Tag Archives: Cyber Forensics

Cyber Forensics, Cyber Security

Cybersecurity and Cyber Forensics tools – Part 1 (Collated from internet & AI)

Leave a comment

Here is an exhaustive list of cybersecurity and cyber forensic tools, categorized based on their functionalities:

1. Network Security & Monitoring Tools

  • Wireshark – Network packet analyzer
  • Snort – Open-source network intrusion detection system (NIDS)
  • Suricata – High-performance IDS, IPS, and network security monitoring (NSM)
  • Zeek (formerly Bro) – Network security monitoring tool
  • Tcpdump – Command-line packet analyzer
  • NetFlow Analyzer – Traffic analysis and bandwidth monitoring
  • Nmap – Network scanning and mapping
  • Nagios – Network monitoring and alerting
  • OpenVAS – Open-source vulnerability scanner

2. Penetration Testing & Ethical Hacking

  • Metasploit – Penetration testing framework
  • Kali Linux – Comprehensive penetration testing OS
  • Parrot Security OS – Alternative to Kali Linux with penetration testing tools
  • Burp Suite – Web application security testing
  • SQLmap – Automated SQL injection testing
  • John the Ripper – Password cracking tool
  • Hydra – Brute-force password cracking
  • Aircrack-ng – Wi-Fi network penetration testing
  • Nikto – Web server scanner
  • BeEF (Browser Exploitation Framework) – Browser-based attack tool
  • Reaver – Wi-Fi Protected Setup (WPS) attack tool
  • Social-Engineer Toolkit (SET) – Social engineering attack simulation

3. Digital Forensics Tools

  • Autopsy – Open-source digital forensic tool
  • FTK (Forensic Toolkit) – Disk imaging and forensic analysis
  • EnCase – Comprehensive digital forensic suite
  • The Sleuth Kit (TSK) – File system forensics
  • Volatility – Memory forensics framework
  • X-Ways Forensics – Lightweight forensic analysis tool
  • Magnet AXIOM – Digital investigation and analysis
  • OSForensics – Advanced file system analysis
  • DEFT Linux – Digital Evidence & Forensics Toolkit
  • CAINE (Computer Aided Investigative Environment) – Linux-based forensic tool
  • Oxygen Forensic Suite – Mobile forensic analysis
  • XRY – Mobile forensics tool
  • UFED (Cellebrite) – Mobile data extraction tool

4. Endpoint Security & Antivirus Tools

  • Windows Defender – Built-in Windows security
  • Bitdefender – Advanced endpoint protection
  • Kaspersky Endpoint Security – Enterprise-level security suite
  • Symantec Endpoint Protection – Comprehensive security solution
  • McAfee Endpoint Security – Next-gen endpoint protection
  • Sophos Intercept X – AI-driven endpoint security
  • CrowdStrike Falcon – Cloud-based EDR solution
  • Carbon Black (VMware) – Next-gen antivirus and EDR

5. Malware Analysis & Reverse Engineering

  • IDA Pro – Disassembler for reverse engineering
  • Ghidra – Open-source reverse engineering suite by NSA
  • Radare2 – Reverse engineering and binary analysis
  • OllyDbg – Windows debugger for malware analysis
  • x64dbg – Open-source Windows debugger
  • Cuckoo Sandbox – Automated malware analysis
  • PEStudio – Portable executable analysis tool
  • YARA – Pattern-matching tool for malware research

6. Web Security & Vulnerability Scanners

  • OWASP ZAP (Zed Attack Proxy) – Web app security scanner
  • Acunetix – Automated web vulnerability scanner
  • Nessus – Vulnerability scanning and risk assessment
  • Nikto – Web server scanner
  • Burp Suite – Comprehensive web penetration testing
  • Arachni – Web application security scanner

7. Cloud Security & Security-as-a-Service

  • AWS Security Hub – Cloud security posture management
  • Azure Security Center – Microsoft cloud security tool
  • Google Chronicle – Threat intelligence and SIEM
  • Palo Alto Prisma Cloud – Cloud security suite
  • Qualys Cloud Security – Compliance and vulnerability management
  • CrowdStrike Falcon for Cloud – Cloud-based threat detection

8. SIEM (Security Information and Event Management) & Log Analysis

  • Splunk – Security analytics and SIEM
  • ELK Stack (Elasticsearch, Logstash, Kibana) – Log monitoring and analysis
  • IBM QRadar – Threat intelligence and SIEM
  • ArcSight – Enterprise SIEM solution
  • Graylog – Open-source log analysis tool
  • LogRhythm – Security analytics and threat detection

9. Identity & Access Management (IAM)

  • Okta – Cloud-based identity and access management
  • Microsoft Active Directory (AD) – Centralized identity management
  • Ping Identity – Enterprise IAM solution
  • Auth0 – Authentication and authorization solution
  • CyberArk – Privileged access management (PAM)
  • Duo Security – Multi-factor authentication (MFA)

10. Threat Intelligence & Incident Response

  • MISP (Malware Information Sharing Platform) – Open-source threat intelligence platform
  • TheHive – Incident response and case management
  • AlienVault OTX – Open threat exchange intelligence
  • VirusTotal – Malware scanning and threat intelligence
  • Palo Alto Cortex XSOAR – Security orchestration and automation
  • MITRE ATT&CK Navigator – Threat tactics and techniques framework

11. Cryptography & Secure Communication

  • OpenSSL – Open-source cryptographic library
  • GnuPG (GPG) – Open-source encryption tool
  • VeraCrypt – Disk encryption software
  • TrueCrypt – Legacy disk encryption tool
  • Hashcat – Advanced password recovery tool
  • KeePass – Secure password manager

12. Wireless Security & Bluetooth Forensics

  • Kismet – Wireless network detection and monitoring
  • Aircrack-ng – Wi-Fi security auditing
  • Wireshark – Wireless traffic analysis
  • BlueMaho – Bluetooth security auditing
  • Ubertooth – Bluetooth sniffer

13. DevSecOps & Secure Development Tools

  • SonarQube – Static code analysis for security vulnerabilities
  • Checkmarx – Application security testing
  • Snyk – Open-source dependency vulnerability scanning
  • Veracode – Application security scanning
  • Dependency-Check – Software composition analysis (SCA) tool

14. Honeypots & Deception Technology

  • Dionaea – Malware honeypot
  • Cowrie – SSH and Telnet honeypot
  • Kippo – SSH honeypot for attacker monitoring
  • Honeyd – Low-interaction honeypot framework
  • Canary Tokens – Digital tripwires for intrusion detection

15. Mobile Security & Mobile Forensics

  • MobSF (Mobile Security Framework) – Static and dynamic analysis of mobile apps
  • Appknox – Mobile security vulnerability scanning
  • Drozer – Android security assessment framework
  • iOS Security Suite – iOS penetration testing tools

Cyber Forensics, Cyber Security

Web portal & commerce cyber forensics

Leave a comment

For this discussion, we will refer the top open-source products like Liferay, Drupal, WordPress, etc. and one proprietary portal like SharePoint which has good documentation.

Before studying cyber forensics for portals and commerce area, we must understand it’s architecture and security.

Web application architecture:

  • Three tier architecture:
  • CDN, WAF, Web server – Typically in external exposed subnet – Demilitarized subnet / zone
  • Application Server, Database, File Store, Search, Caching in internal subnet – Militarized zone
  • Integrations like IAM/LDAP/SSO, APIs, LLMs, AI, MQ, Kafka, etc. from various layers possible
  • Server / cloud / VM infrastructure / VPN
  • Use-cases:
  • Insurance policy administration
  • Supplier portals
  • Intranets
  • Search based use cases
  • Workflows / BPMs
  • eCommerce
  • Public websites and more
  • Deployment:
  • Cloud
  • In-prem / self-hosted
  • Clustered environment at most layers

Solutions could be monolith or micro-services driven, etc.

Security:

  • Programming level
  • Secure programming around APIs, Integrations and more
  • App server security
  • Separate subnets
  • JVM security
  • Web server & overall security
  • Https
  • CSP
  • CSRF / CORS
  • XSS
  • Server hardening
  • Access / IAM / 2FA / MFA
  • OWASP like SQL injection and more
  • Cookies & Sessions
  • DoS, DDoS, Malware, Spyware, etc.
  • And more – Security – Liferay Learn
  • Products:
  • Liferay
  • Drupal
  • WordPress
  • SharePoint, Mozilla foundation and many more
  • Custom portals, commerce built with PHP, Java, Dot Net and more

Forensics:

  • Logs of app server
  • Logs of web servers – Why? – IPs many times don’t pass beyond this layer of CDN, WAF, Web server
  • Logs of CDN, WAF
  • Logs of cloud, infra, VM, etc. and details Network Management System, Application Performance Monitoring
  • Database for the state – Very critical – don’t forget this if you get access to logs and overall access of portal
  • File store
  • Search
  • Code for integration, customizations
  • Configurations – XMLs, etc.
  • Access logs and full control of all servers
  • DNS pings
  • Integration logs
  • Concerns: PII, Privacy, State of workflows, system, data, content, etc. Multi session login by single user and 2FA/MFA
  • Building chain of events
  • Audit trails if enabled
  • Admin and other rights
  • Data governance, data security, data analytics, web analytics like Google Analytics
  • Logins, Logouts, Public APIs, Insecure APIs, Insecure servers, Authentication, Authorization
  • Understanding the resolution path: User -> ISP -> Internet over https -> DNS resolution -> Portal CDN -> WAF -> WS (External world and https typically breaks here) -> AS -> Integrations & Search -> DB and back it goes

References: