can-i-take-over-xyz
WSLab
can-i-take-over-xyz | WSLab | |
---|---|---|
14 | 9 | |
4,459 | 1,142 | |
- | 1.1% | |
5.2 | 7.4 | |
9 days ago | about 1 month ago | |
Python | PowerShell | |
Creative Commons Attribution 4.0 | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
can-i-take-over-xyz
- Books for pentesting and bug Bounty
- Is this posible to do subdmain takover?
- TryHackMe a good starting point?
- Best Web Application Security Training/Tutorial/Certificate for someone who already has OSCP but would like to go a bit more into web and has an annual budget of 5k to spend on any training?
- What’s a better way to get my foot in the door, tryhackme or hackthebox?
- Starting to learn cyber security
- HacktheBox as a training course/academy?
- Job switch to Cyber Secirity
- Starting school for CyberSec in 2 months, absolute beginner. Any certifications I can obtain in that 2 month period that will look decent on a resume?
- A bit worried
WSLab
-
I need basic understanding of servers (terminal servers, dns servers, domain controllers etc), ip addresses and rdp
Good on you man, you have some great practical experience that will go a long way. Once you learn more you’ll have something that a lot of IT engineers don’t typically have. I work in IT for a manufacturing environment and having electrical and/or mechanical experience will help a lot with your troubleshooting methodology. You have some great replies here which will hopefully start to bridge that gap. I can also highly recommend creating a small homelab for yourself. You can’t beat hands on learning, and there are a ton of great tools to get you started, e.g., https://github.com/microsoft/MSLab. This will help get you up and running quickly and give you an environment to play with. Good luck dude.
-
Clarification needed.
If you want to pen test AND implement/engineer, the cyber defense emphasis may be the best fit. As you progress, consider whether you're more drawn to networking/infrastructure or systems. A great approach: build labs that you think will be difficult to exploit, attack them, improve them. Lather, rinse, and repeat. you can do that with cloud platforms, web apps, mobile apps, IoT, etc. If you're not sure where to start, get your hands on a decently powered machine and check out the ready-to-build scenarios in MSLabs (https://github.com/microsoft/MSLab The Windows Event Forwarding scenarios are especially interesting).
-
A bit worried
If you have the time and resources for it, consider setting up a complex lab environment (https://github.com/microsoft/MSLab is a helpful starting point) with a few different types of targets. Within that environment, you can break whatever you want, try different hardening techniques, etc. I like to use that type of lab to test detection capabilities and scripted/triggered automations using sysmon, wazuh, and caldera.
- powershell script for setting up a Domain Controller
- Automate hyper-v with code
- Active directory pen testing lab
-
Cybersecurity physical labs
take a look at https://github.com/microsoft/MSLab, you can install Hyper-V 2019 server and use the scenarios to create a lab to your liking. I'm using this approach to establish a stable/consistent starting point for an AD environment with OUs, computers, groups, and users generated randomly by https://github.com/davidprowe/BadBlood to gauge the differences in logging and detection fidelity between different EDR solutions.
- Windows clustering
-
Windows Server for personal use?
Have a look at WSLab for rapid deployment of environments https://github.com/microsoft/WSLab
What are some alternatives?
command-injection-payload-list - 🎯 Command Injection Payload List
AutomatedLab - AutomatedLab is a provisioning solution and framework that lets you deploy complex labs on HyperV and Azure with simple PowerShell scripts. It supports all Windows operating systems from 2008 R2 to 2022, some Linux distributions and various products like AD, Exchange, PKI, IIS, etc.
caldera - Automated Adversary Emulation Platform
CTF-Difficulty - This cheasheet is aimed at the CTF Players and Beginners to help them sort the CTF Challenges on the basis of Difficulties.
BadBlood - BadBlood by @davidprowe, Secframe.com, fills a Microsoft Active Directory Domain with a structure and thousands of objects. The output of the tool is a domain similar to a domain in the real world. After BadBlood is ran on a domain, security analysts and engineers can practice using tools to gain an understanding and prescribe to securing Active Directory. Each time this tool runs, it produces different results. The domain, users, groups, computers and permissions are different. Every. Single. Time.
bugbounty-cheatsheet - A list of interesting payloads, tips and tricks for bug bounty hunters.
Wazuh - Wazuh - The Open Source Security Platform. Unified XDR and SIEM protection for endpoints and cloud workloads.
oh-my-git - An interactive Git learning game!
domained - Multi Tool Subdomain Enumeration