Offensive Security Attacks, Tools, and Techniques

Offensive Security Attacks, Tools, and Techniques

Table of Contents

This blog post is a work in progress. Most sections are open for collaboration and development. Feel free to contact me if you want to collaborate.

Disclaimer

All information on this page is from other websites, and the sources are provided. The information on this post will be updated occasionally (e.g., broken link).

Furthermore, the information aforementioned is for educational purposes. The acknowledgement that a tool exists does not mean that it is legal to use. To be safe, do not use any of the tools or attacks in this list unless you have explicit permission from the companies and individuals involved. Lastly, the acknowledgement of these tools and techniques does not imply my endorsement, ability, or usage of the tools and techniques. Please read my Legal Disclaimer.

Mobile security

This series by Satish B. covers historical content, but it is fascinating nonetheless. It covers many of the goals of mobile pen testing.

Attacks

TBD

Tools

ToolWhat and why?
Android Debug Bridge (ADB)CMD utility for interfacing with connected Android devices, which includes android-specific actions and access to a Unix CMD shell on the connected device.
ClutchOSS iOS decryption tool. Clutch supports the iPhone, iPod Touch, iPad, and all iOS versions, architecture types, and most binaries.
CrackulousHistorically used decrypt iPhone apps. Crackulous, an organization, offers various tools today.
CycriptExplore and modify running apps on either iOS or Mac OS X using a hybrid of Objective-C++ and JavaScript syntax; includes process injection, foreign function calls, and tab completion.
Dex to Java Technique– bytecode-viewer for reverse engineering suite (i.e., debugger, decompiler, editor, etc) Java jars and Android APKs
– dex2jar for android .dex and java .class files
– https://www.decompiler.com/
DrozerAutomated Android vulnerability scanner that includes several public Android exploits built in to test the vulnerability of the target device.
FridaDynamic code instrumentation toolkit that works by injecting the QuickJS JavaScript engine into the instrumented process
– frida-ios-dump: script used to decrypt IPA (iOS) files on jailbroken devices. Once the script is run, the source code is available for analysis and reversing.
GNU DebuggerRun time analysis and reverse engineering
GrapefruitUsed for iOS runtime application instrumentation. Very similar to Passionfruit, but newer.
iKeyMonitor iPhone HackerA paid monitoring tool. It installs keylogging software. It functions as a traditional spyware.
iOS reverse engineering toolkit (iRET) by VeracodeDeveloped to speed up repetitive aspects of the pen-testing process. Includes oTool, class-dump-z, dumpDecrypted, Keychain_dumper, Plutil, SQLite, and Theos. 
Mobile Security Framework (MobSF)Automated android pen-testing, malware analysis, and security assessment framework capable of performing static and dynamic analysis
Myriam iOSTraining tool for those interested in learning the basics of reverse engineering iOS applications (e.g., authentication bypass, circumvent activation, jailbreak detection, modifying in-app data, UIKit web manipulation, and variable modification). YouTube playlist by the creator of Myriam iOS. 
ObjectionUses Frida and does not require jail-broken or rooted devices. Features like inspecting and interacting with container file systems, bypassing SSL pinning, and dumping keychains.
Odcctoolsotool (object file displaying tool)
OpenSSHConnect to the device remotely over SSH
PassionfruitGraphic web-app for interacting with iOS applications. Often used for dumping and analyzing iOS app contents.
Quick Android Review Kit (QARK)Automated Android application-vulnerability scanner for source code and compiled apps that automatically generate applications or ADB commands to exploit identified vulnerabilities
Radare2Disassembling, debugging, patching, and analyzing binaries that are scriptable and support many architectures and file-formats, including Android and iOS apps
Runtime Mobile Security (RMS)A web interface to easily interact with Frida. The tool manipulates Android java classes and their methods at runtime.
Sqlite3Sqlite database client
SyslogdView iPhone logs
TcpdumpTo capture network traffic on phone
VeencyView the phone on the workstation with the help of veency client

Network, web application, and wireless security

TBD

Popular ports

Source: Appendix C. Common Ports of Red Hat Enterprise Linux 4

PortName
20File Transfer Protocol (FTP) Data Transfer
21File Transfer Protocol (FTP) Command Control
22Secure Shell (SSH)
23Telnet (remote login service, unencrypted text messages)
25Simple Mail Transfer Protocol (SMTP) email Routing
53Domain Name System (DNS) service
80Hypertext Transfer Protocol (HTTP) used in World Wide Web
110Post Office Protocol (POP3) used by email clients to retrieve email from a server
119Network News Transfer Protocol (NNTP)
123Network Time Protocol (NTP)
143Internet Message Access Protocol (IMAP) Management of Digital Mail
161Simple Network Management Protocol (SNMP)
194Internet Relay Chat (IRC)
443HTTP Secure (HTTPS) HTTP over TLS/SSL

Attacks

Source: OWASP

TBD

Tools

TBD

OSINT

TBD

Tools

TBD

Physical security

Developed in collaboration with Bailey Powers, RITSEC’s President of Physical Security β€˜23.

TBD

Attacks

TBD

Tools

TBD