| OSI Layer | TCP/IP Layer | Protocols | Services | Attacks | Tools |
|---|---|---|---|---|---|
| 7 - Application | 4 - Application | HTTP, HTTPS, DNS, FTP, SMTP, IMAP, SSH, Telnet, SNMP | Web, Email, File Transfer, Remote Login | XSS, SQLi, Command Injection, SSRF, SMTP Spoofing, Auth Bypass | Burp Suite, ZAP, Postman, curl, dig, ffuf, nslookup |
| 6 - Presentation | 4 - Application | SSL/TLS, JPEG, MPEG, ASCII, EBCDIC | Encryption, Encoding, Compression |
Suraj Sharma sudosuraj
🎯
sudosuraj
/ osi_tcp_attack_cheatsheet.md
Created
April 18, 2025 12:28
Here's a single compact table covering all the OSI layers (mapped with TCP/IP), their protocols, services, attacks, and tools - everything you need as a cybersecurity pro.
sudosuraj
/ ai.txt
Created
February 18, 2025 06:18
Artificial Intelligence (AI) refers to the simulation of human intelligence in machines that are programmed to think, learn, and solve problems. It encompasses a wide range of technologies and approaches designed to enable computers to perform tasks that typically require human intelligence. Below is a tree-like structure that outlines the major…
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| AI | |
| ├── Machine Learning (ML) | |
| │ ├── Supervised Learning | |
| │ │ ├── Regression | |
| │ │ └── Classification | |
| │ ├── Unsupervised Learning | |
| │ │ ├── Clustering | |
| │ │ └── Dimensionality Reduction | |
| │ ├── Reinforcement Learning | |
| │ └── Semi-supervised Learning |
sudosuraj
/ NetBIOS.md
Last active
February 18, 2025 05:11
What is NetBIOS? How to use it in penetration testing? Here is all you need to know about NetBIOS as penetration tester.
NetBIOS (Network Basic Input/Output System) is a legacy protocol that still plays a role in many Windows networks. It handles several functions:
-
Name Servicing:
NetBIOS allows computers to register and resolve 16-character names. This makes it possible to identify and communicate with devices on a local network using human-readable names. -
Connectionless Communication:
It supports communication methods that don’t require a sustained connection. This means messages can be sent without establishing a persistent link. -
Session Layer Functions:
While primarily associated with lower-level operations, NetBIOS also provides some session layer capabilities to manage communication sessions.
sudosuraj
/ portscanning.md
Created
February 18, 2025 03:01
explanation of various port scan types and evasion techniques—with real command examples using nmap and hping3. Using these examples, you can experiment with different scanning techniques and understand both the underlying network behavior and the methods used to evade detection.
-
What It Does:
Completes the entire TCP three-way handshake (SYN → SYN-ACK → ACK) to fully establish a connection and then tears it down (often with an RST). -
Pros & Cons:
- Pros: Most reliable; uses standard OS networking calls.
- Cons: Easiest to detect since it creates a real connection.
-
Nmap Example:
sudosuraj
/ CEHv13 AI Question Dumps.md
Created
February 12, 2025 17:40
- Which tool can be used to perform session splicing attacks?
- Which of the following characteristics is not true about the Simple Object Access Protocol?
- According to the Payment Card Industry Data Security Standard, when is it necessary to conduct external and internal penetration testing?
- What scanning technique does Alex use when he splits the TCP Header into many packets to make it difficult to determine their purpose?
- What kind of attack does Antonio perform when he uses several fake identities to create an illusion of traffic congestion in IoT networks?
- Which of the following wireless standards has a bandwidth of up to 54 Mbit/s and signals in a regulated frequency spectrum around 5 GHz?
- Which IDS evasion method depends on the Time-to-Live (TTL) fields of a TCP/IP packet?
- What is the method of determining the movement of a data packet from an untrusted external host to a protected internal host through a firewall?
sudosuraj
/ FRIDA-OBJECTION-Cheatsheet.md
Created
February 12, 2025 13:26
sudosuraj
/ API Security Checklist.md
Created
February 12, 2025 13:24
Checklist of the most important security countermeasures when designing, testing, and releasing your API.
- Use a fuzzer for discover new APIs. For several levels.
- Enumerate restricted endpoints. For trying to bypass. Add to the final endpoint(..;/, etc).
- Modifying the request for additional parameters. For example: &admin=true.
sudosuraj
/ ADBCheatSheet.md
Created
February 10, 2025 06:16
In Users/sudosuraj.bash_profile add
export PATH=$PATH:/Users/sudosuraj/Documents/AndroidSDKs/sdk/platform-tools
export PATH=$PATH:/Users/sudosuraj/Documents/AndroidSDKs/sdk/tools
cd /Users/sudosuraj/Documents/AndroidSDKs/sdk/platform-tools
sudosuraj
/ crt.sh
Created
October 21, 2022 19:55
— forked from 1N3/crt.sh
A small bash script to gather all certificate sub-domains from crt.sh and save them to a file
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # | |
| # crt.sh sub-domain check by 1N3@CrowdShield | |
| # https://crowdshield.com | |
| # | |
| OKBLUE='\033[94m' | |
| OKRED='\033[91m' | |
| OKGREEN='\033[92m' | |
| OKORANGE='\033[93m' |
sudosuraj
/ gist:859b85505abbf4553a024340e9912b3e
Created
October 9, 2022 20:08
— forked from tillson/gist:620e8ef87bc057f25b0a27c423433fda
Decode Base64 strings in a git repo's commit history
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from pydriller import RepositoryMining | |
| import re | |
| import base64 | |
| foundSet = set() | |
| for commit in RepositoryMining('./').traverse_commits(): | |
| for mod in commit.modifications: | |
| if mod.source_code_before != None: | |
| regex = re.findall(r"<text encoding=\"base64\">[^>]+</text>", mod.source_code_before) | |
| for result in regex: |