Cyber Security Analyst - Tools - Commands

Microsoft Baseline Security Analyzer (MBSA)

a Windows-specific security tool limited in scope with Windows systems checking for missing security patches.

Web Application Software Scanners

a program which communicates with XXXX applications thru the web front-end in order to identify potential security vulnerabilities in XXX application and architectureal weakness. (Nikto, Acunetix, Burp Suite, OWASP ZAP, w3af)

Sdelete

a secure file deletion utility

PsTools

a set of commad-line utilities with a broad range of functions, including process information and start/stop capabilities, event log dumping, password changes, and many others

TCPView

a tool for socket-level visibility for analyzing network connected services.

ShareEnum

a tool that analyzes shares and their permissions

Process Explorer

a tool that shows the files, DLLs, Registry keys, and other objects in use by each process.

AutoRuns

a utility that shows what programs start at login or system boot. Useful when troubleshooting some adware, malware, or problematic startup programs.

Proxy Servers

act a intermediaries between clients and web servers. Passing information while checking/monitoring traffic to and from location. Opportunity to perform content filtering; caching of frequency to increase bandwidth;

Packet Analyzer

also known as a network analyzer, protocol analyzer, or packet sniffer, is a comptuer program or piece of computer hardware that can intercept and log traffic that passes over a digital network or part of a network.

Fuzzers

are automated testing tools that rapidly create thousands of variants on input in an effort to test many input combinations that would be possible with manual techniques.

AlienVault

asset discovery, vulnerability scanning and assessment, behavior (heuristic) analysis capabilities, and IDS capabilities.

NETSTAT

command-line network tool that sisplays Active TCP and UPD connections; Ethernet statistics (bytes passed in packets); route table inforamtion (IPv4-IPv6 information); network protocol statistics.

Burp Suite

commercial web application security toolkit from PortSwigger. Used as an interception web proxy.

Vulnerability Scanner

designed to assess computers, computer systems, networks or applications for known weaknesses. Used to discover the weak point or poorly constructed parts. Authenticated scans with admin access; Unauthenticated scans withou admin access. (Nessus, SAINT, OpenVAS, Nexpose)

OpenVAS

free alternative to commercial vulnerability scanners.

Netflow Analyzer

is a commercial network flow analyzer tool that provides graphical views of network bandwidth usage and other flow-related information.

ZAP (Zed Attack Proxy)

is a community develoment prior to coordinated by OWASP. It intercepts requests from a web browser and alter them before passing them to the web server.

Nagios

is a monitoring tool available as both an open source product or a commercial version. Provides an easy to use web interface for analysis and reporting, and it can alert on issues identified by its monitoring capabilities.

Cain and Abel

is a multifucation password recovery and cracking tool for Windows. Password dumping tools, Hash cracking, VoIP phone decoding, network sniffing over the wire password capture tool.

Cacti

is a network graphing tool that runs on top of RRDtool (a data logging and graphing system) to allow recurring, time-based data collection and analysis.

MRTG (Multi Router Traffic Grapher)

is a network monitoring tool that leverages SNMP to monitor traffic on network connections.

QualysGuard

is a network vulnerability scanner that can work as a Software-as-a-Service (SaaS) applicance.

Ophcrack

is a open source password cracking tool that relies on rainbow tables.

NMAP

is a security scanner used to discover hosts and services on a computer network, building a map. Send crafted packets to the target hosts and then analyzes the responses.

Syslog

is a standard for logging and is designed to allow logs to be created on an endpoint server, system, or device, and then be stored locally or sent to a central server for storage.

Splunk

is a tool designed to provide large-scale data collection and analysis capabilities for a broad range of data types.

Rapid7 Nexpose

is another commercial vunerability managmenet system.

Bro

is another open source intrusion detection and prevention system. Works by performing protocol analysis analysis on the network connections and also finds significant use as a network analysis and forensic tool.

Snort

one of the earliest intrusion detection systems. Open souce IDS/IPS.

John the Ripper

open source tool designed to crack passwords and hashes, including Linux, Windows, Kerberos, and other frequently used password hasing methods.

Traceroute

provides an idea of the network path between two systems. Also known on Windows systems as tracecert.

ifconfig/ipconfig

provides detailed configuration information about the network interfaces on a system (Ethernet and IP addresses)

Syslog-ng

provides greater capabilities that traditional syslog.

Nslookup/Dig

provides the ability to perform manual DNS queries to troubleshoot connections on Windows systems.

Nikto

the only web application scanning tool.

AccessEnum (sysinternals)

which enumerates the access on a system, providing a good view of who has permissions to files, directories, and other objects.

Sysmon

which is often used for intrusion detection and forensic analysis for its ability to monitor processes and their activity in a searchable and easily viewable manner.

ProcDump

which provides proces dumping for memory and error analysis.

Foot Print Tools

DNS lookup, Whois, Sam Spade, Nslookup, DSNstuff, DNS enumeration

OSSIM

Open source SIEM that integrates a number of open source tools. Provides correlation, reporting, and alerting capabilities that are typical of a SIEM product.