CND
  • CND
    • WHOAMI
    • PROJECTS
      • DEV
        • PERSONAL WEBSITE
        • GITHUB
        • ARDUINO
      • CYBER
        • PERSONAL CYBER RANGE
    • SELF DEVELOPMENT
      • TRAINING PLATFORMS
      • PREP MATERIALS
        • OPERATOR DEVELOPMENT & INTEGRATION EFFORT (ODIE) ASSESSMENT
        • COMPUTER NETWORK ASSESSMENT BATTERY (CNAB)
        • COMPUTER NETWORK OPERATIONS QUALIFICATION COURSE (CNOQC)
        • COMPUTER NETWORK OPERATIONS DEVELOPMENT PROGRAM (CNODP)
        • DATA ENGINEER
        • CYBER COMMON TECHNICAL CORE (CCTC)
      • WRITEUPS/WALKTHROUGHS
        • HTB ACADEMY
          • BUG BOUNTY HUNTER
        • HTB LABS
          • STARTING POINT
            • TIER 0
              • 01.MEOW (TELNET)
              • 02.FAWN (FTP)
              • 03.DANCING (SMB)
              • 04.REDEEMER (REDIS DB)
              • 05.EXPLOSION (RDP)
              • 06.PREIGNITION (WEB FORM LOGIN)
              • 07.MONGOD (MONGODB)
              • 08.SYNCED (RSYNC)
            • TIER 1
              • 01.APPOINTMENT (SQL INJECTION)
              • 02.SEQUEL (MYSQL)
              • 03.CROCODILE (FTP & WEB FORM LOGIN)
              • 04.RESPONDER (RFI, NTLM CAPTURE, PW CRACKING & WINRM)
              • 05.THREE (AWS S3 BUCKET)
              • 06.IGNITION (DIRECTORY ENUMERATION & BRUTE FORCE)
              • 07.BIKE (SSTI)
              • 08.FUNNEL (PASSWORD SPRAYING & LOCAL PORT FORWARDING)
              • 09.PENNYWORTH (GROOVY SCRIPTING & REVERSE SHELL)
              • 10.TACTICS (SMB)
            • TIER 2
              • 01.ARCHETYPE (PRIVESC & MSSQL SERVER)
              • 02.OOPSIE
              • 03.VACCINE
              • 04.UNIFIED
        • THM
          • ADVENT OF CYBER
            • 2024
            • 2023
            • 2022
          • SOC LEVEL 1
            • PRACTICAL EXERCISES
              • NETWORK SECURITY & TRAFFIC ANALYSIS
                • SNORT
                • NETWORK MINER
                • ZEEK
                • BRIM
                • WIRESHARK: BASICS
                • WIRESHARK: PACKET OPERATIONS
                • WIRESHARK: TRAFFIC ANALYSIS
                • TSHARK: THE BASICS
                • TSHARK: CLI WIRESHARK FEATURES
              • ENDPOINT SECURITY MONITORING
                • INTRO TO ENDPOINT SECURITY
            • SKILLS ASSESSMENT
              • NETWORK SECURITY & TRAFFIC ANALYSIS
                • SNORT CHALLENGE (BASICS)
                • SNORT CHALLENGE (LIVE ATTACKS)
                • ZEEK EXERCISES
                • TSHARK CHALLENGE I: TEAMWORK
                • TSHARK CHALLENGE II: DIRECTORY
              • ENDPOINT SECURITY MONITORING
        • HOLIDAY HACK CHALLENGE (SANS)
          • 2024:SNOW-MAGGEDON
      • PROVING GROUNDS
        • ADVENT OF CYBER: SIDE QUEST (THM)
          • 2024
        • CMU
        • CYBER FLAG
        • PRESIDENT'S CUP
      • COLLEGE
        • 03.DAKOTA STATE UNIVERSITY (DSU)
          • 2025
            • 01.CSC428: REVERSE ENGINEERING
          • 2024
            • 01.CSC314: ASSEMBLY LANGUAGE
            • 02.CSC300: DATA STRUCTURES
              • 01.C++ OVERVIEW: CLASSES & DATA ABSTRACTION
              • 02.OBJECT ORIENTED DESIGN & C++
              • 03.POINTERS
              • 04.ARRAY-BASED LIST
              • 05.LINKED LISTS
              • 06.DOUBLY LINKED LIST
              • 07.STACKS
              • 08.QUEUES
              • 09.BINARY TREES
          • 2023
            • 01.CSC250: COMPUTER SCIENCE II
            • 02.CSC334: WEB DEVELOPMENT
            • 03.MATH201: INTRODUCTION TO DISCRETE MATHEMATICS
        • 02.UNIVERSITY OF ARIZONA (UA)
        • 01.TECHNICAL COLLEGE OF THE LOWCOUNTRY
      • NOTES
  • PLAYBOOK
    • DCO
      • 01.PRE-ENGAGEMENT
        • 01.PDSS
      • 02.ENGAGEMENT
        • PLAN
          • 01.ROE
        • PREPARE
          • 01.CTI
          • 02.DETECTION ENGINEERING
        • EXECUTE
          • THREAT HUNTING
            • 01.TRAFFIC ANALYSIS
              • LOW-HANGING FRUIT
                • HOST IDENTIFICATION
                  • WIRESHARK
                  • TSHARK
                • CLEARTEXT CREDENTIALS
                  • WIRESHARK
                • CLEARTEXT PROTOCOLS
                  • WIRESHARK
                    • FTP ANALYSIS
                    • HTTP ANALYSIS
                    • LOG4J ANALYSIS
                • DNS QUERIES
                  • TSHARK
                • USER-AGENTS
                  • TSHARK
              • PORT SCANS
                • WIRESHARK
                • KIBANA
                • SPLUNK
              • ARP POISONING
                • WIRESHARK
              • TUNNELING (DNS/ICP)
                • WIRESHARK
                  • ICMP TUNNELING
                  • DNS TUNNELING
              • ENCRYPTED PROTOCOLS
                • WIRESHARK
                  • HTTPS ANALYSIS
                    • SNI INSPECTION
                    • ENCRYPTION KEY LOG FILE
            • 02.LOG ANALYSIS
          • INCIDENT RESPONSE
          • FORENSICS
            • MALWARE ANALYSIS
            • REVERSE ENGINEERING
        • ASSESS
      • 03.POST ENGAGEMENT
        • DEBRIEF
        • DOCUMENTATION
          • MISSION DEFENSE PLAN/RISK MITIGATION PLAN
    • OCO
      • 01.PRE-ENGAGEMENT
        • 01.PDSS
        • 02.ROE
        • 03.RESOURCE DEVELOPMENT
          • 01.INFRASTRUCTURE DEVELOPMENT
          • 02.MALWARE DEVELOPMENT
          • 03.EXPLOIT DEVELOPMENT
      • 02.ENGAGEMENT
        • 01.IN
          • 01.PRE-ACCESS
            • 01.VPN CONNECTION
            • 02.ANALYST LOGGING
            • 03.OPNOTES
          • 02.ACCESS
            • RECONNAISSANCE (EXTERNAL)
              • RECONNAISSANCE (PASSIVE)
                • OSINT
              • RECONNAISSANCE (ACTIVE)
                • WEB
                  • SUBDOMAIN ENUMERATION
                    • CURL
                  • SUBDOMAIN BRUTE-FORCING
                    • DNSENUM
                  • DNS ZONE TRANSFER
                    • DIG
                  • DIRECTORY ENUMERATION
                    • CURL
                  • PROFILING/FINGERPRINTING
                    • WAFWOOF
                    • WHATWEB
                    • WAPPALYZER
                  • FUZZING
                    • 01.SUBDOMAIN FUZZING
                      • FFUF
                    • 02.VIRTUAL HOSTS FUZZING
                      • GOBUSTER
                      • FFUF
                    • 03.DIRECTORY FUZZING
                      • FFUF
                    • 04.PAGE FUZZING
                      • FFUF
                      • GOBUSTER
                    • 05.PARAMETER FUZZING
                      • FFUF
                    • 06.VALUE FUZZING
                      • FFUF
                  • USER ENUMERATION
                    • WEB LOGIN FORM
                  • SPIDERING/WEB CRAWLING
            • VULNERABILITY SCANNING
              • WEB
                • NIKTO
            • WEAPONIZATION
              • OBFUSCATION
                • JAVASCRIPT
              • SHELLCODES
              • PASSWORDS/PINS
                • PINS
                • DICTIONARY
                • CUSTOM WORDLIST
                  • USERNAMES
                  • PASSWORDS
              • TROJANS
                • TROJAN BACKDOOR
              • MALICIOUS DOCUMENTS
                • MACRO EMBEDDING DOCX
              • SCRIPTS
                • WEB SHELLS
                  • PHP
                • REVERSE SHELLS
                  • BASH
                  • GROOVY (JENKINS)
                • ENUMERATION
                  • PYTHON
                    • PARAM-FUZZER.PY
                  • BASH
                • WSDL
                  • SQLI
                  • CMD INJECTION
            • DELIVERY
              • SOCIAL ENGINEERING
              • WATERING HOLE
              • SUPPLY CHAIN
            • EXPLOITATION
              • INJECTIONS
                • CLIENT-SIDE
                  • CROSS-SITE SCRIPTING (XSS)
                    • XSS DISCOVERY
                      • XSS TESTING (MANUAL)
                      • XSS TESTING (HYBRID)
                    • WEBPAGE DEFACEMENT
                    • XSS PHISHING
                    • XSS SESSION HIJACKING (AKA COOKIE STEALING)
                      • BASIC XSS TESTS
                      • OBTAINING SESSION COOKIES (PHP SERVER)
                      • OBTAINING SESSION COOKIES (NETCAT SERVER)
                  • SQL INJECTION (SQLI)
                    • 01.SQLI DISCOVERY
                      • 01.SQLI TESTING (MANUAL)
                        • URL PARAMETER METHOD
                        • LOGIN FORMS
                      • 01.SQLI TESTING (HYBRID)
                        • SQLMAP
                      • 02.SQLI LOCATION IDENTIFICATION
                    • 02.SQLI DB ENUMERATION
                    • AUTHENTICATION BYPASS
                    • CREDENTIAL DUMPING
                    • SQLI READING FILES
                    • SQLI WRITING WEB SHELL FILES
                  • COMMAND INJECTION
                    • 01.DISCOVERY
                    • FILTER EVASION/BYPASS
                      • FRONT-END VALIDATION: CUSTOMIZED HTTP REQUEST
                      • SPACE & NEW LINE CHARACTERS
                      • SLASH & BACKSLASH
                      • BLACKLISTED CHARACTERS
                      • BLACKLISTED CMDS
                      • ADVANCED CMD OBFUSCATION
                    • EVASION TOOLS
                  • HTML INJECTION
                  • XML EXTERNAL EXTITY (XXE)
                    • DISCOVERY
                    • INFORMATION DISCLOSURE
                    • INFORMATION TAMPERING
                      • RCE
                    • EXFILTRATION
                      • OOB BLIND DATA EXFIL
                        • XXEINJECTOR (AUTOMATED)
                    • IMPACT
                      • DOS
                  • CROSS-SITE REQUEST FORGERY (CSRF/XSRF)
                    • DISCOVERY
                    • CSRF BYPASS
                    • TRIGGERS
                      • W/O ANTI-CSRF TOKEN
                      • WITH ANTI-CSRF TOKEN (GET METHOD)
                      • WITH ANTI-CSRF TOKEN (POST METHOD)
                      • CHAINING (XSS & CSRF)
                        • MAKING PROFILE PUBLIC
                        • ADDING A FUNCTION TO THE PROFILE PAGE
                      • WEAK CSRF TOKENS
                • SERVER-SIDE
                  • SSRF
                    • 01.DISCOVERY
                      • BLIND SSRF
                    • ENUMERATION
                    • LFI
                  • SSTI
                    • IDENTIFICATION
                    • JINJA (EXPLOITATION)
                    • TWIG (EXPLOITATION)
                    • HANDLEBARS NODEJS (EXPLOITATION)
                      • PAYLOAD
                  • SSI INJECTION
                    • SSI (EXPLOITATION)
                  • XSLT INJECTION
                    • IDENTIFICATION
                    • XSLT INJECTION (EXPLOITATION)
              • FILE UPLOADS
                • 01.DISCOVERY
                • FILTER EVASION/BYPASS
                  • CLIENT-SIDE VALIDATION
                    • BACK-END REQUEST MODIFICATION
                    • DISABLING FRONT-END VALIDATION
                  • BACK-END VALIDATION
                    • BLACKLIST EXTENSION FILTERS
                    • WHITELIST EXTENSION FILTERS
                    • CONTENT TYPE FILTER
                • UPLOAD EXPLOITATION
                  • WEB SHELL
                    • CUSTOM WEB SHELLS
                      • PHP WEB SHELL
                      • .NET WEB SHELL
                      • HTML FORM SHELL
                  • REVERSE SHELLS
                    • CUSTOM REVERSE SHELLS
                  • LIMITED FILE UPLOADS
                    • EMBEDDED JAVASCRIPT (XSS)
                    • XML EXTERNAL ENTITY (XXE)
                • ARBITRARY FILE UPLOAD
              • BRUTE FORCE
                • WEB
                  • BASIC HTTP AUTHENTICATION
                  • WEB LOGIN FORMS
                    • HYDRA
                    • FFUF
                  • PASSWORD RESET: TOKENS
                  • 2FA
                  • LOW-HANGING FRUIT
                    • EMPTY/DEFAULT PWS
                    • DEFAULT CREDENTIALS
                  • PASSWORD RESET: SECURITY QUESTIONS
                  • PIN CRACKING
                  • SESSION TOKENS
                    • IDENTIFICATION
                    • TAMPERING/FORGING SESSION TOKENS
                • EXPOSED SERVICES
                  • SSH
                  • FTP
                  • RDP
                  • SMB
                • PASSWORD CRACKING (OFFLINE)
                  • HASH IDENTIFICATION
                  • JOHN THE RIPPER
                  • HASHCAT
              • AUTHENTICATION BYPASS
                • DIRECT ACCESS
                • PARAMETER MODIFICATION
                • HTTP VERB TAMPERING
                  • INSECURE CONFIGURATION
                  • INSECURE CODING
                • SESSION ATTACKS
                  • SESSION HIJACKING
                  • SESSION FIXATION
                    • DISCOVERY
              • WI-FI
                • WPA/WPA2 CRACKING
              • IDOR
                • IDENTIFICATION
                • INFORMATION DISCLOSURE
                  • PLAINTEXT REFERENCES
                  • PARAMETER MANIPULATION & COOKIE TAMPERING
                  • ENCODED REFERENCES
                • INFORMATION ALTERATION
                  • INSECURE FUNCTION CALLS
              • FILE INCLUSION
                • LFI
                  • DISCOVERY
                    • FUZZING FOR LFI PAYLOADS (AUTOMATED)
                      • EXTRA PAYLOADS
                  • BASIC BYPASSES
                  • SOURCE CODE DISCLOSURE
                  • RCE
                    • FILE UPLOADS
                    • LOG FILE POISONING
                      • PHP SESSION POISONING
                      • SERVER LOG POISONING
                • RFI
                  • DISCOVERY
                  • RCE
              • OPEN REDIRECT
                • DISCOVERY
                • CREDENTIAL THEFT
            • DEFENSE EVASION
            • FOOTHOLD
              • RECONNAISSANCE (INTERNAL)
                • HOST DISCOVERY
              • ENUMERATION
                • SERVICES
                  • SMB
                  • MS SQL
                • WINPEAS
              • PERSISTENCE
              • COMMAND & CONTROL
        • 02.THROUGH
          • NETWORK PIVOTING
            • MITM (POST-EXPLOITATION)
              • SESSION HIJACKING
            • PORT FORWARDING
              • LOCAL PORT FORWARDING
          • DISCOVERY
          • PRIVILEGE ESCALATION
            • PSEXEC.PY
            • HARDCODED CREDENTIALS
            • MISCONFIGURATIONS
              • SETUID
            • VI
          • EXECUTION
          • CREDENTIAL ACCESS
            • SESSION HIJACKING
            • PASSWORD CRACKING
              • JOHN THE RIPPER
                • CRACKING ENCRYPTED FILES (ZIP)
                • CRACKING ENCRYPTED FILES (PDF)
              • HASHCAT
                • CRACKING MD5 HASHES
          • LATERAL MOVEMENT
        • 03.OUT
          • COLLECTION
          • EXFILTRATION
            • SCP
          • IMPACT
            • DOS
              • XXE PAYLOAD DOS
              • DECOMPRESSION BOMB
              • PIXEL FLOOD
              • REDOS
                • DISCOVERY
            • TIMING ATTACKS
              • RACE CONDITIONS
            • MITM
              • WEBSOCKETS
          • OBJECTIVES
      • 03.POST-ENGAGEMENT
        • ARTIFACTS CLEARING
        • DEBRIEF
        • INFRASTRUCTURE RESET
        • DOCUMENTATION
          • REPORT
    • DEV
    • SRE
      • REVERSE ENGINEERING
        • STRING PATCHING
        • BINARY PATCHING
        • STACK MAPPING
        • RECOGNIZING C CODE CONSTRUCTS IN ASSEMBLY
          • GLOBAL & LOCAL VARIABLES
          • ARITHMETIC OPERATIONS
          • FUNCTION CALLS
          • ARRAYS
          • STRUCTS
          • LINKED-LIST TRAVERSAL
          • FLOW CONTROL
            • IF STATEMENTS
            • SWITCH STATEMENTS
            • LOOPS
        • FINDING MAIN()/ENTRY POINT W/O DEBUG SYMBOLS
      • SOFTWARE EXPLOITATION
  • ENGINEERING
    • INSTALLATION PROCEDURES
      • TARGETS
        • DVWA
        • VULNHUB
    • CONFIGURATION PROCEDURES
      • WEB
        • BASIC HTTP AUTHENTICATION
        • CSRF PROTECTED FORM
      • NETWORKING
        • CISCO SWITCH
          • VLAN TRUNKS
          • PORT SECURITY
        • CISCO ROUTER
  • SYSTEM ADMINISTRATION
    • LINUX
      • NETWORKING
        • RESTART NETWORK SERVICES
        • LOCAL DNS RESOLUTION
      • LOCATING
      • FILE SHARING
      • PACKAGES
        • NORDVPN
    • WINDOWS
      • DISK PARTITIONING
        • DISKPART
      • ACTIVE DIRECTORY
        • PASSWORD
        • DOMAIN USER
      • OPEN SSH
        • PRIVATE KEY PERMISSIONS
      • LOCAL DNS RESOLUTION
  • TOOLING
    • DCO
      • CYBER THREAT INTELLIGENCE (CTI)
        • OPENCTI
        • MALWARE INFORMATION SHARING PLATFORM (MISP)
      • DETECTION ENGINEERING
        • HOST
          • NETWORK MINER
        • NETWORK
          • SNORT
            • SELF-TEST MODE
            • SNIFFER MODE
            • PACKET LOGGER MODE
            • IDS/IPS MODE
            • PCAP READING MODE
            • RULE WRITING
              • SAMPLE RULES
              • MAGIC NUMBERS
      • THREAT HUNTING
        • NETWORK ANALYSIS
          • IDS/IPS
            • SNORT
            • SURICATA
          • PACKET ANALYZER
            • WIRESHARK
              • MERGING PCAPS
              • FINDING SPECIFIC STRINGS/PACKETS
              • EXPORTING PACKETS
              • EXPORTING OBJECTS
              • CREATING PROFILES
              • BOOKMARKING FILTERS
              • PACKET FILTERING
                • OPERATORS & FUNCTIONS
                • PROTOCOL FILTERS
                  • IP FILTERS
                  • TCP/UDP FILTERS
                  • APPLICATION FILTERS
                • FILTER BUILDER
              • CREATING FW RULES
            • TSHARK
              • SNIFFING TRAFFIC
                • CAPTURE FILTERS
              • READING CAPTURE FILE
                • DISPLAY FILTERS
                • OUTPUT FORMAT SELECTOR
              • FOLLOWING DATA STREAMS
              • EXTRACTING DATA
              • PACKET FILTERING
                • DISPLAYING PACKET STATISTICS
                • ADVANCED FILTERING
            • TCPDUMP
              • EXTRACTING INFORMATION
          • SIEM
            • ELASTIC STACK
            • SECURITY ONION
            • SPLUNK
          • NSM
            • ZEEK
              • MODES
              • LOGS
              • SIGNATURES
                • HTTP CLEARTEXT PASSWORD DETECTION
                • FTP BRUTE FORCE DETECTION
              • SCRIPTING
              • EVENT CORRELATION
              • FRAMEWORK
                • FILE FRAMEWORK | HASHES
                • FILE FRAMEWORK | EXTRACT FILES
                • NOTICE FRAMEWORK | INTELLIGENCE
                • CLEARTEXT SUBMISSION OF PWDS
                • GEO-LOCATION DATA
              • PACKAGES
        • HOST ANALYSIS
          • YARA
          • FLOSS
          • BRIM
            • QUERIES
            • QUERY REFERENCE
          • SYSINTERNALS
            • TCPVIEW
            • PROCESS EXPLORER
            • SYSMON
          • POWERSHELL
          • WINDOWS EVENT LOGS
          • OSQUERY
          • EDR
            • WAZUH
      • DFIR
        • EXIFTOOL
        • NETWORK FORENSICS
          • NETWORK MINER
      • ATOMIC RED TEAM
      • UTILITIES
        • JQ
      • REVERSE ENGINEERING
        • DISASSEMBLERS
          • RADARE2
          • GHIDRA
          • IDA PRO
          • BINARY NINJA
          • CUTTER
          • HOPPER
        • DEBUGGERS
          • GDB/GEF
          • GEF
          • X64DBG
          • WINDBG
    • OCO
      • C2
        • COBALT STRIKE
        • SLIVER
        • MYTHIC C2
          • INSTALLATION
            • ON-PREMISE
            • AWS EC2
            • AZURE
          • C2 PROFILES
            • HTTP
          • AGENTS
            • WINDOWS
          • PAYLOAD CREATION
            • AWS CLOUDFRONT IMPLEMENTATION
            • AZURE FRONT DOOR IMPLEMENTATION
            • NGINX CONDITIONAL REDIRECTION IMPLEMENTATION
        • MITRE CALDERA
          • ON-PREMISE
        • HAVOC C2
        • METASPLOIT
      • VPS
        • REDIRECTORS
          • AWS CLOUDFRONT
            • LOAD BALANCER (AWS EC2)
            • CLOUDFRONT
              • GEO RESTRICTION (OPSEC)
          • AZURE FRONT DOOR
            • FRONT DOOR
          • NGINX (AWS EC2/AZURE)
            • C2 AGENT/USER-AGENT CONDITIONAL REDIRECTION (OPSEC)
              • NGINX FW RULE
              • C2 SERVER FW RULE
            • DIRECTORY REDIRECTION (OPSEC)
          • NGINX (ON-PREMISE)
        • PAYLOAD SERVER
          • NGINX (AWS EC2/AZURE)
            • FW RULES
            • CONFIGURATION
              • FACADE FILES
          • PWNDROP
        • PHISHING SERVER
          • EVILGINX (AWS EC2/AZURE)
            • FW RULES
            • HOMOGRAPHS
            • TRIGGERS
              • CREDENTIAL HARVESTING
              • MFA BYPASS
          • GOPHISH
            • FW RULES
            • CONFIGURATION
            • CAMPAIGNS
            • TRIGGERS
              • MALICIOUS DOWNLOADS
      • WIFI
        • ALFA AWUS1900 WIRELESS ADAPTER
          • DRIVERS
      • OSINT
        • FINAL RECON
        • RECON-NG
        • THE HARVESTER
        • SPIDERFOOT
        • OSINT FRAMEWORK
      • UTILITIES
        • BROWSER DEVTOOLS
        • CADAVER
        • CURL
        • CUSTOM WORDLIST
          • USERNAME ANARCHY
          • CUPP
        • DATABASE
          • MYSQL
          • PSQL
        • DIG
        • DNSENUM
        • FIND
        • FTP
        • HTML2TEXT
        • IMPACKET
          • PSEXEC.PY
          • MSSQLCLIENT.PY
        • MULTI-FUNCTION
        • NETCAT
        • NMAP
        • PASSWORD
          • BRUTE FORCE (ONLINE)
            • HYDRA
            • MEDUSA
            • FFUF
            • CRACKMAPEXEC (SMB)
          • CRACKING (OFFLINE)
            • HASH-ID.PY
            • HASHID
            • JOHN THE RIPPER
            • HASHCAT
        • PRIVESC
          • WINPEAS
        • PROXIES
          • WRAPPER
            • PROXYCHAINS
          • WEB PROXIES
            • BURP SUITE
              • SETTINGS
              • WEB CRAWLING
            • ZED ATTACK PROXY (ZAP)
          • BROWSER PROXIES
            • FIREFOX
            • EXTENSIONS
              • FOXY PROXY
              • PROXY SWITCHYOMEGA (BRAVE BROWSER)
        • REMOTE ACCESS
          • FREERDP
        • RESPONDER
        • RSYNC
        • SCRIPT
        • SMBCLIENT
        • SQLMAP
          • GET REQUESTS
          • POST REQUESTS
          • BYPASSING WEBAPP PROTECTIONS
            • TAMPER SCRIPTS
          • OS EXPLOITATION
          • SQLI
            • CMD INJECTION
        • SSH
        • SSTIMAP
        • TEE
        • TREE
        • WEB CONTENT DISCOVERY
          • GOBUSTER
          • DIRB
        • WGET
        • WPSCAN
      • TECHNOLOGY PROFILER
        • WAPPALYZER
    • DEV
      • COMPILERS
        • COMPILER EXPLORER (ONLINE)
        • GCC (LINUX)
        • VISUAL STUDIO CLI (WINDOWS)
      • UTILITIES
        • HEXDUMP
        • CODE BEAUTIFY
        • GIT (CLI)
      • LANGUAGES
        • COMPILED
          • C
            • TEMPLATE
              • SYNTAX
                • LOOPS
                  • WHILE
                  • DO WHILE
                  • FOR
                • CONDITIONALS
                • FUNCTIONS
                • BITWISE OPERATIONS
                • CONSTRUCTS
                  • DATA TYPES
                    • PRIMITIVE
                    • DERIVED
                    • USER-DEFINED
                • DATA STRUCTURE
                  • ARRAYS (AKA VECTORS)
                • POINTERS
                  • POINTER ARITHMETIC
                • ARRAYS
                  • MULTI-DIMENSIONAL ARRAYS
                • SIZEOF
                • STRINGS (ARRAY OF CHARACTERS)
                  • PRINTING STRINGS
            • OPERATORS
            • KEYWORDS
            • FORMAT SPECIFIERS
            • TROUBLESHOOTING
              • SUPPRESSING SECURITY WARNINGS
            • ENCODING SCHEMES
            • TYPE MODIFIERS
          • C++
            • TEMPLATE
        • MARKUP
          • HTML
            • URL ENCODING
        • INTERPRETED/SCRIPTING
          • PYTHON
    • SRE
      • DISASSEMBLERS
        • GHIDRA
          • FUNCTION SIGNATURES
            • COMMON "C" FUNCTION SIGNATURES
          • GRAPH VIEW
          • CONVERTING DATA TYPES
          • HIGHLIGHTING / SLICING
          • LABELING / RENAMING
          • SPECIFYING ARRAYS
          • REBASING
          • IDENTIFYING MAIN VIA REFERENCES & CALL TREES
        • OBJDUMP
      • DEBUGGERS
        • WINDBG
        • GDB/GEF
        • RADARE2
  • RESOURCES
    • ARMY
      • 350-1
      • CAC PKI CERTIFICATES RECOVERY
      • FORCE MANAGEMENT
      • DEFENSE ACQUISITION TRAININGS
      • CAREER MANAGEMENT
      • COLLECTION
        • MISC
        • COMMANDS
        • TRAINING
      • MILITARY RETIREMENT
        • CHECKLIST
        • RESUME
    • CYBER
      • DCO
        • CYBER THREAT EMULATION
        • SYSTEM HARDENING
        • MALWARE ANALYSIS
          • MALWARE BAZAAR
          • MALWARE TRAFFIC ANALYSIS.NET
          • THE ZOO (AKA MALWARE DB)
        • THREAT HUNTING
          • MITRE ATT&CK
          • MITRE CAR
          • MITRE D3FEND
          • MITRE ENGAGE
          • MITRE ENGENUITY
          • ULTIMATE WINDOWS SECURITY
          • TECHNIQUE INTERFACE ENGINE
      • OCO
        • NETWORK PIVOTING
          • THE CYBER PLUMBER'S LAB GUIDE
        • BUG BOUNTY PROGRAMS
        • LIVING OFF THE LAND
          • LOLBAS (WINDOWS)
          • GTFOBINS (UNIX)
          • LOLDRIVERS (WINDOWS)
          • LOLAPPS
        • RECONNAISSANCE
          • WAYBACK MACHINE
          • SHODAN
          • CENSYS
        • VULNERABILITY/EXPLOIT LISTINGS
          • EXPLOIT DB
          • VULNERABILITY LAB
      • OT
        • ICS/SCADA
      • GENERAL
        • GENERATIVE AI/COPILOT
          • CAMOGPT
          • CHATGPT
          • PENTESTGPT
        • UNIFIED KILLCHAIN (UKC)
        • BLOGS
    • AUDIO
Powered by GitBook
On this page
  1. TOOLING
  2. DCO
  3. THREAT HUNTING
  4. NETWORK ANALYSIS
  5. NSM
  6. ZEEK
  7. FRAMEWORK

CLEARTEXT SUBMISSION OF PWDS

this package creates alerts for cleartext passwords found in HTTP traffic

root@dco:~$ zkg install zeek/cybera/zeek-sniffpass
 The following packages will be INSTALLED:
 zeek/cybera/zeek-sniffpass (master)
 Proceed? [Y/n] Y
 Installing "zeek/cybera/zeek-sniffpass"
 Installed "zeek/cybera/zeek-sniffpass" (master)
 Loaded "zeek/cybera/zeek-sniffpass"

root@dco:~$ zkg list
 zeek/cybera/zeek-sniffpass (installed: master) - Sniffpass will alert on cleartext passwords discovered in HTTP POST requests
 
#usage
root@dco:~$ cat sniff-demo.zeek 
 @load /opt/zeek/share/zeek/site/zeek-sniffpass
root@dco:~$ zeek -Cr http.pcap sniff-demo.zeek

root@dco:~$ cat notice.log | zeek-cut id.orig_h id.resp_h proto note msg
 10.10.57.178	44.228.249.3	tcp	SNIFFPASS::HTTP_POST_Password_Seen	Password found for user BroZeek
 10.10.57.178	44.228.249.3	tcp	SNIFFPASS::HTTP_POST_Password_Seen	Password found for user ZeekBro
PreviousNOTICE FRAMEWORK | INTELLIGENCENextGEO-LOCATION DATA

Last updated 2 months ago