As a White Hat Hacker, how to build their own network security arsenal?

As the saying goes: " we must first of its profits ."

For White Hat Hacker, resource collection equipment / tools / software like our " arsenal ", whether or not equipped with a sound mind and get easily , directly determines the subsequent battle can more quickly and accurately scored goals.

As a senior tool control and obsessive-compulsive disorder , I am here not only provide a list of tools, but also to share with you:

• How to define a good tool?
• At different stages of development, you should choose how to work the equipment?
• At different stages of work, what are the necessary "magic weapon"?
• Knowledge management methodology, why we can upgrade our "arsenal"?

Next, we will focus on this chart below to expand =>

I want to tell you how to work the equipment, safety testing, knowledge management to arm themselves and other three major categories of tools to build their own " network security arsenal ."

1. Work equipment category

Work equipment refers to computers, hard drives, displays and other hardware devices, which means we compute, storage, display upper limit and other hardware resources. In my opinion, the quality of this equipment, directly determines the entire arsenal of output firepower , its importance is self-evident.

If we are just getting started, so using a normal computer, " All in One " strategy, early no problem. With the gradual deepening of study and work, have been found in the following situations:

• Computer passwords blasting work in progress, CPU full index can not do other job ...

• Virtual environment with the use of volume from the original installation of 10G now 50G ...

• When the target site for testing, measuring and checking information when side, who need to move the window ...

• Project data are numerous and complex, with personal and learning materials mixed together ...

• Some hole leaked a few TB of social workers ku, unfortunately hard disk would fit ...

  ……

Above these circumstances, that simple point, that is, computing, storage, display and other hardware resources continue to be more on the. For example, the same target do a blast, the use of " single-core CPU + set was + 1G Dictionary " and " 4-core CPU + alone significantly + 10 G Dictionary " on the configuration, regardless *** speed and success rate, with night and day before and after the other.

Since the hardware resources in a way equivalent to efficiency, it is not the stronger the better it?

Definitely not. Even the shovel are Nabu Wen, give you a hammer can do?

Although our goal is to improve efficiency, but also to promote timely and appropriate, that is, between time, cost, efficiency is good balance.

Then, as white hat ***, how to work the equipment we considered it a good equipment?

I think, if this equipment can work well to meet the immediate needs can continue to increase production capacity, there are 2 to 3 years of elastic use of space, it is not only considered a good equipment, and good on a good sum of investment.

Taking into account each person a different work experience and stage of development, even with the same industry, or even at the same position, we need the equipment will vary. So, I am here to provide introductory, advanced, advanced 3 sets of work equipment for your reference.

Starter Edition : stand-alone single screen

• Overview:

  • This version is more suitable for you from entry to entry one year period.
  • Normally, at this stage you are in a self-exploration and expansion of horizons of time.
  • Collect resources for learning everywhere, to build a virtual environment to experiment, treatment company foundation project requirements, etc., are your primary needs at this stage.
• equipment:
  • At this time, Taiwan's main medium-performance computer equipment to meet most of your needs. The recommended configuration is as follows:
  • Memory resources: 8GB ~ 16GB. Direct memory size determines how many how many can simultaneously run applications virtual machine open, smooth test environment can greatly improve production efficiency, therefore, no matter how poor not poor memory.
  • Hard disk resources: ≥ 256GB + 1TB. The recommended daily frequency used in solid state drive SSD herein; the larger volume of the virtual machine software and other tools, in mechanical or removable hard disk here.
  • Computing resources: ≥ 2-core 4 thread. Consider this stage of multi-tasking is not the strong demand, thus providing Currently the most entry-level configuration.

Premium : single dual

• Overview:

  • This version is suitable for your work is on track, such as the work of one to three years of stage.
  • Normally, at this stage you have defined the development goals, and positive toward a vertical depth study of the field.
  • On the entry requirements, often deal with medium-sized documents, while studying the work, a number of projects lianzhouzhuan etc., are your primary needs at this stage.
• equipment:
  • At this point, a strong performance of the main computer equipment, an external display, can basically meet most of your needs.
  • Screen Resources: In addition to the computer screen, the new screen, to further improve our efficiency. For example, a project run screen + two documents do screen, a screen or two to work + screen release the film ......
  • Memory resources: 16GB ~ 32GB. 16GB is equipped with the most entry at this stage, if you can to 32GB, basically running from the entire *** lab.
  • Hard disk resources: ≥ 512GB + 4TB. Tools and documentation used by more and more high frequency, we recommend the optional 512 GB solid state drive. In addition, you can purchase some of the more than external mobile hard disk, for example 2 2TB, or 2 4TB, placed a profile, a job placement information, to achieve separation of public and private.
  • Computing resources: ≥ 4 core 8 threads. With the multi-tasking work started to become mainstream, it is recommended optional 4-core CPU, capable and most scenes.

Premium : Dual three-screen NAS

• Overview:

  • This version is more suitable that you have worked some years, for example, more than 3 years period.
  • Love of learning and perseverance you, at this stage could become the main team, able to work independently, led start to work.
  • On the advanced needs, solve individual and team, processing technology and management, and work-life balance, etc., are your primary needs at this stage.
• equipment:
  • In this case, using a computer apparatus main one, two external display using NAS storage solutions can basically meet most of your needs.
  • Standby computer configuration, direct entry and advanced equipment reference, here focus on that " dual " usage scenarios. With the gradual growth of work, our living conditions will all be changed, such as entering a new phase married and set up small family. In the past, a main computer stores a wide variety of work and life in the information, all transactions are processed on this machine, there is no boundary; and now try to consider privacy issues , such as adding a host, for individuals and family, personal learning, entertainment, family photos, important files and so on to put this.
  • In addition, introductory and advanced equipment, storage solutions, generally uses " is not enough to purchase a hard disk " Such a strategy, but it does not take into account the " hard disk corruption cases" of. I believe there are a certain number of years of work friends, many have this "distraught" experience: the accumulation of years of project documents gone, all night long line and out of the code library deleted, lost XXX treasured for many years although the market ...... various cloud disk can solve a similar problem, but after all, dry safety, we put all the information to upload?
  • Therefore, it is necessary to meet the capacity requirements , but also to prevent hard drive damage , the way to solve privacy , it is estimated that the program got left this: based on "NAS" build your own cloud disk. This program consequently good, that is a little expensive , not here to expand ......
  • Finally, an external display increases to 2, 3 to realize screen interaction with the computer screen, can be applied to more complex scenes work. For example, a screen for the task screen to show the task list and calendar scheduling; two screens to work screen , put this core operations; three screen to reference screen , screen play to two auxiliary.

* 2. Safety test class **

If work equipment determines the arsenal of output firepower , then * security testing tools directly determine arsenal of productivity . E.g:

• The same sweeping the global Internet, some tools use a month, some one hour

• Also sweep the target site, some tools can burst N high-risk, some expressed "worry-free"

• Blasting the same password dictionary, some tools fill the computer CPU, but also ease some

  ……

* ** tool is to the safety engineer, like a kitchen knife is to the chef, guns at the soldiers.

So how in the tens of thousands of tools, screening their own essential tool set, which is also a luxurious thing. On this point, we can follow this simple principle: Under the same function, use less time, with fewer resources, better experience to complete the goal, this is a good tool.

Based on this principle, each of the segments can always be some " magic weapon ", they are just able to experience and efficiency achieved between the best balance , been tempered by time, stand out in many tools, many loyal capture global iron =>

• [Target scan] used Nmap came to understand why it has become the subject of countless * Hacker movie, played the highest rate tool. Big Brother tell you what is meant by a single point of perfection, product documentation should be how to write, how to command parameters should be designed.

• [Exploits] used Metapsloit to know, what is the real open framework, tools have engineered idea how strong its vitality.

• [Traffic capture] used Wireshark understand that this TM is a graphical interface, packet turned out to be a long way, the Internet is actually the underlying language protocol field.

  ……

In my opinion, above which is not only a tool, like a work of art . We use it, while also enjoying it.

It is because of this area, there has been such a number of groundbreaking tools, behind the rising star will have so much to learn from their design ideas, standing on the shoulders of giants, catch up on the same or similar fields, contending the formation of the current situation.

Here, based on my personal experience, this sorted out "network security essential security testing tool set" v1 version , including * environment preparation, information gathering, vulnerability analysis, exploits, after shentou , network security, Web security, wireless safety, security software, testing systems and other 10 categories.

Note 1: In view of the limited capacity, only listed here and think I've used good. If you think what "artifact" essential, can private letter to me.

Note 2: As the more sensitive tools, most do not provide a link, please search on their own.

Next, we will focus on this chart below to expand =>

2.1 Environment Preparation

Before you start entering the study or work, we need to build a virtual environment in advance, to facilitate follow-up experiment and test work; In addition, we recommend the use of Chrome and Firefox browser and install the associated plug-ins.

Virtual Environment

• Vmware Workstation
• VirtualBox
• Docker

Browsers and plug-ins

• Chrome
• Firefox
• Wappalyzer
• Shodan
• Hackbar
• Postman
• Firebug
• Proxy SwitchyOmega
• Tamper data

2.2 Information gathering

The so-called know ourselves before being victorious, success *** As a result, to a large extent depends on the information gathering stage. Gathering information collection is divided into passive and active collection of two types, the former through search engines, security intelligence, social workers and other library, not in direct contact with the target; the latter based scanner, test tools, expanded its contact with the target and can some impact.

Security Intelligence

• Virustotal
• ThreatBook
• OSINT methodology and open source tools
  • Omnibus
  • OSINT-SPY
  • GOSINT
  • DataSploit
• 360 / Cian letter / Green Alliance / Tencent / IBM and other manufacturers Security Intelligence

search engine

• Google（GHDB）
• Shodan
• to Zoom

IP address lookup

• Webmaster Tools
• ipip.net
• ip.cn
• ipplus360.com
• ipaddress.my
• maxmind.com
• ip2location.com

Domain Search

• Webmaster Tools
• ICP record
• DNSdumpster
• Findsubdomains
• DNSrecon

Corporate Information

• Charles eye in the sky
• Look up prices

Comprehensive collection

• Maltego
• Theःarvester

Target scan

• Nmap
• ZMap
• Masscan

other

• Extranet
  • Twitter/Facebook/Youtube/Telegram
• Dark Web
  • Tor
• Social workers library
  • Temporarily provided

2.3 Vulnerability Analysis

Exploit intelligence platform or vulnerability scanning tools to analyze the target system possible vulnerabilities and risks face.

Vulnerability Intelligence Platform (Vuln / Exp / PoC)

• exploit.db
• exploit.shodan.io
• seebug
• vulmon
• 0day.today
• cvedetails
• cve.mitre.org
• securityfocus
• cnnvd / cnvd

Integrated Vulnerability Scanning (host / system / network / application)

• Nessus
• Openvas

Web vulnerability scanning

• Burpsuite
• AWVS
• APPscan
• OWASP ZAP
• Nobody
• w3af
• WPscan

2.4 **

Based on preliminary information gathering and vulnerability analysis, we have mastered the objective existence of vulnerabilities and risks face. Next, we need to choose the right way and supporting tools for testing, including but not limited to, exploits, social engineering, password auditing.

Exploit

Use of existing vulnerability information, load exploit code, to target exploits.

• Metasploit
• Burpsuite
• Pocsuite

Social workers test

Use of social engineering, phishing sites using false e-mail and other ways to initiate social workers test.

• SET（Social Engineer Toolkit）
• Gophish

Password audit

Use of dictionary / password database / rainbow tables, etc., to audit the target account or password.

• Password hashing library
• weakpass.com
• hashes.org
• freerainbowtables.com
• Dictionary generated
• crunch
• twin
• Cupp
• Password audit
• cmd5
• Hydra
• L0phtCrack
• Hashcat
• Join the Ripper
• RainbowCrack

2.5 ***

Network audit, remote control, lateral movement, privilege escalation, tunnel establishment, traces erased.

• Metasploit
• meter Preter
• Cobalt Strike
• Empire
• Mimikatz
• PowerSploit
• nishang
• Netcat
• pupa
• DNScat2
• LCX
• NC

2.6 Network Security

For network protocols, network equipment and test audit initiated, involving packet capture analysis, LAN security testing, security testing middleman, DDOS auditing tools.

Packet capture analysis

• Wireshark
• Tcpdump
• Fiddler
• Branch to

**DDOS*****

• Hping
• LOIC

* Protocol Auditing

• Cain & Abel
• SSLtrip
• Ettercap
• Bettercap

LAN audit

• Yersinia

2.7 Web Security

For Web sites and browser-initiated audit and testing, involving directory traversal, fingerprint identification, fuzz testing, SQL injection, XSS / CSRF, Webshell management tools.

Safety testing / commissioning manual

• BurpSuite

Directory Traversal

• Gobuster
• Dirbuster
• dirb
• Sword background

Fingerprint recognition

• Wappalyzer
• WPscan
• Joomscan
• Whatweb
• Whatcms
• CMSmap
• Sword fingerprint identification

SQL security audit

• SQLmap
• ःAvij
• Pangolin

XSS / CSRF / browser

• BeEF
• XSStrike
• XSSOR
• CSRFTester

Webshell management

• Chinese chopper
• Chinese ant sword
• Weevely
• C knife

Fuzz testing / crack form

• BurpSuite
• SecLists
• Fuzzdb
• PKAV

Code audit

• RIPS

2.8 Wireless Security

WiFi hotspots for wireless initiated audits and testing, involving integration framework, fishing WiFi, router audit, password cracking and other tools.

Integration framework / platform

• Aircrack-ng
• WIFI Hack AIO
• CDLinux

Fishing WiFi

• Fluxion
• WiFi-Pumpkin
• WiFiphisher

WiFi Hotspots

• CommonView
• inSSIDer

Password audit

• Minidwep-gtk
• EWSA
• Reaver

**router*****

• Routersploit
• WebCrack

2.9 security software

Computer software for mobile phones launched by binary and reverse analysis.

• IDA Pro
• OllyDbg
• WinDbg
• APKtools

2.10 *** system

Focus on safety testing in the field of operating systems, involving different Linux distributions and Windows.

Linux distributions

• kali Linux
• BlackArch Linux
• ParrotOS
• SamuraiWTF

Windows releases

• PentestBox
• Commando-vm

3. Knowledge Management

What is knowledge management? I have another article " zero basis how to become a qualified security test engineer? "Popularity has been done, direct excerpt here:

Knowledge management, namely PKM (Personal Knowledge Management), is the study of how a scientific and efficient management methodology knowledge. Taking into account the characteristics of the interdisciplinary field of network security, need to know the amount of knowledge is very complex, more than most people carrying capacity. So, if you want to do safety engineer *, then I recommend that you use PKM to build their own knowledge management system for optimization of input and output path, to create optimal learning loop. Using this methodology, we can finally get this result: learning ability than others, grow faster than others. This methodology I've practiced for more than 10 years, in 2019 I did the first time publicly shared systematic, interested friends may own search.

I think, * as a safety engineer , is more important than the software tools, in fact, their knowledge management capabilities. **

Good knowledge management capabilities, will continue to promote their own upgrade tool set (Toolset), in order to better respond to the massive knowledge and complex projects.

So, when we say that the work of security testing tools and equipment and * decide arsenal of output firepower and efficiency , then knowledge management directly determines the arsenal of iteration speed .

Knowledge management capabilities include knowledge management methodology and toolset, they will not expand this methodology to talk about placing my direct knowledge management tool set (part):

• Document processing: Typora, Word, PPT

• Process Drawing: XMind, Mindmanager, the Visio

• Electronic note: Onenote, Wiznote, Evernote

With these tools made out of a document like this (direct interception of my lecture notes):

These tools, usage scenarios , I am here is this:

• As I just wrote a blog post or write a log time, this time I will be the preferred Typora, because it is lightweight enough, unlike Word so heavy, without paying attention to too many typesetting issue, use Markdown syntax is simple rendering, the It will be able to output a document with high quality typesetting. If you need to publish this article to online media platform, as more and more platform support MD format, now largely finished computer, sync to publish online, get reading experience is almost the same, without having to do too much two typesetting times, saving time and effort.

• When I need to prepare a formal program or tender when such documents from tens to hundreds of pages, the need for more professional document layout, such as the need for front and back covers, directory navigation, brand logos, headers and footers, map text layout and so on, this scene is none other than the non-Word, after all, "the document processing industry king" is not a joke.

• When I was in the planning process or brainstorming phase , in which case no formal written document, I will use Xmind or MM combing ideas, draw primary and secondary context, so the resulting mapping file, I am going to write will become official "map" of the document.

• When I need an organized system of sorting and backup documents , I will sync it to Onenote or Wiznote, the formation of my "personal library" for easy access at any time in the computer and mobile phones.

• When I need to project presentations or training delivery time, I will search for relevant documents in the "personal library" with Visio / Xmind / MM and other auxiliary mapping, and ultimately by PPT / Onenote / Xmind / MM output and other presentations.

  ……

To here, my "*** arsenal" to create even officially finished. In the simplest formula that, in fact is:

** network security arsenal = work equipment (hard) + * test (soft) + Knowledge Management (imaginary)

Back to this question, here's screening criteria and tools may not be hundred percent fit you, therefore, more important advice:

Each network security engineer should establish their own standards, combined with their own aesthetic and experience to create a unique set of tools for himself.