GEEKY LINKS
http://dangertux.wordpress.com/2011/11/16/metasploitable-guide-part-1-rooting-metasploitable/
Pentesting Must have Links for setting up an attacker machine
http://www.amanhardikar.com/mindmaps/PracticewithURLs.html
http://r00tsec.blogspot.com/2011/02/pentest-lab-vulnerable-servers.html
http://bailey.st/blog/2010/09/14/pentest-lab-vulnerable-servers-applications-list/
http://blog.taddong.com/2011/10/hacking-vulnerable-web-applications.html
http://r00tsec.blogspot.com/2011/02/pentest-lab-vulnerable-servers.html
http://bailey.st/blog/2010/09/14/pentest-lab-vulnerable-servers-applications-list/
http://blog.taddong.com/2011/10/hacking-vulnerable-web-applications.html
Blogs worth it
- Carnal0wnage
- McGrew Security
- Blog | GNUCITIZEN
- Darknet
- spylogic.net
- TaoSecurity
- Room362.com
- SIPVicious
- PortSwigger.net
- Blog – pentestmonkey.net
- Jeremiah Grossman
- omg.wtf.bbq.
- CатÑн²² (in)sеÑuÑitу
- SkullSecurity
- Metasploit
- Security and Networking
- Skeptikal.org
- Digital Soapbox
- tssci security
- Blog – Gotham Digital Science
- Reiners’ Weblog
- Bernardo Damele A. G.
- Laramies Corner
- Attack and Defense Labs
- Billy (BK) Rios
- Common Exploits
- extern blog SensePost;
- Weapons of Mass Analysis
- Exploit KB
- Security Reliks
- MadIrish.net
- sirdarckcat
- Reusable Security
- Myne-us
- http://www.notsosecure.com/folder2/
- SpiderLabs Anterior
- Corelan Team | Peter Van Eeckhoutte (corelanc0d3r)
- DigiNinja
- Home Of PaulDotCom Security Podcast
- Attack Vector
- deviating.net
- Alpha One Labs
- SmashingPasswords.com
- wirewatcher
- gynvael.coldwind//vx.log
- Nullthreat Security
- Archangel Amael’s BT Tutorials
- memset’s blog
- ihasomgsecurityskills
- punter-infosec
- Security Ninja
- Security and risk
- GRM n00bs
- Kioptrix
- ::eSploit::
- PenTestIT — Your source for Information Security Related information!
- Your source for Information Security related information!
- Forums
- BackTrack Forums
- EliteHackers.info
- InterN0T forum
- Government Security
- Hack This Site Forum
- iExploit Hacking Forum
- Security Override
- bright-shadows.net
- ethicalhacker.net
- sla.ckers.org
- Magazines
- Video
- Security Tube
- Irongeek -Hacking Illustrated
- SecCon Archive
- 27c3-stream/releases/mkv
- YouTube – ChRiStIaAn008′s Channel
- YouTube – HackingCons’s Channel
- Methodologies
- The Penetration Testing Execution Standard
- Web Application Security Consortium (WASC)
- OWASP top 10
- social-engineer.org
- Presentations
- Enterprise Open Source Intelligence Gathering – Part 1 Social Networks — spylogic.net
- Enterprise Open Source Intelligence Gathering – Part 2 Blogs, Message Boards and Metadata — spylogic.net
- Enterprise Open Source Intelligence Gathering – Part 3 Monitoring and Social Media Policies — spylogic.net
- Tactical Information Gathering
- document_metadata_the_silent_killer__32974 (application/pdf Object)
- footprinting – passive information gathering before a pentest
- People and Orginizational
- spokeo.com – People Search
- 123people.com
- Spoke.com – Business Directory
- Business Network – Social Network for Business Professionals
- ZoomInfo
- Pipl – People Search
- Free People Search by ZabaSearch!
- Free People Finder and Company Search | SearchBug
- Free People Search
- Addictomatic: Inhale the Web
- Real Time Search – Social Mention
- EntityCube
- yasni.com | No. 1 free people search – Find anyone on the web
- Tweepz.com – search, find and discover interesting people on twitter
- TweepSearch :: Twitter Profile and Bio Search
- Glassdoor.com – Company Salaries and Reviews
- Jigsaw Business Contact Directory
- Full Text Search
- TinEye Reverse Image Search
- PeekYou
- PicFog – Quick Image Search
- Twapper Keeper – “We save tweets” – Archive Tweets
- White Pages | Email Lookup | People Find Tools at The Ultimates
- Infastructure
- Netcraft Uptime Survey
- SHODAN – Computer Search Engine
- Domain Tools: Whois Lookup and Domain Suggestions
- Free online network utilities – traceroute, nslookup, automatic whois lookup, ping, finger
- http://hackerfantastic.com/
- WHOIS and Reverse IP Service
- MSN IP Search
- SSL Labs – Projects / Public SSL Server Database – SSL Server Test
- MyIPNeighbors Reverse IP Lookup
- Google Hacking Database, GHDB, Google Dorks
- Domain – reports and all about ips, networks and dns
- net toolkit::index
- IHS | GHDB
- Exploits and Advisories
- .:[ packet storm ]:.
- SecurityFocus
- SecurityForest
- NIST
- OSVDB: The Open Source Vulnerability Database
- SecDocs IT Security and Hacking knowledge base
- Nullbyte.Org.IL
- CVE security vulnerability database
- Secunia.com
- CVE – Common Vulnerabilities and Exposures (CVE)
- Cheat Sheets and Syntax
- Cheat Sheet : All Cheat Sheets in one page
- Security Advancements at the Monastery » Blog Archive » What’s in Your Folder: Security Cheat Sheets
- Information about developments at the Monastery
Agile Hacking
- Agile Hacking: A Homegrown Telnet-based Portscanner | GNUCITIZEN
- Command Line Kung Fu
- Simple yet effective: Directory Bruteforcing
- The Grammar of WMIC
- Windows Command-Line Kung Fu with WMIC
- Windows CMD Commands
- running a command on every mac
- Syn: Command-Line Ninjitsu
- WMIC, the other OTHER white meat.
- Hacking Without Tools: Windows – RST
- Pentesting Ninjitsu 1
- Pentesting Ninjitsu 2 Infrastructure and Netcat without Netcat
- [PenTester Scripting]
- windows-scripting-COM-tricks
- Advanced-Command-Exploitation
- OS & Scripts
- IPv4 subnetting reference – Wikipedia, the free encyclopedia
- All the Best Linux Cheat Sheets
- SHELLdorado – Shell Tips & Tricks (Beginner)
- Linux Survival :: Where learning Linux is easy
- BashPitfalls – Greg’s Wiki
- Rubular: a Ruby regular expression editor and tester
- http://www.iana.org/assignments/port-numbers
- Useful commands for Windows administrators
- All the Best Linux Cheat Sheets
- Rubular: a Ruby regular expression editor
- Tools
- netcat cheat sheet (ed skoudis)
- nessus/nmap (older)
- hping3 cheatsheet
- Nmap 5 (new)
- MSF, Fgdump, Hping
- Metasploit meterpreter cheat sheet reference
- Netcat cheat sheet
- Distros
- Matriux
- nUbuntu
- Samurai Web Testing Framework
- OWASP Live CD Project
- Pentoo
- Katana
- KON-BOOT
- Welcome to Linux From Scratch!
- SUMO Linux
- pentesting packages for ubuntu
- BackBox Linux | Flexible Penetration Testing Distribution
- Labs
ISO’s / VMs
- Web Security Dojo
- OWASP Broken Web applications Project
- Pentest Live CDs
- NETinVM
- :: moth – Bonsai Information Security ::
- Metasploit: Introducing Metasploitable
- Holynix pen-test distribution
- WackoPico
- LAMPSecurity
- Hacking-Lab.com LiveCD
- Virtual Hacking Lab
- Badstore.net
- Mutillidae: A Deliberately Vulnerable Set Of PHP Scripts
- Damn Vulnerable Web App – DVWA
- pWnOS
- The ButterFly – Security Project
- Vulnerable Software
- Old Version Downloads – OldApps.com
- OldVersion.com
- Web Application exploits, php exploits, asp exploits
- wavsep – Web Application Vulnerability Scanner Evaluation Project
- OWASP SiteGenerator – OWASP
- Hacme Books | McAfee Free Tools
- Hacme Casino v1.0 | McAfee Free Tools
- Hacme Shipping | McAfee Free Tools
- Hacme Travel | McAfee Free Tools
- Test Sites
- Test Site
- CrackMeBank Investments
- http://zero.webappsecurity.com/banklogin.asp?serviceName=FreebankCaastAccess&templateName=prod_sel.forte&source=Freebank&AD_REFERRING_URL=http://www.Freebank.com
- acublog news
- acuforum forums
- Home of Acunetix Art
- Altoro Mutual
- NT OBJECTives
- Exploitation Intro
- Myne-us: From 0×90 to 0x4c454554, a journey into exploitation.
- Past, Present, Future of Windows Exploitation | Abysssec Security Research
- Smash the Stack 2010
- The Ethical Hacker Network – Smashing The Modern Stack For Fun And Profit
- x9090′s Blog: [TUTORIAL] Exploit Writting Tutorial From Basic To Intermediate
- X86 Opcode and Instruction Reference
- This reference is intended to be precise opcode and instruction set reference (including x86-64). Its principal aim is exact definition of instruction parameters and attributes.
- Reverse Engineering & Malware
- TiGa’s IDA Video Tutorial Site
- Binary Auditing
- http://visi.kenshoto.com/
- radare
- Offensive Computing | Community Malicious code research and analysis
- Passwords and Hashes
- Password Exploitation Class
- Default Passwords Database
- Sinbad Security Blog: MS SQL Server Password Recovery
- Foofus Networking Services – Medusa::SMBNT
- LM/NTLM Challenge / Response Authentication – Foofus.Net Security Stuff
- MD5 Crackers | Password Recovery | Wordlist Downloads
- Password Storage Locations For Popular Windows Applications
- Online Hash Crack MD5 / LM / NTLM / SHA1 / MySQL – Passwords recovery – Reverse hash lookup Online – Hash Calculator
- Requested MD5 Hash queue
- Virus.Org
- Default Password List
- Electric Alchemy: Cracking Passwords in the Cloud: Breaking PGP on EC2 with EDPR
Wordlists
- “Crack Me If You Can” – DEFCON 2011
- Packet Storm Word Lists
- Passwords – SkullSecurity
- Index of /passwd/passwords
Pass the Hash
- pass-the-hash-attacks-tools-mitigation_33283 (application/pdf Object)
- crack-pass-hash_33219 (application/pdf Object)
- MitM
- dsniff-n-mirror.pdf (application/pdf Object)
- dsniff.pdf (application/pdf Object)
- A Hacker’s Story: Let me tell you just how easily I can steal your personal data – Techvibes.com
- ECCE101.pdf (application/pdf Object)
- 3.pdf (application/pdf Object)
- Seven_Deadliest_UC_Attacks_Ch3.pdf (application/pdf Object)
- cracking-air.pdf (application/pdf Object)
- bh-europe-03-valleri.pdf (application/pdf Object)
- Costa.pdf (application/pdf Object)
- defcon-17-sam_bowne-hijacking_web_2.0.pdf (application/pdf Object)
- Live_Hacking.pdf (application/pdf Object)
- PasstheParcel-MITMGuide.pdf (application/pdf Object)
- 2010JohnStrandKeynote.pdf (application/pdf Object)
- 18.Ettercap_Spoof.pdf (application/pdf Object)
- EtterCap ARP Spoofing & Beyond.pdf (application/pdf Object)
- Fun With EtterCap Filters.pdf (application/pdf Object)
- The_Magic_of_Ettercap.pdf (application/pdf Object)
- arp_spoofing.pdf (application/pdf Object)
- Ettercap(ManInTheMiddleAttack-tool).pdf (application/pdf Object)
- ICTSecurity-2004-26.pdf (application/pdf Object)
- ettercap_Nov_6_2005-1.pdf (application/pdf Object)
- MadIrish.net Mallory is More than a Proxy
- Thicknet: It does more than Oracle, Steve Ocepek securityjustice on USTREAM. Computers
- OSINT
Metadata
- document-metadata-silent-killer_32974 (application/pdf Object)
- [strike out]
- ExifTool by Phil Harvey
- Edge-Security – Metagoofil – Metadata analyzer – Information Gathering
- Security and Networking – Blog – Metadata Enumeration with FOCA
Google Hacking
- Web
- BeEF
- BlindElephant Web Application Fingerprinter
- XSSer: automatic tool for pentesting XSS attacks against different applications
- RIPS | Download RIPS software for free at SourceForge.net
- http://www.divineinvasion.net/authforce/
- Attack and Defense Labs – Tools
- Browser_Exploitation_for_Fun&Profit
- Using sqid (SQL Injection Digger) to look for SQL Injection
- pinata-CSRF-tool
- XSSer: automatic tool for pentesting XSS attacks against different applications
- Clickjacker
- unicode-fun.txt ≈ Packet Storm
- WebService-Attacker
Attack Strings
- Shells
- Scanners
- w3af – Web Application Attack and Audit Framework
- skipfish – Project Hosting on Google Code
- sqlmap: automatic SQL injection tool
- SQID – SQL Injection digger
- http://www.packetstormsecurity.org/UNIX/scanners/XSSscan.py.txt
- WindowsAttack – fimap – Windows Attacking Example – Project Hosting on Google Code
- fm-fsf – Project Hosting on Google Code
- Websecurify
- News :: Arachni – Web Application Security Scanner Framework
- rfiscan ≈ Packet Storm
- lfi-rfi2 scanner ≈ Packet Storm
- inspathx – Tool For Finding Path Disclosure Vulnerabilities
- DotDotPwn – The Directory Traversal Fuzzer 2.1 ≈ Packet Storm
- Proxies
fuzzing-approach-credentials-discovery-burp-intruder_33214 (application/pdf Object)
- Constricting the Web: The GDS Burp API – Gotham Digital Science
- Browse Belch – Burp External Channel v1.0 Files on SourceForge.net
- Burp Suite Tutorial – Repeater and Comparer Tools « Security Ninja
- w3af in burp
- Attack and Defense Labs – Tools
- burp suite tutorial – English
- Social Engineering
- Social Engineering Toolkit
- Password
- Metasploit
- markremark: Reverse Pivots with Metasploit – How NOT to make the lightbulb
- WmapNikto – msf-hack – One-sentence summary of this page. – Project Hosting on Google Code
- markremark: Metasploit Visual Basic Payloads in action
- Metasploit Mailing List
- PaulDotCom: Archives
- OpenSSH-Script for meterpreter available !
- Metasploit: Automating the Metasploit Console
- 561
- Deploying Metasploit as a Payload on a Rooted Box Tutorial
- Metasploit/MeterpreterClient – Wikibooks, collection of open-content textbooks
- SecTor 2010 – HD Moore – Beyond Exploits on Vimeo
- XLSinjector « Milo2012′s Security Blog
- Armitage – Cyber Attack Management for Metasploit
- Nsploit
- neurosurgery-with-meterpreter
- (automating msf) UAV-slides.pdf
MSF Exploits or Easy
- Tenable Network Security
- Tenable Network Security
- Tenable Network Security
- Tenable Network Security
- Tenable Network Security
- Tenable Network Security
- Tenable Network Security
- Tenable Network Security
- Tenable Network Security
- Tenable Network Security
- Tenable Network Security
- Tenable Network Security
- Tenable Network Security
- Tenable Network Security
- Tenable Network Security
- Tenable Network Security
- Tenable Network Security
- Tenable Network Security
- Tenable Network Security
- Tenable Network Security
- Tenable Network Security
- Tenable Network Security
- Tenable Network Security
- Tenable Network Security
- Tenable Network Security
- Tenable Network Security
- Tenable Network Security
- Tenable Network Security
- Tenable Network Security
- Tenable Network Security
- Tenable Network Security
- Tenable Network Security
- NSE
- Net Scanners & Scripts
- Nmap
- sambascan2 – SMB scanner
- SoftPerfect Network Scanner
- OpenVAS
- Nessus Community | Tenable Network Security
- Nexpose Community | Rapid7
- Retina Community
- Post Exploitation
- Netcat
- Re: Your favorite Ncat/nc/Netcat trick? – ReadList.com
- ads.pdf (application/pdf Object)
- Netcat_for_the_Masses_DDebeer.pdf (application/pdf Object)
- netcat_cheat_sheet_v1.pdf (application/pdf Object)
- socat
- NetCat tutorial: Day1 [Archive] – Antionline Forums – Maximum Security for a Connected World
- Netcat tricks « Jonathan’s Techno-tales
- Nmap Development: Re: Your favorite Ncat/nc/Netcat trick?
- Few Useful Netcat Tricks « Terminally Incoherent
- Skoudis_pentestsecrets.pdf (application/pdf Object)
- Cracked, inSecure and Generally Broken: Netcat
- Ncat for Netcat Users
- Source Inspection
- Firefox Addons
- David’s Pen Testing (Security) Collection :: Collections :: Pengaya untuk Firefox
- OSVDB :: Add-ons for Firefox
- Packet Storm search plugin. :: Add-ons for Firefox
- Default Passwords – CIRT.net :: Add-ons for Firefox
- Offsec Exploit-db Search :: Add-ons for Firefox
- OVAL repository search plugin :: Add-ons for Firefox
- CVE ® dictionary search plugin :: Add-ons for Firefox
- HackBar :: Add-ons for Firefox
- Tool Listings
- Training/Classes
- Sec / Hacking
- Penetration Testing and Vulnerability Analysis – Home
- Network Sniffers Class for the Kentuckiana ISSA 2011 (Hacking Illustrated Series InfoSec Tutorial Videos)
- CNIT 124: Advanced Ethical Hacking — Sam Bowne
- CS 279 – Advanced Topics in Security
- CS142 Web Programming and Security – Stanford
- CS155 Computer and Network Security – Stanford
- CSE 227: Computer Security – UCSD
- CS 161: Computer Security – UC Berkley
- Security Talks – UCLA
- CSCI 4971 Secure Software Principles – RPI
- MCS 494 UNIX Security Holes
- Software Security – CMU
- T-110.6220 Special Topics in Ifocsec -TKK
- Sec and Infosec Related – MIT
- Metasploit
- Metasploit Unleashed
- Metasploit Class Videos (Hacking Illustrated Series InfoSec Tutorial Videos)
- Metasploit Megaprimer 300+ mins of video
- Metasploit Tips and Tricks – Ryan Linn
- OffSecOhioChapter, Metasploit Class2 – Part1
- OffSecOhioChapter, Metasploit Class2 – Part2
- OffSecOhioChapter, Metasploit Class2 – Part3
- Programming
Python
- Google’s Python Class – Google’s Python Class – Google Code
- Python en:Table of Contents – Notes
- TheNewBoston – Free Educational Video Tutorials on Computer Programming and More! » Python
- Python Videos, Tutorials and Screencasts
- Learning Python Programming Language Through Video Lectures – good coders code, great reuse
- Ruby
- T-110.6220 Lectures – Noppa – TKK
- Index of /edu/training/ss/lecture/new-documents/Lectures
- Â InfoSec Resources
- Robert Hansen on Vimeo
- Web Vectors
- SQLi
- MSSQL Injection Cheat Sheet – pentestmonkey.net
- SQL Injection Cheat Sheet
- EvilSQL Cheatsheet
- RSnake SQL Injection Cheatsheet
- Mediaservice.net SQLi Cheatsheet
- MySQL Injection Cheat Sheet
- Full MSSQL Injection PWNage
- MS Access SQL Injection Cheat Sheet » krazl – â„¢ ķЯαž£ â„¢ – bloggerholic
- MS Access SQL Injection Cheat Sheet
- Penetration Testing: Access SQL Injection
- Testing for MS Access – OWASP
- Security Override – Articles: The Complete Guide to SQL Injections
- Obfuscated SQL Injection attacks
- Exploiting hard filtered SQL Injections « Reiners’ Weblog
- SQL Injection Attack
- YouTube – Joe McCray – Advanced SQL Injection – LayerOne 2009
- Joe McCray – Advanced SQL Injection – L1 2009.pdf (application/pdf Object)
- Joseph McCray SQL Injection
- sla.ckers.org web application security forum :: Obfuscation :: SQL filter evasion
- sqli2.pdf (application/pdf Object)
- SQL Server Version – SQLTeam.com
- Overlooked SQL Injection 20071021.pdf (application/pdf Object)
- SQLInjectionCommentary20071021.pdf (application/pdf Object)
- uploadtricks
- bypassing upload file type – Google Search
- Skeptikal.org: Adobe Responds… Sort Of
- Secure File Upload in PHP Web Applications | INSIC DESIGNS
- Stupid htaccess Tricks • Perishable Press
- Tricks and Tips: Bypassing Image Uploaders. – By: t3hmadhatt3r
- Security FCKeditor ADS File Upload Vulnerability – Windows Only
- Cross Site Scripting scanner – Free XSS Security Scanner
- VUPEN – Microsoft IIS File Extension Processing Security Bypass Vulnerability / Exploit (Security Advisories – VUPEN/ADV-2009-3634)
- Uploading Files Using the File Field Control
- TangoCMS – Security #237: File Upload Filter Bypass in TangoCMS <=2.5.0 – TangoCMS Project
- Full Disclosure: Zeroboard File Upload & extension bypass Vulnerability
- Cross-site File Upload Attacks | GNUCITIZEN
- TikiWiki jhot.php Script File Upload Security Bypass Vulnerability
- FileUploadSecurity – SH/SC Wiki
- LFI/RFI
- Exploiting PHP File Inclusion – Overview « Reiners’ Weblog
- LFI..Code Exec..Remote Root!
- Local File Inclusion – Tricks of the Trade « Neohapsis Labs
- Blog, When All You Can Do Is Read – DigiNinja
- XSS
- The Anatomy of Cross Site Scripting
- Whitepapers – www.technicalinfo.net
- Cross-Site Scripting (XSS) – no script required – Tales from the Crypto
- Guide Cross Site Scripting – Attack and Defense guide – InterN0T – Underground Security Training
- BlackHat-EU-2010-Lindsay-Nava-IE8-XSS-Filters-slides.pdf (application/pdf Object)
- sirdarckcat: Our Favorite XSS Filters and how to Attack them
- Filter Evasion – Houdini on the Wire « Security Aegis
- HTML5 Security Cheatsheet
- XSS – Cross Site Scripting
- sla.ckers.org web application security forum :: XSS Info
- [DOM Based Cross Site Scripting or XSS of the Third Kind] Web Security Articles – Web Application Security Consortium
- What’s Possible with XSS?
- Coldfusion
- ColdFusion directory traversal FAQ (CVE-2010-2861) | GNUCITIZEN
- Attacking ColdFusion. | Sigurnost i zastita informacija
- Attacking ColdFusion
- HP Blogs – Adobe ColdFusion’s Directory Traversal Disaster – The HP Blog Hub
- 254_ShlomyGantz_August2009_HackProofingColdFusion.pdf (application/pdf Object)
- Adobe XML Injection Metasploit Module | carnal0wnage.attackresearch.com
- Computer Security Blog: PR10-08 Various XSS and information disclosure flaws within Adobe ColdFusion administration console
- SharePoint
- Lotus
- Lotus Notes/Domino Security – David Robert’s -castlebbs- Blog
- Penetration Testing: Re: Lotus Notes
- Hacking Lotus Domino | SecTechno
- jboss
- Whitepaper-Hacking-jBoss-using-a-Browser.pdf (application/pdf Object)
- Minded Security Blog: Good Bye Critical Jboss 0day
- vmware web
- Oracle appserver
- hideaway [dot] net: Hacking Oracle Application Servers
- Testing for Oracle – OWASP
- OraScan
- NGSSQuirreL for Oracle
- hpoas.pdf (application/pdf Object)
- SAP
- Onapsis | Research Labs
- ‘[john-users] patch for SAP-passwords (BCODE & PASSCODE)’ – MARC
- Phenoelit SAP exploits
- Wireless
- Capture the Flag/Wargames
- http://intruded.net/
- SmashTheStack Wargaming Network
- flack & hkpco.kr
- HC’s Capture the Flag site
- The UCSB iCTF
- CTF Calendar
- Conferences
- misc/unsorted
- http://www.ikkisoft.com/stuff/SMH_XSS.txt
- XFS 101: Cross-Frame Scripting Explained | SecureState Information Security Blog
- What The Fuck Is My Information Security Strategy?
- OWASP_DanielCutbert_Evolution_WebAppPenTest.mp4
- DeepSec 2007 – Aaron Portnoy Cody Pierce – RPC Auditing Tools and Techniques
- extern blog SensePost;
- Zen One: PCI Compliance – Disable SSLv2 and Weak Ciphers
- HD Moore on Metasploit, Exploitation and the Art of Pen Testing | threatpost
- Network Time Protocol (NTP) Fun | carnal0wnage.attackresearch.com
- black-box-scanners-dimva2010.pdf (application/pdf Object)
- Database_Pen_Testing_ISSA_March_25_V2.pdf (application/pdf Object)
- Stupid htaccess Tricks • Perishable Press
- Bookmarks Toolbar
- Add bookmarks to this folder to see them displayed on the Bookmarks Toolbar
-
- Most Visited
- Getting Started
- Latest Headlines
- Programming/Coding
[Bash] Advanced Bash-Scripting Guide - http://tldp.org/LDP/abs/html/
[Bash] Bash shell scripting tutorial - http://steve-parker.org/sh/sh.shtml
[Bash] Bourne Shell Reference - http://linuxreviews.org/beginner/bash_GNU_Bourne-Again_SHell_Reference/Again_SHell_Reference/
[CheatSheet] Scripting Languages: PHP, Perl, Python, Ruby - http://hyperpolyglot.org/scripting
http://bashshell.net/shell-scripts/forcing-scripts-to-run-as-root/
http://markdotto.com/playground/3d-text/
http://bernardodamele.blogspot.com/2011/09/reverse-shells-one-liners.html
https://www.owasp.org/index.php/HTML5_Security_Cheat_Sheet
Offensive Security’s Pentesting With BackTrack (PWB)Course
[Pre-course] Corelan Team - http://www.corelan.be/
[Pre-course] The Penetration Testing Execution Standard - http://www.pentest-standard.org/index.php/Main_Page
[Hash] NTLM Decrypter - http://www.md5decrypter.co.uk/ntlm-decrypt.aspx
[Hash] reverse hash search and calculator - http://goog.li/
http://security.crudtastic.com/?p=213Tunnelling / Pivoting
[Linux] SSH gymnastics with proxychains - http://pauldotcom.com/2010/03/ssh-gymnastics-with-proxychain.html
[Windows] Nessus Through SOCKS Through Meterpreter -http://www.digininja.org/blog/nessus_over_sock4a_over_msf.phpWarGames / Online Challenges
[WarGames] Title - http://securityoverride.com/
[WarGames] Title - http://intruded.net/
[Challenge] The Ksplice Pointer Challenge - http://blogs.oracle.com/ksplice/[WarGames] Title - http://spotthevuln.com[WarGames] Title - http://cvo-lab.blogspot.com/2011/05/iawacs-2011-forensics-challenge.html[WarGames] Title - http://ftp.hackerdom.ru/ctf-images/
http://r00tsec.blogspot.com/2011/02/pentest-lab-vulnerable-servers.html
http://jhyx4life.blogspot.com/2007/02/practicas-para-un-hacker-wargames.html
https://www.owasp.org/index.php/OWASP_iGoat_ProjectExploit Development (Programs)[Download] Title - http://www.oldapps.com/[Download] Title - http://www.oldversion.com/[Download] Title - http://www.exploit-db.com/webapps/Misc
[RSS] Open Penetration Testing Bookmarks Collection - https://code.google.com/p/pentest-bookmarks/downloads/list
[ExploitDev] Data mining Backtrack 4 for buffer overflow return addresses -http://insidetrust.blogspot.com/2010/12/data-mining-backtrack-4-for-buffer.html
[DIY] Repair a Broken Ethernet Plug - http://www.instructables.com/id/Repair-a-Broken-Ethernet-Plug/step5/Make-its-Head-Thin/
[Desktop] Ubuntu Security - http://ubuntuforums.org/showthread.php?t=510812
[TechHumor] Title - https://www.xkcd.com
[TechHumor] Title - http://www.blackhat.com/presentations/bh-europe-05/BH_EU_05-Long.pdf
http://www.packetstan.com/2011/03/nbns-spoofing-on-your-way-to-world.html
http://dsecrg.blogspot.com/search/label/SMBRelay%20bible
http://www.ivizsecurity.com/blog/web-application-security/testing-flash-applications-pen-tester-guide/
http://sghctoma.extra.hu/index.php?p=entry&id=18
http://www.anti-forensics.com/beat-encase-file-signature-analysis-on-a-windows-system
https://blogs.msdn.com/themes/blogs/generic/post.aspx?WeblogApp=oldnewthing&y=2011&m=09&d=21&WeblogPostID=10214405&GroupKeys=
http://tuts4you.com/download.php?view.3216
http://tuts4you.com/download.php?list.17
http://portal.b-at-s.net/download.php
http://journeyintoir.blogspot.com/2011/09/building-timelines-tools-usage.html
http://quequero.org/uicwiki/index.php?diff=12753&oldid=prev&title=Carberp_Reverse_Engineering
https://code.google.com/p/findmyhash/downloads/list
http://www.contextis.com/research/blog/reverseproxybypass/Malware
https://code.google.com/p/yara-project/
http://malwares.pl/index.php?dir=
http://contagiodump.blogspot.com/2010/03/collection-of-web-backdoors-shells-from.htmlPrograms/Scripts
https://github.com/liftoff/GateOneEmbedded Devies
http://www.routerpwn.com
https://code.google.com/p/littleblackbox/
http://samy.pl/androidmap/
http://dogber1.blogspot.com/2009/05/table-of-reverse-engineered-bios.htmlExploit Development
[Guides] Corelan Team - http://www.corelan.be/
[Guide] From 0×90 to 0x4c454554, a journey into exploitation. - http://myne-us.blogspot.com/2010/08/from-0×90-to-0x4c454554-journey-into.html
[Guide] An Introduction to Fuzzing: Using fuzzers (SPIKE) to find vulnerabilities -http://resources.infosecinstitute.com/intro-to-fuzzing/
[Video] TiGa’s Video Tutorial Series on IDA Pro - http://www.woodmann.com/TiGa/idaseries.html
[Guide] Advanced Windows Buffer Overflows - http://labs.snort.org/awbo/
[Guide] Stack Based Windows Buffer Overflow Tutorial - http://grey-corner.blogspot.com/2010/01/beginning-stack-based-buffer-overflow.html
[Guide] SEH Stack Based Windows Buffer Overflow Tutorial - http://grey-corner.blogspot.com/2010/01/seh-stack-based-windows-buffer-overflow.html
[Guide] Windows Buffer Overflow Tutorial: Dealing with Character Translation - http://grey-corner.blogspot.com/2010/01/windows-buffer-overflow-tutorial.html
[Guide] Heap Spray Exploit Tutorial: Internet Explorer Use After Free Aurora Vulnerability< - http://grey-corner.blogspot.com/2010/01/heap-spray-exploit-tutorial-internet.html
[Guide] Windows Buffer Overflow Tutorial: An Egghunter and a Conditional Jump - http://grey-corner.blogspot.com/2010/02/windows-buffer-overflow-tutorial.html
[Linux] Linux exploit development part 1 – Stack overflow. - http://sickness.tor.hu/?p=363
[Linux] Linux Exploit Writing Tutorial Pt 2 – Stack Overflow ASLR bypass Using ret2reg - http://sickness.tor.hu/?p=365
[Linux] Linux exploit development part 3 – ret2libc - http://sickness.tor.hu/?p=368
[Linux] Linux exploit development part 4 – ASCII armor bypass + return-to-plt - http://sickness.tor.hu/?p=378
[TechHumor] Title - https://www.youtube.com/watch?v=klXFqtYR5Mg
[TechHumor] Title - http://amolnaik4.blogspot.com/2011/06/exploit-development-with-monapy.html
http://eli.thegreenplace.net/2011/09/06/stack-frame-layout-on-x86-64/Exploit Development (Case Studies/Walkthroughs)
[Web] Finding 0days in Web Applications - http://www.exploit-db.com/finding-0days-in-web-applications/
[Windows] Offensive Security Exploit Weekend - http://www.corelan.be/index.php/2010/11/13/offensive-security-exploit-weekend/
[Windows] From vulnerability to exploit under 5 min - http://0entropy.blogspot.com/2011/02/from-vulnerability-to-exploit-under-5.htmlExploit Development (Patch Analysis)
[Windows] A deeper look at ms11-058 - http://www.skullsecurity.org/blog/2011/a-deeper-look-at-ms11-058
[Windows] Patch Analysis for MS11-058 - https://community.qualys.com/blogs/securitylabs/2011/08/23/patch-analysis-for-ms11-058
[Windows] CVE-2011-1281: A story of a Windows CSRSS Privilege Escalation vulnerability -http://j00ru.vexillium.org/?p=893
[Mobile] Analyzing and dissecting Android applications for security defects and vulnerabilities - https://www.net-security.org/article.php?id=1613Exploit Development (Metasploit Wishlist)
[ExplotDev] Metasploit Exploits Wishlist ! - http://esploit.blogspot.com/2011/03/metasploit-exploits-wishlist.html
[Guide] Porting Exploits To Metasploit Part 1 - http://www.securitytube.net/video/2118Passwords & Rainbow Tables (WPA)
[RSS] Title - http://ob-security.info/?p=475
[RSS] Title - http://nakedsecurity.sophos.com/2011/06/14/the-top-10-passcodes-you-should-never-use-on-your-iphone/
[RSS] Title - http://www.troyhunt.com/2011/06/brief-sony-password-analysis.html
[WPA] Offensive Security: WPA Rainbow Tables - http://www.offensive-security.com/wpa-tables/
[Tool] Ultra High Security Password Generator - https://www.grc.com/passwords.htm
[Guide] Creating effective dictionaries for password attacks - http://insidetrust.blogspot.com/2010/07/creating-effective-dictionaries-for.html
[Leaked] Diccionarios con Passwords de Sitios Expuestos - http://www.dragonjar.org/diccionarios-con-passwords-de-sitios-expuestos.xhtml
[Download] Index of / - http://svn.isdpodcast.com/wordlists/
[Guide] Using Wikipedia as brute forcing dictionary - http://lab.lonerunners.net/blog/using-wikipedia-as-brute-forcing-dictionary
[Tool] CeWL – Custom Word List generator - http://www.digininja.org/projects/cewl.php
[Download] Title - http://www.aircrack-ng.org/doku.php?id=faq#where_can_i_find_good_wordlists
[Leaked] Passwords - http://www.skullsecurity.org/wiki/index.php/PasswordsCheat-Sheets
[OS] A Sysadmin’s Unixersal Translator - http://bhami.com/rosetta.html
[WiFi] WirelessDefence.org’s Wireless Penetration Testing Framework -http://www.wirelessdefence.org/Contents/Wireless%20Pen%20Test%20Framework.htmlAnti-Virus
[Metasploit] Facts and myths about antivirus evasion with Metasploit -http://schierlm.users.sourceforge.net/avevasion.html
[Terms] Methods of bypassing Anti-Virus (AV) Detection – NetCat - http://compsec.org/security/index.php/anti-virus/283-anti-virus-central-methods-of-bypassing-anti-virus-av-detection.htmlPrivilege Escalation
[Linux] Hacking Linux Part I: Privilege Escalation - http://www.dankalia.com/tutor/01005/0100501004.htm
[Windows] Windows 7 UAC whitelist - http://www.pretentiousname.com/misc/win7_uac_whitelist2.html
[Windows] Windows Privilege Escalation Part 1: Local Administrator Privileges -http://www.netspi.com/blog/2009/10/05/windows-privilege-escalation-part-1-local-administrator-privileges/Metasploit
[Guide] fxsst.dll persistence: the evil fax machine - http://www.room362.com/blog/2011/6/27/fxsstdll-persistence-the-evil-fax-machine.html
[Guide] Bypassing DEP/ASLR in browser exploits with McAfee and Symantec -http://www.scriptjunkie.us/2011/08/custom-payloads-in-metasploit-4/
[Guides] Metasploit Unleashed - http://www.offensive-security.com/metasploit-unleashed/Metasploit_Unleashed_Information_Security_Training
[Guides] Metasploit Megaprimer (Exploitation Basics And Need For Metasploit) Part 1 -http://www.securitytube.net/video/1175
http://securityxploded.com/metasploit-password-modules.phpDefault Generators
[WEP] mac2wepkey – Huawei default WEP generator - http://websec.ca/blog/view/mac2wepkey_huawei
[WEP] Generator: Attacking SKY default router password -http://sec.jetlib.com/BackTrack_Linux_Forums/2011/01/12/Generator:_Attacking_SKY_default_router_passwordStatistics
[Defacements] Zone-H - http://www.zone-h.org/
[ExploitKits] CVE Exploit Kit list - http://exploitkit.ex.ohost.de/CVE%20Exploit%20Kit%20List.htm
http://www.ccssforum.org/malware-certificates.php?&pag=1fCross Site Scripting (XSS)
[Guide] vbSEO – From XSS to Reverse PHP Shell - http://www.exploit-db.com/vbseo-from-xss-to-reverse-php-shell/
[RSS] Title - http://www.thespanner.co.uk/2009/03/25/xss-rays/
http://jon.oberheide.org/blog/2011/03/07/how-i-almost-won-pwn2own-via-xss/
http://skeletonscribe.blogspot.com/2011/05/js-less-xss.html
http://unconciousmind.blogspot.com/2011/09/xss-illustrated.htmlPodcasts
[Weekly] PaulDotCom - http://pauldotcom.com/podcast/psw.xml
[Monthly] Social-Engineer - http://socialengineer.podbean.com/feed/Blogs & RSS
[RSS] SecManiac - http://www.secmaniac.com/
[Guides] Carnal0wnage & Attack Research - http://carnal0wnage.attackresearch.com/
[RSS] Contagio - http://contagiodump.blogspot.com/
[News] THN : The Hacker News - http://thehackernews.com/
[News] Packet Storm: Full Disclosure Information Security - http://packetstormsecurity.org/
[Guides] pentestmonkey | Taking the monkey work out of pentesting - http://pentestmonkey.net/
[RSS] Darknet – The Darkside | Ethical Hacking, Penetration Testing & Computer Security -http://www.darknet.org.uk/
[RSS] Irongeek - http://www.irongeek.com/
[Metasploit] Room 363 - http://www.room362.com/
[Guides] Question Defense: Technology Answers For Technology Questions - http://www.question-defense.com/
[Guides] stratmofo’s blog - http://securityjuggernaut.blogspot.com/
[Guides] TheInterW3bs - http://theinterw3bs.com/[Guides] consolecowboys - http://console-cowboys.blogspot.com/
[Guides] A day with Tape - http://adaywithtape.blogspot.com/
[Guides] Cybexin’s Blog – Network Security Blog - http://cybexin.blogspot.com/[RSS] BackTrack Linux – Penetration Testing Distribution - http:/ /www .backtrack-linux .org /feed /
[RSS] Offensive Security - http://www.offensive-security.com/blog/feed/[RSS] Title - http://www.pentestit.com
[RSS] Title - http://michael-coates.blogspot.com
[RSS] Title - http://blog.0x0e.org
[RSS] Title - http://0×80.org/blog
[RSS] Title - http://archangelamael.shell.tor.hu
[RSS] Title - http://archangelamael.blogspot.com
[RSS] Title - http://www.coresec.org
[RSS] Title - http://noobys-journey.blogspot.com
[RSS] Title - http://www.get-root.com
[RSS] Title - http://www.kislaybhardwaj.com
[RSS] Title - https://community.rapid7.com/community/metasploit/blog
[RSS] Title - http://mimetus.blogspot.com
[RSS] Title - http://hashcrack.blogspot.com
[RSS] Title - https://rephraseit.wordpress.com
[RSS] Title - http://www.exploit-db.com
[RSS] Title - http:/skidspot.blogspot.com
[RSS] Title - http://grey-corner.blogspot.com
[RSS] Title - http://vishnuvalentino.com
[RSS] Title - http://ob-security.infohttp://twitter.com/n1tr0g3n_hack3rWindows 7 Download Links;
