vaultsovereign/vm-core
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
vm-core/docs/VAULTMESH-SECURITY-MANUAL-INDEX.json
Vault Sovereign 110d644e10 Initialize repository snapshot
2025-12-27 00:10:32 +00:00

1187 lines
46 KiB
JSON
Raw Permalink Blame History

{
"version": "1.0.0",
"generated": "2025-12-06T21:18:27.814405Z",
"source": "vaultmesh-offsec-compendium.md",
"total_parts": 7,
"total_sections": 22,
"parts": [
{
"id": "part-i-lab-infrastructure-foundations",
"title": "Part I: Lab Infrastructure & Foundations",
"line": 51,
"sections": [
{
"id": "1-lab-infrastructure-architecture",
"title": "1. Lab Infrastructure Architecture",
"part_id": "part-i-lab-infrastructure-foundations",
"part_title": "Part I: Lab Infrastructure & Foundations",
"line": 55,
"anchor": "#1-lab-infrastructure-architecture",
"tags": [
"lab"
],
"subsections": [
{
"id": "11-hardware-requirements",
"title": "1.1 Hardware Requirements",
"line": 59,
"anchor": "#11-hardware-requirements"
},
{
"id": "12-virtualization-platforms",
"title": "1.2 Virtualization Platforms",
"line": 68,
"anchor": "#12-virtualization-platforms"
},
{
"id": "13-network-topology",
"title": "1.3 Network Topology",
"line": 74,
"anchor": "#13-network-topology"
}
],
"body": "- **Host-Only Network**: Isolated VMs for safe attack simulation\n- **NAT Network**: VMs share host internet while maintaining inter-VM communication\n- **Internal Network**: Complete isolation for live malware analysis\n\n---",
"summary": "- **Host-Only Network**: Isolated VMs for safe attack simulation\n- **NAT Network**: VMs share host internet while maintaining inter-VM communication\n- **Internal Network**: Complete isolation for live malware analysis"
},
{
"id": "2-intentionally-vulnerable-applications",
"title": "2. Intentionally Vulnerable Applications",
"part_id": "part-i-lab-infrastructure-foundations",
"part_title": "Part I: Lab Infrastructure & Foundations",
"line": 82,
"anchor": "#2-intentionally-vulnerable-applications",
"tags": [
"security"
],
"subsections": [
{
"id": "21-web-applications",
"title": "2.1 Web Applications",
"line": 84,
"anchor": "#21-web-applications"
},
{
"id": "22-additional-web-platforms",
"title": "2.2 Additional Web Platforms",
"line": 108,
"anchor": "#22-additional-web-platforms"
},
{
"id": "23-cloud-security-platforms",
"title": "2.3 Cloud Security Platforms",
"line": 118,
"anchor": "#23-cloud-security-platforms"
},
{
"id": "24-container-security",
"title": "2.4 Container Security",
"line": 135,
"anchor": "#24-container-security"
},
{
"id": "25-api-security-platforms",
"title": "2.5 API Security Platforms",
"line": 149,
"anchor": "#25-api-security-platforms"
}
],
"body": "Microservices-based platform covering OWASP API Top 10.\n\n| Platform | Technology | Key Features |\n|----------|------------|--------------|\n| VAmPI | Flask | OpenAPI3 specs, vulnerable/secure toggle |\n| vAPI | PHP | OWASP API Top 10 exercises |\n| DVGA | GraphQL | GraphQL-specific attacks |\n\n---",
"summary": "Microservices-based platform covering OWASP API Top 10."
},
{
"id": "3-vulnerable-repositories-research",
"title": "3. Vulnerable Repositories Research",
"part_id": "part-i-lab-infrastructure-foundations",
"part_title": "Part I: Lab Infrastructure & Foundations",
"line": 162,
"anchor": "#3-vulnerable-repositories-research",
"tags": [
"security"
],
"subsections": [
{
"id": "31-repository-vulnerability-statistics",
"title": "3.1 Repository Vulnerability Statistics",
"line": 164,
"anchor": "#31-repository-vulnerability-statistics"
},
{
"id": "32-vulnerability-datasets",
"title": "3.2 Vulnerability Datasets",
"line": 171,
"anchor": "#32-vulnerability-datasets"
}
],
"body": "| Dataset | Size | Languages | Coverage |\n|---------|------|-----------|----------|\n| BigVul | 3,754 CVEs | C/C++ | 91 vulnerability types, 348 GitHub projects |\n| MegaVul | 17,380 | C/C++ | 169 types from 992 repos (2006-2023) |\n| DiverseVul | Variable | 12 langs | Higher label accuracy than BigVul |\n| CVEFixes | Multi | Multiple | CVE records from NVD with fixes |\n\n---",
"summary": "---"
}
]
},
{
"id": "part-ii-cloud-container-infrastructure-security",
"title": "Part II: Cloud, Container & Infrastructure Security",
"line": 182,
"sections": [
{
"id": "4-cloud-security-awsazure-penetration-testing",
"title": "4. Cloud Security & AWS/Azure Penetration Testing",
"part_id": "part-ii-cloud-container-infrastructure-security",
"part_title": "Part II: Cloud, Container & Infrastructure Security",
"line": 186,
"anchor": "#4-cloud-security-awsazure-penetration-testing",
"tags": [
"cloud",
"pentest"
],
"subsections": [
{
"id": "41-cloud-security-landscape",
"title": "4.1 Cloud Security Landscape",
"line": 188,
"anchor": "#41-cloud-security-landscape"
},
{
"id": "42-aws-penetration-testing",
"title": "4.2 AWS Penetration Testing",
"line": 198,
"anchor": "#42-aws-penetration-testing"
},
{
"id": "43-azureentra-id-penetration-testing",
"title": "4.3 Azure/Entra ID Penetration Testing",
"line": 242,
"anchor": "#43-azureentra-id-penetration-testing"
}
],
"body": "```bash\ncurl -H \"Metadata:true\" \\\n \"http://169.254.169.254/metadata/identity/oauth2/token?api-version=2018-02-01&resource=https://management.azure.com\"\n```\n\n---",
"summary": "```bash\ncurl -H \"Metadata:true\" \\\n \"http://169.254.169.254/metadata/identity/oauth2/token?api-version=2018-02-01&resource=https://management.azure.com\"\n```"
},
{
"id": "5-container-kubernetes-security",
"title": "5. Container & Kubernetes Security",
"part_id": "part-ii-cloud-container-infrastructure-security",
"part_title": "Part II: Cloud, Container & Infrastructure Security",
"line": 271,
"anchor": "#5-container-kubernetes-security",
"tags": [
"container",
"ai"
],
"subsections": [
{
"id": "51-overview",
"title": "5.1 Overview",
"line": 273,
"anchor": "#51-overview"
},
{
"id": "52-runtime-security-with-falco",
"title": "5.2 Runtime Security with Falco",
"line": 284,
"anchor": "#52-runtime-security-with-falco"
},
{
"id": "53-image-scanning-with-trivy",
"title": "5.3 Image Scanning with Trivy",
"line": 296,
"anchor": "#53-image-scanning-with-trivy"
},
{
"id": "54-pod-security-admission",
"title": "5.4 Pod Security Admission",
"line": 312,
"anchor": "#54-pod-security-admission"
},
{
"id": "55-supply-chain-security",
"title": "5.5 Supply Chain Security",
"line": 325,
"anchor": "#55-supply-chain-security"
}
],
"body": "cosign verify --key cosign.pub myregistry/myimage:tag\n```\n\n---",
"summary": "cosign verify --key cosign.pub myregistry/myimage:tag\n```"
}
]
},
{
"id": "part-iii-application-api-security",
"title": "Part III: Application & API Security",
"line": 345,
"sections": [
{
"id": "6-api-security-testing",
"title": "6. API Security Testing",
"part_id": "part-iii-application-api-security",
"part_title": "Part III: Application & API Security",
"line": 349,
"anchor": "#6-api-security-testing",
"tags": [
"api"
],
"subsections": [
{
"id": "61-owasp-api-security-top-10-2023",
"title": "6.1 OWASP API Security Top 10 (2023)",
"line": 351,
"anchor": "#61-owasp-api-security-top-10-2023"
},
{
"id": "62-api-testing-tools",
"title": "6.2 API Testing Tools",
"line": 366,
"anchor": "#62-api-testing-tools"
},
{
"id": "63-rest-api-testing",
"title": "6.3 REST API Testing",
"line": 377,
"anchor": "#63-rest-api-testing"
},
{
"id": "64-graphql-security",
"title": "6.4 GraphQL Security",
"line": 402,
"anchor": "#64-graphql-security"
}
],
"body": "| Vulnerability | Description |\n|---------------|-------------|\n| Introspection Enabled | Schema disclosure reveals types, queries, mutations |\n| Batching Attacks | Multiple queries bypass rate limits |\n| Deep Query DoS | Recursive/nested queries exhaust resources |\n| Injection via Arguments | SQLi/NoSQLi through resolver arguments |\n\n```json\n// Introspection probe\n{\"query\": \"{__schema{queryType{name}}}\"}\n\n// Full introspection\n{\"query\": \"{__schema{types{name,fields{name,args{name,type{name}}}}}}\"}\n```\n\n---",
"summary": "```json\n// Introspection probe\n{\"query\": \"{__schema{queryType{name}}}\"}"
},
{
"id": "7-mobile-application-security-testing",
"title": "7. Mobile Application Security Testing",
"part_id": "part-iii-application-api-security",
"part_title": "Part III: Application & API Security",
"line": 421,
"anchor": "#7-mobile-application-security-testing",
"tags": [
"mobile"
],
"subsections": [
{
"id": "71-owasp-mobile-top-10-2024",
"title": "7.1 OWASP Mobile Top 10 (2024)",
"line": 423,
"anchor": "#71-owasp-mobile-top-10-2024"
},
{
"id": "72-mobile-testing-tools",
"title": "7.2 Mobile Testing Tools",
"line": 438,
"anchor": "#72-mobile-testing-tools"
},
{
"id": "73-android-security-testing",
"title": "7.3 Android Security Testing",
"line": 448,
"anchor": "#73-android-security-testing"
},
{
"id": "74-ios-security-testing",
"title": "7.4 iOS Security Testing",
"line": 470,
"anchor": "#74-ios-security-testing"
}
],
"body": "frida-ios-dump com.target.app\n```\n\n---",
"summary": "frida-ios-dump com.target.app\n```"
}
]
},
{
"id": "part-iv-enterprise-identity-security",
"title": "Part IV: Enterprise & Identity Security",
"line": 489,
"sections": [
{
"id": "8-active-directory-security-attack-techniques",
"title": "8. Active Directory Security & Attack Techniques",
"part_id": "part-iv-enterprise-identity-security",
"part_title": "Part IV: Enterprise & Identity Security",
"line": 493,
"anchor": "#8-active-directory-security-attack-techniques",
"tags": [
"ad"
],
"subsections": [
{
"id": "81-overview",
"title": "8.1 Overview",
"line": 495,
"anchor": "#81-overview"
},
{
"id": "82-kerberos-authentication-attacks",
"title": "8.2 Kerberos Authentication Attacks",
"line": 504,
"anchor": "#82-kerberos-authentication-attacks"
},
{
"id": "83-attack-commands",
"title": "8.3 Attack Commands",
"line": 514,
"anchor": "#83-attack-commands"
},
{
"id": "84-ad-hardening-best-practices",
"title": "8.4 AD Hardening Best Practices",
"line": 569,
"anchor": "#84-ad-hardening-best-practices"
}
],
"body": "- Implement tiered administration model (Tier 0/1/2)\n- Deploy Group Managed Service Accounts (gMSAs)\n- Enable Protected Users security group\n- Enforce AES encryption for Kerberos\n- Implement LAPS for local admin passwords\n- Enable Credential Guard on Windows 10/11+\n- Rotate KRBTGT password twice annually\n\n---",
"summary": "- Implement tiered administration model (Tier 0/1/2)\n- Deploy Group Managed Service Accounts (gMSAs)\n- Enable Protected Users security group\n- Enforce AES encryption for Kerberos\n- Implement LAPS for local admin passwords\n- Enable Credential Guard on Windows 10/11+\n- Rotate KRBTGT password twice ann"
}
]
},
{
"id": "part-v-offensive-operations",
"title": "Part V: Offensive Operations",
"line": 581,
"sections": [
{
"id": "9-penetration-testing-methodologies-reporting",
"title": "9. Penetration Testing Methodologies & Reporting",
"part_id": "part-v-offensive-operations",
"part_title": "Part V: Offensive Operations",
"line": 585,
"anchor": "#9-penetration-testing-methodologies-reporting",
"tags": [
"pentest"
],
"subsections": [
{
"id": "91-ptes-seven-phases",
"title": "9.1 PTES Seven Phases",
"line": 587,
"anchor": "#91-ptes-seven-phases"
},
{
"id": "92-reconnaissance-tools",
"title": "9.2 Reconnaissance Tools",
"line": 597,
"anchor": "#92-reconnaissance-tools"
},
{
"id": "93-reconnaissance-commands",
"title": "9.3 Reconnaissance Commands",
"line": 605,
"anchor": "#93-reconnaissance-commands"
},
{
"id": "94-privilege-escalation",
"title": "9.4 Privilege Escalation",
"line": 623,
"anchor": "#94-privilege-escalation"
},
{
"id": "95-cvss-scoring",
"title": "9.5 CVSS Scoring",
"line": 644,
"anchor": "#95-cvss-scoring"
}
],
"body": "| Severity | Score | Remediation Timeline |\n|----------|-------|---------------------|\n| Critical | 9.0-10.0 | Immediate |\n| High | 7.0-8.9 | Within 30 days |\n| Medium | 4.0-6.9 | Within 90 days |\n| Low | 0.1-3.9 | Regular maintenance |\n\n---",
"summary": "---"
},
{
"id": "10-red-team-operations",
"title": "10. Red Team Operations",
"part_id": "part-v-offensive-operations",
"part_title": "Part V: Offensive Operations",
"line": 655,
"anchor": "#10-red-team-operations",
"tags": [
"redteam"
],
"subsections": [
{
"id": "101-c2-frameworks",
"title": "10.1 C2 Frameworks",
"line": 657,
"anchor": "#101-c2-frameworks"
},
{
"id": "102-sliver-c2-framework",
"title": "10.2 Sliver C2 Framework",
"line": 667,
"anchor": "#102-sliver-c2-framework"
},
{
"id": "103-amsi-bypass-techniques",
"title": "10.3 AMSI Bypass Techniques",
"line": 689,
"anchor": "#103-amsi-bypass-techniques"
},
{
"id": "104-persistence-mechanisms",
"title": "10.4 Persistence Mechanisms",
"line": 699,
"anchor": "#104-persistence-mechanisms"
},
{
"id": "105-lateral-movement",
"title": "10.5 Lateral Movement",
"line": 709,
"anchor": "#105-lateral-movement"
}
],
"body": "Enter-PSSession -ComputerName TARGET -Credential $cred\n```\n\n---",
"summary": "Enter-PSSession -ComputerName TARGET -Credential $cred\n```"
},
{
"id": "11-social-engineering-phishing",
"title": "11. Social Engineering & Phishing",
"part_id": "part-v-offensive-operations",
"part_title": "Part V: Offensive Operations",
"line": 728,
"anchor": "#11-social-engineering-phishing",
"tags": [
"social"
],
"subsections": [
{
"id": "111-landscape-statistics",
"title": "11.1 Landscape Statistics",
"line": 730,
"anchor": "#111-landscape-statistics"
},
{
"id": "112-phishing-frameworks",
"title": "11.2 Phishing Frameworks",
"line": 740,
"anchor": "#112-phishing-frameworks"
},
{
"id": "113-gophish-setup",
"title": "11.3 GoPhish Setup",
"line": 749,
"anchor": "#113-gophish-setup"
},
{
"id": "114-evilginx3-mfa-bypass",
"title": "11.4 Evilginx3 MFA Bypass",
"line": 759,
"anchor": "#114-evilginx3-mfa-bypass"
},
{
"id": "115-physical-security-testing",
"title": "11.5 Physical Security Testing",
"line": 775,
"anchor": "#115-physical-security-testing"
}
],
"body": "| Technique | Method | Tools |\n|-----------|--------|-------|\n| Tailgating | Follow authorized person | Props, fake phone call |\n| Badge Cloning | Copy RFID/NFC badges | Proxmark3, Flipper Zero |\n| Lock Picking | Bypass physical locks | Lock picks, bump keys |\n| USB Drop | Leave malicious USB drives | Rubber Ducky, O.MG Cable |\n\n---",
"summary": "---"
},
{
"id": "12-wireless-security-testing",
"title": "12. Wireless Security Testing",
"part_id": "part-v-offensive-operations",
"part_title": "Part V: Offensive Operations",
"line": 786,
"anchor": "#12-wireless-security-testing",
"tags": [
"wireless"
],
"subsections": [
{
"id": "121-wifi-hacking-tools",
"title": "12.1 WiFi Hacking Tools",
"line": 788,
"anchor": "#121-wifi-hacking-tools"
},
{
"id": "122-attack-methodology",
"title": "12.2 Attack Methodology",
"line": 795,
"anchor": "#122-attack-methodology"
}
],
"body": "aircrack-ng -w wordlist.txt capture-01.cap\n```\n\n---",
"summary": "aircrack-ng -w wordlist.txt capture-01.cap\n```"
}
]
},
{
"id": "part-vi-defensive-detection-operations",
"title": "Part VI: Defensive & Detection Operations",
"line": 816,
"sections": [
{
"id": "13-purple-team-operations",
"title": "13. Purple Team Operations",
"part_id": "part-vi-defensive-detection-operations",
"part_title": "Part VI: Defensive & Detection Operations",
"line": 820,
"anchor": "#13-purple-team-operations",
"tags": [
"purple"
],
"subsections": [
{
"id": "131-overview",
"title": "13.1 Overview",
"line": 822,
"anchor": "#131-overview"
},
{
"id": "132-adversary-emulation-frameworks",
"title": "13.2 Adversary Emulation Frameworks",
"line": 833,
"anchor": "#132-adversary-emulation-frameworks"
},
{
"id": "133-mitre-caldera",
"title": "13.3 MITRE Caldera",
"line": 841,
"anchor": "#133-mitre-caldera"
},
{
"id": "134-atomic-red-team",
"title": "13.4 Atomic Red Team",
"line": 851,
"anchor": "#134-atomic-red-team"
},
{
"id": "135-sigma-detection-rules",
"title": "13.5 Sigma Detection Rules",
"line": 864,
"anchor": "#135-sigma-detection-rules"
},
{
"id": "136-bas-platforms",
"title": "13.6 BAS Platforms",
"line": 888,
"anchor": "#136-bas-platforms"
}
],
"body": "| Platform | Key Capabilities |\n|----------|------------------|\n| Picus Security | Vendor-specific remediation, 24hr threat SLA |\n| Cymulate | Continuous exposure management |\n| AttackIQ | MITRE ATT&CK alignment |\n| SafeBreach | 25K+ attacks Hacker's Playbook |\n\n---",
"summary": "---"
},
{
"id": "14-incident-response",
"title": "14. Incident Response",
"part_id": "part-vi-defensive-detection-operations",
"part_title": "Part VI: Defensive & Detection Operations",
"line": 899,
"anchor": "#14-incident-response",
"tags": [
"incident"
],
"subsections": [],
"body": "*Content from v8_IncidentResponse module*\n\nKey phases: Preparation, Detection & Analysis, Containment, Eradication, Recovery, Post-Incident Activity\n\n---",
"summary": "*Content from v8_IncidentResponse module*"
},
{
"id": "15-malware-analysis",
"title": "15. Malware Analysis",
"part_id": "part-vi-defensive-detection-operations",
"part_title": "Part VI: Defensive & Detection Operations",
"line": 907,
"anchor": "#15-malware-analysis",
"tags": [
"malware"
],
"subsections": [
{
"id": "151-threat-landscape-2024-2025",
"title": "15.1 Threat Landscape 2024-2025",
"line": 909,
"anchor": "#151-threat-landscape-2024-2025"
},
{
"id": "152-analysis-methodology",
"title": "15.2 Analysis Methodology",
"line": 919,
"anchor": "#152-analysis-methodology"
},
{
"id": "153-static-analysis",
"title": "15.3 Static Analysis",
"line": 929,
"anchor": "#153-static-analysis"
},
{
"id": "154-dynamic-analysis-platforms",
"title": "15.4 Dynamic Analysis Platforms",
"line": 944,
"anchor": "#154-dynamic-analysis-platforms"
},
{
"id": "155-yara-rule-structure",
"title": "15.5 YARA Rule Structure",
"line": 953,
"anchor": "#155-yara-rule-structure"
}
],
"body": "```yara\nrule MalwareFamily : tag1 tag2 {\n meta:\n author = \"Analyst\"\n description = \"Detects MalwareFamily\"\n strings:\n $str1 = \"C:\\\\Windows\\\\Temp\\\\malware.exe\"\n $hex1 = { 48 8B 05 ?? ?? ?? ?? 48 89 44 24 }\n $re1 = /[a-z]{5,10}\\.exe/i\n condition:\n uint16(0) == 0x5A4D and\n filesize < 5MB and\n (2 of ($str*) or $hex1)\n}\n```\n\n---",
"summary": "```yara\nrule MalwareFamily : tag1 tag2 {\n meta:\n author = \"Analyst\"\n description = \"Detects MalwareFamily\"\n strings:\n $str1 = \"C:\\\\Windows\\\\Temp\\\\malware.exe\"\n $hex1 = { 48 8B 05 ?? ?? ?? ?? 48 89 44 24 }\n $re1 = /[a-z]{5,10}\\.exe/i\n condition:\n uint16(0) == 0x5A4D and\n files"
}
]
},
{
"id": "part-vii-emerging-technologies-specialized-domains",
"title": "Part VII: Emerging Technologies & Specialized Domains",
"line": 973,
"sections": [
{
"id": "16-aiml-security-operations",
"title": "16. AI/ML Security Operations",
"part_id": "part-vii-emerging-technologies-specialized-domains",
"part_title": "Part VII: Emerging Technologies & Specialized Domains",
"line": 977,
"anchor": "#16-aiml-security-operations",
"tags": [
"ai"
],
"subsections": [
{
"id": "161-owasp-top-10-for-llm-applications-2025",
"title": "16.1 OWASP Top 10 for LLM Applications (2025)",
"line": 979,
"anchor": "#161-owasp-top-10-for-llm-applications-2025"
},
{
"id": "162-llm-security-guardrails",
"title": "16.2 LLM Security Guardrails",
"line": 994,
"anchor": "#162-llm-security-guardrails"
},
{
"id": "163-ai-red-teaming-frameworks",
"title": "16.3 AI Red Teaming Frameworks",
"line": 1003,
"anchor": "#163-ai-red-teaming-frameworks"
},
{
"id": "164-quick-reference",
"title": "16.4 Quick Reference",
"line": 1013,
"anchor": "#164-quick-reference"
}
],
"body": "curl -X POST https://api.lakera.ai/v1/guard \\\n -H 'Authorization: Bearer $LAKERA_API_KEY' \\\n -d '{\"input\": \"user prompt\", \"policies\": [\"prompt_injection\", \"pii\"]}'\n```\n\n---",
"summary": "curl -X POST https://api.lakera.ai/v1/guard \\\n -H 'Authorization: Bearer $LAKERA_API_KEY' \\\n -d '{\"input\": \"user prompt\", \"policies\": [\"prompt_injection\", \"pii\"]}'\n```"
},
{
"id": "17-otics-security",
"title": "17. OT/ICS Security",
"part_id": "part-vii-emerging-technologies-specialized-domains",
"part_title": "Part VII: Emerging Technologies & Specialized Domains",
"line": 1031,
"anchor": "#17-otics-security",
"tags": [
"ot"
],
"subsections": [
{
"id": "171-grficsv2",
"title": "17.1 GRFICSv2",
"line": 1033,
"anchor": "#171-grficsv2"
},
{
"id": "172-ics-protocols",
"title": "17.2 ICS Protocols",
"line": 1038,
"anchor": "#172-ics-protocols"
}
],
"body": "**Modbus TCP (Port 502)**: No authentication, cleartext, no encryption\n\n**Tools**: msfconsole auxiliary/scanner/scada/*, plcscan, modbus-cli\n\n---",
"summary": "**Modbus TCP (Port 502)**: No authentication, cleartext, no encryption"
},
{
"id": "18-blockchain-smart-contract-security",
"title": "18. Blockchain & Smart Contract Security",
"part_id": "part-vii-emerging-technologies-specialized-domains",
"part_title": "Part VII: Emerging Technologies & Specialized Domains",
"line": 1046,
"anchor": "#18-blockchain-smart-contract-security",
"tags": [
"ai",
"blockchain"
],
"subsections": [
{
"id": "181-training-platforms",
"title": "18.1 Training Platforms",
"line": 1048,
"anchor": "#181-training-platforms"
},
{
"id": "182-vulnerability-categories",
"title": "18.2 Vulnerability Categories",
"line": 1054,
"anchor": "#182-vulnerability-categories"
}
],
"body": "- Reentrancy attacks\n- Integer overflow/underflow\n- Access control issues\n- Front-running\n\n---",
"summary": "- Reentrancy attacks\n- Integer overflow/underflow\n- Access control issues\n- Front-running"
},
{
"id": "19-zero-trust-architecture",
"title": "19. Zero Trust Architecture",
"part_id": "part-vii-emerging-technologies-specialized-domains",
"part_title": "Part VII: Emerging Technologies & Specialized Domains",
"line": 1063,
"anchor": "#19-zero-trust-architecture",
"tags": [
"zerotrust"
],
"subsections": [],
"body": "*Content from v8_ZeroTrust module*\n\nCore principles: Never trust, always verify; Assume breach; Verify explicitly\n\n---",
"summary": "*Content from v8_ZeroTrust module*"
},
{
"id": "appendix-a-quick-start-docker-commands",
"title": "Appendix A: Quick Start Docker Commands",
"part_id": "part-vii-emerging-technologies-specialized-domains",
"part_title": "Part VII: Emerging Technologies & Specialized Domains",
"line": 1071,
"anchor": "#appendix-a-quick-start-docker-commands",
"tags": [
"container"
],
"subsections": [],
"body": "docker run --rm -it --cap-add=SYS_PTRACE --security-opt seccomp=unconfined skysider/pwndocker\n```\n\n---",
"summary": "docker run --rm -it --cap-add=SYS_PTRACE --security-opt seccomp=unconfined skysider/pwndocker\n```"
},
{
"id": "appendix-b-tool-reference-matrix",
"title": "Appendix B: Tool Reference Matrix",
"part_id": "part-vii-emerging-technologies-specialized-domains",
"part_title": "Part VII: Emerging Technologies & Specialized Domains",
"line": 1092,
"anchor": "#appendix-b-tool-reference-matrix",
"tags": [
"security"
],
"subsections": [],
"body": "| Category | Tools |\n|----------|-------|\n| Web Testing | Burp Suite, OWASP ZAP, Nikto, SQLMap |\n| Network | Nmap, Masscan, Wireshark |\n| AD/Windows | BloodHound, Mimikatz, Rubeus, Impacket |\n| Cloud | Pacu, ScoutSuite, Prowler |\n| Container | Trivy, Falco, kube-bench |\n| Mobile | MobSF, Frida, Objection |\n| Malware | Ghidra, IDA Pro, x64dbg, Volatility |\n| C2 | Cobalt Strike, Sliver, Havoc |\n| Phishing | GoPhish, Evilginx3, SET |\n\n---",
"summary": "---"
},
{
"id": "appendix-c-mitre-attck-quick-reference",
"title": "Appendix C: MITRE ATT&CK Quick Reference",
"part_id": "part-vii-emerging-technologies-specialized-domains",
"part_title": "Part VII: Emerging Technologies & Specialized Domains",
"line": 1108,
"anchor": "#appendix-c-mitre-attck-quick-reference",
"tags": [
"security"
],
"subsections": [
{
"id": "key-techniques",
"title": "Key Techniques",
"line": 1110,
"anchor": "#key-techniques"
}
],
"body": "| ID | Technique | Category |\n|----|-----------|----------|\n| T1059.001 | PowerShell | Execution |\n| T1055 | Process Injection | Defense Evasion |\n| T1003.001 | LSASS Memory | Credential Access |\n| T1558.003 | Kerberoasting | Credential Access |\n| T1021.002 | SMB/Admin Shares | Lateral Movement |\n| T1547.001 | Registry Run Keys | Persistence |\n| T1566.001 | Spearphishing Attachment | Initial Access |\n\n---\n\n**WARNING**: This compendium contains resources for intentionally vulnerable systems. Use only in isolated lab environments with proper authorization.\n\n---\n\n*VaultMesh Technologies - Security Research Infrastructure Documentation*\n*Version 8.0 | December 2025*",
"summary": "---"
}
]
}
],
"sections": [
{
"id": "1-lab-infrastructure-architecture",
"title": "1. Lab Infrastructure Architecture",
"part": "Part I: Lab Infrastructure & Foundations",
"part_id": "part-i-lab-infrastructure-foundations",
"anchor": "#1-lab-infrastructure-architecture",
"line": 55,
"tags": [
"lab"
],
"summary": "- **Host-Only Network**: Isolated VMs for safe attack simulation\n- **NAT Network**: VMs share host internet while maintaining inter-VM communication\n- **Internal Network**: Complete isolation for live malware analysis",
"subsections": [
"1.1 Hardware Requirements",
"1.2 Virtualization Platforms",
"1.3 Network Topology"
],
"subsection_count": 3
},
{
"id": "2-intentionally-vulnerable-applications",
"title": "2. Intentionally Vulnerable Applications",
"part": "Part I: Lab Infrastructure & Foundations",
"part_id": "part-i-lab-infrastructure-foundations",
"anchor": "#2-intentionally-vulnerable-applications",
"line": 82,
"tags": [
"security"
],
"summary": "Microservices-based platform covering OWASP API Top 10.",
"subsections": [
"2.1 Web Applications",
"2.2 Additional Web Platforms",
"2.3 Cloud Security Platforms",
"2.4 Container Security",
"2.5 API Security Platforms"
],
"subsection_count": 5
},
{
"id": "3-vulnerable-repositories-research",
"title": "3. Vulnerable Repositories Research",
"part": "Part I: Lab Infrastructure & Foundations",
"part_id": "part-i-lab-infrastructure-foundations",
"anchor": "#3-vulnerable-repositories-research",
"line": 162,
"tags": [
"security"
],
"summary": "---",
"subsections": [
"3.1 Repository Vulnerability Statistics",
"3.2 Vulnerability Datasets"
],
"subsection_count": 2
},
{
"id": "4-cloud-security-awsazure-penetration-testing",
"title": "4. Cloud Security & AWS/Azure Penetration Testing",
"part": "Part II: Cloud, Container & Infrastructure Security",
"part_id": "part-ii-cloud-container-infrastructure-security",
"anchor": "#4-cloud-security-awsazure-penetration-testing",
"line": 186,
"tags": [
"cloud",
"pentest"
],
"summary": "```bash\ncurl -H \"Metadata:true\" \\\n \"http://169.254.169.254/metadata/identity/oauth2/token?api-version=2018-02-01&resource=https://management.azure.com\"\n```",
"subsections": [
"4.1 Cloud Security Landscape",
"4.2 AWS Penetration Testing",
"4.3 Azure/Entra ID Penetration Testing"
],
"subsection_count": 3
},
{
"id": "5-container-kubernetes-security",
"title": "5. Container & Kubernetes Security",
"part": "Part II: Cloud, Container & Infrastructure Security",
"part_id": "part-ii-cloud-container-infrastructure-security",
"anchor": "#5-container-kubernetes-security",
"line": 271,
"tags": [
"container",
"ai"
],
"summary": "cosign verify --key cosign.pub myregistry/myimage:tag\n```",
"subsections": [
"5.1 Overview",
"5.2 Runtime Security with Falco",
"5.3 Image Scanning with Trivy",
"5.4 Pod Security Admission",
"5.5 Supply Chain Security"
],
"subsection_count": 5
},
{
"id": "6-api-security-testing",
"title": "6. API Security Testing",
"part": "Part III: Application & API Security",
"part_id": "part-iii-application-api-security",
"anchor": "#6-api-security-testing",
"line": 349,
"tags": [
"api"
],
"summary": "```json\n// Introspection probe\n{\"query\": \"{__schema{queryType{name}}}\"}",
"subsections": [
"6.1 OWASP API Security Top 10 (2023)",
"6.2 API Testing Tools",
"6.3 REST API Testing",
"6.4 GraphQL Security"
],
"subsection_count": 4
},
{
"id": "7-mobile-application-security-testing",
"title": "7. Mobile Application Security Testing",
"part": "Part III: Application & API Security",
"part_id": "part-iii-application-api-security",
"anchor": "#7-mobile-application-security-testing",
"line": 421,
"tags": [
"mobile"
],
"summary": "frida-ios-dump com.target.app\n```",
"subsections": [
"7.1 OWASP Mobile Top 10 (2024)",
"7.2 Mobile Testing Tools",
"7.3 Android Security Testing",
"7.4 iOS Security Testing"
],
"subsection_count": 4
},
{
"id": "8-active-directory-security-attack-techniques",
"title": "8. Active Directory Security & Attack Techniques",
"part": "Part IV: Enterprise & Identity Security",
"part_id": "part-iv-enterprise-identity-security",
"anchor": "#8-active-directory-security-attack-techniques",
"line": 493,
"tags": [
"ad"
],
"summary": "- Implement tiered administration model (Tier 0/1/2)\n- Deploy Group Managed Service Accounts (gMSAs)\n- Enable Protected Users security group\n- Enforce AES encryption for Kerberos\n- Implement LAPS for local admin passwords\n- Enable Credential Guard on Windows 10/11+\n- Rotate KRBTGT password twice ann",
"subsections": [
"8.1 Overview",
"8.2 Kerberos Authentication Attacks",
"8.3 Attack Commands",
"8.4 AD Hardening Best Practices"
],
"subsection_count": 4
},
{
"id": "9-penetration-testing-methodologies-reporting",
"title": "9. Penetration Testing Methodologies & Reporting",
"part": "Part V: Offensive Operations",
"part_id": "part-v-offensive-operations",
"anchor": "#9-penetration-testing-methodologies-reporting",
"line": 585,
"tags": [
"pentest"
],
"summary": "---",
"subsections": [
"9.1 PTES Seven Phases",
"9.2 Reconnaissance Tools",
"9.3 Reconnaissance Commands",
"9.4 Privilege Escalation",
"9.5 CVSS Scoring"
],
"subsection_count": 5
},
{
"id": "10-red-team-operations",
"title": "10. Red Team Operations",
"part": "Part V: Offensive Operations",
"part_id": "part-v-offensive-operations",
"anchor": "#10-red-team-operations",
"line": 655,
"tags": [
"redteam"
],
"summary": "Enter-PSSession -ComputerName TARGET -Credential $cred\n```",
"subsections": [
"10.1 C2 Frameworks",
"10.2 Sliver C2 Framework",
"10.3 AMSI Bypass Techniques",
"10.4 Persistence Mechanisms",
"10.5 Lateral Movement"
],
"subsection_count": 5
},
{
"id": "11-social-engineering-phishing",
"title": "11. Social Engineering & Phishing",
"part": "Part V: Offensive Operations",
"part_id": "part-v-offensive-operations",
"anchor": "#11-social-engineering-phishing",
"line": 728,
"tags": [
"social"
],
"summary": "---",
"subsections": [
"11.1 Landscape Statistics",
"11.2 Phishing Frameworks",
"11.3 GoPhish Setup",
"11.4 Evilginx3 MFA Bypass",
"11.5 Physical Security Testing"
],
"subsection_count": 5
},
{
"id": "12-wireless-security-testing",
"title": "12. Wireless Security Testing",
"part": "Part V: Offensive Operations",
"part_id": "part-v-offensive-operations",
"anchor": "#12-wireless-security-testing",
"line": 786,
"tags": [
"wireless"
],
"summary": "aircrack-ng -w wordlist.txt capture-01.cap\n```",
"subsections": [
"12.1 WiFi Hacking Tools",
"12.2 Attack Methodology"
],
"subsection_count": 2
},
{
"id": "13-purple-team-operations",
"title": "13. Purple Team Operations",
"part": "Part VI: Defensive & Detection Operations",
"part_id": "part-vi-defensive-detection-operations",
"anchor": "#13-purple-team-operations",
"line": 820,
"tags": [
"purple"
],
"summary": "---",
"subsections": [
"13.1 Overview",
"13.2 Adversary Emulation Frameworks",
"13.3 MITRE Caldera",
"13.4 Atomic Red Team",
"13.5 Sigma Detection Rules",
"13.6 BAS Platforms"
],
"subsection_count": 6
},
{
"id": "14-incident-response",
"title": "14. Incident Response",
"part": "Part VI: Defensive & Detection Operations",
"part_id": "part-vi-defensive-detection-operations",
"anchor": "#14-incident-response",
"line": 899,
"tags": [
"incident"
],
"summary": "*Content from v8_IncidentResponse module*",
"subsections": [],
"subsection_count": 0
},
{
"id": "15-malware-analysis",
"title": "15. Malware Analysis",
"part": "Part VI: Defensive & Detection Operations",
"part_id": "part-vi-defensive-detection-operations",
"anchor": "#15-malware-analysis",
"line": 907,
"tags": [
"malware"
],
"summary": "```yara\nrule MalwareFamily : tag1 tag2 {\n meta:\n author = \"Analyst\"\n description = \"Detects MalwareFamily\"\n strings:\n $str1 = \"C:\\\\Windows\\\\Temp\\\\malware.exe\"\n $hex1 = { 48 8B 05 ?? ?? ?? ?? 48 89 44 24 }\n $re1 = /[a-z]{5,10}\\.exe/i\n condition:\n uint16(0) == 0x5A4D and\n files",
"subsections": [
"15.1 Threat Landscape 2024-2025",
"15.2 Analysis Methodology",
"15.3 Static Analysis",
"15.4 Dynamic Analysis Platforms",
"15.5 YARA Rule Structure"
],
"subsection_count": 5
},
{
"id": "16-aiml-security-operations",
"title": "16. AI/ML Security Operations",
"part": "Part VII: Emerging Technologies & Specialized Domains",
"part_id": "part-vii-emerging-technologies-specialized-domains",
"anchor": "#16-aiml-security-operations",
"line": 977,
"tags": [
"ai"
],
"summary": "curl -X POST https://api.lakera.ai/v1/guard \\\n -H 'Authorization: Bearer $LAKERA_API_KEY' \\\n -d '{\"input\": \"user prompt\", \"policies\": [\"prompt_injection\", \"pii\"]}'\n```",
"subsections": [
"16.1 OWASP Top 10 for LLM Applications (2025)",
"16.2 LLM Security Guardrails",
"16.3 AI Red Teaming Frameworks",
"16.4 Quick Reference"
],
"subsection_count": 4
},
{
"id": "17-otics-security",
"title": "17. OT/ICS Security",
"part": "Part VII: Emerging Technologies & Specialized Domains",
"part_id": "part-vii-emerging-technologies-specialized-domains",
"anchor": "#17-otics-security",
"line": 1031,
"tags": [
"ot"
],
"summary": "**Modbus TCP (Port 502)**: No authentication, cleartext, no encryption",
"subsections": [
"17.1 GRFICSv2",
"17.2 ICS Protocols"
],
"subsection_count": 2
},
{
"id": "18-blockchain-smart-contract-security",
"title": "18. Blockchain & Smart Contract Security",
"part": "Part VII: Emerging Technologies & Specialized Domains",
"part_id": "part-vii-emerging-technologies-specialized-domains",
"anchor": "#18-blockchain-smart-contract-security",
"line": 1046,
"tags": [
"ai",
"blockchain"
],
"summary": "- Reentrancy attacks\n- Integer overflow/underflow\n- Access control issues\n- Front-running",
"subsections": [
"18.1 Training Platforms",
"18.2 Vulnerability Categories"
],
"subsection_count": 2
},
{
"id": "19-zero-trust-architecture",
"title": "19. Zero Trust Architecture",
"part": "Part VII: Emerging Technologies & Specialized Domains",
"part_id": "part-vii-emerging-technologies-specialized-domains",
"anchor": "#19-zero-trust-architecture",
"line": 1063,
"tags": [
"zerotrust"
],
"summary": "*Content from v8_ZeroTrust module*",
"subsections": [],
"subsection_count": 0
},
{
"id": "appendix-a-quick-start-docker-commands",
"title": "Appendix A: Quick Start Docker Commands",
"part": "Part VII: Emerging Technologies & Specialized Domains",
"part_id": "part-vii-emerging-technologies-specialized-domains",
"anchor": "#appendix-a-quick-start-docker-commands",
"line": 1071,
"tags": [
"container"
],
"summary": "docker run --rm -it --cap-add=SYS_PTRACE --security-opt seccomp=unconfined skysider/pwndocker\n```",
"subsections": [],
"subsection_count": 0
},
{
"id": "appendix-b-tool-reference-matrix",
"title": "Appendix B: Tool Reference Matrix",
"part": "Part VII: Emerging Technologies & Specialized Domains",
"part_id": "part-vii-emerging-technologies-specialized-domains",
"anchor": "#appendix-b-tool-reference-matrix",
"line": 1092,
"tags": [
"security"
],
"summary": "---",
"subsections": [],
"subsection_count": 0
},
{
"id": "appendix-c-mitre-attck-quick-reference",
"title": "Appendix C: MITRE ATT&CK Quick Reference",
"part": "Part VII: Emerging Technologies & Specialized Domains",
"part_id": "part-vii-emerging-technologies-specialized-domains",
"anchor": "#appendix-c-mitre-attck-quick-reference",
"line": 1108,
"tags": [
"security"
],
"summary": "---",
"subsections": [
"Key Techniques"
],
"subsection_count": 1
}
]
}
Reference in New Issue View Git Blame Copy Permalink