EvilZone
Hacking and Security => Hacking and Security => : blindfuzzy September 29, 2015, 12:00:26 AM
-
*I am not taking any credit for this list. I found this list and I am posting it here to share with everyone. I have checked most of the links but not all of them so if any are dead let me know and I will look for alternatives.
Security Forums
https://evilzone.org (https://evilzone.org)
https://www.hackthissite.org/forums/index.php (https://www.hackthissite.org/forums/index.php)
https://www.ethicalhacker.net/forums/index.php (https://www.ethicalhacker.net/forums/index.php)
http://forum.antichat.ru/ (http://forum.antichat.ru/)
https://forum.xeksec.com/ (https://forum.xeksec.com/)
https://rdot.org/forum/ (https://rdot.org/forum/)
https://forum.zloy.bz/ (https://forum.zloy.bz/)
https://forum.reverse4you.org/ (https://forum.reverse4you.org/)
https://rstforums.com/forum/ (https://rstforums.com/forum/)
http://www.truehackers.ru/forum/index.php (http://www.truehackers.ru/forum/index.php)
http://garage4hackers.com/forum.php (http://garage4hackers.com/forum.php)
https://www.hellboundhackers.org/ (https://www.hellboundhackers.org/)
http://www.lockpicking101.com/ (http://www.lockpicking101.com/)
https://www.xploitworld.com/index.php (https://www.xploitworld.com/index.php)
Tor Onion Links
https://www.torproject.org/ (https://www.torproject.org/)
http://www.hiddenwiki.info/ (http://www.hiddenwiki.info/)
Security Methodologies
http://www.vulnerabilityassessment.co.uk/Penetration%20Test.html (http://www.vulnerabilityassessment.co.uk/Penetration%20Test.html)
http://www.pentest-standard.org/index.php/Main_Page (http://www.pentest-standard.org/index.php/Main_Page)
https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project (https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project)
http://yehg.net/lab/pr0js/misc/wasarg_owasp-tgv4_with_ref.php (http://yehg.net/lab/pr0js/misc/wasarg_owasp-tgv4_with_ref.php)
http://www.social-engineer.org/ (http://www.social-engineer.org/)
http://projects.webappsec.org/w/page/13246927/FrontPage (http://projects.webappsec.org/w/page/13246927/FrontPage)
https://www.sans.org/reading-room/whitepapers/auditing/base-security-assessment-methodology-1587 (https://www.sans.org/reading-room/whitepapers/auditing/base-security-assessment-methodology-1587)
http://www.isecom.org/research/osstmm.html (http://www.isecom.org/research/osstmm.html)
Training/Classes/Video
https://exploit-exercises.com (https://exploit-exercises.com)
https://www.cybrary.it/cyber-security/ (https://www.cybrary.it/cyber-security/)
http://www.irongeek.com/i.php?page=videos/aide-winter-2011 (http://www.irongeek.com/i.php?page=videos/aide-winter-2011)
https://lab.pentestit.ru/pentestlabs/3 (https://lab.pentestit.ru/pentestlabs/3)
https://trailofbits.github.io/ctf/ (https://trailofbits.github.io/ctf/)
http://ctf.forgottensec.com/wiki/?title=Main_Page (http://ctf.forgottensec.com/wiki/?title=Main_Page)
http://smashthestack.org/ (http://smashthestack.org/)
http://ctf.hcesperer.org/ (http://ctf.hcesperer.org/)
https://www.google.com/calendar/feeds/noge7b1rg2dg4a8kcm1k68vbjg@group.calendar.google.com/public/basic (https://www.google.com/calendar/feeds/noge7b1rg2dg4a8kcm1k68vbjg@group.calendar.google.com/public/basic)
https://www.google.com/calendar/embed?src=pe2ikdbe6b841od6e26ato0asc@group.calendar.google.com&gsessionid=OK (https://www.google.com/calendar/embed?src=pe2ikdbe6b841od6e26ato0asc@group.calendar.google.com&gsessionid=OK)
https://crypto.stanford.edu/cs155/ (https://crypto.stanford.edu/cs155/)
https://www.offensive-security.com/metasploit-unleashed/ (https://www.offensive-security.com/metasploit-unleashed/)
http://www.irongeek.com/i.php?page=videos/metasploit-class (http://www.irongeek.com/i.php?page=videos/metasploit-class)
http://www.securitytube.net/ (http://www.securitytube.net/)
http://resources.infosecinstitute.com/ (http://resources.infosecinstitute.com/)
https://www.cs.fsu.edu/~redwood/OffensiveSecurity/lectures.html (https://www.cs.fsu.edu/~redwood/OffensiveSecurity/lectures.html)
https://www.youtube.com/watch?v=ANlROJNWtCs&list=PLM0IiVYClP2vC3A6Uz_ESV86kBVYei5qx (https://www.youtube.com/watch?v=ANlROJNWtCs&list=PLM0IiVYClP2vC3A6Uz_ESV86kBVYei5qx)
https://www.youtube.com/watch?v=Sye3mu-EoTI (https://www.youtube.com/watch?v=Sye3mu-EoTI)
https://www.youtube.com/watch?v=GPjcSxyIIUc (https://www.youtube.com/watch?v=GPjcSxyIIUc)
https://www.youtube.com/watch?v=kPxavpgos2I (https://www.youtube.com/watch?v=kPxavpgos2I)
https://www.youtube.com/watch?v=pnqcHU2qFiA (https://www.youtube.com/watch?v=pnqcHU2qFiA)
http://www.securitytube.net/video/7640 (http://www.securitytube.net/video/7640)
https://www.youtube.com/watch?v=y2zrEAwmdws (https://www.youtube.com/watch?v=y2zrEAwmdws)
http://www.securitytube.net/video/7735 (http://www.securitytube.net/video/7735)
Pentest Tools
https://github.com/pwnwiki/pwnwiki.github.io (https://github.com/pwnwiki/pwnwiki.github.io)
https://github.com/sbilly/awesome-security (https://github.com/sbilly/awesome-security)
https://github.com/paragonie/awesome-appsec (https://github.com/paragonie/awesome-appsec)
https://github.com/enaqx/awesome-pentest (https://github.com/enaqx/awesome-pentest)
https://github.com/kahun/awesome-sysadmin#security (https://github.com/kahun/awesome-sysadmin#security)
http://beefproject.com/ (http://beefproject.com/)
https://xsser.03c8.net/ (https://xsser.03c8.net/)
https://code.google.com/p/fuzzdb/ (https://code.google.com/p/fuzzdb/)
https://www.owasp.org/index.php/Category:OWASP_Fuzzing_Code_Database#tab=Statements (https://www.owasp.org/index.php/Category:OWASP_Fuzzing_Code_Database#tab=Statements)
http://w3af.org/ (http://w3af.org/)
https://code.google.com/p/skipfish/ (https://code.google.com/p/skipfish/)
https://www.sans.org/reading-room/whitepapers/testing/fuzzing-approach-credentials-discovery-burp-intruder-33214 (https://www.sans.org/reading-room/whitepapers/testing/fuzzing-approach-credentials-discovery-burp-intruder-33214)
https://www.securityninja.co.uk/hacking/burp-suite-tutorial-the-intruder-tool/ (https://www.securityninja.co.uk/hacking/burp-suite-tutorial-the-intruder-tool/)
http://www.justanotherhacker.com/projects/graudit.html (http://www.justanotherhacker.com/projects/graudit.html)
https://packetstormsecurity.com/files/tags/tool (https://packetstormsecurity.com/files/tags/tool)
http://pentestbox.com/ (http://pentestbox.com/) (For Windows users)
http://seclist.us/ (http://seclist.us/)
http://www.toolwar.com/ (http://www.toolwar.com/)
https://www.toolswatch.org/ (https://www.toolswatch.org/)
Pentest Lab ISO-VMs
http://www.amanhardikar.com/mindmaps/PracticeUrls.html (http://www.amanhardikar.com/mindmaps/PracticeUrls.html)
https://www.kali.org/ (https://www.kali.org/)
https://www.owasp.org/index.php/OWASP_Web_Testing_Environment_Project (https://www.owasp.org/index.php/OWASP_Web_Testing_Environment_Project)
http://blackarch.org/ (http://blackarch.org/)
https://code.google.com/p/owaspbwa/ (https://code.google.com/p/owaspbwa/)
https://www.mavensecurity.com/web_security_dojo/ (https://www.mavensecurity.com/web_security_dojo/)
http://hackingdojo.com/dojo-media/ (http://hackingdojo.com/dojo-media/)
http://informatica.uv.es/~carlos/docencia/netinvm/ (http://informatica.uv.es/~carlos/docencia/netinvm/)
http://www.bonsai-sec.com/en/research/moth.php (http://www.bonsai-sec.com/en/research/moth.php)
http://sourceforge.net/projects/metasploitable/files/Metasploitable2/ (http://sourceforge.net/projects/metasploitable/files/Metasploitable2/)
http://sourceforge.net/projects/lampsecurity/?source=navbar (http://sourceforge.net/projects/lampsecurity/?source=navbar)
https://www.hacking-lab.com/index.html (https://www.hacking-lab.com/index.html)
http://sourceforge.net/projects/virtualhacking/files/ (http://sourceforge.net/projects/virtualhacking/files/)
http://www.irongeek.com/i.php?page=mutillidae/mutillidae-deliberately-vulnerable-php-owasp-top-10 (http://www.irongeek.com/i.php?page=mutillidae/mutillidae-deliberately-vulnerable-php-owasp-top-10)
http://www.dvwa.co.uk/ (http://www.dvwa.co.uk/)
http://sourceforge.net/projects/thebutterflytmp/ (http://sourceforge.net/projects/thebutterflytmp/)
http://magikh0e.ihtb.org/pubPapers/ (http://magikh0e.ihtb.org/pubPapers/)
Metasploit
http://resources.metasploit.com/ (http://resources.metasploit.com/)
http://netsec.ws/?p=262 (http://netsec.ws/?p=262)
http://seclists.org/metasploit/ (http://seclists.org/metasploit/)
https://www.offensive-security.com/metasploit-unleashed/Introduction/ (https://www.offensive-security.com/metasploit-unleashed/Introduction/)
http://www.offensive-security.com/metasploit-unleashed/Msfvenom (http://www.offensive-security.com/metasploit-unleashed/Msfvenom)
https://community.rapid7.com/community/metasploit/ (https://community.rapid7.com/community/metasploit/)
http://www.securitytube.net/video/711?q=METASPLOIT (http://www.securitytube.net/video/711?q=METASPLOIT)
https://en.wikibooks.org/wiki/Metasploit (https://en.wikibooks.org/wiki/Metasploit)
https://www.sans.org/security-resources/sec560/misc_tools_sheet_v1.pdf (https://www.sans.org/security-resources/sec560/misc_tools_sheet_v1.pdf)
http://rmccurdy.com/scripts/Metasploit%20meterpreter%20cheat%20sheet%20reference.html (http://rmccurdy.com/scripts/Metasploit%20meterpreter%20cheat%20sheet%20reference.html)
https://github.com/rapid7/metasploit-framework/wiki/Meterpreter (https://github.com/rapid7/metasploit-framework/wiki/Meterpreter)
https://www.blackhat.com/presentations/bh-dc-10/Egypt/BlackHat-DC-2010-Egypt-UAV-slides.pdf (https://www.blackhat.com/presentations/bh-dc-10/Egypt/BlackHat-DC-2010-Egypt-UAV-slides.pdf)
Net Scanners
https://nmap.org/ (https://nmap.org/)
https://nmap.org/nsedoc/ (https://nmap.org/nsedoc/)
http://www.securitytube.net/video/931 (http://www.securitytube.net/video/931)
https://nmap.org/nsedoc/ (https://nmap.org/nsedoc/)
http://www.openvas.org/ (http://www.openvas.org/)
http://www.tenable.com/products/nessus-vulnerability-scanner (http://www.tenable.com/products/nessus-vulnerability-scanner)
https://www.rapid7.com/products/nexpose/compare-downloads.jsp (https://www.rapid7.com/products/nexpose/compare-downloads.jsp)
http://www.inguardians.com/research/docs/Skoudis_pentestsecrets.pdf (http://www.inguardians.com/research/docs/Skoudis_pentestsecrets.pdf)
Man-in-the-middle attack
http://www.linuxsecurity.com/docs/PDF/dsniff-n-mirror.pdf (http://www.linuxsecurity.com/docs/PDF/dsniff-n-mirror.pdf)
http://media.techtarget.com/searchUnifiedCommunications/downloads/Seven_Deadliest_UC_Attacks_Ch3.pdf (http://media.techtarget.com/searchUnifiedCommunications/downloads/Seven_Deadliest_UC_Attacks_Ch3.pdf)
https://packetstormsecurity.com/papers/wireless/cracking-air.pdf (https://packetstormsecurity.com/papers/wireless/cracking-air.pdf)
https://www.blackhat.com/presentations/bh-europe-03/bh-europe-03-valleri.pdf (https://www.blackhat.com/presentations/bh-europe-03/bh-europe-03-valleri.pdf)
https://www.defcon.org/images/defcon-17/dc-17-presentations/defcon-17-sam_bowne-hijacking_web_2.0.pdf (https://www.defcon.org/images/defcon-17/dc-17-presentations/defcon-17-sam_bowne-hijacking_web_2.0.pdf)
http://www.leetupload.com/database/Misc/Papers/Asta%20la%20Vista/18.Ettercap_Spoof.pdf (http://www.leetupload.com/database/Misc/Papers/Asta%20la%20Vista/18.Ettercap_Spoof.pdf)
http://bandwidthco.com/nf.html (http://bandwidthco.com/nf.html)
http://articles.manugarg.com/arp_spoofing.pdf (http://articles.manugarg.com/arp_spoofing.pdf)
http://academy.delmar.edu/Courses/ITSY2430/eBooks/Ettercap(ManInTheMiddleAttack-tool).pdf (http://academy.delmar.edu/Courses/ITSY2430/eBooks/Ettercap(ManInTheMiddleAttack-tool).pdf)
http://www.ucci.it/docs/ICTSecurity-2004-26.pdf (http://www.ucci.it/docs/ICTSecurity-2004-26.pdf)
Phase 1 - Reconnaissance: Information Gathering before the Attack
https://en.wikipedia.org/wiki/Open-source_intelligence (https://en.wikipedia.org/wiki/Open-source_intelligence)
http://www.spylogic.net/2009/10/enterprise-open-source-intelligence-gathering-part-1-social-networks/ (http://www.spylogic.net/2009/10/enterprise-open-source-intelligence-gathering-part-1-social-networks/)
http://www.spylogic.net/2009/10/enterprise-open-source-intelligence-gathering-%E2%80%93-part-2-blogs-message-boards-and-metadata/ (http://www.spylogic.net/2009/10/enterprise-open-source-intelligence-gathering-%E2%80%93-part-2-blogs-message-boards-and-metadata/)
http://www.spylogic.net/2009/10/enterprise-open-source-intelligence-gathering-part-3-monitoring/ (http://www.spylogic.net/2009/10/enterprise-open-source-intelligence-gathering-part-3-monitoring/)
http://www.slideshare.net/Laramies/tactical-information-gathering (http://www.slideshare.net/Laramies/tactical-information-gathering)
http://www.infond.fr/2010/05/toturial-footprinting.html (http://www.infond.fr/2010/05/toturial-footprinting.html)
Phase 1.1 - People and Orginizational
http://www.spokeo.com/ (http://www.spokeo.com/)
http://www.spoke.com/ (http://www.spoke.com/)
https://www.xing.com/ (https://www.xing.com/)
http://www.zoominfo.com/ (http://www.zoominfo.com/)
https://pipl.com/ (https://pipl.com/)
http://www.zabasearch.com/ (http://www.zabasearch.com/)
http://www.searchbug.com/ (http://www.searchbug.com/)
http://skipease.com/ (http://skipease.com/)
http://addictomatic.com/ (http://addictomatic.com/)
http://socialmention.com/ (http://socialmention.com/)
http://entitycube.research.microsoft.com/ (http://entitycube.research.microsoft.com/)
http://www.yasni.com/ (http://www.yasni.com/)
http://www.glassdoor.com/index.htm (http://www.glassdoor.com/index.htm)
https://connect.data.com/ (https://connect.data.com/)
https://searchwww.sec.gov/EDGARFSClient/jsp/EDGAR_MainAccess.jsp (https://searchwww.sec.gov/EDGARFSClient/jsp/EDGAR_MainAccess.jsp)
https://www.tineye.com/ (https://www.tineye.com/)
http://www.peekyou.com/ (http://www.peekyou.com/)
Phase 1.2 - Infastructure
http://uptime.netcraft.com/ (http://uptime.netcraft.com/)
http://www.shodanhq.com/ (http://www.shodanhq.com/)
http://www.domaintools.com/ (http://www.domaintools.com/)
http://centralops.net/co/ (http://centralops.net/co/)
http://whois.webhosting.info/ (http://whois.webhosting.info/)
https://www.ssllabs.com/ssltest/analyze.html (https://www.ssllabs.com/ssltest/analyze.html)
https://www.exploit-db.com/google-hacking-database/ (https://www.exploit-db.com/google-hacking-database/)
http://www.my-ip-neighbors.com/ (http://www.my-ip-neighbors.com/)
Phase 1.2 - Tools
OSINT Tools
http://www.edge-security.com/theharvester.php (http://www.edge-security.com/theharvester.php)
http://www.edge-security.com/metagoofil.php (http://www.edge-security.com/metagoofil.php)
http://www.paterva.com/web6/ (http://www.paterva.com/web6/)
https://www.sans.org/reading-room/whitepapers/privacy/document-metadata-silent-killer-32974 (https://www.sans.org/reading-room/whitepapers/privacy/document-metadata-silent-killer-32974)
http://www.sno.phy.queensu.ca/~phil/exiftool/ (http://www.sno.phy.queensu.ca/~phil/exiftool/)
http://www.darkoperator.com/blog/2009/4/24/metadata-enumeration-with-foca.html (http://www.darkoperator.com/blog/2009/4/24/metadata-enumeration-with-foca.html)
Phase 2 - Enumeration: Finding Attack Vectors
http://securitysynapse.blogspot.be/2013_08_01_archive.html (http://securitysynapse.blogspot.be/2013_08_01_archive.html)
https://hackertarget.com/attacking-wordpress/ (https://hackertarget.com/attacking-wordpress/)
https://code.google.com/p/pentest-bookmarks/wiki/BookmarksList (https://code.google.com/p/pentest-bookmarks/wiki/BookmarksList)
http://www.0daysecurity.com/penetration-testing/enumeration.html (http://www.0daysecurity.com/penetration-testing/enumeration.html)
https://github.com/n3ko1/WrapMap (https://github.com/n3ko1/WrapMap)
https://cirt.net/Nikto2 (https://cirt.net/Nikto2)
http://www.unixmen.com/install-nikto-web-scanner-check-vulnerabilities/ (http://www.unixmen.com/install-nikto-web-scanner-check-vulnerabilities/)
http://seclist.us/autoenum-nmap-enumeration-and-script-scan-automation-script.html (http://seclist.us/autoenum-nmap-enumeration-and-script-scan-automation-script.html)
http://code.stephenmorley.org/articles/xampp-version-history-apache-mysql-php/ (http://code.stephenmorley.org/articles/xampp-version-history-apache-mysql-php/)
http://carnal0wnage.attackresearch.com/2007/07/over-in-lso-chat-we-were-talking-about.html (http://carnal0wnage.attackresearch.com/2007/07/over-in-lso-chat-we-were-talking-about.html)
http://www.iodigitalsec.com/windows-null-session-enumeration/ (http://www.iodigitalsec.com/windows-null-session-enumeration/)
https://pen-testing.sans.org/blog/2013/07/24/plundering-windows-account-info-via-authenticated-smb-sessions (https://pen-testing.sans.org/blog/2013/07/24/plundering-windows-account-info-via-authenticated-smb-sessions)
http://carnal0wnage.attackresearch.com/2007/07/enumerating-user-accounts-on-linux-and.html (http://carnal0wnage.attackresearch.com/2007/07/enumerating-user-accounts-on-linux-and.html)
https://github.com/isaudits/autoenum (https://github.com/isaudits/autoenum)
http://www.webpronews.com/snmp-enumeration-and-hacking-2003-09 (http://www.webpronews.com/snmp-enumeration-and-hacking-2003-09)
http://carnal0wnage.attackresearch.com/2007/07/over-in-lso-chat-we-were-talking-about.html (http://carnal0wnage.attackresearch.com/2007/07/over-in-lso-chat-we-were-talking-about.html)
http://www.iodigitalsec.com/windows-null-session-enumeration/ (http://www.iodigitalsec.com/windows-null-session-enumeration/)
http://pen-testing.sans.org/blog/2013/07/24/plundering-windows-account-info-via-authenticated-smb-sessions (http://pen-testing.sans.org/blog/2013/07/24/plundering-windows-account-info-via-authenticated-smb-sessions)
http://carnal0wnage.attackresearch.com/2007/07/enumerating-user-accounts-on-linux-and.html (http://carnal0wnage.attackresearch.com/2007/07/enumerating-user-accounts-on-linux-and.html)
http://www.madirish.net/59a (http://www.madirish.net/59a)
Phase 3 - Exploitation: Verifying Security Weaknesses
http://pwnwiki.io (http://pwnwiki.io)
http://download.vulnhub.com/pentesterlab/php_include_and_post_exploitation.pdf (http://download.vulnhub.com/pentesterlab/php_include_and_post_exploitation.pdf)
http://ru.scribd.com/doc/245679444/hak5-org-OSXPost-Exploitation-copy-20130228-pdf#scribd (http://ru.scribd.com/doc/245679444/hak5-org-OSXPost-Exploitation-copy-20130228-pdf#scribd)
https://cyberwar.nl/d/hak5.org_LinuxUnixBSDPost-ExploitationCommandList_copy-20130228.pdf (https://cyberwar.nl/d/hak5.org_LinuxUnixBSDPost-ExploitationCommandList_copy-20130228.pdf)
https://www.yumpu.com/en/document/view/14963680/from-sqli-to-shell (https://www.yumpu.com/en/document/view/14963680/from-sqli-to-shell)
Dump Windows Password Hashes
http://bernardodamele.blogspot.com/2011/12/dump-windows-password-hashes.html (http://bernardodamele.blogspot.com/2011/12/dump-windows-password-hashes.html)
Windows Passhing The Hash
https://www.kali.org/penetration-testing/passing-hash-remote-desktop/ (https://www.kali.org/penetration-testing/passing-hash-remote-desktop/)
https://www.kali.org/kali-monday/pass-the-hash-toolkit-winexe-updates/ (https://www.kali.org/kali-monday/pass-the-hash-toolkit-winexe-updates/)
Windows Privilege Escalation
http://travisaltman.com/windows-privilege-escalation-via-weak-service-permissions/ (http://travisaltman.com/windows-privilege-escalation-via-weak-service-permissions/)
https://github.com/0xdeafbeef/PSSecSnapshot (https://github.com/0xdeafbeef/PSSecSnapshot)
http://it-ovid.blogspot.com/2012/02/windows-privilege-escalation.html (http://it-ovid.blogspot.com/2012/02/windows-privilege-escalation.html)
http://www.fuzzysecurity.com/tutorials/16.html (http://www.fuzzysecurity.com/tutorials/16.html)
http://www.youtube.com/watch?v=kMG8IsCohHA (http://www.youtube.com/watch?v=kMG8IsCohHA)
http://www.youtube.com/watch?v=_8xJaaQlpBo (http://www.youtube.com/watch?v=_8xJaaQlpBo)
http://www.greyhathacker.net/?p=738 (http://www.greyhathacker.net/?p=738)
http://bernardodamele.blogspot.ru/2011/12/dump-windows-password-hashes.html (http://bernardodamele.blogspot.ru/2011/12/dump-windows-password-hashes.html)
Linux Privilege Escalation
http://incolumitas.com/wp-content/uploads/2012/12/blackhats_view.pdf (http://incolumitas.com/wp-content/uploads/2012/12/blackhats_view.pdf)
http://blog.g0tmi1k.com/2011/08/basic-linux-privilege-escalation.html (http://blog.g0tmi1k.com/2011/08/basic-linux-privilege-escalation.html)
http://pentestmonkey.net/tools/audit/unix-privesc-check (http://pentestmonkey.net/tools/audit/unix-privesc-check)
http://www.rebootuser.com/?page_id=1721 (http://www.rebootuser.com/?page_id=1721)
http://www.rebootuser.com/?p=1758 (http://www.rebootuser.com/?p=1758)
http://www.rebootuser.com/?p=1623 (http://www.rebootuser.com/?p=1623)
http://insidetrust.blogspot.nl/2011/04/quick-guide-to-linux-privilege.html (http://insidetrust.blogspot.nl/2011/04/quick-guide-to-linux-privilege.html)
Tunneling & Port Forwarding
https://www.sans.org/reading-room/whitepapers/testing/tunneling-pivoting-web-application-penetration-testing-36117 (https://www.sans.org/reading-room/whitepapers/testing/tunneling-pivoting-web-application-penetration-testing-36117)
https://highon.coffee/blog/reverse-shell-cheat-sheet/ (https://highon.coffee/blog/reverse-shell-cheat-sheet/)
https://highon.coffee/blog/ssh-meterpreter-pivoting-techniques/ (https://highon.coffee/blog/ssh-meterpreter-pivoting-techniques/)
http://staff.washington.edu/corey/fw/ssh-port-forwarding.html (http://staff.washington.edu/corey/fw/ssh-port-forwarding.html)
http://pentestmonkey.net/cheat-sheet/shells/reverse-shell-cheat-sheet (http://pentestmonkey.net/cheat-sheet/shells/reverse-shell-cheat-sheet)
http://magikh0e.ihtb.org/pubPapers/ssh_gymnastics_tunneling.html (http://magikh0e.ihtb.org/pubPapers/ssh_gymnastics_tunneling.html)
http://www.debianadmin.com/howto-use-ssh-local-and-remote-port-forwarding.html (http://www.debianadmin.com/howto-use-ssh-local-and-remote-port-forwarding.html)
http://www.danscourses.com/Network-Penetration-Testing/metasploit-pivoting.html (http://www.danscourses.com/Network-Penetration-Testing/metasploit-pivoting.html)
http://carnal0wnage.attackresearch.com/2007/09/using-metasploit-to-pivot-through_06.html (http://carnal0wnage.attackresearch.com/2007/09/using-metasploit-to-pivot-through_06.html)
http://www.offensive-security.com/metasploit-unleashed/Portfwd (http://www.offensive-security.com/metasploit-unleashed/Portfwd)
http://www.offensive-security.com/metasploit-unleashed/Pivoting (http://www.offensive-security.com/metasploit-unleashed/Pivoting)
http://www.howtoforge.com/reverse-ssh-tunneling (http://www.howtoforge.com/reverse-ssh-tunneling)
http://ftp.acc.umu.se/pub/putty/putty-0.57/htmldoc/Chapter7.htmla (http://ftp.acc.umu.se/pub/putty/putty-0.57/htmldoc/Chapter7.htmla)
XSS Cheat Codes
http://www.xenuser.org/xss-cheat-sheet/ (http://www.xenuser.org/xss-cheat-sheet/)
https://gist.github.com/sseffa/11031135 (https://gist.github.com/sseffa/11031135)
https://html5sec.org/ (https://html5sec.org/)
WebShells
http://www.r57shell.net/ (http://www.r57shell.net/)
https://github.com/b374k/b374k (https://github.com/b374k/b374k)
https://github.com/epinna/weevely3 (https://github.com/epinna/weevely3)
SQLi General Resources
http://www.w3schools.com/sql/sql_injection.asp (http://www.w3schools.com/sql/sql_injection.asp)
http://sqlzoo.net/hack/ (http://sqlzoo.net/hack/)
https://information.rapid7.com/rs/rapid7/images/R7%20SQL_Injection_Cheat_Sheet.v1.pdf (https://information.rapid7.com/rs/rapid7/images/R7%20SQL_Injection_Cheat_Sheet.v1.pdf)
http://websec.ca/kb/sql_injection (http://websec.ca/kb/sql_injection)
http://ferruh.mavituna.com/sql-injection-cheatsheet-oku/ (http://ferruh.mavituna.com/sql-injection-cheatsheet-oku/)
http://www.unixwiz.net/techtips/sql-injection.html (http://www.unixwiz.net/techtips/sql-injection.html)
http://www.sqlinjectionwiki.com/ (http://www.sqlinjectionwiki.com/)
http://sqlmap.org/ (http://sqlmap.org/)
https://packetstorm.sigterm.no/papers/cheatsheets/sqlmap-cheatsheet-1.0-SDB.pdf (https://packetstorm.sigterm.no/papers/cheatsheets/sqlmap-cheatsheet-1.0-SDB.pdf)
https://www.owasp.org/index.php/SQL_Injection_Prevention_Cheat_Sheet (https://www.owasp.org/index.php/SQL_Injection_Prevention_Cheat_Sheet)
http://bobby-tables.com/ (http://bobby-tables.com/)
https://spike188.wordpress.com/category/blind-sql-injection/ (https://spike188.wordpress.com/category/blind-sql-injection/)
http://securityidiots.com/Web-Pentest/SQL-Injection (http://securityidiots.com/Web-Pentest/SQL-Injection)
https://information.rapid7.com/rs/rapid7/images/R7%20SQL_Injection_Cheat_Sheet.v1.pdf (https://information.rapid7.com/rs/rapid7/images/R7%20SQL_Injection_Cheat_Sheet.v1.pdf)
MySQLi Resources
http://pentestmonkey.net/cheat-sheet/sql-injection/mysql-sql-injection-cheat-sheet (http://pentestmonkey.net/cheat-sheet/sql-injection/mysql-sql-injection-cheat-sheet)
https://websec.wordpress.com/2010/12/04/sqli-filter-evasion-cheat-sheet-mysql/ (https://websec.wordpress.com/2010/12/04/sqli-filter-evasion-cheat-sheet-mysql/)
http://resources.infosecinstitute.com/backdoor-sql-injection/ (http://resources.infosecinstitute.com/backdoor-sql-injection/)
http://www.michaelboman.org/books/sql-injection-cheat-sheet-mysql (http://www.michaelboman.org/books/sql-injection-cheat-sheet-mysql)
MSSQLi Resources
http://evilsql.com/main/page2.php (http://evilsql.com/main/page2.php)
http://pentestmonkey.net/cheat-sheet/sql-injection/mssql-sql-injection-cheat-sheet (http://pentestmonkey.net/cheat-sheet/sql-injection/mssql-sql-injection-cheat-sheet)
http://www.michaelboman.org/books/sql-injection-cheat-sheet-mssql (http://www.michaelboman.org/books/sql-injection-cheat-sheet-mssql)
Oracle SQLi Resources
http://pentestmonkey.net/cheat-sheet/sql-injection/oracle-sql-injection-cheat-sheet (http://pentestmonkey.net/cheat-sheet/sql-injection/oracle-sql-injection-cheat-sheet)
http://www.michaelboman.org/books/sql-injection-cheat-sheet-oracle (http://www.michaelboman.org/books/sql-injection-cheat-sheet-oracle)
Postgres SQLi Resources
http://pentestmonkey.net/cheat-sheet/sql-injection/postgres-sql-injection-cheat-sheet (http://pentestmonkey.net/cheat-sheet/sql-injection/postgres-sql-injection-cheat-sheet)
http://www.michaelboman.org/books/sql-injection-cheat-sheet-postgresql (http://www.michaelboman.org/books/sql-injection-cheat-sheet-postgresql)
SQLite Resources
https://sites.google.com/site/0x7674/home/sqlite3injectioncheatsheet (https://sites.google.com/site/0x7674/home/sqlite3injectioncheatsheet)
RFI/LFI Tutorials
https://evilzone.org/tutorials/remote-file-inclusion%28rfi%29/ (https://evilzone.org/tutorials/remote-file-inclusion%28rfi%29/)
http://www.hackersonlineclub.com/lfi-rfi (http://www.hackersonlineclub.com/lfi-rfi)
https://0xzoidberg.wordpress.com/category/security/lfi-rfi/ (https://0xzoidberg.wordpress.com/category/security/lfi-rfi/)
NASM Tutorial
http://ccm.net/faq/1559-compiling-an-assembly-program-with-nasm (http://ccm.net/faq/1559-compiling-an-assembly-program-with-nasm)
Buffer Overflow Tutorial
http://www.madirish.net/142 (http://www.madirish.net/142)
http://n01g3l.tumblr.com/post/49036035399/linux-crossfire-v1-90-buffer-overflow (http://n01g3l.tumblr.com/post/49036035399/linux-crossfire-v1-90-buffer-overflow)
http://resources.infosecinstitute.com/author/nikhil-kumar/ (http://resources.infosecinstitute.com/author/nikhil-kumar/)
http://www.frequency.com/video/athcon-hack-in-paris-demo-1/40181156 (http://www.frequency.com/video/athcon-hack-in-paris-demo-1/40181156)
http://www.savevid.com/video/athcon-hack-in-paris-demo-2.html (http://www.savevid.com/video/athcon-hack-in-paris-demo-2.html)
http://www.frequency.com/video/athcon-hack-in-paris-demo-3/11306148 (http://www.frequency.com/video/athcon-hack-in-paris-demo-3/11306148)
https://tehaurum.wordpress.com/2015/06/22/exploit-development-stack-buffer-overflow/ (https://tehaurum.wordpress.com/2015/06/22/exploit-development-stack-buffer-overflow/)
http://proactivedefender.blogspot.ru/2013/05/understanding-buffer-overflows.html (http://proactivedefender.blogspot.ru/2013/05/understanding-buffer-overflows.html)
https://forum.reverse4you.org/showthread.php?t=1371 (https://forum.reverse4you.org/showthread.php?t=1371)
http://grey-corner.blogspot.com/2010/01/beginning-stack-based-buffer-overflow.html (http://grey-corner.blogspot.com/2010/01/beginning-stack-based-buffer-overflow.html)
http://grey-corner.blogspot.com/2010/01/seh-stack-based-windows-buffer-overflow.html (http://grey-corner.blogspot.com/2010/01/seh-stack-based-windows-buffer-overflow.html)
http://grey-corner.blogspot.com/2010/01/windows-buffer-overflow-tutorial.html (http://grey-corner.blogspot.com/2010/01/windows-buffer-overflow-tutorial.html)
http://grey-corner.blogspot.com/2010/01/heap-spray-exploit-tutorial-internet.html (http://grey-corner.blogspot.com/2010/01/heap-spray-exploit-tutorial-internet.html)
http://grey-corner.blogspot.com/2010/02/windows-buffer-overflow-tutorial.html (http://grey-corner.blogspot.com/2010/02/windows-buffer-overflow-tutorial.html)
http://thepcn3rd.blogspot.ru/2015/07/freeftpd-108-seh-stack-based-overflow.html (http://thepcn3rd.blogspot.ru/2015/07/freeftpd-108-seh-stack-based-overflow.html)
Exploit Development
https://www.corelan.be/index.php/articles/ (https://www.corelan.be/index.php/articles/)
http://www.fuzzysecurity.com/tutorials.html (http://www.fuzzysecurity.com/tutorials.html)
https://code.google.com/p/it-sec-catalog/wiki/Exploitation (https://code.google.com/p/it-sec-catalog/wiki/Exploitation)
http://www.myne-us.com/2010/08/from-0x90-to-0x4c454554-journey-into.html (http://www.myne-us.com/2010/08/from-0x90-to-0x4c454554-journey-into.html)
https://www.ethicalhacker.net/columns/heffner/smashing-the-modern-stack-for-fun-and-profit (https://www.ethicalhacker.net/columns/heffner/smashing-the-modern-stack-for-fun-and-profit)
http://x9090.blogspot.ru/2010/03/tutorial-exploit-writting-tutorial-from.html (http://x9090.blogspot.ru/2010/03/tutorial-exploit-writting-tutorial-from.html)
http://ref.x86asm.net/index.html (http://ref.x86asm.net/index.html)
https://sploitfun.wordpress.com/2015/06/26/linux-x86-exploit-development-tutorial-series/ (https://sploitfun.wordpress.com/2015/06/26/linux-x86-exploit-development-tutorial-series/)
https://forum.reverse4you.org/showthread.php?t=1371 (https://forum.reverse4you.org/showthread.php?t=1371)
Exploits and Shellcodes
https://www.exploit-db.com/ (https://www.exploit-db.com/)
https://packetstormsecurity.com/ (https://packetstormsecurity.com/)
http://www.securityfocus.com/bid (http://www.securityfocus.com/bid)
https://nvd.nist.gov/ (https://nvd.nist.gov/)
http://osvdb.org/ (http://osvdb.org/)
http://www.secdocs.org/ (http://www.secdocs.org/)
http://www.cvedetails.com/ (http://www.cvedetails.com/)
https://cve.mitre.org/ (https://cve.mitre.org/)
http://www.windowsexploits.com/ (http://www.windowsexploits.com/)
http://farlight.org/index.html?type=shellcode (http://farlight.org/index.html?type=shellcode)
http://shell-storm.org/shellcode/ (http://shell-storm.org/shellcode/)
Reverse Engineering
https://www.cyberguerrilla.org/blog/what-the-blackhats-dont-want-you-to-know-series/ (https://www.cyberguerrilla.org/blog/what-the-blackhats-dont-want-you-to-know-series/)
http://fumalwareanalysis.blogspot.ru/p/malware-analysis-tutorials-reverse.html (http://fumalwareanalysis.blogspot.ru/p/malware-analysis-tutorials-reverse.html)
http://www.woodmann.com/TiGa/idaseries.html (http://www.woodmann.com/TiGa/idaseries.html)
http://visi.kenshoto.com/viki/MainPage (http://visi.kenshoto.com/viki/MainPage)
http://www.radare.org/r/ (http://www.radare.org/r/)
http://www.offensivecomputing.net/ (http://www.offensivecomputing.net/)
http://www.oldapps.com/ (http://www.oldapps.com/)
http://www.oldversion.com/ (http://www.oldversion.com/)
https://www.exploit-db.com/webapps/ (https://www.exploit-db.com/webapps/)
http://www.mcafee.com/us/downloads/free-tools/hacmebooks.aspx (http://www.mcafee.com/us/downloads/free-tools/hacmebooks.aspx)
http://www.mcafee.com/us/downloads/free-tools/hacme-casino.aspx (http://www.mcafee.com/us/downloads/free-tools/hacme-casino.aspx)
http://www.mcafee.com/us/downloads/free-tools/hacmeshipping.aspx (http://www.mcafee.com/us/downloads/free-tools/hacmeshipping.aspx)
http://www.mcafee.com/us/downloads/free-tools/hacmetravel.aspx (http://www.mcafee.com/us/downloads/free-tools/hacmetravel.aspx)
OS Cheat Sheets and Script Syntax
https://www.owasp.org/index.php/Cheat_Sheets (https://www.owasp.org/index.php/Cheat_Sheets)
http://www.cheat-sheets.org/ (http://www.cheat-sheets.org/)
http://ss64.com/nt/ (http://ss64.com/nt/)
https://rstforums.com/forum/22324-hacking-tools-windows.rst (https://rstforums.com/forum/22324-hacking-tools-windows.rst)
https://en.wikipedia.org/wiki/IPv4_subnetting_reference (https://en.wikipedia.org/wiki/IPv4_subnetting_reference)
http://www.nixtutor.com/linux/all-the-best-linux-cheat-sheets/ (http://www.nixtutor.com/linux/all-the-best-linux-cheat-sheets/)
http://shelldorado.com/shelltips/beginner.html (http://shelldorado.com/shelltips/beginner.html)
http://mywiki.wooledge.org/BashPitfalls (http://mywiki.wooledge.org/BashPitfalls)
https://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.xhtml (https://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.xhtml)
http://www.robvanderwoude.com/ntadmincommands.php (http://www.robvanderwoude.com/ntadmincommands.php)
https://www.sans.org/security-resources/sec560/netcat_cheat_sheet_v1.pdf (https://www.sans.org/security-resources/sec560/netcat_cheat_sheet_v1.pdf)
https://countuponsecurity.files.wordpress.com/2015/06/jtr-cheatsheetimg.png (https://countuponsecurity.files.wordpress.com/2015/06/jtr-cheatsheetimg.png)
https://danielmiessler.com/study/tcpdump/ (https://danielmiessler.com/study/tcpdump/)
http://www.infosecwriters.com/Papers/nessusNMAPcheatSheet.pdf (http://www.infosecwriters.com/Papers/nessusNMAPcheatSheet.pdf)
Passwords Wordlists, Hashes, Tools
http://www.irongeek.com/i.php?page=videos/password-exploitation-class (http://www.irongeek.com/i.php?page=videos/password-exploitation-class)
https://cirt.net/passwords (https://cirt.net/passwords)
http://h.foofus.net/?page_id=51 (http://h.foofus.net/?page_id=51)
http://h.foofus.net/?page_id=55 (http://h.foofus.net/?page_id=55)
http://foofus.net/?page_id=63 (http://foofus.net/?page_id=63)
http://hashcrack.blogspot.ru/ (http://hashcrack.blogspot.ru/)
http://www.onlinehashcrack.com/ (http://www.onlinehashcrack.com/)
http://www.md5this.com/ (http://www.md5this.com/)
http://contest-2010.korelogic.com/wordlists.html (http://contest-2010.korelogic.com/wordlists.html)
https://packetstormsecurity.com/Crackers/wordlists/ (https://packetstormsecurity.com/Crackers/wordlists/)
http://hqsoftwarecollection.blogspot.in/p/36gn-wordlist.html (http://hqsoftwarecollection.blogspot.in/p/36gn-wordlist.html)
https://wiki.skullsecurity.org/Passwords (https://wiki.skullsecurity.org/Passwords)
https://www.sans.org/reading-room/whitepapers/testing/pass-the-hash-attacks-tools-mitigation-33283 (https://www.sans.org/reading-room/whitepapers/testing/pass-the-hash-attacks-tools-mitigation-33283)
https://www.sans.org/reading-room/whitepapers/testing/crack-pass-hash-33219 (https://www.sans.org/reading-room/whitepapers/testing/crack-pass-hash-33219)
https://nmap.org/ncrack/ (https://nmap.org/ncrack/)
http://www.openwall.com/john/ (http://www.openwall.com/john/)
http://ophcrack.sourceforge.net/ (http://ophcrack.sourceforge.net/)
https://inquisb.github.io/keimpx/ (https://inquisb.github.io/keimpx/)
http://null-byte.wonderhowto.com/how-to/hack-like-pro-crack-passwords-part-3-using-hashcat-0156543/ (http://null-byte.wonderhowto.com/how-to/hack-like-pro-crack-passwords-part-3-using-hashcat-0156543/)
Privacy Tools
https://www.privacytools.io/ (https://www.privacytools.io/)
Links Collections
http://in-addr.nl/security-links.php (http://in-addr.nl/security-links.php)
http://ser-storchak.blogspot.ru/p/blog-page_16.html (http://ser-storchak.blogspot.ru/p/blog-page_16.html)
https://www.vulnhub.com/resources/ (https://www.vulnhub.com/resources/)
https://mobilesecuritywiki.com/ (https://mobilesecuritywiki.com/)
bookmarksv1.0.html (http://upload.evilzone.org?page=download&file=Bxew4T5BsjR3TDS6k5883IljS53DxrCbxr5glBFM7UysMVqAM2)
^Submitted by: null_scientist_44
*I have checked most of the links but not all of them so if any are dead let me know and I will look for alternatives.
This is a great list to get started with and can help answer a lot of redundant questions.
-
Thanks for the great list, it is very useful, but it would be even better if there were a bookmark list for firefox which contains these links :)
-
Thanks for the great list, it is very useful, but it would be even better if there were a bookmark list for firefox which contains these links :)
bookmarks-2015-09-29.json (http://upload.evilzone.org?page=download&file=GHVyCViyikPxuZAqctHoca8GCns7WqZChYAhlYd75FvRJLBQKA)
Json file for importing into Firefox.
-
Wow man, wow, +1, +rate and I have to thank you with post, really cool list. Btw there are also some other lists here one EZ, maybe use all of them and make BIG resources wiki page. Just an idea :P
-
Added a few more links and pentest tools for Windows users.
Feel free to contribute if you guys have any links to share.
-
Added evilzone.org to security forums and set topic sticky.
-
This is a pretty damn good list +1
Possibly wiki worthy??
-
Thanx allot for the list. This will keep me busy for a while going through all those links. The firefox bookmarks are a awesome added bonus. Thanx
-
This is a pretty damn good list +1
Possibly wiki worthy??
I wouldn't say that; but thanks it's appreciated.
*Added a few new links; I plan to go through and weed out the ones that are no longer working here soon.*
-
Hey, I made a sort of customized version of this, figured I would share with you. No credit wanted or taken.
bookmarksv1.0.html (http://upload.evilzone.org?page=download&file=Bxew4T5BsjR3TDS6k5883IljS53DxrCbxr5glBFM7UysMVqAM2)
-
Hey, I made a sort of customized version of this, figured I would share with you. No credit wanted or taken.
bookmarksv1.0.html (http://upload.evilzone.org?page=download&file=Bxew4T5BsjR3TDS6k5883IljS53DxrCbxr5glBFM7UysMVqAM2)
Added to the list and gave credit. Thank you.
-
Thank you for all this links my friend.
the link to the forum: "http://securityoverride.org/forum/index.php" seems not working... :\
-
Looks like site is down, I'll look for a few days and remove it after that with an update on the bookmark pack. Seems to be mis-configured apache...
-
Looks like site is down, I'll look for a few days and remove it after that with an update on the bookmark pack. Seems to be mis-configured apache...
I went ahead a removed it from my list. It's been down for a few days.
-
Great list +1
This link seems to be down. index.php 404s, and the root seems to be a parked domain or something.
https://www.xploitworld.com/index.php (https://www.xploitworld.com/index.php)
-
https://chrome.google.com/webstore/detail/check-my-links/ojkcdipcgfaekbeaelaapakgnjflfglf?hl=en-GB
I wonder if something like this would help out
-
Great resources here, thanks ! I will check the RE category first.
-
Added Tool War to the list.
It's a pretty decent infosec tool website. It gets updated every month or so with a new tool.
-
I think you should not mention these links in the category Reverse Engineering:
https://www.exploit-db.com/webapps/
http://www.mcafee.com/us/downloads/free-tools/hacmebooks.aspx
http://www.mcafee.com/us/downloads/free-tools/hacme-casino.aspx
http://www.mcafee.com/us/downloads/free-tools/hacmeshipping.aspx
http://www.mcafee.com/us/downloads/free-tools/hacmetravel.aspx
-
I think you should not mention these links in the category Reverse Engineering:
Why's that? Because they are from 2006? I think they are necessary as you run into older scenarios occasionally.
-
Why's that? Because they are from 2006? I think they are necessary as you run into older scenarios occasionally.
They belong to another category, like web application security.
-
ToolWatch added to the list.
"ToolsWatch is a Free, Interactive, Modern, Eye-catching service designed to help Auditors, Pentesters & Security Experts to keep their ethical hacking oriented toolbox up-to-date."
-
Thanks very helpfully ;D
-
this is a sweet list thank you
-
best :D \0/
Thanks for all the compilation .
-
I think this is also welcome.. here is link to try out your skill.. which you learned..
http://www.wechall.net/
on the right site you can find also links to many challenge sites.. so you can try out..
bye N
-
There's this awesome site too that gathers information about Hacking/Forensic Challenges, and information about Vpn, Voip, Cryptography and a lot more.
http://www.amanhardikar.com/mindmaps.html (http://www.amanhardikar.com/mindmaps.html)