I saw a tweet from @_jayprimo about wishing he had some cheat sheets when learning cyber tools. So, I wanted to make this thread for new folks who want to learn about some of the most used cyber tools (free labs/walkthroughs/command cheat sheets)👇
NMAP is used for discovering hosts/services on a network. Normally first step in enumeration by pentesters.

@RealTryHackMe has a free lab, here is my walkthrough video of the room (link to the room is in the vid des) and a handy syntax sheet I use a lot!

Netcat is used to transfer files/make remote backdoor connections. Used with other pentesting tools like metasploit (we'll hit that too).

Used in a bunch of free @tryhackme rooms, here is one of my walkthroughs with it. @SANSInstitute cheat sheet!

Metasploit is a modular tool that allows you to enumerate and exploit vulnerabilities. Very easy format to learn the basics

Again, free @RealTryHackMe rooms and my walkthrough😂. Solid cheatsheet by @hacklido

Wireshark allows you to capture data packets and analyze them. Useful for cyber and IT troubleshooting (network/system engineers use it alot!).

You know the deal already...free @RealTryHackMe room...a few of my Wireshark vids



Hydra is a basic tool used for brute forcing passwords with a word list.

Free @RealTryHackMe and my walkthrough vid...

These tools are free and you can use them in test virtual labs like in the videos above, or you can download and use them in a home lab (use them on systems you have permission to).

If you want to get them all at one time, you can download Kali Linux...

kali.org
If you are new or looking for some additional career and technical resources, I put out some entertaining and useful stuff...

Checkout my YouTube/Twitch channel CyberInsight

youtube.com/c/cyberinsight
twitch.tv/cyberinsight

My blogs and newsletter:
cyberinsight.tech

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with John Breth (JB) | CyberInsight® on YouTube

John Breth (JB) | CyberInsight® on YouTube Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @JBizzle703

4 Sep
Had a few folks ask about how to get hands on experience when starting to get into tech/cyber. So this thread some of my recommendations of FREE labs/software for networking, Linux, Windows, cybersecurity, and coding that I have used.
I'm going to plug my own stuff first 😂 I have various playlists devoted to lab walkthroughs for networking (Net+/CCNA), Linux, cyber defense, and offensive cyber labs. The majority using free tools for you to follow along🤝
youtube.com/c/cyberinsight
For free networking labs:

Cisco packet tracer:
netacad.com/courses/packet…
Juniper vLabs:
jlabs.juniper.net/vlabs/

Some great lab books (using packet tracer, affiliate links):
amzn.to/3DLDSSg (101 Labs Net+)
amzn.to/3yNWbSN (101 Labs CCNA)
Read 9 tweets
7 Feb
Random thoughts on planning a small office relocation. This is off the top of my head. So might change some steps IRL. Step one is going to be updated asset list/documentation/cable connections. What devices/software/data currently exists and what will need to be moved /1
Figure out what IT closets/cabling options are in the new spot and plan accordingly and create transition documentation(cable plan, rack layouts, updated diagrams if needed . Pre-run/label as much as you can. Make sure you test these connections(cable drops to comms closets). /2
Backup all device configs/critical data as needed. If you can phase deployments, that is cool, but you might have to do a hard cut over. Figure out what you are doing for circuits (new or migrating). /3
Read 9 tweets
21 Aug 20
I've been seeing some tweets about #BlueTeam and documentation and diagrams. Diagrams are an important part of the engineering process! So, I figured I'd do a little diagram breakdown for folks wondering what are some useful types of diagrams.
High level diagrams provide a non-technical overhead perspective of the environment. If you are at all familiar with DoDAF, this would be like your OV-1 diagram. These should tell a high level story and be easily explainable to someone who is new/and or non-technical.
Network level diagrams show logical connectivity between all nodes/devices in the environment. It should include the IP/hostname of the devices. Other details to include are VLAN information, system/authorization boundaries, as well as any unique information that might make sense
Read 12 tweets
14 Aug 20
For fun 😬 let's chat about network ACL's and a high level approach to securing your network. The purpose is to provide multiple levels of protection (i.e. defense in depth).

4 main ACL's to talk about:
✅Premise ACL's
✅Inter-zone ACL's
✅Intra-zone ACL's
✅Host-based ACL's Image
Let's start on the outside with Premise ACL's. These reside on your most outward facing network devices (probably a router or switch) where your Internet circuits are plugged into. These ACL’s would knock down a large amount of unwanted SPAM packets that flood the Internet.
I would implement both inbound and outbound rules. Only allow out traffic from your specific publicly routable IP space, block private IP space, implement Bogans lists, and also only allow known expected protocols that should be coming into your environment from the Internet.
Read 13 tweets
8 Jan 20
Have you implemented active defense strategies in your environment? Do you know what active defense is vs. normal security monitoring? Let's talk about some technologies/generic strategies.

Shout out to @strandjs @BHinfoSecurity @ActiveCmeasures @corelight_inc
#30DaysofThreads
Active defense is a strategy used that doesn’t just wait for an adversary to attack and then solely block or react. Active defense can instead be seen as an engaged defense that is actively lying in wait. Think of tripwires implemented to attract and alert on malicious actions.
I'm going to discuss two flavors of AD: annoyance and attribution. In the above diagram I have laid out a very generic architecture and labeled a variety of different infrastructure components and the tools/strategies that could be implemented on them.
Read 22 tweets
5 Jan 20
I've seen tweets recently from @gabsmashh and @TC_Johnson about wanting to nail down subnetting. I threw this little diagram together. For me, leaning to subnet took a combination of memorization and finally finding the right explanation that made it click.

#30DaysofThreads
The thing that really clicked for me was understanding that each type of subnet (/24 for instance) is made up of multiple smaller subnets. And the address assignments or boundaries of these smaller subnets cannot change. You can't make a /26 network that bridges two /25's.
So, learning where these boundaries are is critical to learning how to do this all in your head. Also, remember that the first IP address in a network is always the network address and the last is the broadcast address. These are not usable IP's.
Read 11 tweets

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us on Twitter!

:(