Based on my 25 years experience as sysadmin, I recommend you the free tools below for forensic analysis and systems assessment:

Repair tools:

http://trinityhome.org/Home

Windows privilege escalation:

https://www.absolomb.com/2018-01-26-Windows-Privilege-Escalation-Guide/

Blog hacker playbook mindmap (poster):

https://www.marcolancini.it/2018/blog-hacker-playbook-mindmap/

SANS DFIR hunting evil Windows map (poster):

Windows systems: https://digital-forensics.sans.org/media/DFPS_FOR508_v4.3_12-18.pdf

Linux privilege escalation:

https://blog.g0tmi1k.com/2011/08/basic-linux-privilege-escalation/

Blogs and web sites:

online malware analysis: https://app.sndbox.com/login

https://cloudblogs.microsoft.com/microsoftsecure/

https://www.microsoft.com/en-us/security

http://adsecurity.org

https://www.absolomb.com

https://cqure.pl/

http://www.thehackernews.com

https://packetstormsecurity.com/

Online attack map: https://www.csoonline.com/article/3217944/security/8-top-cyber-attack-maps-and-how-to-use-them.html

https://cybermap.kaspersky.com/

https://threatmap.checkpoint.com/ThreatPortal/livemap.html

http://map.norsecorp.com/

https://www.fireeye.com/cyber-map/threat-map.html

https://www.netscout.com/ddos-attack-map

PowerShell:

Powershell windows forensics: https://github.com/WiredPulse/PoSh-R2

Powershell windows forensics: https://github.com/Invoke-IR/PowerForensics

Powershell windows forensics: https://github.com/gfoss/PSRecon

Powershell windows forensics: https://github.com/davehull/Kansa

http://www.powershellmagazine.com/2014/07/18/kansa-a-powershell-based-incident-response-framework/

Vulnerability scanners:

Nessus

openvas

autoscan network

Find exploits and vulnerabilities:

exploit-db

securityfocus

packet storm security

cve.mitre.org

nvd.nist.gov

https://www.cert.ssi.gouv.fr/

Tools:

Timeline Tools

RegRipper

FTK Imager

Volatility (memory tool): http://www.volatilityfoundation.org/

http://www.crowdstrike.com/community-tools/index.html

http://www.truesec.com

http://www.joeware.net

http://helgeklein.com/setacl/

http://www.microsoft.com/sysinternals

http://www.systemtools.com

http://www.netikus.net

http://www.insecure.org  and http://sectools.org

Nirsoft (https://www.nirsoft.net/)

Netcat (https://github.com/rsanchez-wsu/jfiles/wiki/Windows-10-Telnet-&-NetCat)

Social engineering / fingerprinting tools:

google hacks

facebook

linkedin

viadeo

whois

mxtoolbox

http://www.shodanhq.com

http://www.lullar.com

http://www.checkusernames.com

http://www.pipl.com

maltego (www.paterva.com)

foca free

dig

dnsenum

dnsdic

dnsmap

dnsrecon

dnswalk

subdomainer

fierce

netcat

nmap

hping (https://github.com/antirez/hping)

amap (https://github.com/vanhauser-thc/THC-Archive)

 

Web site / web server toolkit:

dmitry (https://github.com/jaygreig86/dmitry)

httprint

Advertisements