• Subscribe to the low volume list for updates.

Archives of Tools

Security tools both offensive and defensive in nature.

Gobuster tutorial

Gobuster Installation Written in the Go language, this tool enumerates hidden files along with the remote directories. Using the command line it is simple to install and run on Ubuntu 20.04. For version 2 its as simple as: $ sudo apt install gobuster The Linux package may not be the latest version of Gobuster. Check […]
Read More

Nessus 10 On Ubuntu 20.04 Install And Mini Review

Nessus v10.0.0 was released in Nov 2021. A name change in 2019 saw Nessus Home become Nessus Essentials. Nessus Essentials is Tenable's free version of its vulnerability scanner. Limited to 16 IPs with unlimited time usage. If you need more than that, there is an option for a free trial for seven days to Nessus […]
Read More

Extend DetectionLab with Linux Endpoints

DetectionLab is a fantastic project by Chris Long for quickly deploying a Windows Domain-based test environment with Linux-based Security Information Event Management (SIEM). See our DetectionLab Tutorial or check out the project page for more information. In this post, I detail how to easily deploy additional Ubuntu Linux-based servers into the DetectionLab environment. The idea […]
Read More

Build a Cyber Security Lab with DetectionLab

DetectionLab and Vagrant DetectionLab by Chris Long makes this initial configuration a piece of cake. It is quite simply amazing; if DetectionLab was thrown into a 1RU box with blinking lights (Lockeed/Boeing/Raython) would probably sell this thing as a Cyber Range for 7+ figures. The DetectionLab will run on many operating systems and Hypervisors, but, […]
Read More

osquery Linux Tutorial and Tips

Install osquery on Ubuntu Linux Originally developed by Facebook, osquery is a well-supported and documented tool. It has straightforward installation steps for a variety of operating systems and Linux distributions. In this tutorial, we will focus on installation on Ubuntu from the official repository. If you are using Fedora or other Linux distros the initial […]
Read More

ClamAV Antivirus for Linux Tutorial

ClamAV Antivirus is an open source malware detection tool. In this tutorial we cover getting started with ClamAV and common use cases. Through various configuration profiles it is able to perform real time filesystem detection, ad hoc file scanning, mail gateway filtering and http proxy scanning. These use cases only scratch the surface of what […]
Read More

DNS Tools

DNS Enumeration Searching for DNS records and DNS related information is an important part of reconnaissance for a penetration tester. Obtaining information on DNS servers and DNS records provides the Pen Tester/Red Team/Attacker with a deeper understanding of the organisations network. With DNS, it is not a 'one tool fits all' situation. You will need […]
Read More

Install Suricata on Ubuntu 18.04 in 5 minutes

Building a network-based intrusion detection capability can be done in just 5 minutes. Install Suricata to monitor network traffic and look for security events that can indicate an attack or compromise. Suricata is based around the Snort IDS system, with a number of improvements. Suricata performs multi-threaded analysis, natively decode network streams, and assemble files […]
Read More

WordPress User Enumeration

These three enumeration techniques are a very fast way to identify users of a WordPress installation. With valid usernames effective brute force attacks can be attempted to guess the password of the user accounts. WordPress User Enumeration via Author Archives Finding users by iterating through the author archives is a common technique that works in […]
Read More

Brief History of Internet Wide Scanning

In the beginning there were Google Dorks, as far back as 2002 security researchers discovered specific Google queries revealed Internet-connected devices. Seventeen years later, it is still possible to find thousands of unsecured remotely accessible security cameras and printers via simple Google searches. Now, using search engines such as Shodan.io and Censys.io, it has become […]
Read More