Cyber Security Tool Kit

• Infosec ,toolkit
• by Sebastian Wallace

Audio for this article

The perfect tool kit for cyber security, research and development takes time to develop. Recently I asked a quesiton of my Reddit friends as to what was in there tool kit. [Reddit - What's in your toolkit]

I was quite supprised at the response I got. Depending on peoples specific vocation the toolkits included thing as common as wireshark to as obscure as Software Defined Radios for monitoring radio traffic. This post isn't a digest of what everthing does, more a list of everything used. Happy tinkering.I'll start doing practical guides to things later on. 

Physical/software tools

•  Nmap

• Kali - MDK (good for wifi attacking)

• Kali airmon-ng (great for wifi monitoring)

• Burpsuite (windows version..)

• Homedale - This is a wifi scanner I use for windows (https://the-sz.com/products/homedale/index.php) I've a windows machine as well.

• Tor - both as a browser and a service

• MobSF - upload an APK and analyze it.

• OpenVAS - vulnerability scanner.

• Volatility - python script to analyze a memory dump.

• RedLine by FireEye - used to get disk and memory capture of Windows targets.

• Cellebrite - disk capture of mobile devices.

• Dirbuster - directory enumeration on web servers.

• Suricata + ELK stack - scan packet captures for malicious activity.

• Autopsy - analyze a disk image.

• dirbuster 

• SANS's SIFT - More IR focused than Kali.

• Wireshark - duh.

• wxHexEditor - Though the project does seem dead. HxD is also pretty good.

• Xplico - Useful for looking at pcaps of web sessions.

• dislocker - Accessing bitlocker encrypted drives on Linux.

• BrowsingHistoryView - Examine a user's browser history.

• Autopsy Sleuth Kit - File system artifact recovery.

• Volatility - Memory analysis

• Didier Stevens Suite - He has a tool for everything.

• Windows PowerShell - Microsoft really got this one right.

• docker - Y'all got any more of them tools in containers?

• splunk - In a container. Spin up new container, ingest mass o' logs, win.

• Jupyter - Bit of an honorable mention here. It's not an IR tool itself; but, if you put your tools in containers running Jupyter, you can then save your workflow as a notebook outside the container and re-create it easily.

• Ghidra - I don't get to try my hand at reversing often; but, this is a great tool for it.

•  Postman used for API testing.

•  SDR USB module. (software defined radio) 

• Security news app (available in both android and apple) https://apps.apple.com/us/app/cyber-security-news-alerts/id792406035 

• http://www.hexworkshop.com/ - Hex workshop tool for Hex decoding

Online Tools

• https://news.ycombinator.com/ - Great news resource

• https://www.exploit-db.com/ - Very good db of current and old exploits

• https://www.ncsc.gov.uk/section/keep-up-to-date/threat-reports (I'm u.k based, so this is regional...)

• https://threatpost.com/ - Nice reading.

• https://apt.thaicert.or.th/cgi-bin/aptgroups.cgi - I would recommend looking at this even for the interest value!

• https://www.shodan.io/ - This is basically become google for me.

• https://www.cybok.org/knowledgebase 

• Eric Zimmerman's Tools (More on the DF of the DFIR side of the house) - https://ericzimmerman.github.io/#!index.md

• Any of the Nirsoft tools - https://www.nirsoft.net/

• NetworkMiner if you want easier PCAP parsing - https://www.netresec.com/?page=NetworkMiner

• The hive project

• https://gchq.github.io/CyberChef/ - A wonderful multitool for about nearly anything

• https://github.com/SerpicoProject/Serpico Pen Testing reports.

• RFI tag references

On the learning/info side of things the list the OP provided is really good. I'd only add:

• SANS ISC

• Krebs on Security - Not as technical; but, damn good investigative reporting.

• Schneier on Security - This guy has literally written major books on cryptography.

• 13Cubed - Solid training videos.