Baric's knowledge Base
  • Baric
  • Security Programs
    • OSINT
      • Web Server Search
        • Censys Search
        • Shodan Exploits Search
        • Criminal IP Search Engine
        • Shodan Search
        • Zoomeye search
        • FQFA Search
        • Odin Online Device Search
        • LeakIX a site for finding leaks
        • Site Email Finder
      • Url scanning / testing online sites
        • Web Check
        • URLDna
        • Cyscan
      • OSINT Websites
        • Hackers-Arise
        • Hunter.io
        • Darkdump
        • OSINT people data
        • VPN & Proxy IP Detection Tool
        • IP2Proxy Proxy Detection
        • IP Address Lookup
        • Use this Ip-locator
        • Library Of Leaks
        • Pugrecon
        • Advanced search for Youtube
        • FilePhish
      • Counter OSINT
      • The Inspector
      • Blackbird
      • Bruter IP locate
      • Cloudmare
      • Cr3dOv3r credential reuse attacks
      • EMM OSINT SUITE
      • Gvision image location finder
      • Infoooze Osint
      • Iplocation Lookup
      • Linkedin Dumper
      • Metabigor OSINT tool
      • Netlas.io
      • NetSoc_OSINT socal media
      • OpenSquat
      • (API) OSINT Mantra
      • OSINT SPY Search using OSINT
      • OSINTUI
      • Sherlock OSINT
      • Snoop Project OSINT
      • Sublist115R
      • Ominis OSINT Toolkit Web-Search
      • X-OSINT
      • Eyedex find open server files
      • WhatsMyName
      • LeakSearch Tool to search password dumps and breached DB
      • Skytrack track planes
      • Tookie-osint
      • Telegram Explorer
      • Telegram search
      • You-Get download media contents (videos, audios, images)
      • Hawker Osint
      • Git Leaks
      • ShipXplorer tracking ships
    • Security FrameWorks
      • (docker) OffensiveDocker
      • ICS Security training
      • Catherine framwork
      • Ducksploit framework
      • InviZzzible VM tester
      • KitSec Framework
      • Opencti
      • Opensearch
      • Spellbook Rapid Development of Reusable Security Tools
      • Metasploit
      • W3af (Web Application Attack and Audit Framework)
      • Metasploit
      • AttackGen
      • Ronin-Recon
      • BetterCap
    • Threat Hunting
      • AIMOD2 Threat Hunting Framework
      • (IR) Untitled Goose tool
      • Bitlocker attacks
      • MISP Threat Intelligence Sharing Platform
      • Threat Hunting keywords
      • Velociraptor threat hunter
      • Win32 Offensive Cheetsheet
      • Introducing the REx: Rule Explorer Project
      • Awesome Threat Detection and Hunting
    • Shells
      • (py rat) WCE Windows Commander and Exfiltrer
      • (proxy_reverse shell) Stowaway
      • CaveCarver
      • Hoaxshell Reverse Shell
      • JavaRat
      • Keres PE reverse shell
      • Ninja_shell Portknocking
      • RAT- Collection
      • Sandman NTP
      • SCShell
      • SharPersist Windows persistence shell toolkit
      • Shell GPT
      • SocialX
      • Spark RAT tool
      • Stormbreaker
      • Villain Backdoor generator
      • WMiexec pro shell
      • Reverse Shell Generator
    • Reverse Engineering
      • (file navigator) Eviltree remake of tree command
      • (debugger) DnSpyEX
      • (Forensics) Forensictools
      • (lib_tool) MemProcFS ram forensics
      • (RE) Capa
      • (RE) Cyberpipe
      • (RE) Docker packing box
      • wwwtree
      • BLINT ELF, EXE vuln scanner
      • Ciphey automated decryption tool
      • EaseUS Undeleter
      • IATelligence Import Address Table (IAT) from a PE
      • laZzzy shellcode loader
      • PyOneNote parser
      • RE android app apk.sh
      • Recuva Undeleter
      • Reverse Engeneering Tools and Addons
      • Ubsym Bin Vuln Scanner
      • Volumiser VDMK_HDD Explorer
      • X64DBG RE debugger
      • Forensics - RecoverPy Un-delete Data
      • YaraDbg
      • Interactive PDF Analysis
      • Indetectables Toolkit
      • Binwalk
      • lightweight multi-architecture assembly playground
    • Phishing
      • Phishing Sites
        • Fake Site URL lookup
        • Phishtank URL lookup
        • Cert.pl malicious domains
        • Free Online Tools for Looking up Potentially Malicious Websites
        • Openphish
        • Urlscan + api
        • CheckPhish URL Checker
        • Artists Against 419 spam
        • Find Certs of newly added sites
        • UrlDna Website Breakdown
        • Free Phone Validation Lookup
        • Phishing URL Checkers
        • Phishing with Google Calendar
        • Scamminder
      • BeEF
      • (defense) Conan account finder
      • (defense) Mailto analyzer
      • Clifty Phishing tool
      • Evil no vnc phishing
      • Evil Qr
      • Evilginx 3.0
      • Gophish
      • Poastal
      • Squarephish phishing
      • WhatMail email header analyzer
      • DNStwist phishing domain scanner
      • Discord-QR-Scam
      • CuddlePhish
      • domain-park
      • VOIP phone services
        • Jitsi phone
        • Microsip Phone
        • 3CX phone
        • BRIA formally X-lite phone
        • linphone phone
      • HEDnsExtractor
      • CyberPhish
      • PhishMailer
    • Browser Tools
      • Tamper Monkey Extension
      • Mercurial Grabber
      • (py) Decrypt Chrome Passwords
      • browser forensics
      • BrowserHistoryView
      • ChromePass
      • SharpWeb
      • Stalking inside of your chromium
      • HackBrowserData
      • Stratosphere Browser Recorder
      • Monolith
      • Browser.lol
      • Mitmproxy - open source interactive HTTPS proxy.
      • BrowserGhost get browser data
      • BrowserAudit
      • I-See-You
      • DB Browser for SQLite
      • CursedChrome
      • SOC Multi-tool
    • Mobile
      • ApkHack Backdoor
      • (IOT) MQTT Explorer
      • APKLeaks Scanner
      • Ghost Track
      • Moriarty project
      • OWASP (MAS) Mobile Application Security
      • PCAPdroid
      • Phonesploit pro
      • R4ven mobile ip and location
      • Rafel Android RAT
      • Seeker get location
      • Striker app
      • Symbiote camera access
      • Tiny check
      • Android RAT with Firebasedb
      • NetGuard App internet limiter
      • BlueSpy
      • BlueToolkit
      • DH-Hackbar
      • Sippts VoIP Scanner
      • Frida Script Runner
      • B4Bomber Android Version
      • SocialSploit
      • ApkdeepLens Vuln scanner
    • Audit and Scanners
      • OpenVAS/Greenbone
      • Nikto Scanner
      • OpenSCAP
      • (linux) Vuls agentless vuln scanner
      • Lynis (Linux or mac) vuln scanner
      • Trivy scanner
      • Clair Scanner for docker containers
      • Sploitscan .py
      • OWASP Zap
      • ZMap Internet Scanner
      • nrich IP vuln scanner
      • Viper
      • kscan rdp bruite an network scanner
      • Above network vuln scanner
      • GoGo port scanner
      • GobyVuls
      • Flan scan network vulns
      • Goscan vuln scanner
      • aFrog vuln scanner
      • TPM 2.0 vuln scanner
      • osv-scanner by google
      • Sirius scanner vulnscan opensourced
      • Envizon network visual and pentesting
      • Arkime packet scanner
      • CredSweeper
      • WiDefend RAT scanner
      • Ludvig container,FS and github vuln scanner
      • Grype container img vuln scanner
      • extAnalysis vuln scanning
      • Python network port scanner
      • Universal Scanner network
      • Soldr endpoint detection scanner
      • dep-scan security audit
      • smbeagle filesahare audit tool
      • Fenrir linux incator of compremises scanner
      • Parchu web vuln checker
      • Angry IP scanner
      • Nuclei Scanner
      • rmap
      • Slooth Security Vulnerability Search and Management System
      • Wireshark
      • TcpDump
      • grype docker and file system scanner
      • APTRS vulnscanner
      • Microsoft Attack Surface Analyzer
    • Windows
      • NETworkManager
      • Ntlmscan
      • Onedrive_user_enum v2.00
      • PersistenceSniper
      • PingInfoView
      • Policyplus local gpo editor
      • PowerlessShell
      • PS2 powershell port scanner
      • Powersharppack
      • PXEThief
      • Pyrdp monster in the middle
      • RegistryExtraction py
      • Roadtools azure ad
      • SharpExchange Exchange server communicating
      • Snaffler AD sniffer
      • SharpRDPHijack
      • SSH Putty bruteforcer
      • AD - HEKATOMB scan and crack
      • AD - Pen-test Powershell Tools Modules
      • AD - Privileger
      • AD - LinWinPwn AD vulnScanner
      • (event log reader) APT Hunter
      • log - WELA (Windows Event Log Analyzer)
      • packer exploit - macropack community
      • powershell - DomainPasswordSpray
      • powershell - MFASweep
      • LocalAdminSharp
      • SMB - RSMBI Scanner
      • AD LDAPnomnom extract usernames
      • AADinternals
      • AD Ping castle
      • AD PywerView
      • AD scrape ScrapingKit
      • AuditPolCIS
      • AzureGoat vuln AD emulator
      • Azure AD password checker
      • BadZure misconfigured Azure AD
      • C# azure offensive tools list
      • Chainsaw
      • CrackMapExec
      • Dir2json directory listener
      • DNSTake scan for missing dns zones
      • ETWMonitor
      • Game of Active Directory
      • GetLAPSPassword
      • Grouper 3 find vulns in AD GPO
      • Hayabusa windows log analyser
      • Invoke ADEnum
      • Invoke PowerExtract
      • Isassy remote cred extractor
      • MFASweep powershell check user for mfa
      • Microsoft AttackSurfaceAnalyzer
      • TrlDNet file type finder
      • Windows computer basic security checks
      • Windows dedfender remover
      • Windows LOLDrivers scanner
      • WinPWN
      • StandIn AD post compromise toolkit
      • Starkiller
      • Token Universe
      • Go-Secdump
      • Microsoft Activation Scripts (MAS)
      • Total-Recall Microsoft recall reader
      • NetworkMiner
      • PowerHuntShare
      • SharpBruteForceSSh
      • AzureGraph
      • MDEtester
      • HDCleaner
      • TweakPower
      • RegCool
      • EventLogViewer
      • RegShot
      • Process Monitor
      • Process Hacker
      • AutoRun
      • TCPView
      • Dependency Walker
      • Sandboxie Malware Sandbox
      • Windirstat
      • HXD Hexeditor
      • Unlocker File Unlocker
    • Bug Bounty
      • Online Resources
        • Dorking
          • List OL Dorks
      • Burp Community (free version)
      • Caido (burp alt)
      • Ghauri SQL injection
      • Open bullet pen-testing tool
      • FirebaseExploiter
      • Easy Scan website scanner
      • (git) Nosey Parker
      • Artemis web vulnerability scanner
      • PHP Cookie Stealer
      • Lookyloo website tree graph
      • Jira-scan
      • Stealerium key logger
      • Naabu site port scanner
      • Socialhunter
      • Klyda form password spray
      • WordPress scanning tool
      • Jbin-website-secret-scraper
      • ReconBulk subdomain
      • PyMeta site extracter
      • Interactsh opensourced burp
      • WafWoof
      • WhatWaf waf finder
      • Endext endpoint scraper
      • Python recon scripts web auditing
      • DomoArigato audit robox.txt
      • Amass OWASP web scanner
      • Feroxbuster
      • FOFA Viewer web scanner
      • BHEH's SecretOpt1c scanner
      • (bugbounty) Wildcrawl
      • CMSmap website vulnscan
      • SQLMap
      • GraphQLmap
      • (vuln scanner) Web Security Scanner
      • FFUF fuzzer
      • Shodan Scrapper
      • TruffleHog
      • Kiterunner
      • Arescan Advanced Directory Discovery Tool
      • Caido web app audit
      • Gungnir - Domain cert monitor
      • Scilla
      • WebCopilot
      • Subdominator
      • Web-Check: The Ultimate Toolkit for Website Analysis and Security Assessment
      • DorkGPT
      • Hexa Keylogger
      • Lazy Dork
      • AdminDirectoryFinder
    • Privacy
      • Privacy Sites
        • Fake Name and Information generator
        • Fake Profile Picture Generator
        • Burner Emails
        • Burner Phones Numbers
        • Mailfence
      • Tor
        • Tor-Bot Dark-web scanner
        • OnionScan - Tor
      • I2P
      • OpenVPN
      • Proxxy - a proxy scraper
      • Opera-proxy
      • Gluetun VPN client
      • Mullvard browser VPN
      • Tailscale VPN
      • Google Results about you
      • Fireprox
      • Proxycannon-ng
      • Gigaproxy
      • White Intel - A DATA ANALYTICS TOOL FOR DETECTING BREACHES FROM INFORMATION STEALERS
      • (Paid) Private Internet Access
      • Privacy.sexy
      • Personal privacy checklist
    • Useful Online Links
      • Hugging face AI LLM models
      • Hunter internet device finder, like Shodan
      • JSONcrack
      • Knowledge Base by offsec
      • Microsoft Build code examples
      • MITRE ATT&CK information
      • Proxy Servers Site
      • Russian Search Engine
      • There's a AI for that
      • Tiny Tools
      • World Eventmap
      • Youtube Downloader
      • TinEye Reverse Image Search
      • Browser exploit CTF challenges
      • Blackhat Russia Tools
    • Spiders and Scrapers
      • NodeCraw
      • WebPalm
      • SpiderSuite
      • SmbCrawler
      • Bright data web scraper browser
      • Webscrape get email and phone
      • Jsoup: java HTML parser/scraper
      • HttpLoot
      • Katana Spider
      • G-Scraper
      • Email Crawler
      • creepyCrawler
      • Maxun auto web-scraper
      • Scraperr Spider
      • Scrapling Web-Scraper
    • Command and Control
      • Merlin C2
      • Periscope C2
      • ShadowForge C2
      • Primus C2
      • C2 Hunter RE
      • SharpFTPC2
      • Google calender Rat (C2)
      • MaccaroniC2
      • Nimbo-C2
      • Havoc C2 Server
      • Mystic C2
      • Silver C2
      • Striker C2 Recon & Vulnerability Scanning Suite
      • Hades c2
      • Phoenix C2
      • Supershell C2
      • Emp3r0r C2
      • C# Hardhat C2
      • AM0N-Eye C2
      • Python Pupy RAT
      • Python TrevorC2
      • Python Weasel DNS beacon C2
      • Cisco ASA Anyconnect faker
      • C# rasta-mouse SharpC2 server
      • Overlord - red team automation
      • Redblood C2
      • Nemo post-exploitation framework
      • Discord as a C2
      • Octopus C2 Server
      • Empire C2 framework
      • RedGuard C2
      • convoC2
    • HoneyPots
      • Honeypots
      • Respotter
      • HoneyDB
      • Dionaea honeypot - Building a Honeypot to Capture Zero-Day Exploits
      • HoneyPots 20+
  • Development
    • BOF and Coff Executers
      • COFF Loader
      • (golang) Doge-COFFLdr
      • community BOF plugins colbolt strike
      • kernal coff loader
      • Running Cobalt Strike BOFs from Python
      • RunOF BOF executer
      • BOF.NET - A .NET Runtime for Cobalt Strike's Beacon Object Files
    • Code Scanners
      • Mobsfscan android safe code scanner
      • Sourcegraph search github codebase
      • grepmarx
    • Databases
      • MySQL Fake Server
      • Beekeeper studio remote SQL viewer
      • SQLite and Nodejs
      • ChartDB
      • Metabase
    • Docker
      • Remap Ports
      • Basic commands
      • Security Playground
      • Install docker-compose on linux
      • Awesome Compose Docker
      • Nginx-proxy-manager docker
      • Compose Craft
      • Docker Linux Server
      • ntfy.sh | Send push notifications to your phone or desktop via PUT/POST
      • Docker Self hosted collection
    • API and Scraping Sources
      • Scraping
        • CVE feeds
        • CVEDetails - site
        • CVE PoC - github
        • NVD CVE Search - site
        • Packet-storm Exploits search - site
        • CVE shodan JSON endpoint
        • Cisco Talos CVE reports and zero-days
        • Zero-Day.cz
        • Zero-Day Initiative
      • Github Data Sources
        • Pinokio AI Collection
        • Mail checker list of bad email domains
        • Motikan2010 (sec)
        • C2-tracker
        • Nomi Sec (Exploits)
        • IPsum bad IP's
        • romainmarcoux bad IP addresses
        • Data-cve-poc Exploits
        • Free Threat Intel/IOC Feeds
      • (paid) Text message api
      • (api) internetdb.shodan.io
      • Awesome-security-Apis
      • Clemiller ATT&CK v12.1 Enterprise
      • Cve Score API
      • Dummy Json products
      • Password Purgatory
      • REGEX pattern database
      • (api) Scamadvisor api
      • Telegram-API: a Python-based open-source tool for Telegram
      • Vuln feed alot abit
      • VX-underground malware API
      • Markdown badges API
      • Weather alerts Api
      • Wordlist API
      • Alienvault threat feed API
      • IP2Location
      • WebCheck API
      • Wordlists specially for API routes fuzzing
      • (paid) Netify Network intel
      • (semi free)IPHQ Fraud and Cyber Threats API
      • API-Security-Checklist
      • Scamalytics IP Search API
      • AbuseIPDB API IP checking
    • Microsoft KQL
      • KQL hunting email Queries
      • KQL hunting with Azure and Log Analytics
      • KQL Hunting URLS Queries
      • KQL Identity-based Attacks
      • KQL search
      • KQL Github Pages
      • Generate KQL queries
      • KQL Hunting-Queries-Detection-Rules
      • KQL Sources
    • AD PS Commands
      • Microsoft online Cloud Shell
        • Commands
        • Help
        • 365 Powershell Commands
      • ( AD ) Active Directory Powershell Commands
      • AD command website
      • Azure Active Directory Powershell Commands
      • Network Powershell Commands
      • Powershell port scanner
      • Set service recovery options in powershell
      • Powershell Gallery
      • Basic Powershell commands
      • Push notification Windows ps1
      • Run app with Admin creds through powershell
      • Powershell Auditing Commands
    • HomeLab
      • Awesome-Self hosted collection
      • Docker Apps
        • Rancher Kubernetes cluster
        • Portainer Docker Management
        • DocCat
        • Dashy HomeLab Home page
        • Huginn Agents
      • ISO's
        • (windows) atlas OS
        • (Paid) Acronis True Image
        • Chimera Linux gaming OS
        • Commando-VM pen-testing suite for windows
        • Cyberpunk OS osint
        • Flare-VM Malware reverse engineering image
        • Hiren BootCD PE
        • KVM hypervisor Ubuntu
        • MedCatUsb live disk
        • OSINT VM
        • Pxeboot
        • Qubes OS hypervisor 1, Vm
        • Sherlock Osint os
        • ShredOS -Disk Eraser
        • Slingshot Linux Distribution
        • Sonatype Nexus3 Docker
        • ThreatPursuit-VM threat hunting suite for window
        • Ventoy
        • Windows 7 and 8 Download
        • Windows keys cheep
        • Windows security sandbox tools testing Vulns
        • wiztree hdd analysis windows
        • CSI Linux OSINT OS
        • UUP dump
      • Zabbix Monitoring
        • Agent install
          • Windows
          • Linux
      • Pi Weather Station
      • NetAlertX
      • MISP threat Management/Hunting
      • PiholeBlockList
      • Windows Development Server
      • Education Labs
        • VulHub Vulnerable docker Image
      • Media Server Torrents
      • Gitea Self-hosted Github
      • Performa Network Monitoring
      • Cockpit Project Headless Linux Server Controller
      • ipam server
      • PRTG network solutions
      • Monitoring domain controller with TIG suite
      • How to install NetHunter on TicWatch Pro
      • Sniffnet network monitor
      • openDns Web filter home
      • Exchange Server
        • Install exchange server
        • Exchange Create incident reports
      • Cisco Catalyst Switch
        • Finding Device IP
        • Adding and deleting VLANS
        • Turn on telnet and web UI
        • Modding config file
        • Show Command
        • Basic Commands
        • Connect to Switch
      • Rath Data Analysis and Visualization tools
      • BlueWave Uptime
      • Windmill Automation
      • Activity Watch
      • Checkmate
      • JetKVM IP based KVM
      • Myspeed testing and keep network speeds
      • GOSINT - Open Source Threat Intelligence Gathering and Processing Framework
      • GGH
    • Compliance
      • Self Audit Procedures
        • Cmmc
          • Level 1 assessment
          • Level 2 assessment
          • Level 1 and 2 task list
        • Nist
          • NIST SP 800-171r3, Protecting Controlled Unclassified Information in Nonfederal Systems and Organiza
          • Nist 800-171 R2 task list
          • NIST 800-171 PDF
        • Audit Reporting
          • pwndoc-ng
          • MSTIC Jupyter and Python Security Tools
          • APTRS reporter
          • SYSreporter
          • Kracken cracked PW reporter
          • Security Incident Handling Guide
          • DFIR TEMPLATES
          • Sans Policy template list
          • Pentest report template
        • Risk Management
          • Top misconfiguration networks
          • Control Categories
          • IT Disaster Recovery Plan
          • Assessment & Auditing Resources
          • (EPSS) Exploit Prediction Scoring System
          • What is zero trust
          • Risk Management basic steps
        • Dora - Digital Operational Resilience Act
        • FAR Federal Acquisition Regulations
        • Epeat Usable Devices
        • Harden Windows Security
        • Active Directory security assessment using PowerShell
        • What is EDR and XDR
        • What is IAM (Identity and access management)
        • What is PPI (Private Personal Information)
        • What is PAM (Privileged access management)
        • Account compromise procedure
        • End of life policy
        • (SPRS) Supplier Performance Risk System
      • PDQ
        • Commands
      • Entra Admin Center - Conditional Access
        • Conditional Access Manage named locations and IP ranges
        • Conditional Access - Block unknown or unsupported device platform
        • Microsoft Entra conditional access: block access by location
        • Azure AAD create a alert to email when conditional access and Audit logs catch a oddity
        • Apply Conditional Access Policy to Microsoft Copilot
        • Conditional Access block Microsoft Azure CLI
      • Password Auditing
        • DSInternals
      • GRC Tools (Governance, Risk, and Compliance)
        • CISO Assistant
        • Soc Chef Policy Creator
    • Siems and EDR
      • Splunk
        • Install
        • Splunk forwarder
          • Install forwarder via Powershell
          • Windows Defender event-viewer and logs
          • Powershell History Logs
        • Log Locations
        • Search Queries
          • Windows Detailed activity properties in the audit log
          • SPL Breakdown
          • SPL
        • Create a email alert
        • Monitoring a file from a PC
        • Resources
          • Detecting Business Email Compromise Using Splunk
          • Install Splunk AI Assistant for SPL
          • Turning on File Folder Auditing
          • Uploading lookup table csv file
          • Export Splunk results to CSV file
          • Open-source detection rules like SigmaRules and Splunk ESCU rules
          • Splunk research Detection, Analytics Playbooks and stats
          • Teams Detailed activity properties in the audit log
        • Creating Graphs and Dashboards
        • Splunkbase Apps
          • Splunkbase App Values
          • Verkada Splunk Integration
          • Microsoft teams add-on for Splunk
          • Add Bit-warden to Splunk
          • Top Splunk Apps
          • MITRE ATT&CK App for Splunk
          • Splunk Enterprise Security
        • Create/Modify User account
        • Stop auto logout
        • Splunk Deployment Server
          • Deployment Resources
          • Other Types of Deployment Servers that can be used
        • Calling Rest API from Splunk
        • Splunk Python Lookup Script app Development
        • (Settings) Data Inputs + Scripting Examples
        • Splunk Soar
          • Install SOAR
          • Connect Splunk Enterprise With SOAR
      • Wazuh
        • Default register agent config
        • Monitoring process to look for a app running
        • Alert number in wazuh
        • Custom Rules
        • Adding windows defender logs
        • Malware test files
        • Wazuh training
        • Wazuh remote commands endpoint agent
        • Wazuh to allow ssh to machine
        • Wazuh osquery
        • Wazuh manager server and agent upgrade
        • Wazuh download
        • Wazuh API
        • Wazuh agent (edit)
        • Custom Log File
        • location of config file
        • Make a user in wazuh and adding perms
        • Proof of concept guide
        • Wazuh endpoint agent custom config elements
        • Wazuh debug logs
        • Wazuh email notification
        • Wazuh moniter office 360
        • Wazuh making and modifying user groups
        • Wazuh Siem/EDR
      • Gravwell
        • Queries
        • Gravwell Docker Install
      • OpenEDR
      • Data for SIEM
        • IP from Companies
          • Microsoft
          • Google
          • misp-warninglists and tools to scrape
          • Azure cloud IP Addresses
          • T-mobile IP Geo location
          • Verizon Wireless IP Geo Location
        • VPN IP
          • VPN (nord, proton, ...)
          • Proton VPN and Data Centers
        • IP Block-Lists
          • domainthreat
          • Blocklist.de
          • Scam-Blocklist
          • Blocklist-ipsets
        • Malicious User Agents
          • User Agents
        • Proofpoint Emerging Threats Rules
    • Graphing Tools
      • Figma Program Graphing
      • Photopea
      • Mind map creating diagrams
      • OpenFreeMap
      • Data Formulator turn CSV files to graphs
    • Website Dev
      • RevolverMaps
      • Emailerjs
      • Kaspersky CYBERTHREAT REAL-TIME MAP
      • SafeLine WAF
      • (build this)fake captcha page
      • Bunker Web Waf
      • thttpd - tiny/turbo/throttling HTTP server
    • Lanuages
      • Node
        • Lets Encrypt
        • Quick start node
        • Gmail API retrieve emails from gmail
      • Golang
        • Quick start Go
      • Library
        • Mercy Rust lib pentesting
        • Offensive cpp
        • Graftcp
      • Python
        • Python to EXE file
        • Pwntools python lib
        • Python-For-Cybersecurity
        • How to Launch an HTTP Server in One Line of Python Code
        • Virus-Builder
        • Server Agent example Squidnet bot
        • Impacket Pentesting lib
        • NiceGUI python UI Lib
        • Mac - Python starting a venv
      • bash
        • Check for Leaked Passwords on HaveIBeenPwned
    • GitHub
      • Make Personal tokens for use in your programs
      • OpenSauced github repository finder
    • Gaming
      • Ryujinx Switch Emulator
      • Runescape Botting
        • osBot
          • {1} how to begin
          • {2} basic script
          • {4} helper methods
          • {3} building script
          • {5} accessing the Inventory, Bank, Player, etc. instances
          • {6} Positions, areas and moving the player
          • {7} Entities (Players, RS2Objects, NPCs and GroundItems)
          • {8} Interactions
          • {9} Sleeping
          • {10} Items and ItemContainers (Inventory, Bank, Equipment, Store, ...)
          • {11} Filtering
          • {12} Widgets
          • {13} Painting, messagebox
          • {14} Putting it all together
          • {15} Adding a GUI
          • osrs botting software
          • resources
          • Where to mine
        • OSRSBot
          • OSRSBot basics
        • runeLite
          • Runlite dev setup
      • World of Warcraft on a Steam deck
    • Cursor AI code editor
  • IT Help
    • Windows
      • SYSAdmin
        • Tools
          • Psfile
          • Active Directory Explorer v1.52
          • ShareEnum file share Enum
          • ADRestore
          • Autologon
          • Active Directory Download link
          • notMyFault windows crashing tool
          • TestLimit
          • Windows password recovery tools
          • Install Active Directory Tools 10 and 11
        • Export OneDrive usage report in Microsoft 365
        • How to Configure High Volume Email in Microsoft 365
        • Monitor connected remote clients for activity and status
        • Windows common commands enum
        • Commands Group policy updating an checking status
        • Audit Active Directory in windows
        • Common Microsoft Resources in Azure Active Directory
        • Audit Microsoft 365 logs
        • Windows Triaging with Powershell — Part 1: Parsing Event Logs
        • How to Give OneDrive Access to Another User
        • List of devices connected to Microsoft
        • Check who has remoted in to a PC
        • Diskpart Format Disk
        • Active Directory – How to track down why and where the user account was locked out
        • Take User out of cached exchange mode in settings
        • Commands Group policy updating an checking status
        • Clear Windows Creds
        • (Purview) Microsoft 365 - How to create an alert policy
        • Making a AD group and adding a security policy
        • Azure event codes
        • Delaying a service starting in Microsoft
        • Block a message from being sent or received based on the file name extension of the attachment
        • Renew a root CA certificate
        • Plan and deploy on-premises Microsoft Entra Password Protection
        • How To Make An Automated Windows 11 Install USB, Updated for 2025
      • Office Product
        • Classic Outlook desktop can't read encrypted email
        • Create a desktop shortcut for an Office program
        • How to Disable access to install Office add-ins
        • Outlook shared email location
        • Excel Developer Tab in ribbon
        • Create Outlook Rule to Forward Incoming E-mails
        • How to Create Distribution Lists in Outlook
        • Hard delete mailbox without deleting user account in Microsoft 365
        • Send automatic out of office replies from Outlook.com or Outlook on the web
        • How to remove a saved email address from Outlook's autocomplete List
        • Outlook 365 unthreading email replies
        • How to Force Outlook(Classic) to Update the Job Title
        • Block or unblock senders in Outlook
        • Install Microsoft Projects
        • Outlook Send as or as behalf Email
        • How to make lined paper in Microsoft word
      • Group Policy
        • Configure User’s Folder Redirection with Group Policy
        • Make Edge open a custom site
        • How to unlink and link GPO policies
        • Creating a Security Group, adding to folder and Disabling Inheritance
      • How to uninstall a program through windows command prompt
      • Change Password in windows and mac
      • Reinstalling RDP on a windows machine
      • Microsoft .net 3.5 keeps popping up and wont install
      • Flare-VM Sandbox Guide: Creating an Isolated Lab Environment for Malware Analysis & Reverse Engineer
      • Add swap memory to lower ram devices
      • Limit what the account can logon to an hours accessed
      • How to delete user profiles windows
      • "HTTP Error 503. The service is unavailable" then browsing to /ECP "exchange 2019"
      • How to disable "shake to minimize" on Win10
      • Check who has remoted in to a pc
      • Download and exe payloads from DNS
      • C# 2013 Default certificate could not be created. Publish aborting
      • Windows S mode disable
      • EventLogging
      • TCP packet cheat sheet
      • Common ports and services
      • Edge How to create a shortcut that launches a non-default-browser to a website
      • Windows 11 camera not working Error: 0xA00F429F
      • Native Bypass CredGuard
      • Schedule Automatic Reboots Using Task Scheduler Reboot
      • Windows server 2022 not able to default view image files like png, jpeg and ext ...
    • Mobile
      • Enter Android’s Bootloader
      • Set Up Microsoft Authenticator
    • Programs
      • Make A OVA file from you virtual box VM
      • Adobe XI redact location
      • Yubikey Manager
      • Security Camera ExacqVision Key Shortcuts
      • Forensic Analysis of LNK Files
      • How to Enable and Disable Sync in Chrome and Edge
      • Cisco Wi-Fi not working how to Unblock IP in barracuda
      • Chrome & Edge Import export bookmarks
      • How to Create Multiple Chrome Profile Shortcuts on Your Desktop
      • 7zip opening vdmk file
      • Add VMware tools to Debian
      • Forensics make a live copy of PC
      • Forensics get LM hash from windows PC
      • Hyper-V
      • Resetting Windows 8.1 Password Hack
      • Finding encrypted files on PC
      • PDQ
        • PDQ Connect
          • Install Agent
          • Offline Computer Target
          • Deploy to Device
      • Hyper-v Make Linux full screen
      • Linux Firewall commands
      • PowerDNS and PowerAdmin rocky linux
      • Find saved passwords on PC
      • How to Fix “iMessage is Signed Out” Error on iPhone
      • How To: Connect To A Network Shared Folder With Mac OS X
      • Install Cisco AnyConnect Secure Mobility Client on a Mac Computer
      • Bitwarden Import Data from LastPass
      • Create a desktop shortcut to open a specific URL in Chrome while default browser is Edge
      • Removing Edge popups
      • Chrome clear cashed browser data
      • Dropbox taking up storage on physical devices
    • Networking
      • DNS
        • Overview
        • Configure forwarders, delegation and root hints
        • Root servers with map in the world
        • Primary and Secondary DNS Zones
        • Zones and SOA(state of Authority)
        • Types of records
        • Record Management and Updates
        • Single- Label Name Resolution and Suffix
        • Server Properties
        • Protection
        • Policies
        • Monitoring and Troubleshooting
      • TCP/IP
        • IPv4
        • IPv6
        • IPv4-to-IPv6 Transitional Technologies
      • DHCP
        • Install DHCP and Sending Order
        • DHCP Scopes
        • DHCP Options
        • Advanced Scopes - Super-scopes, Multicast Scopes and IPv6
        • Centralized DHCP and PXE
        • DHCP Policies
        • Maintain the DHCP Database
        • Troubleshooting DHCP
    • Resume tools
      • Latex resume builder
      • Eforms
      • eSign
      • MarkItDown
  • Security Education
    • Monthly Security topics Outline
    • Do not call number spam
    • Games
      • Cyber Awareness Challenge
      • Cyber Crosswords
      • Damn Vulnerable Restaurant
      • Education arcade cyber security Game
      • Nova Games Cyber Security
      • Texas A&M cyber security games
      • CTF time
      • National Cyber League CTF game
      • Forensics Simulation Compromised Windows server 2022
    • Sec News
      • The Tor Times
      • Darkfeed.io Ransomware
      • All Info-sec News
      • Write-ups - Pen-tester Land
      • Dark Reading
      • Defcon Site
      • The Sysadmin Channel
      • Security Affairs
      • Malware Gallery, History of Malware
      • meterpreter.org
    • Online Learning
      • pwn.college
      • Cisco Ethical hacker lab
      • Windows Privilege Escalation Crash Course
      • Hack the box
      • Try hack me
      • Hacknetics Pentesting Gitbook
    • Comics
    • Communities
      • Onniforums
      • Morioh programmer social media
      • Null.to
      • (ru) Xxs.is blog
      • Breached forums
      • D4rk forums
      • Hack Forums
      • Ohio Infosec
      • Doxbin
      • Bug Bounty Community
    • Videos
      • Barracuda
      • Microsoft
Powered by GitBook
On this page
  1. IT Help
  2. Networking
  3. DHCP

Install DHCP and Sending Order

Terms
Definitions

Dynamic Host Configuration Protocol (DHCP)

A component of the TCP/IP protocol suite used to assign an IP address to a host automatically from a preconfigured pool of addresses.

DHCP Server Authorization

The process of enabling a DHCP server in a domain environment to prevent rogue DHCP servers from functioning on the network.

DHCP Server

A computer that runs the DHCP Server service, holds information about available IP addresses and related configuration information as defined by the systems administrator, and responds to requests from DHCP clients.

DHCP Client

A computer that gets its IP configuration information using DHCP from a DHCP server.

Address Pool

Available IP addresses form an address pool within the DHCP scope. The pooled addresses are available for the DHCP server to dynamically assign to DHCP clients.

Broadcast

A packet addressed to all computers on the network.

Dynamic Host Configuration Protocol (DHCP) centralizes IP address assignment management by allowing a server to dynamically assign IP addresses to clients. DHCP also allows users who move from network to network to easily obtain an IP address appropriate for the subnet they are connected to. The DHCP server and the client use broadcasts to communicate with each other. An easy way to remember how DHCP works is to use the acronym DORA. DORA stands for discover, offer, request, and acknowledge. The table below describes the method clients use to obtain an address from a DHCP server.

Broadcast
Description

DHCP Discover (D)

The client begins by sending out a DHCP Discover broadcast to identify DHCP servers on the network.

DHCP Offer (O)

A DHCP server that receives a Discover advertisement from a client responds with a DHCP offer. The offer contains a proposed IP address lease. If more than one DHCP server sends an offer packet, the client usually responds to the first DHCP offer that it receives.

DHCP Request (R)

The client accepts the offered address lease by responding with a DHCP request broadcast.

DHCP ACK (A)

The DHCP server responds to the request by sending a DHCP ACK (acknowledgement) broadcast. At this point, the IP address lease is established between the client and server.

DHCP Installation

DHCP is installed by adding the DHCP role. This is done using Server Manager and will add the DHCP service along with the DHCP Snap-in. Before you can use DHCP, you need to complete its installation and authorize its use. This process also creates the DHCP user groups that will be required. After installation is complete, you access DHCP by going to Administrative Tools and selecting DHCP from the list.

The DHCP server must be assigned a static IP address.

DHCP Authorization

Authorization is necessary to keep unauthorized DHCP servers off the network. Unauthorized DHCP servers can cause problems such as handing out wrong addresses and keeping a user from accessing network resources. The following table discusses facts related to the DHCP authorization process.

DHCP Authorization
Description

Requirements

Authorization requirements for a DHCP server include the following:

  • Authorization is required if you are using Active Directory; no authorization is required for a standalone server.

  • If you use Active Directory, DHCP servers must either be domain controllers or domain member servers to be authorized.

  • When you authorize a DHCP server, its IP address is added to a list of authorized DHCP servers maintained in Active Directory.

  • To authorize a DHCP server, you must be logged in as a member of the Enterprise Admins group. If you install a DHCP server as an enterprise admin, the server is automatically authorized.

Verification

Keep in mind the following about DHCP server authorization verification:

  • You can authorize a server before or after DHCP is installed.

  • When a DHCP server starts, its IP address is compared to the Active Directory list. If it is found, the server is allowed to issue IP addresses. If it is not found, the server automatically shuts down before completing the startup process.

  • A Windows DHCP server checks for authorization when it boots and reauthorizes every five minutes.

  • DHCP servers running other operating systems, such as Linux or Unix, do not check for authorization with a domain controller before assigning addresses.

Keep in mind the following when configuring a DHCP server:

  • It is beneficial to configure the DHCP service to auto-start.

  • The DHCP server must be assigned a static IP address.

  • When you set up DHCP on a member server and add a user to the DHCP Administrators group, that user has DHCP Administrator rights only on the member server. If you delegate administration on a domain controller, the DHCP administrator has rights on all DHCP servers in the domain.

Lab install DHCP

  1. Install a DHCP role as follows:

    1. From Hyper-V Manager, select CORPSERVER.

    2. Maximize the window to view all virtual machines.

    3. Right-click CorpDCHP and select Connect.

    4. From Server Manager, select Manage > Add Roles and Features.

    5. In the Add Roles and Features wizard, click Next.

    6. Make sure Role-based or feature-based installation is selected; then click Next.

    7. Make sure CorpDHCP.CorpNet.com is selected in the Server Pool area; then click Next.

    8. Select the DHCP Server role.

    9. Select Add Features.

    10. Click Next.

    11. Click Next because no additional features are required for the DHCP Server.

    12. In the DHCP Server window, click Next.

    13. Select Install to add the selected role.

  2. Authorize CorpDHCP as a DHCP server as follows:

    1. In the center area, select Complete DHCP configuration to begin the DHCP Post-Install configuration wizard.

    2. In the DHCP Post-Install configuration wizard, click Next.

    3. Verify the credentials; then select Commit.

    4. Click Close to close the DHCP Post-Install configuration wizard.

    5. Click Close to close the Add Roles and Features wizard.

  3. Configure and activate a DHCP Scope as follows:

    1. From Server Manager, select Tools > DHCP.

    2. Expand CorpDHCP.CorpNet.com.

    3. Right-click IPv4 and select New Scope.

    4. In the New Scope wizard, click Next.

    5. In the Name field, enter the name of the scope and then click Next.

    6. Enter the start IP address.

    7. Enter the end IP address.

    8. Make sure the subnet is 255.255.255.0.

    9. Make sure the length is 24; then click Next.

  4. Click Next to ignore any exclusions and delays.

  5. Enter 5 days as the lease duration and then click Next.

  6. Select No, I will configure these options later to postpone configuring other DHCP options and then click Next.

  7. Click Finish to close the wizard and create the scope.

  • Activate the DHCP scope as follows:

  1. Expand IPv4.

  2. Right-click Scope [192.168.0.1] Subnet1 and select Activate.

discover, offer, request, ack

Ask a member of the Enterprise Admins group to authorize the server.

DHCP server

Authorize Srv11.

The DHCP server responds with a DHCP Offer.

PreviousDHCPNextDHCP Scopes

Last updated 11 months ago