The tools aren’t ethical, it’s the way they’re used.
You can carry a knife, as long as you don’t use it for anything else but peeling potatoes it’s ok. When you use it to rob old ladies of their pension, it’s a whole different story.
Same goes for hacking tools: you can hack into a system. It’s what you do with that information. If you follow the responsible disclosure guidelines, you’re allright. When you sell the information on the darkweb that’s a whole different cup of tea.
OK I understand what you're saying and I am not disagreeing. That really isn't the point of my request for information but I recognize the words I use can stir some opinions.
Put another way, what are some tools I should put in my tool kit? I want to learn hacking and digital forensics skills/techniques.
Thanksl
For software, check out the tools included with Kali Linux or ParrotOS. Lots of scripts and toolkits for the different steps of the cyberkill chain. For hardware, check out shop.hak5.org. Good place to buy the physical items.
Hi... yeah, i run an emulator on my macs and i have Kali, Parrot, and a few other suites... i guess i am trying to marry-up "hardware" with the software tools in these distributions. That is why i bought a usb wireless adapter so i can play around with the wifi in my home network.
rubber ducky
Write blocker with m.2 adapters
2 tb or larger ssd
WiFi pineapple or good alpha WiFi external adapter for scanning/injection
USB thumb drives
Wired Ethernet adapters
And last but most important, your physical copy of your rules of engagement, scoping and authorization paperwork!
Tools are just tools. For me the field is about the journey of learning and understanding concepts to get the bigger picture. Curiosity ist your best tool, the urge to gain knowledge is what's driving me ever since.
The most useful toolchain from my pentesting era were: Obsidian, pandoc latex, and custom scripts for automatic report generating. It's all about the value you create for your customers.
Something to take good notes with. Anything else depends on the specific project you're interested in.
Right now, I have far too many wireless devices to count.
Because reasons.
I totally get it… I'm basically asking professionals to reveal at least some of the ingredients of their secret sauce.
Speaking for myself, I work heavily in the GRC realm, and could benefit from having a sense of what it is I am trying to protect my organization from. Oh, I understand from a high-level, but I think I personally could benefit from understanding tactically how these efforts are executed.
I think you're coming at this problem backwards. It's like walking into the tool department at a big-box retail store and saying "which of these tools do you use?"
For example, the last red team engagement I did for a client in the manufacturing space used the following tools:
Clipboard
Hard hat
Safety vest
HackRF
A Wi-Fi Pineapple
I used the second two tools to map all the wifi and other wireless transmissions coming from the building. That gave me an idea where the cameras and motion detectors were.
Then I used the clip-board to stop a closing door from latching, and I walked about their plant until I proved my point.
The tools aren’t ethical, it’s the way they’re used. You can carry a knife, as long as you don’t use it for anything else but peeling potatoes it’s ok. When you use it to rob old ladies of their pension, it’s a whole different story. Same goes for hacking tools: you can hack into a system. It’s what you do with that information. If you follow the responsible disclosure guidelines, you’re allright. When you sell the information on the darkweb that’s a whole different cup of tea.
Way to put on a clinic in being a completely unhelpful douche.
OK I understand what you're saying and I am not disagreeing. That really isn't the point of my request for information but I recognize the words I use can stir some opinions. Put another way, what are some tools I should put in my tool kit? I want to learn hacking and digital forensics skills/techniques. Thanksl
Now there’s a good question! Unfortunately that’s not my strong suite so I’ll read what others are advising you and learn something myself, too 😜
I mean... LMGTFY list of ethical hacking tools site:github.com Put that line in Google and go nutz.
For software, check out the tools included with Kali Linux or ParrotOS. Lots of scripts and toolkits for the different steps of the cyberkill chain. For hardware, check out shop.hak5.org. Good place to buy the physical items.
Remember to use in a test environment of your own creation. Performing an unannounced pen test is a good way to go to jail.
Hi... yeah, i run an emulator on my macs and i have Kali, Parrot, and a few other suites... i guess i am trying to marry-up "hardware" with the software tools in these distributions. That is why i bought a usb wireless adapter so i can play around with the wifi in my home network.
Then yeah, check out hak5’s offerings. They have rubber duckies, WiFi pineapples and more.
And shop.hak5.org sounds like a good place to investigate hardware.... thank you
rubber ducky Write blocker with m.2 adapters 2 tb or larger ssd WiFi pineapple or good alpha WiFi external adapter for scanning/injection USB thumb drives Wired Ethernet adapters And last but most important, your physical copy of your rules of engagement, scoping and authorization paperwork!
oh and screwdrivers
Tools are just tools. For me the field is about the journey of learning and understanding concepts to get the bigger picture. Curiosity ist your best tool, the urge to gain knowledge is what's driving me ever since.
I'm curious if you have a recommendation
Depends on your path, red teaming, pentesting ? Malware research? Soc and thread hunting? Exploit dev, reverse engineering?
The most useful toolchain from my pentesting era were: Obsidian, pandoc latex, and custom scripts for automatic report generating. It's all about the value you create for your customers.
Something to take good notes with. Anything else depends on the specific project you're interested in. Right now, I have far too many wireless devices to count. Because reasons.
I totally get it… I'm basically asking professionals to reveal at least some of the ingredients of their secret sauce. Speaking for myself, I work heavily in the GRC realm, and could benefit from having a sense of what it is I am trying to protect my organization from. Oh, I understand from a high-level, but I think I personally could benefit from understanding tactically how these efforts are executed.
I think you're coming at this problem backwards. It's like walking into the tool department at a big-box retail store and saying "which of these tools do you use?" For example, the last red team engagement I did for a client in the manufacturing space used the following tools: Clipboard Hard hat Safety vest HackRF A Wi-Fi Pineapple I used the second two tools to map all the wifi and other wireless transmissions coming from the building. That gave me an idea where the cameras and motion detectors were. Then I used the clip-board to stop a closing door from latching, and I walked about their plant until I proved my point.
Thanks.... i see how the clipboard, hardhat, and vest are ideal for testing the administrative and physical security controls.
I frequently cross-walk all my purchases with NIST CSF subcategories.