Hacking 101

IOT : Penetration Testing

by TechnoHerder : November 26, 2022January 18, 2023 1 Comment

IOT Attack Vector Resource https://blog.certcube.com/iot-101/ https://sec4dev.io/sessions/iot-hacking-101 https://github.com/V33RU/IoTSecurity101 Training https://www.pentesteracademy.com/course?id=37 https://www.attify.com/iot-security-exploitation-training https://www.sans.org/cyber-security-courses/iot-penetration-testing/ IoT Penetration Testing Cookbook: Identify vulnerabilities and secure your smart devices The IoT Hacker’s Handbook: A Practical Guide to Hacking the Internet of Things Practical IoT Hacking: The Definitive Guide to Attacking the Internet of Things Advanced Penetration Testing Hacking IoT

Hacking 101 Network Attack

External Network Penetration Testing

by TechnoHerder : November 26, 2022January 18, 2023 Leave a comment

Reconnaissance Passive External Network Reconnaissance Active External Network Reconnaissance NMAP Scanning /24 IP range with UDP and TCP scan using SMB NSE script. Recon-NG User account enumeration On web app portal Exposed services – Protocols HTTP/HTTPS SMTP DKIM / DMARC / SPF misconfiguration https://github.com/BishopFox/spoofcheck.git https://github.com/Mr-Un1k0d3r/SPFAbuse SNMP FTP SSH Databases (MySQL, MSSQL, Oracle, DB2, Postgre, MongoDB…) […]

Hacking 101 Network Attack

Internal Network Penetration Testing Notes

by TechnoHerder : November 26, 2022June 19, 2023 2 Comments

A collection of notes and snippets for guiding an Internal Network Penetration Test. Commands, techniques, and walkthroughs of examples of weaknesses to identify.

Hacking 101 Tools

Fuzzing Web Applications using FFuf

by TechnoHerder : November 25, 2022April 1, 2023 Leave a comment

FFuf is a fast web fuzzer written in Go. In, this article we will learn how to use FFuf to enumerate directories and break authentication in web applications. Note: All my articles are for educational purposes. If you use it illegally and get into trouble, I am not responsible. Always get permission from the owner […]

Hacking 101 Tools

Wireshark — A Walkthrough Of The Best Packet Analyzer In The World

by TechnoHerder : November 25, 2022April 1, 2023 Leave a comment

Wireshark is the best network traffic analyzer and packet sniffer around. In this article, we will look at Wireshark in detail. Wireshark is a network analyzer that lets you see what’s happening on your network. Wireshark lets you dissect your network packets at a microscopic level, giving you in-depth information on individual packets. Wireshark was […]

Hacking 101 Pentest

Console Review

by TechnoHerder : November 24, 2022January 2, 2023 Leave a comment

Here is a list of things to check for on a manual console review for a firewall, switch, wireless controller, router, etc, and there is not a security best practice guide for that specifc device: Rule base for the use of ANY for SOURCE/DESTINATION/SERVICE or overly permissive, such as allowing large ranges (e.g. x.x.x.x/16) Rules […]

Cryptography Hacking 101

NaCL Cryptography Programming

by TechnoHerder : November 21, 2022January 18, 2023 Leave a comment

Overview For this lab, you will be using basic cryptographic functions provided by the Sodium crypto library (libsodium), which is a portable fork of NaCl, the “Not Another Crypto Library” developed by Daniel J. Bernstein (DJB). Libsodium has API bindings for common programming languages beyond C/C++. You can implement the lab in any language you […]

Hacking 101 Social Engineering

Social Engineering – Lab

by TechnoHerder : November 21, 2022January 8, 2023 1 Comment

In this lab you are going to perform social engineering activities using the Social-Engineer Toolkit (SET). “The Social-Engineer Toolkit is an open-source penetration testing framework designed for social engineering. SET has a number of custom attack vectors that allow you to make a believable attack quickly.” – https://github.com/trustedsec/social-engineer-toolkit Note: A key selling point of many […]

Hacking 101 Post-Exploitation

Post-Exploitation – Lab

by TechnoHerder : November 21, 2022January 7, 2023 Leave a comment

Prereq – Have a local instance of Kali running and finish the Metasploit lab. https://hack.technoherder.com/vm-setup-kali-metasploitable2/ https://hack.technoherder.com/metasploit-2/ Part 1 – John the Ripper Let’s say you have password hashes from an earlier exploit. (Such as the password hashes obtain in the Metasploit Lab). While that was helpful by itself to see what usernames exist, it would […]

Hacking 101 Network Attack Network Scan & Map

Metasploit – Lab

by TechnoHerder : November 21, 2022January 2, 2023 Leave a comment

Metasploit is an open source platform for vulnerability research, exploit development, and the creation of custom security tools. In this lab, we’re going to be using Metasploit to attack the Metasploitable2 VM. Preqreq – have a local Kali instance and Measploitable2 VM running. https://hack.technoherder.com/vm-setup-kali-metasploitable2/ Activities Part 1 – Getting Started Update Kali: Start the Kali […]