# Table of Contents
- [Personal Information Removal Services | Martian Defense NoteBook](#personal-information-removal-services-martian-defense-notebook)
- [Public DNS Services | Martian Defense NoteBook](#public-dns-services-martian-defense-notebook)
- [Security Research | Martian Defense NoteBook](#security-research-martian-defense-notebook)
- [Programming | Martian Defense NoteBook](#programming-martian-defense-notebook)
- [Platforms | Martian Defense NoteBook](#platforms-martian-defense-notebook)
- [Threat Intelligence | Martian Defense NoteBook](#threat-intelligence-martian-defense-notebook)
- [Monero Mining Guide | Martian Defense NoteBook](#monero-mining-guide-martian-defense-notebook)
- [Martian Defense Notebook | Martian Defense NoteBook](#martian-defense-notebook-martian-defense-notebook)
- [Git | Martian Defense NoteBook](#git-martian-defense-notebook)
- [Private and Secure DNS with Pi-hole and Unbound | Martian Defense NoteBook](#private-and-secure-dns-with-pi-hole-and-unbound-martian-defense-notebook)
- [De-Googling Android | Martian Defense NoteBook](#de-googling-android-martian-defense-notebook)
- [Certifications | Martian Defense NoteBook](#certifications-martian-defense-notebook)
- [Web Security Testing | Martian Defense NoteBook](#web-security-testing-martian-defense-notebook)
- [Live Vulnerable Sites | Martian Defense NoteBook](#live-vulnerable-sites-martian-defense-notebook)
- [General | Martian Defense NoteBook](#general-martian-defense-notebook)
- [Defensive Security | Martian Defense NoteBook](#defensive-security-martian-defense-notebook)
- [DNS Leak Prevention and Firewall Configuration | Martian Defense NoteBook](#dns-leak-prevention-and-firewall-configuration-martian-defense-notebook)
- [Media | Martian Defense NoteBook](#media-martian-defense-notebook)
- [Bug Bounty Programs | Martian Defense NoteBook](#bug-bounty-programs-martian-defense-notebook)
- [PHP Security | Martian Defense NoteBook](#php-security-martian-defense-notebook)
- [Publishing CVEs | Martian Defense NoteBook](#publishing-cves-martian-defense-notebook)
- [JWTs and JSON | Martian Defense NoteBook](#jwts-and-json-martian-defense-notebook)
- [Product Security Engineering | Martian Defense NoteBook](#product-security-engineering-martian-defense-notebook)
- [Programming | Martian Defense NoteBook](#programming-martian-defense-notebook)
- [Product Security Governance | Martian Defense NoteBook](#product-security-governance-martian-defense-notebook)
- [Controversial Subjects | Martian Defense NoteBook](#controversial-subjects-martian-defense-notebook)
- [CTF Sites | Martian Defense NoteBook](#ctf-sites-martian-defense-notebook)
- [Entrepreneurship Roadmaps | Martian Defense NoteBook](#entrepreneurship-roadmaps-martian-defense-notebook)
- [Android OSes | Martian Defense NoteBook](#android-oses-martian-defense-notebook)
- [Red Teaming | Martian Defense NoteBook](#red-teaming-martian-defense-notebook)
- [AppSec Testing | Martian Defense NoteBook](#appsec-testing-martian-defense-notebook)
- [Red Team OPSEC Playbook | Martian Defense NoteBook](#red-team-opsec-playbook-martian-defense-notebook)
- [Targeted Test Cases | Martian Defense NoteBook](#targeted-test-cases-martian-defense-notebook)
- [Python | Martian Defense NoteBook](#python-martian-defense-notebook)
- [Product Security Hardening | Martian Defense NoteBook](#product-security-hardening-martian-defense-notebook)
- [Privacy and Opsec Resources | Martian Defense NoteBook](#privacy-and-opsec-resources-martian-defense-notebook)
- [Governance, Risk, Compliance | Martian Defense NoteBook](#governance-risk-compliance-martian-defense-notebook)
- [CSSLP | Martian Defense NoteBook](#csslp-martian-defense-notebook)
- [Common System Task Info | Martian Defense NoteBook](#common-system-task-info-martian-defense-notebook)
- [Command Injection Testing | Martian Defense NoteBook](#command-injection-testing-martian-defense-notebook)
- [CVE Hunting Python Repos with VulnHunter | Martian Defense NoteBook](#cve-hunting-python-repos-with-vulnhunter-martian-defense-notebook)
- [Cybersecurity Operating Systems | Martian Defense NoteBook](#cybersecurity-operating-systems-martian-defense-notebook)
- [Offensive | Martian Defense NoteBook](#offensive-martian-defense-notebook)
- [Mobile Pentesting | Martian Defense NoteBook](#mobile-pentesting-martian-defense-notebook)
- [DNS | Martian Defense NoteBook](#dns-martian-defense-notebook)
- [Cybersecurity Roadmaps | Martian Defense NoteBook](#cybersecurity-roadmaps-martian-defense-notebook)
- [Internal Active Recon | Martian Defense NoteBook](#internal-active-recon-martian-defense-notebook)
- [Keeping it Real for Beginners | Martian Defense NoteBook](#keeping-it-real-for-beginners-martian-defense-notebook)
- [Reading and Repos | Martian Defense NoteBook](#reading-and-repos-martian-defense-notebook)
- [Capture-the-Flag Training | Martian Defense NoteBook](#capture-the-flag-training-martian-defense-notebook)
- [Expose the Web UI over Tailnet | Martian Defense NoteBook](#expose-the-web-ui-over-tailnet-martian-defense-notebook)
- [Splunk | Martian Defense NoteBook](#splunk-martian-defense-notebook)
- [Open Source Business & SaaS Tools | Martian Defense NoteBook](#open-source-business-saas-tools-martian-defense-notebook)
- [SAST/SCA | Martian Defense NoteBook](#sast-sca-martian-defense-notebook)
- [Mobile Checklist | Martian Defense NoteBook](#mobile-checklist-martian-defense-notebook)
- [Dashboards | Martian Defense NoteBook](#dashboards-martian-defense-notebook)
- [Consulting | Martian Defense NoteBook](#consulting-martian-defense-notebook)
- [Cheatsheets | Martian Defense NoteBook](#cheatsheets-martian-defense-notebook)
- [Accessing Tor | Martian Defense NoteBook](#accessing-tor-martian-defense-notebook)
- [Resume and Interview Guide | Martian Defense NoteBook](#resume-and-interview-guide-martian-defense-notebook)
- [Recon + OSINT | Martian Defense NoteBook](#recon-osint-martian-defense-notebook)
- [Checklists | Martian Defense NoteBook](#checklists-martian-defense-notebook)
- [LLM Pentesting | Martian Defense NoteBook](#llm-pentesting-martian-defense-notebook)
- [Vulnerable Machine Checklist | Martian Defense NoteBook](#vulnerable-machine-checklist-martian-defense-notebook)
- [Shodan Dork Cheatsheet | Martian Defense NoteBook](#shodan-dork-cheatsheet-martian-defense-notebook)
- [Vulnerability Management Lifecycle | Martian Defense NoteBook](#vulnerability-management-lifecycle-martian-defense-notebook)
- [Wordlists | Martian Defense NoteBook](#wordlists-martian-defense-notebook)
- [JavaScript | Martian Defense NoteBook](#javascript-martian-defense-notebook)
- [Cryptography Checklist | Martian Defense NoteBook](#cryptography-checklist-martian-defense-notebook)
- [Forensics Checklist | Martian Defense NoteBook](#forensics-checklist-martian-defense-notebook)
- [Two-VPS Private Proxy Architecture: Nginx Reverse Proxy Over Wireguard VPN | Martian Defense NoteBook](#two-vps-private-proxy-architecture-nginx-reverse-proxy-over-wireguard-vpn-martian-defense-notebook)
- [Martian's Stack | Martian Defense NoteBook](#martian-s-stack-martian-defense-notebook)
- [Acquiring Monero (XMR) Anonymously | Martian Defense NoteBook](#acquiring-monero-xmr-anonymously-martian-defense-notebook)
- [Secure Remote Access with TailScale + Hardened SSH | Martian Defense NoteBook](#secure-remote-access-with-tailscale-hardened-ssh-martian-defense-notebook)
- [AppSec Training Pathway | Martian Defense NoteBook](#appsec-training-pathway-martian-defense-notebook)
- [Reporting | Martian Defense NoteBook](#reporting-martian-defense-notebook)
- [App Pentest Toolkit | Martian Defense NoteBook](#app-pentest-toolkit-martian-defense-notebook)
- [Network Security | Martian Defense NoteBook](#network-security-martian-defense-notebook)
- [Remotely Unlocking LUKS-Encrypted Proxmox with Dropbear SSH at Boot | Martian Defense NoteBook](#remotely-unlocking-luks-encrypted-proxmox-with-dropbear-ssh-at-boot-martian-defense-notebook)
- [Container Security | Martian Defense NoteBook](#container-security-martian-defense-notebook)
- [Post-Exploitation | Martian Defense NoteBook](#post-exploitation-martian-defense-notebook)
- [Reverse Engineering Checklist | Martian Defense NoteBook](#reverse-engineering-checklist-martian-defense-notebook)
- [DevSecOps | Martian Defense NoteBook](#devsecops-martian-defense-notebook)
- [Remote Unlock of LUKS-Encrypted Root Disk via SSH | Martian Defense NoteBook](#remote-unlock-of-luks-encrypted-root-disk-via-ssh-martian-defense-notebook)
- [Offensive Security | Martian Defense NoteBook](#offensive-security-martian-defense-notebook)
- [Ports and associated Vectors | Martian Defense NoteBook](#ports-and-associated-vectors-martian-defense-notebook)
- [Information Gathering | Martian Defense NoteBook](#information-gathering-martian-defense-notebook)
- [Portable pyenv Setup for Python Vulnerability Research | Martian Defense NoteBook](#portable-pyenv-setup-for-python-vulnerability-research-martian-defense-notebook)
- [AI | Martian Defense NoteBook](#ai-martian-defense-notebook)
- [Reverse Engineering | Martian Defense NoteBook](#reverse-engineering-martian-defense-notebook)
- [Privacy-Focused DNS Configuration Guides | Martian Defense NoteBook](#privacy-focused-dns-configuration-guides-martian-defense-notebook)
- [IT Tasks | Martian Defense NoteBook](#it-tasks-martian-defense-notebook)
- [Red Team Infrastructure | Martian Defense NoteBook](#red-team-infrastructure-martian-defense-notebook)
- [General Cybersecurity | Martian Defense NoteBook](#general-cybersecurity-martian-defense-notebook)
- [Golang | Martian Defense NoteBook](#golang-martian-defense-notebook)
- [Golang Snippets | Martian Defense NoteBook](#golang-snippets-martian-defense-notebook)
- [How to setup a GitHub Action for Code Security analysis | Martian Defense NoteBook](#how-to-setup-a-github-action-for-code-security-analysis-martian-defense-notebook)
- [Python Snippets | Martian Defense NoteBook](#python-snippets-martian-defense-notebook)
- [Quick Notes | Martian Defense NoteBook](#quick-notes-martian-defense-notebook)
- [PowerShell | Martian Defense NoteBook](#powershell-martian-defense-notebook)
- [Defensive | Martian Defense NoteBook](#defensive-martian-defense-notebook)
- [Entry Points | Martian Defense NoteBook](#entry-points-martian-defense-notebook)
- [Bleeding Edge Vulnerabilities | Martian Defense NoteBook](#bleeding-edge-vulnerabilities-martian-defense-notebook)
- [Domain 7: Secure Software Deployment, Operations, Maintenance | Martian Defense NoteBook](#domain-7-secure-software-deployment-operations-maintenance-martian-defense-notebook)
- [Enable and test Wake-on-LAN (WOL) | Martian Defense NoteBook](#enable-and-test-wake-on-lan-wol-martian-defense-notebook)
- [Domain 5: Secure Software Implementation | Martian Defense NoteBook](#domain-5-secure-software-implementation-martian-defense-notebook)
- [Tools | Martian Defense NoteBook](#tools-martian-defense-notebook)
- [Volatility | Martian Defense NoteBook](#volatility-martian-defense-notebook)
- [Blockchain | Martian Defense NoteBook](#blockchain-martian-defense-notebook)
- [General | Martian Defense NoteBook](#general-martian-defense-notebook)
- [Proxmox VE | Martian Defense NoteBook](#proxmox-ve-martian-defense-notebook)
- [Binary Exploitation | Martian Defense NoteBook](#binary-exploitation-martian-defense-notebook)
- [Idle Proxmox Auto-Shutdown | Martian Defense NoteBook](#idle-proxmox-auto-shutdown-martian-defense-notebook)
- [Part 2 | Martian Defense NoteBook](#part-2-martian-defense-notebook)
- [Threat Modeling | Martian Defense NoteBook](#threat-modeling-martian-defense-notebook)
- [Linux Basics | Martian Defense NoteBook](#linux-basics-martian-defense-notebook)
- [Web Tools | Martian Defense NoteBook](#web-tools-martian-defense-notebook)
- [Password Attacks | Martian Defense NoteBook](#password-attacks-martian-defense-notebook)
- [Security | Martian Defense NoteBook](#security-martian-defense-notebook)
- [Proxmox Update Setup Guide | Martian Defense NoteBook](#proxmox-update-setup-guide-martian-defense-notebook)
- [SQL Injection Fundamentals | Martian Defense NoteBook](#sql-injection-fundamentals-martian-defense-notebook)
- [Cybersecurity Training Topics | Martian Defense NoteBook](#cybersecurity-training-topics-martian-defense-notebook)
- [Linux Privilege Escalation | Martian Defense NoteBook](#linux-privilege-escalation-martian-defense-notebook)
- [Social Engineering | Martian Defense NoteBook](#social-engineering-martian-defense-notebook)
- [Infrastructure Pentesting | Martian Defense NoteBook](#infrastructure-pentesting-martian-defense-notebook)
- [Cybersecurity Domains | Martian Defense NoteBook](#cybersecurity-domains-martian-defense-notebook)
- [Guides | Martian Defense NoteBook](#guides-martian-defense-notebook)
- [Access Control Lists and Entries (ACL & ACE) | Martian Defense NoteBook](#access-control-lists-and-entries-acl-ace-martian-defense-notebook)
- [Domain 8: Secure Software Supply Chain | Martian Defense NoteBook](#domain-8-secure-software-supply-chain-martian-defense-notebook)
- [Web Fuzzing | Martian Defense NoteBook](#web-fuzzing-martian-defense-notebook)
- [Forwarding Mode Explained: Forward Queries to Upstream DNS Server (Optionally with DNS-over-TLS) | Martian Defense NoteBook](#forwarding-mode-explained-forward-queries-to-upstream-dns-server-optionally-with-dns-over-tls-martian-defense-notebook)
- [Incident Response | Martian Defense NoteBook](#incident-response-martian-defense-notebook)
- [Cloud Security Testing | Martian Defense NoteBook](#cloud-security-testing-martian-defense-notebook)
- [Self-Hosting | Martian Defense NoteBook](#self-hosting-martian-defense-notebook)
- [WireShark filters | Martian Defense NoteBook](#wireshark-filters-martian-defense-notebook)
- [Windows Privesc | Martian Defense NoteBook](#windows-privesc-martian-defense-notebook)
- [API Testing Checklist | Martian Defense NoteBook](#api-testing-checklist-martian-defense-notebook)
- [IoS Pentesting Checklist | Martian Defense NoteBook](#ios-pentesting-checklist-martian-defense-notebook)
- [JavaScript Security Analysis | Martian Defense NoteBook](#javascript-security-analysis-martian-defense-notebook)
- [Starting a Business | Martian Defense NoteBook](#starting-a-business-martian-defense-notebook)
- [Manual Enumeration | Martian Defense NoteBook](#manual-enumeration-martian-defense-notebook)
- [Domain Trust Enumeration | Martian Defense NoteBook](#domain-trust-enumeration-martian-defense-notebook)
- [Forensics | Martian Defense NoteBook](#forensics-martian-defense-notebook)
- [Hosting Gitea & Forgejo with Docker, Nginx, and Cloudflare Proxy | Martian Defense NoteBook](#hosting-gitea-forgejo-with-docker-nginx-and-cloudflare-proxy-martian-defense-notebook)
- [Pivoting, Tunneling and Forwarding | Martian Defense NoteBook](#pivoting-tunneling-and-forwarding-martian-defense-notebook)
---
# Personal Information Removal Services | Martian Defense NoteBook
For the complete documentation index, see [llms.txt](https://martian1337.gitbook.io/notes/llms.txt)
. This page is also available as [Markdown](https://martian1337.gitbook.io/notes/digital-privacy/personal-information-removal-services.md)
.
In order to protect yourself from data brokers, you should utilize personal information removal services such as Incogni or DeleteMe which can reach out to them on your behalf and request the deletion of your personal information.
[https://get.incogni.io/aff\_c?offer\_id=1434&aff\_id=27960get.incogni.io](https://get.incogni.io/aff_c?offer_id=1434&aff_id=27960)
[Your Privacy is our BusinessDeleteMe](https://joindeleteme.com/)
[PreviousApp Pentest Toolkit](https://martian1337.gitbook.io/notes/notes/app-pentest-toolkit)
[NextPrivacy-Focused DNS Configuration Guides](https://martian1337.gitbook.io/notes/digital-privacy/privacy-focused-dns-configuration-guides)
Last updated 1 year ago
---
# Public DNS Services | Martian Defense NoteBook
For the complete documentation index, see [llms.txt](https://martian1337.gitbook.io/notes/llms.txt)
. This page is also available as [Markdown](https://martian1337.gitbook.io/notes/digital-privacy/dns-services.md)
.
Sometimes 3rd party DNS servers perform better then assigned DNS servers. The ISPs sometimes add a delay to resolution to artificially throttle their users when surfing the web.
There are several public DNS servers that block Malware or Adult Content as well
CloudFlare: [1.1.1.1](http://1.1.1.1/)
- Resolve Everything [1.1.1.2](http://1.1.1.2/)
/ [1.0.0.2](http://1.0.0.2/)
- Block Malware [1.1.1.3](http://1.1.1.3/)
/ [1.0.0.3](http://1.0.0.3/)
- Block Malware & Adult AdGuard DNS: IPv4: [176.103.130.130](http://176.103.130.130/)
, [176.103.130.131](http://176.103.130.131/)
IPv6: 2a00:5a60::ad1:0ff, 2a00:5a60::ad2:0ff AdBlock DNS: IPv4: [176.103.130.132](http://176.103.130.132/)
, [176.103.130.134](http://176.103.130.134/)
IPv6: 2a00:5a60::bad1:0ff, 2a00:5a60::bad2:0ff CleanBrowsing: Family Filter: [185.228.168.168](http://185.228.168.168/)
, [185.228.169.168](http://185.228.169.168/)
Adult Filter: [185.228.168.10](http://185.228.168.10/)
, [185.228.169.11](http://185.228.169.11/)
Security Filter: [185.228.168.9](http://185.228.168.9/)
, [185.228.169.9](http://185.228.169.9/)
Comodo Secure DNS: IPv4: [8.26.56.26](http://8.26.56.26/)
, [8.20.247.20](http://8.20.247.20/)
IPv6: 2620:119:35::35, 2620:119:53::53 Yandex.DNS: IPv4: [77.88.8.8](http://77.88.8.8/)
, [77.88.8.1](http://77.88.8.1/)
IPv6: 2a02:6b8::feed:0ff, 2a02:6b8:0:1::feed:0ff IBM Quad9+: IPv4: [9.9.9.10](http://9.9.9.10/)
, [149.112.112.10](http://149.112.112.10/)
IPv6: 2620:fe::10, 2620:fe::fe SecureDNS: IPv4: [195.46.39.39](http://195.46.39.39/)
, [195.46.39.40](http://195.46.39.40/)
IPv6: 2001:67c:28a4::, 2001:67c:28a4::1 Neustar DNS: IPv4: [156.154.70.1](http://156.154.70.1/)
, [156.154.71.1](http://156.154.71.1/)
IPv6: 2610:a1:1018::1, 2610:a1:1019::1
Mullvad:
[https://mullvad.net/en/help/dns-over-https-and-dns-over-tls](https://mullvad.net/en/help/dns-over-https-and-dns-over-tls)
[PreviousForwarding Mode Explained: Forward Queries to Upstream DNS Server (Optionally with DNS-over-TLS)](https://martian1337.gitbook.io/notes/digital-privacy/privacy-focused-dns-configuration-guides/forwarding-mode-explained-forward-queries-to-upstream-dns-server-optionally-with-dns-over-tls)
[NextPrivacy and Opsec Resources](https://martian1337.gitbook.io/notes/digital-privacy/opsec)
Last updated 1 year ago
---
# Security Research | Martian Defense NoteBook
For the complete documentation index, see [llms.txt](https://martian1337.gitbook.io/notes/llms.txt)
. This page is also available as [Markdown](https://martian1337.gitbook.io/notes/notes/security-research.md)
.
[Publishing CVEs](https://martian1337.gitbook.io/notes/notes/security-research/publishing-cves)
[Shodan Dork Cheatsheet](https://martian1337.gitbook.io/notes/notes/security-research/shodan-dork-cheatsheet)
[Github Dorks](https://martian1337.gitbook.io/notes/notes/security-research/github-dorks)
[Bug Bounty](https://martian1337.gitbook.io/notes/notes/security-research/bug-bounty)
[CVE Hunting Python Repos with VulnHunter](https://martian1337.gitbook.io/notes/notes/security-research/cve-hunting-python-repos-with-vulnhunter)
[Portable pyenv Setup for Python Vulnerability Research](https://martian1337.gitbook.io/notes/notes/security-research/portable-pyenv-setup-for-python-vulnerability-research)
[PreviousJWTs and JSON](https://martian1337.gitbook.io/notes/notes/appsec/json)
[NextPublishing CVEs](https://martian1337.gitbook.io/notes/notes/security-research/publishing-cves)
Last updated 1 year ago
---
# Programming | Martian Defense NoteBook
For the complete documentation index, see [llms.txt](https://martian1337.gitbook.io/notes/llms.txt)
. This page is also available as [Markdown](https://martian1337.gitbook.io/notes/notes/coding-programming.md)
.
[Secure Coding Practices Checklist](https://martian1337.gitbook.io/notes/notes/coding-programming/secure-coding-practices-checklist)
[JavaScript](https://martian1337.gitbook.io/notes/notes/coding-programming/javascript)
[Python](https://martian1337.gitbook.io/notes/notes/coding-programming/python)
[Golang](https://martian1337.gitbook.io/notes/notes/coding-programming/golang)
[PHP](https://martian1337.gitbook.io/notes/notes/coding-programming/php)
[Packaging and Automation of Docker Linux Apps](https://martian1337.gitbook.io/notes/notes/coding-programming/packaging-and-automation-of-docker-linux-apps)
[PreviousPortable pyenv Setup for Python Vulnerability Research](https://martian1337.gitbook.io/notes/notes/security-research/portable-pyenv-setup-for-python-vulnerability-research)
[NextSecure Coding Practices Checklist](https://martian1337.gitbook.io/notes/notes/coding-programming/secure-coding-practices-checklist)
Last updated 1 year ago
---
# Platforms | Martian Defense NoteBook
For the complete documentation index, see [llms.txt](https://martian1337.gitbook.io/notes/llms.txt)
. This page is also available as [Markdown](https://martian1337.gitbook.io/notes/training-and-career/platforms.md)
.
[General](https://martian1337.gitbook.io/notes/training-and-career/platforms/general)
[Offensive Security](https://martian1337.gitbook.io/notes/training-and-career/platforms/offensive-security)
[Defensive Security](https://martian1337.gitbook.io/notes/training-and-career/platforms/defensive-security)
[CTF Sites](https://martian1337.gitbook.io/notes/training-and-career/platforms/ctf-sites)
[Live Vulnerable Sites](https://martian1337.gitbook.io/notes/training-and-career/platforms/live-vulnerable-sites)
[PreviousExploit & Malware Development](https://martian1337.gitbook.io/notes/training-and-career/guides/exploit-and-malware-development)
[NextGeneral](https://martian1337.gitbook.io/notes/training-and-career/platforms/general)
Last updated 1 year ago
---
# Threat Intelligence | Martian Defense NoteBook
For the complete documentation index, see [llms.txt](https://martian1337.gitbook.io/notes/llms.txt)
. This page is also available as [Markdown](https://martian1337.gitbook.io/notes/notes/security-research/threat-intelligence.md)
.
Gathering basic threat intelligence for APT groups:
1. Check for the group using the [MITRE resources](https://attack.mitre.org/groups/)
2. Research their TTPs and patterns of exploitation/breaches
Last updated 1 year ago
---
# Monero Mining Guide | Martian Defense NoteBook
For the complete documentation index, see [llms.txt](https://martian1337.gitbook.io/notes/llms.txt)
. This page is also available as [Markdown](https://martian1337.gitbook.io/notes/digital-privacy/monero-mining-guide.md)
.
Mining Monero (XMR) is best done using CPUs due to its ASIC-resistant RandomX algorithm. This guide will walk you through getting started with mining Monero at home efficiently and securely.
###
[](https://martian1337.gitbook.io/notes/digital-privacy/monero-mining-guide#id-1-choose-your-hardware)
1\. Choose Your Hardware
* Use a high-performance CPU such as AMD Ryzen 9 7950X or Intel i9-13900K for the best performance and energy efficiency.
* GPUs can also be used but are generally less efficient than CPUs for Monero mining.
###
[](https://martian1337.gitbook.io/notes/digital-privacy/monero-mining-guide#id-2-set-up-a-monero-wallet)
2\. Set Up a Monero Wallet
* Download an official Monero wallet to receive mining payouts.
* Recommended wallets:
* **Monero GUI Wallet:** Official full node wallet [https://www.getmonero.org/downloads/](https://www.getmonero.org/downloads/)
* **MyMonero:** Lightweight wallet
* **Monerujo:** Android mobile wallet
* Securely generate and back up your wallet address.
###
[](https://martian1337.gitbook.io/notes/digital-privacy/monero-mining-guide#id-3-download-mining-software)
3\. Download Mining Software
* Use trusted, open-source mining software optimized for RandomX:
* **XMRig:** Most popular and efficient CPU miner, supports Windows, Linux, macOS [https://xmrig.com/](https://xmrig.com/)
(Official site and GitHub for verified releases)
* **SRBMiner:** CPU miner for RandomX [https://github.com/doktor83/SRBMiner-Multi](https://github.com/doktor83/SRBMiner-Multi)
* **Gupax:** GUI miner with P2Pool integration (easy to use) [https://gupax.io/](https://gupax.io/)
* **MineCore:** [https://www.minecore.live/](https://www.minecore.live/)
* Optionally, the Monero GUI wallet has a built-in solo miner for beginners.
###
[](https://martian1337.gitbook.io/notes/digital-privacy/monero-mining-guide#id-4-join-a-mining-pool-recommended)
4\. Join a Mining Pool (Recommended)
* Pool mining provides steady payouts:
* **MineXMR:** [https://minexmr.com/](https://minexmr.com/)
* **SupportXMR:** [https://supportxmr.com/](https://supportxmr.com/)
* **P2Pool:** Decentralized pool with increased privacy [https://github.com/SChernykh/p2pool](https://github.com/SChernykh/p2pool)
* Create an account or register your wallet address on the pool.
###
[](https://martian1337.gitbook.io/notes/digital-privacy/monero-mining-guide#id-5-configure-the-miner)
5\. Configure the Miner
* Edit the miner configuration file or use the GUI:
* Enter your Monero wallet address.
* Set the mining pool URL and port.
* Adjust CPU thread usage for optimal performance.
* Enable large/huge pages if your OS permits for better efficiency.
* Save changes before starting the miner.
###
[](https://martian1337.gitbook.io/notes/digital-privacy/monero-mining-guide#id-6-start-mining-and-monitor)
6\. Start Mining and Monitor
* Run the mining software.
* Monitor your hashrate, CPU temperature, and power consumption.
* Track your mining progress and payouts via the mining pool dashboard or wallet.
* Adjust settings and optimize cooling as necessary to maximize profitability.
* * *
###
[](https://martian1337.gitbook.io/notes/digital-privacy/monero-mining-guide#useful-resources)
Useful Resources
1. [https://minexmr.com/miningguide](https://minexmr.com/miningguide)
2. [https://stealthex.io/blog/monero-mining-the-ultimate-guide-on-how-to-mine-monero-xmr/](https://stealthex.io/blog/monero-mining-the-ultimate-guide-on-how-to-mine-monero-xmr/)
3. [https://www.btcc.com/en-CA/academy/crypto-basics/monero-mining-guide-a-complete-guide-in-2025](https://www.btcc.com/en-CA/academy/crypto-basics/monero-mining-guide-a-complete-guide-in-2025)
4. [https://godex.io/blog/a-comprehensive-guide-on-how-to-mine-monero-cryptocurrency](https://godex.io/blog/a-comprehensive-guide-on-how-to-mine-monero-cryptocurrency)
5. [https://github.com/etica/randomx-documentation](https://github.com/etica/randomx-documentation)
6. [https://99bitcoins.com/guides-and-tutorials/monero-mining/](https://99bitcoins.com/guides-and-tutorials/monero-mining/)
7. [https://www.reddit.com/r/MoneroMining/comments/1l6vuzg/a\_simple\_securityfocused\_guide\_to\_mining\_monero/](https://www.reddit.com/r/MoneroMining/comments/1l6vuzg/a_simple_securityfocused_guide_to_mining_monero/)
8. [https://www.coincashew.com/coins/overview-xmr/guide-or-how-to-run-a-full-node](https://www.coincashew.com/coins/overview-xmr/guide-or-how-to-run-a-full-node)
9. [https://www.getmonero.org/resources/developer-guides/](https://www.getmonero.org/resources/developer-guides/)
10. [https://www.getmonero.org/get-started/mining/](https://www.getmonero.org/get-started/mining/)
11. [https://exolix.com/blog/how-to-mine-monero-xmr-in-2025](https://exolix.com/blog/how-to-mine-monero-xmr-in-2025)
12. [https://www.coinwarz.com/mining/monero/calculator](https://www.coinwarz.com/mining/monero/calculator)
13. [https://atomicwallet.io/academy/articles/monero-mining](https://atomicwallet.io/academy/articles/monero-mining)
14. [https://blog.monerica.com/articles/best-monero-mining-software](https://blog.monerica.com/articles/best-monero-mining-software)
[PreviousTwo-VPS Private Proxy Architecture: Nginx Reverse Proxy Over Wireguard VPN](https://martian1337.gitbook.io/notes/digital-privacy/self-hosting/two-vps-private-proxy-architecture-nginx-reverse-proxy-over-wireguard-vpn)
[NextAndroid OSes](https://martian1337.gitbook.io/notes/digital-privacy/android-oses)
Last updated 9 months ago
* [1\. Choose Your Hardware](https://martian1337.gitbook.io/notes/digital-privacy/monero-mining-guide#id-1-choose-your-hardware)
* [2\. Set Up a Monero Wallet](https://martian1337.gitbook.io/notes/digital-privacy/monero-mining-guide#id-2-set-up-a-monero-wallet)
* [3\. Download Mining Software](https://martian1337.gitbook.io/notes/digital-privacy/monero-mining-guide#id-3-download-mining-software)
* [4\. Join a Mining Pool (Recommended)](https://martian1337.gitbook.io/notes/digital-privacy/monero-mining-guide#id-4-join-a-mining-pool-recommended)
* [5\. Configure the Miner](https://martian1337.gitbook.io/notes/digital-privacy/monero-mining-guide#id-5-configure-the-miner)
* [6\. Start Mining and Monitor](https://martian1337.gitbook.io/notes/digital-privacy/monero-mining-guide#id-6-start-mining-and-monitor)
* [Useful Resources](https://martian1337.gitbook.io/notes/digital-privacy/monero-mining-guide#useful-resources)
---
# Martian Defense Notebook | Martian Defense NoteBook
For the complete documentation index, see [llms.txt](https://martian1337.gitbook.io/notes/llms.txt)
. This page is also available as [Markdown](https://martian1337.gitbook.io/notes/readme.md)
.

Welcome to the Martian Defense Notebook!!
####
[](https://martian1337.gitbook.io/notes#what-is-this)
What is this?
This is a notebook collection with cybersecurity resources and practical notes I develop during my journey in various roles as a cybersecurity professional.
Ensure to review other projects and navigate the main site at [https://martiandefense.org](https://martiandefense.org/)
[](https://martian1337.gitbook.io/notes#license)
License
-------------------------------------------------------------
[](http://creativecommons.org/licenses/by-nd/4.0/)
Copyright © Martian Defense, LLC 2025. Except where otherwise specified (the external information copied into this book belongs to the original authors), the information within Martian Defense NoteBook by Martian Defense is licensed under a [Creative Commons Attribution-NoDerivatives 4.0 International License](http://creativecommons.org/licenses/by-nd/4.0/)
. Contact Martian Defense, LLC before any reuse of this material.
[](https://martian1337.gitbook.io/notes#disclaimer)
Disclaimer
-------------------------------------------------------------------
This content includes field notes from conducting various Cybersecurity hands-on training exercises such as HacktheBox Academy, the OWASP Web Security Testing Guide, TryHackMe and personally crafted field projects from field expertise.
'Martian Defense NoteBook,' is intended for educational and informational purposes only. The content within this book is provided on an 'as is' basis, and the authors and publishers make no representations or warranties of any kind, express or implied, about the completeness, accuracy, reliability, suitability, or availability of the information, products, services, or related graphics contained within this book. Any reliance you place on such information is therefore strictly at your own risk.
The authors and publishers shall in no event be liable for any loss or damage, including without limitation, indirect or consequential loss or damage, or any loss or damage whatsoever arising from loss of data or profits arising out of, or in connection with, the use of this book.
Furthermore, the techniques and tips described in this book are provided for educational and informational purposes only, and should not be used for any illegal or malicious activities. The authors and publishers do not condone or support any illegal or unethical activities, and any use of the information contained within this book is at the user's own risk and discretion.
The user is solely responsible for any actions taken based on the information contained within this book, and should always seek professional advice and assistance when attempting to implement any of the techniques or tips described herein.
[NextKeeping it Real for Beginners](https://martian1337.gitbook.io/notes/training-and-career/keeping-it-real-for-beginners)
Last updated 6 months ago
* [License](https://martian1337.gitbook.io/notes#license)
* [Disclaimer](https://martian1337.gitbook.io/notes#disclaimer)
---
# Git | Martian Defense NoteBook
For the complete documentation index, see [llms.txt](https://martian1337.gitbook.io/notes/llms.txt)
. This page is also available as [Markdown](https://martian1337.gitbook.io/notes/digital-privacy/self-hosting/git.md)
.
[Hosting Gitea & Forgejo with Docker, Nginx, and Cloudflare Proxy](https://martian1337.gitbook.io/notes/digital-privacy/self-hosting/git/hosting-gitea-and-forgejo-with-docker-nginx-and-cloudflare-proxy)
[PreviousRemote Unlock of LUKS-Encrypted Root Disk via SSH](https://martian1337.gitbook.io/notes/digital-privacy/self-hosting/remote-unlock-of-luks-encrypted-root-disk-via-ssh)
[NextHosting Gitea & Forgejo with Docker, Nginx, and Cloudflare Proxy](https://martian1337.gitbook.io/notes/digital-privacy/self-hosting/git/hosting-gitea-and-forgejo-with-docker-nginx-and-cloudflare-proxy)
---
# Private and Secure DNS with Pi-hole and Unbound | Martian Defense NoteBook
For the complete documentation index, see [llms.txt](https://martian1337.gitbook.io/notes/llms.txt)
. This page is also available as [Markdown](https://martian1337.gitbook.io/notes/digital-privacy/privacy-focused-dns-configuration-guides/private-and-secure-dns-with-pi-hole-and-unbound.md)
.
This section provides detailed configuration guides to help implement a privacy-focused, secure DNS environment using Pi-hole and Unbound. It covers multiple installation approaches and essential security enhancements to protect DNS traffic from unwanted surveillance or manipulation.
Specifically, this type of configuration addresses:
* **Strong privacy with DNSSEC validation:** Protecting DNS integrity and authenticity by validating DNSSEC signatures on all queries.
* **Upstream DNS encryption with DNS-over-TLS (DoT):** Encrypting DNS queries between your local DNS resolver and upstream DNS servers to prevent eavesdropping and tampering.
* **SELinux compliance for Unbound running directly on the host:** Guidance on configuring SELinux policies and booleans to allow Unbound to function correctly on enforcing systems.
* **Docker container isolation when both Pi-hole and Unbound run as containers:** Best practices for networking, volume management, and security confinement within Docker environments.
* **Proper firewall and network configuration for DNS leak prevention:** Cross-platform instructions for firewall rule configuration to ensure all DNS traffic is forced through Pi-hole and Unbound, blocking any attempts to bypass or leak outside the secured DNS path.
* * *
[](https://martian1337.gitbook.io/notes/digital-privacy/privacy-focused-dns-configuration-guides/private-and-secure-dns-with-pi-hole-and-unbound#explanation-using-unbound-with-pi-hole-without-opn)
Explanation: Using Unbound with Pi-hole
-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
###
[](https://martian1337.gitbook.io/notes/digital-privacy/privacy-focused-dns-configuration-guides/private-and-secure-dns-with-pi-hole-and-unbound#what-is-unbound)
What is Unbound?
Unbound is a fast, validating, recursive, caching DNS resolver. It can:
* Query DNS root servers directly, or
* Forward DNS requests to upstream servers.
Importantly, Unbound supports **DNS over TLS (DoT)**, meaning it can encrypt DNS queries sent to upstream providers, preventing eavesdropping and tampering on the network.
###
[](https://martian1337.gitbook.io/notes/digital-privacy/privacy-focused-dns-configuration-guides/private-and-secure-dns-with-pi-hole-and-unbound#what-is-pi-hole)
What is Pi-hole?
Pi-hole is a network-wide ad blocker that acts as a DNS sinkhole. It:
* Intercepts DNS queries from clients,
* Blocks requests to known ad and tracker domains,
* Forwards allowed queries to an upstream DNS resolver.
###
[](https://martian1337.gitbook.io/notes/digital-privacy/privacy-focused-dns-configuration-guides/private-and-secure-dns-with-pi-hole-and-unbound#combining-pi-hole-with-unbound)
Combining Pi-hole with Unbound
When running them together (often on the same device or local network):
1. **Clients send DNS queries to Pi-hole.**
* Pi-hole filters and blocks ads/trackers.
2. **Pi-hole forwards DNS queries to Unbound.**
* Unbound acts as the upstream DNS resolver.
* Unbound can itself use DoT for encrypted communication to external DNS servers.
3. **Unbound returns DNS responses to Pi-hole, which forwards them to clients.**
This setup provides:
* **Ad-blocking and privacy filtering** on the local network (via Pi-hole),
* **Encrypted DNS resolution to the internet** (via Unbound’s DoT), protecting DNS queries beyond your network.
###
[](https://martian1337.gitbook.io/notes/digital-privacy/privacy-focused-dns-configuration-guides/private-and-secure-dns-with-pi-hole-and-unbound#typical-configuration-steps)
Typical Configuration Steps
* **Install Pi-hole** on your local device or server.
* In Pi-hole’s settings, **set the upstream DNS server as the IP address where Unbound is running**.
* This could be `127.0.0.1` if both run on the same machine, or a LAN IP of the Unbound host.
* **Install and configure Unbound** as a local DNS recursive resolver.
* In Unbound’s config, **set upstream DNS servers with DoT** (for example, Cloudflare’s `1.1.1.1@853` or Quad9’s `9.9.9.9@853`). Ensure certificate verification is enabled.
* Make sure Unbound **listens on the IP/interface IP** to receive queries from Pi-hole.
* Configure any necessary firewall rules to allow DNS (port 53) traffic from Pi-hole to Unbound, and allow Unbound outbound TCP port 853 to the upstream DoT servers.
###
[](https://martian1337.gitbook.io/notes/digital-privacy/privacy-focused-dns-configuration-guides/private-and-secure-dns-with-pi-hole-and-unbound#benefits-of-this-setup)
Benefits of this Setup
* **Privacy**: DNS queries from your network are encrypted in transit to the internet, preventing ISP or attacker spying.
* **Ad and tracker blocking**: Pi-hole prevents many unwanted requests, improving privacy and network performance.
* **Control and transparency**: Both Unbound and Pi-hole are open source and configurable.
###
[](https://martian1337.gitbook.io/notes/digital-privacy/privacy-focused-dns-configuration-guides/private-and-secure-dns-with-pi-hole-and-unbound#important-considerations)
Important Considerations
* Avoid DNS loops: Ensure Pi-hole sends queries only to Unbound, and Unbound is not forwarding back to Pi-hole.
* Firewall rules must allow Pi-hole to query Unbound on port 53 and allow Unbound to use port 853 outbound.
* Optionally, enforce clients to use Pi-hole by DHCP or firewall rules to prevent DNS leak.
* * *
By following these guides, you can set up a robust DNS stack that offers enhanced privacy, security, and control, suitable for home or small business networks on a wide range of Linux distributions.
[PreviousPrivacy-Focused DNS Configuration Guides](https://martian1337.gitbook.io/notes/digital-privacy/privacy-focused-dns-configuration-guides)
[NextDNS Leak Prevention and Firewall Configuration](https://martian1337.gitbook.io/notes/digital-privacy/privacy-focused-dns-configuration-guides/private-and-secure-dns-with-pi-hole-and-unbound/dns-leak-prevention-and-firewall-configuration)
Last updated 8 months ago
* [Explanation: Using Unbound with Pi-hole](https://martian1337.gitbook.io/notes/digital-privacy/privacy-focused-dns-configuration-guides/private-and-secure-dns-with-pi-hole-and-unbound#explanation-using-unbound-with-pi-hole-without-opn)
* [What is Unbound?](https://martian1337.gitbook.io/notes/digital-privacy/privacy-focused-dns-configuration-guides/private-and-secure-dns-with-pi-hole-and-unbound#what-is-unbound)
* [What is Pi-hole?](https://martian1337.gitbook.io/notes/digital-privacy/privacy-focused-dns-configuration-guides/private-and-secure-dns-with-pi-hole-and-unbound#what-is-pi-hole)
* [Combining Pi-hole with Unbound](https://martian1337.gitbook.io/notes/digital-privacy/privacy-focused-dns-configuration-guides/private-and-secure-dns-with-pi-hole-and-unbound#combining-pi-hole-with-unbound)
* [Typical Configuration Steps](https://martian1337.gitbook.io/notes/digital-privacy/privacy-focused-dns-configuration-guides/private-and-secure-dns-with-pi-hole-and-unbound#typical-configuration-steps)
* [Benefits of this Setup](https://martian1337.gitbook.io/notes/digital-privacy/privacy-focused-dns-configuration-guides/private-and-secure-dns-with-pi-hole-and-unbound#benefits-of-this-setup)
* [Important Considerations](https://martian1337.gitbook.io/notes/digital-privacy/privacy-focused-dns-configuration-guides/private-and-secure-dns-with-pi-hole-and-unbound#important-considerations)
---
# De-Googling Android | Martian Defense NoteBook
For the complete documentation index, see [llms.txt](https://martian1337.gitbook.io/notes/llms.txt)
. This page is also available as [Markdown](https://martian1337.gitbook.io/notes/digital-privacy/opsec/de-googling-android.md)
.
When Google wants to release a new version of Android it goes through [AOSP](https://source.android.com/)
first.
This Open-Source version is received by every phone OEM/Manufacturer.
Google does not put any proprietary code in this version:
* No Google Play, YouTube, Gmail
* No Google Login
* No telemetry with Google at all
You can also use the ROMs at [Evolution-X](https://evolution-x.org/download)
####
[](https://martian1337.gitbook.io/notes/digital-privacy/opsec/de-googling-android#critical-guidelines)
Critical Guidelines
1. In order to De-Google any Android device it must be rooted into AOSP OS
2. After phone is rooted, **don't reinstall Google Play or any related apps**
3. Always protect your true IP. Any home address IP (ISP provided IP) discovered in use by the device will compromise the user's identity
4. Be careful which apps are installed on the devices
5. Don't add any google account to any app on the device
###
[](https://martian1337.gitbook.io/notes/digital-privacy/opsec/de-googling-android#apps-to-install)
Apps to Install
Install [F-Droid](https://f-droid.org/)
- Open-source Android Apps unrelated to Google play
DuckDuckGo - Privacy Browser
[Newpipe](https://newpipe.net/#download)
- Youtube alternative without permissions/identity
**Aurora Store**
[https://f-droid.org/en/packages/com.aurora.store/](https://f-droid.org/en/packages/com.aurora.store/)
Aurora store spoofs the phone's ID to download apps that don't require much telemetry and includes updates from Google Play. Some apps will always require IP information but Aurora prevents the identification of the device itself.
**MicroG**
Some apps require Google services so we must install MicroG. MicroG is a Google services spoofer that makes apps think they are communicating with Google, routes notifications for installed private apps, and can also spoof location.
Note: Enable Device registration to receive notifications
####
[](https://martian1337.gitbook.io/notes/digital-privacy/opsec/de-googling-android#osmand)
OsmAnd
[https://f-droid.org/en/packages/net.osmand.plus/](https://f-droid.org/en/packages/net.osmand.plus/)
OsmAnd is an offline world map application based on OpenStreetMap (OSM), which allows you to navigate taking into account the preferred roads and vehicle dimensions
**Authy**
Authy is a Google Authenticator alternative and can be used for OTP logins
[](https://martian1337.gitbook.io/notes/digital-privacy/opsec/de-googling-android#travel-profile-considerations)
Travel Profile considerations
---------------------------------------------------------------------------------------------------------------------------------------------------
**WAZE**
Waze is owned by Google but can be used without Google location services for Navigation & GPS use. Waze can be used without logging in to the app
[PreviousMartian's Stack](https://martian1337.gitbook.io/notes/digital-privacy/opsec/martians-stack)
[NextAcquiring Monero (XMR) Anonymously](https://martian1337.gitbook.io/notes/digital-privacy/opsec/acquiring-monero-xmr-anonymously)
Last updated 8 months ago
* [Apps to Install](https://martian1337.gitbook.io/notes/digital-privacy/opsec/de-googling-android#apps-to-install)
* [Travel Profile considerations](https://martian1337.gitbook.io/notes/digital-privacy/opsec/de-googling-android#travel-profile-considerations)
---
# Certifications | Martian Defense NoteBook
For the complete documentation index, see [llms.txt](https://martian1337.gitbook.io/notes/llms.txt)
. This page is also available as [Markdown](https://martian1337.gitbook.io/notes/notes/certifications.md)
.
[CSSLP](https://martian1337.gitbook.io/notes/notes/certifications/csslp)
[PreviousCryptography Checklist](https://martian1337.gitbook.io/notes/notes/cheatsheets/capture-the-flag-training/cryptography-checklist)
[NextCSSLP](https://martian1337.gitbook.io/notes/notes/certifications/csslp)
Last updated 1 year ago
---
# Web Security Testing | Martian Defense NoteBook
For the complete documentation index, see [llms.txt](https://martian1337.gitbook.io/notes/llms.txt)
. This page is also available as [Markdown](https://martian1337.gitbook.io/notes/notes/cheatsheets/web-security-testing.md)
.
[Information Gathering](https://martian1337.gitbook.io/notes/notes/cheatsheets/web-security-testing/information-gathering)
[Web Fuzzing](https://martian1337.gitbook.io/notes/notes/cheatsheets/web-security-testing/web-fuzzing)
[SQL Injection Fundamentals](https://martian1337.gitbook.io/notes/notes/cheatsheets/web-security-testing/sql-injection-fundamentals)
[Login Brute Forcing](https://martian1337.gitbook.io/notes/notes/cheatsheets/web-security-testing/login-brute-forcing)
[PreviousCheatsheets](https://martian1337.gitbook.io/notes/notes/cheatsheets)
[NextInformation Gathering](https://martian1337.gitbook.io/notes/notes/cheatsheets/web-security-testing/information-gathering)
---
# Live Vulnerable Sites | Martian Defense NoteBook
For the complete documentation index, see [llms.txt](https://martian1337.gitbook.io/notes/llms.txt)
. This page is also available as [Markdown](https://martian1337.gitbook.io/notes/training-and-career/platforms/live-vulnerable-sites.md)
.
[Testfire.net](https://demo.testfire.net/login.jsp)
- Vulnerable Banking Application
[OWASP Juice Shop](https://demo.owasp-juice.shop/#/)
- Vulnerable Shopping Application
[Google Gruyere](https://google-gruyere.appspot.com/)
- Google Developed app with various by-design vulnerabilities
[bWAPP](http://www.itsecgames.com/)
- Open-source vulnerable web app with web vulnerabilities for practice.
[PreviousCTF Sites](https://martian1337.gitbook.io/notes/training-and-career/platforms/ctf-sites)
[NextApplication Security](https://martian1337.gitbook.io/notes/resources/appsec)
Last updated 10 months ago
---
# General | Martian Defense NoteBook
For the complete documentation index, see [llms.txt](https://martian1337.gitbook.io/notes/llms.txt)
. This page is also available as [Markdown](https://martian1337.gitbook.io/notes/training-and-career/platforms/general.md)
.
[](https://martian1337.gitbook.io/notes/training-and-career/platforms/general#web-languages)
Web Languages
---------------------------------------------------------------------------------------------------------------
[FreeCodeCamp Javascript Course](https://www.youtube.com/watch?v=jS4aFq5-91M)
[](https://martian1337.gitbook.io/notes/training-and-career/platforms/general#linux)
Linux
-----------------------------------------------------------------------------------------------
[Bash Academy](https://guide.bash.academy/)
[](https://martian1337.gitbook.io/notes/training-and-career/platforms/general#cloud)
Cloud
-----------------------------------------------------------------------------------------------
[Altered Security - Azure Pentesting](https://azure.enterprisesecurity.io/login.jsp)
[Cloud Resume Challenge](https://cloudresumechallenge.dev/)
[https://pwnedlabs.io/](https://pwnedlabs.io/)
[](https://martian1337.gitbook.io/notes/training-and-career/platforms/general#reverse-engineering)
Reverse Engineering
---------------------------------------------------------------------------------------------------------------------------
[https://revers.engineering/applied-re-accelerated-assembly-p1/](https://revers.engineering/applied-re-accelerated-assembly-p1/)
[https://github.com/SkyPenguinLabs/REplay](https://github.com/SkyPenguinLabs/REplay)
[](https://martian1337.gitbook.io/notes/training-and-career/platforms/general#cryptography)
Cryptography
-------------------------------------------------------------------------------------------------------------
[https://cryptohack.org/](https://cryptohack.org/)
[PreviousPlatforms](https://martian1337.gitbook.io/notes/training-and-career/platforms)
[NextOffensive Security](https://martian1337.gitbook.io/notes/training-and-career/platforms/offensive-security)
Last updated 1 year ago
* [Web Languages](https://martian1337.gitbook.io/notes/training-and-career/platforms/general#web-languages)
* [Linux](https://martian1337.gitbook.io/notes/training-and-career/platforms/general#linux)
* [Cloud](https://martian1337.gitbook.io/notes/training-and-career/platforms/general#cloud)
* [Reverse Engineering](https://martian1337.gitbook.io/notes/training-and-career/platforms/general#reverse-engineering)
* [Cryptography](https://martian1337.gitbook.io/notes/training-and-career/platforms/general#cryptography)
---
# Defensive Security | Martian Defense NoteBook
For the complete documentation index, see [llms.txt](https://martian1337.gitbook.io/notes/llms.txt)
. This page is also available as [Markdown](https://martian1337.gitbook.io/notes/training-and-career/platforms/defensive-security.md)
.
[](https://martian1337.gitbook.io/notes/training-and-career/platforms/defensive-security#malware-analysis)
Malware Analysis
--------------------------------------------------------------------------------------------------------------------------------
[Awesome Malware Analysis repo](https://github.com/rshipp/awesome-malware-analysis)
!
[University of Cincinatti Malware Analysis class](https://class.malware.re/)
[Malware Analysis course by RPISEC](https://github.com/RPISEC/Malware)
[Zero2Auto Malware RE course](https://courses.zero2auto.com/)
!
[TCM Security Practical Junior Malware Researcher course](https://certifications.tcm-sec.com/pjmr/)
!
[LetsDefend Malware Analysis Fundamentals](https://t.co/IlSVy6V50V)
[MSSP Lab](https://mssplab.github.io/)
[Malware Unicorn](https://malwareunicorn.org/#/workshops)
[](https://martian1337.gitbook.io/notes/training-and-career/platforms/defensive-security#vendor-specific)
Vendor-Specific
------------------------------------------------------------------------------------------------------------------------------
[Qualys Vulnerability Management training](https://www.qualys.com/training/)
[Azure Sentinel Training](https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Training/Azure-Sentinel-Training-Lab/README.md)
[](https://martian1337.gitbook.io/notes/training-and-career/platforms/defensive-security#incident-response)
Incident Response
----------------------------------------------------------------------------------------------------------------------------------
[OpenSOC - Network Defense Simulation](https://opensoc.io/)
[PreviousOffensive Security](https://martian1337.gitbook.io/notes/training-and-career/platforms/offensive-security)
[NextCTF Sites](https://martian1337.gitbook.io/notes/training-and-career/platforms/ctf-sites)
Last updated 1 year ago
* [Malware Analysis](https://martian1337.gitbook.io/notes/training-and-career/platforms/defensive-security#malware-analysis)
* [Vendor-Specific](https://martian1337.gitbook.io/notes/training-and-career/platforms/defensive-security#vendor-specific)
* [Incident Response](https://martian1337.gitbook.io/notes/training-and-career/platforms/defensive-security#incident-response)
---
# DNS Leak Prevention and Firewall Configuration | Martian Defense NoteBook
For the complete documentation index, see [llms.txt](https://martian1337.gitbook.io/notes/llms.txt)
. This page is also available as [Markdown](https://martian1337.gitbook.io/notes/digital-privacy/privacy-focused-dns-configuration-guides/private-and-secure-dns-with-pi-hole-and-unbound/dns-leak-prevention-and-firewall-configuration.md)
.
It is important to block all outbound DNS traffic on the host except traffic destined to your Pi-hole and Unbound services (whether on host or Docker network). This prevents DNS queries from bypassing your private DNS, avoiding leaks to ISP or external resolvers.
####
[](https://martian1337.gitbook.io/notes/digital-privacy/privacy-focused-dns-configuration-guides/private-and-secure-dns-with-pi-hole-and-unbound/dns-leak-prevention-and-firewall-configuration#red-hat-based-distros-rhel-centos-fedora-rocky-linux-almalinux-etc.-using-firewalld)
Red Hat-based Distros (RHEL, CentOS, Fedora, Rocky Linux, AlmaLinux, etc.) Using `firewalld`
Copy
# Block all outbound DNS TCP/UDP traffic by default
sudo firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="0.0.0.0/0" port port="53" protocol="tcp" reject'
sudo firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="0.0.0.0/0" port port="53" protocol="udp" reject'
# Allow DNS traffic to local Docker bridge subnet (example here: 172.28.0.0/16)
sudo firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="172.28.0.0/16" port port="53" protocol="tcp" accept'
sudo firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="172.28.0.0/16" port port="53" protocol="udp" accept'
# Reload firewall to apply rules
sudo firewall-cmd --reload
###
[](https://martian1337.gitbook.io/notes/digital-privacy/privacy-focused-dns-configuration-guides/private-and-secure-dns-with-pi-hole-and-unbound/dns-leak-prevention-and-firewall-configuration#debian-ubuntu-using-ufw)
Debian/Ubuntu Using `ufw`
Copy
# Deny all outgoing DNS traffic by default
sudo ufw deny out 53/tcp
sudo ufw deny out 53/udp
# Allow DNS queries only to Docker network IP range (example: 172.28.0.0/16)
sudo ufw allow out to 172.28.0.0/16 port 53 proto tcp
sudo ufw allow out to 172.28.0.0/16 port 53 proto udp
# Reload ufw to apply changes
sudo ufw reload
###
[](https://martian1337.gitbook.io/notes/digital-privacy/privacy-focused-dns-configuration-guides/private-and-secure-dns-with-pi-hole-and-unbound/dns-leak-prevention-and-firewall-configuration#arch-linux-or-other-distros-using-iptables)
Arch Linux or Other Distros Using `iptables`
* * *
###
[](https://martian1337.gitbook.io/notes/digital-privacy/privacy-focused-dns-configuration-guides/private-and-secure-dns-with-pi-hole-and-unbound/dns-leak-prevention-and-firewall-configuration#for-arch-linux-or-other-distros-using-nftables)
For Arch Linux or Other Distros Using `nftables`
###
[](https://martian1337.gitbook.io/notes/digital-privacy/privacy-focused-dns-configuration-guides/private-and-secure-dns-with-pi-hole-and-unbound/dns-leak-prevention-and-firewall-configuration#firewall-configuration-notes)
Firewall Configuration Notes
* Replace `172.28.0.0/16` with the actual subnet of your Docker bridge network or host DNS servers as applicable.
* Ensure **all client devices and the host itself use only Pi-hole IP(s) as their DNS servers**.
* Test your DNS leak protection with online tools like [dnsleaktest.com](https://www.dnsleaktest.com/)
.
* Adjust firewall rules for IPv6 if your network utilizes it.
* For less common firewalls, consult the distro or firewall documentation for equivalent rules permitting and restricting DNS traffic.
[PreviousPrivate and Secure DNS with Pi-hole and Unbound](https://martian1337.gitbook.io/notes/digital-privacy/privacy-focused-dns-configuration-guides/private-and-secure-dns-with-pi-hole-and-unbound)
[NextConfiguring DoT with Unbound and Pi-hole on OPNsense](https://martian1337.gitbook.io/notes/digital-privacy/privacy-focused-dns-configuration-guides/configuring-dot-with-unbound-and-pi-hole-on-opnsense)
Last updated 8 months ago
* [Debian/Ubuntu Using ufw](https://martian1337.gitbook.io/notes/digital-privacy/privacy-focused-dns-configuration-guides/private-and-secure-dns-with-pi-hole-and-unbound/dns-leak-prevention-and-firewall-configuration#debian-ubuntu-using-ufw)
* [Arch Linux or Other Distros Using iptables](https://martian1337.gitbook.io/notes/digital-privacy/privacy-focused-dns-configuration-guides/private-and-secure-dns-with-pi-hole-and-unbound/dns-leak-prevention-and-firewall-configuration#arch-linux-or-other-distros-using-iptables)
* [For Arch Linux or Other Distros Using nftables](https://martian1337.gitbook.io/notes/digital-privacy/privacy-focused-dns-configuration-guides/private-and-secure-dns-with-pi-hole-and-unbound/dns-leak-prevention-and-firewall-configuration#for-arch-linux-or-other-distros-using-nftables)
* [Firewall Configuration Notes](https://martian1337.gitbook.io/notes/digital-privacy/privacy-focused-dns-configuration-guides/private-and-secure-dns-with-pi-hole-and-unbound/dns-leak-prevention-and-firewall-configuration#firewall-configuration-notes)
Copy
# Drop all outbound DNS TCP and UDP traffic
sudo iptables -A OUTPUT -p tcp --dport 53 -j DROP
sudo iptables -A OUTPUT -p udp --dport 53 -j DROP
# Insert rule to ACCEPT DNS traffic to Docker bridge subnet before drop rules
sudo iptables -I OUTPUT -p tcp -d 172.28.0.0/16 --dport 53 -j ACCEPT
sudo iptables -I OUTPUT -p udp -d 172.28.0.0/16 --dport 53 -j ACCEPT
Copy
nft add table inet filter
nft add chain inet filter output { type filter hook output priority 0 \; }
# Drop all outbound DNS traffic
nft add rule inet filter output udp dport 53 drop
nft add rule inet filter output tcp dport 53 drop
# Accept DNS traffic to Docker subnet (replace subnet accordingly)
nft add rule inet filter output ip daddr 172.28.0.0/16 udp dport 53 accept
nft add rule inet filter output ip daddr 172.28.0.0/16 tcp dport 53 accept
---
# Media | Martian Defense NoteBook
For the complete documentation index, see [llms.txt](https://martian1337.gitbook.io/notes/llms.txt)
. This page is also available as [Markdown](https://martian1337.gitbook.io/notes/training-and-career/media.md)
.
Podcasts
YouTube Channels
[Absolute AppSec](https://absoluteappsec.com/)
[Adventures of Alice and Bob by BeyondTrust](https://www.beyondtrust.com/podcast)
[Cyber Security Sauna](https://cybersecuritysauna.libsyn.com/)
[Darknet Diaries](https://darknetdiaries.com/)
[Hacking Humans](https://thecyberwire.com/podcasts/hacking-humans)
[Malicious Life by Cybereason](https://malicious.life/)
[Naked Security Podcast by SOPHOS](https://nakedsecurity.sophos.com/category/podcast/)
[OWASP Podcast](https://owasp.org/www-project-podcast/)
[Security Weekly](https://securityweekly.com/)
[Smashing Security](https://www.smashingsecurity.com/)
[Social-Engineer Podcast](https://www.social-engineer.org/podcasts/)
[The 443 Security Simplified](https://www.secplicity.org/category/the-443/)
[The Cyber Queens Podcast](https://www.cyberqueenspodcast.com/)
[The Cyber Tap (Purdue cyberTAP)](https://cyber.tap.purdue.edu/)
[The Hacker Chronicles Podcast by Tenable](https://www.tenable.com/podcast/hacker-chronicles)
[The Hacker Mind](https://thehackermind.com/)
[The H4unt3d Hacker](https://thehauntedhacker.com/podcasts)
[The Shared Security Show](https://sharedsecurity.net/)
[What The Shell](https://whattheshellpod.com/)
[Modem Mischief](https://open.spotify.com/show/7zYPND0AQUW8EKEv1RC30s?si=cd40ca10a67e4ae5&nd=1)
[Click here by RecordedFuture](https://open.spotify.com/show/2kxOETGvN32D6hZu0wPntG?si=44442e9431594bcf&nd=1)
[Hacked](https://open.spotify.com/show/21zZfOy7VCSIIWlJ64DElv?si=085e8ff8421e4f39&nd=1)
DFIRScience
[HackerOne videos](https://www.hacker101.com/videos)
[InsiderPhD](https://www.youtube.com/c/InsiderPhD)
[Series for new bug hunters](https://www.youtube.com/playlist?list=PLbyncTkpno5FAC0DJYuJrEqHSMdudEffw)
[Jhaddix](https://www.youtube.com/c/jhaddix)
[IppSec Channel - Hack The Box Writeups](https://www.youtube.com/channel/UCa6eh7gCkpPo5XXUDfygQQA)
[LiveOverflow - Explore weird machines...](https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w)
[GynvaelEN - Podcasts about CTFs, computer security, programing and more](https://www.youtube.com/channel/UCCkVMojdBWS-JtH7TliWkVg)
[John Hammond - Wargames and CTF writeups](https://www.youtube.com/channel/UCVeW9qkBjo3zosnqUbG7CFw)
[Murmus CTF - Weekly live streamings](https://www.youtube.com/channel/UCUB9vOGEUpw7IKJRoR4PK-A)
[PwnFunction](https://www.youtube.com/channel/UCW6MNdOsqv2E9AjQkv9we7A)
[OJ Reeves](https://www.youtube.com/channel/UCz2aqRQWMhJ4wcJq3XneqRg)
[Hacksplained - A Beginner Friendly Guide to Hacking](https://www.youtube.com/c/hacksplained)
[STÖK](https://www.youtube.com/c/STOKfredrik)
[Defcon](https://www.youtube.com/user/DEFCONConference)
[Hackersploit](https://www.youtube.com/channel/UC0ZTPkdxlAKf-V33tqXwi3Q)
[The Cyber Mentor](https://www.youtube.com/channel/UC0ArlFuFYMpEewyRBzdLHiw)
[Nahamsec](https://www.youtube.com/c/Nahamsec)
[Hackerone](https://www.youtube.com/channel/UCsgzmECky2Q9lQMWzDwMhYw)
[The Hated one](https://www.youtube.com/channel/UCjr2bPAyPV7t35MvcgT3W8Q)
[stacksmashing / Ghidra Ninja](https://www.youtube.com/channel/UC3S8vxwRfqLBdIhgRlDRVzw)
[Hak5](https://www.youtube.com/channel/UC3s0BtrBJpwNDaflRSoiieQ)
[Professor Messer](https://www.youtube.com/@professormesser)
[BlackPerl](https://www.youtube.com/@BlackPerl)
[Hack eXPlorer](https://www.youtube.com/@HackeXPlorer)
[Peter Yaworski](https://www.youtube.com/@yaworsk1)
[Security Weekly](https://www.youtube.com/@SecurityWeekly)
[MalwareTechBlog](https://www.youtube.com/@MalwareTechBlog)
[DFIRScience](https://www.youtube.com/@DFIRScience)
[PreviousReading and Repos](https://martian1337.gitbook.io/notes/training-and-career/reading-and-repos)
[NextGuides](https://martian1337.gitbook.io/notes/training-and-career/guides)
Last updated 1 year ago
---
# Bug Bounty Programs | Martian Defense NoteBook
For the complete documentation index, see [llms.txt](https://martian1337.gitbook.io/notes/llms.txt)
. This page is also available as [Markdown](https://martian1337.gitbook.io/notes/notes/security-research/bug-bounty/bug-bounty-programs.md)
.
[The Bug Bounty Radar - The Latest Public Bug Bounty Programs | The Bug Bounty Radarbbradar.io](https://bbradar.io/)
[Bug Bounty Program List | BugcrowdBugcrowd](https://www.bugcrowd.com/bug-bounty-list/)
[Bug Bounty Public ProgramsIntigriti](https://www.intigriti.com/programs)
[PreviousBug Bounty](https://martian1337.gitbook.io/notes/notes/security-research/bug-bounty)
[NextCVE Hunting Python Repos with VulnHunter](https://martian1337.gitbook.io/notes/notes/security-research/cve-hunting-python-repos-with-vulnhunter)
Last updated 1 year ago
---
# PHP Security | Martian Defense NoteBook
For the complete documentation index, see [llms.txt](https://martian1337.gitbook.io/notes/llms.txt)
. This page is also available as [Markdown](https://martian1337.gitbook.io/notes/notes/product-security-engineering/php-security.md)
.
**Decode the cookie for unserialize() flaw**
View the cookies from the sample web application using your browser’s built-in "developer tools". For instance, opening up your developer console, you can enter `document.cookie`.
We are interested in the value set for the applicable cookie, which determines which fields to display.
Our "columns" cookie has the following encoded value:
Copy
YTo1OntzOjQ6Im5hbWUiO2I6MTtzOjU6ImVtYWlsIjtiOjA7czo1OiJwaG9uZSI7YjowO3M6ODoic3VtbWFyeSI7YjoxO3M6NjoicGF5IjtiOjA7fTc%3D
we see a string ending with `%3D` or `=` there is a high chance it is encoded in Base64.
To decode this string, enter the following in your Terminal:
Copy
echo "YTo1OntzOjQ6Im5hbWUiO2I6MTtzOjU6ImVtYWlsIjtiOjA7czo1OiJwaG9uZSI7YjowO3M6ODoic3VtbWFyeSI7YjoxO3M6NjoicGF5IjtiOjA7fTc%3D" | base64 -d
Decoded, we can see that this is [serialized](https://en.wikipedia.org/wiki/Serialization)
data. It says: an array of five elements, each element having as the index the column name and the value a boolean flag. We could expand this into an array that looks something like:
Copy
Array
(
[name] => 1
[email] => 0
[phone] => 0
[summary] => 1
[pay] => 0
)
The boolean 1 or 0 values determine which fields are shown to the user. Optionally see [this article](https://en.wikipedia.org/wiki/PHP_serialization_format)
for more details on this serialized data structure.
We can modify the serialized string to show _all_ the columns by changing the `b:0` entries to `b:1`, re-encoding it in Base64, and replacing the value of the cookie. For instance, the following line at the Terminal will display a Base64-encoded string representing our serialized data where all the array values are "on":
We're now going to tamper with the existing cookie to use this value instead. This can be done using a browser extensions and dedicated tools like BurpSuite, CyberChef, [Postman](https://learning.postman.com/docs/sending-requests/cookies/)
, or even a web proxy. In this case, we can also just use [curl](https://everything.curl.dev/http/cookies)
at the Terminal by passing the `-b` option:
Replace "YOUR\_COOKIE\_VALUE" with your modified Base64-encoded string, through to the ending `=` sign, as created in the command above.
This can be used to prove that, on the server side, an `unserialize()` function call was made to fetch the sensitive backend data.
[PreviousThreat Modeling](https://martian1337.gitbook.io/notes/notes/product-security-engineering/threat-modeling)
[NextProduct Security Governance](https://martian1337.gitbook.io/notes/notes/product-security-engineering/product-security-governance)
Last updated 1 year ago
Copy
echo -n 'a:5:{s:4:"name";b:1;s:5:"email";b:1;s:5:"phone";b:1;s:8:"summary";b:1;s:6:"pay";b:1;}' | base64 -w0
Copy
curl -H 'Origin: https://example.site' -X POST https://example.site -b "columns=YOUR_COOKIE_VALUE"
---
# Publishing CVEs | Martian Defense NoteBook
For the complete documentation index, see [llms.txt](https://martian1337.gitbook.io/notes/llms.txt)
. This page is also available as [Markdown](https://martian1337.gitbook.io/notes/notes/security-research/publishing-cves.md)
.
1. **Identify a New Vulnerability**: Research and ensure that the vulnerability you've discovered hasn't been reported. Check if the vulnerability has already been reported in the [MITRE Database](https://cve.mitre.org/)
or other databases such as [exploit-db](https://www.exploit-db.com/)
2. **Responsible Disclosure to Vendor**: Contact the product's vendor or owner to report the vulnerability discreetly. Document all communication attempts for proof that you have tried to multiple times to contact the vendor in order to remediate the finding before going public with your research
3. **Work with Cooperative Vendors**: If the vendor is responsive, collaborate on a mitigation strategy and agree on a coordinated disclosure timeline.
4. **Handling Non-Responsive Vendors**: If there's no response, consider waiting for a period (30 to 90 days) before public disclosure. Meanwhile, apply for a CVE ID from MITRE.
5. **Request CVE ID from MITRE**: Submit the vulnerability details to MITRE for a CVE ID by requesting a CVE ID from MITRE via the [CVE Submission Form](https://cveform.mitre.org/)
. This process can take time, and the CVE will initially be in a 'RESERVED' state.
6. **Publishing the CVE**: Once you've waited the agreed-upon time and have the CVE ID, publish your findings on platforms like PacketStorm Security or CX Security. Include the CVE ID in your publication.
7. **Notify MITRE of Publication**: After publishing, inform MITRE with the publication links to update the CVE from 'RESERVED' to 'PUBLISHED'.
Additional References
**Trustwave's Guide**: "A Simple Guide to Getting CVEs Published" offers a comprehensive step-by-step process. [Trustwave Guide](https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/a-simple-guide-to-getting-cves-published/)
[https://infosecwriteups.com/how-to-register-and-publish-a-cve-for-your-awesome-vulnerability-e68a6a5f748f](https://infosecwriteups.com/how-to-register-and-publish-a-cve-for-your-awesome-vulnerability-e68a6a5f748f)
[PreviousSecurity Research](https://martian1337.gitbook.io/notes/notes/security-research)
[NextShodan Dork Cheatsheet](https://martian1337.gitbook.io/notes/notes/security-research/shodan-dork-cheatsheet)
Last updated 1 year ago
---
# JWTs and JSON | Martian Defense NoteBook
For the complete documentation index, see [llms.txt](https://martian1337.gitbook.io/notes/llms.txt)
. This page is also available as [Markdown](https://martian1337.gitbook.io/notes/notes/appsec/json.md)
.
**Manipulating JWTs**
1. Paste the token into jwt.io
2. Replace the "alg" value with "none" in header. (try the alg header variations such as "none", "None", "nOnE", "NONE".)
3. Replace arbitrary values of the payload e.g. "username" with "admin".
4. Empty the signature field
If the error "Invalid Signature" occured, we can manually create Base64 value for each section (remove the "=" symbol). If you want to empty the signature field manually, you can delete the final section.
1. Now copy the JWT.
2. Go to the website and replace the original JWT with the new one in HTTP header.
**Changing Expiration**
During JWT testing, you should try to modify the "exp" value:
`"exp": 1679156071 -> 991679156071`
**JQ Queries**
Command
Description
`cat vulnapp.json | jq '.Servers[]'`
Retrieve the top level object (Servers array element)
`cat vulnapp.json | jq '.Servers[].Instances'`
Access an object within an array using dot notation
`cat vulnapp.json | jq '.Servers[].Instances[]ServerType'`
Access an individual object deeper within an array
Quietly download a list of ip ranges, use jq tp parse through the file, sort the data, and output the results to a text file
Copy
wget -qO https://ip-ranges.cloudvendor.com/ip-ranges.json | jq '.prefxes[] | if .region == "country-region-1" then ip_prefixes else empty end' -r | sort -u > country-region-range.txt
[PreviousCommand Injection Testing](https://martian1337.gitbook.io/notes/notes/appsec/command-injection-testing)
[NextSecurity Research](https://martian1337.gitbook.io/notes/notes/security-research)
Last updated 1 year ago
---
# Product Security Engineering | Martian Defense NoteBook
For the complete documentation index, see [llms.txt](https://martian1337.gitbook.io/notes/llms.txt)
. This page is also available as [Markdown](https://martian1337.gitbook.io/notes/notes/product-security-engineering.md)
.
[DevSecOps](https://martian1337.gitbook.io/notes/notes/product-security-engineering/devsecops)
[SAST/SCA](https://martian1337.gitbook.io/notes/notes/product-security-engineering/sast-sca)
[Product Security Hardening](https://martian1337.gitbook.io/notes/notes/product-security-engineering/product-security-hardening)
[Threat Modeling](https://martian1337.gitbook.io/notes/notes/product-security-engineering/threat-modeling)
[PHP Security](https://martian1337.gitbook.io/notes/notes/product-security-engineering/php-security)
[Product Security Governance](https://martian1337.gitbook.io/notes/notes/product-security-engineering/product-security-governance)
[PreviousAI](https://martian1337.gitbook.io/notes/resources/ai-and-ml)
[NextDevSecOps](https://martian1337.gitbook.io/notes/notes/product-security-engineering/devsecops)
Last updated 1 year ago
---
# Programming | Martian Defense NoteBook
For the complete documentation index, see [llms.txt](https://martian1337.gitbook.io/notes/llms.txt)
. This page is also available as [Markdown](https://martian1337.gitbook.io/notes/resources/coding.md)
.
####
[](https://martian1337.gitbook.io/notes/resources/coding#web)
Web
Web Language Docs
Online Web Coding Environments
Guides
Web
[SOAP](https://www.w3schools.com/XML/xml_soap.asp)
(XML)
[GraphQL](https://graphql.org/)
[HTML](https://www.w3schools.com/html/default.asp)
[CSS](https://www.w3schools.com/Css/)
[JavaScript](https://www.w3schools.com/js/DEFAULT.asp)
[Web.Dev (Web Language Learning)](https://web.dev/learn/)
!
[Front-end Checklist](https://frontendchecklist.io/)
[Devhints](https://devhints.io/)
!
Web Languages Practice
[Codepen](https://codepen.io/)
- build, test, and discover front-end code
[The Odin Project](https://www.theodinproject.com/)
- full-stack curriculum (free)
[Codeply](https://www.codeply.com/)
- HTML/CSS/JS editor with frameworks and templates
[JavaScript for Pentesters (PTA Walkthrough)](https://sp1icer.dev/writeups/javascript-for-pentesters-intro/)
[JavaScript for Pentesters Part 2](https://sp1icer.dev/writeups/javascript-for-pentesters-pt-2/)
[Full Stack Open](https://fullstackopen.com/en/)
- Javascript Training
[](https://martian1337.gitbook.io/notes/resources/coding#system-coding)
System Coding
------------------------------------------------------------------------------------------
General
Docs
Linux/Shellcode
Tools/Helpers
Challenges
[Interactive language learning Repo from @ronreiter](https://github.com/ronreiter/interactive-tutorials)
[Roadmap.sh](https://roadmap.sh/roadmaps)
- Collection of free language learning resources by developer job role !
[LearnXinYminutes](https://learnxinyminutes.com/)
\- Language Learning Site
[DevDocs](https://devdocs.io/)
- searchable library of various common API documentation
[Python Tutorial](https://www.pythontutorial.net/)
[Free Programming Books](https://github.com/EbookFoundation/free-programming-books)
Scripting/Programming Docs
[Python](https://wiki.python.org/moin/BeginnersGuide)
!
[C](https://www.learn-c.org/)
[Go](https://www.go.dev/)
[Rust](https://www.rust-lang.org/)
[FOSS Linux](https://www.fosslinux.com/)
[Linuxize](https://linuxize.com/)
[It's FOSS](https://itsfoss.com/)
[LinuxOPsys](https://linuxopsys.com/)
[Linux Hint](https://linuxhint.com/)
[Linux Command](https://linuxcommand.org/)
[Linux Handbook](https://linuxhandbook.com/)
[Linux Journey](https://linuxjourney.com/)
[Linux Survival](https://linuxsurvival.com/)
[Tecmint](https://www.tecmint.com/)
Coding References
[Visual Studio Download](https://visualstudio.microsoft.com/downloads/)
(VS)
[Snyk Vulnerability Scanner](https://docs.snyk.io/ide-tools/visual-studio-code-extension)
- extension that does analysis while using VS Code
[AWS CodeWhisperer](https://docs.aws.amazon.com/toolkit-for-vscode/latest/userguide/codewhisperer.html)
- ML-powered code suggestion VS extension
[Live Preview](https://marketplace.visualstudio.com/items?itemName=ms-vscode.live-server)
- VS extension that shows web projects while coding
[Devhints](https://devhints.io/)
- Code Samples/cheatsheets !
[HackerEarth](https://www.hackerearth.com/)
[Hackerrank](https://www.hackerrank.com/)
[CodeChef](https://www.codechef.com/)
[TopCoder](https://www.topcoder.com/)
[Exercism](https://exercism.io/)
[Codewars](https://www.codewars.com/)
[LeetCode](https://leetcode.com/)
[Sphere Online Judge](http://www.spoj.com/)
[CodinGame](https://www.codingame.com/)
[ROP emporium](https://ropemporium.com/)
(ROP challenges)
[CheckIO Python/TypeScript Challenges](https://py.checkio.org/)
[PreviousCybersecurity Operating Systems](https://martian1337.gitbook.io/notes/resources/general-cybersecurity/cybersecurity-operating-systems)
[NextReverse Engineering](https://martian1337.gitbook.io/notes/resources/reverse-engineering)
Last updated 6 months ago
---
# Product Security Governance | Martian Defense NoteBook
For the complete documentation index, see [llms.txt](https://martian1337.gitbook.io/notes/llms.txt)
. This page is also available as [Markdown](https://martian1337.gitbook.io/notes/notes/product-security-engineering/product-security-governance.md)
.
###
[](https://martian1337.gitbook.io/notes/notes/product-security-engineering/product-security-governance#software-security-flow-down)
Software Security Flow Down
**Phase**
**Description**
**Supporting Document(s)**
**Security Flow-Down Considerations**
**Requirements Specification**
Defines in a complete, precise, and verifiable manner the requirements, design, behavior, or other expected characteristics of a system, service, or process.
Draft Statement of Work (SoW), Draft Requirements Description Document (RDD)
Capture explicit security requirements (e.g., authentication, data protection, compliance, logging).
**Analysis**
Examination of acquired data for its significance and probative value to the case.
SoW, Requirements Description Document (RDD), Draft Software Requirements Specification (SRS)
Validate security requirements against threat models, compliance standards, and risk assessments.
**Design**
Process to define the architecture, system elements, interfaces, and other characteristics of a system or system element.
Software Requirements Specification (SRS), Draft Software Design Document (SDD), Draft Software Development Plan (SDP)
Incorporate security architecture (secure data flows, access control, boundary protections, encryption strategy).
**Implementation**
Specific requirements or instructions for implementing software.
Draft Software Test Plan (STP), Software Design Document (SDD), Software Development Plan (SDP)
Apply secure coding standards, enforce code reviews, automate security scanning (SAST/DAST), protect dependencies.
**Test**
Determination of one or more characteristics of an object of conformity assessment, according to a procedure.
Software Test Plan (STP)
Perform penetration testing, vulnerability scanning, fuzz testing, and validate misuse cases.
###
[](https://martian1337.gitbook.io/notes/notes/product-security-engineering/product-security-governance#notes)
Notes
* Each **phase builds on the previous one**: Requirements → Analysis → Design → Implementation → Testing.
* The **Software Security Strategy flows down** across all phases, ensuring traceability and consistent enforcement.
* Supporting documents should be version-controlled within the repository for auditability and compliance.
* * *
[PreviousPHP Security](https://martian1337.gitbook.io/notes/notes/product-security-engineering/php-security)
[NextControversial Subjects](https://martian1337.gitbook.io/notes/notes/product-security-engineering/product-security-governance/controversial-subjects)
Last updated 10 months ago
* [Software Security Flow Down](https://martian1337.gitbook.io/notes/notes/product-security-engineering/product-security-governance#software-security-flow-down)
* [Notes](https://martian1337.gitbook.io/notes/notes/product-security-engineering/product-security-governance#notes)
---
# Controversial Subjects | Martian Defense NoteBook
For the complete documentation index, see [llms.txt](https://martian1337.gitbook.io/notes/llms.txt)
. This page is also available as [Markdown](https://martian1337.gitbook.io/notes/notes/product-security-engineering/product-security-governance/controversial-subjects.md)
.
[Redis License Compliance in 2025](https://martian1337.gitbook.io/notes/notes/product-security-engineering/product-security-governance/controversial-subjects/redis-license-compliance-in-2025)
[PreviousProduct Security Governance](https://martian1337.gitbook.io/notes/notes/product-security-engineering/product-security-governance)
[NextRedis License Compliance in 2025](https://martian1337.gitbook.io/notes/notes/product-security-engineering/product-security-governance/controversial-subjects/redis-license-compliance-in-2025)
---
# CTF Sites | Martian Defense NoteBook
For the complete documentation index, see [llms.txt](https://martian1337.gitbook.io/notes/llms.txt)
. This page is also available as [Markdown](https://martian1337.gitbook.io/notes/training-and-career/platforms/ctf-sites.md)
.
[HackTheBox](https://www.ctf.hackthebox.com/)
!
[RingZer0ctf](https://ringzer0ctf.com/)
[Backdoor](https://backdoor.sdslabs.co/)
[cmdchallenge](https://cmdchallenge.com/)
[hpandro1337](http://ctf.hpandro.raviramesh.info/)
Android CTF
[PWN Challenge](http://pwn.eonew.cn/)
- Binary Exploitation
[PWN Adventure](http://pwnadventure.com/)
- Vulnerable MMORPG
[SmashTheStack](http://www.smashthestack.org/)
- Binary Exploitation
[Microcorruption](https://microcorruption.com/login)
- Debug Assembly programs
[crackmes](https://crackmes.one/)
- Reverse engineering
[webhacking.kr](https://webhacking.kr/)
- Web exploitation
[LordofSQLi](https://los.rubiya.kr/)
- SQLinjection challenges
[DefendTheWeb](https://defendtheweb.net/)
- Web exploitation
[XSS Game](http://www.xssgame.com/)
[cryptohack](https://cryptohack.org/)
[cryptopals](https://cryptopals.com/)
[id0-rsa](https://id0-rsa.pub/)
- Crypto challenges
[TryToDecrypt](https://www.trytodecrypt.com/index.php)
[echoCTF](https://echoctf.red/)
[exploit.education](https://exploit.education/)
[HBH](https://hbh.sh/home)
Jeopardy-style CTF platform
[MOD-X](http://www.mod-x.co.uk/main.php%22)
- Jeopardy-style CTF platform
[PWN.TN](https://pwn.tn/)
[Prompt Riddle](https://promptriddle.com/)
- Prompt-based CTF
[Hacker Gateway](https://www.hackergateway.com/)
[PWNX](https://pwnx.io/)
[UnderTheWire](https://underthewire.tech/)
- Powershell challenges
[SuNiNaTaS](http://suninatas.com/)
[PreviousDefensive Security](https://martian1337.gitbook.io/notes/training-and-career/platforms/defensive-security)
[NextLive Vulnerable Sites](https://martian1337.gitbook.io/notes/training-and-career/platforms/live-vulnerable-sites)
Last updated 1 year ago
---
# Entrepreneurship Roadmaps | Martian Defense NoteBook
For the complete documentation index, see [llms.txt](https://martian1337.gitbook.io/notes/llms.txt)
. This page is also available as [Markdown](https://martian1337.gitbook.io/notes/cyber-entreprenuership/entrepreneurship-roadmaps.md)
.
[Consulting](https://martian1337.gitbook.io/notes/cyber-entreprenuership/entrepreneurship-roadmaps/consulting)
[Starting a Business](https://martian1337.gitbook.io/notes/cyber-entreprenuership/entrepreneurship-roadmaps/starting-a-business)
[PreviousAndroid OSes](https://martian1337.gitbook.io/notes/digital-privacy/android-oses)
[NextConsulting](https://martian1337.gitbook.io/notes/cyber-entreprenuership/entrepreneurship-roadmaps/consulting)
Last updated 1 year ago
---
# Android OSes | Martian Defense NoteBook
For the complete documentation index, see [llms.txt](https://martian1337.gitbook.io/notes/llms.txt)
. This page is also available as [Markdown](https://martian1337.gitbook.io/notes/digital-privacy/android-oses.md)
.
####
[](https://martian1337.gitbook.io/notes/digital-privacy/android-oses#recommended)
Recommended
Recent changes in Google’s handling of AOSP have significantly impacted the ability of projects like GrapheneOS to maintain secure, private, sandboxed profiles and hardware support. Here's a summary of how this affects GrapheneOS versus non-AOSP-based OSes like Sailfish OS, PureOS, postmarketOS, and Ubuntu Touch:
PureOS, postmarketOS, Sailfish OS, and Ubuntu Touch are indeed not based on Google's Android Open Source Project (AOSP) in the typical sense used by mainstream Android devices, and therefore they are not directly subject to Google's policies and politics that affect AOSP-based systems.
* PureOS is a Debian GNU/Linux derivative focused on privacy and freedom that does not use Android drivers or applications and is not compatible with Android or Windows smartphones without significant adaptation efforts. It's targeted mainly at Librem hardware and similar Linux-compatible devices, not typical Android phones, and manages its own kernel and software stack independent of AOSP.
* Sailfish OS is a separate Linux-based mobile OS built around a different architecture and user interface, not based on AOSP, and focusing on privacy and control. It can run on certain devices and emphasize de-Googled experiences.
* Ubuntu Touch is based on the Ubuntu Linux distribution but uses the Android Linux kernel and drivers where necessary for hardware compatibility. However, it does not use the Java-like Android framework or Google services, distinguishing it technically and politically from AOSP-based OSes controlled by Google. It uses containers to isolate such dependencies, avoiding direct reliance on Google’s ecosystem.
* postmarketOS is another fully Linux-based OS designed for mobile devices usually supporting mainline Linux kernels and focusing on device longevity and openness, rather than any Android or AOSP codebase. It aims to work on many legacy devices but does not rely on AOSP or its ecosystem.
In summary, these operating systems operate outside of Google's direct influence and are not bound by the politics and restrictions Google imposes on the AOSP and Google Mobile Services ecosystem. They enable more control, privacy, and independence from Google’s Android ecosystem while potentially sacrificing compatibility with many Android apps or Google services.
###
[](https://martian1337.gitbook.io/notes/digital-privacy/android-oses#how-the-non-aosp-based-oses-compare)
How the Non-AOSP-Based OSes Compare
* **Sailfish OS**: Offers app sandboxing through Sailjail profiles, isolating app data and permissions at install time. This feature is similar to GrapheneOS but implemented independently from AOSP. Because Sailfish is not based on AOSP or Pixel-specific drivers, it is unaffected by the recent Google policy changes.
* **PureOS & postmarketOS**: These use standard Linux permission models and rely on mainline Linux kernels, not Android device trees or drivers. They do not offer GrapheneOS-style user profiles and sandboxes, but their development and support are insulated from Google’s political or technical decisions regarding Android/AOSP.
* **Ubuntu Touch**: Does not offer advanced sandboxed profiles for apps or users. It may use some Android drivers for legacy hardware, but this is handled using Linux containers and is not impacted by AOSP policy changes. Its app isolation does not match GrapheneOS or Sailfish and remains traditional.
###
[](https://martian1337.gitbook.io/notes/digital-privacy/android-oses#comparison-table)
Comparison Table
OS
Sandboxed Profiles
Impacted by AOSP Changes
Notes
GrapheneOS
Yes
Yes
Strongest sandboxing, struggling with hardware support due to Google
Sailfish OS
Yes (Sailjail)
No
Sandboxing based on Linux, not AOSP
PureOS
No (standard Linux)
No
Mainline Linux model, unaffected
postmarketOS
No (standard Linux)
No
Mainline Linux model, unaffected
Ubuntu Touch
No
No
No advanced sandboxing; traditional model
Sailfish OS remains the closest alternative to GrapheneOS in terms of sandboxed profiles, but without AOSP dependencies, while other Linux-based OSes do not offer similar sandboxing and are likewise immune to Google's shifting AOSP politics.
####
[](https://martian1337.gitbook.io/notes/digital-privacy/android-oses#why-not-google-aosp)
Why not Google AOSP?
The recent changes Google made to AOSP impacted projects like GrapheneOS and CalyxOS because Google stopped publishing device trees and kernel sources for new Pixel devices, which are critical for developing and maintaining custom ROMs on those devices.
GrapheneOS has managed to update to Android 16 and continues to provide support for existing Pixel devices, including Pixel 8a and potentially Pixel 9 series. The development for Android 16 is underway despite the challenges, though it is expected to be harder going forward due to Google’s reduced openness.
The Pixel versions currently not affected in terms of GrapheneOS support are the Pixel 8a and Pixel 10, which had their kernel sources released on launch day. Future Pixel devices, starting with newer ones beyond Pixel 10, may face serious support difficulties unless Google reverses its policy or partners manufacture devices specifically for GrapheneOS.
* GrapheneOS stable releases are available up to Android 16 on Pixel 8a and Pixel 10.
* These versions are the last known to have full kernel and device tree access.
* Google's changes mainly affect future Pixels beyond these models, complicating custom ROM support.
* CalyxOS faces similar challenges due to these changes
[PreviousMonero Mining Guide](https://martian1337.gitbook.io/notes/digital-privacy/monero-mining-guide)
[NextEntrepreneurship Roadmaps](https://martian1337.gitbook.io/notes/cyber-entreprenuership/entrepreneurship-roadmaps)
Last updated 8 months ago
* [How the Non-AOSP-Based OSes Compare](https://martian1337.gitbook.io/notes/digital-privacy/android-oses#how-the-non-aosp-based-oses-compare)
* [Comparison Table](https://martian1337.gitbook.io/notes/digital-privacy/android-oses#comparison-table)
---
# Red Teaming | Martian Defense NoteBook
For the complete documentation index, see [llms.txt](https://martian1337.gitbook.io/notes/llms.txt)
. This page is also available as [Markdown](https://martian1337.gitbook.io/notes/notes/offensive-security.md)
.
[Red Team Infrastructure](https://martian1337.gitbook.io/notes/notes/offensive-security/red-team-infrastructure)
[Red Team OPSEC Playbook](https://martian1337.gitbook.io/notes/notes/offensive-security/red-team-opsec-playbook)
[PreviousCloud Security Testing](https://martian1337.gitbook.io/notes/notes/cloud-security-testing)
[NextRed Team Infrastructure](https://martian1337.gitbook.io/notes/notes/offensive-security/red-team-infrastructure)
---
# AppSec Testing | Martian Defense NoteBook
For the complete documentation index, see [llms.txt](https://martian1337.gitbook.io/notes/llms.txt)
. This page is also available as [Markdown](https://martian1337.gitbook.io/notes/notes/appsec.md)
.
[Checklists](https://martian1337.gitbook.io/notes/notes/appsec/checklists)
[Targeted Test Cases](https://martian1337.gitbook.io/notes/notes/appsec/targeted-test-cases)
[Ports and associated Vectors](https://martian1337.gitbook.io/notes/notes/appsec/ports-and-associated-vectors)
[DNS](https://martian1337.gitbook.io/notes/notes/appsec/dns)
[Web Tools](https://martian1337.gitbook.io/notes/notes/appsec/tools)
[Command Injection Testing](https://martian1337.gitbook.io/notes/notes/appsec/command-injection-testing)
[JWTs and JSON](https://martian1337.gitbook.io/notes/notes/appsec/json)
[PreviousRedis License Compliance in 2025](https://martian1337.gitbook.io/notes/notes/product-security-engineering/product-security-governance/controversial-subjects/redis-license-compliance-in-2025)
[NextChecklists](https://martian1337.gitbook.io/notes/notes/appsec/checklists)
Last updated 1 year ago
---
# Red Team OPSEC Playbook | Martian Defense NoteBook
For the complete documentation index, see [llms.txt](https://martian1337.gitbook.io/notes/llms.txt)
. This page is also available as [Markdown](https://martian1337.gitbook.io/notes/notes/offensive-security/red-team-opsec-playbook.md)
.
###
[](https://martian1337.gitbook.io/notes/notes/offensive-security/red-team-opsec-playbook#id-1.-planning-and-reconnaissance)
1\. Planning and Reconnaissance
* **Objectives:** Define scope and rules; conduct thorough, OPSEC-aware passive reconnaissance to gather intelligence without detection; risk assessment.
* **Detailed Steps:**
* Identify critical information to protect (personas, infrastructure, intentions).
* Passive and low-noise footprint OSINT gathering.
* Use compartmentalized and anonymized infrastructure (VPNs, cloud instances).
* Securely document and communicate findings.
* **Tools/Resources:**
* [Amass](https://github.com/OWASP/Amass)
— attack surface mapping
* [Recon-ng](https://github.com/lanmaster53/recon-ng)
— OSINT reconnaissance
* [Maltego](https://www.maltego.com/)
— link analysis
* [Shodan](https://www.shodan.io/)
— asset discovery
* [LinkedInt](https://linkdedin.xyz/)
— LinkedIn scraping
* [Gitleaks](https://github.com/gitleaks/gitleaks)
— secrets detection
* **Advanced Considerations:** Use AI-assisted reconnaissance tools for hyper-automation, ensuring slow and randomized scans to avoid detection.
* * *
###
[](https://martian1337.gitbook.io/notes/notes/offensive-security/red-team-opsec-playbook#id-2.-initial-access-and-execution)
2\. Initial Access and Execution
* **Objectives:** Gain initial entry with stealth, use adaptive, fileless payloads; maintain encrypted, anonymized communication.
* **Detailed Steps:**
* Develop or customize environment-aware, fileless payloads for each target.
* Test extensively in isolated OPSEC-hardened labs mimicking targets.
* Use “living off the land” techniques to minimize forensic trails.
* Employ multiple C2 redirects/proxy chains with dynamic infrastructure.
* Encrypt and jitter beacons in C2 communication to avoid baseline anomalies.
* **Tools/Resources:**
* [Cobalt Strike](https://www.cobaltstrike.com/)
— commercial C2 and payload ops
* [Outflank Security Tooling (OST)](https://www.outflank.nl/products/outflank-security-tooling/)
— evasion and OPSEC booster for Cobalt Strike
* [Metasploit Framework](https://www.metasploit.com/)
— exploit/payload platform
* [PowerShell Empire](https://github.com/PowerShellEmpire/Empire)
— post-exploitation framework
* [Beacon Object Files (BOFs)](https://outflank.com/beacon-object-files-bofs/)
— stealth payload extensions
* **Advanced Considerations:** Use AI-generated payload mutations to evade signature-based detections and dynamic environment checks to disable execution in sandboxes.
* * *
###
[](https://martian1337.gitbook.io/notes/notes/offensive-security/red-team-opsec-playbook#id-3.-persistence-and-lateral-movement)
3\. Persistence and Lateral Movement
* **Objectives:** Establish stealthy persistence; conduct low-noise lateral movement; limit credential exposure.
* **Detailed Steps:**
* Use short-lived, compartmentalized credentials.
* Employ OPSEC-conscious AD attack paths and lateral movement avoiding noisy scanning.
* Persist via userland methods (scheduled tasks, COM hijacks), cleaned after use.
* Rotate attack infrastructure and IPs to prevent forensic correlation.
* **Tools/Resources:**
* [BloodHound](https://github.com/BloodHoundAD/BloodHound)
— AD attack visualization
* [Mimikatz](https://github.com/gentilkiwi/mimikatz)
— credential dump/manipulation
* [Impacket](https://github.com/SecureAuthCorp/impacket)
— Python network lib for SMB/Windows protocol
* Kerberos OPSEC plugin techniques: [F-Secure blog](https://labs.f-secure.com/blog/the-offensive-kerberos-world/)
* **Advanced Considerations:** Continuously monitor defensive telemetry (if accessible), adapt tactics, and employ automated kill switches on sandbox detection.
* * *
###
[](https://martian1337.gitbook.io/notes/notes/offensive-security/red-team-opsec-playbook#id-4.-data-collection-and-exfiltration)
4\. Data Collection and Exfiltration
* **Objectives:** Collect and exfiltrate target data securely with minimal noise using covert, multi-layer encryption and multiple channels.
* **Detailed Steps:**
* Encrypt data locally before exfiltration.
* Chunk data and use multi-protocol covert channels (DNS, HTTPS, ICMP).
* Rotate exfiltration domains, IP infrastructure, and credentials often.
* Stage exfil on cloud services using ephemeral credentials and camouflage among normal traffic.
* **Tools/Resources:**
* [DNSCat2](https://github.com/iagox86/dnscat2)
— DNS-tunneling tool
* [Chisel](https://github.com/jpillora/chisel)
— SSH tunneling over HTTP(S)
* [Cloud storage abuse methods](https://unit42.paloaltonetworks.com/cloud-threats-and-data-exfiltration/)
— guide from Unit42
* Custom AWS/Azure CLI scripts for cloud staging automation
* **Advanced Considerations:** Automate exfiltration scheduling to coincide with legitimate high-volume traffic, mimicking normal user patterns.
* * *
###
[](https://martian1337.gitbook.io/notes/notes/offensive-security/red-team-opsec-playbook#id-5.-cleanup-and-cover-tracks)
5\. Cleanup and Cover Tracks
* **Objectives:** Erase forensic footprints and undo persistence without disrupting normal operations.
* **Detailed Steps:**
* Wipe memory artifacts and unlink rogue processes.
* Delete logs or selectively edit event entries.
* Remove all persistence mechanisms, disable accounts, revoke credentials.
* Conduct detailed post-op analysis identifying OPSEC failures.
* **Tools/Resources:**
* [PowerSploit](https://github.com/PowerShellMafia/PowerSploit)
— cleanup and log manipulation
* Custom memory wiping and log cleaner scripts (PowerShell, OS-native)
* [Awesome Red Team OPSEC Cheatsheet](https://github.com/RistBS/Awesome-RedTeam-Cheatsheet/blob/master/Miscs/OPSEC%20Guide.md)
* **Advanced Considerations:** Integrate automation of cleanup immediately on operation exit, leveraging volatile storage and scheduled tasks.
* * *
###
[](https://martian1337.gitbook.io/notes/notes/offensive-security/red-team-opsec-playbook#id-6.-cross-phase-operational-best-practices)
6\. Cross-Phase Operational Best Practices
* **Description:** Maintain strong OPSEC hygiene across people, infrastructure, and communications.
* **Key Practices:**
* Strict role compartmentalization of operators and infrastructure.
* Automated rotation of IP addresses, domains, digital certificates with cloud APIs.
* Use metadata-minimizing encrypted comms like [Signal](https://signal.org/)
, [Session](https://getsession.org/)
, or Tor-based messaging.
* Behavioral hygiene: avoid repetitive patterns and operational timing fingerprinting.
* Ongoing OPSEC risk assessments during operations.
* **Training and Methodology Resources:**
* [SpecterOps Red Team Operations](https://specterops.io/training/red-team-operations/)
* [TryHackMe Red Team OPSEC Guide](https://github.com/jesusgavancho/TryHackMe_and_HackTheBox/blob/master/Red%20Team%20OPSEC.md)
* [RedTeam-Tools GitHub Repository](https://github.com/A-poc/RedTeam-Tools)
[PreviousRed Team Infrastructure](https://martian1337.gitbook.io/notes/notes/offensive-security/red-team-infrastructure)
[NextIncident Response](https://martian1337.gitbook.io/notes/notes/defensive-security)
Last updated 6 months ago
* [1\. Planning and Reconnaissance](https://martian1337.gitbook.io/notes/notes/offensive-security/red-team-opsec-playbook#id-1.-planning-and-reconnaissance)
* [2\. Initial Access and Execution](https://martian1337.gitbook.io/notes/notes/offensive-security/red-team-opsec-playbook#id-2.-initial-access-and-execution)
* [3\. Persistence and Lateral Movement](https://martian1337.gitbook.io/notes/notes/offensive-security/red-team-opsec-playbook#id-3.-persistence-and-lateral-movement)
* [4\. Data Collection and Exfiltration](https://martian1337.gitbook.io/notes/notes/offensive-security/red-team-opsec-playbook#id-4.-data-collection-and-exfiltration)
* [5\. Cleanup and Cover Tracks](https://martian1337.gitbook.io/notes/notes/offensive-security/red-team-opsec-playbook#id-5.-cleanup-and-cover-tracks)
* [6\. Cross-Phase Operational Best Practices](https://martian1337.gitbook.io/notes/notes/offensive-security/red-team-opsec-playbook#id-6.-cross-phase-operational-best-practices)
---
# Targeted Test Cases | Martian Defense NoteBook
For the complete documentation index, see [llms.txt](https://martian1337.gitbook.io/notes/llms.txt)
. This page is also available as [Markdown](https://martian1337.gitbook.io/notes/notes/appsec/targeted-test-cases.md)
.
[Part 1](https://martian1337.gitbook.io/notes/notes/appsec/targeted-test-cases/targeted-test-cases)
[Part 2](https://martian1337.gitbook.io/notes/notes/appsec/targeted-test-cases/part-2)
[PreviousSecure Code Review Checklist](https://martian1337.gitbook.io/notes/notes/appsec/checklists/secure-code-review-checklist)
[NextPart 1](https://martian1337.gitbook.io/notes/notes/appsec/targeted-test-cases/targeted-test-cases)
Last updated 1 year ago
---
# Python | Martian Defense NoteBook
For the complete documentation index, see [llms.txt](https://martian1337.gitbook.io/notes/llms.txt)
. This page is also available as [Markdown](https://martian1337.gitbook.io/notes/notes/coding-programming/python.md)
.
[Quick Notes](https://martian1337.gitbook.io/notes/notes/coding-programming/python/quick-notes)
[Python Basics for Pentesters](https://martian1337.gitbook.io/notes/notes/coding-programming/python/python-basics-for-pentesters)
[Python Snippets](https://martian1337.gitbook.io/notes/notes/coding-programming/python/python)
[XML Basics with Python](https://martian1337.gitbook.io/notes/notes/coding-programming/python/xml-basics-with-python)
[PreviousJavaScript](https://martian1337.gitbook.io/notes/notes/coding-programming/javascript)
[NextQuick Notes](https://martian1337.gitbook.io/notes/notes/coding-programming/python/quick-notes)
Last updated 1 year ago
---
# Product Security Hardening | Martian Defense NoteBook
For the complete documentation index, see [llms.txt](https://martian1337.gitbook.io/notes/llms.txt)
. This page is also available as [Markdown](https://martian1337.gitbook.io/notes/notes/product-security-engineering/product-security-hardening.md)
.
[](https://martian1337.gitbook.io/notes/notes/product-security-engineering/product-security-hardening#unrelated-networks-to-block)
Unrelated Networks to block
-------------------------------------------------------------------------------------------------------------------------------------------------------------------
These networks scan the internet and are not exactly a threat but due to the scanning, it reveals vulnerability information within the infrastructure.
###
[](https://martian1337.gitbook.io/notes/notes/product-security-engineering/product-security-hardening#blocking-internet-measurement-driftnet)
Blocking Internet Measurement (DriftNet)
ASN211298
**IPv4 Scanning IPs**
Copy
87.236.176.0/24
193.163.125.0/24
68.183.53.77/32
104.248.203.191/32
104.248.204.195/32
142.93.191.98/32
157.245.216.203/32
165.22.39.64/32
167.99.209.184/32
188.166.26.88/32
206.189.7.178/32
209.97.152.248/32
**IPv6 IPs**
You may also opt out by sending your IP ranges and/or domain names to [optout@driftnet.io](mailto:optout@driftnet.io)
. This process will be validated for confirmation by the Driftnet team.
###
[](https://martian1337.gitbook.io/notes/notes/product-security-engineering/product-security-hardening#block-censys)
Block Censys
AS398705
AS398324
AS398722
###
[](https://martian1337.gitbook.io/notes/notes/product-security-engineering/product-security-hardening#block-ionos)
Block IONOS
AS8560
###
[](https://martian1337.gitbook.io/notes/notes/product-security-engineering/product-security-hardening#block-internet-archive-wayback-machine)
Block Internet Archive (Wayback Machine)
AS7941
###
[](https://martian1337.gitbook.io/notes/notes/product-security-engineering/product-security-hardening#block-north-korea)
Block North Korea
AS13127
###
[](https://martian1337.gitbook.io/notes/notes/product-security-engineering/product-security-hardening#block-yandex-russian-search-engine)
Block Yandex (Russian Search Engine)
AS13238
###
[](https://martian1337.gitbook.io/notes/notes/product-security-engineering/product-security-hardening#block-m247-europe)
Block M247 Europe
AS9009
###
[](https://martian1337.gitbook.io/notes/notes/product-security-engineering/product-security-hardening#block-protonvpn)
Block ProtonVPN
AS209103
Block Cortex Xpanse
[Palo Alto Networks documentation portaldocs-cortex.paloaltonetworks.com](https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity)
[](https://martian1337.gitbook.io/notes/notes/product-security-engineering/product-security-hardening#cloudflare)
Cloudflare
---------------------------------------------------------------------------------------------------------------------------------
**GeoBlocking with Whitelist expression** - This rule blocks incoming traffic from a specified list of countries and the Tor network while allowing traffic from any IP addresses included in a predefined whitelist (e.g., trusted clients or partners).
Bulk IP CSV uploads require a CSV in `IP, Description`Format. Here is a python script to use for creating the bulk upload csv:
**cfbulkip.py**
[PreviousCodeQL for Beginners](https://martian1337.gitbook.io/notes/notes/product-security-engineering/sast-sca/codeql-for-beginners)
[NextThreat Modeling](https://martian1337.gitbook.io/notes/notes/product-security-engineering/threat-modeling)
Last updated 9 months ago
* [Unrelated Networks to block](https://martian1337.gitbook.io/notes/notes/product-security-engineering/product-security-hardening#unrelated-networks-to-block)
* [Blocking Internet Measurement (DriftNet)](https://martian1337.gitbook.io/notes/notes/product-security-engineering/product-security-hardening#blocking-internet-measurement-driftnet)
* [Block Censys](https://martian1337.gitbook.io/notes/notes/product-security-engineering/product-security-hardening#block-censys)
* [Block IONOS](https://martian1337.gitbook.io/notes/notes/product-security-engineering/product-security-hardening#block-ionos)
* [Block Internet Archive (Wayback Machine)](https://martian1337.gitbook.io/notes/notes/product-security-engineering/product-security-hardening#block-internet-archive-wayback-machine)
* [Block North Korea](https://martian1337.gitbook.io/notes/notes/product-security-engineering/product-security-hardening#block-north-korea)
* [Block Yandex (Russian Search Engine)](https://martian1337.gitbook.io/notes/notes/product-security-engineering/product-security-hardening#block-yandex-russian-search-engine)
* [Block M247 Europe](https://martian1337.gitbook.io/notes/notes/product-security-engineering/product-security-hardening#block-m247-europe)
* [Block ProtonVPN](https://martian1337.gitbook.io/notes/notes/product-security-engineering/product-security-hardening#block-protonvpn)
* [Cloudflare](https://martian1337.gitbook.io/notes/notes/product-security-engineering/product-security-hardening#cloudflare)
Copy
2a06:4880::/32
2604:a880:800:10::c4b:f000/124
2604:a880:800:10::c51:a000/124
2604:a880:800:10::c52:d000/124
2604:a880:800:10::c55:5000/124
2604:a880:800:10::c56:b000/124
2a03:b0c0:2:d0::153e:a000/124
2a03:b0c0:2:d0::1576:8000/124
2a03:b0c0:2:d0::1577:7000/124
2a03:b0c0:2:d0::1579:e000/124
2a03:b0c0:2:d0::157c:a000/124
Copy
35.203.210.0/23
147.185.132.0/23
162.216.149.0/24
162.216.150.0/24
198.235.24.0/24
205.210.31.0/24
216.25.88.0/21
Copy
(ip.src.country in {"CN" "KP" "IR" "SO" "IQ" "CU" "SY" "LY" "VE" "SC" "DE" "NL" "LT" "BG" "ID" "KZ" "BD" "RO" "CL" "PE" "LV" "GI" "TR" "MD" "EE" "UZ" "KG" "MN" "BO" "EG" "ZA" "XX"} or ip.src.continent eq "T1") and not (ip.src in $geo_whitelist)
Copy
import csv
# Replace the below IPs with your multiline IP list
raw_ips = """
8.8.8.8
9.9.9.9
"""
# Clean up list
ip_list = raw_ips.strip().splitlines()
ip_list = [ip.strip() for ip in ip_list if ip.strip() and not ip.startswith("#")]
# Remove duplicates and sort
unique_ips = sorted(set(ip_list))
# Description
default_description = "Uploaded via bulk upload script"
# Write to CSV
with open('cloudflare_ips.csv', mode='w', newline='') as csvfile:
writer = csv.writer(csvfile)
writer.writerow(['ip', 'description']) # Cloudflare format
for ip in unique_ips:
writer.writerow([ip, default_description])
print("Saved to cloudflare_ips.csv")
---
# Privacy and Opsec Resources | Martian Defense NoteBook
For the complete documentation index, see [llms.txt](https://martian1337.gitbook.io/notes/llms.txt)
. This page is also available as [Markdown](https://martian1337.gitbook.io/notes/digital-privacy/opsec.md)
.
[](https://martian1337.gitbook.io/notes/digital-privacy/opsec#privacy)
Privacy
-----------------------------------------------------------------------------------
[Digital Defense - The ultimate personal security checklist to secure your digital lifedigital-defense.io](https://digital-defense.io/)
[GitHub - lissy93/awesome-privacy: 🦄 A curated list of privacy & security-focused software and servicesGitHub](https://github.com/lissy93/awesome-privacy)
[GitHub - zbetcheckin/Security\_list: Great security list for fun and profitGitHub](https://github.com/zbetcheckin/Security_list)
[Best Privacy Tools & Software Guide in in 2026privacytoolsIO](https://www.privacytools.io/)
[No-KYC Services Directory - Reviews & Privacy Scores | KYCnot.meKYCnot.me](https://kycnot.me/)
[https://www.privacyguides.org/](https://www.privacyguides.org/)
[](https://martian1337.gitbook.io/notes/digital-privacy/opsec#the-opsec-bible)
The OpSec Bible
---------------------------------------------------------------------------------------------------
[http://opbible7nans45sg33cbyeiwqmlp5fu7lklu6jd6f3mivrjeqadco5yd.onion/opbible7nans45sg33cbyeiwqmlp5fu7lklu6jd6f3mivrjeqadco5yd.onion](http://opbible7nans45sg33cbyeiwqmlp5fu7lklu6jd6f3mivrjeqadco5yd.onion/)
[](https://martian1337.gitbook.io/notes/digital-privacy/opsec#darknet-market-bible)
DarkNet Market Bible:
--------------------------------------------------------------------------------------------------------------
[http://biblemeowimkh3utujmhm6oh2oeb3ubjw2lpgeq3lahrfr2l6ev6zgyd.onion/biblemeowimkh3utujmhm6oh2oeb3ubjw2lpgeq3lahrfr2l6ev6zgyd.onion](http://biblemeowimkh3utujmhm6oh2oeb3ubjw2lpgeq3lahrfr2l6ev6zgyd.onion/)
DNM Bible Clearnet Mirror:
[https://0xbitx.github.io/DARKNET-OPSEC/](https://0xbitx.github.io/DARKNET-OPSEC/)
[](https://martian1337.gitbook.io/notes/digital-privacy/opsec#software-marketplaces)
Software Marketplaces:
----------------------------------------------------------------------------------------------------------------
[Digital Goods by ProxyStoredigitalgoods.proxysto.re](https://digitalgoods.proxysto.re/en)
[](https://martian1337.gitbook.io/notes/digital-privacy/opsec#anonymous-email-forwarding)
Anonymous Email Forwarding:
--------------------------------------------------------------------------------------------------------------------------
[Free, Open-source Anonymous Email Forwarding | addy.ioaddy\_io](https://addy.io/)
[SimpleLogin | Open source anonymous email serviceSimpleLogin](https://simplelogin.io/)
###
[](https://martian1337.gitbook.io/notes/digital-privacy/opsec#self-hosting)
Self-Hosting:
[https://awesome-selfhosted.net/](https://awesome-selfhosted.net/)
[](https://martian1337.gitbook.io/notes/digital-privacy/opsec#vps-and-hosting)
VPS and Hosting
---------------------------------------------------------------------------------------------------
[https://kycnot.me/?categories=hosting¤cy-mode=and¤cies=xmr](https://kycnot.me/?categories=hosting¤cy-mode=and¤cies=xmr)
VPS and cloud-service/hosting providers that are either (a) Tor-friendly or (b) accept Monero
Dread Link: dreadytofatroptsdj6io7l3xptbet6onoyno2yv7jicoxknyazubrad\[.\]onion/post/cedc0f1054d73128e8e2
1. [https://trilightzone.org](https://www.trilightzone.org/)
\[privacy-based\]
2. [https://xmrvps.com](https://t.co/MSOI8l2H2w)
\[privacy-based\]
3. [https://ablative.hosting](https://t.co/yyXZt6UeYE)
\[privacy-based\]
4. [https://ablative.hosting/shared-single-hop-onion-hosting…](https://t.co/tDpMubr0Xo)
\[privacy-based\]
5. [https://anycolo.net](https://t.co/td6WlpgWmh)
6. [https://flokinet.is](https://t.co/GpHFiRvqtj)
\[privacy-based\]
7. [https://swisslayer.com](https://t.co/Zn1IIEpUU0)
\[privacy-based\]
8. [https://koddos.net](https://t.co/7JzsSOVHZ1)
9. [https://privex.io](https://t.co/JmMh48PRI8)
\[privacy-based\]
10. [https://epio.host](https://t.co/cS24D3mIJu)
\[privacy-based\]
11. [https://incognet.io](https://t.co/ZcRc3M71ve)
\[privacy-based\]
12. [https://5wire.co.uk](https://t.co/K1aRIdunh9)
13. [https://userbase.com](https://t.co/XYr64iUPml)
14. [https://nicevps.net](https://t.co/ANIpjxVb9J)
15. [https://cryptoho.st](https://t.co/ETKohkH3DO)
\[privacy-based\]
16. [https://cryptwerk.com](https://t.co/I8k7CSCOvw)
17. [https://host-world.com/monero-vps](https://t.co/P5BK5wfIqa)
\[privacy-based\]
18. [https://abacohosting.com](https://t.co/XgER8ar0CA)
19. [https://evolution-host.com](https://t.co/h4bQVsETdZ)
20. [https://qhoster.com](https://t.co/z8XOnpnI4z)
21. [https://whattheserver.com](https://t.co/Q1hEQtsGjv)
22. [https://codify.global](https://t.co/ySyvCMfrNP)
23. [https://superbytehosting.com](https://t.co/99pbi697T4)
24. [https://superbithost.com](https://t.co/WLpgIo5OF6)
\[privacy-based\]
25. [https://nexwave.ca](https://t.co/xIu9h2pok1)
26. [https://hostingssi.com](https://t.co/2WZzCEPyb8)
27. [https://blazinhosting.net](https://t.co/QIi8JNJLDS)
28. [https://web.laweitech.com](https://t.co/XZqzxxVz3U)
29. [https://trilightzone.org](https://t.co/CZmXsqBmOX)
\[privacy-based\]
30. [https://nicevps.net](https://t.co/ANIpjxVb9J)
31. [https://1984hosting.com](https://t.co/Hi7ySKocrB)
32. [https://snel.com](https://t.co/Jedp21I6gz)
33. [https://njal.la](https://t.co/YcwrtYzOue)
34. [https://bacloud.com](https://t.co/SQfWMcbEdx)
35. [https://cryptofibers.com](https://t.co/42CQOxl0CV)
\[privacy-based\]
36. [https://sporestack.com](https://t.co/Apl3dCmesx)
37. [https://99stack.com](https://t.co/WU2MnwBFvr)
\[privacy-based\]
38. [https://radwebhosting.com](https://t.co/iB7k571IDv)
39. [https://packetpoint.ca](https://t.co/TqfbiiQ7d3)
40. [https://serverwhere.com](https://t.co/HK8K8Rg8nf)
41. [https://hosthavoc.com](https://t.co/DlJ4taAx8a)
42. [https://abacohosting.com](https://t.co/XgER8ar0CA)
43. [https://coinhost.io](https://t.co/TiR7bAgwmS)
44. [https://bacloud.com](https://t.co/SQfWMcbEdx)
45. [https://superbytehosting.com](https://t.co/99pbi697T4)
46. [https://bitvps.com](https://t.co/phORqBm8CG)
\[privacy-based\]
47. [https://1gbits.com](https://t.co/LHypSyzi2I)
48. [https://bithost.io](https://t.co/a7ndKeHvS5)
\[privacy-based\]
49. [https://airvpn.org](https://t.co/5Ay4xX59LI)
50. [https://builderra.com](https://t.co/4nxsSI2gn4)
51. [https://impreza.host/services/tor-hosting/…](https://t.co/IEKpXNfPXR)
\[privacy-based\]
52. [https://ipxcore.com](https://t.co/HksOPbSkUU)
\[privacy-based\]
53. [https://orangewebsite.com](https://t.co/zG3PfNYj9L)
\[privacy-based\]
54. [https://coin.host](https://t.co/XWYC5Oec6a)
\[privacy-based\]
[PreviousPublic DNS Services](https://martian1337.gitbook.io/notes/digital-privacy/dns-services)
[NextMartian's Stack](https://martian1337.gitbook.io/notes/digital-privacy/opsec/martians-stack)
Last updated 2 months ago
* [Privacy](https://martian1337.gitbook.io/notes/digital-privacy/opsec#privacy)
* [The OpSec Bible](https://martian1337.gitbook.io/notes/digital-privacy/opsec#the-opsec-bible)
* [DarkNet Market Bible:](https://martian1337.gitbook.io/notes/digital-privacy/opsec#darknet-market-bible)
* [Software Marketplaces:](https://martian1337.gitbook.io/notes/digital-privacy/opsec#software-marketplaces)
* [Anonymous Email Forwarding:](https://martian1337.gitbook.io/notes/digital-privacy/opsec#anonymous-email-forwarding)
* [Self-Hosting:](https://martian1337.gitbook.io/notes/digital-privacy/opsec#self-hosting)
* [VPS and Hosting](https://martian1337.gitbook.io/notes/digital-privacy/opsec#vps-and-hosting)
---
# Governance, Risk, Compliance | Martian Defense NoteBook
For the complete documentation index, see [llms.txt](https://martian1337.gitbook.io/notes/llms.txt)
. This page is also available as [Markdown](https://martian1337.gitbook.io/notes/notes/governance-risk-compliance.md)
.
[Vulnerability Management Lifecycle](https://martian1337.gitbook.io/notes/notes/governance-risk-compliance/vulnerability-management-lifecycle)
[PreviousWireShark filters](https://martian1337.gitbook.io/notes/notes/defensive-security/wireshark-filters)
[NextVulnerability Management Lifecycle](https://martian1337.gitbook.io/notes/notes/governance-risk-compliance/vulnerability-management-lifecycle)
Last updated 1 year ago
---
# CSSLP | Martian Defense NoteBook
For the complete documentation index, see [llms.txt](https://martian1337.gitbook.io/notes/llms.txt)
. This page is also available as [Markdown](https://martian1337.gitbook.io/notes/notes/certifications/csslp.md)
.
[Domain 1: Secure Software Concepts](https://martian1337.gitbook.io/notes/notes/certifications/csslp/domain-1-secure-software-concepts)
[Domain 2: Secure Software Lifecycle Management](https://martian1337.gitbook.io/notes/notes/certifications/csslp/domain-2-secure-software-lifecycle-management)
[Domain 3: Secure Software Requirements](https://martian1337.gitbook.io/notes/notes/certifications/csslp/domain-3-secure-software-requirements)
[Domain 4: Secure Software Architecture and Design](https://martian1337.gitbook.io/notes/notes/certifications/csslp/domain-4-secure-software-architecture-and-design)
[Domain 5: Secure Software Implementation](https://martian1337.gitbook.io/notes/notes/certifications/csslp/domain-5-secure-software-implementation)
[Domain 6: Secure Software Testing](https://martian1337.gitbook.io/notes/notes/certifications/csslp/domain-6-secure-software-testing)
[Domain 7: Secure Software Deployment, Operations, Maintenance](https://martian1337.gitbook.io/notes/notes/certifications/csslp/domain-7-secure-software-deployment-operations-maintenance)
[Domain 8: Secure Software Supply Chain](https://martian1337.gitbook.io/notes/notes/certifications/csslp/domain-8-secure-software-supply-chain)
[PreviousCertifications](https://martian1337.gitbook.io/notes/notes/certifications)
[NextDomain 1: Secure Software Concepts](https://martian1337.gitbook.io/notes/notes/certifications/csslp/domain-1-secure-software-concepts)
Last updated 1 year ago
---
# Common System Task Info | Martian Defense NoteBook
For the complete documentation index, see [llms.txt](https://martian1337.gitbook.io/notes/llms.txt)
. This page is also available as [Markdown](https://martian1337.gitbook.io/notes/notes/common-system-task-info.md)
.
[IT Tasks](https://martian1337.gitbook.io/notes/notes/common-system-task-info/basic-it-tasks)
[Linux Basics](https://martian1337.gitbook.io/notes/notes/common-system-task-info/basic-linux-for-ctfs)
[PowerShell](https://martian1337.gitbook.io/notes/notes/common-system-task-info/powershell)
[PreviousReporting](https://martian1337.gitbook.io/notes/notes/reporting)
[NextIT Tasks](https://martian1337.gitbook.io/notes/notes/common-system-task-info/basic-it-tasks)
---
# Command Injection Testing | Martian Defense NoteBook
For the complete documentation index, see [llms.txt](https://martian1337.gitbook.io/notes/llms.txt)
. This page is also available as [Markdown](https://martian1337.gitbook.io/notes/notes/appsec/command-injection-testing.md)
.
Parameter
Objective
`-h` or `/?`
What is the system output from using help menu commands?
`;`, `; echo whoami`
Unix only; run echo after initial command
`|`, `echo whoami|`
Perl-specific injection to open files
`||`,
`|| echo whoami`
Run command if the initial command returns non-zero as the exit status
`&` , `& echo whoami`
Run initial command as background task and run next task immediately
`&&` , `&& echo whoami`
Run if the initial command returns zero as the exit status
`$(whoami)`
Unix-only; Bash command execution
`` `whoami` ``
Unix only; using generic process substitution
`>(whoami)`
Unix only; using process substitution
[](https://martian1337.gitbook.io/notes/notes/appsec/command-injection-testing#identifying-blacklisted-characters)
Identifying Blacklisted Characters
----------------------------------------------------------------------------------------------------------------------------------------------------------
Check in Burp with each Command Injection operators.
####
[](https://martian1337.gitbook.io/notes/notes/appsec/command-injection-testing#bypassing-space-filters)
Bypassing Space Filters
Copy
# Add TAB
%09
# Add SPACE
${IFS}
# Add Brace Expresions
{ls,-al}
####
[](https://martian1337.gitbook.io/notes/notes/appsec/command-injection-testing#bypassing-other-blacklisted-characters-linux)
Bypassing Other Blacklisted Characters (Linux)
####
[](https://martian1337.gitbook.io/notes/notes/appsec/command-injection-testing#bypassing-other-blacklisted-characters-windows)
Bypassing Other Blacklisted Characters (Windows)
####
[](https://martian1337.gitbook.io/notes/notes/appsec/command-injection-testing#bypassing-blacklisted-commands-linux)
Bypassing Blacklisted Commands (Linux)
[PreviousWeb Tools](https://martian1337.gitbook.io/notes/notes/appsec/tools)
[NextJWTs and JSON](https://martian1337.gitbook.io/notes/notes/appsec/json)
Last updated 1 year ago
Copy
# Add /
${PATH:0:1}
# Add ;
${LS_COLORS:10:1}
# Character Shifting
man ascii (Find \) = 92
$(tr '!-}' '"-~'<<<[)\
\
Copy\
\
# Add \\
%HOMEPATH:~6,-11%\
$env:HOMEPATH[0]\
\
Copy\
\
w'h'o'am'i\
w"h"o"am"i\
who$@ami\
w\ho\am\i\
$(tr "[A-Z]" "[a-z]"<<<"WhOaMi")\
$(a="WhOaMi";printf %s "${a,,}")\
$(rev<<<'imaohw')\
bash<<<$(base64 -d<<`
Identify the `A` record for the target domain.
`dig a $TARGET @`
Identify the `A` record for the target domain.
`nslookup -query=PTR `
Identify the `PTR` record for the target IP address.
`dig -x @`
Identify the `PTR` record for the target IP address.
`nslookup -query=ANY $TARGET`
Identify `ANY` records for the target domain.
`dig any $TARGET @`
Identify `ANY` records for the target domain.
`nslookup -query=TXT $TARGET`
Identify the `TXT` records for the target domain.
`dig txt $TARGET @`
Identify the `TXT` records for the target domain.
`nslookup -query=MX $TARGET`
Identify the `MX` records for the target domain.
`dig mx $TARGET @`
Identify the `MX` records for the target domain.
[PreviousPorts and associated Vectors](https://martian1337.gitbook.io/notes/notes/appsec/ports-and-associated-vectors)
[NextWeb Tools](https://martian1337.gitbook.io/notes/notes/appsec/tools)
Last updated 1 year ago
---
# Cybersecurity Roadmaps | Martian Defense NoteBook
For the complete documentation index, see [llms.txt](https://martian1337.gitbook.io/notes/llms.txt)
. This page is also available as [Markdown](https://martian1337.gitbook.io/notes/training-and-career/guides/cybersecurity-roadmaps.md)
.
[](https://martian1337.gitbook.io/notes/training-and-career/guides/cybersecurity-roadmaps#foundational-topics-of-study)
Foundational Topics of Study
---------------------------------------------------------------------------------------------------------------------------------------------------------
* **Networking protocols**
* OSI and TCP/IP Model
* IP addressing and subnetting
* Basics of switching and routing
* Networking protocols
* **Operating Systems and Security**
* Windows Security policies and features
* Linux security mechanisms
* Permissions (User, group, etc.)
* Secure boot and File Integrity monitoring
* Host-based Firewalls
* Antivirus and endpoint security
* **Cryptography and Encryption**
* Symmetric Encryption
* Asymmetric Encryption
* Hash functions/algorithms
* Digital signatures, Certificates and Public Key Infrastructure
* **Cyber Threats and Attacks**
* Malware Types (Ransomware, Trojans, Worms, Viruses)
* Social Engineering Attacks (Phishing, smishing, etc.)
* Denial of Service (DoS) and Distributed DoS
###
[](https://martian1337.gitbook.io/notes/training-and-career/guides/cybersecurity-roadmaps#intermediate-topics-of-study)
Intermediate Topics of Study
* **Network Security**
* Firewalls, configuration and management
* Virtual Private Networks (VPNs)
* Network Access Control (NAC)
* Web Application Security
* OWASP Top 10, CWE/SANS Top 25
* Input validation and encoding
* Secure Session Management
* **System Hardening and Best Practices**
* Server Hardening Techniques
* Patch Management
* Configuration Management
* Principle of least privilege (PoLP)
* **Digital Forensics and Incident Response (DFIR)**
* Incident Handling and Response processes
* Evidence Collection and Preservation
* Chain of Custody and other Legal considerations
* Forensic Tools and Techniques
###
[](https://martian1337.gitbook.io/notes/training-and-career/guides/cybersecurity-roadmaps#specialized-topics-of-study)
Specialized Topics of Study
* **Ethical Hacking and Penetration Testing**
* Methodologies (OSSTMM, PTES)
* Recon and Footprinting
* Exploitation Techniques
* Reporting
* **Cloud Security**
* Security challenges of cloud computing
* How to protect cloud-based data and applications
* Cloud security best practices
* **DevSecOps**
* Relatively new field that focuses on integrating security into the software development lifecycle
* Helps to ensure that security is built into software from the start, rather than being an afterthought
* **Machine Learning and Artificial Intelligence for Cybersecurity**
* Cutting-edge field that is rapidly changing the way that cybersecurity is conducted
* Helps to stay ahead of the curve and protect organizations from the latest threats
* **Security Leadership**
* If you aspire to a leadership role in cybersecurity, it is important to develop your skills in security leadership
* Includes topics such as strategic planning for cybersecurity, managing security teams, communicating security risks to management and stakeholders, building a security culture within an organization
* **Security Awareness and Training**
* This is important for all employees, regardless of their role in the organization. Security awareness training can help employees to understand the risks of cyberattacks and to take steps to protect themselves and their organization.
* **Security Compliance**
* Many organizations are required to comply with specific security regulations, such as the General Data Protection Regulation (GDPR) and the Payment Card Industry Data Security Standard (PCI DSS). By understanding the security regulations that apply to your organization, you can help to ensure compliance and protect your organization from legal liability.
* **Security Research**
* This is a great way to stay ahead of the curve and learn about the latest threats and trends in cybersecurity. There are many different security research organizations and conferences that you can follow to learn about the latest research.
* **Security Career Development**
* As you progress in your cybersecurity career, it is important to continue to develop your skills and knowledge. There are many different ways to do this, such as taking courses, attending conferences, and getting certified.
* **Incident Response and Forensics**
* This is a critical topic for any cybersecurity professional. Incident response is the process of responding to and recovering from a cyberattack. Forensics is the process of collecting and analyzing evidence from a cyberattack.
* **Software Security**
* This is a growing field as more and more organizations move their applications to the cloud. Software security is the practice of designing, developing, and deploying software in a way that minimizes the risk of cyberattacks.
* **Threat Modeling**
* This is a process of identifying and assessing the threats to an organization's systems and data. Threat modeling can help organizations to prioritize their security efforts and to develop effective security controls.
[PreviousGuides](https://martian1337.gitbook.io/notes/training-and-career/guides)
[NextCybersecurity Training Topics](https://martian1337.gitbook.io/notes/training-and-career/guides/cybersecurity-training-topics)
Last updated 1 year ago
* [Foundational Topics of Study](https://martian1337.gitbook.io/notes/training-and-career/guides/cybersecurity-roadmaps#foundational-topics-of-study)
* [Intermediate Topics of Study](https://martian1337.gitbook.io/notes/training-and-career/guides/cybersecurity-roadmaps#intermediate-topics-of-study)
* [Specialized Topics of Study](https://martian1337.gitbook.io/notes/training-and-career/guides/cybersecurity-roadmaps#specialized-topics-of-study)
---
# Internal Active Recon | Martian Defense NoteBook
For the complete documentation index, see [llms.txt](https://martian1337.gitbook.io/notes/llms.txt)
. This page is also available as [Markdown](https://martian1337.gitbook.io/notes/resources/recon-+-osint/internal-active-recon.md)
.
###
[](https://martian1337.gitbook.io/notes/resources/recon-+-osint/internal-active-recon#this-guide-is-intended-for-internal-corporate-usage-in-controlled-environments-and-is-noisy-on-the-n)
This guide is intended for internal corporate usage in controlled environments and is noisy on the network. The below code snippets are examples to demonstrate the methodology and remaining organized with the same working directory.
###
[](https://martian1337.gitbook.io/notes/resources/recon-+-osint/internal-active-recon#prerequisites)
Prerequisites
* Obtain explicit written authorization before scanning any external or internal assets.
* Define scope: which domains, IP ranges, and network segments to include or exclude.
* Understand and document business criticality of assets.
* Ensure VPN or internal network access as needed.
* Prepare and organize target lists (domains, IPs) in text files.
* Set up a dedicated scanning host with appropriate privileges and resources.
* Install necessary tools:
* Subdomain enumerators: `findomain`, `sublist3r`, `amass` (with API keys for VirusTotal, Shodan if needed)
* Scanners: `masscan`, `nmap`
* Vulnerability scanners: `nuclei`, `openvas`, `nessus`
* HTTP validation and fingerprinting: `httpx`, `dismap`, `eyewitness`
* Internal domain enumeration and attack path mapping: `bloodhound`, `crackmapexec`
* * *
###
[](https://martian1337.gitbook.io/notes/resources/recon-+-osint/internal-active-recon#directory-and-workspace-setup)
Directory & Workspace Setup
1. Create a structured workspace on your scanning host before starting scans:
* `outputs/`: General aggregated outputs and reports.
* `subdomains/`: Raw and processed subdomain enumeration results.
* `nmap/`: Detailed service scans.
* `masscan/`: Large-scale port scan files.
* `vulnerabilities/`: Vulnerability scan reports.
* `screenshots/`: Browser screenshots captured during reconnaissance.
* `bloodhound/`: Internal domain enumeration and attack path data.
**Documentation:** This setup supports organized storage of outputs for easy auditing and retrieval.
* * *
###
[](https://martian1337.gitbook.io/notes/resources/recon-+-osint/internal-active-recon#attack-surface-assessment-workflow)
Attack Surface Assessment Workflow
###
[](https://martian1337.gitbook.io/notes/resources/recon-+-osint/internal-active-recon#id-1.-subdomain-and-asset-enumeration)
1\. Subdomain & Asset Enumeration
_Aggregate subdomains from multiple sources into a single unique list._
* [Findomain GitHub & Blog](https://github.com/Findomain/Findomain)
, [https://findomain.app/the-real-power-of-findomain/](https://findomain.app/the-real-power-of-findomain/)
* [Sublist3r GitHub](https://github.com/aboul3la/Sublist3r)
* [Amass GitHub](https://github.com/OWASP/Amass)
###
[](https://martian1337.gitbook.io/notes/resources/recon-+-osint/internal-active-recon#id-2.-validate-and-resolve-assets)
2\. Validate & Resolve Assets
_Validate HTTP/S live hosts and DNS resolution._
* [Httpx GitHub](https://github.com/projectdiscovery/httpx)
###
[](https://martian1337.gitbook.io/notes/resources/recon-+-osint/internal-active-recon#id-3.-port-and-service-discovery)
3\. Port & Service Discovery
_Quick port scan with Masscan and detailed service enumeration with Nmap._
* [Masscan GitHub](https://github.com/robertdavidgraham/masscan)
* [Nmap Official](https://nmap.org/book/man-briefoptions.html)
###
[](https://martian1337.gitbook.io/notes/resources/recon-+-osint/internal-active-recon#id-4.-vulnerability-assessment)
4\. Vulnerability Assessment
_Run fast template-based and deep vulnerability scans._
* [Nuclei Docs](https://nuclei.projectdiscovery.io/templating-guide/)
* [OpenVAS Wiki](https://www.greenbone.net/en/community-edition/)
* [Nessus Docs](https://docs.tenable.com/nessus/)
###
[](https://martian1337.gitbook.io/notes/resources/recon-+-osint/internal-active-recon#id-5.-internal-network-mapping-if-authorized)
5\. Internal Network Mapping (if authorized)
_Internal host discovery and service enumeration, plus AD attack path analysis._
* [BloodHound Docs](https://bloodhound.readthedocs.io/en/latest/)
* [CrackMapExec GitHub](https://github.com/byt3bl33d3r/CrackMapExec)
###
[](https://martian1337.gitbook.io/notes/resources/recon-+-osint/internal-active-recon#id-6.-web-technology-and-screenshotting)
6\. Web Technology & Screenshotting
_Fingerprint web tech stacks and gather screenshots._
* [Dismap GitHub](https://github.com/m4ll0k/Dismap)
* [Eyewitness GitHub](https://github.com/FortyNorthSecurity/EyeWitness)
* * *
###
[](https://martian1337.gitbook.io/notes/resources/recon-+-osint/internal-active-recon#post-assessment-file-structure-and-organization)
Post-Assessment: File Structure & Organization
Example directory structure and contents after assessment:
* * *
###
[](https://martian1337.gitbook.io/notes/resources/recon-+-osint/internal-active-recon#notes-and-best-practices)
Notes and Best Practices
* Chain outputs between stages for automation and maximum coverage.
* Use `sort -u` often to avoid duplications.
* Keep directory structure consistent and filenames clear.
* Only scan within authorized scope.
* Schedule scans to minimize disruption.
[PreviousRecon + OSINT](https://martian1337.gitbook.io/notes/resources/recon-+-osint)
[NextOffensive](https://martian1337.gitbook.io/notes/resources/offensive-cybersecurity)
Last updated 9 months ago
* [Prerequisites](https://martian1337.gitbook.io/notes/resources/recon-+-osint/internal-active-recon#prerequisites)
* [Directory & Workspace Setup](https://martian1337.gitbook.io/notes/resources/recon-+-osint/internal-active-recon#directory-and-workspace-setup)
* [Attack Surface Assessment Workflow](https://martian1337.gitbook.io/notes/resources/recon-+-osint/internal-active-recon#attack-surface-assessment-workflow)
* [1\. Subdomain & Asset Enumeration](https://martian1337.gitbook.io/notes/resources/recon-+-osint/internal-active-recon#id-1.-subdomain-and-asset-enumeration)
* [2\. Validate & Resolve Assets](https://martian1337.gitbook.io/notes/resources/recon-+-osint/internal-active-recon#id-2.-validate-and-resolve-assets)
* [3\. Port & Service Discovery](https://martian1337.gitbook.io/notes/resources/recon-+-osint/internal-active-recon#id-3.-port-and-service-discovery)
* [4\. Vulnerability Assessment](https://martian1337.gitbook.io/notes/resources/recon-+-osint/internal-active-recon#id-4.-vulnerability-assessment)
* [5\. Internal Network Mapping (if authorized)](https://martian1337.gitbook.io/notes/resources/recon-+-osint/internal-active-recon#id-5.-internal-network-mapping-if-authorized)
* [6\. Web Technology & Screenshotting](https://martian1337.gitbook.io/notes/resources/recon-+-osint/internal-active-recon#id-6.-web-technology-and-screenshotting)
* [Post-Assessment: File Structure & Organization](https://martian1337.gitbook.io/notes/resources/recon-+-osint/internal-active-recon#post-assessment-file-structure-and-organization)
* [Notes and Best Practices](https://martian1337.gitbook.io/notes/resources/recon-+-osint/internal-active-recon#notes-and-best-practices)
Copy
mkdir -p ~/attack-surface-assessment/{outputs,subdomains,nmap,masscan,vulnerabilities,screenshots,bloodhound}
cd ~/attack-surface-assessment
Copy
findomain -t example.com -o subdomains/findomain.txt && cat subdomains/findomain.txt > subdomains/all_subs.txt
sublist3r -d example.com -o - | tee -a subdomains/all_subs.txt
amass enum -d example.com -o - | tee -a subdomains/all_subs.txt
sort -u subdomains/all_subs.txt -o subdomains/all_subs.txt
Copy
httpx -l subdomains/all_subs.txt -o outputs/live_hosts.txt
Copy
masscan -p1-65535 -iL outputs/live_hosts.txt --rate=10000 -oG masscan/masscan_results.gnmap
awk '/Up$/{print $2}' masscan/masscan_results.gnmap > nmap/scan_targets.txt
nmap -sS -sV -A -iL nmap/scan_targets.txt -oN nmap/nmap_services.txt
Copy
nuclei -l outputs/live_hosts.txt -o vulnerabilities/nuclei_web_results.txt
openvas-cli --target-file nmap/scan_targets.txt --output vulnerabilities/openvas_report.html
nessus -q -x -i nmap/scan_targets.txt -o vulnerabilities/nessus_report.nessus
Copy
nmap -sn 10.0.0.0/8 -oG nmap/internal_discovery.gnmap
awk '/Up$/{print $2}' nmap/internal_discovery.gnmap > nmap/internal_live_hosts.txt
nmap -sS -sV -A -iL nmap/internal_live_hosts.txt -oN nmap/internal_services.txt
bloodhound-python -u admin -p 'Password123!' -d domain.local -gc-ip 10.0.0.1 -c all --json bloodhound/bloodhound_data.json
crackmapexec smb 10.0.0.0/24 -u username -p password
Copy
dismap -i outputs/live_hosts.txt -o outputs/dismap_results.txt
eyewitness --web -f outputs/live_hosts.txt -d screenshots/
Copy
~/attack-surface-assessment/
├── outputs/
│ ├── live_hosts.txt
│ ├── dismap_results.txt
│ └── aggregated_report.pdf
├── subdomains/
│ ├── all_subs.txt
│ ├── findomain.txt
│ ├── sublist3r.txt
│ └── amass.txt
├── nmap/
│ ├── internal_services.txt
│ ├── nmap_services.txt
│ ├── internal_live_hosts.txt
│ └── scan_targets.txt
├── masscan/
│ └── masscan_results.gnmap
├── vulnerabilities/
│ ├── nuclei_web_results.txt
│ ├── openvas_report.html
│ └── nessus_report.nessus
├── screenshots/
│ └── (image files)
└── bloodhound/
└── bloodhound_data.json
---
# Keeping it Real for Beginners | Martian Defense NoteBook
For the complete documentation index, see [llms.txt](https://martian1337.gitbook.io/notes/llms.txt)
. This page is also available as [Markdown](https://martian1337.gitbook.io/notes/training-and-career/keeping-it-real-for-beginners.md)
.
[](https://martian1337.gitbook.io/notes/training-and-career/keeping-it-real-for-beginners#stop-comparing)
Stop Comparing
-----------------------------------------------------------------------------------------------------------------------------
Everyone has their own journey in this space so comparing yourself to people who present that they are highly successful or highly skilled will run you crazy. Dont let this happen while half of the people publicized are not all they seem to be. Learn what skillsets are truly needed and walk your own path!
[](https://martian1337.gitbook.io/notes/training-and-career/keeping-it-real-for-beginners#be-consistent)
Be consistent!
----------------------------------------------------------------------------------------------------------------------------
Consistency in this space is very important. The threat is just as dedicated and consistent as the defenders need to be nowadays. Stay motivated and ensure you are committing to the right cause or following the correct training.
[](https://martian1337.gitbook.io/notes/training-and-career/keeping-it-real-for-beginners#just-ask)
Just Ask!
------------------------------------------------------------------------------------------------------------------
You will be surprised how much information you can receive just by asking someone or conducting an official informational interview. People who are truly well-versed and passionate about a topic will often love to talk about it to an aspiring learner.
It is important to ask nowadays due to gathering expertise of the person speaking as well. Often people will speak up to more than what they are actually experienced in just to maintain relative conversation. This is where asking questions for your own understanding or just to gauge someone's skillset is very beneficial!
[](https://martian1337.gitbook.io/notes/training-and-career/keeping-it-real-for-beginners#beware-of-the-modern-day-enthusisast-influencer-and-self-proclaimed-hacker)
Beware of the modern-day "Enthusisast", "Influencer" and self-proclaimed "Hacker"
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
There has been an increase in those who are enthused about cybersecurity but instead of undergoing practical training to learn or ever holding a security role; they turn their cameras on and inform people an excessive amount of **useless junk content** with regard to cyber defense nor being in this field.
Always be on the lookout for those who are out for clicks and clout versus actual security practitioners sharing their knowledge from experience. It has become very common where your favorite content creator is just out for money and they don't mind misinformation and disinformation along the way.
They all appear to have a pattern of crashing publicly, having their toxicity exposed and/or asked to express their previous experience on their chosen subjects with no verifiable base for even discussing cybersecurity matters.
Not all of them have bad intentions, but there is an infestation of more bad people than legitimate at the time of writing this. Now we have officially even made it to where if they are calling themselves a "hacker" frequently, it is probably smoke and mirrors for potential content payouts.
[](https://martian1337.gitbook.io/notes/training-and-career/keeping-it-real-for-beginners#gain-skills-not-just-knowledge)
Gain skills, not just knowledge
--------------------------------------------------------------------------------------------------------------------------------------------------------------
Some of these self-inflicted "skills gaps" for those starting out are due to role expectations after being certified. These are the same people failing tech interviews when it is time to perform. In the modern tech world it is no longer acceptable to just read a book, do a CompTIA exam and wing it until someone shows you mercy for employment.
You must be more practical by not only learning theory of specialized security subjects, but you must actually PUT IT INTO PRACTICE! Being well-versed in theory will get you to a lot places but in the security space we do more than just discuss these matters, we must implement the solutions.
**Reiteration:** Congrats on your recent certification, but this field can not truly solve issues with multiple choice tests. What can you do?
[PreviousMartian Defense Notebook](https://martian1337.gitbook.io/notes)
[NextCybersecurity Domains](https://martian1337.gitbook.io/notes/training-and-career/cybersecurity-domains)
Last updated 1 year ago
* [Stop Comparing](https://martian1337.gitbook.io/notes/training-and-career/keeping-it-real-for-beginners#stop-comparing)
* [Be consistent!](https://martian1337.gitbook.io/notes/training-and-career/keeping-it-real-for-beginners#be-consistent)
* [Just Ask!](https://martian1337.gitbook.io/notes/training-and-career/keeping-it-real-for-beginners#just-ask)
* [Beware of the modern-day "Enthusisast", "Influencer" and self-proclaimed "Hacker"](https://martian1337.gitbook.io/notes/training-and-career/keeping-it-real-for-beginners#beware-of-the-modern-day-enthusisast-influencer-and-self-proclaimed-hacker)
* [Gain skills, not just knowledge](https://martian1337.gitbook.io/notes/training-and-career/keeping-it-real-for-beginners#gain-skills-not-just-knowledge)
---
# Reading and Repos | Martian Defense NoteBook
For the complete documentation index, see [llms.txt](https://martian1337.gitbook.io/notes/llms.txt)
. This page is also available as [Markdown](https://martian1337.gitbook.io/notes/training-and-career/reading-and-repos.md)
.
[Guide to learn hacking](https://www.youtube.com/watch?v=2TofunAI6fU)
[Finding your first bug](https://portswigger.net/blog/finding-your-first-bug-bounty-hunting-tips-from-the-burp-suite-community)
[Port Swigger Web Security Academy](https://portswigger.net/web-security/learning-path)
[zonduu](https://medium.com/@zonduu/bug-bounty-beginners-guide-683e9d567b9f)
[p4nda's Bug Bounty Blog](https://enfinlay.github.io/bugbounty/2020/08/15/so-you-wanna-hack.html)
[A blog on subdomain takeovers](https://enfinlay.github.io/sto/ip/domain/bugbounty/2020/09/12/ip-server-domain.html)
[clos2100 on getting started without a technical background](https://twitter.com/pirateducky/status/1300566000665014275)
[al-madjus from 0 to bug hunter](https://klarsen.net/uncategorized/from-0-to-bug-hunter-my-journey/)
[dee-see's resources for Android Hacking](https://blog.deesee.xyz/android/security/2020/01/13/android-application-hacking-resources.html)
[Resources from @Nickyie](https://github.com/Nickyie/Cybersecurity-Resources)
[Resources from @vlakhani28](https://github.com/vlakhani28/Cyber-Security-Resources)
[Book of Secret Knowledge from @trimstray](https://github.com/trimstray/the-book-of-secret-knowledge)
[Resources from @rmusser01](https://github.com/rmusser01/Infosec_Reference)
[Cybersecurity Roadmap Repo](https://github.com/0xTRAW/Cybersecurity-Roadmap)
[Hacksplaining](https://www.hacksplaining.com/)
!
\---
[PreviousCybersecurity Domains](https://martian1337.gitbook.io/notes/training-and-career/cybersecurity-domains)
[NextMedia](https://martian1337.gitbook.io/notes/training-and-career/media)
Last updated 1 year ago
---
# Capture-the-Flag Training | Martian Defense NoteBook
For the complete documentation index, see [llms.txt](https://martian1337.gitbook.io/notes/llms.txt)
. This page is also available as [Markdown](https://martian1337.gitbook.io/notes/notes/cheatsheets/capture-the-flag-training.md)
.
[Vulnerable Machine Checklist](https://martian1337.gitbook.io/notes/notes/cheatsheets/capture-the-flag-training/vulnerable-machine-checklist)
[Reverse Engineering Checklist](https://martian1337.gitbook.io/notes/notes/cheatsheets/capture-the-flag-training/reverse-engineering-checklist)
[Mobile Checklist](https://martian1337.gitbook.io/notes/notes/cheatsheets/capture-the-flag-training/mobile-checklist)
[Forensics Checklist](https://martian1337.gitbook.io/notes/notes/cheatsheets/capture-the-flag-training/forensics-checklist)
[Binary Exploitation](https://martian1337.gitbook.io/notes/notes/cheatsheets/capture-the-flag-training/binary-exploitation)
[Cryptography Checklist](https://martian1337.gitbook.io/notes/notes/cheatsheets/capture-the-flag-training/cryptography-checklist)
[PreviousAssembly Language](https://martian1337.gitbook.io/notes/notes/cheatsheets/assembly-language)
[NextVulnerable Machine Checklist](https://martian1337.gitbook.io/notes/notes/cheatsheets/capture-the-flag-training/vulnerable-machine-checklist)
Last updated 1 year ago
---
# Expose the Web UI over Tailnet | Martian Defense NoteBook
For the complete documentation index, see [llms.txt](https://martian1337.gitbook.io/notes/llms.txt)
. This page is also available as [Markdown](https://martian1337.gitbook.io/notes/digital-privacy/self-hosting/secure-remote-access-with-tailscale-+-hardened-ssh/expose-the-web-ui-over-tailnet.md)
.
[](https://martian1337.gitbook.io/notes/digital-privacy/self-hosting/secure-remote-access-with-tailscale-+-hardened-ssh/expose-the-web-ui-over-tailnet#running-tailscale-serve-persistently-on-proxmox)
Running Tailscale Serve Persistently on Proxmox
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
To securely expose the Proxmox Web UI over your Tailnet, use the `tailscale serve` command with the `--bg` flag:
Copy
sudo tailscale serve --bg https+insecure://localhost:8006
Key Points:
* The `--bg` flag runs Tailscale Serve in the background persistently until you explicitly stop it.
* The Serve process automatically resumes after system shutdowns, reboots, or Tailscale daemon restarts- no manual restarts needed.
* The `https+insecure://` prefix tells Tailscale Serve to connect to the local HTTPS backend (Proxmox Web UI) while ignoring its self-signed certificate.
* You can check the currently running proxy with:
Copy
tailscale serve status
* To stop the shared proxy at any time, run:
Copy
tailscale serve off
* * *
[](https://martian1337.gitbook.io/notes/digital-privacy/self-hosting/secure-remote-access-with-tailscale-+-hardened-ssh/expose-the-web-ui-over-tailnet#ensuring-reliable-startup-after-reboot)
(Optional) Ensuring Reliable Startup After Reboot
-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
There is a known timing issue where the Tailscale daemon (`tailscaled`) may signal readiness before the Tailscale IP address is fully assigned, causing issues with dependent services starting too early.
To fix this, create a systemd override to delay `tailscaled` readiness until the network is fully ready:
Copy
sudo systemctl edit tailscaled
Add this to the override file:
Save and exit the editor, then reload and restart the daemon:
* * *
[](https://martian1337.gitbook.io/notes/digital-privacy/self-hosting/secure-remote-access-with-tailscale-+-hardened-ssh/expose-the-web-ui-over-tailnet#optional-systemd-service-for-tailscale-serve)
(Optional) Systemd Service for Tailscale Serve
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
If you want to fully automate and guarantee the Tailscale Serve proxy starts after the daemon and network are ready, create a systemd service:
1. Create `/etc/systemd/system/tailscale-serve-proxmox.service` with:
1. Enable and start it:
[](https://martian1337.gitbook.io/notes/digital-privacy/self-hosting/secure-remote-access-with-tailscale-+-hardened-ssh/expose-the-web-ui-over-tailnet#summary)
Summary
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------
* `tailscale serve --bg` runs persistently and automatically resumes after reboots or daemon restarts.
* Using `https+insecure://` allows proxying to Proxmox’s self-signed HTTPS UI without certificate errors.
* Systemd override on `tailscaled` ensures it signals readiness only when fully connected to the network.
* Optionally, a systemd service can manage the Serve proxy for guaranteed correct startup order and restart on failure.
[PreviousSecure Remote Access with TailScale + Hardened SSH](https://martian1337.gitbook.io/notes/digital-privacy/self-hosting/secure-remote-access-with-tailscale-+-hardened-ssh)
[NextRemote Unlock of LUKS-Encrypted Root Disk via SSH](https://martian1337.gitbook.io/notes/digital-privacy/self-hosting/remote-unlock-of-luks-encrypted-root-disk-via-ssh)
Last updated 10 months ago
* [Running Tailscale Serve Persistently on Proxmox](https://martian1337.gitbook.io/notes/digital-privacy/self-hosting/secure-remote-access-with-tailscale-+-hardened-ssh/expose-the-web-ui-over-tailnet#running-tailscale-serve-persistently-on-proxmox)
* [(Optional) Ensuring Reliable Startup After Reboot](https://martian1337.gitbook.io/notes/digital-privacy/self-hosting/secure-remote-access-with-tailscale-+-hardened-ssh/expose-the-web-ui-over-tailnet#ensuring-reliable-startup-after-reboot)
* [(Optional) Systemd Service for Tailscale Serve](https://martian1337.gitbook.io/notes/digital-privacy/self-hosting/secure-remote-access-with-tailscale-+-hardened-ssh/expose-the-web-ui-over-tailnet#optional-systemd-service-for-tailscale-serve)
* [Summary](https://martian1337.gitbook.io/notes/digital-privacy/self-hosting/secure-remote-access-with-tailscale-+-hardened-ssh/expose-the-web-ui-over-tailnet#summary)
Copy
[Service]
ExecStartPost=timeout 60s bash -c 'until tailscale status --peers=false; do sleep 1; done'
Copy
sudo systemctl daemon-reload
sudo systemctl restart tailscaled
Copy
[Unit]
Description=Tailscale Serve Proxy for Proxmox Web UI
After=network.target tailscaled.service
Requires=tailscaled.service
[Service]
Type=simple
ExecStart=/usr/bin/tailscale serve --bg https+insecure://localhost:8006
Restart=on-failure
RestartSec=10
[Install]
WantedBy=multi-user.target
Copy
sudo systemctl daemon-reload
sudo systemctl enable tailscale-serve-proxmox.service
sudo systemctl start tailscale-serve-proxmox.service
---
# Splunk | Martian Defense NoteBook
For the complete documentation index, see [llms.txt](https://martian1337.gitbook.io/notes/llms.txt)
. This page is also available as [Markdown](https://martian1337.gitbook.io/notes/notes/defensive-security/splunk.md)
.
1. **index**: This is the index in which your data resides in Splunk. The specific indexes you have will depend on how you've set up your data inputs.
2. **sourcetype**: This specifies the data format for events from a data input, such as logs from a specific type of server or service (e.g., "access\_combined", "WinEventLog:Security", "cisco:asa", etc.). The sourcetypes available will depend on the types of data inputs you have.
3. **host**, **src\_ip**, **dest\_ip**: These fields typically represent the host, source IP, and destination IP associated with an event. The names of these fields may vary depending on your data.
4. **action**, **status**, **severity**: These fields often represent the action taken (e.g., success, failure, download, accessed), the status of a request or response, or the severity of an event or alert. These could also vary depending on your data.
5. **file\_path**, **process\_name**, **uri**, **query**, **user\_agent**, **service**, **port**: These fields represent various specifics of an event such as file paths accessed, process names, URLs or URIs accessed, DNS queries made, User-Agent strings in web requests, names of services, and port numbers. The names and availability of these fields will depend on your data sources.
6. **user**, **clientip**, **src\_user**, **session\_duration**, **process\_start**: These fields could represent the user or client IP associated with an event, the user on the source system, the duration of user sessions, or the start time of processes. These field names could vary based on your data.
7. **bytes\_out**, **bytes**, **amount**: These fields typically represent the volume of data associated with an event, such as bytes sent out or received, or amounts in transaction events. The exact field names may vary.
8. **EventCode**, **level**, **threat\_detected**, **device\_id**, **printer\_name**, **Country**, **description**: These are more specific fields that would be associated with certain types of logs, such as Windows event logs, system logs, threat detection logs, device logs, printer logs, location data, or threat descriptions.
9. `iplocation`
* Determines the geographic location of IP addresses.
* Example: `index=firewall | iplocation src_ip`
10. `cidrmatch`
* Checks if an IP falls within a specified CIDR range.
* Example: `index=firewall | where cidrmatch("10.0.0.0/8", src_ip)`
11. `localop`
* Runs operation on the search head.
* Example: `index=firewall | localop | stats count`
12. `metasearch`
* Searches only the metadata.
* Example: `index=firewall | metasearch | stats count`
13. `tstats`
* Provides statistical information about indexed data.
* Example: `| tstats count where index=firewall by sourcetype`
14. `datamodel`
* Retrieves events from a data model.
* Example: `| datamodel Network_Traffic All_Traffic search | stats count by All_Traffic.action`
15. `metadata`
* Retrieves metadata about the hosts, sources, and source types in an index.
* Example: `| metadata type=hosts index=firewall`
16. `predict`
* Predicts future values based on historical data.
* Example: `index=firewall | predict future_traffic as 'predicted_traffic'`
17. `x11`
* Graphs the results in an X11 window for further examination.
* Example: `index=firewall | x11`
18. `xmlkv`
* Extracts field and value pairs from XML-formatted events.
* Example: `index=firewall | xmlkv`
19. `map`
* Runs a search for each result.
* Example: `index=firewall | map search="search index=firewall src_ip=$src_ip$"`
20. `mcollect`
* Collects metrics data points.
* Example: `index=firewall | mcollect index=metrics`
21. `file`
* Monitors the specified file until the command is interrupted.
* Example: `| file /var/log/firewall.log`
22. `cluster`
* Groups similar events together.
* Example: `index=firewall | cluster showcount=true`
23. `anomalies`
* Detects anomalous numerical values in data using machine learning.
* Example: `index=firewall | anomalies p_value_field=bytes`
24. `findtypes`
* Infers new event types from existing data.
* Example: `index=firewall | findtypes`
25. `outlier`
* Detects numerical outliers in your data.
* Example: `index=firewall | outlier action_field=bytes`
26. `kvform`
* Extracts field and value pairs from events.
* Example: `index=firewall | kvform`
27. `tag`
* Tags fields in events.
* Example: `index=firewall | tag user`
28. `highlight`
* Highlights specific terms in the search results.
* Example: `index=firewall | highlight "denied"`
29. `typelearner`
* Learns and suggests new event types.
* Example: `index=firewall | typelearner`
30. `typer`
* Infers and assigns event types.
* Example: `index=firewall | typer`
31. `sendemail`
* Sends search results via email.
* Example: `index=firewall | sendemail to="admin@company.com"`
32. `strptime`
* Converts a formatted time string into epoch time.
* Example: `index=firewall | eval epoch_time=strptime(_time, "%Y-%m-%dT%H:%M:%S.%3N%:z")`
33. `strftime`
* Converts epoch time to a formatted string.
* Example: `index=firewall | eval date=strftime(_time, "%Y-%m-%d")`
34. `noop`
* Does not change the events or results (often used with metadata).
* Example: `index=firewall | noop | metadata type=hosts`
35. `makeresults`
* Generates a result for testing purposes.
* Example: `| makeresults | eval test="Test"`
36. `inputcsv`
* Loads a CSV file for use in a subsearch.
* Example: `index=firewall | inputcsv blocklist.csv`
37. `format`
* Formats the results for use in a subsearch.
* Example: `index=firewall | format`
38. `untable`
* Converts table formatted data into separate events.
* Example: `index=firewall | untable date user action`
[PreviousIncident Response](https://martian1337.gitbook.io/notes/notes/defensive-security)
[NextBasic Queries](https://martian1337.gitbook.io/notes/notes/defensive-security/splunk/basic-queries)
Last updated 1 year ago
---
# Open Source Business & SaaS Tools | Martian Defense NoteBook
For the complete documentation index, see [llms.txt](https://martian1337.gitbook.io/notes/llms.txt)
. This page is also available as [Markdown](https://martian1337.gitbook.io/notes/cyber-entreprenuership/open-source-business-and-saas-tools.md)
.
###
[](https://martian1337.gitbook.io/notes/cyber-entreprenuership/open-source-business-and-saas-tools#cloud-infrastructure-and-virtualization-platforms)
Cloud Infrastructure & Virtualization Platforms
[Ubicloud](https://www.ubicloud.com/)
– IaaS platform with compute, block storage, networking, and managed DB services. [Proxmox VE](https://proxmox.com/en/proxmox-ve)
– Virtualization with KVM & LXC, clustering, backup. [OpenStack](https://www.openstack.org/)
– Scalable IaaS for compute, network, storage. [XCP-ng](https://xcp-ng.org/)
– Open source hypervisor, XenServer compatible. [oVirt](https://www.ovirt.org/)
– KVM virtualization manager for data centers. [Virtuozzo Hybrid](https://www.virtuozzo.com/)
– Container-based virtualization for density. [Nutanix Community Edition](https://www.nutanix.com/products/community-edition)
– Hybrid cloud virtualization and hyperconverged storage. [KVM](https://www.linux-kvm.org/)
– Linux-native virtualization technology.
###
[](https://martian1337.gitbook.io/notes/cyber-entreprenuership/open-source-business-and-saas-tools#storage-solutions)
Storage Solutions
[Nextcloud](https://nextcloud.com/)
– Encrypted file storage and collaboration platform.
[GlusterFS](https://www.gluster.org/)
– Distributed filesystem for scalable storage aggregation. [HekaFS](https://github.com/hekaheka/HekaFS)
– Distributed filesystem with secure tenant isolation. [JuiceFS](https://juicefs.com/)
– Cloud-native filesystem for big data, AI/ML applications. [LizardFS](https://lizardfs.com/)
– Geo-redundant distributed file system for enterprise. [SeaweedFS](https://github.com/seaweedfs/seaweedfs)
– Lightweight scalable distributed object/file storage. [Zenko](https://www.zenko.io/)
– Multi-cloud data controller for unified storage management. [CubeFS](https://cubefs.io/)
– Cloud-native storage with S3, HDFS, POSIX protocols. [MooseFS](https://moosefs.com/)
– POSIX-compliant distributed file system at petabyte scale. [Swift (OpenStack)](https://docs.openstack.org/swift/)
– Object storage for OpenStack clouds. [Garage](https://garagehq.deuxfleurs.fr/)
– S3-compatible object storage for self-hosting/cloud. [lakeFS](https://lakefs.io/)
– Git-like version control for object storage data lakes. [Hadoop](https://hadoop.apache.org/)
– Distributed storage and processing for big data workloads. [Lustre](https://www.lustre.org/)
– High-performance distributed file system for HPC. [OpenFiler](https://www.openfiler.com/)
– SAN/NAS storage solution with web management. [OpenMediaVault](https://www.openmediavault.org/)
– NAS for home/SMB, web-based management and plugins. [Kopia](https://kopia.io/)
– Efficient backup tool for cloud/local storage. [BorgBackup](https://borgbackup.readthedocs.io/)
– Secure deduplicating backup program. [Restic](https://restic.net/)
– Fast, secure backup program for files and directories.
###
[](https://martian1337.gitbook.io/notes/cyber-entreprenuership/open-source-business-and-saas-tools#infrastructure-as-code-iac)
Infrastructure as Code (IaC)
[Terraform](https://www.terraform.io/)
& [OpenTofu](https://opentofu.org/)
– Leading declarative IaC tools. [Pulumi](https://www.pulumi.com/)
– Code-centric IaC with mainstream languages. [Ansible](https://www.ansible.com/)
– Agentless automation and provisioning. [Crossplane](https://crossplane.io/)
– Kubernetes-native cloud resource provisioning. [Terragrunt](https://terragrunt.gruntwork.io/)
– Terraform wrapper for modular configs.
###
[](https://martian1337.gitbook.io/notes/cyber-entreprenuership/open-source-business-and-saas-tools#remote-access)
Remote Access
[RustDesk](https://rustdesk.com/)
- A fast, open-source remote desktop software that supports self-hosted servers for data sovereignty and enhanced security. It offers cross-platform support and is often recommended as a free alternative to TeamViewer with strong encryption and ease of use. [Remmina](https://remmina.org/)
- A free and open-source remote desktop client primarily for Linux and Unix systems, supporting multiple protocols including RDP, VNC, NX, and SSH. [Apache Guacamole](https://guacamole.apache.org/)
- A clientless remote desktop gateway that supports standard protocols like VNC, RDP, and SSH. It allows access via a web browser without needing client software installation, making it versatile for desktop management. [TigerVNC](https://tigervnc.org/)
- An open-source VNC implementation providing high-performance remote desktop access. It supports most systems and is a strong choice for those preferring VNC protocol-based remote access. [DWService](https://www.dwservice.net/)
- An open-source remote access service accessible from any browser. It requires software installation only on the host machine and supports unattended access. It also features a mobile app.
Windows Only
[mRemoteNG](https://mremoteng.org/)
- An open-source, multi-protocol, tabbed remote connections manager for Windows
###
[](https://martian1337.gitbook.io/notes/cyber-entreprenuership/open-source-business-and-saas-tools#ci-cd-and-devops-automation)
CI/CD & DevOps Automation
[Jenkins](https://www.jenkins.io/)
– Widely adopted automation server for CI/CD. [GitLab CI/CD](https://about.gitlab.com/stages-devops-lifecycle/)
– Built-in pipelines inside GitLab. [Argo CD](https://argo-cd.readthedocs.io/)
– Kubernetes GitOps continuous delivery. [Flux](https://fluxcd.io/)
– GitOps toolkit for Kubernetes automation. [Tekton](https://tekton.dev/)
– Cloud-native CI/CD pipelines built for Kubernetes. [Drone](https://drone.io/)
– Container native CI/CD automation.
###
[](https://martian1337.gitbook.io/notes/cyber-entreprenuership/open-source-business-and-saas-tools#devsecops-and-security)
DevSecOps & Security
[Checkov](https://www.checkov.io/)
– Static analysis of IaC for security issues. [TFLint](https://github.com/terraform-linters/tflint)
– Terraform configuration linter. [Open Policy Agent (OPA)](https://www.openpolicyagent.org/)
– Policy enforcement engine for cloud-native apps. [Kubescape](https://www.kubescape.io/)
– Kubernetes security and compliance scans. [Terrascan](https://github.com/accurics/terrascan)
– Scans Infrastructure as Code (IaC) for security misconfigurations; supports multi-cloud environments and integrates into CI/CD pipelines. [ZAP (OWASP Zed Attack Proxy)](https://www.zaproxy.org/)
– Popular web application security scanner detecting vulnerabilities like XSS and SQL injection with automated and manual testing modes. [Semgrep](https://semgrep.dev/)
– Fast, customizable static analysis tool for scanning source code vulnerabilities across multiple languages in CI/CD workflows. [Trivy](https://aquasecurity.github.io/trivy/)
– Comprehensive vulnerability scanner for container images, IaC files, and source code dependencies. [DefectDojo](https://defectdojo.github.io/)
– Application security orchestration platform aggregating vulnerability findings and managing testing workflows. [Git-secrets](https://github.com/awslabs/git-secrets)
– Prevents committing sensitive information (like passwords or AWS keys) into git repositories by scanning commits. [HashiCorp Vault](https://www.vaultproject.io/)
– Secret management tool for secure storage, dynamic secrets, and identity-based access control. [Anchore Engine](https://anchore.com/opensource/)
– Container scanning and policy evaluation platform for registry and CI/CD integration. [Prowler](https://github.com/prowler-cloud/prowler)
– AWS security best practices assessment, auditing, and hardening tool. [KICS (Keeping Infrastructure as Code Secure)](https://kics.io/)
– Open source IaC scanning tool detecting security issues and compliance violations. [Nancy](https://github.com/sonatype-nexus-community/nancy)
– Dependency vulnerability scanner for Go projects. [Npm-audit](https://docs.npmjs.com/cli/v9/commands/npm-audit)
– Vulnerability scanner for Node.js package dependencies integrated with npm. [Spectral](https://stoplight.io/open-source/spectral/)
– Flexible JSON/YAML linter for API description and config files, aiding in security and best practices.
###
[](https://martian1337.gitbook.io/notes/cyber-entreprenuership/open-source-business-and-saas-tools#monitoring-and-observability)
Monitoring & Observability
[Prometheus](https://prometheus.io/)
– Monitoring and alerting toolkit for metrics. [Grafana](https://grafana.com/)
– Data visualization and dashboard platform. [VictoriaMetrics](https://victoriametrics.com/)
– Scalable time series database for monitoring. [Elasticsearch](https://www.elastic.co/elasticsearch/)
/ [OpenSearch](https://opensearch.org/)
– Search engine and log analytics.
###
[](https://martian1337.gitbook.io/notes/cyber-entreprenuership/open-source-business-and-saas-tools#networking-tools)
Networking Tools
[Nginx](https://nginx.org/)
- High-performance web server and reverse proxy for load balancing and static content delivery. [HAProxy](http://www.haproxy.org/)
- Robust load balancer and reverse proxy widely used for traffic distribution in critical environments. [Caddy](https://caddyserver.com/)
- Simple web server with automatic HTTPS and easy configuration for quick, secure deployments. [Traefik](https://traefik.io/)
- Dynamic reverse proxy with automatic service discovery for containerized and microservices environments. [OpenWISP](https://openwisp.org/)
- Network management system automating configuration, monitoring, and VPN provisioning for Linux networks. [Ansible](https://www.ansible.com/)
- Agentless automation tool for network and system configuration, orchestration, and deployment. [NetBox](https://netbox.dev/)
- Network infrastructure management tool for modeling, documenting, and automating network operations. [Zabbix](https://www.zabbix.com/)
- Enterprise-class monitoring solution for networks, servers, and applications with auto-discovery. [OpenNMS](https://www.opennms.com/)
- Enterprise-grade open-source network monitoring platform with scalable and extensible architecture. [Nagios Core](https://www.nagios.org/)
- Flexible monitoring system for networked devices with plugin architecture and alerting capabilities.
###
[](https://martian1337.gitbook.io/notes/cyber-entreprenuership/open-source-business-and-saas-tools#erp-and-business-management)
ERP & Business Management
[Odoo](https://www.odoo.com/)
– Modular business management suite with ERP, CRM, and more. [ERPNext](https://erpnext.com/)
– All-in-one open source ERP for business processes. [Dolibarr](https://www.dolibarr.org/)
– ERP/CRM for SMEs with invoicing and inventory. [Apache OFBiz](https://ofbiz.apache.org/)
– Java-based enterprise ERP and automation. [ADempiere](https://www.adempiere.net/)
– Community-driven ERP for finance, operations, and supply chain. [Tryton](https://www.tryton.org/)
– Modular Python ERP system. [Corteza Low-Code](https://cortezaproject.org/)
– Low-code business process automation and CRM. [Onfinity](https://onfinity.io/)
– Cloud-native ERP solution for scalability.
###
[](https://martian1337.gitbook.io/notes/cyber-entreprenuership/open-source-business-and-saas-tools#crm-and-sales)
CRM & Sales
[SuiteCRM](https://suitecrm.com/)
– Feature-rich CRM fork of SugarCRM. [EspoCRM](https://www.espocrm.com/)
– Lightweight CRM for automating sales and support. [OroCRM](https://oroinc.com/orocrm)
– Multi-channel CRM for advanced reporting and e-commerce. [Vtiger CRM](https://www.vtiger.com/open-source-crm/)
– All-in-one sales, marketing, and helpdesk CRM. [YetiForce](https://yetiforce.com/en)
– Customizable CRM with project management and inventory.
###
[](https://martian1337.gitbook.io/notes/cyber-entreprenuership/open-source-business-and-saas-tools#marketing-and-email-automation)
Marketing & Email Automation
[Mautic](https://www.mautic.org/)
– Marketing automation for email campaigns and lead tracking. [Mailtrain](https://mailtrain.org/)
– Node.js self-hosted newsletter app. [phpList](https://www.phplist.org/)
– Bulk email manager for newsletters. [ListMonk](https://listmonk.app/)
– High-performance newsletter manager in Go.
###
[](https://martian1337.gitbook.io/notes/cyber-entreprenuership/open-source-business-and-saas-tools#e-commerce-and-pos)
E-Commerce & POS
[OpenCart](https://www.opencart.com/)
– E-commerce platform with extensible modules. [PrestaShop](https://www.prestashop.com/)
– E-commerce engine with rich module ecosystem. [Saleor](https://saleor.io/)
– Headless commerce platform with Python/GraphQL. [Bagisto](https://bagisto.com/en/)
– Laravel-based shopping cart and POS. [Magento Open Source](https://magento.com/products/magento-open-source)
– Enterprise-grade e-commerce. [Zen Cart](https://www.zen-cart.com/)
– PHP-based customizable storefront. [Odoo eCommerce](https://www.odoo.com/page/ecommerce)
– Store builder inside Odoo ERP.
###
[](https://martian1337.gitbook.io/notes/cyber-entreprenuership/open-source-business-and-saas-tools#accounting-and-finance)
Accounting & Finance
[GnuCash](https://www.gnucash.org/)
– Accounting for small business and personal finance. [TurboCASH](https://turbocash.net/)
– SME accounting with reporting and invoicing. [xTuple](https://xtuple.com/)
– ERP including accounting, CRM, inventory. [Invoice Ninja](https://www.invoiceninja.com/)
– Invoicing and billing for freelancers/SMBs. [Firefly III](https://www.firefly-iii.org/)
– Personal finance and expense management.
###
[](https://martian1337.gitbook.io/notes/cyber-entreprenuership/open-source-business-and-saas-tools#hr-and-payroll)
HR & Payroll
[Sentrifugo](https://www.sentrifugo.com/)
– HRMS with employee, appraisal, and recruitment tools. [OrangeHRM](https://www.orangehrm.com/open-source/)
– Recruitment, leave, and performance tracking platform. [Odoo HR](https://www.odoo.com/app/employees)
– HR management in the Odoo suite.
###
[](https://martian1337.gitbook.io/notes/cyber-entreprenuership/open-source-business-and-saas-tools#project-management-and-collaboration)
Project Management & Collaboration
[OpenProject](https://www.openproject.org/)
– Agile and classic project management for teams. [Taiga](https://www.taiga.io/)
– Scrum/Kanban project boards. [Focalboard](https://www.focalboard.com/)
– Open source Trello alternative for task management. [WeKan](https://wekan.github.io/)
– Collaborative Kanban boards. [Kanboard](https://kanboard.org/)
– Minimal Kanban with automation. [AppFlowy](https://www.appflowy.io/)
– Notion-style workspace for docs and tasks. [Penpot](https://penpot.app/)
– Collaborative design and prototyping.
###
[](https://martian1337.gitbook.io/notes/cyber-entreprenuership/open-source-business-and-saas-tools#helpdesk-and-support)
Helpdesk & Support
[Zammad](https://zammad.org/)
– Modern helpdesk platform with ticket management. [Faveo Helpdesk](https://www.faveohelpdesk.com/open-source/)
– Ticketing system for businesses. [FreeScout](https://freescout.helpdesk.io/)
– Shared inbox and helpdesk management.
###
[](https://martian1337.gitbook.io/notes/cyber-entreprenuership/open-source-business-and-saas-tools#knowledge-management-and-docs)
Knowledge Management & Docs
[Wiki.js](https://js.wiki/)
– Modern Node.js wiki with various data sources. [BookStack](https://www.bookstackapp.com/)
– Documentation and knowledge base platform. [XWiki](https://www.xwiki.org/)
– Feature-rich enterprise wiki, Confluence alternative.
###
[](https://martian1337.gitbook.io/notes/cyber-entreprenuership/open-source-business-and-saas-tools#team-communication)
Team Communication
[Mattermost](https://mattermost.com/)
– Secure, self-hosted team chat. [Rocket.Chat](https://rocket.chat/)
– Customizable chat with audio/video. [Zulip](https://zulip.com/)
– Threaded team chat solution. [Jitsi](https://jitsi.org/)
– Encrypted video calling and conferencing. [Element](https://element.io/)
– Matrix-based secure messenger for teams.
###
[](https://martian1337.gitbook.io/notes/cyber-entreprenuership/open-source-business-and-saas-tools#cms-and-website-builders)
CMS & Website Builders
[WordPress](https://wordpress.org/)
– Leading CMS with plugin ecosystem. [Ghost](https://ghost.org/)
– Publishing and newsletter platform. [Strapi](https://strapi.io/)
– Headless CMS for API-driven content. [Webstudio](https://webstudio.so/)
– No-code responsive website builder.
###
[](https://martian1337.gitbook.io/notes/cyber-entreprenuership/open-source-business-and-saas-tools#automation-and-integration)
Automation & Integration
[n8n](https://n8n.io/)
– Workflow automation for business data. [Appsmith](https://appsmith.com/)
– Low-code builder for internal apps.
###
[](https://martian1337.gitbook.io/notes/cyber-entreprenuership/open-source-business-and-saas-tools#security-and-password-management)
Security & Password Management
[Bitwarden](https://bitwarden.com/)
– Encrypted password manager for individuals and teams.
###
[](https://martian1337.gitbook.io/notes/cyber-entreprenuership/open-source-business-and-saas-tools#ai-low-code-and-emerging-tools)
AI, Low-Code & Emerging Tools
[Budibase](https://budibase.com/)
– Low-code platform for building business web apps. [Activepieces](https://activepieces.com/)
– Automation similar to Zapier, open source. [Eidolon AI](https://eidolon-ai.com/)
– AI-powered software development automation. [MindsDB](https://mindsdb.com/)
– Machine learning integration for applications and databases. [Mistral Devstral](https://mistral.ai/)
– Open source LLM toolkit for developers. [Grist](https://www.getgrist.com/)
– Spreadsheet-database hybrid for business data. [Plane](https://plane.dev/)
– Project and issue tracking for teams. [Documenso](https://documenso.com/)
– Document signing and management. [Dub.co](https://dub.co/)
– URL management and shortening for marketing.
[PreviousStarting a Business](https://martian1337.gitbook.io/notes/cyber-entreprenuership/entrepreneurship-roadmaps/starting-a-business)
Last updated 8 months ago
* [Cloud Infrastructure & Virtualization Platforms](https://martian1337.gitbook.io/notes/cyber-entreprenuership/open-source-business-and-saas-tools#cloud-infrastructure-and-virtualization-platforms)
* [Storage Solutions](https://martian1337.gitbook.io/notes/cyber-entreprenuership/open-source-business-and-saas-tools#storage-solutions)
* [Infrastructure as Code (IaC)](https://martian1337.gitbook.io/notes/cyber-entreprenuership/open-source-business-and-saas-tools#infrastructure-as-code-iac)
* [Remote Access](https://martian1337.gitbook.io/notes/cyber-entreprenuership/open-source-business-and-saas-tools#remote-access)
* [CI/CD & DevOps Automation](https://martian1337.gitbook.io/notes/cyber-entreprenuership/open-source-business-and-saas-tools#ci-cd-and-devops-automation)
* [DevSecOps & Security](https://martian1337.gitbook.io/notes/cyber-entreprenuership/open-source-business-and-saas-tools#devsecops-and-security)
* [Monitoring & Observability](https://martian1337.gitbook.io/notes/cyber-entreprenuership/open-source-business-and-saas-tools#monitoring-and-observability)
* [Networking Tools](https://martian1337.gitbook.io/notes/cyber-entreprenuership/open-source-business-and-saas-tools#networking-tools)
* [ERP & Business Management](https://martian1337.gitbook.io/notes/cyber-entreprenuership/open-source-business-and-saas-tools#erp-and-business-management)
* [CRM & Sales](https://martian1337.gitbook.io/notes/cyber-entreprenuership/open-source-business-and-saas-tools#crm-and-sales)
* [Marketing & Email Automation](https://martian1337.gitbook.io/notes/cyber-entreprenuership/open-source-business-and-saas-tools#marketing-and-email-automation)
* [E-Commerce & POS](https://martian1337.gitbook.io/notes/cyber-entreprenuership/open-source-business-and-saas-tools#e-commerce-and-pos)
* [Accounting & Finance](https://martian1337.gitbook.io/notes/cyber-entreprenuership/open-source-business-and-saas-tools#accounting-and-finance)
* [HR & Payroll](https://martian1337.gitbook.io/notes/cyber-entreprenuership/open-source-business-and-saas-tools#hr-and-payroll)
* [Project Management & Collaboration](https://martian1337.gitbook.io/notes/cyber-entreprenuership/open-source-business-and-saas-tools#project-management-and-collaboration)
* [Helpdesk & Support](https://martian1337.gitbook.io/notes/cyber-entreprenuership/open-source-business-and-saas-tools#helpdesk-and-support)
* [Knowledge Management & Docs](https://martian1337.gitbook.io/notes/cyber-entreprenuership/open-source-business-and-saas-tools#knowledge-management-and-docs)
* [Team Communication](https://martian1337.gitbook.io/notes/cyber-entreprenuership/open-source-business-and-saas-tools#team-communication)
* [CMS & Website Builders](https://martian1337.gitbook.io/notes/cyber-entreprenuership/open-source-business-and-saas-tools#cms-and-website-builders)
* [Automation & Integration](https://martian1337.gitbook.io/notes/cyber-entreprenuership/open-source-business-and-saas-tools#automation-and-integration)
* [Security & Password Management](https://martian1337.gitbook.io/notes/cyber-entreprenuership/open-source-business-and-saas-tools#security-and-password-management)
* [AI, Low-Code & Emerging Tools](https://martian1337.gitbook.io/notes/cyber-entreprenuership/open-source-business-and-saas-tools#ai-low-code-and-emerging-tools)
---
# SAST/SCA | Martian Defense NoteBook
For the complete documentation index, see [llms.txt](https://martian1337.gitbook.io/notes/llms.txt)
. This page is also available as [Markdown](https://martian1337.gitbook.io/notes/notes/product-security-engineering/sast-sca.md)
.
[How to setup a GitHub Action for Code Security analysis](https://martian1337.gitbook.io/notes/notes/product-security-engineering/sast-sca/how-to-setup-a-github-action-for-code-security-analysis)
[JavaScript Security Analysis](https://martian1337.gitbook.io/notes/notes/product-security-engineering/sast-sca/javascript-security-analysis)
[Java Security 101](https://martian1337.gitbook.io/notes/notes/product-security-engineering/sast-sca/java-security-101)
[Tools](https://martian1337.gitbook.io/notes/notes/product-security-engineering/sast-sca/static-code-analysis)
[CodeQL for Beginners](https://martian1337.gitbook.io/notes/notes/product-security-engineering/sast-sca/codeql-for-beginners)
[PreviousHow to Dockerize Applications with Docker Compose (Using SQLite and Flask)](https://martian1337.gitbook.io/notes/notes/product-security-engineering/devsecops/docker/how-to-dockerize-applications-with-docker-compose-using-sqlite-and-flask)
[NextHow to setup a GitHub Action for Code Security analysis](https://martian1337.gitbook.io/notes/notes/product-security-engineering/sast-sca/how-to-setup-a-github-action-for-code-security-analysis)
Last updated 1 year ago
---
# Mobile Checklist | Martian Defense NoteBook
For the complete documentation index, see [llms.txt](https://martian1337.gitbook.io/notes/llms.txt)
. This page is also available as [Markdown](https://martian1337.gitbook.io/notes/notes/cheatsheets/capture-the-flag-training/mobile-checklist.md)
.
###
[](https://martian1337.gitbook.io/notes/notes/cheatsheets/capture-the-flag-training/mobile-checklist#setup-and-environment-preparation)
**Setup and Environment Preparation:**
* Set up a controlled environment: Use emulators (like Android Studio's emulator for Android or Corellium for iOS) or real devices.
* Install necessary tools for mobile analysis (e.g., adb for Android, Cydia for jailbroken iOS).
###
[](https://martian1337.gitbook.io/notes/notes/cheatsheets/capture-the-flag-training/mobile-checklist#initial-assessment)
**Initial Assessment:**
* Identify the type of application (Android APK or iOS IPA).
* Install the application on your device or emulator.
###
[](https://martian1337.gitbook.io/notes/notes/cheatsheets/capture-the-flag-training/mobile-checklist#static-analysis)
**Static Analysis:**
* For Android:
* Decompile the APK using tools like apktool or jadx.
* Review the manifest file for permissions, activities, services, and receivers.
* Examine the decompiled source for sensitive information (API keys, URLs, etc.).
* For iOS:
* Extract the IPA contents and analyze plist files.
* Use tools like class-dump to understand the class structures.
###
[](https://martian1337.gitbook.io/notes/notes/cheatsheets/capture-the-flag-training/mobile-checklist#dynamic-analysis)
**Dynamic Analysis:**
* Monitor and analyze the app's runtime behavior.
* Use tools like Frida or Objection for hooking into running processes and manipulating function calls and data.
* Monitor network traffic with Wireshark or Burp Suite.
**Data Storage Analysis:**
* Check how the application stores data locally.
* For Android, examine SQLite databases, shared preferences, or files in the app's directory.
* For iOS, inspect SQLite databases, plist files, and the Keychain.
**Reverse Engineering and Code Analysis:**
* Analyze the code for vulnerabilities such as hard-coded secrets, insecure communication, or improper validation checks.
* Reverse engineer any custom algorithms or obfuscated code.
**Network Analysis:**
* Intercept and analyze network traffic to understand API calls.
* Look for insecure API endpoints, data leakage, or hard-coded API keys.
**Cryptanalysis (if applicable):**
* Identify and analyze the usage of cryptographic functions.
* Test for weak or broken cryptography.
**Authentication and Session Management Testing:**
* Test for broken authentication mechanisms.
* Analyze session management for vulnerabilities.
**Client-side Analysis:**
* Inspect client-side validation routines.
* Test for client-side injection vulnerabilities (e.g., JavaScript or SQL injection).
**Permissions and Exposures:**
* Review the app’s permissions for any unnecessary access.
* Check for exposed content providers (Android) or URL schemes (iOS).
**Reporting and Documentation:**
* Document your findings, including how vulnerabilities can be exploited and potential mitigation strategies.
* Prepare a detailed report if required.
###
[](https://martian1337.gitbook.io/notes/notes/cheatsheets/capture-the-flag-training/mobile-checklist#cleanup)
**Cleanup:**
* After analysis, ensure to remove the application and any associated data from your testing environment.
[PreviousMagic Bytes](https://martian1337.gitbook.io/notes/notes/cheatsheets/capture-the-flag-training/reverse-engineering-checklist/magic-bytes)
[NextForensics Checklist](https://martian1337.gitbook.io/notes/notes/cheatsheets/capture-the-flag-training/forensics-checklist)
Last updated 6 months ago
* [Setup and Environment Preparation:](https://martian1337.gitbook.io/notes/notes/cheatsheets/capture-the-flag-training/mobile-checklist#setup-and-environment-preparation)
* [Initial Assessment:](https://martian1337.gitbook.io/notes/notes/cheatsheets/capture-the-flag-training/mobile-checklist#initial-assessment)
* [Static Analysis:](https://martian1337.gitbook.io/notes/notes/cheatsheets/capture-the-flag-training/mobile-checklist#static-analysis)
* [Dynamic Analysis:](https://martian1337.gitbook.io/notes/notes/cheatsheets/capture-the-flag-training/mobile-checklist#dynamic-analysis)
* [Cleanup:](https://martian1337.gitbook.io/notes/notes/cheatsheets/capture-the-flag-training/mobile-checklist#cleanup)
---
# Dashboards | Martian Defense NoteBook
For the complete documentation index, see [llms.txt](https://martian1337.gitbook.io/notes/llms.txt)
. This page is also available as [Markdown](https://martian1337.gitbook.io/notes/notes/defensive-security/splunk/dashboards.md)
.
[](https://martian1337.gitbook.io/notes/notes/defensive-security/splunk/dashboards#splunk-dashboards)
Splunk Dashboards
----------------------------------------------------------------------------------------------------------------------------
IPS High Risk Alert Not Blocked. Below is an example using Palo Alto Networks (PAN) IPS
Copy
index=pan sourcetype="pan:threat" ",threat," (critical OR high) (severity=critical OR severity=high) action!="blocked" action!="dropped" | bucket span=1h _time | stats values(signature) as signature mode(dest) as dest values(dest_port) as dest_port values(file_name) as file_name values(file_hash) as file_hash count by _time, src, severity, action | eval signature=mvjoin(signature," , ") | eval dest_port=mvjoin(dest_port," , ") | eval file_name=mvjoin(file_name," , ") | eval file_hash=mvjoin(file_hash," , ")
DOS- Firewall Large number of DENIED Connections by Firewall
Copy
| tstats summariesonly=1 allow_old_summaries=1 count from datamodel=Network_Traffic.All_Traffic where All_Traffic.action="blocked" sourcetype=* AND host=* by All_Traffic.dvc host _time span=1h | rename All_Traffic.dvc AS dvc | eval dvc=if(dvc="unknown",host,dvc) | timechart span=1h sum(count) by dvc
Detect Many Unauthorized Access Attempts
Copy
| `Load_Sample_Log_Data(Windows Logons with Failure Codes)` | search Failure_Reason=* Status=0xC000015B
Data Exfiltration - Suspicious Destinations
Copy
| tstats summariesonly=1 allow_old_summaries=1 sum(All_Traffic.bytes) as bytes dc(All_Traffic.src) as "Unique Sources" from datamodel=Network_Traffic.All_Traffic where host=* by _time span=1h All_Traffic.dest
| rename All_Traffic.* as *
| eval MBytes=round(bytes/1024/1024,2)
| eventstats dc(_time) as Frequency by dest
| eval Risk=round(MBytes/(pow(Frequency,Frequency))/'Unique Sources')
| sort - Risk
| head 250
| iplocation dest
| fillnull value="" Country
| table _time, Risk, dest, "Unique Sources", MBytes, Country
Detects when the number of successful Windows logon events are more than the daily average for a user account
Unusual Traffic by Volume
Suspiciously High Process Creation
Network Traffic from Rare Countries
Failed Login Attempts from a Single Source
Frequency of Rare Windows Events
Detection of SQL Injection
Top Accessed Internal Systems
Anomaly in Number of Connections to a Host
Unique Domains Requested by Host
Suspicious Executables Downloaded
Unusual Increase in Network Traffic
Unexpected System Changes
Unknown Processes Running on Critical Servers
Unusual Database Activities
Failed Connections to Important Services
High Traffic on Non-Standard Ports
Connections to Blacklisted IPs
Multiple VPN Logins from Same User but Different Locations
File Access Patterns
Attempts to Access Unusual URLs
Outgoing Traffic To Blacklisted Domains
Unique Connections by Non-Standard Ports
Spike in Error Logs
Longest Running User Sessions
Suspicious Database Transactions
Unknown USB Device Connections
Multiple Failed SSH Attempts
Most Common Firewall Deny Events
Processes Consuming High CPU
Rarely Accessed File Shares
DNS Tunneling Detection
Malware Detection Based on User Agent Strings
File Changes on Critical Systems
Abnormal Account Lockouts
Excessive Data Sent to External IPs
Unusual Server Reboot
Suspicious PowerShell Commands
Multiple File Changes by a User
Inbound Connections from TOR Network
Unusual Print Activities
User Account Anomalies
Unusual Command Execution
Outbound Traffic to High-Risk Countries
Large Number of Failed Database Queries
Unusual System Service Behavior
Uncommon Firewall Rule Modifications
Large Number of Login Failures from Single IP
Suspicious File Access Patterns
Abnormal Process Behavior
Outliers in Network Bandwidth Usage
[PreviousBasic Queries](https://martian1337.gitbook.io/notes/notes/defensive-security/splunk/basic-queries)
[NextForensics](https://martian1337.gitbook.io/notes/notes/defensive-security/forensics)
Last updated 1 year ago
Copy
index=windows EventCode=4624 | eval user=lower(Account_Name) | timechart span=1d avg(count) as daily_avg by user | where count > daily_avg
Copy
index=firewall sourcetype=access_combined | bucket span=1h _time | stats sum(bytes_out) as sum_bytes by _time, src_ip | streamstats avg(sum_bytes) as avg stdev(sum_bytes) as stdev by src_ip | eval isOutlier=if(sum_bytes > (avg + (4*stdev)), 1, 0) | search isOutlier=1
Copy
index=os_logs sourcetype=WinEventLog:Security EventCode=4688 | timechart span=1h count as process_start by host | where process_start > avg(process_start)*2
Copy
index=firewall | iplocation src_ip | stats count by Country | eventstats sum(count) as total | eval percentage=(count/total)*100 | where percentage < 1
Copy
index=authentication sourcetype="linux_secure" | search failed password | stats count by src_ip | eventstats avg(count), stdev(count) | where count > avg(count) + 4*stdev(count)
Copy
index=wineventlog | stats count by EventCode | eventstats sum(count) as total | eval percentage=(count/total)*100 | where percentage < 1 | sort - percentage
Copy
index=web sourcetype=access_combined action=200 uri="*.php*" | rex field=uri "(?i)(union select|select(.+)from|waitfor delay|' OR ')" | search uri=* | table _time, clientip, uri
Copy
index=firewall action=success | top limit=20 src_ip | table _time, src_ip, count
Copy
index=network sourcetype=cisco:asa dest_ip=* | bucket _time span=1h | stats count by _time, dest_ip | eventstats avg(count) as avg stdev(count) as stdev by dest_ip | eval isOutlier=if(count > (avg + (4*stdev)), 1, 0) | search isOutlier=1
Copy
index=dns_logs | stats dc(query) as unique_domains by src_ip | eventstats avg(unique_domains) as avg stdev(unique_domains) as stdev | where unique_domains > avg + 4*stdevspl
Copy
index=proxy_logs action=download status=200 | rex field=file_path "\.(?\w+)$" | where file_extension IN ("exe", "dll", "bat", "ps1") | stats count by src_ip, file_path
Copy
index=network_logs | bucket _time span=1h | stats sum(bytes) as sum_bytes by _time | streamstats avg(sum_bytes) as avg stdev(sum_bytes) as stdev | eval isOutlier=if(sum_bytes > (avg + (4*stdev)), 1, 0) | search isOutlier=1
Copy
index=syslog_changes sourcetype=syslog | stats values(change) as changes by host, user | search changes=* AND changes!=expected_value
Copy
index=server_logs server=critical_server | stats values(process_name) as process_list by user | search process_name NOT IN (list_of_known_processes)spl
Copy
index=db_logs action=insert OR action=delete | timechart span=1h count by action | where count > avg(count)*2
Copy
index=network_logs sourcetype=cisco:asa action=failure service=important_service | stats count by src_ip, dest_ip | sort - count
Copy
index=network_logs | where NOT (port IN (80, 443, 21, 22)) | stats sum(bytes) as total_bytes by port | sort - total_bytes
Copy
index=firewall_logs | lookup ip_blacklist.csv ip as dest_ip OUTPUT description as threat_type | where isnotnull(threat_type)
Copy
index=vpn_logs | iplocation src_ip | stats count by user, Country | where count > 1
Copy
index=filesystem_logs action=accessed | stats count by user, file_path | eventstats avg(count) as avg, stdev(count) as stdev by file_path | where count > avg + 4*stdev
Copy
index=web_logs sourcetype=access_combined status=404 | top limit=10 uri | table _time, uri, count
Copy
index=proxy_logs NOT [inputlookup domain_blacklist.csv] | top limit=20 src_ip | table _time, src_ip, count
Copy
index=network_logs NOT (port IN (80, 443, 21, 22)) | stats dc(dest_ip) as unique_connections by src_ip, port | where unique_connections > 20
Copy
index=system_logs level=error | timechart span=1h count as error_count | where error_count > avg(error_count) + 4*stdev(error_count)
Copy
index=system_logs level=error | timechart span=1h count as error_count | where error_count > avg(error_count) + 4*stdev(error_count)
Copy
index=db_logs action=transaction | stats sum(amount) as total_amount by user | where total_amount > avg(total_amount) + 4*stdev(total_amount)
Copy
index=device_logs sourcetype=usb:* | search NOT [inputlookup known_devices.csv] | table _time, device_id, host
Copy
index=ssh_logs eventtype=ssh_failure | stats count by src_ip | where count > 5
Copy
index=firewall_logs action=deny | top limit=10 src_ip | table _time, src_ip, count
Copy
index=system_logs sourcetype=top:CPU | where percent_cpu > 80 | table _time, process_name, percent_cpu
Copy
index=sharepoint_logs | stats count by file_path | where count < 5 | table _time, file_path, count
Copy
index=dns_logs | stats count by src_ip, query | where count > 100 | table _time, src_ip, query, count
Copy
index=proxy_logs | search [inputlookup malware_user_agents.csv] | table _time, src_ip, user_agent
Copy
index=filesystem_logs host=critical_system | stats count by file_path | where count > 10 | table _time, file_path, count
Copy
index=authentication_logs eventtype=account_lockout | stats count by user | where count > avg(count) + 4*stdev(count)
Copy
index=firewall_logs direction=outbound | stats sum(bytes) as total_bytes by dest_ip | where total_bytes > 1000000 | table _time, dest_ip, total_bytes
Copy
index=system_logs eventtype=system_reboot | stats count by host | where count > avg(count) + 4*stdev(count)
Copy
index=powershell_logs | search [inputlookup suspicious_powershell_commands.csv] | table _time, user, command
Copy
index=file_change_logs | stats count by user, file_path | where count > 5 | table _time, user, file_path, count
Copy
index=firewall_logs direction=inbound | lookup tor_exit_nodes.csv src_ip OUTPUT description as threat_type | where isnotnull(threat_type)
Copy
index=printer_logs | stats count by user, printer_name | where count > avg(count) + 4*stdev(count) | table _time, user, printer_name, countlu
Copy
index=authentication_logs | stats count by user | eventstats avg(count) as avg stdev(count) as stdev by user | where count > avg + 3*stdev | table _time, user, count
Copy
index=command_logs | stats count by user, command | where count > 10 | table _time, user, command, count
Copy
index=network_logs direction=outbound | iplocation dest_ip | stats count by dest_country | where count > 100 | table _time, dest_country, count
Copy
index=database_logs status=failed | stats count by user, query | where count > 50 | table _time, user, query, count
Copy
index=system_logs sourcetype=service_logs | stats count by service_name | where count > 100 | table _time, service_name, count
Copy
index=firewall_logs eventtype=rule_change | stats count by user, rule_name | where count > 5 | table _time, user, rule_name, count
Copy
index=authentication_logs | stats count by src_ip | where count > 20 | table _time, src_ip, count
Copy
index=file_access_logs | stats count by user, file_path | where count > 10 | table _time, user, file_path, count
Copy
index=process_logs | stats count by process_name | where count > 100 | table _time, process_name, count
Copy
index=network_logs | timechart span=1h sum(bytes) as total_bytes by src_ip | eventstats avg(total_bytes) as avg stdev(total_bytes) as stdev by src_ip | eval isOutlier=if(total_bytes > (avg + (3*stdev)), 1, 0) | search isOutlier=1 | table _time, src_ip, total_bytes
---
# Consulting | Martian Defense NoteBook
For the complete documentation index, see [llms.txt](https://martian1337.gitbook.io/notes/llms.txt)
. This page is also available as [Markdown](https://martian1337.gitbook.io/notes/cyber-entreprenuership/entrepreneurship-roadmaps/consulting.md)
.
###
[](https://martian1337.gitbook.io/notes/cyber-entreprenuership/entrepreneurship-roadmaps/consulting#consider-your-skills-workstyle-and-lifestyle)
**Consider your skills, workstyle and lifestyle**
**Goal:** To feel confident that you have the skills needed to be a successful consultant, and feel comfortable that you can make the necessary professional and personal life adjustments.
**Questions to ask:**
* How do my skills and abilities lend themselves to consulting?
* What support systems are currently available to me?
* What is my desired work style?
* What is my desired lifestyle?
* How will my changed lifestyle affect other members of my household? My personal and family finances?
* Does my financial situation support consulting?
###
[](https://martian1337.gitbook.io/notes/cyber-entreprenuership/entrepreneurship-roadmaps/consulting#explore-consulting)
Explore Consulting
**Goal:** Decide that it’s worth the time and effort to take your idea to the next step, or realize that consulting is wrong for you.
If you have no prior consulting experience, you may want to look into Internet resources, books, magazines, and workshops. [SCORE](http://score.org/)
and the [Small Business Administration](http://sba.gov/)
offer very good and free advice.
Questions to ask:
* What was (is) your greatest challenge?
* What worked for you when you started consulting?
* What would you do differently?
* What do you think of my consulting idea? Is it a viable business idea?
* How well do you think consulting fits with my skills?
* What do you think will be my greatest challenge?
_Note:_ Keep in mind that finding potential clients and actually selling consulting engagements is the biggest single challenge for most first time consultants. Ask them about this specifically.
###
[](https://martian1337.gitbook.io/notes/cyber-entreprenuership/entrepreneurship-roadmaps/consulting#create-your-board-of-advisors)
Create Your Board of Advisors
**Goal:** Line up three to six people who will provide straight advice to you, especially in areas where your skills are less developed.
You may meet with your entire board of advisors occasionally, but you will generally call on them individually for specific advice in their area of specialty. Some of your advisors will be paid. You may trade out services with others, and some may provide services free of charge. But make sure that the free advice is worth more than every penny you spend on it.
**Questions to ask:**
* Does the advisor have experience in an area where I need assistance?
* If the advisor charges fees, are they appropriate?
* Do I feel comfortable with the advisor? Will the person be objective, willing to say no to unsound ideas, and speak up about tough or critical issues?
* Which of the following specialties should I consider for my board of advisors?
* accountant
* attorney
* commercial banker
* financial planner
* insurance specialist
* independent sale representative
* marketing consultant
* seasoned businessperson
* contacts in potential client organizations
* strategic associates in other consulting businesses
###
[](https://martian1337.gitbook.io/notes/cyber-entreprenuership/entrepreneurship-roadmaps/consulting#define-your-business)
Define Your Business
**Goal:** Get three knowledgeable people to agree that your business definition is clear, market appropriate, and potentially viable.
**Questions to ask:**
* Exactly what consulting services will I offer?
* What is my target market (e. g., industries, locations, size) for these services?
* Who are my ideal clients (job titles, ages, interests, concerns)? What are their needs?
* What will my clients see as the benefits of my services?
* What is my USP? How will it motivate these clients?
* What will I name my business? Does it reflect my USP? Will it age well with my business?
###
[](https://martian1337.gitbook.io/notes/cyber-entreprenuership/entrepreneurship-roadmaps/consulting#research-the-marketplace)
Research the Marketplace
**Goal:** Identify at least three potential clients and determine that they might be in the market for your services.
**Questions to ask:**
* What are some of my target companies/potential clients? Do I have contacts in any of them? Friends? How many?
* What are the major trends impacting my clients and my business? What might the future trends be?
* What are my clients’ needs? What are their wants?
* What do they buy now? What else might they buy? Who do they buy from now? What would it take for me to get business from them?
* What do they pay? What will they pay?
* When do they buy? Why?
* How do they make buying decisions?
* How can I get new referrals from my clients?
* What is my niche in the market? Is my USP appealing to my prospective clients?
* What kind of services do clients expect of me? What kind of services would satisfy or even delight them?
###
[](https://martian1337.gitbook.io/notes/cyber-entreprenuership/entrepreneurship-roadmaps/consulting#search-out-the-competition)
Search Out the Competition
**Goal:** Identify at least three competitors, know how they compete, and know how you can compete against them.
Study competitive information, such as their publications, promotional brochures and websites. If necessary, refine your business definition and unique selling proposition based on the information you have acquired from this research.
**Questions to ask:**
* What is my competition offering?
* How are they positioning their services? What is their sales proposition?
* How do they price their services?
* How well established are they with their clients?
* What are my strengths and weaknesses in comparison?
* What is my USP in relation to competition? How do I differentiate my capabilities versus theirs?
* Is my USP an effective competitive tool?
* If I were the buyer, from whom would I buy?
* Is there room in the marketplace for additional competition?
###
[](https://martian1337.gitbook.io/notes/cyber-entreprenuership/entrepreneurship-roadmaps/consulting#set-your-pricing)
Set Your Pricing
**Goal:** Establish fees that are competitive and in line with your skills and income needs.
A rule of thumb in consulting is that at least one-third of your time goes to marketing, sales, preparation, administration, and other non-billable activities. Therefore, count on at least one-third of your time selling and only two-thirds (or less) delivering billable services. With good contacts or a strong reputation, you may need less sales time.
On the other hand, if you are starting out cold with no immediate clients, you will be in full time sales initially, with no income. You will want to ease that down to 50%, which is standard in some forms of consulting.
**Questions to ask:**
* How many billable days will I have (or do I want to have), and what revenue do I need to generate?
* What overhead expenses can I anticipate?
* How does the rate I calculate compare to the going rate for services like mine?
* Will I bill hourly? Daily? By project?
* What kind of proposals or quotations are the norm? In what format? How will I cost out estimates and live by them?
* What expenses can I pass on to my clients (such as travel, perhaps)?
###
[](https://martian1337.gitbook.io/notes/cyber-entreprenuership/entrepreneurship-roadmaps/consulting#develop-your-business-plan)
Develop Your Business Plan
**Goal:** A business plan that passes the scrutiny of your board of advisors (or other knowledgeable and objective advisors).
A simple business plan for your consulting practice increases your probability of success, because it compels you to articulate the key success factors underlying your business.
There are many print and electronic sources available, including actual plan templates.
Here are some standard elements of a business plan. You can construct on your own.
* **Business definition:** Define your services, target market, and unique selling proposition.
* **Fee schedule:** Decide what you will charge, and why. Is there a pricing strategy that needs explanation? Can you charge your customers for results rather than billing for time expended? Can you bill for travel?
* **Competition:** Know who else your prospective clients are likely to consider as alternatives to you. What are your competitors’ strengths and how will you counter them? What are their weaknesses and how will you exploit them?
* **Marketing and sales strategy:** Decide how you will communicate with prospective clients — using the market positioning you have selected — and how you will convert them and close the sale.
* **Implementation schedule:** Scope out what you need to do to get your practice operational.
* **Revenue, expense and cash flow projections:** You may want to run these numbers, just as you would for any new venture. But know that they will change.
**Questions to ask:**
* Does your business idea require funding? If it does, you’ll need revenue, expense, and cash flow projections over the period of the loan.
* Does your business definition, target market, and unique selling proposition stand out clearly? If the language is vague, murky, loaded with euphemisms, you need to revise it. Get others to read it and (forthrightly) comment on it.
* How will you compete in your chosen market? On what basis? How are your services differentiated from your competition? What are the key factors that will drive your success?
* Ask yourself: would I invest in the business summarized in this plan? Get members of your advisory board review it and ask the same question. Even if there’s little monetary risk, you are planning to make a major investment of your time and energy. Objectively, it should look like the right move to you, and to others.
###
[](https://martian1337.gitbook.io/notes/cyber-entreprenuership/entrepreneurship-roadmaps/consulting#establish-business-systems-and-processes)
Establish Business Systems and Processes
**Goal:** Establish adequate systems and procedures to get started, and know what you’ll add on as you are able.
Even a small consulting business needs systems and procedures, and the earlier you establish yours, the more prepared you will be to manage your consulting practice effectively. You should have systems and processes that track your sales efforts, work projects, and finances in a systematic way, week to week, month to month and year to year.
To ensure peace of mind and avoid problems with the IRS, meet with an accountant before you launch the business to determine if it will operate on a cash or accrual basis, set up systems and processes to manage the finances of your business. Establish a chart of accounts to identify and track expenses. Get your accountant's guidance on expenses (such as professional memberships and subscriptions) that might legitimately be run through your business. Open a business bank account. And consider purchasing some software (suggestions listed below) to keep your affairs straight.
You should also consult with an attorney on the forms of business organization (sole proprietorship, limited liability corporation, etc.), and on liability and any other issues that may be relevant. Consider whether you need insurance, such as Errors and Omissions coverage.
Will you need a website and help putting it together? Will you need a license to do business in the city or town where your business is located? Do you need to register your business and its name with the state, city or county clerk?
Many consultants start their businesses in a bedroom, but move to professional space when they can afford to. If you do not have an office appropriate to the consulting practice you have in mind, work on securing that space, and the necessary equipment and supplies.
Your board of advisors (or the consultants you contacted earlier) may help you with space and equipment decisions. They may also know where to get good prices on equipment and low cost space.
The following are some considerations. Establish systems and processes, such as:
* Recordkeeping, billing, project planning
* Correspondence, proposal development, mailings (print or electronic)
* Financial statements, tax records, cash flow
* Benefits (e. g., health insurance, disability, retirement accounts)
* Submit any required filings, and obtain any required licenses, permits, and insurance
* Acquire the necessary equipment and supplies, such as furniture, computer, printer, Internet service provider, telephone(s), wireless capability, stationery, business cards, and office supplies.
###
[](https://martian1337.gitbook.io/notes/cyber-entreprenuership/entrepreneurship-roadmaps/consulting#market-and-sell-your-services)
Market and Sell Your Services
**Goal:** Get a paying client, then get more
Since you will need to contact prospects several times, it is important to develop a systematic way of communicating with them so they get to know your name and the nature of your business. You may also wish to use contact management software. A consistent, systematic approach to sales is the best way to expand your client base.
Your marketing materials should not just describe your business, but must speak to your clients’ needs. Like all communications, including your proposals, your marketing materials should clearly convey your unique selling proposition, and how this distinguishes you from competition.
But as good as your marketing materials are, the only thing that really matters is closing the sale. You know your services are good, but...
* Can you convince a prospective client?
* Can you resist the temptation to give away solutions before you close the sale?
* Can you overcome your client’s fear or resistance that blocks them from using you as a consultant?
* Can you ask for the order?
**Questions to ask:**
* What marketing materials do I need? (Possibilities: business cards, stationery, brochures, mailers, service descriptions, interactive website, portfolio, work samples, references, client list, case studies/success stories, your biography, proposal formats)
* How will I promote my business? (Possibilities: seeking a leadership position in a professional or industry association, writing articles, speaking engagements, direct mail, advertising, website)
* What marketing and sales methods will I use? (Possibilities: networking for information, leads, referrals and introductions, telemarketing, making sales calls and presentations)
* Do I know how to close a sale?
###
[](https://martian1337.gitbook.io/notes/cyber-entreprenuership/entrepreneurship-roadmaps/consulting#networking-to-make-good-career-choices)
Networking to Make Good Career Choices
There are a number of methods available for obtaining the career information you need to make good career choices. Libraries and the Internet are usually a good starting point. But it's important to move beyond them to real-time conversations with knowledgeable people. Networking is an essential intelligence-gathering activity:
* **Talk to personal contacts.** Identify friends and colleagues who might have knowledge of your skills and of the kind of work you've been doing. Ask about other professions in which they see you working in the future.
* **Talk to contacts in your industry.** Select two or three professional contacts inside your industry. Ask them what they believe the market is like for people who do what you do. Ask them to help you assess how up-to-date you are in your own skills. Talk with them about their views on the long-term viability of your profession. Ask them to help you understand what opportunities might exist for people with your skills at both larger and smaller organizations than the one you've just come from. Ask about other professions in which they see you working in the future.
* **Talk to contacts in other industries.** Locate two or three professional contacts outside your industry. Ask how the work you've been doing is performed in their industry. Ask about the skills and backgrounds of people who perform that kind of work in their industry. Ask them to help you assess the impact that technology has had (or will have) on your profession. Ask about other professions in which they see you working in the future.
* **Explore possible new professions.** Ask your personal and professional contacts to introduce you to people who are currently in a new profession that you might be considering. Ask those people about the state of their profession, how it is changing, how technology is impacting it. Talk to them about the "barriers to entry" and what would be required for you to "get from here to there." Talk to them about the everyday experience of their work. Ask them to help you assess what roadblocks you might face in making the transition and what you might be surprised to learn once you got there.
* **Use professional associations.** Contact the association that focuses on your profession or the profession you're considering. Ask them what kinds of materials they publish. Many do annual "state-of-the-profession" surveys, which can be extremely valuable to job seekers who are trying to get conversant in the challenges facing their own profession, or to learn about a new profession.
###
[](https://martian1337.gitbook.io/notes/cyber-entreprenuership/entrepreneurship-roadmaps/consulting#networking-to-obtain-salary-information)
Networking to obtain salary information
Using your network is a good way to obtain salary information. Here are four thought-starters.
* Identify friends and colleagues who might have knowledge of the kind of job you're targeting. Ask them what they believe the market can bear for a particular job. People may be uncomfortable talking about you personally. Instead, describe the job you're considering and the skills it requires. Ask them if they've ever used an online salary calculator that they thought was fairly accurate - if so, which one?
* Ask your professional contacts what they believe the market can bear for a particular job. Ask them what sources of salary information or benchmarks they use to determine fair range when they have a need to fill a position.
* Ask your professional contacts how salaries in a particular industry or at a specific company compare to the norm. Gather intelligence from your contacts about overall compensation-not just salary patterns-in your target industry or company. This kind of information will help you formulate your negotiation strategy later on.
* Contact the professional or industry association whose members have the kind of job you are targeting (it may not be the one to which you currently belong). Ask them if they publish a salary survey. If they don't, ask them who does. This technique yields results almost every time!
[PreviousEntrepreneurship Roadmaps](https://martian1337.gitbook.io/notes/cyber-entreprenuership/entrepreneurship-roadmaps)
[NextStarting a Business](https://martian1337.gitbook.io/notes/cyber-entreprenuership/entrepreneurship-roadmaps/starting-a-business)
Last updated 1 year ago
* [Consider your skills, workstyle and lifestyle](https://martian1337.gitbook.io/notes/cyber-entreprenuership/entrepreneurship-roadmaps/consulting#consider-your-skills-workstyle-and-lifestyle)
* [Explore Consulting](https://martian1337.gitbook.io/notes/cyber-entreprenuership/entrepreneurship-roadmaps/consulting#explore-consulting)
* [Create Your Board of Advisors](https://martian1337.gitbook.io/notes/cyber-entreprenuership/entrepreneurship-roadmaps/consulting#create-your-board-of-advisors)
* [Define Your Business](https://martian1337.gitbook.io/notes/cyber-entreprenuership/entrepreneurship-roadmaps/consulting#define-your-business)
* [Research the Marketplace](https://martian1337.gitbook.io/notes/cyber-entreprenuership/entrepreneurship-roadmaps/consulting#research-the-marketplace)
* [Search Out the Competition](https://martian1337.gitbook.io/notes/cyber-entreprenuership/entrepreneurship-roadmaps/consulting#search-out-the-competition)
* [Set Your Pricing](https://martian1337.gitbook.io/notes/cyber-entreprenuership/entrepreneurship-roadmaps/consulting#set-your-pricing)
* [Develop Your Business Plan](https://martian1337.gitbook.io/notes/cyber-entreprenuership/entrepreneurship-roadmaps/consulting#develop-your-business-plan)
* [Establish Business Systems and Processes](https://martian1337.gitbook.io/notes/cyber-entreprenuership/entrepreneurship-roadmaps/consulting#establish-business-systems-and-processes)
* [Market and Sell Your Services](https://martian1337.gitbook.io/notes/cyber-entreprenuership/entrepreneurship-roadmaps/consulting#market-and-sell-your-services)
* [Networking to Make Good Career Choices](https://martian1337.gitbook.io/notes/cyber-entreprenuership/entrepreneurship-roadmaps/consulting#networking-to-make-good-career-choices)
* [Networking to obtain salary information](https://martian1337.gitbook.io/notes/cyber-entreprenuership/entrepreneurship-roadmaps/consulting#networking-to-obtain-salary-information)
---
# Cheatsheets | Martian Defense NoteBook
For the complete documentation index, see [llms.txt](https://martian1337.gitbook.io/notes/llms.txt)
. This page is also available as [Markdown](https://martian1337.gitbook.io/notes/notes/cheatsheets.md)
.
This section collects curated **Hack The Box (HTB) Academy** cheatsheets designed to complement the Academy’s practical cybersecurity learning modules. These guides summarize key commands, workflows, and methodologies from core training topics, enabling students to quickly reference essential material during exercises or real-world penetration testing.
Each cheatsheet is derived from official HTB Academy content and is structured for clarity, conciseness, and ease of command-line use.
[PreviousVulnerability Management Lifecycle](https://martian1337.gitbook.io/notes/notes/governance-risk-compliance/vulnerability-management-lifecycle)
[NextWeb Security Testing](https://martian1337.gitbook.io/notes/notes/cheatsheets/web-security-testing)
Last updated 7 months ago
---
# Accessing Tor | Martian Defense NoteBook
For the complete documentation index, see [llms.txt](https://martian1337.gitbook.io/notes/llms.txt)
. This page is also available as [Markdown](https://martian1337.gitbook.io/notes/digital-privacy/opsec/accessing-tor.md)
.
**Overview:**
The Tor Project designs the Tor Browser specifically to prevent fingerprinting and leaks. Using it with Bridges is the most robust method for hiding Tor usage from ISPs and censorship.
* * *
###
[](https://martian1337.gitbook.io/notes/digital-privacy/opsec/accessing-tor#critical-hardware-and-environment-warnings)
⚠️ Critical Hardware & Environment Warnings
Before downloading or launching Tor, you must address physical hardware configurations that can uniquely identify you.
####
[](https://martian1337.gitbook.io/notes/digital-privacy/opsec/accessing-tor#id-1.-screen-resolution-and-external-monitors)
1\. Screen Resolution & External Monitors
* **The Risk:** The Tor Browser standardizes window sizes to prevent fingerprinting. However, connecting an **external monitor via HDMI** changes your system's total resolution and scaling. This creates a unique "dual-screen" fingerprint that can identify you as the only user with that specific setup.
* **The Solution:**
* **Do not maximize** the Tor Browser window. Keep it at the default size.
* **Do not move** the Tor Browser window to the external screen. Keep it on your primary/internal screen.
* **Best Practice:** Run the Tor Browser inside a **Virtual Machine (VM)** or boot into **Tails OS**. These environments isolate the browser from your physical hardware configuration, making the external monitor irrelevant to the browser's fingerprint.
####
[](https://martian1337.gitbook.io/notes/digital-privacy/opsec/accessing-tor#id-2.-wireless-peripherals-bluetooth)
2\. Wireless Peripherals (Bluetooth)
* **The Risk:** Bluetooth devices broadcast unique **MAC addresses**. While Tor Browser blocks the Web Bluetooth API, a compromised OS or a physical adversary nearby could scan for your specific device constellation (e.g., "Sony Headphones + Apple Watch").
* **The Solution:**
* **Turn OFF Bluetooth** on your host computer before starting the session.
* **Use Wired Peripherals:** Use wired headphones, mice, and keyboards. They do not broadcast signals or expose MAC addresses.
####
[](https://martian1337.gitbook.io/notes/digital-privacy/opsec/accessing-tor#id-3.-usb-dongles-rf-receivers)
3\. USB Dongles (RF Receivers)
* **The Risk:** Wireless headphones that use a **USB dongle** present a specific **Vendor ID** and **Product ID** to the OS. While Tor Browser blocks the Web USB API, the OS-level visibility of this unique hardware ID can contribute to a hardware fingerprint if your system is compromised or if you are using a non-hardened browser.
* **The Solution:**
* Unplug the Dongle: If you must use these headphones, unplug the dongle and use the wired mode (if available) or switch to wired headphones.
* Isolate via VM/Tails: If you must keep the dongle plugged in, run the Tor Browser inside a Virtual Machine or Tails OS. These environments do not expose the host's USB device tree to the browser session, effectively masking the dongle's identity.
* * *
###
[](https://martian1337.gitbook.io/notes/digital-privacy/opsec/accessing-tor#step-1-download-the-official-tor-browser)
Step 1: Download the Official Tor Browser
**Source:** Only download from [**https://www.torproject.org**](https://www.torproject.org/)
.
* **Why:** The Tor Browser is a hardened version of Firefox specifically engineered to prevent:
* **Fingerprinting:** It standardizes window size, user agent, and canvas rendering.
* **JavaScript Exploits:** It blocks or restricts scripts that try to identify your hardware.
* **DNS Leaks:** It forces all DNS requests through the Tor network.
* **Warning:** Do **NOT** use standard browsers (Chrome, Edge, standard Firefox) with manual proxy settings. They leak WebRTC, DNS, and hardware data that will compromise your anonymity.
* * *
###
[](https://martian1337.gitbook.io/notes/digital-privacy/opsec/accessing-tor#step-2-use-bridges-crucial-for-hiding-from-isp)
Step 2: Use "Bridges" (Crucial for Hiding from ISP)
If your ISP, workplace, or government blocks Tor, or if you want to hide the fact that you are using Tor entirely, you must use **Bridges**.
####
[](https://martian1337.gitbook.io/notes/digital-privacy/opsec/accessing-tor#how-to-configure-bridges)
How to Configure Bridges:
1. Open the **Tor Browser**.
2. On the initial connection screen, click **"Configure Connection"**.
3. Select **"My ISP blocks Tor"** or **"My ISP requires a bridge"**.
4. Choose **Obfs4** bridges.
* **How it works:** Obfs4 bridges obfuscate your traffic so it looks like random, meaningless noise to your ISP. They cannot distinguish it from regular encrypted traffic, making it extremely difficult to block or flag.
5. **Where to get them:**
* Request new bridges directly inside the Tor Browser settings.
* Visit [**https://bridges.torproject.org**](https://bridges.torproject.org/)
to get a bridge address and paste it into the settings.
* * *
###
[](https://martian1337.gitbook.io/notes/digital-privacy/opsec/accessing-tor#operational-security-opsec)
Operational Security (OpSec)
Even with the best tools, user behavior can break anonymity. Follow these rules strictly:
####
[](https://martian1337.gitbook.io/notes/digital-privacy/opsec/accessing-tor#id-1.-never-maximize-the-window)
1\. Never Maximize the Window
* **Rule:** Keep the Tor Browser window at its default size.
* **Reason:** Maximizing the window reveals your exact screen resolution, which can identify you as a unique user.
####
[](https://martian1337.gitbook.io/notes/digital-privacy/opsec/accessing-tor#id-2.-do-not-log-into-personal-accounts)
2\. Do Not Log Into Personal Accounts
* **Rule:** Never log into Google, Facebook, Twitter, your email, or any account linked to your real identity while using Tor.
* **Reason:** Logging in instantly links your anonymous Tor session to your real-world identity.
####
[](https://martian1337.gitbook.io/notes/digital-privacy/opsec/accessing-tor#id-3.-disable-scripts-safest-mode)
3\. Disable Scripts (Safest Mode)
* **Rule:** Set the security level to **"Safest"** (click the shield icon in the top right corner).
* **Reason:** This disables JavaScript, the most common vector for de-anonymization attacks. While some websites may break, this provides the highest level of protection.
####
[](https://martian1337.gitbook.io/notes/digital-privacy/opsec/accessing-tor#id-4.-use-tails-os-maximum-anonymity)
4\. Use Tails OS (Maximum Anonymity)
If you need the highest possible security (e.g., you are a journalist, activist, or in a hostile environment):
* **Action:** Do not use your main operating system. Instead, download and boot into **Tails OS**.
* **Source:** [**https://tails.net**](https://tails.net/)
* **What it is:** A live operating system that runs from a USB stick.
* It forces **all** connections through Tor automatically.
* It leaves **no trace** on the computer you boot into (RAM is wiped on shutdown).
* It includes the Tor Browser pre-configured with all security settings enabled.
* **Hardware Isolation:** It naturally masks hardware IDs (USB dongles, Bluetooth MACs) from the browser session.
* **Why:** Even if your computer is infected with malware, Tails runs in a clean, isolated environment.
* * *
###
[](https://martian1337.gitbook.io/notes/digital-privacy/opsec/accessing-tor#summary-checklist-for-safe-usage)
Summary Checklist for Safe Usage
Action
Status
**Download Source**
✅ Only from `torproject.org`
**Bridges**
✅ Enabled (Obfs4) if hiding from ISP
**Window Size**
✅ **Never Maximized** (Keep default)
**External Monitor**
⚠️ **Avoid** or use VM/Tails to isolate
**Wireless Headphones**
❌ **Avoid** (Turn off Bluetooth)
**USB Dongles**
⚠️ **Avoid** or use VM/Tails to isolate
**Personal Accounts**
❌ **Never Logged In**
**Security Level**
✅ Set to **"Safest"**
**Operating System**
✅ Tails OS recommended for max security
By following this guide and strictly adhering to the hardware isolation rules regarding monitors, Bluetooth, and USB dongles, you ensure that your digital footprint remains as small and unidentifiable as possible.
Last updated 1 month ago
* [⚠️ Critical Hardware & Environment Warnings](https://martian1337.gitbook.io/notes/digital-privacy/opsec/accessing-tor#critical-hardware-and-environment-warnings)
* [Step 1: Download the Official Tor Browser](https://martian1337.gitbook.io/notes/digital-privacy/opsec/accessing-tor#step-1-download-the-official-tor-browser)
* [Step 2: Use "Bridges" (Crucial for Hiding from ISP)](https://martian1337.gitbook.io/notes/digital-privacy/opsec/accessing-tor#step-2-use-bridges-crucial-for-hiding-from-isp)
* [Operational Security (OpSec)](https://martian1337.gitbook.io/notes/digital-privacy/opsec/accessing-tor#operational-security-opsec)
* [Summary Checklist for Safe Usage](https://martian1337.gitbook.io/notes/digital-privacy/opsec/accessing-tor#summary-checklist-for-safe-usage)
---
# Resume and Interview Guide | Martian Defense NoteBook
For the complete documentation index, see [llms.txt](https://martian1337.gitbook.io/notes/llms.txt)
. This page is also available as [Markdown](https://martian1337.gitbook.io/notes/training-and-career/guides/interview-checklist.md)
.
Sometimes, hiring managers perform a very quick scan of resumes, usually less than a minute. Using that time, they will be trying to find answers to these four questions:
* What is the specific job I'll be applying for?
* What relevant results have I obtained that verify that I am the perfect fit for THIS role?
* What skills, qualifications, and strengths do I bring to the table, and do I have evidence supporting them?
* Have I obtained certain achievements in previous positions that will enable me to achieve these in the present one?
The answers to the four questions should appear in the top third of the resume.
The showcase section is supposed to exhibit these four answers, so when a hiring manager glances through your resume, the immediate response would be: "This is exactly who I have been looking for."
You can achieve this by:
* Adding your target job title and three high-priority skills at the very top.
* This is immediately followed by a personal branding statement that no other person can claim because it speaks to your differentiators.
* An accomplishment section deep-dives into the three most relevant ones to the present employer and position you've delivered that really matter.
* And a core strengths section filled with hard skill keywords, qualifications and strengths that are relevant to the role.
* Write resume focused on results and contribtuions bullets that spotlight the specific achievements you’ve delivered in the past. Choose achievements that directly relate to the needs, problems and goals of the position.
Employers will judge your future performance based on your past performance. Your past performance is an indicator of future success.
Use metrics, data, and figures to cement in the hiring manager’s mind that these results are repeatable and verifiable.
The more specific you are, the more believable your results.
[](https://martian1337.gitbook.io/notes/training-and-career/guides/interview-checklist#interview-checklist)
Interview Checklist
------------------------------------------------------------------------------------------------------------------------------------
* What is the company's mission?
* What are the company's core values?
* Did any core values align with your own?
* What do you know about their industry?
* Who are their customers and competitors?
* What are the company's main products/services?
* How do they generate revenue?
* Is there any news or content that stands out?
* Recent events?
* Big wins?
* What has the company been posting on YouTube or social media?
* Have they released any interesting research, intel, white papers, or webinars?
* Get a feel for the leadership of the company
* Who's the hiring manager? Can you see who they report to?
* Use LinkedIn to find 2-3 people that hold the job you applied to.
* Can you gain any insights about their work experience, skills, and current responsibilities?
* Can you find any common ground with them?
* Review the job description. In your own words write down the main purpose of this role.
* How does this role add value to the company?
* Review the job description and note keywords
* Think about your experience/understanding
* Review the job description and note every technology and your experience/understanding
* Review the job description and note the required skills and your experience/understanding
* "Tell us about yourself" - prepare a 2 minute statement that describes the following:
* Your professional/educational experience and skills
* Why you're on the market
* How you find this opportunity and why you applied
* How you are specifically qualified for this opportunity
* Be prepared to discuss what you know about the company. Use the research you did at the beginning of this guide to help craft a brief summary statement.
* Be prepared to discuss why you're interested in this opportunity and consider how this role applies to your career goals and interests.
* Be prepared to discuss your experience with or knowledge of the listed requirements and be ready to discuss exactly what they laid out in the job description or what you understand about the role in general.
* Be prepared to discuss how you stay current on the cyber industry
* Be prepared to discuss examples of when you solved a problem. Initiative and analytical skills are crucial in security. Think of examples from past experiences
* Be prepared to discuss how you work on a team. You will work with diverse teams and stakeholders in security. To be successful you'll have to provide examples of successfully working in a team-oriented environment.
* Be prepared to discuss your weaknesses. Don't label yourself during this question! Make it all about the job responsibilities and skills
* "I don't have direct experience with XYZ tool but here's my understanding of it ..."
* Take this opportunity to discuss your shortcomings and how you'll overcome those and ramp up fast.
* Be prepared to discuss your strengths. Again, don't label yourself! Adjectives don't mean much here.
* Provide specific examples of how your experience relates to this role.
* What kind of value can you bring based on what you know about the role?
* Example: "Based on what you've told me so far, your team really values XYZ skill. I am confident in my ability to ..."
* Be prepared to discuss how you handle stress and/or competing priorities. Every job will require that you prioritize and get work done efficiently. Think of examples where you've succeeded in this scenario.
* Prepare 5-7 interview questions. You may only have time for 2-3 but make sure to bring thoughtful questions about the company, culture, team, and role.
[PreviousAppSec Training Pathway](https://martian1337.gitbook.io/notes/training-and-career/guides/appsec-training-pathway)
[NextExploit & Malware Development](https://martian1337.gitbook.io/notes/training-and-career/guides/exploit-and-malware-development)
Last updated 9 months ago
---
# Recon + OSINT | Martian Defense NoteBook
For the complete documentation index, see [llms.txt](https://martian1337.gitbook.io/notes/llms.txt)
. This page is also available as [Markdown](https://martian1337.gitbook.io/notes/resources/recon-+-osint.md)
.
[](https://martian1337.gitbook.io/notes/resources/recon-+-osint#training)
Training
---------------------------------------------------------------------------------------
**TryHackMe**
Level 1: [https://tryhackme.com/jr/osintintel](https://tryhackme.com/jr/osintintel)
Level 2: [https://tryhackme.com/jr/osintledit2](https://tryhackme.com/jr/osintledit2)
Level 3: [https://tryhackme.com/jr/osintNEW3-tested](https://tryhackme.com/jr/osintNEW3-tested)
[](https://martian1337.gitbook.io/notes/resources/recon-+-osint#top-resources)
Top Resources
-------------------------------------------------------------------------------------------------
[CyberSpace - Start.meStart.me](https://start.me/p/ADPELy/cyberspace)
Martian's Start.me
[Home | Bellingcat's Online Investigation Toolkitbellingcat.gitbook.io](https://bellingcat.gitbook.io/toolkit)
Bellingcat's Online Inestigation Toolkit
[](https://martian1337.gitbook.io/notes/resources/recon-+-osint#tool-lists)
Tool Lists
-------------------------------------------------------------------------------------------
[BuiltWith](https://builtwith.com/)
!
[Binary Edge (Threat Intelligence scanner)](https://www.binaryedge.io/)
[Censys (Internet Attack Surface monitoring)](https://censys.io/)
[CentralOps](https://centralops.net/)
[crt.sh (Database of certificate identities](https://crt.sh/)
[DNSlytics](https://dnslytics.com/)
[EXIF Data](https://exifdata.com/)
[FullHunt (Attack Surface Intelligence)](https://fullhunt.io/)
[GPS Coordinates](https://gps-coordinates.net/)
[GrayHatWarefare (Search public S3 buckets)](https://grayhatwarfare.com/)
[Grep App (Searching for data within git repos)](https://grep.app/)
[GreyNoise (Search for internet-connected devices)](https://www.greynoise.io/)
[Hunter (Find professional email addresses linked to a business)](https://hunter.io/)
[IntelligenceX (Search Engine and data archive)](https://intelx.io/)
[LeakIX (publicly indexed information)](https://leakix.net/)
[Netlas (internet connected asset intel)](https://netlas.io/)
[ONYPHE (Cyber Defense Search Engine)](https://www.onyphe.io/)
[OpenCorporates](https://opencorporates.com/)
[Packet Storm Security (Latest atest security issues and exploit database)](https://packetstormsecurity.com/)
[PentestTools](https://pentest-tools.com/)
[PimEyes ( Face Recognition Search Engine and Reverse Image Search)](https://pimeyes.com/)
[PublicWWW (Marketing and affiliate marketing research](https://publicwww.com/)
[Pulsedive—Threat intelligence search engine)](https://pulsedive.com/)
[Shodan](https://shodan.io/)
!
[SpiderFoot](https://www.spiderfoot.net/)
[SpyOnWeb](https://spyonweb.com/)
[URL Scan (Analyse websites)](https://urlscan.io/)
[ViewDNS](https://viewdns.info/)
[VirusTotal](https://virustotal.com/)
[Wayback Machine](https://web.archive.org/)
[Vulners (Search engine for Security Intel)](https://vulners.com/)
[Wigle (Database of wireless networks)](https://www.wigle.net/)
[ZoomEye (Information Gathering for IP connected devces)](https://www.zoomeye.org/)
[How to create sockpuppet accounts](https://garrettmickley.com/sockpuppet-account-creation/)
!
[Ultimate OSINT Handbook on Personal Information by SOCRadar](https://socradar.io/the-ultimate-osint-handbook-on-personal-information/)
[Commandergirl's suggestions - powerful OSINT Dashboard](https://start.me/p/1kJKR9/commandergirl-s-suggestions)
[Hatles1der's Ultimate OSINT Collection Dashboard](https://start.me/p/DPYPMz/the-ultimate-osint-collection)
[Ohshint Blog](https://ohshint.gitbook.io/)
[Censys Search Minmap](https://github.com/censys-workshop/censys-search-mindmap)
[OSINT Framework](https://osintframework.com/)
[DorkSearch](https://dorksearch.com/)
!
[SearchCode](https://searchcode.com/)
[Shodan Search Engine](https://www.shodan.io/)
!
[OSINT Tool Collection Repo](https://github.com/cipher387/osint_stuff_tool_collection/)
[Awesome Shodan Queries](https://github.com/jakejarvis/awesome-shodan-queries)
!
[OWASP Maryam](https://github.com/saeeddhqan/Maryam)
[Karma from @Dheerajmadhukar](https://github.com/Dheerajmadhukar/karma_v2)
[sn0int](https://github.com/kpcyrd/sn0int)
!
[Scrummage OSINT and Threat Hunting Framework](https://github.com/matamorphosis/Scrummage)
[OSINT Framework Reference](https://osintframework.com/)
[BlackBird](https://github.com/p1ngul1n0/blackbird)
[uncover](https://github.com/projectdiscovery/uncover)
[Oh365 User Finder](https://github.com/dievus/Oh365UserFinder)
[WeakestLink LinkedIN Tool](https://github.com/shellfarmer/WeakestLink)
[msDorkDump](https://github.com/dievus/msdorkdump)
[geeMailUserFinder](https://github.com/dievus/geeMailUserFinder)
[Exchange Finder](https://github.com/mhaskar/ExchangeFinder)
[Octosuite - Github user OSINT](https://github.com/bellingcat/octosuite/wiki/INSTALLATION)
[LinkScope](https://github.com/AccentuSoft/LinkScope_Client)
- perform online investigations
[sub3suite](https://github.com/3nock/sub3suite)
[Phoneinfoga](https://github.com/sundowndev/phoneinfoga)
[bbot](https://github.com/blacklanternsecurity/bbot)
[h8mail](https://github.com/khast3x/h8mail)
[Alfred](https://github.com/alfredredbird/alfred)
- Social Media OSINT
[InfoHunter](https://hunt.martiandefense.org/)
!
[PreviousApplication Security](https://martian1337.gitbook.io/notes/resources/appsec)
[NextInternal Active Recon](https://martian1337.gitbook.io/notes/resources/recon-+-osint/internal-active-recon)
Last updated 10 months ago
* [Training](https://martian1337.gitbook.io/notes/resources/recon-+-osint#training)
* [Top Resources](https://martian1337.gitbook.io/notes/resources/recon-+-osint#top-resources)
* [Tool Lists](https://martian1337.gitbook.io/notes/resources/recon-+-osint#tool-lists)
---
# Checklists | Martian Defense NoteBook
For the complete documentation index, see [llms.txt](https://martian1337.gitbook.io/notes/llms.txt)
. This page is also available as [Markdown](https://martian1337.gitbook.io/notes/notes/appsec/checklists.md)
.
[WEB APP PENTESTING CHECKLIST](https://martian1337.gitbook.io/notes/notes/appsec/checklists/web-app-pentesting-checklist)
[API Testing Checklist](https://martian1337.gitbook.io/notes/notes/appsec/checklists/api-testing-checklist)
[Android Pentesting Checklist](https://martian1337.gitbook.io/notes/notes/appsec/checklists/android-pentesting-checklist)
[IoS Pentesting Checklist](https://martian1337.gitbook.io/notes/notes/appsec/checklists/ios-pentesting-checklist)
[Thick Client Pentesting Checklist](https://martian1337.gitbook.io/notes/notes/appsec/checklists/thick-client-pentesting-checklist)
[Secure Code Review Checklist](https://martian1337.gitbook.io/notes/notes/appsec/checklists/secure-code-review-checklist)
[PreviousAppSec Testing](https://martian1337.gitbook.io/notes/notes/appsec)
[NextWEB APP PENTESTING CHECKLIST](https://martian1337.gitbook.io/notes/notes/appsec/checklists/web-app-pentesting-checklist)
Last updated 1 year ago
---
# LLM Pentesting | Martian Defense NoteBook
For the complete documentation index, see [llms.txt](https://martian1337.gitbook.io/notes/llms.txt)
. This page is also available as [Markdown](https://martian1337.gitbook.io/notes/resources/offensive-cybersecurity/llm-pentesting.md)
.
Resources/Tooling
[GitHub - NVIDIA/garak: the LLM vulnerability scannerGitHub](https://github.com/NVIDIA/garak)
[promptfooGitHub](https://github.com/promptfoo)
[PreviousBlockchain](https://martian1337.gitbook.io/notes/resources/offensive-cybersecurity/blockchain)
[NextDefensive](https://martian1337.gitbook.io/notes/resources/defensive-cybersecurity)
Last updated 3 months ago
---
# Vulnerable Machine Checklist | Martian Defense NoteBook
For the complete documentation index, see [llms.txt](https://martian1337.gitbook.io/notes/llms.txt)
. This page is also available as [Markdown](https://martian1337.gitbook.io/notes/notes/cheatsheets/capture-the-flag-training/vulnerable-machine-checklist.md)
.
###
[](https://martian1337.gitbook.io/notes/notes/cheatsheets/capture-the-flag-training/vulnerable-machine-checklist#initial-reconnaissance)
Initial Reconnaissance
* Perform a full port scan using Nmap:
* `nmap $IP -p- -sC -sV`
* Perform a no-ping scan (useful if ICMP is blocked):
* `nmap $IP -p- -sC -sV -Pn`
###
[](https://martian1337.gitbook.io/notes/notes/cheatsheets/capture-the-flag-training/vulnerable-machine-checklist#enumeration)
Enumeration
* Enumerate services and versions on open ports.
* Check for default credentials on common services (FTP, SSH, SMB, etc.).
* Perform directory and file enumeration on web servers (if any):
* Use tools like:
* Dirbuster
* Dirb `dirb http://$IP /path/to/wordlist`
* wfuzz - `wfuzz -c -z file,/pasth/to/wordlist -u http://$IP/FUZZ`
* `curl https://example.com/wordlist.txt | wfuzz -c -w - http://target/FUZZ` - here `-w -` instructs Wfuzz to read from standard input instead of a local file
* Gobuster - `gobuster dir -u http://$IP -w /path/to/wordlist`
* ffuf - `ffuf -w /path/to/wordlist -u http://$IP/FUZZ`
###
[](https://martian1337.gitbook.io/notes/notes/cheatsheets/capture-the-flag-training/vulnerable-machine-checklist#vulnerability-scanning)
Vulnerability Scanning
* Use vulnerability scanners like Nikto, OpenVAS, or Nessus to identify potential vulnerabilities
* Manually check for known exploits of identified services
###
[](https://martian1337.gitbook.io/notes/notes/cheatsheets/capture-the-flag-training/vulnerable-machine-checklist#exploitation)
Exploitation
* Attempt to exploit known vulnerabilities:
* Use Metasploit Framework or manual exploitation methods
* Look for misconfigurations or weak points (like weak passwords)
###
[](https://martian1337.gitbook.io/notes/notes/cheatsheets/capture-the-flag-training/vulnerable-machine-checklist#post-exploitation)
Post-Exploitation
* Check for privilege escalation opportunities
* Linux
* [https://gtfobins.github.io/](https://gtfobins.github.io/)
* [https://github.com/Frissi0n/GTFONow](https://github.com/Frissi0n/GTFONow)
* [LinPEAS](https://github.com/carlospolop/PEASS-ng/tree/master/linPEAS)
* Windows
* [WinPEAS](https://github.com/carlospolop/PEASS-ng/tree/master/winPEAS)
* Document any loot (passwords, keys, confidential data)
* CrackMapExec
* Impacket
* When successful, enumerate the system for the flag
[PreviousCapture-the-Flag Training](https://martian1337.gitbook.io/notes/notes/cheatsheets/capture-the-flag-training)
[NextReverse Engineering Checklist](https://martian1337.gitbook.io/notes/notes/cheatsheets/capture-the-flag-training/reverse-engineering-checklist)
Last updated 6 months ago
* [Initial Reconnaissance](https://martian1337.gitbook.io/notes/notes/cheatsheets/capture-the-flag-training/vulnerable-machine-checklist#initial-reconnaissance)
* [Enumeration](https://martian1337.gitbook.io/notes/notes/cheatsheets/capture-the-flag-training/vulnerable-machine-checklist#enumeration)
* [Vulnerability Scanning](https://martian1337.gitbook.io/notes/notes/cheatsheets/capture-the-flag-training/vulnerable-machine-checklist#vulnerability-scanning)
* [Exploitation](https://martian1337.gitbook.io/notes/notes/cheatsheets/capture-the-flag-training/vulnerable-machine-checklist#exploitation)
* [Post-Exploitation](https://martian1337.gitbook.io/notes/notes/cheatsheets/capture-the-flag-training/vulnerable-machine-checklist#post-exploitation)
---
# Shodan Dork Cheatsheet | Martian Defense NoteBook
For the complete documentation index, see [llms.txt](https://martian1337.gitbook.io/notes/llms.txt)
. This page is also available as [Markdown](https://martian1337.gitbook.io/notes/notes/security-research/shodan-dork-cheatsheet.md)
.
###
[](https://martian1337.gitbook.io/notes/notes/security-research/shodan-dork-cheatsheet#general-search-queries)
General Search Queries
* `city:”[city name]”`: Devices in a specific city.
* `country:”[country code]”`: Devices in a specified country.
* `geo:”[latitude],[longitude]”`: Geographic location-specific devices.
* `hostname:”[hostname]”`: Devices with a particular hostname.
* `net:”[IP range]”`: Devices within a certain IP range.
* `os:”[operating system]”`: Devices running a specific OS.
* `port:”[port number]”`: Devices open on a specific port.
* `org:”[organization name]”`: Devices related to a certain organization.
* `isp:”[ISP name]”`: Devices using a specific ISP.
* `product:”[product name]”`: Devices with a specific software/hardware.
* `version:”[version number]”`: Devices on a particular software version.
* `has_screenshot:”true”`: Devices with available screenshots.
* `ssl.cert.subject.cn:”[common name]”`: SSL certificates with a specific CN.
* `http.title:”[title text]”`: Web pages with a certain title.
* `http.html:”[HTML content]”`: Web pages containing specific HTML.
* `http.status_code:[code]`: Devices returning a specific HTTP status code.
* `ssl:”[SSL keyword]”`: Devices with specific SSL configurations/details.
* `before:”[date]” / after:”[date]”`: Devices online before/after a date.
* `bitcoin.ip:”[IP address]”`: Bitcoin nodes by IP.
* `ssh.fingerprint:”[fingerprint]”`: SSH servers with a specific fingerprint.
###
[](https://martian1337.gitbook.io/notes/notes/security-research/shodan-dork-cheatsheet#applications-and-services)
Applications and Services
* `product:”[product name]”`: Devices running a specific product.
* `version:”[version]”`: Devices with a specific version number.
* `webcam`: Searches for internet-connected webcams.
* `“default password”`: Devices using default passwords.
* `“server: Apache”`: Finds Apache web servers.
* `ftp`: Devices with FTP services.
* `“X-Powered-By: PHP/[version]”`: PHP version-specific servers.
* `iis:[version number]`: Servers running Microsoft IIS.
* `“Server: nginx”`: Devices running Nginx server.
* `“MongoDB Server Information” port:27017`: MongoDB databases on default port.
* `“CCTV”`: Internet-connected CCTV cameras.
* `“PBX VoIP”`: VoIP PBX systems.
* `“Elasticsearch”`: Elasticsearch servers.
* `“OpenSSL”`: Devices using OpenSSL.
* `“SCADA”`: SCADA systems.
* `“VoIP Phone”`: Internet-connected VoIP phones.
###
[](https://martian1337.gitbook.io/notes/notes/security-research/shodan-dork-cheatsheet#device-and-service-identification)
Device and Service Identification
* `asn:”[ASN]”`: Devices associated with a specific ASN.
* `http.favicon.hash:[hash]`: Web servers with a specific favicon hash.
* `ntp.ip:”[IP address]”`: NTP servers related to a specific IP.
* `ssl.cert.issuer.cn:”[issuer CN]”`: SSL certificates issued by a specific issuer.
* `http.component:”[component]”`: Web applications using specific components.
* `http.robotstxt:”[content]”`: Web servers with specific robots.txt content.
* `http.waf:”[WAF name]”`: Identification of web application firewalls.
* `http.xssed:”[keyword]”`: Web pages marked in XSSed database.
* `http.cookie:”[cookie name]”`: Web servers setting a specific cookie.
* `http.useragent:”[user agent]”`: Devices with a specific user agent.
###
[](https://martian1337.gitbook.io/notes/notes/security-research/shodan-dork-cheatsheet#network-and-infrastructure-analysis)
Network and Infrastructure Analysis
* `not ssl`: Devices not using SSL.
* `metadata:”[keyword]”`: Searches for devices with specific metadata.
* `http.html_hash:[hash]`: Identifies web pages with a specific HTML hash.
* `netblock:”[owner]”`: Devices within a netblock owned by a specific entity.
* `asn:”[ASN]”`: Devices associated with a specific ASN.
* `http.server_header:”[header content]”`: Devices with specific server header responses.
* `udp`: Devices with open UDP ports.
* `telnet`: Devices accessible via Telnet.
###
[](https://martian1337.gitbook.io/notes/notes/security-research/shodan-dork-cheatsheet#iot-and-connected-devices)
IoT and Connected Devices
* `“smart tv”`: Searches for internet-connected smart TVs.
* `“printer” “default password”`: Printers possibly using default passwords.
* `“Raspberry Pi” port:22`: Raspberry Pi devices with SSH enabled.
* `“thermostat” “wifi”`: Wi-Fi-enabled thermostats.
* `“smart home”`: Various smart home devices.
* `“IP camera” “default login”`: IP cameras with default login credentials.
* `“smart meter”`: Internet-connected smart meters.
* `“home automation”`: Home automation systems.
* `“wearable”`: Wearable technology devices.
###
[](https://martian1337.gitbook.io/notes/notes/security-research/shodan-dork-cheatsheet#security-and-vulnerability-research)
Security and Vulnerability Research
* `ssl.cert.serial:”[serial number]”`: SSL certificates by serial number.
* `“Server: Microsoft-HTTPAPI/2.0”`: Devices running specific Microsoft HTTP services.
* `“Cisco IOS” “http auth”`: Cisco IOS devices with HTTP authentication.
* `“default login” “router”`: Routers with default login credentials.
* `“Hadoop NameNode”`: Hadoop NameNode servers.
* `“Apache Struts” vuln`: Apache Struts vulnerabilities.
* `“Tomcat” admin`: Tomcat servers with admin panels.
* `“Docker” port:2375`: Docker instances on default port.
* `vuln:”[CVE-ID]”`: Searches for vulnerabilities with a specific CVE ID.
* `“200 OK” ssl`: Servers with SSL certificates returning 200 OK.
* `“Server: Apache” -“mod_ssl” -“OpenSSL”`: Apache servers potentially without SSL encryption.
* `ssl.cert.expired:”true”`: Devices with expired SSL certificates.
* `“heartbleed” vuln`: Searches for vulnerabilities related to Heartbleed.
* `http.component:”Drupal” vuln:”CVE-2018-7600″`: Drupal sites vulnerable to a specific CVE.
* `“Authentication: disabled”`: Devices with authentication disabled.
* `http.title:”Index of /”`: Directories with potentially open indexes.
* `ssl:”TLSv1″`: Searches for devices using the older TLSv1 protocol.
* `org:”[organization]” vuln:”[CVE-ID]”`: Searches for vulnerabilities within a specific organization.
* `“EternalBlue” vuln`: Devices vulnerable to EternalBlue.
* `“Joomla” vuln`: Joomla sites with specific vulnerabilities.
* `“WordPress” vuln`: WordPress sites with specific vulnerabilities.
* `“SQL Injection” vuln`: Devices vulnerable to SQL Injection.
* `“DDoS” vuln`: Devices potentially vulnerable to DDoS attacks.
###
[](https://martian1337.gitbook.io/notes/notes/security-research/shodan-dork-cheatsheet#geographic-and-demographic-analysis)
Geographic and Demographic Analysis
* `city:”[city]” os:”[OS]”`: Devices with a specific OS in a city.
* `country:”[country]” product:”[product]”`: Specific devices in a country.
* `region:”[region]”`: Devices in a specific region.
* `postal:”[postal code]”`: Devices in a specific postal code.
* `latitude:”[latitude]” longitude:”[longitude]”`: Devices at specific coordinates.
* `area:”[area code]”`: Devices in a specific area code.
###
[](https://martian1337.gitbook.io/notes/notes/security-research/shodan-dork-cheatsheet#combined-queries)
Combined Queries
* `os:”Linux” port:”22″ “SSH” country:”JP”`: Linux devices with SSH in Japan.
* `product:”Apache” version:”2.4.7″ -“200 OK”`: Apache servers not returning 200 OK.
* `city:”New York” os:”Windows” port:”3389″`: Windows devices with RDP in New York.
* `net:”192.168.1.0/24″ webcam`: Webcams in the 192.168.1.0/24 IP range.
* `org:”Google” ssl cert:”expired”`: Expired SSL certificates in Google's infrastructure.
* `country:”DE” product:”MySQL” version:”5.5″ “default password”`: MySQL databases in Germany.
* `“HTTP/1.1 401 Unauthorized” city:”London” port:”80″`: Unauthorized HTTP responses in London.
* `“Server: Apache” -“Apache-Coyote” country:”BR”`: Apache servers in Brazil.
* `hostname:”*.edu” vuln:”CVE-2019-11510″`: Educational institutions vulnerable to CVE-2019-11510.
* `“IIS/8.0” -“X-Powered-By” net:”205.251.192.0/18″`: IIS 8.0 servers in the specified range.
[PreviousPublishing CVEs](https://martian1337.gitbook.io/notes/notes/security-research/publishing-cves)
[NextGithub Dorks](https://martian1337.gitbook.io/notes/notes/security-research/github-dorks)
Last updated 1 year ago
* [General Search Queries](https://martian1337.gitbook.io/notes/notes/security-research/shodan-dork-cheatsheet#general-search-queries)
* [Applications and Services](https://martian1337.gitbook.io/notes/notes/security-research/shodan-dork-cheatsheet#applications-and-services)
* [Device and Service Identification](https://martian1337.gitbook.io/notes/notes/security-research/shodan-dork-cheatsheet#device-and-service-identification)
* [Network and Infrastructure Analysis](https://martian1337.gitbook.io/notes/notes/security-research/shodan-dork-cheatsheet#network-and-infrastructure-analysis)
* [IoT and Connected Devices](https://martian1337.gitbook.io/notes/notes/security-research/shodan-dork-cheatsheet#iot-and-connected-devices)
* [Security and Vulnerability Research](https://martian1337.gitbook.io/notes/notes/security-research/shodan-dork-cheatsheet#security-and-vulnerability-research)
* [Geographic and Demographic Analysis](https://martian1337.gitbook.io/notes/notes/security-research/shodan-dork-cheatsheet#geographic-and-demographic-analysis)
* [Combined Queries](https://martian1337.gitbook.io/notes/notes/security-research/shodan-dork-cheatsheet#combined-queries)
---
# Vulnerability Management Lifecycle | Martian Defense NoteBook
For the complete documentation index, see [llms.txt](https://martian1337.gitbook.io/notes/llms.txt)
. This page is also available as [Markdown](https://martian1337.gitbook.io/notes/notes/governance-risk-compliance/vulnerability-management-lifecycle.md)
.
The VM Lifecycle represents the process and series of critical stages to identify and remediate vulnerabilities/weakness to attacks and exploitation of discovered findings.
[](https://martian1337.gitbook.io/notes/notes/governance-risk-compliance/vulnerability-management-lifecycle#discovery)
Discovery
-------------------------------------------------------------------------------------------------------------------------------------
Detect and interrogate system assets
* Devices, platforms, applications
Identify all assets
* Identify assets that need to be monitored
* The intent is to ensure no vulnerable devices are overlooked
[](https://martian1337.gitbook.io/notes/notes/governance-risk-compliance/vulnerability-management-lifecycle#prioritize-assets)
Prioritize Assets
-----------------------------------------------------------------------------------------------------------------------------------------------------
Determines the priority of discovered assets
* What assets are most business-critical?
* What assets require immediate attention?
* Helps focus resources
> Patching all assets at once is likely not feasible. Ensure to collaborate with asset owners and stakeholders to determine asset priorities
[](https://martian1337.gitbook.io/notes/notes/governance-risk-compliance/vulnerability-management-lifecycle#assess)
Assess
-------------------------------------------------------------------------------------------------------------------------------
Determines if a vulnerability exists in the system
* Compares assets to known vulnerabilities
* Determine Risk score (CVSS, VRT, etc)
[](https://martian1337.gitbook.io/notes/notes/governance-risk-compliance/vulnerability-management-lifecycle#reporting)
Reporting
-------------------------------------------------------------------------------------------------------------------------------------
Presents assets and vulnerabilities in a form to view findings
* Compile discovery with identified vulnerabilities
* Usually categorized by priority, location, etc
* Tailor reports for various audiences
[](https://martian1337.gitbook.io/notes/notes/governance-risk-compliance/vulnerability-management-lifecycle#remediate)
Remediate
-------------------------------------------------------------------------------------------------------------------------------------
Takes action on a vulnerability
* Apply patches
* Initiate compensating controls
* Accept the vulnerability/risk
[](https://martian1337.gitbook.io/notes/notes/governance-risk-compliance/vulnerability-management-lifecycle#verify)
Verify
-------------------------------------------------------------------------------------------------------------------------------
Verifies that a remediation was successful or effective
* Was vulnerability resolved?
* Is further action needed?
[](https://martian1337.gitbook.io/notes/notes/governance-risk-compliance/vulnerability-management-lifecycle#vm-lifecycle-challenges)
VM Lifecycle Challenges
-----------------------------------------------------------------------------------------------------------------------------------------------------------------
Incomplete asset information - Effective discovery requires both **asset identification** and the information about the **contents** of each asset
Incomplete asset lists - Out-of-date asset lists and mixed data sources can prevent discovery from providing complete asset accountability for a thorough risk evaluation
Overwhelming scan data - Prioritization helps target efforts for the most critical assets from the most serious threats
Organizational communication - Frequent communication, reports, system dashboards, and notifications help keep teams informed for required patching/updates
Vulnerability Identification - Vulnerability data must be up to data and relevant from authoritative sources
Timely Remediation - Efforts must be timely, organized, and effective with specific assignments and accountability
Process Tracking - Verification helps assure that remediation is successful with no new vulnerabilities exposed
[PreviousGovernance, Risk, Compliance](https://martian1337.gitbook.io/notes/notes/governance-risk-compliance)
[NextCheatsheets](https://martian1337.gitbook.io/notes/notes/cheatsheets)
Last updated 1 year ago
* [Discovery](https://martian1337.gitbook.io/notes/notes/governance-risk-compliance/vulnerability-management-lifecycle#discovery)
* [Prioritize Assets](https://martian1337.gitbook.io/notes/notes/governance-risk-compliance/vulnerability-management-lifecycle#prioritize-assets)
* [Assess](https://martian1337.gitbook.io/notes/notes/governance-risk-compliance/vulnerability-management-lifecycle#assess)
* [Reporting](https://martian1337.gitbook.io/notes/notes/governance-risk-compliance/vulnerability-management-lifecycle#reporting)
* [Remediate](https://martian1337.gitbook.io/notes/notes/governance-risk-compliance/vulnerability-management-lifecycle#remediate)
* [Verify](https://martian1337.gitbook.io/notes/notes/governance-risk-compliance/vulnerability-management-lifecycle#verify)
* [VM Lifecycle Challenges](https://martian1337.gitbook.io/notes/notes/governance-risk-compliance/vulnerability-management-lifecycle#vm-lifecycle-challenges)
---
# Wordlists | Martian Defense NoteBook
For the complete documentation index, see [llms.txt](https://martian1337.gitbook.io/notes/llms.txt)
. This page is also available as [Markdown](https://martian1337.gitbook.io/notes/resources/offensive-cybersecurity/wordlists.md)
.
###
[](https://martian1337.gitbook.io/notes/resources/offensive-cybersecurity/wordlists#wordlists-and-passwords)
Wordlists and Passwords
Password Databases/Lists
[Seclists from @danielmiessler](https://github.com/danielmiessler/SecLists)
[Default Creds Cheat Sheet](https://github.com/ihebski/DefaultCreds-cheat-sheet)
[CIRT.net (default passwords)](https://cirt.net/passwords)
[Default-password.info](https://default-password.info/)
[Data Recovery (default passwords)](https://datarecovery.com/rd/default-passwords/)
[Skullsecurity Password collection](https://wiki.skullsecurity.org/index.php?title=Passwords)
[Trickest Wordlists](https://github.com/trickest/wordlists)
####
[](https://martian1337.gitbook.io/notes/resources/offensive-cybersecurity/wordlists#web-fuzzing)
Web Fuzzing
[OnelistForall](https://github.com/six2dez/OneListForAll)
- AKA Rockyou for web !
[FuzzDB](https://github.com/fuzzdb-project/fuzzdb)
[Asset Note](https://wordlists.assetnote.io/)
[PreviousCloud Pentesting](https://martian1337.gitbook.io/notes/resources/offensive-cybersecurity/cloud-pentesting)
[NextSocial Engineering](https://martian1337.gitbook.io/notes/resources/offensive-cybersecurity/social-engineering)
Last updated 1 year ago
---
# JavaScript | Martian Defense NoteBook
For the complete documentation index, see [llms.txt](https://martian1337.gitbook.io/notes/llms.txt)
. This page is also available as [Markdown](https://martian1337.gitbook.io/notes/notes/coding-programming/javascript.md)
.
The console is part of the web browser and allows you to log messages, run JavaScript code, and see errors and warnings. \\
###
[](https://martian1337.gitbook.io/notes/notes/coding-programming/javascript#js-basics)
JS Basics
Example function used to generate output to the console:
Copy
console.log("Hello Humans!");
Enclosed text in quotes:
Copy
console.log("I love free cyber training");
Quotes are not needed for numbers:
Copy
console.log(1337);
The console.log() function can be used as many times as needed:
Copy
console.log("Hello Humans!");
console.log("Take me to your leader");
###
[](https://martian1337.gitbook.io/notes/notes/coding-programming/javascript#javascript-in-html)
JavaScript in HTML
You can add JavaScript code in an HTML document using the