Tools How-To

Operational Tooling Guides

Master the Instruments of Cyber Warfare

Theory is useless without execution.

This section is the technical field manual for the tools that define the battlefield. Whether you are hunting persistence in memory, mapping an adversary's perimeter, or living off the land, proficiency with these binaries is non-negotiable.

We do not provide "man page" summaries. We provide operational syntax—the exact flags, chains, and logic required to achieve effects in real-world environments.

Select Your Weapon →

The Philosophy of Tooling

In the hands of a novice, nmap is a noise generator. In the hands of an operator, it is a surgical scalpel. RootGuard "How-To" guides are structured to bridge the gap between basic usage and advanced tradecraft.

Dual-Use Reality: Every tool listed here is a weapon for the Red Team and a sensor for the Blue Team. You must understand both perspectives to defend effectively.
Syntax Over Semantics: We prioritise "copy-paste" operational one-liners that work under fire.

Operational Modules

🔬 Forensics & Artifact Analysis

Deep-dive inspection of compromised systems.

Volatility v3 Memory Forensics
- Extract encryption keys, process handles, and network connections from RAM.
- Key Skills: Plugin selection, memory profile identification, malware extraction.

⚔️ Offensive & Reconnaissance

Mapping the attack surface and validating vulnerabilities.

Nmap Scanning
- Beyond -sS. Evasion techniques, NSE scripting, and service versioning.
SQLMap
- Automating the detection and takeover of database clusters via injection.

🛠️ Living off the Land (LOLBins)

Native binaries used for persistence, exfiltration, and evasion.

Linux Find Commands
- The most underrated tool in Linux. Time-based hunting, SUID detection, and perm-bit analysis.
Netcat: Attack & Detection
- The "Swiss Army Knife." Reverse shells, data exfiltration, and port scanning.
PowerShell Tradecraft
- Execution policies, download cradles, and obfuscation detection.

Why These Specific Tools?

We focus on the Universal Baselines. These are the tools that are:

Ubiquitous: Likely to be found pre-installed or easily deployed.
Versatile: Capable of multiple functions (scanning, exploiting, analysing).
High-Impact: Mastery of these few tools yields exponential operational capability.

"A tool is only as dangerous as the operator behind the keyboard."

Authorised defensive and educational use only.

PreviousImpact (TA0040) Techniques NextLinux Find Commands

Last updated 15 days ago

hashtagOperational Tooling Guides

hashtagMaster the Instruments of Cyber Warfare

hashtagThe Philosophy of Tooling

hashtagOperational Modules

hashtag🔬 Forensics & Artifact Analysis

hashtag⚔️ Offensive & Reconnaissance

hashtag🛠️ Living off the Land (LOLBins)

hashtagWhy These Specific Tools?