Offensive Tooling Cheatsheets: An Infosec Survival Guide Resource
An Infosec Survival Guide Resource, released as blog posts, with fully designed, printer-friendly PDF cheatsheets.
Infosec for Beginners
DNS Triage Cheatsheet
DNS Triage is a reconnaissance tool that finds information about an organization’s infrastructure, software, and third-party services as fast as possible. The goal of DNS Triage is not to exhaustively find every technology asset that exists on the internet. The goal is to find the most commonly abused items of interest for real attackers.
Netcat (nc) Cheatsheet
Netcat is a network utility tool that has earned the nickname “The Swiss Army Knife” of networking. It can be used for file transfers, chat/messaging between systems, port scanning, and much more.
Nmap Cheatsheet
Nmap is a powerful open-source tool commonly used by system/network administrators and security professionals to perform network discovery, security auditing, and basic vulnerability assessment.
EyeWitness Cheatsheet
Offensive Purpose: Efficient way to gather info about web services & their hosting infrastructure. Automates taking screenshots for quick & easy review.
Hashcat Cheatsheet
Hashcat is a powerful tool for recovering lost passwords, and, thanks to GPU acceleration, it’s one of the fastest. It works by rapidly trying different password guesses to determine the original password from its scrambled (hashed) version.
Wireshark Cheatsheet
Wireshark is an incredible tool used to read and analyze network traffic coming in and out of an endpoint. Additionally, it can load previously captured traffic to assist with troubleshooting network issues or analyze malicious traffic to help determine what a threat actor is doing on your network.
Impacket Cheatsheet
Impacket is an extremely useful tool for post exploitation. It is a collection of Python scripts that provides low-level programmatic access to the packets and for some protocols, such as DCOM, Kerberos, SMB1, and MSRPC, the protocol implementation itself.
Burp Suite Cheatsheet
Burp Suite is an intercepting HTTP proxy that can also scan a web-based service for vulnerabilities. A tool like this is indispensable for testing web applications. Burp Suite is written in Java and comes bundled with a JVM, so it works on any operating system you’re likely to use.