GEEKY LINKS

                                     GEEKY LINKS

http://patorjk.com/software/taag/#p=display&f=Graffiti&t=Type%20Something

http://rumyittips.com/

http://www.gauthampdas.com

http://www.noobslab.com/

http://www.maketecheasier.com

https://wiki.archlinux.org/

http://www.shellcheck.net/

wiki.manjaro.or

http://www.thegeekstuff.com

https://bbs.archlinux.org/viewtopic.php?id=130515&p=1

http://0×32202.tumblr.com/

http://www.thehackinguniverse.com

http://www.pentestgeek.com/

http://jameslovecomputers.wordpress.com

https://www.pentesterlab.com/

http://www.commonexploits.com

http://n00bpentesting.com/

http://blog.secureideas.com/

http://nixsrv.com/llthw/ex1

http://needsec.com/

http://hackonadime.blogspot.com/

http://kaoticcreations.blogspot.com/

http://itsecgames.blogspot.be/

http://tipstrickshack.blogspot.com/

http://www.offensive-security.com/metasploit-unleashed/

http://tipstrickshack.blogspot.com/

http://network-pentest.com/

http://www.hackingarticles.in

http://packetstormsecurity.org/

http://g0tmi1k.blogspot.com/

http://www.irongeek.com/

http://www.n1tr0g3n.com/

http://www.isdpodcast.com

http://geekblog.tv

http://pentestmag.com/

http://vishnuvalentino.com/

http://www.backtrack-linux.org/

http://www.instructables.com/

http://pcsci3nce.info/

http://www.coresec.org/

http://rajhackingarticles.blogspot.com

http://www.hackingarticles.in

http://comax.fr/

http://translate.google.it/translate?hl=it&sl=it&tl=en&u=http%3A%2F%2Fsicurezza.html.it%2Fguide%2Fleggi%2F220%2Fguida-sql-injection-con-sqlmap%2F

http://torpedo48.it/

https://www.phillips321.co.uk/pentest-sh/

http://www.securitytube.net/

http://www.aftershell.com/

http://theunl33t.blogspot.com/

http://sixthevicious.wordpress.com

http://securityoverride.com/

http://www.hacker10.com

http://smashthestack.org/

http://linuxpurist.com/

http://sectools.org/

http://www.comptechdoc.org/

http://www.maxi-pedia.com/

http://dookie.dkearns.ca/

http://www.simplewifi.com

http://www.touchpadplus.com/

http://www.cybercode.rs/

http://www.backbox.org

http://zer0byte.com/

http://www.shadowrx.com/forums

http://mile2.com/

http://www.webupd8.org/2011/10/official-gnome-shell-extensions.html

http://www.janoweb.net/

http://www.freerainbowtables.com/

https://greyhat-security.com/

http://www.milw0rm.com/

http://easylinuxwifi.org/

http://hackertarget.com/

http://www.southernspeakers.net/

http://j2neon.blogspot.com/

http://www.webupd8.org/2011/10/official-gnome-shell-extensions.html

http://www.coresec.org/2011/10/08/online-penetration-testing-tools/

http://www.n1tr0g3n.com/

http://dangertux.wordpress.com/2011/11/16/metasploitable-guide-part-1-rooting-metasploitable/

http://www.ehacking.net/

http://unconciousmind.blogspot.com

http://bl4ck5w4n.tk/

http://41j.com/blog/

http://www.deluxe-stylez.de/

http://adaywithtape.blogspot.com

http://avondale.good.net/dl/bd/

http://securityreliks.securegossip.com/

http://top-hat-sec.com/

http://r00tsec.blogspot.com

http://www.offensive-security.com/metasploit-unleashed/

http://exploit.co.il

http://www.wsec.be

http://www.exploit-db.com/papers/

http://kat.ph/packet-level-com-laura-chappell-s-master-library-full-t3825062.html

http://securityowned.blogspot.com

http://www.theprojectxblog.net

http://redmine.backtrack-linux.org:8080/projects/backtrack

http://www.aircrack-ng.org/doku.php#tutorials

http://www.aircrack-ng.org/doku.php

http://www.aircrack-ng.org/doku.php?id=tutorial

http://www.2epub.com/

Pentesting Must have Links for setting up an attacker machine

http://www.amanhardikar.com/mindmaps/PracticewithURLs.html
http://r00tsec.blogspot.com/2011/02/pentest-lab-vulnerable-servers.html
http://bailey.st/blog/2010/09/14/pentest-lab-vulnerable-servers-applications-list/
http://blog.taddong.com/2011/10/hacking-vulnerable-web-applications.html

Bookmarks Menu

Recently Bookmarked

Recent Tags

---

Blogs worth it

Carnal0wnage

McGrew Security

Blog | GNUCITIZEN

Darknet

spylogic.net

TaoSecurity

Room362.com

SIPVicious

PortSwigger.net

Blog – pentestmonkey.net

Jeremiah Grossman

omg.wtf.bbq.

Cатсн²² (in)sесuяitу

SkullSecurity

Metasploit

Security and Networking

Skeptikal.org

Digital Soapbox

tssci security

Blog – Gotham Digital Science

Reiners’ Weblog

Bernardo Damele A. G.

Laramies Corner

Attack and Defense Labs

Billy (BK) Rios

Common Exploits

extern blog SensePost;

Weapons of Mass Analysis

Exploit KB

Security Reliks

MadIrish.net

sirdarckcat

Reusable Security

Myne-us

http://www.notsosecure.com/folder2/

SpiderLabs Anterior

Corelan Team | Peter Van Eeckhoutte (corelanc0d3r)

DigiNinja

Home Of PaulDotCom Security Podcast

Attack Vector

deviating.net

Alpha One Labs

SmashingPasswords.com

wirewatcher

gynvael.coldwind//vx.log

Nullthreat Security

Archangel Amael’s BT Tutorials

memset’s blog

ihasomgsecurityskills

punter-infosec

Security Ninja

Security and risk

GRM n00bs

Kioptrix

::eSploit::

PenTestIT — Your source for Information Security Related information!

Your source for Information Security related information!

Forums

BackTrack Forums

EliteHackers.info

InterN0T forum

Government Security

Hack This Site Forum

iExploit Hacking Forum

Security Override

bright-shadows.net

ethicalhacker.net

sla.ckers.org

Magazines

(IN)SECURE Magazine

http://hakin9.org/

Video

http://www.youtube.com/user/monsoonami?feature=watch

The Hacker News Network

Security Tube

Irongeek -Hacking Illustrated

SecCon Archive

27c3-stream/releases/mkv

YouTube – ChRiStIaAn008′s Channel

YouTube – HackingCons’s Channel

Methodologies

Penetration Testing Framework

The Penetration Testing Execution Standard

Web Application Security Consortium (WASC)

OWASP top 10

social-engineer.org

Presentations

Enterprise Open Source Intelligence Gathering – Part 1 Social Networks — spylogic.net

Enterprise Open Source Intelligence Gathering – Part 2 Blogs, Message Boards and Metadata — spylogic.net

Enterprise Open Source Intelligence Gathering – Part 3 Monitoring and Social Media Policies — spylogic.net

Tactical Information Gathering

document_metadata_the_silent_killer__32974 (application/pdf Object)

footprinting – passive information gathering before a pentest

People and Orginizational

spokeo.com – People Search

123people.com

Spoke.com – Business Directory

Business Network – Social Network for Business Professionals

ZoomInfo

Pipl – People Search

Free People Search by ZabaSearch!

Free People Finder and Company Search | SearchBug

Free People Search

Addictomatic: Inhale the Web

Real Time Search – Social Mention

EntityCube

yasni.com | No. 1 free people search – Find anyone on the web

Tweepz.com – search, find and discover interesting people on twitter

TweepSearch :: Twitter Profile and Bio Search

Glassdoor.com – Company Salaries and Reviews

Jigsaw Business Contact Directory

Full Text Search

TinEye Reverse Image Search

PeekYou

PicFog – Quick Image Search

Twapper Keeper – “We save tweets” – Archive Tweets

White Pages | Email Lookup | People Find Tools at The Ultimates

Infastructure

Netcraft Uptime Survey

SHODAN – Computer Search Engine

Domain Tools: Whois Lookup and Domain Suggestions

Free online network utilities – traceroute, nslookup, automatic whois lookup, ping, finger

http://hackerfantastic.com/

WHOIS and Reverse IP Service

MSN IP Search

SSL Labs – Projects / Public SSL Server Database – SSL Server Test

MyIPNeighbors Reverse IP Lookup

Google Hacking Database, GHDB, Google Dorks

Domain – reports and all about ips, networks and dns

net toolkit::index

IHS |  GHDB

Exploits and Advisories

The Exploit Database

.:[ packet storm ]:.

SecurityFocus

SecurityForest

NIST

OSVDB: The Open Source Vulnerability Database

SecDocs IT Security and Hacking knowledge base

Nullbyte.Org.IL

CVE security vulnerability database

Secunia.com

CVE – Common Vulnerabilities and Exposures (CVE)

Cheat Sheets and Syntax

Big Port DB | Cirt

Cheat Sheet : All Cheat Sheets in one page

Security Advancements at the Monastery » Blog Archive » What’s in Your Folder: Security Cheat Sheets

Information about developments at the Monastery

Agile Hacking

Agile Hacking: A Homegrown Telnet-based Portscanner | GNUCITIZEN

Command Line Kung Fu

Simple yet effective: Directory Bruteforcing

The Grammar of WMIC

Windows Command-Line Kung Fu with WMIC

Windows CMD Commands

running a command on every mac

Syn: Command-Line Ninjitsu

WMIC, the other OTHER white meat.

Hacking Without Tools: Windows – RST

Pentesting Ninjitsu 1

Pentesting Ninjitsu 2 Infrastructure and Netcat without Netcat

[PenTester Scripting]

windows-scripting-COM-tricks

Advanced-Command-Exploitation

OS & Scripts

IPv4 subnetting reference – Wikipedia, the free encyclopedia

All the Best Linux Cheat Sheets

SHELLdorado – Shell Tips & Tricks (Beginner)

Linux Survival :: Where learning Linux is easy

BashPitfalls – Greg’s Wiki

Rubular: a Ruby regular expression editor and tester

http://www.iana.org/assignments/port-numbers

Useful commands for Windows administrators

All the Best Linux Cheat Sheets

Rubular: a Ruby regular expression editor

Tools

netcat cheat sheet (ed skoudis)

nessus/nmap (older)

hping3 cheatsheet

Nmap 5 (new)

MSF, Fgdump, Hping

Metasploit meterpreter cheat sheet reference

Netcat cheat sheet

Distros

BackTrack Linux

Matriux

nUbuntu

Samurai Web Testing Framework

OWASP Live CD Project

Pentoo

Katana

KON-BOOT

Welcome to Linux From Scratch!

SUMO Linux

pentesting packages for ubuntu

BackBox Linux | Flexible Penetration Testing Distribution

Labs

ISO’s / VMs

Web Security Dojo

OWASP Broken Web applications Project

Pentest Live CDs

NETinVM

:: moth – Bonsai Information Security ::

Metasploit: Introducing Metasploitable

Holynix pen-test distribution

WackoPico

LAMPSecurity

Hacking-Lab.com LiveCD

Virtual Hacking Lab

Badstore.net

Mutillidae: A Deliberately Vulnerable Set Of PHP Scripts

Damn Vulnerable Web App – DVWA

pWnOS

The ButterFly – Security Project

Vulnerable Software

Old Version Downloads – OldApps.com

OldVersion.com

Web Application exploits, php exploits, asp exploits

wavsep – Web Application Vulnerability Scanner Evaluation Project

OWASP SiteGenerator – OWASP

Hacme Books | McAfee Free Tools

Hacme Casino v1.0 | McAfee Free Tools

Hacme Shipping | McAfee Free Tools

Hacme Travel | McAfee Free Tools

Test Sites

Test Site

CrackMeBank Investments

http://zero.webappsecurity.com/banklogin.asp?serviceName=FreebankCaastAccess&templateName=prod_sel.forte&source=Freebank&AD_REFERRING_URL=http://www.Freebank.com

acublog news

acuforum forums

Home of Acunetix Art

Altoro Mutual

NT OBJECTives

Exploitation Intro

Exploitation – it-sec-catalog – References to vulnerability exploitation stuff. – Project Hosting on Google Code

Myne-us: From 0×90 to 0x4c454554, a journey into exploitation.

Past, Present, Future of Windows Exploitation | Abysssec Security Research

Smash the Stack 2010

The Ethical Hacker Network – Smashing The Modern Stack For Fun And Profit

x9090′s Blog: [TUTORIAL] Exploit Writting Tutorial From Basic To Intermediate

X86 Opcode and Instruction Reference

This reference is intended to be precise opcode and instruction set reference (including x86-64). Its principal aim is exact definition of instruction parameters and attributes.

Reverse Engineering & Malware

TiGa’s IDA Video Tutorial Site

Binary Auditing

http://visi.kenshoto.com/

radare

Offensive Computing | Community Malicious code research and analysis

Passwords and Hashes

Password Exploitation Class

Default Passwords Database

Sinbad Security Blog: MS SQL Server Password Recovery

Foofus Networking Services – Medusa::SMBNT

LM/NTLM Challenge / Response Authentication – Foofus.Net Security Stuff

MD5 Crackers | Password Recovery | Wordlist Downloads

Password Storage Locations For Popular Windows Applications

Online Hash Crack MD5 / LM / NTLM / SHA1 / MySQL – Passwords recovery – Reverse hash lookup Online – Hash Calculator

Requested MD5 Hash queue

Virus.Org

Default Password List

Electric Alchemy: Cracking Passwords in the Cloud: Breaking PGP on EC2 with EDPR

Wordlists

“Crack Me If You Can” – DEFCON 2011

Packet Storm Word Lists

Passwords – SkullSecurity

Index of /passwd/passwords

Pass the Hash

pass-the-hash-attacks-tools-mitigation_33283 (application/pdf Object)

crack-pass-hash_33219 (application/pdf Object)

MitM

Introduction to dsniff – GIAC Certified Student Practical

dsniff-n-mirror.pdf (application/pdf Object)

dsniff.pdf (application/pdf Object)

A Hacker’s Story: Let me tell you just how easily I can steal your personal data – Techvibes.com

ECCE101.pdf (application/pdf Object)

3.pdf (application/pdf Object)

Seven_Deadliest_UC_Attacks_Ch3.pdf (application/pdf Object)

cracking-air.pdf (application/pdf Object)

bh-europe-03-valleri.pdf (application/pdf Object)

Costa.pdf (application/pdf Object)

defcon-17-sam_bowne-hijacking_web_2.0.pdf (application/pdf Object)

Live_Hacking.pdf (application/pdf Object)

PasstheParcel-MITMGuide.pdf (application/pdf Object)

2010JohnStrandKeynote.pdf (application/pdf Object)

18.Ettercap_Spoof.pdf (application/pdf Object)

EtterCap ARP Spoofing & Beyond.pdf (application/pdf Object)

Fun With EtterCap Filters.pdf (application/pdf Object)

The_Magic_of_Ettercap.pdf (application/pdf Object)

arp_spoofing.pdf (application/pdf Object)

Ettercap(ManInTheMiddleAttack-tool).pdf (application/pdf Object)

ICTSecurity-2004-26.pdf (application/pdf Object)

ettercap_Nov_6_2005-1.pdf (application/pdf Object)

MadIrish.net Mallory is More than a Proxy

Thicknet: It does more than Oracle, Steve Ocepek securityjustice on USTREAM. Computers

OSINT

Edge-Security – theHarvester- Information Gathering

DNSTRACER man-page

Maltego 3

Metadata

document-metadata-silent-killer_32974 (application/pdf Object)

[strike out]

ExifTool by Phil Harvey

Edge-Security – Metagoofil – Metadata analyzer – Information Gathering

Security and Networking – Blog – Metadata Enumeration with FOCA

Google Hacking

Midnight Research Labs – SEAT

Google Hacking Diggity Project « Stach & Liu

dorkScan.py

Web

BeEF

BlindElephant Web Application Fingerprinter

XSSer: automatic tool for pentesting XSS attacks against different applications

RIPS | Download RIPS software for free at SourceForge.net

http://www.divineinvasion.net/authforce/

Attack and Defense Labs – Tools

Browser_Exploitation_for_Fun&Profit

Using sqid (SQL Injection Digger) to look for SQL Injection

pinata-CSRF-tool

XSSer: automatic tool for pentesting XSS attacks against different applications

Clickjacker

unicode-fun.txt ≈ Packet Storm

WebService-Attacker

Attack Strings

fuzzdb – Project Hosting on Google Code

OWASP Fuzzing Code Database – OWASP

Shells

SourceForge.net: Yokoso!

AJAX/PHP Command Shell

Scanners

w3af – Web Application Attack and Audit Framework

skipfish – Project Hosting on Google Code

sqlmap: automatic SQL injection tool

SQID – SQL Injection digger

http://www.packetstormsecurity.org/UNIX/scanners/XSSscan.py.txt

WindowsAttack – fimap – Windows Attacking Example – Project Hosting on Google Code

fm-fsf – Project Hosting on Google Code

Websecurify

News :: Arachni – Web Application Security Scanner Framework

rfiscan ≈ Packet Storm

lfi-rfi2 scanner ≈ Packet Storm

inspathx – Tool For Finding Path Disclosure Vulnerabilities

DotDotPwn – The Directory Traversal Fuzzer 2.1 ≈ Packet Storm

Proxies

fuzzing-approach-credentials-discovery-burp-intruder_33214 (application/pdf Object)

Constricting the Web: The GDS Burp API – Gotham Digital Science

Browse Belch – Burp External Channel v1.0 Files on SourceForge.net

Burp Suite Tutorial – Repeater and Comparer Tools « Security Ninja

w3af in burp

Attack and Defense Labs – Tools

burp suite tutorial – English

SensePost – reDuh – HTTP Tunneling Proxy

Social Engineering

Social Engineering Toolkit

Password

Ncrack

Medusa

JTR

Ophcrack

keimpx in action | 0x3f

keimpx – Project Hosting on Google Code

hashkill

Metasploit

markremark: Reverse Pivots with Metasploit – How NOT to make the lightbulb

WmapNikto – msf-hack – One-sentence summary of this page. – Project Hosting on Google Code

markremark: Metasploit Visual Basic Payloads in action

Metasploit Mailing List

PaulDotCom: Archives

OpenSSH-Script for meterpreter available !

Metasploit: Automating the Metasploit Console

561

Deploying Metasploit as a Payload on a Rooted Box Tutorial

Metasploit/MeterpreterClient – Wikibooks, collection of open-content textbooks

SecTor 2010 – HD Moore – Beyond Exploits on Vimeo

XLSinjector « Milo2012′s Security Blog

Armitage – Cyber Attack Management for Metasploit

Nsploit

neurosurgery-with-meterpreter

(automating msf) UAV-slides.pdf

MSF Exploits or Easy

Tenable Network Security

Tenable Network Security

Tenable Network Security

Tenable Network Security

Tenable Network Security

Tenable Network Security

Tenable Network Security

Tenable Network Security

Tenable Network Security

Tenable Network Security

Tenable Network Security

Tenable Network Security

Tenable Network Security

Tenable Network Security

Tenable Network Security

Tenable Network Security

Tenable Network Security

Tenable Network Security

Tenable Network Security

Tenable Network Security

Tenable Network Security

Tenable Network Security

Tenable Network Security

Tenable Network Security

Tenable Network Security

Tenable Network Security

Tenable Network Security

Tenable Network Security

Tenable Network Security

Tenable Network Security

Tenable Network Security

Tenable Network Security

NSE

Nmap Scripting Engine Primer Tutorial

NSEDoc Reference Portal

Net Scanners & Scripts

Nmap

sambascan2 – SMB scanner

SoftPerfect Network Scanner

OpenVAS

Nessus Community | Tenable Network Security

Nexpose Community | Rapid7

Retina Community

Post Exploitation

http://www.awarenetwork.org/home/rattle/source/python/exe2bat.py

Metacab | PHX2600

Netcat

Re: Your favorite Ncat/nc/Netcat trick? – ReadList.com

ads.pdf (application/pdf Object)

Netcat_for_the_Masses_DDebeer.pdf (application/pdf Object)

netcat_cheat_sheet_v1.pdf (application/pdf Object)

socat

NetCat tutorial: Day1 [Archive] – Antionline Forums – Maximum Security for a Connected World

Netcat tricks « Jonathan’s Techno-tales

Nmap Development: Re: Your favorite Ncat/nc/Netcat trick?

Few Useful Netcat Tricks « Terminally Incoherent

Skoudis_pentestsecrets.pdf (application/pdf Object)

Cracked, inSecure and Generally Broken: Netcat

Ncat for Netcat Users

Source Inspection

Graudit – Just Another Hacker

javasnoop – Project Hosting on Google Code

Firefox Addons

David’s Pen Testing (Security) Collection :: Collections :: Pengaya untuk Firefox

OSVDB :: Add-ons for Firefox

Packet Storm search plugin. :: Add-ons for Firefox

Default Passwords – CIRT.net :: Add-ons for Firefox

Offsec Exploit-db Search :: Add-ons for Firefox

OVAL repository search plugin :: Add-ons for Firefox

CVE ® dictionary search plugin :: Add-ons for Firefox

HackBar :: Add-ons for Firefox

Tool Listings

.:[ packet storm ]:. – tools

Security and Hacking Tools

Training/Classes

Sec / Hacking

Penetration Testing and Vulnerability Analysis – Home

Network Sniffers Class for the Kentuckiana ISSA 2011 (Hacking Illustrated Series InfoSec Tutorial Videos)

CNIT 124: Advanced Ethical Hacking — Sam Bowne

CS 279 – Advanced Topics in Security

CS142 Web Programming and Security – Stanford

CS155 Computer and Network Security – Stanford

CSE 227: Computer Security – UCSD

CS 161: Computer Security – UC Berkley

Security Talks – UCLA

CSCI 4971 Secure Software Principles – RPI

MCS 494 UNIX Security Holes

Software Security – CMU

T-110.6220 Special Topics in Ifocsec -TKK

Sec and Infosec Related – MIT

Metasploit

Metasploit Unleashed

Metasploit Class Videos  (Hacking Illustrated Series InfoSec Tutorial Videos)

Metasploit Megaprimer 300+ mins of video

Metasploit Tips and Tricks – Ryan Linn

OffSecOhioChapter, Metasploit Class2 – Part1

OffSecOhioChapter, Metasploit Class2 – Part2

OffSecOhioChapter, Metasploit Class2 – Part3

Programming

Python

Google’s Python Class – Google’s Python Class – Google Code

Python en:Table of Contents – Notes

TheNewBoston – Free Educational Video Tutorials on Computer Programming and More! » Python

Python Videos, Tutorials and Screencasts

Learning Python Programming Language Through Video Lectures – good coders code, great reuse

Ruby

Video Tutorials – Technology Demonstrations – tekniqal

Other/Misc

CS490 Windows Internals

T-110.6220 Lectures – Noppa – TKK

Index of /edu/training/ss/lecture/new-documents/Lectures

 InfoSec Resources

Robert Hansen on Vimeo

Web Vectors

SQLi

MSSQL Injection Cheat Sheet – pentestmonkey.net

SQL Injection Cheat Sheet

EvilSQL Cheatsheet

RSnake SQL Injection Cheatsheet

Mediaservice.net SQLi Cheatsheet

MySQL Injection Cheat Sheet

Full MSSQL Injection PWNage

MS Access SQL Injection Cheat Sheet » krazl – â„¢ ķЯαž£ â„¢ – bloggerholic

MS Access SQL Injection Cheat Sheet

Penetration Testing: Access SQL Injection

Testing for MS Access – OWASP

Security Override – Articles: The Complete Guide to SQL Injections

Obfuscated SQL Injection attacks

Exploiting hard filtered SQL Injections « Reiners’ Weblog

SQL Injection Attack

YouTube – Joe McCray – Advanced SQL Injection – LayerOne 2009

Joe McCray – Advanced SQL Injection – L1 2009.pdf (application/pdf Object)

Joseph McCray SQL Injection

sla.ckers.org web application security forum :: Obfuscation :: SQL filter evasion

sqli2.pdf (application/pdf Object)

SQL Server Version – SQLTeam.com

Overlooked SQL Injection 20071021.pdf (application/pdf Object)

SQLInjectionCommentary20071021.pdf (application/pdf Object)

uploadtricks

bypassing upload file type – Google Search

Skeptikal.org: Adobe Responds… Sort Of

Secure File Upload in PHP Web Applications | INSIC DESIGNS

Stupid htaccess Tricks • Perishable Press

Tricks and Tips: Bypassing Image Uploaders. – By: t3hmadhatt3r

Security FCKeditor ADS File Upload Vulnerability – Windows Only

Cross Site Scripting scanner – Free XSS Security Scanner

VUPEN – Microsoft IIS File Extension Processing Security Bypass Vulnerability / Exploit (Security Advisories – VUPEN/ADV-2009-3634)

Uploading Files Using the File Field Control

TangoCMS – Security #237: File Upload Filter Bypass in TangoCMS <=2.5.0 – TangoCMS Project

Full Disclosure: Zeroboard File Upload & extension bypass Vulnerability

Cross-site File Upload Attacks | GNUCITIZEN

TikiWiki jhot.php Script File Upload Security Bypass Vulnerability

FileUploadSecurity – SH/SC Wiki

LFI/RFI

Exploiting PHP File Inclusion – Overview « Reiners’ Weblog

LFI..Code Exec..Remote Root!

Local File Inclusion – Tricks of the Trade « Neohapsis Labs

Blog, When All You Can Do Is Read – DigiNinja

XSS

The Anatomy of Cross Site Scripting

Whitepapers – www.technicalinfo.net

Cross-Site Scripting (XSS) – no script required – Tales from the Crypto

Guide Cross Site Scripting – Attack and Defense guide – InterN0T – Underground Security Training

BlackHat-EU-2010-Lindsay-Nava-IE8-XSS-Filters-slides.pdf (application/pdf Object)

sirdarckcat: Our Favorite XSS Filters and how to Attack them

Filter Evasion – Houdini on the Wire « Security Aegis

HTML5 Security Cheatsheet

XSS – Cross Site Scripting

sla.ckers.org web application security forum :: XSS Info

[DOM Based Cross Site Scripting or XSS of the Third Kind] Web Security Articles – Web Application Security Consortium

What’s Possible with XSS?

Coldfusion

ColdFusion directory traversal FAQ (CVE-2010-2861) | GNUCITIZEN

Attacking ColdFusion. | Sigurnost i zastita informacija

Attacking ColdFusion

HP Blogs – Adobe ColdFusion’s Directory Traversal Disaster – The HP Blog Hub

254_ShlomyGantz_August2009_HackProofingColdFusion.pdf (application/pdf Object)

Adobe XML Injection Metasploit Module | carnal0wnage.attackresearch.com

Computer Security Blog: PR10-08 Various XSS and information disclosure flaws within Adobe ColdFusion administration console

SharePoint

The Ethical Hacker Network – Pen Testing Sharepoint

Lotus

Lotus Notes/Domino Security – David Robert’s -castlebbs- Blog

Penetration Testing: Re: Lotus Notes

Hacking Lotus Domino | SecTechno

jboss

Whitepaper-Hacking-jBoss-using-a-Browser.pdf (application/pdf Object)

Minded Security Blog: Good Bye Critical Jboss 0day

vmware web

Metasploit Penetration Testing Framework – Module Browser

Oracle appserver

hideaway [dot] net: Hacking Oracle Application Servers

Testing for Oracle – OWASP

OraScan

NGSSQuirreL for Oracle

hpoas.pdf (application/pdf Object)

SAP

Onapsis | Research Labs

‘[john-users] patch for SAP-passwords (BCODE & PASSCODE)’ – MARC

Phenoelit SAP exploits

Wireless

pyrit – WPA/WPA2-PSK and a world of affordable many-core platforms – Google Project Hosting

Capture the Flag/Wargames

http://intruded.net/

SmashTheStack Wargaming Network

flack & hkpco.kr

HC’s Capture the Flag site

The UCSB iCTF

CTF Calendar

Conferences

Information Security Conferences Calnedar

misc/unsorted

http://www.ikkisoft.com/stuff/SMH_XSS.txt

XFS 101: Cross-Frame Scripting Explained | SecureState Information Security Blog

What The Fuck Is My Information Security Strategy?

OWASP_DanielCutbert_Evolution_WebAppPenTest.mp4

DeepSec 2007 – Aaron Portnoy Cody Pierce – RPC Auditing Tools and Techniques

extern blog SensePost;

Zen One: PCI Compliance – Disable SSLv2 and Weak Ciphers

HD Moore on Metasploit, Exploitation and the Art of Pen Testing | threatpost

Network Time Protocol (NTP) Fun | carnal0wnage.attackresearch.com

black-box-scanners-dimva2010.pdf (application/pdf Object)

Database_Pen_Testing_ISSA_March_25_V2.pdf (application/pdf Object)

Stupid htaccess Tricks • Perishable Press

Bookmarks Toolbar

Add bookmarks to this folder to see them displayed on the Bookmarks Toolbar

Most Visited

Getting Started

Latest Headlines

Programming/Coding
[Bash] Advanced Bash-Scripting Guide - http://tldp.org/LDP/abs/html/
[Bash] Bash shell scripting tutorial - http://steve-parker.org/sh/sh.shtml
[Bash] Bourne Shell Reference - http://linuxreviews.org/beginner/bash_GNU_Bourne-Again_SHell_Reference/Again_SHell_Reference/
[CheatSheet] Scripting Languages: PHP, Perl, Python, Ruby - http://hyperpolyglot.org/scripting
http://bashshell.net/shell-scripts/forcing-scripts-to-run-as-root/
http://markdotto.com/playground/3d-text/
http://bernardodamele.blogspot.com/2011/09/reverse-shells-one-liners.html
https://www.owasp.org/index.php/HTML5_Security_Cheat_Sheet

Offensive Security’s Pentesting With BackTrack (PWB)Course
[Pre-course] Corelan Team - http://www.corelan.be/
[Pre-course] The Penetration Testing Execution Standard - http://www.pentest-standard.org/index.php/Main_Page
[Hash] NTLM Decrypter - http://www.md5decrypter.co.uk/ntlm-decrypt.aspx
[Hash] reverse hash search and calculator - http://goog.li/
http://security.crudtastic.com/?p=213

Tunnelling / Pivoting
[Linux] SSH gymnastics with proxychains - http://pauldotcom.com/2010/03/ssh-gymnastics-with-proxychain.html
[Windows] Nessus Through SOCKS Through Meterpreter -http://www.digininja.org/blog/nessus_over_sock4a_over_msf.php

WarGames / Online Challenges
[WarGames] Title - http://securityoverride.com/
[WarGames] Title - http://intruded.net/
[Challenge] The Ksplice Pointer Challenge - http://blogs.oracle.com/ksplice/

[WarGames] Title - http://spotthevuln.com

[WarGames] Title - http://cvo-lab.blogspot.com/2011/05/iawacs-2011-forensics-challenge.html

[WarGames] Title - http://ftp.hackerdom.ru/ctf-images/
http://r00tsec.blogspot.com/2011/02/pentest-lab-vulnerable-servers.html
http://jhyx4life.blogspot.com/2007/02/practicas-para-un-hacker-wargames.html
https://www.owasp.org/index.php/OWASP_iGoat_Project

Exploit Development (Programs)

[Download] Title - http://www.oldapps.com/

[Download] Title - http://www.oldversion.com/

[Download] Title - http://www.exploit-db.com/webapps/

Misc
[RSS] Open Penetration Testing Bookmarks Collection - https://code.google.com/p/pentest-bookmarks/downloads/list
[ExploitDev] Data mining Backtrack 4 for buffer overflow return addresses  -http://insidetrust.blogspot.com/2010/12/data-mining-backtrack-4-for-buffer.html
[DIY] Repair a Broken Ethernet Plug - http://www.instructables.com/id/Repair-a-Broken-Ethernet-Plug/step5/Make-its-Head-Thin/
[Desktop] Ubuntu Security - http://ubuntuforums.org/showthread.php?t=510812
[TechHumor] Title - https://www.xkcd.com
[TechHumor] Title - http://www.blackhat.com/presentations/bh-europe-05/BH_EU_05-Long.pdf
http://www.packetstan.com/2011/03/nbns-spoofing-on-your-way-to-world.html
http://dsecrg.blogspot.com/search/label/SMBRelay%20bible
http://www.ivizsecurity.com/blog/web-application-security/testing-flash-applications-pen-tester-guide/
http://sghctoma.extra.hu/index.php?p=entry&id=18
http://www.anti-forensics.com/beat-encase-file-signature-analysis-on-a-windows-system
https://blogs.msdn.com/themes/blogs/generic/post.aspx?WeblogApp=oldnewthing&y=2011&m=09&d=21&WeblogPostID=10214405&GroupKeys=
http://tuts4you.com/download.php?view.3216
http://tuts4you.com/download.php?list.17
http://portal.b-at-s.net/download.php
http://journeyintoir.blogspot.com/2011/09/building-timelines-tools-usage.html
http://quequero.org/uicwiki/index.php?diff=12753&oldid=prev&title=Carberp_Reverse_Engineering
https://code.google.com/p/findmyhash/downloads/list
http://www.contextis.com/research/blog/reverseproxybypass/

Malware
https://code.google.com/p/yara-project/
http://malwares.pl/index.php?dir=
http://contagiodump.blogspot.com/2010/03/collection-of-web-backdoors-shells-from.html

Programs/Scripts
https://github.com/liftoff/GateOne

Embedded Devies
http://www.routerpwn.com
https://code.google.com/p/littleblackbox/
http://samy.pl/androidmap/
http://dogber1.blogspot.com/2009/05/table-of-reverse-engineered-bios.html

Exploit Development
[Guides] Corelan Team - http://www.corelan.be/
[Guide] From 0×90 to 0x4c454554, a journey into exploitation.  - http://myne-us.blogspot.com/2010/08/from-0×90-to-0x4c454554-journey-into.html
[Guide] An Introduction to Fuzzing: Using fuzzers (SPIKE) to find vulnerabilities -http://resources.infosecinstitute.com/intro-to-fuzzing/
[Video] TiGa’s Video Tutorial Series on IDA Pro - http://www.woodmann.com/TiGa/idaseries.html
[Guide] Advanced Windows Buffer Overflows - http://labs.snort.org/awbo/
[Guide] Stack Based Windows Buffer Overflow Tutorial - http://grey-corner.blogspot.com/2010/01/beginning-stack-based-buffer-overflow.html
[Guide] SEH Stack Based Windows Buffer Overflow Tutorial - http://grey-corner.blogspot.com/2010/01/seh-stack-based-windows-buffer-overflow.html
[Guide] Windows Buffer Overflow Tutorial: Dealing with Character Translation - http://grey-corner.blogspot.com/2010/01/windows-buffer-overflow-tutorial.html
[Guide] Heap Spray Exploit Tutorial: Internet Explorer Use After Free Aurora Vulnerability< - http://grey-corner.blogspot.com/2010/01/heap-spray-exploit-tutorial-internet.html
[Guide] Windows Buffer Overflow Tutorial: An Egghunter and a Conditional Jump - http://grey-corner.blogspot.com/2010/02/windows-buffer-overflow-tutorial.html
[Linux] Linux exploit development part 1 – Stack overflow. - http://sickness.tor.hu/?p=363
[Linux] Linux Exploit Writing Tutorial Pt 2 – Stack Overflow ASLR bypass Using ret2reg - http://sickness.tor.hu/?p=365
[Linux] Linux exploit development part 3 – ret2libc - http://sickness.tor.hu/?p=368
[Linux] Linux exploit development part 4 – ASCII armor bypass + return-to-plt - http://sickness.tor.hu/?p=378
[TechHumor] Title - https://www.youtube.com/watch?v=klXFqtYR5Mg
[TechHumor] Title - http://amolnaik4.blogspot.com/2011/06/exploit-development-with-monapy.html
http://eli.thegreenplace.net/2011/09/06/stack-frame-layout-on-x86-64/

Exploit Development (Case Studies/Walkthroughs)
[Web] Finding 0days in Web Applications - http://www.exploit-db.com/finding-0days-in-web-applications/
[Windows] Offensive Security Exploit Weekend - http://www.corelan.be/index.php/2010/11/13/offensive-security-exploit-weekend/
[Windows] From vulnerability to exploit under 5 min  - http://0entropy.blogspot.com/2011/02/from-vulnerability-to-exploit-under-5.html

Exploit Development (Patch Analysis)
[Windows] A deeper look at ms11-058 - http://www.skullsecurity.org/blog/2011/a-deeper-look-at-ms11-058
[Windows] Patch Analysis for MS11-058 - https://community.qualys.com/blogs/securitylabs/2011/08/23/patch-analysis-for-ms11-058
[Windows] CVE-2011-1281: A story of a Windows CSRSS Privilege Escalation vulnerability -http://j00ru.vexillium.org/?p=893
[Mobile] Analyzing and dissecting Android applications for security defects and vulnerabilities - https://www.net-security.org/article.php?id=1613

Exploit Development (Metasploit Wishlist)
[ExplotDev] Metasploit Exploits Wishlist !  - http://esploit.blogspot.com/2011/03/metasploit-exploits-wishlist.html
[Guide] Porting Exploits To Metasploit Part 1 - http://www.securitytube.net/video/2118

Passwords & Rainbow Tables (WPA)
[RSS] Title - http://ob-security.info/?p=475
[RSS] Title - http://nakedsecurity.sophos.com/2011/06/14/the-top-10-passcodes-you-should-never-use-on-your-iphone/
[RSS] Title - http://www.troyhunt.com/2011/06/brief-sony-password-analysis.html
[WPA] Offensive Security: WPA Rainbow Tables - http://www.offensive-security.com/wpa-tables/
[Tool] Ultra High Security Password Generator - https://www.grc.com/passwords.htm
[Guide] Creating effective dictionaries for password attacks  - http://insidetrust.blogspot.com/2010/07/creating-effective-dictionaries-for.html
[Leaked] Diccionarios con Passwords de Sitios Expuestos - http://www.dragonjar.org/diccionarios-con-passwords-de-sitios-expuestos.xhtml
[Download] Index of / - http://svn.isdpodcast.com/wordlists/
[Guide] Using Wikipedia as brute forcing dictionary - http://lab.lonerunners.net/blog/using-wikipedia-as-brute-forcing-dictionary
[Tool] CeWL – Custom Word List generator - http://www.digininja.org/projects/cewl.php
[Download] Title - http://www.aircrack-ng.org/doku.php?id=faq#where_can_i_find_good_wordlists
[Leaked] Passwords - http://www.skullsecurity.org/wiki/index.php/Passwords

Cheat-Sheets
[OS] A Sysadmin’s Unixersal Translator  - http://bhami.com/rosetta.html
[WiFi] WirelessDefence.org’s Wireless Penetration Testing Framework -http://www.wirelessdefence.org/Contents/Wireless%20Pen%20Test%20Framework.html

Anti-Virus
[Metasploit] Facts and myths about antivirus evasion with Metasploit -http://schierlm.users.sourceforge.net/avevasion.html
[Terms] Methods of bypassing Anti-Virus (AV) Detection – NetCat - http://compsec.org/security/index.php/anti-virus/283-anti-virus-central-methods-of-bypassing-anti-virus-av-detection.html

Privilege Escalation
[Linux] Hacking Linux Part I: Privilege Escalation - http://www.dankalia.com/tutor/01005/0100501004.htm
[Windows] Windows 7 UAC whitelist - http://www.pretentiousname.com/misc/win7_uac_whitelist2.html
[Windows] Windows Privilege Escalation Part 1: Local Administrator Privileges -http://www.netspi.com/blog/2009/10/05/windows-privilege-escalation-part-1-local-administrator-privileges/

Metasploit
[Guide] fxsst.dll persistence: the evil fax machine - http://www.room362.com/blog/2011/6/27/fxsstdll-persistence-the-evil-fax-machine.html
[Guide] Bypassing DEP/ASLR in browser exploits with McAfee and Symantec -http://www.scriptjunkie.us/2011/08/custom-payloads-in-metasploit-4/
[Guides] Metasploit Unleashed - http://www.offensive-security.com/metasploit-unleashed/Metasploit_Unleashed_Information_Security_Training
[Guides] Metasploit Megaprimer (Exploitation Basics And Need For Metasploit) Part 1 -http://www.securitytube.net/video/1175
http://securityxploded.com/metasploit-password-modules.php

Default Generators
[WEP] mac2wepkey – Huawei default WEP generator - http://websec.ca/blog/view/mac2wepkey_huawei
[WEP] Generator: Attacking SKY default router password -http://sec.jetlib.com/BackTrack_Linux_Forums/2011/01/12/Generator:_Attacking_SKY_default_router_password

Statistics
[Defacements] Zone-H - http://www.zone-h.org/
[ExploitKits] CVE Exploit Kit list - http://exploitkit.ex.ohost.de/CVE%20Exploit%20Kit%20List.htm
http://www.ccssforum.org/malware-certificates.php?&pag=1f

Cross Site Scripting (XSS)
[Guide] vbSEO – From XSS to Reverse PHP Shell - http://www.exploit-db.com/vbseo-from-xss-to-reverse-php-shell/
[RSS] Title - http://www.thespanner.co.uk/2009/03/25/xss-rays/
http://jon.oberheide.org/blog/2011/03/07/how-i-almost-won-pwn2own-via-xss/
http://skeletonscribe.blogspot.com/2011/05/js-less-xss.html
http://unconciousmind.blogspot.com/2011/09/xss-illustrated.html

Podcasts
[Weekly] PaulDotCom - http://pauldotcom.com/podcast/psw.xml
[Monthly] Social-Engineer - http://socialengineer.podbean.com/feed/

Blogs & RSS
[RSS] SecManiac - http://www.secmaniac.com/
[Guides] Carnal0wnage & Attack Research - http://carnal0wnage.attackresearch.com/
[RSS] Contagio - http://contagiodump.blogspot.com/
[News] THN : The Hacker News - http://thehackernews.com/
[News] Packet Storm: Full Disclosure Information Security - http://packetstormsecurity.org/
[Guides] pentestmonkey | Taking the monkey work out of pentesting - http://pentestmonkey.net/
[RSS] Darknet – The Darkside | Ethical Hacking, Penetration Testing & Computer Security -http://www.darknet.org.uk/
[RSS] Irongeek - http://www.irongeek.com/
[Metasploit] Room 363 - http://www.room362.com/
[Guides] Question Defense: Technology Answers For Technology Questions - http://www.question-defense.com/
[Guides] stratmofo’s blog  - http://securityjuggernaut.blogspot.com/
[Guides] TheInterW3bs - http://theinterw3bs.com/

[Guides] consolecowboys - http://console-cowboys.blogspot.com/
[Guides] A day with Tape - http://adaywithtape.blogspot.com/
[Guides] Cybexin’s Blog – Network Security Blog - http://cybexin.blogspot.com/

[RSS] BackTrack Linux – Penetration Testing Distribution - http://www.backtrack-linux.org/feed/
[RSS] Offensive Security - http://www.offensive-security.com/blog/feed/

[RSS] Title - http://www.pentestit.com
[RSS] Title - http://michael-coates.blogspot.com
[RSS] Title - http://blog.0x0e.org
[RSS] Title - http://0×80.org/blog
[RSS] Title - http://archangelamael.shell.tor.hu
[RSS] Title - http://archangelamael.blogspot.com
[RSS] Title - http://www.coresec.org
[RSS] Title - http://noobys-journey.blogspot.com
[RSS] Title - http://www.get-root.com
[RSS] Title - http://www.kislaybhardwaj.com
[RSS] Title - https://community.rapid7.com/community/metasploit/blog
[RSS] Title - http://mimetus.blogspot.com
[RSS] Title - http://hashcrack.blogspot.com
[RSS] Title - https://rephraseit.wordpress.com
[RSS] Title - http://www.exploit-db.com
[RSS] Title - http:/skidspot.blogspot.com
[RSS] Title - http://grey-corner.blogspot.com
[RSS] Title - http://vishnuvalentino.com
[RSS] Title - http://ob-security.infohttp://twitter.com/n1tr0g3n_hack3r

Windows 7 Download Links;

32-Bit Windows 7 Home Premium
64-Bit Windows 7 Home Premium
32-Bit Windows 7 Professional
64-Bit Windows 7 Professional