Skip to content

Instantly share code, notes, and snippets.

@s0h3ck
Last active Jun 30, 2021
Embed
What would you like to do?
Quick Discord Notes - Training: Active Defense & Cyber Deception w/ John Strand [04-09-2020]
AV Products or Companies:
Avast
BitDefender
Carbon Black
Check Point
Cisco
ClamAV
CrowdStrike
Cylance
Elastic Endpoint Security
ESET Nod32
FireEye
Fortinet
FortiGate
Kaspersky
McAfee
Microsoft
Norton
Palo Alto Networks
QRadar
Quick Heal
SentinelOne
Sophos
Symantec Norton
Tenable Nessus
Trend Micro
VirusTotal
Reminder:
(1) Do not get caught
Courses:
How to Build a Home Lab (1-Hour) [FREE]
https://register.gotowebinar.com/register/4352163197316816142
[Thu, Apr 16, 2020 1:00 PM - 2:00 PM EDT]
Breaching the Cloud Perimeter Training w/ Labs (4-Hours) [FREE]
https://register.gotowebinar.com/register/1264630092013493773?source=BB
https://www.blackhillsinfosec.com/training/breaching-the-cloud-perimeter-training/
[Sat, Apr 25, 2020 11:00 AM - 4:00 PM EDT]
Cyber Threat Hunting Training [FREE]
https://register.gotowebinar.com/register/5841228496128209677
https://www.blackhillsinfosec.com/training/cyber-threat-hunting-training-may-session/
[Tuesday, May 12th, 12pm – 4pm EST]
Training Course: Active Defense & Cyber Deception with John Strand (16-Hours) [$395.00]
https://register.gotowebinar.com/register/7582716376190960652?source=disc
[Mon, Apr 27, 2020 12:00 PM - 4:00 PM EDT]
[Tue, Apr 28, 2020 12:00 PM - 4:00 PM EDT]
[Wed, Apr 29, 2020 12:00 PM - 4:00 PM EDT]
[Thu, Apr 30, 2020 12:00 PM - 4:00 PM EDT]
Sysinternals Sysmon Fundamentals—Online Training Course [$1,250]
https://www.trustedsec.com/events/training-sysinternals-sysmon-fundamentals-online-training-course/
https://www.eventbrite.com/e/sysinternals-sysmon-fundamentalsonline-training-course-tickets-102115002722
Lectures:
Active Defence Harbinger Distro (ADHD) Project Page
https://www.activecountermeasures.com/free-tools/adhd/
https://adhdproject.github.io/#!index.md
Dan Kaminsky's DNS Vulnerability of 2008
https://duo.com/decipher/hacker-history-how-dan-kaminsky-almost-broke-the-internet
https://en.wikipedia.org/wiki/Dan_Kaminsky
Zoom...
https://thehackernews.com/2020/04/zoom-cybersecurity-hacking.html
https://citizenlab.ca/2020/04/move-fast-roll-your-own-crypto-a-quick-look-at-the-confidentiality-of-zoom-meetings/
Videos:
Benjamin Wright - Awareness Con 2019 (Adel, IA)
https://youtu.be/cU8lTyZgHMA
Implementing Sysmon and Applocker
https://www.youtube.com/watch?v=9qsP5h033Qk
How To Use Portspoof (Cyber Deception)
https://www.blackhillsinfosec.com/how-to-use-portspoof-cyber-deception/
Bypassing Cylance: Part 1 – Using VSAgent.exe
https://www.blackhillsinfosec.com/bypassing-cylance-part-1-using-vsagent-exe/
DEF CON 18 - Zoz - Pwned By The Owner: What Happens When You Steal A Hacker's Computer
https://www.youtube.com/watch?v=Jwpg-AwJ0Jc
Messing With Portscans With Honeyports (Cyber Deception)
https://www.blackhillsinfosec.com/messing-with-portscans-with-honeyports-cyber-deception/
Webcast: Enterprise Recon For Purple Teams
https://www.blackhillsinfosec.com/webcast-enterprise-recon-for-purple-teams/
Webcast: How (we) Run a Virtual Conference and How You Can, Too
https://www.blackhillsinfosec.com/webcast-how-we-run-a-virtual-conference-and-how-you-can-too/
Books:
Offensive Countermeasures: The Art of Active Defense
https://www.amazon.com/Offensive-Countermeasures-Art-Active-Defense-ebook/dp/B0753MCJV8
The Mind of War: John Boyd and American Security
https://www.amazon.com/Mind-War-John-American-Security-ebook/dp/B006Q2GIDO
Obfuscation:
Living Off The Land Binaries and Scripts (and also Libraries)
https://lolbas-project.github.io/#
Bashfuscator
https://github.com/Bashfuscator/Bashfuscator
pyamor
https://pypi.org/project/pyarmor/
Invoke-Obfuscation v1.8
https://github.com/danielbohannon/Invoke-Obfuscation
unicorn
https://github.com/trustedsec/unicorn
PyFuscation
https://github.com/CBHue/PyFuscation
Evil Clippy
https://github.com/outflanknl/EvilClippy
Obfuscated Powershell Invocations
https://github.com/backlion/Offensive-Security-OSCP-Cheatsheets/blob/master/offensive-security/t1027-obfuscated-powershell-invocations.md
CLMBypass.csproj
https://gist.github.com/C0axx/6648e64892a1d4de7d397090d9514981
Other links:
CanaryPi
https://github.com/hackern0v1c3/CanaryPi
dnscat2
https://github.com/iagox86/dnscat2
Thinkst Canary
https://canary.tools/
The CredDefense Toolkit
https://www.blackhillsinfosec.com/the-creddefense-toolkit/
Universally Evading Sysmon and ETW
https://blog.dylan.codes/evading-sysmon-and-windows-event-logging/
Slingshot C2 Matrix Edition
https://howto.thec2matrix.com/slingshot-c2-matrix-edition
Empire
https://github.com/BC-SECURITY/Empire
CanaryTokens
https://github.com/thinkst/canarytokens
Bypassing AV (Windows Defender) the tedious way
https://www.cyberguider.com/bypassing-windows-defender-the-tedious-way/
Bypassing AV (Windows Defender) … Cat vs. Mouse
https://www.cyberguider.com/bypassing-av-cat-vs-mouse/
Fireprox
https://github.com/ustayready/fireprox
NXLog Community Edition
https://nxlog.co/products/nxlog-community-edition
DCEPT
https://github.com/secureworks/dcept
Scout Suite
https://github.com/nccgroup/ScoutSuite
TCP Wrappers
https://en.wikipedia.org/wiki/TCP_Wrappers
Portspoof
https://github.com/drk1wi/portspoof/blob/master/system_files/init.d/portspoof_simple.sh
Canary Token
https://blueclouddrive.com/generate
PowerOutage.us
https://poweroutage.us/
Hover_with_Power
https://github.com/ethanhunnt/Hover_with_Power/blob/master/README.md
PC-Write
https://en.wikipedia.org/wiki/PC-Write
Some Commands:
/root
/opt/honeyports/cross-platform/
./honerports-0.4a.py
firewall-cmd port forwarding: firewall-cmd --permanent --add-forward-port=port=1-65535:proto=tcp:toport=4444
duck --username anonymous --download s3:/wwhfjohns/ADHD3/ADHD3-disk1.vmdk /home/arif/Downloads
duck -u anonymous -d s3://s3.amazonaws.com/wwhfjohns/ADHD3/ $(pwd)/
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment