, news, and really everything about infosec and hacking. Great source while your wanting quick information to get your mind going till you get home.
      • Wifi Protector will help you stay safe while on open wifis and on your own personal one. It will alert you to ARP poisoning on the network. So if someone on the network is saying that they are the router and trying to do a man in the middle attack then you will be alerted and you can set it to auto kick you off. 
      • WifiKill is a easy way to implement a ARP poisoning from your android phone. Find out where people are surfing the web and denying those that are using to much bandwidth. So if you spot someone downloading using torrents then you can stop them so they don't take all the bandwidth. 
      • FlashCard Machine is not really a security tool though it is great for using to study. They allow you to download flashcards from a global shared database. So you can find infosecurity and certification flash cards. This can help you study and learn from others. You can also test your self against these cards. I have found CISSP, Security+, and CEH flash cards that help me study when i am on the go. 
      • Nethunter is a build of cyanogenmod and combining kali linux arm to make it run. nethunter gives you some easy scripts to work with external wifi card and then run evil ap, evil usb, and the likes. Comes with working metasploit and is able to be leveraged in a small platform on the go. This is more than a tool but more of a OS and tool set to work with.
      • DriveDroid allows you to plugin your droid to a computer and use it to boot a linux live cd via it. This allows you to leverage your phone as a mobile OS and store everything on your phone  and use the computers hardware. slight difference than using nethunter which uses the mobile hardware.
      Hacking Prevention:
      • IPS/IDS
        • Snort is a great open source IDS and IPS system.  If your setting up a network at home or wanting to test your exploits against a network and see what attacks get picked up by snort rules and what not. This is good to help detect attacks, prevent them, and learn to get around IDS/IPS systems. 
        • Suricata is an open source IPS/IDS able to use snort rules also.
      • applocker you should use applocker to white list all applications that are allowed to load on your network. This video is a great explanation. https://www.youtube.com/watch?v=tYFVVY8GX24
      • Blocking Java User Agent at the proxy level so that you can control all java that is deployed and used on your network. White list good domains. 
      • EMET is a enhanced mitigation experience toolkit that is designed to help users defense against cyberattacks. The software is free though can be complicated to deploy but this help break a lot of malware requiring them to use another bypass. 
      • ADAudit Plus aka auditing both good and bad logins. This allows you to see if the local admin was used to login to multiple computer at one time. 
      • Microsoft Baseline Security Analyzer. Helps you stay on top of patches for microsoft products and the applications that run on them. 


      Defense Websites
      • CyberCrime has links to reports and documentation to help with computer crime. Different reports from the FBI for the years on computer crime

      Malware Analysis Tools
      •  RegShot is for comparing differences in registry and filesystem from clean state to after malware was installed to see what happened. 
      • WinAPIOverride helps you follow the injection process of dlls and api calls for a running process to see what it did and where it went. 
      • wireshark to identify network traffic and if it is calling out. 
      • netstat is a built in tool in windows to tell what connections and ports are open on the computer. common command is netstat -anob
      • sysinternals suite has lots of tools like process monitors and what not to help identify what is going on on the computer. 
      • Gmer can help detect hidden files and rootkits that may be hiding. 
      • Remnux is a OS designed at analyzing the malware. 
      • SIFT is another suite by SANS to help analysis of malware. 
      • virtual box is important for keeping malware isolated.  granted other VMs could work to as long as you can limit them to the host network and can't get out to compromise other machines. 
      • CFF Explorer Suite is a tool to explore the PE file and DLLs. this will help you explore a exe file and what dlls that it is loading or has packaged with it. 
      • Sigcheck helps you check and verify the signatures on files to see if a dll is signed by microsoft or vendor or if its unsigned and not legitimate file. 
      • attrib command is very useful for changing attributes via command line. 
      • API Monitor is a way to track and monitor applications that track api calls. 
      Guides to starting in Infosec

            Thanks for reading, Local Tech Repair Admin I will be adding a lot more to this article and also breaking more articles on more specific topics about Info Security and Offensive Security to help my self study and get my knowledge out there for others to learn more quickly from all my searching. PS if you have good tools or what not that you think would go great on here let me know in comments and i will look at adding it to the site.