Misc Tactics, Techniques, and Procedures (TTPs)

Extracting OSINT Data from Nested Structures:

Use Case
A web page or plain-text source code that contains IP's, Email Addresses nested within the text, etc... and you do not want to write an awk | grep to extract:


 Tool: Cyber Chef   https://gchq.github.io/CyberChef/

  • Choose stings

  • Select target data to extract​

  • Paste the raw into the upper right input window

  • Copy Clean extracted output from Lower Right Window

Creating a Share for Payload Distribution in Kali:

Use Case
Create an SMB share to distribute payloads attacker Kali box

  • mkdir /root/working/{share-name}

  • Move to Impacket Directory

  • smbserver.py -smb2support SMB /root/working/{share-name}

CMS Detection:

Use Case
Need to determine what the underlying CMS technology is and its not obvious in a rapid code review...

Tool: WhatCMS   https://whatcms.org/


Placeholder - more to come!:


Pentest-Zen (ExitC0de00c.com)