Identify Target Environment
- Web Application
- External Network Infrastructure
- Internal Network Infrastructure
- Database Infrastructure
- Social Engineering
- Physical Security
CIO ICT Deliverable
- ICT Cost Analysis
- ICT Business Impact Analysis
- ICT Strategy
- Technology Roadmap
- People, Process and Procedures
- Compliance and Governance
- Service Management
- ICT BCP
- ICT DRP
- ICT Incident Response Plan
- Use Generation 1 in Hyper-V
- sudo apt-get update && apt-get upgrade
- Arpscanning – https://www.blackmoreops.com/2015/12/31/use-arp-scan-to-find-hidden-devices-in-your-network/
- HPING3 – https://www.blackmoreops.com/2015/04/21/denial-of-service-attack-dos-using-hping3-with-spoofed-ip-in-kali-linux/
- DDOS – https://www.blackmoreops.com/2015/10/21/free-dos-attack-tools/
- DDOS Tools – http://null-byte.wonderhowto.com/how-to/hack-like-pro-denial-service-dos-tools-techniques-0165699/
- DDOS Tools – http://picateshackz.com/2016/02/ddos-attack-using-goldeneye-in-kali-sana.html
DDoS for Research Only
“In order to protect one must understand how to exploit” – me just now
ping [ip address] -t -l 65500
- Low Orbit Ion Cannon http://sourceforge.net/projects/loic/
- Once, you download the software, extract the software to Windows desktop.
- Targeting the website: Double click the software icon to open it. LOIC is a portable software and requires no installation.
- Now, put the website address that you target in the ‘target URL’ field.
- It is optional to put the IP of the targeted website in the IP field. You can get the website IP by using ping command from your Windows.
- Press the ‘lock on’ button which is next to the text field.
- Under ‘Attack’, don’t change timeout, HTTP subsite, speed bar.
- Under ‘TCP/UDP Message’, enter whatever you want to right.
- Under the ‘Port’ field, change the value of the port of the targeted website. In most of the cases the value ’80’ should work.
- Under ‘Method’, from the drop-down list, select UDP option.
- Uncheck the ‘Wait for reply’ check box.
- Change the thread value to 20 if you have a good computer. Otherwise, keep the value to 10.
- Press the “IIMA CHARGIN MAH LAZER” button
- High Orbit Ion Cannon
- Google Spreedsheets
<pre>=image("http://example.com/sample.pdf?r=0") =image("http://example.com/sample.pdf?r=1") =image("http://example.com/sample.pdf?r=2")</pre> </li> <li>
- More here – https://security.radware.com/ddos-knowledge-center/ddospedia/ddos-attack/
- HOIC Flooder
- HULK DoS Flooder
- IRC Botnet: HTTP Flood
- ApacheKiller – Range Header DoS
- DirtJumper v3
Disclaimer: Most countries have very stick Telecommunications and Computer Abuse laws. Just running these commands against anyone could put you in jail for 99 years. These tools are easily detected.
- How not to suck a PenTesting – https://www.youtube.com/watch?v=Yo4oP2eyDtI
- Security Weekly – http://securityweekly.com/
- Security Weekly Wiki – http://wiki.securityweekly.com/wiki/index.php/Main_Page
- Black Hills Projects – http://www.blackhillsinfosec.com/?page_id=4415
- CTF – https://ctftime.org/ctf-wtf/
- HackerOne – https://hackerone.com/
- BugCrowd – https://bugcrowd.com/how-it-works
- Application Security Verification Standard – https://www.owasp.org/index.php/Category:OWASP_Application_Security_Verification_Standard_Project
- Social-Engineer Toolkit – https://www.trustedsec.com/social-engineer-toolkit/
- skullsecurity – A lot of great wordlists
- thesprawl.org – Great research blog covering password cracking, exploitation, and more
- pentestmonkey – SQL injection cheat sheet
- OpenSource ZAP – https://en.wikipedia.org/wiki/OWASP_ZAP