情报
框架 Framework
-
[Tools]Utilities for MITRE™ ATT&CK https://github.com/nshalabi/ATTACK-Tools -
[Tools]好用的渗透工具列表 https://github.com/enaqx/awesome-pentest -
[Book]Kali渗透 https://jobrest.gitbooks.io/kali-linux-cn/content/ -
[Paper]MITRE ATT&CK 发布了 7 款安全产品的评估 https://medium.com/mitre-attack/first-round-of-mitre-att-ck-evaluations-released-15db64ea970d -
[Doc]红队技术实战 https://ired.team/ -
[Tools]红队框架 https://ired.team/offensive-security/red-team-infrastructure/automating-red-team-infrastructure-with-terraform -
[Cheatsheet]红队手册 https://github.com/mantvydasb/Offensive-Security-OSCP-Cheatsheets/ -
[Tools]渗透、红队工具集 https://github.com/blaCCkHatHacEEkr/PENTESTING-BIBLE -
[Tools]红队资源集合 https://github.com/yeyintminthuhtut/Awesome-Red-Teaming/
MITRE ATT&CK Frameworks
-
Caldera https://github.com/mitre/caldera https://caldera.readthedocs.io/en/latest/index.html
-
Atomic Red Team https://github.com/redcanaryco/atomic-red-team https://atomicredteam.io
-
DumpsterFire https://github.com/TryCatchHCF/DumpsterFire
-
Metta https://github.com/uber-common/metta https://github.com/uber-common/metta/wiki
信息搜集 Reconnaissance
1. OSINT 在线工具
-
[Tools]企业邮箱搜索工具 http://www.skymem.info/ -
[Tools]子域名和DNS历史记录Dnstrails https://securitytrails.com/dns-trails -
[Tools]全网证书搜索 http://crt.sh -
[Tools]多种域名/IP信息工具 https://viewdns.info/ -
[Tools]https://pentest-tools.com -
[Tools]全网资产搜索 Shodan https://www.shodan.io/ -
[Tools]全网资产搜索 Censys https://censys.io -
[Tools]全网资产搜索 Fofa https://fofa.so/ -
[Tools]全网资产搜索 Zoomeye https://www.zoomeye.org/ -
[Tools]DNS查询 https://dnsdumpster.com/ -
[Tools]文件在线监测 VirusTotal https://www.virustotal.com/ -
[Tools]DNS查询 http://www.dnsgoodies.com/ -
Google ASE aka Google Dorking [Most effective in some cases]
-
Spiderfoot [Currently Free, just request for a Spiderfoot instance]
-
Binaryedge [Paid/Rate-Limited]
-
onyphe.io [Free mostly]
2. 匿名邮箱和短信接收平台
入口突破 Entry
1. 钓鱼 Phishing
-
[Cases]利用谷歌开放平台OAuth授权,伪装成Google Doc使用GMail传播钓鱼 https://www.reddit.com/r/google/comments/692cr4/new_google_docs_phishing_scam_almost_undetectable/ -
[Blog]Office在线视频钓鱼 https://blog.cymulate.com/abusing-microsoft-office-online-video -
[Tools]邮件钓鱼工具 https://www.mailsploit.com/index -
[Trick]利用DOCX文档远程模板注入执行宏https://xz.aliyun.com/t/2496
2. 硬件交互设备 HID Attack
-
[Paper]打印机利用 http://archive.hack.lu/2010/Costin-HackingPrintersForFunAndProfit-slides.pdf -
[Tools]BadUSB https://mp.weixin.qq.com/s/mIcRNcf5HmZ4axe8N92S7Q
3. 无线入侵 Wireless Attack
[Tools]无需四次握手包破解WPA&WPA2密码 http://www.freebuf.com/articles/wireless/179953.html
漏洞利用 Exploit
[Tools]PE文件转为Shellcode / https://github.com/hasherezade/pe_to_shellcode
漏洞利用 XXE
[Tools]XXE盲打外传工具 https://github.com/TheTwitchy/xxer[Tools]攻击Java RMI https://github.com/NickstaDB/BaRMIe
权限提升 Privilege Escalation
-
[Cheatsheet]Windows提权笔记 https://xz.aliyun.com/t/2519 -
[Cheatsheet]Windows提权小抄 https://guif.re/windowseop -
[Cheatsheet]Windows本地提权技巧 http://payloads.online/archivers/2018-10-08/1 -
[Cheatsheet]Linux提权小抄 https://guif.re/linuxeop -
[Exploit]Windows-Exploit-Suggester https://github.com/GDSSecurity/Windows-Exploit-Suggester/blob/master/windows-exploit-suggester.py -
[Exploit]Linux-Exploit-Suggester https://github.com/PenturaLabs/Linux_Exploit_Suggester/ -
[Exploit]Windows Exploits https://github.com/abatchy17/WindowsExploits -
[Exploit]Windows Sherlock本地提权漏洞检查 https://github.com/rasta-mouse/Sherlock -
[Cheatsheet]Linux sudo滥用提权 http://touhidshaikh.com/blog/?p=790 -
[Blog]深入解读MS14-068漏洞:微软精心策划的后门?http://www.freebuf.com/vuls/56081.html -
[Paper]Windows特权提升 https://www.exploit-db.com/docs/english/46131-windows-privilege-escalations.pdf -
[Tools]juicy-potato本地提权 https://github.com/ohpe/juicy-potato https://foxglovesecurity.com/2016/09/26/rotten-potato-privilege-escalation-from-service-accounts-to-system/
持久化后门 Persistent
-
[Tools]Gray Dragon .NET应用Runtime注入工具 / https://www.digitalbodyguard.com/graydragon.html -
[Trick]利用环境变量,在任意.Net应用DLL注入 / https://mobile.twitter.com/subTee/status/864903111952875521 https://docs.microsoft.com/en-us/previous-versions/dotnet/netframework-4.0/bb384689(v=vs.100) -
[Tools]PHP-FPM无文件后门Webshell https://www.anquanke.com/post/id/163197 -
[Tools]利用PrintDialog持久化+执行命令 http://www.hexacorn.com/blog/2018/08/11/printdialog-exe-yet-another-lolbin-for-loading-dlls/ -
[Tools]SystemSettings http://www.hexacorn.com/blog/2018/08/12/systemsettings-exe-yet-another-lolbin-for-loading-dlls/ -
[Tools]二进制加密Webshell https://xz.aliyun.com/t/2744https://github.com/rebeyond/Behinder
后渗透、据点挖掘 Post Exploitation
1. Windows
-
无Powershell.exe的Powershell工具 / https://github.com/Ben0xA/nps
-
全阶段的Powershell渗透测试脚本 / https://github.com/samratashok/nishang
-
命令执行 Living off the Land https://github.com/api0cradle/LOLBAS
-
C# 后渗透测试库 SharpSploit 介绍 https://posts.specterops.io/introducing-sharpsploit-a-c-post-exploitation-library-5c7be5f16c51
-
[Blog]Windows执行命令和下载文件总结 https://www.cnblogs.com/17bdw/p/8550189.html -
[Tricks]使用Rundll32运行.Net程序 https://blog.xpnsec.com/rundll32-your-dotnet/ -
[Tools].NET DllExport https://github.com/3F/DllExport
2. Linux
- 纯Bash实现的后渗透工具 / https://github.com/TheSecondSun/Bashark/
凭据窃取 Credentials
[Tools]SafetyKatz https://github.com/GhostPack/SafetyKatz[Tools]Shellcode Dump LSASS https://osandamalith.com/2019/05/11/shellcode-to-dump-the-lsass-process/[Tools]内网密码搜集和解密工具 https://github.com/klionsec/Decryption-tool
横向移动 Letaral Movement
-
[Tools]域信息搜集,域管理员的六度空间 https://github.com/BloodHoundAD/SharpHound -
[Usage]NMap空闲隐蔽扫描 https://nmap.org/book/idlescan.html -
[Blog]使用meterpreter进行NTLM中继攻击 https://diablohorn.com/2018/08/25/remote-ntlm-relaying-through-meterpreter-on-windows-port-445/ -
[Tools]Responder NetBIOS名称欺骗和LLMNR欺骗 https://github.com/SpiderLabs/Responder -
[Tools]NTLM Relay 攻击 Exchange Web Services https://github.com/Arno0x/NtlmRelayToEWS -
[Tools]SMB中间人劫持 https://github.com/quickbreach/SMBetray -
[Tools]代理隧道 https://github.com/txthinking/brook
绕过检测 Defense Evasion
-
[Book]效果不错的免杀,使用C#绕过杀毒软件 -
[Tools]生成免杀的Metasploit Payload / https://github.com/Veil-Framework/Veil -
[Code]自定义Meterpreter加载 / http://www.freebuf.com/articles/system/53818.html -
[Blog]九种姿势执行Mimikaz -
[Blog]使用.Net可执行程序进行渗透 -
[Blog]ATT&CK 攻击矩阵 躲避防御 -
[Blog]绕过下一代杀软 -
[Blog]Windows NTFS特殊文件夹绕过检测 -
[Paper]Winnti Bootkit http://williamshowalter.com/a-universal-windows-bootkit/ -
[Paper]UEFI Rootkit https://www.welivesecurity.com/2018/09/27/lojax-first-uefi-rootkit-found-wild-courtesy-sednit-group/ -
[Twitter]Linux Bash 混淆 https://twitter.com/DissectMalware/status/1025580967384305664 -
[Tools]免杀工具 AVEThttps://github.com/govolution/avet -
[Blog]绕过CrowdStrike检测 https://0x00sec.org/t/bypassing-crowdstrike-falcon-detection-from-phishing-email-to-reverse-shell/10802 -
[Blog]10 种绕过杀毒软件的方式 https://blog.netspi.com/10-evil-user-tricks-for-bypassing-anti-virus/ -
[Tools]DLL Side Loding Attack Gen https://github.com/Mr-Un1k0d3r/MaliciousDLLGenerator
C&C
-
[Tools]ICMP后门 https://github.com/inquisb/icmpsh -
[Tools]Windows远控 in C# https://github.com/quasar/QuasarRAT -
[Tools]Defcon后渗透工具,大宝剑 https://github.com/zerosum0x0/koadic
数据外传 Data Exfiltration
杂项 Misc
- 渗透论坛 https://www.hackthebox.eu/
- Java Runtime.exec(String)执行任意命令 https://www.anquanke.com/post/id/159554https://mp.weixin.qq.com/s/pzpc44-xH932M4eCJ8LxYghttp://jackson.thuraisamy.me/runtime-exec-payloads.html
[Tools]代码生成手绘图 https://www.websequencediagrams.com/[Tools]本地代码生成ascii文本绘图 graph::easy
法律法规 Laws
1. 美国信息泄露通知法
- https://en.wikipedia.org/wiki/Security_breach_notification_laws
- https://en.wikipedia.org/wiki/California_S.B._1386
入侵检测 Detection
- 针对微软活动目录(AD)的七大高级攻击技术及相应检测方法 https://www.anquanke.com/post/id/161815
- 攻防对抗:活动目录中的欺骗技术 https://www.anquanke.com/post/id/162210
[Tools]Webshell查杀 http://www.shellpub.com/
中间人 MITM
Android
[Paper]Frida操作手册 https://github.com/hookmaster/frida-all-in-one
加固
[Blog]隐藏pid虚拟木库,隐藏其他用户的进程信息 https://linux-audit.com/linux-system-hardening-adding-hidepid-to-proc/
逆向 Reverse
[Tools]NSA发布逆向分析框架Ghidra https://www.nsa.gov/resources/everyone/ghidra/[Tools]Modern Java Bytecode Editor https://github.com/Col-E/Recaf
字典 Wordlist
- 看起来很强的弱密码 https://github.com/r35tart/RW_Password
业内红队
扫描&自动化
- 分布式扫描器WDScanner https://www.freebuf.com/sectool/203772.html