seguridad/3.- Extras/IncidentResponseTool-ACTUALIZADAMIA/Busqueda Vulnerabilidades

Lista:

https://www.exploit-db.com/papers : Relacionado con las vulnerabilidades y como son explotadas por los ciberatacantes.

Detectando un Movimiento lateral en SPLUNK: https://medium.com/threatpunter/detecting-lateral-movement-using-sysmon-and-splunk-318d3be141bc

Burp Suite - Framework.

2. ZAP Proxy - Framework.

3. Dirsearch - HTTP bruteforcing.

4. Nmap - Port scanning.

5. Sublist3r - Subdomain discover

6. Amass - Subdomain discovery.

7. SQLmap - SQLi exploitation.

8. Metasploit - Framework.

9. WPscan - WordPress exploitation.

10. Nikto - Webserver scanning.

11. HTTPX - HTTP probing.

3. FFUF - HTTP probing.

14. Subfinder - Subdomain discovery.

15. Masscan - Mass IP and port scanner.

16. Lazy Recon - Subdomain discovery.

18. XSS Hunter - Blind XSS discovery.

19. Aquatone - HTTP based recon.

20. LinkFinder - Endpoint discovery through JS files

21. JS-Scan - Endpoint discovery through JS files

22 GAU - Historical attack surface mapping

23 Parameth - Bruteforce GET and POST parameters

24 truffleHog - Find credentials in GitHub commits

Herameintas: uclei - YAML based template scanning.

Feed de vulnerabilidades: https://inthewild.io/feed

Identificación de brechas sobre Malawre o ransomware: https://www.binalyze.com/air  --- Busqueda proactiva: https://cybermeisam.medium.com/blue-team-system-live-analysis-part-1-a-proactive-hunt-8258feb7cb14

Detectar vulnerabilidades en Linux: https://betterprogramming.pub/3-tools-to-detect-linux-vulnerabilities-ec42122cc41b

Catalogo de Vulnerabilidades Explotadas: https://www.cisa.gov/known-exploited-vulnerabilities-catalog

Validación en el sistema: ((https://medium.com/@wondersome/reconnaissance-tools-for-hacking-d8404399d1f5))

-----https://github.com/projectdiscovery/chaos-client
-----https://github.com/aboul3la/Sublist3r : Enlistar servicios para explotar


Tacticas blueTeam:


----https://www.kitploit.com/search/label/PowerShell