Notes: Search Skills | Cyber Security 101 | THM

solbergtonje
29 nov. 2024
2 min läsning

Uppdaterat: 10 dec. 2024

Information Sources

Make sure information is unbiased and comes from a reputable and authoritative source with claims made on solid evidence and logical reasoning. Check if there are other unbiased and reputable sources with the same claim.

Search Operators

Find exact word/phrase: "exact phrase"

Find word/phrase on domain: site:tryhackme.com success stories

Remove certain words/phrases from search result: pyramids -tourism

Search for specific file types: filetype:ppt cyber security

https://github.com/cipher387/Advanced-search-operators-list

Specialized Search Engines

Shodan: search for devices, types and versions of servers, networking equipment, industrial control system, IoT devices connected to internet

Censys: search for hosts, websites, certificates and other internet assets like finding domains in use, open ports and services, discovering rogue assets within a network

VirusTotal: upload files, input URLs, search file hashes to see results of previously uploaded files, see others comments, on this scanning service using multiple antivirus engines Be aware that it can be flagged wrongly!

Have I Been Pwned: check if email address is registered in any leaked data breach. (Some use same password across platforms)

CVE (Common Vulnerabilities and Exposures): list of vulnerabilities and security issues in software and hardware maintained by MITRE. A vulnerability gets assigned a CVE ID, f.ex.: CVE-2024-29988

https://nvd.nist.gov/

https://www.kb.cert.org/vuls/

Exploit Database: list exploit codes where some have been tested and marked as verified which are only to be used when allowed to exploit a vulnerable system

GitHub: platform for software development which can contain tools related to CVEs, PoC (proof-of-concept) and exploit codes

Technical Documentation

Unix/Linux: man page exists for each command, system calls, library functions and configuration files

Microsoft: offical technical documentation page for its products

Product Documentation

Each product should provide an official source of information about the product features and functions

https://www.snort.org/documents

https://httpd.apache.org/docs/

https://www.php.net/manual/en/index.php

https://nodejs.org/docs/latest/api/

Social Media

provides a wealth of information
employees may overshare
be familiar with popular platforms: use temporary email address