{ "version": "1.0.0", "generated": "2025-12-06T21:18:27.814405Z", "source": "vaultmesh-offsec-compendium.md", "total_parts": 7, "total_sections": 22, "parts": [ { "id": "part-i-lab-infrastructure-foundations", "title": "Part I: Lab Infrastructure & Foundations", "line": 51, "sections": [ { "id": "1-lab-infrastructure-architecture", "title": "1. Lab Infrastructure Architecture", "part_id": "part-i-lab-infrastructure-foundations", "part_title": "Part I: Lab Infrastructure & Foundations", "line": 55, "anchor": "#1-lab-infrastructure-architecture", "tags": [ "lab" ], "subsections": [ { "id": "11-hardware-requirements", "title": "1.1 Hardware Requirements", "line": 59, "anchor": "#11-hardware-requirements" }, { "id": "12-virtualization-platforms", "title": "1.2 Virtualization Platforms", "line": 68, "anchor": "#12-virtualization-platforms" }, { "id": "13-network-topology", "title": "1.3 Network Topology", "line": 74, "anchor": "#13-network-topology" } ], "body": "- **Host-Only Network**: Isolated VMs for safe attack simulation\n- **NAT Network**: VMs share host internet while maintaining inter-VM communication\n- **Internal Network**: Complete isolation for live malware analysis\n\n---", "summary": "- **Host-Only Network**: Isolated VMs for safe attack simulation\n- **NAT Network**: VMs share host internet while maintaining inter-VM communication\n- **Internal Network**: Complete isolation for live malware analysis" }, { "id": "2-intentionally-vulnerable-applications", "title": "2. Intentionally Vulnerable Applications", "part_id": "part-i-lab-infrastructure-foundations", "part_title": "Part I: Lab Infrastructure & Foundations", "line": 82, "anchor": "#2-intentionally-vulnerable-applications", "tags": [ "security" ], "subsections": [ { "id": "21-web-applications", "title": "2.1 Web Applications", "line": 84, "anchor": "#21-web-applications" }, { "id": "22-additional-web-platforms", "title": "2.2 Additional Web Platforms", "line": 108, "anchor": "#22-additional-web-platforms" }, { "id": "23-cloud-security-platforms", "title": "2.3 Cloud Security Platforms", "line": 118, "anchor": "#23-cloud-security-platforms" }, { "id": "24-container-security", "title": "2.4 Container Security", "line": 135, "anchor": "#24-container-security" }, { "id": "25-api-security-platforms", "title": "2.5 API Security Platforms", "line": 149, "anchor": "#25-api-security-platforms" } ], "body": "Microservices-based platform covering OWASP API Top 10.\n\n| Platform | Technology | Key Features |\n|----------|------------|--------------|\n| VAmPI | Flask | OpenAPI3 specs, vulnerable/secure toggle |\n| vAPI | PHP | OWASP API Top 10 exercises |\n| DVGA | GraphQL | GraphQL-specific attacks |\n\n---", "summary": "Microservices-based platform covering OWASP API Top 10." }, { "id": "3-vulnerable-repositories-research", "title": "3. Vulnerable Repositories Research", "part_id": "part-i-lab-infrastructure-foundations", "part_title": "Part I: Lab Infrastructure & Foundations", "line": 162, "anchor": "#3-vulnerable-repositories-research", "tags": [ "security" ], "subsections": [ { "id": "31-repository-vulnerability-statistics", "title": "3.1 Repository Vulnerability Statistics", "line": 164, "anchor": "#31-repository-vulnerability-statistics" }, { "id": "32-vulnerability-datasets", "title": "3.2 Vulnerability Datasets", "line": 171, "anchor": "#32-vulnerability-datasets" } ], "body": "| Dataset | Size | Languages | Coverage |\n|---------|------|-----------|----------|\n| BigVul | 3,754 CVEs | C/C++ | 91 vulnerability types, 348 GitHub projects |\n| MegaVul | 17,380 | C/C++ | 169 types from 992 repos (2006-2023) |\n| DiverseVul | Variable | 12 langs | Higher label accuracy than BigVul |\n| CVEFixes | Multi | Multiple | CVE records from NVD with fixes |\n\n---", "summary": "---" } ] }, { "id": "part-ii-cloud-container-infrastructure-security", "title": "Part II: Cloud, Container & Infrastructure Security", "line": 182, "sections": [ { "id": "4-cloud-security-awsazure-penetration-testing", "title": "4. Cloud Security & AWS/Azure Penetration Testing", "part_id": "part-ii-cloud-container-infrastructure-security", "part_title": "Part II: Cloud, Container & Infrastructure Security", "line": 186, "anchor": "#4-cloud-security-awsazure-penetration-testing", "tags": [ "cloud", "pentest" ], "subsections": [ { "id": "41-cloud-security-landscape", "title": "4.1 Cloud Security Landscape", "line": 188, "anchor": "#41-cloud-security-landscape" }, { "id": "42-aws-penetration-testing", "title": "4.2 AWS Penetration Testing", "line": 198, "anchor": "#42-aws-penetration-testing" }, { "id": "43-azureentra-id-penetration-testing", "title": "4.3 Azure/Entra ID Penetration Testing", "line": 242, "anchor": "#43-azureentra-id-penetration-testing" } ], "body": "```bash\ncurl -H \"Metadata:true\" \\\n \"http://169.254.169.254/metadata/identity/oauth2/token?api-version=2018-02-01&resource=https://management.azure.com\"\n```\n\n---", "summary": "```bash\ncurl -H \"Metadata:true\" \\\n \"http://169.254.169.254/metadata/identity/oauth2/token?api-version=2018-02-01&resource=https://management.azure.com\"\n```" }, { "id": "5-container-kubernetes-security", "title": "5. Container & Kubernetes Security", "part_id": "part-ii-cloud-container-infrastructure-security", "part_title": "Part II: Cloud, Container & Infrastructure Security", "line": 271, "anchor": "#5-container-kubernetes-security", "tags": [ "container", "ai" ], "subsections": [ { "id": "51-overview", "title": "5.1 Overview", "line": 273, "anchor": "#51-overview" }, { "id": "52-runtime-security-with-falco", "title": "5.2 Runtime Security with Falco", "line": 284, "anchor": "#52-runtime-security-with-falco" }, { "id": "53-image-scanning-with-trivy", "title": "5.3 Image Scanning with Trivy", "line": 296, "anchor": "#53-image-scanning-with-trivy" }, { "id": "54-pod-security-admission", "title": "5.4 Pod Security Admission", "line": 312, "anchor": "#54-pod-security-admission" }, { "id": "55-supply-chain-security", "title": "5.5 Supply Chain Security", "line": 325, "anchor": "#55-supply-chain-security" } ], "body": "cosign verify --key cosign.pub myregistry/myimage:tag\n```\n\n---", "summary": "cosign verify --key cosign.pub myregistry/myimage:tag\n```" } ] }, { "id": "part-iii-application-api-security", "title": "Part III: Application & API Security", "line": 345, "sections": [ { "id": "6-api-security-testing", "title": "6. API Security Testing", "part_id": "part-iii-application-api-security", "part_title": "Part III: Application & API Security", "line": 349, "anchor": "#6-api-security-testing", "tags": [ "api" ], "subsections": [ { "id": "61-owasp-api-security-top-10-2023", "title": "6.1 OWASP API Security Top 10 (2023)", "line": 351, "anchor": "#61-owasp-api-security-top-10-2023" }, { "id": "62-api-testing-tools", "title": "6.2 API Testing Tools", "line": 366, "anchor": "#62-api-testing-tools" }, { "id": "63-rest-api-testing", "title": "6.3 REST API Testing", "line": 377, "anchor": "#63-rest-api-testing" }, { "id": "64-graphql-security", "title": "6.4 GraphQL Security", "line": 402, "anchor": "#64-graphql-security" } ], "body": "| Vulnerability | Description |\n|---------------|-------------|\n| Introspection Enabled | Schema disclosure reveals types, queries, mutations |\n| Batching Attacks | Multiple queries bypass rate limits |\n| Deep Query DoS | Recursive/nested queries exhaust resources |\n| Injection via Arguments | SQLi/NoSQLi through resolver arguments |\n\n```json\n// Introspection probe\n{\"query\": \"{__schema{queryType{name}}}\"}\n\n// Full introspection\n{\"query\": \"{__schema{types{name,fields{name,args{name,type{name}}}}}}\"}\n```\n\n---", "summary": "```json\n// Introspection probe\n{\"query\": \"{__schema{queryType{name}}}\"}" }, { "id": "7-mobile-application-security-testing", "title": "7. Mobile Application Security Testing", "part_id": "part-iii-application-api-security", "part_title": "Part III: Application & API Security", "line": 421, "anchor": "#7-mobile-application-security-testing", "tags": [ "mobile" ], "subsections": [ { "id": "71-owasp-mobile-top-10-2024", "title": "7.1 OWASP Mobile Top 10 (2024)", "line": 423, "anchor": "#71-owasp-mobile-top-10-2024" }, { "id": "72-mobile-testing-tools", "title": "7.2 Mobile Testing Tools", "line": 438, "anchor": "#72-mobile-testing-tools" }, { "id": "73-android-security-testing", "title": "7.3 Android Security Testing", "line": 448, "anchor": "#73-android-security-testing" }, { "id": "74-ios-security-testing", "title": "7.4 iOS Security Testing", "line": 470, "anchor": "#74-ios-security-testing" } ], "body": "frida-ios-dump com.target.app\n```\n\n---", "summary": "frida-ios-dump com.target.app\n```" } ] }, { "id": "part-iv-enterprise-identity-security", "title": "Part IV: Enterprise & Identity Security", "line": 489, "sections": [ { "id": "8-active-directory-security-attack-techniques", "title": "8. Active Directory Security & Attack Techniques", "part_id": "part-iv-enterprise-identity-security", "part_title": "Part IV: Enterprise & Identity Security", "line": 493, "anchor": "#8-active-directory-security-attack-techniques", "tags": [ "ad" ], "subsections": [ { "id": "81-overview", "title": "8.1 Overview", "line": 495, "anchor": "#81-overview" }, { "id": "82-kerberos-authentication-attacks", "title": "8.2 Kerberos Authentication Attacks", "line": 504, "anchor": "#82-kerberos-authentication-attacks" }, { "id": "83-attack-commands", "title": "8.3 Attack Commands", "line": 514, "anchor": "#83-attack-commands" }, { "id": "84-ad-hardening-best-practices", "title": "8.4 AD Hardening Best Practices", "line": 569, "anchor": "#84-ad-hardening-best-practices" } ], "body": "- Implement tiered administration model (Tier 0/1/2)\n- Deploy Group Managed Service Accounts (gMSAs)\n- Enable Protected Users security group\n- Enforce AES encryption for Kerberos\n- Implement LAPS for local admin passwords\n- Enable Credential Guard on Windows 10/11+\n- Rotate KRBTGT password twice annually\n\n---", "summary": "- Implement tiered administration model (Tier 0/1/2)\n- Deploy Group Managed Service Accounts (gMSAs)\n- Enable Protected Users security group\n- Enforce AES encryption for Kerberos\n- Implement LAPS for local admin passwords\n- Enable Credential Guard on Windows 10/11+\n- Rotate KRBTGT password twice ann" } ] }, { "id": "part-v-offensive-operations", "title": "Part V: Offensive Operations", "line": 581, "sections": [ { "id": "9-penetration-testing-methodologies-reporting", "title": "9. Penetration Testing Methodologies & Reporting", "part_id": "part-v-offensive-operations", "part_title": "Part V: Offensive Operations", "line": 585, "anchor": "#9-penetration-testing-methodologies-reporting", "tags": [ "pentest" ], "subsections": [ { "id": "91-ptes-seven-phases", "title": "9.1 PTES Seven Phases", "line": 587, "anchor": "#91-ptes-seven-phases" }, { "id": "92-reconnaissance-tools", "title": "9.2 Reconnaissance Tools", "line": 597, "anchor": "#92-reconnaissance-tools" }, { "id": "93-reconnaissance-commands", "title": "9.3 Reconnaissance Commands", "line": 605, "anchor": "#93-reconnaissance-commands" }, { "id": "94-privilege-escalation", "title": "9.4 Privilege Escalation", "line": 623, "anchor": "#94-privilege-escalation" }, { "id": "95-cvss-scoring", "title": "9.5 CVSS Scoring", "line": 644, "anchor": "#95-cvss-scoring" } ], "body": "| Severity | Score | Remediation Timeline |\n|----------|-------|---------------------|\n| Critical | 9.0-10.0 | Immediate |\n| High | 7.0-8.9 | Within 30 days |\n| Medium | 4.0-6.9 | Within 90 days |\n| Low | 0.1-3.9 | Regular maintenance |\n\n---", "summary": "---" }, { "id": "10-red-team-operations", "title": "10. Red Team Operations", "part_id": "part-v-offensive-operations", "part_title": "Part V: Offensive Operations", "line": 655, "anchor": "#10-red-team-operations", "tags": [ "redteam" ], "subsections": [ { "id": "101-c2-frameworks", "title": "10.1 C2 Frameworks", "line": 657, "anchor": "#101-c2-frameworks" }, { "id": "102-sliver-c2-framework", "title": "10.2 Sliver C2 Framework", "line": 667, "anchor": "#102-sliver-c2-framework" }, { "id": "103-amsi-bypass-techniques", "title": "10.3 AMSI Bypass Techniques", "line": 689, "anchor": "#103-amsi-bypass-techniques" }, { "id": "104-persistence-mechanisms", "title": "10.4 Persistence Mechanisms", "line": 699, "anchor": "#104-persistence-mechanisms" }, { "id": "105-lateral-movement", "title": "10.5 Lateral Movement", "line": 709, "anchor": "#105-lateral-movement" } ], "body": "Enter-PSSession -ComputerName TARGET -Credential $cred\n```\n\n---", "summary": "Enter-PSSession -ComputerName TARGET -Credential $cred\n```" }, { "id": "11-social-engineering-phishing", "title": "11. Social Engineering & Phishing", "part_id": "part-v-offensive-operations", "part_title": "Part V: Offensive Operations", "line": 728, "anchor": "#11-social-engineering-phishing", "tags": [ "social" ], "subsections": [ { "id": "111-landscape-statistics", "title": "11.1 Landscape Statistics", "line": 730, "anchor": "#111-landscape-statistics" }, { "id": "112-phishing-frameworks", "title": "11.2 Phishing Frameworks", "line": 740, "anchor": "#112-phishing-frameworks" }, { "id": "113-gophish-setup", "title": "11.3 GoPhish Setup", "line": 749, "anchor": "#113-gophish-setup" }, { "id": "114-evilginx3-mfa-bypass", "title": "11.4 Evilginx3 MFA Bypass", "line": 759, "anchor": "#114-evilginx3-mfa-bypass" }, { "id": "115-physical-security-testing", "title": "11.5 Physical Security Testing", "line": 775, "anchor": "#115-physical-security-testing" } ], "body": "| Technique | Method | Tools |\n|-----------|--------|-------|\n| Tailgating | Follow authorized person | Props, fake phone call |\n| Badge Cloning | Copy RFID/NFC badges | Proxmark3, Flipper Zero |\n| Lock Picking | Bypass physical locks | Lock picks, bump keys |\n| USB Drop | Leave malicious USB drives | Rubber Ducky, O.MG Cable |\n\n---", "summary": "---" }, { "id": "12-wireless-security-testing", "title": "12. Wireless Security Testing", "part_id": "part-v-offensive-operations", "part_title": "Part V: Offensive Operations", "line": 786, "anchor": "#12-wireless-security-testing", "tags": [ "wireless" ], "subsections": [ { "id": "121-wifi-hacking-tools", "title": "12.1 WiFi Hacking Tools", "line": 788, "anchor": "#121-wifi-hacking-tools" }, { "id": "122-attack-methodology", "title": "12.2 Attack Methodology", "line": 795, "anchor": "#122-attack-methodology" } ], "body": "aircrack-ng -w wordlist.txt capture-01.cap\n```\n\n---", "summary": "aircrack-ng -w wordlist.txt capture-01.cap\n```" } ] }, { "id": "part-vi-defensive-detection-operations", "title": "Part VI: Defensive & Detection Operations", "line": 816, "sections": [ { "id": "13-purple-team-operations", "title": "13. Purple Team Operations", "part_id": "part-vi-defensive-detection-operations", "part_title": "Part VI: Defensive & Detection Operations", "line": 820, "anchor": "#13-purple-team-operations", "tags": [ "purple" ], "subsections": [ { "id": "131-overview", "title": "13.1 Overview", "line": 822, "anchor": "#131-overview" }, { "id": "132-adversary-emulation-frameworks", "title": "13.2 Adversary Emulation Frameworks", "line": 833, "anchor": "#132-adversary-emulation-frameworks" }, { "id": "133-mitre-caldera", "title": "13.3 MITRE Caldera", "line": 841, "anchor": "#133-mitre-caldera" }, { "id": "134-atomic-red-team", "title": "13.4 Atomic Red Team", "line": 851, "anchor": "#134-atomic-red-team" }, { "id": "135-sigma-detection-rules", "title": "13.5 Sigma Detection Rules", "line": 864, "anchor": "#135-sigma-detection-rules" }, { "id": "136-bas-platforms", "title": "13.6 BAS Platforms", "line": 888, "anchor": "#136-bas-platforms" } ], "body": "| Platform | Key Capabilities |\n|----------|------------------|\n| Picus Security | Vendor-specific remediation, 24hr threat SLA |\n| Cymulate | Continuous exposure management |\n| AttackIQ | MITRE ATT&CK alignment |\n| SafeBreach | 25K+ attacks Hacker's Playbook |\n\n---", "summary": "---" }, { "id": "14-incident-response", "title": "14. Incident Response", "part_id": "part-vi-defensive-detection-operations", "part_title": "Part VI: Defensive & Detection Operations", "line": 899, "anchor": "#14-incident-response", "tags": [ "incident" ], "subsections": [], "body": "*Content from v8_IncidentResponse module*\n\nKey phases: Preparation, Detection & Analysis, Containment, Eradication, Recovery, Post-Incident Activity\n\n---", "summary": "*Content from v8_IncidentResponse module*" }, { "id": "15-malware-analysis", "title": "15. Malware Analysis", "part_id": "part-vi-defensive-detection-operations", "part_title": "Part VI: Defensive & Detection Operations", "line": 907, "anchor": "#15-malware-analysis", "tags": [ "malware" ], "subsections": [ { "id": "151-threat-landscape-2024-2025", "title": "15.1 Threat Landscape 2024-2025", "line": 909, "anchor": "#151-threat-landscape-2024-2025" }, { "id": "152-analysis-methodology", "title": "15.2 Analysis Methodology", "line": 919, "anchor": "#152-analysis-methodology" }, { "id": "153-static-analysis", "title": "15.3 Static Analysis", "line": 929, "anchor": "#153-static-analysis" }, { "id": "154-dynamic-analysis-platforms", "title": "15.4 Dynamic Analysis Platforms", "line": 944, "anchor": "#154-dynamic-analysis-platforms" }, { "id": "155-yara-rule-structure", "title": "15.5 YARA Rule Structure", "line": 953, "anchor": "#155-yara-rule-structure" } ], "body": "```yara\nrule MalwareFamily : tag1 tag2 {\n meta:\n author = \"Analyst\"\n description = \"Detects MalwareFamily\"\n strings:\n $str1 = \"C:\\\\Windows\\\\Temp\\\\malware.exe\"\n $hex1 = { 48 8B 05 ?? ?? ?? ?? 48 89 44 24 }\n $re1 = /[a-z]{5,10}\\.exe/i\n condition:\n uint16(0) == 0x5A4D and\n filesize < 5MB and\n (2 of ($str*) or $hex1)\n}\n```\n\n---", "summary": "```yara\nrule MalwareFamily : tag1 tag2 {\n meta:\n author = \"Analyst\"\n description = \"Detects MalwareFamily\"\n strings:\n $str1 = \"C:\\\\Windows\\\\Temp\\\\malware.exe\"\n $hex1 = { 48 8B 05 ?? ?? ?? ?? 48 89 44 24 }\n $re1 = /[a-z]{5,10}\\.exe/i\n condition:\n uint16(0) == 0x5A4D and\n files" } ] }, { "id": "part-vii-emerging-technologies-specialized-domains", "title": "Part VII: Emerging Technologies & Specialized Domains", "line": 973, "sections": [ { "id": "16-aiml-security-operations", "title": "16. AI/ML Security Operations", "part_id": "part-vii-emerging-technologies-specialized-domains", "part_title": "Part VII: Emerging Technologies & Specialized Domains", "line": 977, "anchor": "#16-aiml-security-operations", "tags": [ "ai" ], "subsections": [ { "id": "161-owasp-top-10-for-llm-applications-2025", "title": "16.1 OWASP Top 10 for LLM Applications (2025)", "line": 979, "anchor": "#161-owasp-top-10-for-llm-applications-2025" }, { "id": "162-llm-security-guardrails", "title": "16.2 LLM Security Guardrails", "line": 994, "anchor": "#162-llm-security-guardrails" }, { "id": "163-ai-red-teaming-frameworks", "title": "16.3 AI Red Teaming Frameworks", "line": 1003, "anchor": "#163-ai-red-teaming-frameworks" }, { "id": "164-quick-reference", "title": "16.4 Quick Reference", "line": 1013, "anchor": "#164-quick-reference" } ], "body": "curl -X POST https://api.lakera.ai/v1/guard \\\n -H 'Authorization: Bearer $LAKERA_API_KEY' \\\n -d '{\"input\": \"user prompt\", \"policies\": [\"prompt_injection\", \"pii\"]}'\n```\n\n---", "summary": "curl -X POST https://api.lakera.ai/v1/guard \\\n -H 'Authorization: Bearer $LAKERA_API_KEY' \\\n -d '{\"input\": \"user prompt\", \"policies\": [\"prompt_injection\", \"pii\"]}'\n```" }, { "id": "17-otics-security", "title": "17. OT/ICS Security", "part_id": "part-vii-emerging-technologies-specialized-domains", "part_title": "Part VII: Emerging Technologies & Specialized Domains", "line": 1031, "anchor": "#17-otics-security", "tags": [ "ot" ], "subsections": [ { "id": "171-grficsv2", "title": "17.1 GRFICSv2", "line": 1033, "anchor": "#171-grficsv2" }, { "id": "172-ics-protocols", "title": "17.2 ICS Protocols", "line": 1038, "anchor": "#172-ics-protocols" } ], "body": "**Modbus TCP (Port 502)**: No authentication, cleartext, no encryption\n\n**Tools**: msfconsole auxiliary/scanner/scada/*, plcscan, modbus-cli\n\n---", "summary": "**Modbus TCP (Port 502)**: No authentication, cleartext, no encryption" }, { "id": "18-blockchain-smart-contract-security", "title": "18. Blockchain & Smart Contract Security", "part_id": "part-vii-emerging-technologies-specialized-domains", "part_title": "Part VII: Emerging Technologies & Specialized Domains", "line": 1046, "anchor": "#18-blockchain-smart-contract-security", "tags": [ "ai", "blockchain" ], "subsections": [ { "id": "181-training-platforms", "title": "18.1 Training Platforms", "line": 1048, "anchor": "#181-training-platforms" }, { "id": "182-vulnerability-categories", "title": "18.2 Vulnerability Categories", "line": 1054, "anchor": "#182-vulnerability-categories" } ], "body": "- Reentrancy attacks\n- Integer overflow/underflow\n- Access control issues\n- Front-running\n\n---", "summary": "- Reentrancy attacks\n- Integer overflow/underflow\n- Access control issues\n- Front-running" }, { "id": "19-zero-trust-architecture", "title": "19. Zero Trust Architecture", "part_id": "part-vii-emerging-technologies-specialized-domains", "part_title": "Part VII: Emerging Technologies & Specialized Domains", "line": 1063, "anchor": "#19-zero-trust-architecture", "tags": [ "zerotrust" ], "subsections": [], "body": "*Content from v8_ZeroTrust module*\n\nCore principles: Never trust, always verify; Assume breach; Verify explicitly\n\n---", "summary": "*Content from v8_ZeroTrust module*" }, { "id": "appendix-a-quick-start-docker-commands", "title": "Appendix A: Quick Start Docker Commands", "part_id": "part-vii-emerging-technologies-specialized-domains", "part_title": "Part VII: Emerging Technologies & Specialized Domains", "line": 1071, "anchor": "#appendix-a-quick-start-docker-commands", "tags": [ "container" ], "subsections": [], "body": "docker run --rm -it --cap-add=SYS_PTRACE --security-opt seccomp=unconfined skysider/pwndocker\n```\n\n---", "summary": "docker run --rm -it --cap-add=SYS_PTRACE --security-opt seccomp=unconfined skysider/pwndocker\n```" }, { "id": "appendix-b-tool-reference-matrix", "title": "Appendix B: Tool Reference Matrix", "part_id": "part-vii-emerging-technologies-specialized-domains", "part_title": "Part VII: Emerging Technologies & Specialized Domains", "line": 1092, "anchor": "#appendix-b-tool-reference-matrix", "tags": [ "security" ], "subsections": [], "body": "| Category | Tools |\n|----------|-------|\n| Web Testing | Burp Suite, OWASP ZAP, Nikto, SQLMap |\n| Network | Nmap, Masscan, Wireshark |\n| AD/Windows | BloodHound, Mimikatz, Rubeus, Impacket |\n| Cloud | Pacu, ScoutSuite, Prowler |\n| Container | Trivy, Falco, kube-bench |\n| Mobile | MobSF, Frida, Objection |\n| Malware | Ghidra, IDA Pro, x64dbg, Volatility |\n| C2 | Cobalt Strike, Sliver, Havoc |\n| Phishing | GoPhish, Evilginx3, SET |\n\n---", "summary": "---" }, { "id": "appendix-c-mitre-attck-quick-reference", "title": "Appendix C: MITRE ATT&CK Quick Reference", "part_id": "part-vii-emerging-technologies-specialized-domains", "part_title": "Part VII: Emerging Technologies & Specialized Domains", "line": 1108, "anchor": "#appendix-c-mitre-attck-quick-reference", "tags": [ "security" ], "subsections": [ { "id": "key-techniques", "title": "Key Techniques", "line": 1110, "anchor": "#key-techniques" } ], "body": "| ID | Technique | Category |\n|----|-----------|----------|\n| T1059.001 | PowerShell | Execution |\n| T1055 | Process Injection | Defense Evasion |\n| T1003.001 | LSASS Memory | Credential Access |\n| T1558.003 | Kerberoasting | Credential Access |\n| T1021.002 | SMB/Admin Shares | Lateral Movement |\n| T1547.001 | Registry Run Keys | Persistence |\n| T1566.001 | Spearphishing Attachment | Initial Access |\n\n---\n\n**WARNING**: This compendium contains resources for intentionally vulnerable systems. Use only in isolated lab environments with proper authorization.\n\n---\n\n*VaultMesh Technologies - Security Research Infrastructure Documentation*\n*Version 8.0 | December 2025*", "summary": "---" } ] } ], "sections": [ { "id": "1-lab-infrastructure-architecture", "title": "1. Lab Infrastructure Architecture", "part": "Part I: Lab Infrastructure & Foundations", "part_id": "part-i-lab-infrastructure-foundations", "anchor": "#1-lab-infrastructure-architecture", "line": 55, "tags": [ "lab" ], "summary": "- **Host-Only Network**: Isolated VMs for safe attack simulation\n- **NAT Network**: VMs share host internet while maintaining inter-VM communication\n- **Internal Network**: Complete isolation for live malware analysis", "subsections": [ "1.1 Hardware Requirements", "1.2 Virtualization Platforms", "1.3 Network Topology" ], "subsection_count": 3 }, { "id": "2-intentionally-vulnerable-applications", "title": "2. Intentionally Vulnerable Applications", "part": "Part I: Lab Infrastructure & Foundations", "part_id": "part-i-lab-infrastructure-foundations", "anchor": "#2-intentionally-vulnerable-applications", "line": 82, "tags": [ "security" ], "summary": "Microservices-based platform covering OWASP API Top 10.", "subsections": [ "2.1 Web Applications", "2.2 Additional Web Platforms", "2.3 Cloud Security Platforms", "2.4 Container Security", "2.5 API Security Platforms" ], "subsection_count": 5 }, { "id": "3-vulnerable-repositories-research", "title": "3. Vulnerable Repositories Research", "part": "Part I: Lab Infrastructure & Foundations", "part_id": "part-i-lab-infrastructure-foundations", "anchor": "#3-vulnerable-repositories-research", "line": 162, "tags": [ "security" ], "summary": "---", "subsections": [ "3.1 Repository Vulnerability Statistics", "3.2 Vulnerability Datasets" ], "subsection_count": 2 }, { "id": "4-cloud-security-awsazure-penetration-testing", "title": "4. Cloud Security & AWS/Azure Penetration Testing", "part": "Part II: Cloud, Container & Infrastructure Security", "part_id": "part-ii-cloud-container-infrastructure-security", "anchor": "#4-cloud-security-awsazure-penetration-testing", "line": 186, "tags": [ "cloud", "pentest" ], "summary": "```bash\ncurl -H \"Metadata:true\" \\\n \"http://169.254.169.254/metadata/identity/oauth2/token?api-version=2018-02-01&resource=https://management.azure.com\"\n```", "subsections": [ "4.1 Cloud Security Landscape", "4.2 AWS Penetration Testing", "4.3 Azure/Entra ID Penetration Testing" ], "subsection_count": 3 }, { "id": "5-container-kubernetes-security", "title": "5. Container & Kubernetes Security", "part": "Part II: Cloud, Container & Infrastructure Security", "part_id": "part-ii-cloud-container-infrastructure-security", "anchor": "#5-container-kubernetes-security", "line": 271, "tags": [ "container", "ai" ], "summary": "cosign verify --key cosign.pub myregistry/myimage:tag\n```", "subsections": [ "5.1 Overview", "5.2 Runtime Security with Falco", "5.3 Image Scanning with Trivy", "5.4 Pod Security Admission", "5.5 Supply Chain Security" ], "subsection_count": 5 }, { "id": "6-api-security-testing", "title": "6. API Security Testing", "part": "Part III: Application & API Security", "part_id": "part-iii-application-api-security", "anchor": "#6-api-security-testing", "line": 349, "tags": [ "api" ], "summary": "```json\n// Introspection probe\n{\"query\": \"{__schema{queryType{name}}}\"}", "subsections": [ "6.1 OWASP API Security Top 10 (2023)", "6.2 API Testing Tools", "6.3 REST API Testing", "6.4 GraphQL Security" ], "subsection_count": 4 }, { "id": "7-mobile-application-security-testing", "title": "7. Mobile Application Security Testing", "part": "Part III: Application & API Security", "part_id": "part-iii-application-api-security", "anchor": "#7-mobile-application-security-testing", "line": 421, "tags": [ "mobile" ], "summary": "frida-ios-dump com.target.app\n```", "subsections": [ "7.1 OWASP Mobile Top 10 (2024)", "7.2 Mobile Testing Tools", "7.3 Android Security Testing", "7.4 iOS Security Testing" ], "subsection_count": 4 }, { "id": "8-active-directory-security-attack-techniques", "title": "8. Active Directory Security & Attack Techniques", "part": "Part IV: Enterprise & Identity Security", "part_id": "part-iv-enterprise-identity-security", "anchor": "#8-active-directory-security-attack-techniques", "line": 493, "tags": [ "ad" ], "summary": "- Implement tiered administration model (Tier 0/1/2)\n- Deploy Group Managed Service Accounts (gMSAs)\n- Enable Protected Users security group\n- Enforce AES encryption for Kerberos\n- Implement LAPS for local admin passwords\n- Enable Credential Guard on Windows 10/11+\n- Rotate KRBTGT password twice ann", "subsections": [ "8.1 Overview", "8.2 Kerberos Authentication Attacks", "8.3 Attack Commands", "8.4 AD Hardening Best Practices" ], "subsection_count": 4 }, { "id": "9-penetration-testing-methodologies-reporting", "title": "9. Penetration Testing Methodologies & Reporting", "part": "Part V: Offensive Operations", "part_id": "part-v-offensive-operations", "anchor": "#9-penetration-testing-methodologies-reporting", "line": 585, "tags": [ "pentest" ], "summary": "---", "subsections": [ "9.1 PTES Seven Phases", "9.2 Reconnaissance Tools", "9.3 Reconnaissance Commands", "9.4 Privilege Escalation", "9.5 CVSS Scoring" ], "subsection_count": 5 }, { "id": "10-red-team-operations", "title": "10. Red Team Operations", "part": "Part V: Offensive Operations", "part_id": "part-v-offensive-operations", "anchor": "#10-red-team-operations", "line": 655, "tags": [ "redteam" ], "summary": "Enter-PSSession -ComputerName TARGET -Credential $cred\n```", "subsections": [ "10.1 C2 Frameworks", "10.2 Sliver C2 Framework", "10.3 AMSI Bypass Techniques", "10.4 Persistence Mechanisms", "10.5 Lateral Movement" ], "subsection_count": 5 }, { "id": "11-social-engineering-phishing", "title": "11. Social Engineering & Phishing", "part": "Part V: Offensive Operations", "part_id": "part-v-offensive-operations", "anchor": "#11-social-engineering-phishing", "line": 728, "tags": [ "social" ], "summary": "---", "subsections": [ "11.1 Landscape Statistics", "11.2 Phishing Frameworks", "11.3 GoPhish Setup", "11.4 Evilginx3 MFA Bypass", "11.5 Physical Security Testing" ], "subsection_count": 5 }, { "id": "12-wireless-security-testing", "title": "12. Wireless Security Testing", "part": "Part V: Offensive Operations", "part_id": "part-v-offensive-operations", "anchor": "#12-wireless-security-testing", "line": 786, "tags": [ "wireless" ], "summary": "aircrack-ng -w wordlist.txt capture-01.cap\n```", "subsections": [ "12.1 WiFi Hacking Tools", "12.2 Attack Methodology" ], "subsection_count": 2 }, { "id": "13-purple-team-operations", "title": "13. Purple Team Operations", "part": "Part VI: Defensive & Detection Operations", "part_id": "part-vi-defensive-detection-operations", "anchor": "#13-purple-team-operations", "line": 820, "tags": [ "purple" ], "summary": "---", "subsections": [ "13.1 Overview", "13.2 Adversary Emulation Frameworks", "13.3 MITRE Caldera", "13.4 Atomic Red Team", "13.5 Sigma Detection Rules", "13.6 BAS Platforms" ], "subsection_count": 6 }, { "id": "14-incident-response", "title": "14. Incident Response", "part": "Part VI: Defensive & Detection Operations", "part_id": "part-vi-defensive-detection-operations", "anchor": "#14-incident-response", "line": 899, "tags": [ "incident" ], "summary": "*Content from v8_IncidentResponse module*", "subsections": [], "subsection_count": 0 }, { "id": "15-malware-analysis", "title": "15. Malware Analysis", "part": "Part VI: Defensive & Detection Operations", "part_id": "part-vi-defensive-detection-operations", "anchor": "#15-malware-analysis", "line": 907, "tags": [ "malware" ], "summary": "```yara\nrule MalwareFamily : tag1 tag2 {\n meta:\n author = \"Analyst\"\n description = \"Detects MalwareFamily\"\n strings:\n $str1 = \"C:\\\\Windows\\\\Temp\\\\malware.exe\"\n $hex1 = { 48 8B 05 ?? ?? ?? ?? 48 89 44 24 }\n $re1 = /[a-z]{5,10}\\.exe/i\n condition:\n uint16(0) == 0x5A4D and\n files", "subsections": [ "15.1 Threat Landscape 2024-2025", "15.2 Analysis Methodology", "15.3 Static Analysis", "15.4 Dynamic Analysis Platforms", "15.5 YARA Rule Structure" ], "subsection_count": 5 }, { "id": "16-aiml-security-operations", "title": "16. AI/ML Security Operations", "part": "Part VII: Emerging Technologies & Specialized Domains", "part_id": "part-vii-emerging-technologies-specialized-domains", "anchor": "#16-aiml-security-operations", "line": 977, "tags": [ "ai" ], "summary": "curl -X POST https://api.lakera.ai/v1/guard \\\n -H 'Authorization: Bearer $LAKERA_API_KEY' \\\n -d '{\"input\": \"user prompt\", \"policies\": [\"prompt_injection\", \"pii\"]}'\n```", "subsections": [ "16.1 OWASP Top 10 for LLM Applications (2025)", "16.2 LLM Security Guardrails", "16.3 AI Red Teaming Frameworks", "16.4 Quick Reference" ], "subsection_count": 4 }, { "id": "17-otics-security", "title": "17. OT/ICS Security", "part": "Part VII: Emerging Technologies & Specialized Domains", "part_id": "part-vii-emerging-technologies-specialized-domains", "anchor": "#17-otics-security", "line": 1031, "tags": [ "ot" ], "summary": "**Modbus TCP (Port 502)**: No authentication, cleartext, no encryption", "subsections": [ "17.1 GRFICSv2", "17.2 ICS Protocols" ], "subsection_count": 2 }, { "id": "18-blockchain-smart-contract-security", "title": "18. Blockchain & Smart Contract Security", "part": "Part VII: Emerging Technologies & Specialized Domains", "part_id": "part-vii-emerging-technologies-specialized-domains", "anchor": "#18-blockchain-smart-contract-security", "line": 1046, "tags": [ "ai", "blockchain" ], "summary": "- Reentrancy attacks\n- Integer overflow/underflow\n- Access control issues\n- Front-running", "subsections": [ "18.1 Training Platforms", "18.2 Vulnerability Categories" ], "subsection_count": 2 }, { "id": "19-zero-trust-architecture", "title": "19. Zero Trust Architecture", "part": "Part VII: Emerging Technologies & Specialized Domains", "part_id": "part-vii-emerging-technologies-specialized-domains", "anchor": "#19-zero-trust-architecture", "line": 1063, "tags": [ "zerotrust" ], "summary": "*Content from v8_ZeroTrust module*", "subsections": [], "subsection_count": 0 }, { "id": "appendix-a-quick-start-docker-commands", "title": "Appendix A: Quick Start Docker Commands", "part": "Part VII: Emerging Technologies & Specialized Domains", "part_id": "part-vii-emerging-technologies-specialized-domains", "anchor": "#appendix-a-quick-start-docker-commands", "line": 1071, "tags": [ "container" ], "summary": "docker run --rm -it --cap-add=SYS_PTRACE --security-opt seccomp=unconfined skysider/pwndocker\n```", "subsections": [], "subsection_count": 0 }, { "id": "appendix-b-tool-reference-matrix", "title": "Appendix B: Tool Reference Matrix", "part": "Part VII: Emerging Technologies & Specialized Domains", "part_id": "part-vii-emerging-technologies-specialized-domains", "anchor": "#appendix-b-tool-reference-matrix", "line": 1092, "tags": [ "security" ], "summary": "---", "subsections": [], "subsection_count": 0 }, { "id": "appendix-c-mitre-attck-quick-reference", "title": "Appendix C: MITRE ATT&CK Quick Reference", "part": "Part VII: Emerging Technologies & Specialized Domains", "part_id": "part-vii-emerging-technologies-specialized-domains", "anchor": "#appendix-c-mitre-attck-quick-reference", "line": 1108, "tags": [ "security" ], "summary": "---", "subsections": [ "Key Techniques" ], "subsection_count": 1 } ] }