s0h3ck/notes

## notes
AV Products or Companies:
 Avast
 BitDefender
 Carbon Black
 Check Point
 Cisco
 ClamAV
 CrowdStrike
 Cylance
 Elastic Endpoint Security
 ESET Nod32
 FireEye
 Fortinet
 FortiGate
 Kaspersky
 McAfee
 Microsoft
 Norton
 Palo Alto Networks
 QRadar
 Quick Heal
 SentinelOne
 Sophos
 Symantec Norton
 Tenable Nessus
 Trend Micro
 VirusTotal

Reminder:
 (1) Do not get caught

Courses:
 How to Build a Home Lab (1-Hour) [FREE]
  https://register.gotowebinar.com/register/4352163197316816142
  [Thu, Apr 16, 2020 1:00 PM - 2:00 PM EDT]
 Breaching the Cloud Perimeter Training w/ Labs (4-Hours) [FREE]
  https://register.gotowebinar.com/register/1264630092013493773?source=BB
  https://www.blackhillsinfosec.com/training/breaching-the-cloud-perimeter-training/
   [Sat, Apr 25, 2020 11:00 AM - 4:00 PM EDT]
 Cyber Threat Hunting Training [FREE]
  https://register.gotowebinar.com/register/5841228496128209677
  https://www.blackhillsinfosec.com/training/cyber-threat-hunting-training-may-session/
   [Tuesday, May 12th, 12pm – 4pm EST]
 Training Course: Active Defense & Cyber Deception with John Strand (16-Hours) [$395.00]
  https://register.gotowebinar.com/register/7582716376190960652?source=disc
   [Mon, Apr 27, 2020 12:00 PM - 4:00 PM EDT]
   [Tue, Apr 28, 2020 12:00 PM - 4:00 PM EDT]
   [Wed, Apr 29, 2020 12:00 PM - 4:00 PM EDT]
   [Thu, Apr 30, 2020 12:00 PM - 4:00 PM EDT]
 Sysinternals Sysmon Fundamentals—Online Training Course [$1,250]
  https://www.trustedsec.com/events/training-sysinternals-sysmon-fundamentals-online-training-course/
  https://www.eventbrite.com/e/sysinternals-sysmon-fundamentalsonline-training-course-tickets-102115002722

Lectures:
 Active Defence Harbinger Distro (ADHD) Project Page
  https://www.activecountermeasures.com/free-tools/adhd/
  https://adhdproject.github.io/#!index.md
 Dan Kaminsky's DNS Vulnerability of 2008
  https://duo.com/decipher/hacker-history-how-dan-kaminsky-almost-broke-the-internet
  https://en.wikipedia.org/wiki/Dan_Kaminsky
 Zoom...
  https://thehackernews.com/2020/04/zoom-cybersecurity-hacking.html
  https://citizenlab.ca/2020/04/move-fast-roll-your-own-crypto-a-quick-look-at-the-confidentiality-of-zoom-meetings/

Videos:
 Benjamin Wright - Awareness Con 2019 (Adel, IA)
  https://youtu.be/cU8lTyZgHMA
 Implementing Sysmon and Applocker
  https://www.youtube.com/watch?v=9qsP5h033Qk
 How To Use Portspoof (Cyber Deception)
  https://www.blackhillsinfosec.com/how-to-use-portspoof-cyber-deception/
 Bypassing Cylance: Part 1 – Using VSAgent.exe
  https://www.blackhillsinfosec.com/bypassing-cylance-part-1-using-vsagent-exe/
 DEF CON 18 - Zoz - Pwned By The Owner: What Happens When You Steal A Hacker's Computer
  https://www.youtube.com/watch?v=Jwpg-AwJ0Jc
 Messing With Portscans With Honeyports (Cyber Deception)
  https://www.blackhillsinfosec.com/messing-with-portscans-with-honeyports-cyber-deception/
 Webcast: Enterprise Recon For Purple Teams
  https://www.blackhillsinfosec.com/webcast-enterprise-recon-for-purple-teams/
 Webcast: How (we) Run a Virtual Conference and How You Can, Too
  https://www.blackhillsinfosec.com/webcast-how-we-run-a-virtual-conference-and-how-you-can-too/

Books:
 Offensive Countermeasures: The Art of Active Defense
  https://www.amazon.com/Offensive-Countermeasures-Art-Active-Defense-ebook/dp/B0753MCJV8
 The Mind of War: John Boyd and American Security
  https://www.amazon.com/Mind-War-John-American-Security-ebook/dp/B006Q2GIDO

Obfuscation:
 Living Off The Land Binaries and Scripts (and also Libraries)
  https://lolbas-project.github.io/#
 Bashfuscator
  https://github.com/Bashfuscator/Bashfuscator
 pyamor
  https://pypi.org/project/pyarmor/
 Invoke-Obfuscation v1.8
  https://github.com/danielbohannon/Invoke-Obfuscation
 unicorn
  https://github.com/trustedsec/unicorn
 PyFuscation
  https://github.com/CBHue/PyFuscation
 Evil Clippy
  https://github.com/outflanknl/EvilClippy
 Obfuscated Powershell Invocations
  https://github.com/backlion/Offensive-Security-OSCP-Cheatsheets/blob/master/offensive-security/t1027-obfuscated-powershell-invocations.md
 CLMBypass.csproj
  https://gist.github.com/C0axx/6648e64892a1d4de7d397090d9514981

Other links:
 CanaryPi
  https://github.com/hackern0v1c3/CanaryPi
 dnscat2
  https://github.com/iagox86/dnscat2
 Thinkst Canary
  https://canary.tools/
 The CredDefense Toolkit
  https://www.blackhillsinfosec.com/the-creddefense-toolkit/
 Universally Evading Sysmon and ETW
  https://blog.dylan.codes/evading-sysmon-and-windows-event-logging/
 Slingshot C2 Matrix Edition
  https://howto.thec2matrix.com/slingshot-c2-matrix-edition
 Empire
  https://github.com/BC-SECURITY/Empire
 CanaryTokens
  https://github.com/thinkst/canarytokens
 Bypassing AV (Windows Defender) the tedious way
  https://www.cyberguider.com/bypassing-windows-defender-the-tedious-way/
 Bypassing AV (Windows Defender) … Cat vs. Mouse
  https://www.cyberguider.com/bypassing-av-cat-vs-mouse/
 Fireprox
  https://github.com/ustayready/fireprox
 NXLog Community Edition
  https://nxlog.co/products/nxlog-community-edition
 DCEPT
  https://github.com/secureworks/dcept
 Scout Suite
  https://github.com/nccgroup/ScoutSuite
 TCP Wrappers
  https://en.wikipedia.org/wiki/TCP_Wrappers
 Portspoof
  https://github.com/drk1wi/portspoof/blob/master/system_files/init.d/portspoof_simple.sh
 Canary Token
  https://blueclouddrive.com/generate
 PowerOutage.us
  https://poweroutage.us/
 Hover_with_Power
  https://github.com/ethanhunnt/Hover_with_Power/blob/master/README.md
 PC-Write
  https://en.wikipedia.org/wiki/PC-Write

Some Commands:
/root
/opt/honeyports/cross-platform/
./honerports-0.4a.py

firewall-cmd port forwarding: firewall-cmd --permanent --add-forward-port=port=1-65535:proto=tcp:toport=4444

duck --username anonymous --download s3:/wwhfjohns/ADHD3/ADHD3-disk1.vmdk /home/arif/Downloads
duck -u anonymous -d s3://s3.amazonaws.com/wwhfjohns/ADHD3/ $(pwd)/
	AV Products or Companies:
	Avast
	BitDefender
	Carbon Black
	Check Point
	Cisco
	ClamAV
	CrowdStrike
	Cylance
	Elastic Endpoint Security
	ESET Nod32
	FireEye
	Fortinet
	FortiGate
	Kaspersky
	McAfee
	Microsoft
	Norton
	Palo Alto Networks
	QRadar
	Quick Heal
	SentinelOne
	Sophos
	Symantec Norton
	Tenable Nessus
	Trend Micro
	VirusTotal

	Reminder:
	(1) Do not get caught

	Courses:
	How to Build a Home Lab (1-Hour) [FREE]
	https://register.gotowebinar.com/register/4352163197316816142
	[Thu, Apr 16, 2020 1:00 PM - 2:00 PM EDT]
	Breaching the Cloud Perimeter Training w/ Labs (4-Hours) [FREE]
	https://register.gotowebinar.com/register/1264630092013493773?source=BB
	https://www.blackhillsinfosec.com/training/breaching-the-cloud-perimeter-training/
	[Sat, Apr 25, 2020 11:00 AM - 4:00 PM EDT]
	Cyber Threat Hunting Training [FREE]
	https://register.gotowebinar.com/register/5841228496128209677
	https://www.blackhillsinfosec.com/training/cyber-threat-hunting-training-may-session/
	[Tuesday, May 12th, 12pm – 4pm EST]
	Training Course: Active Defense & Cyber Deception with John Strand (16-Hours) [$395.00]
	https://register.gotowebinar.com/register/7582716376190960652?source=disc
	[Mon, Apr 27, 2020 12:00 PM - 4:00 PM EDT]
	[Tue, Apr 28, 2020 12:00 PM - 4:00 PM EDT]
	[Wed, Apr 29, 2020 12:00 PM - 4:00 PM EDT]
	[Thu, Apr 30, 2020 12:00 PM - 4:00 PM EDT]
	Sysinternals Sysmon Fundamentals—Online Training Course [$1,250]
	https://www.trustedsec.com/events/training-sysinternals-sysmon-fundamentals-online-training-course/
	https://www.eventbrite.com/e/sysinternals-sysmon-fundamentalsonline-training-course-tickets-102115002722

	Lectures:
	Active Defence Harbinger Distro (ADHD) Project Page
	https://www.activecountermeasures.com/free-tools/adhd/
	https://adhdproject.github.io/#!index.md
	Dan Kaminsky's DNS Vulnerability of 2008
	https://duo.com/decipher/hacker-history-how-dan-kaminsky-almost-broke-the-internet
	https://en.wikipedia.org/wiki/Dan_Kaminsky
	Zoom...
	https://thehackernews.com/2020/04/zoom-cybersecurity-hacking.html
	https://citizenlab.ca/2020/04/move-fast-roll-your-own-crypto-a-quick-look-at-the-confidentiality-of-zoom-meetings/

	Videos:
	Benjamin Wright - Awareness Con 2019 (Adel, IA)
	https://youtu.be/cU8lTyZgHMA
	Implementing Sysmon and Applocker
	https://www.youtube.com/watch?v=9qsP5h033Qk
	How To Use Portspoof (Cyber Deception)
	https://www.blackhillsinfosec.com/how-to-use-portspoof-cyber-deception/
	Bypassing Cylance: Part 1 – Using VSAgent.exe
	https://www.blackhillsinfosec.com/bypassing-cylance-part-1-using-vsagent-exe/
	DEF CON 18 - Zoz - Pwned By The Owner: What Happens When You Steal A Hacker's Computer
	https://www.youtube.com/watch?v=Jwpg-AwJ0Jc
	Messing With Portscans With Honeyports (Cyber Deception)
	https://www.blackhillsinfosec.com/messing-with-portscans-with-honeyports-cyber-deception/
	Webcast: Enterprise Recon For Purple Teams
	https://www.blackhillsinfosec.com/webcast-enterprise-recon-for-purple-teams/
	Webcast: How (we) Run a Virtual Conference and How You Can, Too
	https://www.blackhillsinfosec.com/webcast-how-we-run-a-virtual-conference-and-how-you-can-too/

	Books:
	Offensive Countermeasures: The Art of Active Defense
	https://www.amazon.com/Offensive-Countermeasures-Art-Active-Defense-ebook/dp/B0753MCJV8
	The Mind of War: John Boyd and American Security
	https://www.amazon.com/Mind-War-John-American-Security-ebook/dp/B006Q2GIDO

	Obfuscation:
	Living Off The Land Binaries and Scripts (and also Libraries)
	https://lolbas-project.github.io/#
	Bashfuscator
	https://github.com/Bashfuscator/Bashfuscator
	pyamor
	https://pypi.org/project/pyarmor/
	Invoke-Obfuscation v1.8
	https://github.com/danielbohannon/Invoke-Obfuscation
	unicorn
	https://github.com/trustedsec/unicorn
	PyFuscation
	https://github.com/CBHue/PyFuscation
	Evil Clippy
	https://github.com/outflanknl/EvilClippy
	Obfuscated Powershell Invocations
	https://github.com/backlion/Offensive-Security-OSCP-Cheatsheets/blob/master/offensive-security/t1027-obfuscated-powershell-invocations.md
	CLMBypass.csproj
	https://gist.github.com/C0axx/6648e64892a1d4de7d397090d9514981

	Other links:
	CanaryPi
	https://github.com/hackern0v1c3/CanaryPi
	dnscat2
	https://github.com/iagox86/dnscat2
	Thinkst Canary
	https://canary.tools/
	The CredDefense Toolkit
	https://www.blackhillsinfosec.com/the-creddefense-toolkit/
	Universally Evading Sysmon and ETW
	https://blog.dylan.codes/evading-sysmon-and-windows-event-logging/
	Slingshot C2 Matrix Edition
	https://howto.thec2matrix.com/slingshot-c2-matrix-edition
	Empire
	https://github.com/BC-SECURITY/Empire
	CanaryTokens
	https://github.com/thinkst/canarytokens
	Bypassing AV (Windows Defender) the tedious way
	https://www.cyberguider.com/bypassing-windows-defender-the-tedious-way/
	Bypassing AV (Windows Defender) … Cat vs. Mouse
	https://www.cyberguider.com/bypassing-av-cat-vs-mouse/
	Fireprox
	https://github.com/ustayready/fireprox
	NXLog Community Edition
	https://nxlog.co/products/nxlog-community-edition
	DCEPT
	https://github.com/secureworks/dcept
	Scout Suite
	https://github.com/nccgroup/ScoutSuite
	TCP Wrappers
	https://en.wikipedia.org/wiki/TCP_Wrappers
	Portspoof
	https://github.com/drk1wi/portspoof/blob/master/system_files/init.d/portspoof_simple.sh
	Canary Token
	https://blueclouddrive.com/generate
	PowerOutage.us
	https://poweroutage.us/
	Hover_with_Power
	https://github.com/ethanhunnt/Hover_with_Power/blob/master/README.md
	PC-Write
	https://en.wikipedia.org/wiki/PC-Write

	Some Commands:
	/root
	/opt/honeyports/cross-platform/
	./honerports-0.4a.py

	firewall-cmd port forwarding: firewall-cmd --permanent --add-forward-port=port=1-65535:proto=tcp:toport=4444

	duck --username anonymous --download s3:/wwhfjohns/ADHD3/ADHD3-disk1.vmdk /home/arif/Downloads
	duck -u anonymous -d s3://s3.amazonaws.com/wwhfjohns/ADHD3/ $(pwd)/