lazyhacker 1 year ago

Cyber Security Useful Links

Blogs Worth It:

What the title says. There are a LOT of pentesting blogs, these are the ones i monitor constantly and value in the actual day to day testing work.


 http://carnal0wnage.blogspot.com/

 http://www.mcgrewsecurity.com/

 http://www.gnucitizen.org/blog/

 http://www.darknet.org.uk/

 http://spylogic.net/

 http://taosecurity.blogspot.com/

 http://www.room362.com/

 http://blog.sipvicious.org/

 http://blog.portswigger.net/

 http://pentestmonkey.net/blog/

 http://jeremiahgrossman.blogspot.com/

 http://i8jesus.com/

 http://blog.c22.cc/

 http://www.skullsecurity.org/blog/

 http://blog.metasploit.com/

 http://www.darkoperator.com/

 http://blog.skeptikal.org/

 http://preachsecurity.blogspot.com/

 http://www.tssci-security.com/

 http://www.gdssecurity.com/l/b/

 http://websec.wordpress.com/

 http://bernardodamele.blogspot.com/

 http://laramies.blogspot.com/

 http://www.spylogic.net/

 http://blog.andlabs.org/

 http://xs-sniper.com/blog/

 http://www.commonexploits.com/

 http://www.sensepost.com/blog/

 http://wepma.blogspot.com/

 http://exploit.co.il/

 http://securityreliks.wordpress.com/

 http://www.madirish.net/index.html

 http://sirdarckcat.blogspot.com/

 http://reusablesec.blogspot.com/

 http://myne-us.blogspot.com/

 http://www.notsosecure.com/

 http://blog.spiderlabs.com/

 http://www.corelan.be/

 http://www.digininja.org/

 http://www.pauldotcom.com/

 http://www.attackvector.org/

 http://deviating.net/

 http://www.alphaonelabs.com/

 http://www.smashingpasswords.com/

 http://wirewatcher.wordpress.com/

 http://gynvael.coldwind.pl/

 http://www.nullthreat.net/

 http://www.question-defense.com/

 http://archangelamael.blogspot.com/

 http://memset.wordpress.com/

 http://sickness.tor.hu/

 http://punter-infosec.com/

 http://www.securityninja.co.uk/

 http://securityandrisk.blogspot.com/

 http://esploit.blogspot.com/

 http://www.pentestit.com/

Forums:

Created for forums that will help in both tool usage, syntax, attack techniques, and collection of scripts and tools. Needs some help. I don't really frequent too many underground forums but i actually find nice one-off scripts and info i can roll into my own code in these places. Would like to add more.

 http://sla.ckers.org/forum/index.php

 http://www.ethicalhacker.net/

 http://www.backtrack-linux.org/forums/

 http://www.elitehackers.info/forums/

 http://www.hackthissite.org/forums/index.php

 http://securityoverride.com/forum/index.php

 http://www.iexploit.org/

 http://bright-shadows.net/

 http://www.governmentsecurity.org/forum/

 http://forum.intern0t.net/

Magazines:

 http://www.net-security.org/insecuremag.php

 http://hakin9.org/

Video:

 http://www.hackernews.com/

 http://www.securitytube.net/

 http://www.irongeek.com/i.php?page=videos/aide-winter-2011

 http://avondale.good.net/dl/bd/

 http://achtbaan.nikhef.nl/27c3-stream/releases/mkv/

 http://www.youtube.com/user/ChRiStIaAn008

 http://www.youtube.com/user/HackingCons

Methodologies:

 http://www.vulnerabilityassessment.co.uk/Penetration%20Test.html

 http://www.pentest-standard.org/index.php/Main_Page

 http://projects.webappsec.org/w/page/13246978/Threat-Classification

 http://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project

 http://www.social-engineer.org/

OSINT

Presentations:

 http://www.spylogic.net/2009/10/enterprise-open-source-intelligence-gathering-part-1-social-networks/

 http://www.spylogic.net/2009/10/enterprise-open-source-intelligence-gathering-%E2%80%93-part-2-blogs-message-boards-and-metadata/

 http://www.spylogic.net/2009/10/enterprise-open-source-intelligence-gathering-part-3-monitoring/

 http://www.slideshare.net/Laramies/tactical-information-gathering

 http://www.sans.org/reading_room/whitepapers/privacy/document_metadata_the_silent_killer__32974

 http://infond.blogspot.com/2010/05/toturial-footprinting.html

People and Organizational:

 http://www.spokeo.com/

 http://www.123people.com/

 http://www.xing.com/

 http://www.zoominfo.com/search

 http://pipl.com/

 http://www.zabasearch.com/

 http://www.searchbug.com/default.aspx

 http://theultimates.com/

 http://skipease.com/

 http://addictomatic.com/

 http://socialmention.com/

 http://entitycube.research.microsoft.com/

 http://www.yasni.com/

 http://tweepz.com/

 http://tweepsearch.com/

 http://www.glassdoor.com/index.htm

 http://www.jigsaw.com/

 http://searchwww.sec.gov/EDGARFSClient/jsp/EDGAR_MainAccess.jsp

 http://www.tineye.com/

 http://www.peekyou.com/

 http://picfog.com/

 http://twapperkeeper.com/index.php

Infrastructure:

 http://uptime.netcraft.com/

 http://www.serversniff.net/

 http://www.domaintools.com/

 http://centralops.net/co/

 http://hackerfantastic.com/

 http://whois.webhosting.info/

 https://www.ssllabs.com/ssldb/analyze.html

 http://www.clez.net/

 http://www.my-ip-neighbors.com/

 http://www.shodanhq.com/

 http://www.exploit-db.com/google-dorks/

 http://www.hackersforcharity.org/ghdb/

Exploits and Advisories:

 http://www.exploit-db.com/

 http://www.cvedetails.com/

 http://www.milw0rm.com/ (Down permanently)

 http://www.packetstormsecurity.org/

 http://www.securityforest.com/wiki/index.php/Main_Page

 http://www.securityfocus.com/bid

 http://nvd.nist.gov/

 http://osvdb.org/

 http://www.nullbyte.org.il/Index.html

 http://secdocs.lonerunners.net/

 http://www.phenoelit-us.org/whatSAP/index.html

 http://secunia.com/

 http://cve.mitre.org/

Cheatsheets and Syntax:

 http://cirt.net/ports_dl.php?export=services

 http://www.cheat-sheets.org/

 http://blog.securitymonks.com/2009/08/15/whats-in-your-folder-security-cheat-sheets/

Agile Hacking:

 http://www.gnucitizen.org/blog/agile-hacking-a-homegrown-telnet-based-portscanner/

 http://blog.commandlinekungfu.com/

 http://www.securityaegis.com/simple-yet-effective-directory-bruteforcing/

 http://isc.sans.edu/diary.html?storyid=2376

 http://isc.sans.edu/diary.html?storyid=1229

 http://ss64.com/nt/

 http://pauldotcom.com/2010/02/running-a-command-on-every-mac.html

 http://synjunkie.blogspot.com/2008/03/command-line-ninjitsu.html

 http://www.zonbi.org/2010/06/09/wmic-the-other-other-white-meat/

 http://rstcenter.com/forum/22324-hacking-without-tools-windows.rst

 http://www.coresecurity.com/files/p_w_uploads/Core_Define_and_Win_Cmd_Line.pdf

 http://www.scribd.com/Penetration-Testing-Ninjitsu2-Infrastructure-and-Netcat-without-Netcat/d/3064507

 http://www.pentesterscripting.com/

 http://www.sans.org/reading_room/whitepapers/hackers/windows-script-host-hack-windows_33583

 http://www.blackhat.com/presentations/bh-dc-10/Bannedit/BlackHat-DC-2010-Bannedit-Advanced-Command-Injection-Exploitation-1-wp.pdf

OS and Scripts:

 http://en.wikipedia.org/wiki/IPv4_subnetting_reference

 http://www.nixtutor.com/linux/all-the-best-linux-cheat-sheets/

 http://shelldorado.com/shelltips/beginner.html

 http://www.linuxsurvival.com/

 http://mywiki.wooledge.org/BashPitfalls

 http://rubular.com/

 http://www.iana.org/assignments/port-numbers

 http://www.robvanderwoude.com/ntadmincommands.php

 http://www.nixtutor.com/linux/all-the-best-linux-cheat-sheets/

Tools:

 http://www.sans.org/security-resources/sec560/netcat_cheat_sheet_v1.pdf

 http://www.secguru.com/files/cheatsheet/nessusNMAPcheatSheet.pdf

 http://sbdtools.googlecode.com/files/hping3_cheatsheet_v1.0-ENG.pdf

 http://sbdtools.googlecode.com/files/Nmap5%20cheatsheet%20eng%20v1.pdf

 http://www.sans.org/security-resources/sec560/misc_tools_sheet_v1.pdf

 http://rmccurdy.com/scripts/Metasploit%20meterpreter%20cheat%20sheet%20reference.html

 http://h.ackack.net/cheat-sheets/netcat

Distros:

 http://www.backtrack-linux.org/

 http://www.matriux.com/

 http://samurai.inguardians.com/

 http://www.owasp.org/index.php/Category:OWASP_Live_CD_Project

 https://pentoo.ch/

 http://www.hackfromacave.com/articles_and_adventures/katana_v2_release.html

 http://www.piotrbania.com/all/kon-boot/

 http://www.linuxfromscratch.org/

 http://sumolinux.suntzudata.com/

 http://blog.0x0e.org/2009/11/20/pentesting-with-an-ubuntu-box/#comments

 http://www.backbox.org/

Labs:

ISOs and VMs:

 http://sourceforge.net/projects/websecuritydojo/

 http://code.google.com/p/owaspbwa/wiki/ProjectSummary

 http://heorot.net/livecds/

 http://informatica.uv.es/~carlos/docencia/netinvm/

 http://www.bonsai-sec.com/en/research/moth.php

 http://blog.metasploit.com/2010/05/introducing-metasploitable.html

 http://pynstrom.net/holynix.php

 http://gnacktrack.co.uk/download.php

 http://sourceforge.net/projects/lampsecurity/files/

 https://www.hacking-lab.com/news/newspage/livecd-v4.3-available.html

 http://sourceforge.net/projects/virtualhacking/files/

 http://www.badstore.net/

 http://www.irongeek.com/i.php?page=security/mutillidae-deliberately-vulnerable-php-owasp-top-10

 http://www.dvwa.co.uk/

 http://sourceforge.net/projects/thebutterflytmp/

Vulnerable Software:

 http://www.oldapps.com/

 http://www.oldversion.com/

 http://www.exploit-db.com/webapps/

 http://code.google.com/p/wavsep/downloads/list

 http://www.owasp.org/index.php/Owasp_SiteGenerator

 http://www.mcafee.com/us/downloads/free-tools/hacmebooks.aspx

 http://www.mcafee.com/us/downloads/free-tools/hacme-casino.aspx

 http://www.mcafee.com/us/downloads/free-tools/hacmeshipping.aspx

 http://www.mcafee.com/us/downloads/free-tools/hacmetravel.aspx

Test Sites:

 http://www.webscantest.com/

 http://crackme.cenzic.com/Kelev/view/home.php

 http://zero.webappsecurity.com/banklogin.asp?

 http://testaspnet.vulnweb.com/

 http://testasp.vulnweb.com/

 http://testphp.vulnweb.com/

 http://demo.testfire.net/

 http://hackme.ntobjectives.com/

Exploitation Intro:

If you'd like to get into exploit dev, these are really the guides and docs that will start you off in the right direction. Since Exploit dev is not my primary occupation this section could always use help.

 http://myne-us.blogspot.com/2010/08/from-0x90-to-0x4c454554-journey-into.html

 http://www.mgraziano.info/docs/stsi2010.pdf

 http://www.abysssec.com/blog/2010/05/past-present-future-of-windows-exploitation/

 http://www.ethicalhacker.net/content/view/122/2/

 http://code.google.com/p/it-sec-catalog/wiki/Exploitation

 http://x9090.blogspot.com/2010/03/tutorial-exploit-writting-tutorial-from.html

 http://ref.x86asm.net/index.html

Reverse Engineering & Malware:

 http://www.woodmann.com/TiGa/idaseries.html

 http://www.binary-auditing.com/

 http://visi.kenshoto.com/

 http://www.radare.org/y/

 http://www.offensivecomputing.net/

Passwords and Hashes:

 http://www.irongeek.com/i.php?page=videos/password-exploitation-class

 http://cirt.net/passwords

 http://sinbadsecurity.blogspot.com/2008/10/ms-sql-server-password-recovery.html

 http://www.foofus.net/~jmk/medusa/medusa-smbnt.html

 http://www.foofus.net/?page_id=63

 http://hashcrack.blogspot.com/

 http://www.nirsoft.net/articles/saved_password_location.html

 http://www.onlinehashcrack.com/

 http://www.md5this.com/list.php?

 http://www.virus.org/default-password

 http://www.phenoelit-us.org/dpl/dpl.html

 http://news.electricalchemy.net/2009/10/cracking-passwords-in-cloud.html

Wordlists:

 http://contest.korelogic.com/wordlists.html

 http://packetstormsecurity.org/Crackers/wordlists/

 http://www.skullsecurity.org/wiki/index.php/Passwords

 http://www.ericheitzman.com/passwd/passwords/

Pass the Hash:

 http://www.sans.org/reading_room/whitepapers/testing/pass-the-hash-attacks-tools-mitigation_33283

 http://www.sans.org/reading_room/whitepapers/testing/crack-pass-hash_33219

 http://carnal0wnage.blogspot.com/2008/03/using-pash-hash-toolkit.html

MiTM:

 http://www.giac.org/certified_professionals/practicals/gsec/0810.php

 http://www.linuxsecurity.com/docs/PDF/dsniff-n-mirror.pdf

 http://www.cs.uiuc.edu/class/sp08/cs498sh/slides/dsniff.pdf

 http://www.techvibes.com/blog/a-hackers-story-let-me-tell-you-just-how-easily-i-can-steal-your-personal-data

 http://www.mindcenter.net/uploads/ECCE101.pdf

 http://toorcon.org/pres12/3.pdf

 http://media.techtarget.com/searchUnifiedCommunications/downloads/Seven_Deadliest_UC_Attacks_Ch3.pdf

 http://packetstormsecurity.org/papers/wireless/cracking-air.pdf

 http://www.blackhat.com/presentations/bh-europe-03/bh-europe-03-valleri.pdf

 http://www.oact.inaf.it/ws-ssri/Costa.pdf

 http://www.defcon.org/p_w_picpaths/defcon-17/dc-17-presentations/defcon-17-sam_bowne-hijacking_web_2.0.pdf

 http://mcafeeseminar.com/focus/downloads/Live_Hacking.pdf

 http://www.seanobriain.com/docs/PasstheParcel-MITMGuide.pdf

 http://www.more.net/sites/default/files/2010JohnStrandKeynote.pdf

 http://www.leetupload.com/database/Misc/Papers/Asta%20la%20Vista/18.Ettercap_Spoof.pdf

 http://bandwidthco.com/whitepapers/netforensics/arp/EtterCap%20ARP%20Spoofing%20&%20Beyond.pdf

 http://bandwidthco.com/whitepapers/netforensics/arp/Fun%20With%20EtterCap%20Filters.pdf

 http://www.iac.iastate.edu/iasg/libarchive/0910/The_Magic_of_Ettercap/The_Magic_of_Ettercap.pdf

 http://articles.manugarg.com/arp_spoofing.pdf

 http://academy.delmar.edu/Courses/ITSY2430/eBooks/Ettercap(ManInTheMiddleAttack-tool).pdf

 http://www.ucci.it/docs/ICTSecurity-2004-26.pdf

 http://web.mac.com/opticrealm/iWeb/asurobot/My%20Cyber%20Attack%20Papers/My%20Cyber%20Attack%20Papers_files/ettercap_Nov_6_2005-1.pdf

 http://blog.spiderlabs.com/2010/12/thicknet.html

 http://www.hackyeah.com/2010/10/ettercap-filters-with-metasploit-browser_autopwn/

 http://www.go4expert.com/forums/showthread.php?t=11842

 http://www.irongeek.com/i.php?page=security/ettercapfilter

 http://openmaniak.com/ettercap_filter.php

 http://www.irongeek.com/i.php?page=videos/dns-spoofing-with-ettercap-pharming

 http://www.irongeek.com/i.php?page=videos/ettercap-plugins-find-ip-gw-discover-isolate

 http://www.irongeek.com/i.php?page=videos/ettercapfiltervid1

 http://spareclockcycles.org/2010/06/10/sergio-proxy-released/

Tools:

OSINT:

 http://www.edge-security.com/theHarvester.php

 http://www.mavetju.org/unix/dnstracer-man.php

 http://www.paterva.com/web5/

Metadata:

 http://www.sans.org/reading_room/whitepapers/privacy/document-metadata-silent-killer_32974

 http://lcamtuf.coredump.cx/strikeout/

 http://www.sno.phy.queensu.ca/~phil/exiftool/

 http://www.edge-security.com/metagoofil.php

 http://www.darkoperator.com/blog/2009/4/24/metadata-enumeration-with-foca.html

Google Hacking:

 http://www.stachliu.com/index.php/resources/tools/google-hacking-diggity-project/

 http://midnightresearch.com/projects/search-engine-assessment-tool/#downloads

 http://sqid.rubyforge.org/#next

 http://voidnetwork.org/5ynL0rd/darkc0de/python_script/dorkScan.html

Web:

 http://www.bindshell.net/tools/beef

 http://blindelephant.sourceforge.net/

 http://xsser.sourceforge.net/

 http://sourceforge.net/projects/rips-scanner/

 http://www.divineinvasion.net/authforce/

 http://andlabs.org/tools.html#sotf

 http://www.taddong.com/docs/Browser_Exploitation_for_Fun&Profit_Taddong-RaulSiles_Nov2010_v1.1.pdf

 http://carnal0wnage.blogspot.com/2007/07/using-sqid-sql-injection-digger-to-look.html

 http://code.google.com/p/pinata-csrf-tool/

 http://xsser.sourceforge.net/#intro

 http://www.contextis.co.uk/resources/tools/clickjacking-tool/

 http://packetstormsecurity.org/files/view/69896/unicode-fun.txt

 http://sourceforge.net/projects/ws-attacker/files/

 https://github.com/koto/squid-imposter

-----------------------------------


2
980
FFUF cheat sheet for penetration testers

FFUF cheat sheet for penetration testers

defaultuser.png
X0NE
1 year ago
Curl Command Cheat Sheet for Penetration Testing

Curl Command Cheat Sheet for Penetration Testing

defaultuser.png
lazyhacker
1 year ago
Understanding API Authentication: A Guide to Cookie-Based,jwt

Understanding API Authentication: A Guide to Cookie-Based,jwt

defaultuser.png
X0NE
1 year ago
A very comprehensive penetration testing memo: including tools, techniques and techniques [worth collecting]

A very comprehensive penetration testing memo: including tools, techni...

defaultuser.png
lazyhacker
1 year ago
What is penetration testing?

What is penetration testing?

https://lh3.googleusercontent.com/a/ACg8ocIkM8EGIx0gz9GUP_nM6_sMxivr6876Wp0e9MAp6mGc=s96-c
xone
6 months ago