Chapter - The beginning of the Journey in the world of Vulnerability Assessment

VA Class 01 the CODS connection

VA Class 02 What you will learn

VA Class 03 common risks to organizations

7 key cyber security threats for businesses – and how to tackle them

VA Class 04 common risks to organizations continued

10 Common IT Security Risks in the Workplace

VA Class 05 How do we see you vs you see yourself vs the industry

VA Class 06 Key things to know within CODS Industry

VA Class 07 Disconnect with the Security Industry and Community

VA Class 08 What makes this course Unique and what you will learn

VA Class 09 be purple

VA Class 10 The world needs more super heroes

VA Class 11 The start of your journey and the VA Flow

VA Class 12 which one is you

The Difference Between Red, Blue, and Purple Teams _ Daniel Miessler

VA Class 13 VA at an Enterprise Level

VA Class 14 IT vs OT

Operational technology (OT) - definitions and differences with IT

VA Class 15 why VA is necessary

17 Best Vulnerability Assessment Scanning Tools

VA Class 16 Satan and Adam and security by design the sunnah way

What is Security by Design

Security by design research paper

VA Class 17 VA Case studies

Vulnerability Assessment Case Study for Hospital

cyprus-shipping-chamber-vulnerability-management-case-study

Read this case study even if you struggle its Ok. As down the line you will learn all these things. An empirical study on vulnerability assessment and penetration detection for highly sensitive networks

Cybersecurity Vulnerability Assessment (CVA)

Vulnerability Assessment

Vulnerability Management Process: Scanning, Prioritizing, and Remediating

VA Class 18 VA through the lens of various standards part 1

VA Class 18 VA through the lens of various standards part 2

VA Class 19 VA Framework part 1

VA Class 19 VA Framework part 2

VA Class 19 VA Framework part 3

VA Class 19 VA Framework part 4

VA Class 19 VA Framework part 5

VA Class 19 VA Framework part 6

Chapter - Difference between VA and patching

VA Class 19 VA Framework part 7 8 and 9

VA Class 20 Know your scope Dont commit a 2 trillion dollars mistake

VA Class 21 The connection between risk assessment and threat modelling

Threat Modelling (Reading excercise)

Threat Modelling Process (reading excercise)

Threat Modeling: 12 Available Methods (Further reading)

Microsoft Threat Modeling tool.

VA Class 22 Know the physical and logical assets part a

Advantages and Disadvantages of Active vs. Passive Scanning in IT and OT Environments (Reading material)

The OSI model explained and how to easily remember its 7 layers (Reading Material)

OSI Model Explained: The OSI 7 Layers (Reading Material)

Chapter - Masscan Lab how to scan the whole internet

ARP VS RARP – Difference between ARP and RARP (Reading material)

Massscan Lab part 1

Massscan Lab part 2

Massscan Lab part 3

Mass scan Lab part 4

Mass scan Lab part 5

Masscan How to operate

Masscan Github link for review

Something to ponder a good read to know history

Turkish president speech a food for thought as to what is on the horizon in the cyber space think social-injustice-ware.

Senator Bernie Sanders speaking in the US House.

Masscan Assignment and submit the .txt file accordingly.

Difference between VA and patching

Difference between vulnerability scanning and patch management (Please read this in your native language)

Patch management vs vulnerability management (Read this in your native language)

The 15 biggest data breaches of the 21st century so far (read this in your native language)

Please take note.

Everything is Vulenrable just like us humans

Articles to read

Network Data and why it matters in the context of VA

Articles for reading as they relate to Network Data.

Open Source Recon tools to test out

Tools to test out on the Ghanimah labs infrastructure

Scanning the cloud what you need to know as a VA analyst

Read this article in your native language using google translate

Global Cloud Providers

Read this article in your native language using google translate

Inspector Gadget Connection to Cloud assessments part 1

Introducing Amazon Inspector

Amazon Inspector

Inspector Gadget Connection to CLoud assessments part 2

Inspector Gadget Connection to CLoud assessments part 3

Security Talks Improve your security GCP

Reading articles only. We will cover hands on activities later on in the clod labs.

The connection between army doctrine vs vulenrbaility assessment

Read this article by translating it into your native language using google translator

Which vulnerbaility scanners can you use

Read this article and translate this into your own native language using google translator

Understanding Cyber Security Risk is important

Watch this video if you can and understand the context as it will help you prepare for interviews later

Risk management Methodologies

Octave. Read these documents by translating them in your own native language using google translator

OCTAVE. Download and read this document in your native language

Information Operations Conditions (INFOCON). Read this document in your own native language

OWASP Risk Rating Methodology. Read this in your own native language to understand better

CVSS Risk Rating System. Read this in your own Native language

file

The risk-based approach to cybersecurity. Read this document by translating it into your native language.

Open Source vs Commercial VA scanners

Open-Source Vs. Commercial VA tools. Read this in your native language.

Internal VS External Vulnerability Scans: What’s The Main Difference?. Translate this into your local language and read.

Types of VA Scanners in the Market and what you should learn and will learn on our labs

Vulnerability Scanning Tools/ Translate this in your native language and read the article.

Best Vulnerability Scanner Tools for 2021. read this in your native language to under better.

Types of Scans at our disposal

Types of VA Scans. Read this article by translating this in your native language.

Difference between web and network scanning

Web Application Security or Network Security. Translate this in your native language and read.

The 4 Big Differences Between Network Security and Web Application Security. Translate this in your native language and ready.

Attention, please take note.

web application types and tools to attack them

Web Applications with a Content Management System. Read this in your native language please.

Top 10 Open Source Security Testing Tools for Web Applications. please read this in your native language.

SSL vs non SSL what to use part 1

Read these articles in your local language and read them please.

Please read this article in your local language by translating it through google.

SSL vs non SSL what to use part 2

Test out your server, your browser and SSL pulse

SSL vs non SSL what to use part 3

SSL/TLS Deployment Best Practices. Translate this in your native language.

SSL Server Rating Guide. Please translate and read this in your native language.

Recommendation to buy a book.

Tell me about this VOIP

Translate this article in your native language and read please.

Translate this article in your native language and read please.

Chapter - Scanning the Infrastructure where it hurts

Scanning where it really hurts part 1

Scanning where it really hurts part 2

Please translate in your local language to help you better understand the context.

Read some of these validated designs. Translate in your native language if you MUST to understand better.

Scanning where it really hurts part 3

Scanning where it really hurts part 4

Autonomous Ground Vehicles Security Guide (Read in your native language by using a google translator)

Cloud Computing different models

Read the documents on the CISA website in your native language by using google translator.

Key documents to read.

Wi-Fi Vulnerbaility and IoT Connection

Please read this in your native language by using google translator

Chapter - Network Mapper

Map The Network 1

Map the Network 1 Lab

Map the Network 2

Map the Network2 - Lab

Detection Firewall

Firewall Detection - Lab

Firewall_Evesion

Firewall Evesion - Lab

Nmap Scripting Engine

NMap Scripting Engine - Lab

Natwork Maper

1_Introduction

Chapter - Vulnerblity Assessment (VA) Using ZAP

1_Introduction

ZAP

2_ZAP-INstallation

Zap Installation: - Lab

3_Deep Dive Into ZAP

3_Deep Dive Into ZAP - 2

Deep Dive into the ZAP - Lab

4_AFTER VA_USING_ZAP

Burpsuit

1-How to Download Burp_Suite Por

2-Burp_Suite Installation _ Walkthrough

Intercept Request Useing Burp Proxy

4-Burp Intruder Deep Dive

Authenticated Scan With Burp

VA Using BurpSuite1

Play Around With Burpsuite - Lab

Chapter - Vulnerblity Assessment (VA) Using ZAP

DNS - Lab

1-WHAT is DNS _ DNS Recods

2-DIG_NSLOOKUP_DNSENUM

3-Introducing to DNSDUMPTER

4-Subdomain Enumration With Sublist3r

Chapter - Play Around With Burpsuite

DNS

Project Managment Dradis

HashCarck Hashcat

CrackThe Hash With HashCat - Lab

Sherlock

Sherlock- Lab

Flan-Scan

Feedback

Chapter - WAP & Ethical Hacking

What is a Web App_ Web App vs. Native App (Enable subtitles and watch the video please)

02 Why its difficult to secure web applications

Please use google translator and read this in your native language.

OWASP Top Ten

top-3-reasons-appsec-programs-fail-veracode

Web Application Security

ISO 27034 Standard review

Chapter - Threat Modelling

WAP and the importance of Threat Modelling

Threat Modeling

Threat Modelling by Microsoft

Getting started with the Threat Modeling Tool

Secure development best practices on Microsoft Azure

WAP Why Source code review

Secure Code Review

Secure Code Review another angle

OWASP_Code_Review_Guide_v2

WAP SAST DAST IAST and OAST

Build your arsenal and test out these tools

Magic Quadrant for Application Security Testing

Penetration Testing Methodologies Take 1 WSTG

WSTG Read this in your native language please.

WSTG Guide Link

Chapter - Lab For WAP

Perform XSS Stored

Os Command Execution

OS Command - Lab

The Harverster

The Harvester - Lab

Role Hijacking

Shodan a Search Engine

FTP Login

FTP Login

FTP - Lab

Arachni

Arachni - Lab

Admin Panel Hacking

Admin Panel Hacking

Feedback

WSTG - v4.2

Chapter#1 Information Gathering

Introduction and Objectives

Conduct Search Engine Discovery Reconnaissance for Information Leakage-1

Conduct Search Engine Discovery Reconnaissance for Information Leakage-2

Fingerprint Web Server

Web Fingerprinting-Lab

Enumerate Applications on Webserver

Enumerate Applications on Webserver-Lab

Identify Application Entry Points

7-Fingerprint Web Application Framework & Web Server

Chapter#2 Configuration and Deployment Management Testing

Test Network Infrastructure Configuration

Test File Extensions Handling for Sensitive Information

Test File Extensions Handling for Sensitive Information-Lab

Enumerate Infrastructure and Application Admin Interfaces

Enumerate Infrastructure and Application Admin Interfaces-Lab

Test HTTP Methods

Test File Permission

Test for Subdomain Takeover

Test Cloud Storage

Introduction to Burp Suite

How to Integrate Burp Suite with External Browser

Chapter#3 Identify Management Testing

Role Definition 1

Test Role Definitions-Lab

Role Definition -2

User Registration Process

Test User Registration Process-Lab

Test Account Provisioning Process

Guessable User Account

Testing for Sensitive Information Sent via Unencrypted Channels

Chapter#4 Authentication Testing

Testing for Sensitive Information Sent via Unencrypted Channels

Testing for Credentials Transported over an Encrypted Channel-Lab

Testing for Default Credentials

Testing for Default Credentials-Lab

Testing for Weak Lock Out Mechanism

Testing for Weak Lock-Out Mechanism-Lab

Testing for Bypassing Authentication Schema

Testing for Bypassing Authentication Schema-Lab

Testing for Vulnerable Remember Password

Testing for Vulnerable Remember Password-Lab

Testing for Browser Cache Weaknesses

Testing for Weak Password Policy

Testing for Weak Password Change or Reset Functionalities

Testing for Weaker Authentication in Alternative Channel

Chapter#5 Authorization Testing

Testing Directory Traversal File Include

Testing Directory Traversal File Include-Lab

Testing for Bypassing Authorization Schema

Testing for Bypassing Authorization Schema-Lab

Testing for Privilege Escalation-1

Testing for Privilege Escalation-2

Testing for Insecure Direct Object References

Chapter#6 Session Management Testing

Session Management Schema

Testing for Session Management Schema-Lab

Testing for Cookies Attributes

Testing for Cookies Attributes-Lab

Testing for Session Fixation

Testing for Session Fixation-Lab

Testing for Exposed Session Variables

Testing for Cross Site Request Forgery

Testing for Cross-Site Request Forgery-Lab

Testing for Logout Functionality & Session Timeout

Testing for Session Puzzling

Testing for Session Hijacking

Chapter#7 Input Validation Testing

Testing for Reflected Cross Site Scripting

Testing for Reflected Cross-Site Scripting-Lab

Testing for Stored Cross Site Scripting

Testing for Stored Cross-Site Scripting-Lab

Testing for HTTP Verb Tampering

Testing for HTTP Verb Tampering-Lab

Testing for HTTP Parameter Pollution

Testing for HTTP Parameter Pollution-Lab

SQL-Injection 1

SQL-Injection 2

SQL-Injection 3

Testing for SQL Injection-Lab

Testing for NoSQL Injection

Testing for NoSQL Injection-Lab

Testing for ORM Injection

Testing for ORM Injection-Lab

Testing for Client-side

Testing for Client-side-Lab

Overview of XML-XPATH

Testing for SSI Injection

Testing for XPath Injection

Testing for IMAP SMTP Injection

Testing for Code Injection

Testing for Local File Inclusion

Testing for Remote File Inclusion

Testing for Command Injection

Testing for Format String Injection

Testing for Incubated Vulnerability

Testing for Server-side Template Injection

Testing for Server-Side Request Forgery

Testing for Host Header Injection

Testing for HTTP Splitting Smuggling

Testing for HTTP Splitting Smuggling-Lab

Testing for HTTP Incoming Requests

Testing for HTTP Incoming Requests-Lab

Testing for Improper Error Handling

Testing for Improper Error Handling-Lab

Testing for Weak Transport Layer Security

Testing for Sensitive Information Sent via Unencrypted Channels

Testing for Weak Transport Layer Security.-Lab

Introduction to Business Logic

Feedback

API Testing

Deep Dive into Recon-NG

Recon-ng Marketplace and Modules

Recon-ng Modules

Generate Report in Recon-NG

Scan Subnet With Masscan

Scan subnet with masscan-lab

OS-Fingerprinting With Nmap

Nmap Scripting Engine

Port Scanning Using Netcat

Port Scanning Using Netcat-Lab

Use Netcat to Move Files From One System to Another System

Use Netcat to Move Files From One System to Another System-Lab

Banner Grabbing Using Netcat

Banner Grabbing Using Netcat-Lab

Netcat Reverse Shell

Use Nessus to Perform Scan and Find Vulnerabilities on Various Systems

use Nessus to perform scan and find vulnerability on various systems-Lab

Generate a Reports after Perform a Scan

Generate a Report after Performing a Scan-Lab

Introduction to Metasploit

Introduction to metasploit-Lab

Scan Target and Find Exploit Using Metasploit

Scan Target and Find Exploit Using Metasploit-Lab

Exploit Windows Server 2003 With Metasploit

Exploit RCE on Windows XP With Metasploit

Exploit RCE on Windows Server 2008 With Metasploit

Exploit Windows Server 2003 With Metasploit-Lab

Metasploit Post Exploitation

Introduction to Empire Framwork

Introduction to Empire Framwork

Introduction Empire-Framework-Lab

Target Exploitation With Empire-Framework

Target Exploitation With Empire-Framework-Lab

Privesc

Mimikatz

Mimikatz-Lab

Collection

Situational Awareness

Persistence

Feedback

2_1Metasploit Architecture

3_MODULES AND LOCATIONS

4_Core Commands

5_ACTIVE AND PASSIVE EXPLOITS

6_Exploits

7_Using Exploit

8_Exploit vs PAYLOAD _ Payload TYPES

9_Generate a Payload

10_0Database Configuration

10_1Deep Dive into Database with Metasploit

11_Meterpreter

12_Meterpreter Commands

13_Python

14_Information-Gathring Metasploit

15_Port-Scaning

16_MSSQL

17_Service Enumeration

18_Password-Sniffing

19_Enumrate Windows Patches

20_VULNERABILITY SCANNING

21_SMB_Login

22_Nexpost_With Metasploit

23_Nessus With Metasploit

24_Web Testing With Metasploit

25_BINARY PAYLOADS

26a_PASS THE HASH

26b-PASS THE HASH

27_Armitage

Feedback

Chapter#1 Reconeneses

CDN

Close_Source _ Open_Source

Digital Certificates

DNS Passive DNS

Firewall

Gather Victim Network Information

Gather_Victim_Host_Information

Hardware_Software_Frimware_Configrations

Information Domain Properties

IP_Address_Network

Network Topology

Phishing

Scan Databases

Scaning-IP-Blocks

Search Engins

Search Open Technical Databases

Social Media

Technical_Data

Victim Business Tempo _ Identify the Roles

Victim Identity Information

Victim Org Information

Vulnerblity Scanning

Whois

Wordlist_Scanning

Chapter#2 Resource Development

Acquire Infrastructure

Botnet

Compromise Accounts

Compromise Infrastructure

DNS_Server

Resource Development

VPS-Server

Chapter#3 Initial Access

1-Initial Access

2-Drive By Compromise

3-Exploit Public Facing Application-Servers

4-Exploit External Remote Services

4a -ssh-betterdefaultpasslist

5-Hardware Adttion

6-Supply Chain Compromise

7-Phishing-Attack

8-Valid-Account-Local-Accounts- Domain - Colud Account

Chapter#4 Execution

1-Execution

2-Powershell- CMD-CLI-PowerView-Script Execution

3-Python Script Execution

3a-Reverse

4-Linux-Execution

5-Java-Script

6-Container

6-Network_CLI

6a-Pass

7-Exploitation for Client Execution

8-Scheduled Task Job

9-AT

10-CronJob

11-Task Secluder

12-Software Deployment

13-Service Execution

13a-MS-Link

Chapter#5 Persistence

1-Persistence

2-Additional Cloud Credentials-GCP-AZURE-AWS

3-SSH_Authorized_keys

4-Boot-Logon-Execution

5-BITS-JOB

5a-Commands

5b-Creds

6-Registry Run Keys

6-1-Registry Run Keys

7-Winlogon REGKEY Persestence

8-Powershell-Tasksch

9-Authentication Packages

11-Time-Provider

12-All

13-Logon Script (Windows)

14-Compromise Client Software Binary

15-Local-Account

16-Windows Severice

17-Screensaver

18-Windows Management Instrumentation Event Subscription

19-Netsh Helper DLL

22-winlogon-pratical

Outlook-Rules

Implant Internal Image

Office Test

Password Filter DLL

DLLfile

winlogon

OutLook-Form

Office Template Macros

1Persistence-DLL-Hijacking

2Persistence-DLL-Hijacking

Modify Authentication Process Domain Controller Authentication

Chapter#-6. Privilege Escalation

0-Privilege escalation

1-SetUIT _ SetGID

2-Privesc setuid _ setgid

3-Privesc setuid _ setgid

3a-Sudo and Sudo Caching

4-Bypass User Account Control

5-1Access Token Manipulation

6-2Access_Token Manipulation

1-Registry Run Keys Startup Folder

2-Registry Run Keys Startup Folder

8-Active_Setup

9-Network_LogOn Script

Windows_Services

10-Group Policy Modification

10-Group Policy Modification-2

11-Accessibility Features

1-Windows Management Instrumentation Event Subscription

Management Instrumentation Event Subscription

13-Profile

14-COM

15-Exploitation for Privilege Escalation

16-Deep Dive into the DLL Hijacking

17-Process Injection

18Privsec with Awesome Automated Script

Chapter#- 7. Defense Evasion

1-Defense Evasion

2-BITS Jobs

3-Exploitation for Defense Evasion

4-File and Directory Permissions Modification

5-Hidden Files and Directories

6-Hidden Users

Chapter#- 8. Credential Access

1-Credential Access

2-LLMNRNBT-NS Poisoning and SMB Relay

1-ARP Cache Poisoning

2-ARP Cache Poisoning

3-DHCP Spoofing

Guessing

5-Password Spraying

6-Credential Stuffing

7-Credentials from Web Browsers

Credential Manager

Exploitation for Credential Access

10-Forced Authentication

11-Keylogging

12-LSASS Memory

13-Security Account Manager

14-DCsync

Chapter#- 9. Discovery

Discovery

File and Directory Discovery

Network Service Discovery

Network Share Discovery

Password Policy Discovery

Process Discovery

System Information Discovery

Chapter#- 10. Lateral Movement

1-Lateral_Movements

2-1poshc2

2-2poshc2

3-Exploitation of Remote Services

4-Lateral Tool Transfer

5-5Remote Desktop Protocol

5-PtH

6-SSH-Hijacking

7-Windows Remote Management

8-starkiller

9-Pass_The_Ticket

RDP

1-Collections

Chapter#-11. Collection

1-2-Collections

2-audio_Captuer

3-Automated_Collection

4-Browser Session Hijacking

6-Clipboard

7-Data from Information Repositories

8-Code Repositories

9-Data from Local System

10-Data from Network Shared Drive

11-Data from Removable Media

12-Email Collection

13-Credential API Hooking

14-screenshot

Chapter#-12. Command and Control

1-Command _ Control

2-Web Protocols

4-Data Encoding

5-Obfuscate-Junk-Data

6-Encrypted Channel

7-Ingress Tool Transfer

8-DNS Tunling

9-Data from Local System

10-Data from Network Shared Drive

10-1-Proxy

11-RAS

Bidirectional Communication

Chapter#-13.Exfiltration

Schedule Transfer

Exfiltration over USB

Exfiltration Over C2 Channel

Data Transfer Size Limits

Data Exfiltration

Feedback

2-1 Adversary in the Middle - Part 1

2-2 Adversary in the Middle - Part 2

2-3 Adversary in the Middle - Part 3

2-Adversary in the Middle

3-0- Adversary Emulation offensive Defensive - Part 1

3-1- Adversary Emulation offensive Defensive - Part 2

3-2- Adversary Emulation offensive Defensive - Part 3

3- Security Analysis of MITM Attack on SCADA Network _ Springer Link

4- What is SCADA

4 - ICS Red Team

5- How to Select Target

5- Target

6- SCADA Protocols

6- Protocols

7-Ofensive SCADA Attacks

7- SCADA vulnerabilities and attacks A review of the state of the art and open issues

8-1- Publicly Exposed SCADA Systems Part 1

8-2- Publicly Exposed SCADA Systems Part 2

8-CISA warns of critical flaws in ICS

11- Case Study Mirai Malware

9- Siemens S7-1200 Target

10- SCADA Security Testing and Simulations

class-dump_03_04_05

Clutch_IOS_06

CyberDuck_IOS_07

Cycript_IOS_08

Cycript_IOS_09

dsdump_10

Dump_Decrypted_IOS_11

Filezilla_IOS_12

Frida_Cycript_13

Frida_IOS_DUMP_14

GDB_IOS_15

Fridpa_IOS_016

iFunBox_IOS_017

Introspy_IOS_018

IOS-Backup_IOS_019

IOS-Deploy_IOS_20

Keychain_dumper_IOS_021

LLDB_IOS_022

Optool_IOS_023

Plutil_IOS_024

SILEO_IOS_025

simctl_IOS_026

IOS-ssl-pinning_IOS_027

TablePlus_IOS_028

USBMUXD_IOS_29

xcode-xcrun_IOS_30_31

Feedback

Angr

Apktool_StaticAnalysis_002

Frida_Android_003

AndroGoat

Ghidra_004

bloat

IDA_005

CrackMe

Hopper_006

MobSF_007

LIEF_008

Objection_009

Radare2_010

Radare2

ADB_011

Android_NDK_012

Android_SDK_013

Android_Studio_14

Android_SSL_Trust_Killer_015

Download

APKid_016

APKLab_017

App Debug

APKx_018

statAPP

BusyBox_019

Drozer_020

Diva-beta

ByteCodeViewer_021

Bytecode-viewer

Just_Trust_Me_022

Root_Cloak_Plus_023

Termux_024

Jadx_025

Jdx-jui

JDB_026

SSL_Unpiining_APK_028

SSL

scrcpy_029

scrcpy

ProGuard_030

Inspeckage_031

Inspackage

Feedback