Great Links & Tools to Learn From

I am not taking any credit for this list. I found this list and I am posting it here to share with everyone. I have checked most of the links but not all of them so if any are dead let me know and I will look for alternatives.

Security Forums

https://evilzone.org
https://www.hackthissite.org/forums/index.php
https://www.ethicalhacker.net/forums/index.php
http://forum.antichat.ru/
https://forum.xeksec.com/
https://rdot.org/forum/
https://forum.zloy.bz/
https://forum.reverse4you.org/
https://rstforums.com/forum/
http://www.truehackers.ru/forum/index.php
http://garage4hackers.com/forum.php
https://www.hellboundhackers.org/
http://www.lockpicking101.com/
https://www.xploitworld.com/index.php

Tor Onion Links

https://www.torproject.org/
http://www.hiddenwiki.info/

Security Methodologies

http://www.vulnerabilityassessment.co.uk/Penetration%20Test.html
http://www.pentest-standard.org/index.php/Main_Page
https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project
http://yehg.net/lab/pr0js/misc/wasarg_owasp-tgv4_with_ref.php
http://www.social-engineer.org/
http://projects.webappsec.org/w/page/13246927/FrontPage
https://www.sans.org/reading-room/whitepapers/auditing/base-security-assessment-methodology-1587
http://www.isecom.org/research/osstmm.html

Training/Classes/Video

https://exploit-exercises.com
https://www.cybrary.it/cyber-security/
http://www.irongeek.com/i.php?page=videos/aide-winter-2011
https://lab.pentestit.ru/pentestlabs/3
https://trailofbits.github.io/ctf/
http://ctf.forgottensec.com/wiki/?title=Main_Page
http://smashthestack.org/
http://ctf.hcesperer.org/
https://www.google.com/calendar/feeds/noge7b1rg2dg4a8kcm1k68vbjg@group.calendar.google.com/public/basic
https://www.google.com/calendar/embed?src=pe2ikdbe6b841od6e26ato0asc@group.calendar.google.com&gsessionid=OK
https://crypto.stanford.edu/cs155/
https://www.offensive-security.com/metasploit-unleashed/
http://www.irongeek.com/i.php?page=videos/metasploit-class
http://www.securitytube.net/
http://resources.infosecinstitute.com/
https://www.cs.fsu.edu/~redwood/OffensiveSecurity/lectures.html
https://www.youtube.com/watch?v=ANlROJNWtCs&list=PLM0IiVYClP2vC3A6Uz_ESV86kBVYei5qx
https://www.youtube.com/watch?v=Sye3mu-EoTI
https://www.youtube.com/watch?v=GPjcSxyIIUc
https://www.youtube.com/watch?v=kPxavpgos2I
https://www.youtube.com/watch?v=pnqcHU2qFiA
http://www.securitytube.net/video/7640
https://www.youtube.com/watch?v=y2zrEAwmdws
http://www.securitytube.net/video/7735

Pentest Tools

https://github.com/pwnwiki/pwnwiki.github.io
https://github.com/sbilly/awesome-security
https://github.com/paragonie/awesome-appsec
https://github.com/enaqx/awesome-pentest
https://github.com/kahun/awesome-sysadmin#security
http://beefproject.com/
https://xsser.03c8.net/
https://code.google.com/p/fuzzdb/
https://www.owasp.org/index.php/Category:OWASP_Fuzzing_Code_Database#tab=Statements
http://w3af.org/
https://code.google.com/p/skipfish/
https://www.sans.org/reading-room/whitepapers/testing/fuzzing-approach-credentials-discovery-burp-intruder-33214
https://www.securityninja.co.uk/hacking/burp-suite-tutorial-the-intruder-tool/
http://www.justanotherhacker.com/projects/graudit.html
https://packetstormsecurity.com/files/tags/tool
http://pentestbox.com/   (For Windows users)
http://seclist.us/
http://www.toolwar.com/

Pentest Lab ISO-VMs

http://www.amanhardikar.com/mindmaps/PracticeUrls.html
https://www.kali.org/
https://www.owasp.org/index.php/OWASP_Web_Testing_Environment_Project
http://blackarch.org/
https://code.google.com/p/owaspbwa/
https://www.mavensecurity.com/web_security_dojo/
http://hackingdojo.com/dojo-media/
http://informatica.uv.es/~carlos/docencia/netinvm/
http://www.bonsai-sec.com/en/research/moth.php
http://sourceforge.net/projects/metasploitable/files/Metasploitable2/
http://sourceforge.net/projects/lampsecurity/?source=navbar
https://www.hacking-lab.com/index.html
http://sourceforge.net/projects/virtualhacking/files/
http://www.irongeek.com/i.php?page=mutillidae/mutillidae-deliberately-vulnerable-php-owasp-top-10
http://www.dvwa.co.uk/
http://sourceforge.net/projects/thebutterflytmp/
http://magikh0e.ihtb.org/pubPapers/

Metasploit

http://resources.metasploit.com/
http://netsec.ws/?p=262
http://seclists.org/metasploit/
https://www.offensive-security.com/metasploit-unleashed/Introduction/
http://www.offensive-security.com/metasploit-unleashed/Msfvenom
https://community.rapid7.com/community/metasploit/
http://www.securitytube.net/video/711?q=METASPLOIT
https://en.wikibooks.org/wiki/Metasploit
https://www.sans.org/security-resources/sec560/misc_tools_sheet_v1.pdf
http://rmccurdy.com/scripts/Metasploit%20meterpreter%20cheat%20sheet%20reference.html
https://github.com/rapid7/metasploit-framework/wiki/Meterpreter
https://www.blackhat.com/presentations/bh-dc-10/Egypt/BlackHat-DC-2010-Egypt-UAV-slides.pdf

Net Scanners

https://nmap.org/
https://nmap.org/nsedoc/
http://www.securitytube.net/video/931
https://nmap.org/nsedoc/
http://www.openvas.org/
http://www.tenable.com/products/nessus-vulnerability-scanner
https://www.rapid7.com/products/nexpose/compare-downloads.jsp
http://www.inguardians.com/research/docs/Skoudis_pentestsecrets.pdf

Man-in-the-middle attack

http://www.linuxsecurity.com/docs/PDF/dsniff-n-mirror.pdf
http://media.techtarget.com/searchUnifiedCommunications/downloads/Seven_Deadliest_UC_Attacks_Ch3.pdf
https://packetstormsecurity.com/papers/wireless/cracking-air.pdf
https://www.blackhat.com/presentations/bh-europe-03/bh-europe-03-valleri.pdf
https://www.defcon.org/images/defcon-17/dc-17-presentations/defcon-17-sam_bowne-hijacking_web_2.0.pdf
http://www.leetupload.com/database/Misc/Papers/Asta%20la%20Vista/18.Ettercap_Spoof.pdf
http://bandwidthco.com/nf.html
http://articles.manugarg.com/arp_spoofing.pdf
http://academy.delmar.edu/Courses/ITSY2430/eBooks/Ettercap(ManInTheMiddleAttack-tool).pdf
http://www.ucci.it/docs/ICTSecurity-2004-26.pdf

Phase 1 – Reconnaissance: Information Gathering before the Attack

https://en.wikipedia.org/wiki/Open-source_intelligence
http://www.spylogic.net/2009/10/enterprise-open-source-intelligence-gathering-part-1-social-networks/
http://www.spylogic.net/2009/10/enterprise-open-source-intelligence-gathering-%E2%80%93-part-2-blogs-message-boards-and-metadata/
http://www.spylogic.net/2009/10/enterprise-open-source-intelligence-gathering-part-3-monitoring/
http://www.slideshare.net/Laramies/tactical-information-gathering
http://www.infond.fr/2010/05/toturial-footprinting.html

Phase 1.1 – People and Orginizational

http://www.spokeo.com/
http://www.spoke.com/
https://www.xing.com/
http://www.zoominfo.com/
https://pipl.com/
http://www.zabasearch.com/
http://www.searchbug.com/
http://skipease.com/
http://addictomatic.com/
http://socialmention.com/
http://entitycube.research.microsoft.com/
http://www.yasni.com/
http://www.glassdoor.com/index.htm
https://connect.data.com/
https://searchwww.sec.gov/EDGARFSClient/jsp/EDGAR_MainAccess.jsp
https://www.tineye.com/
http://www.peekyou.com/

Phase 1.2 – Infastructure

http://uptime.netcraft.com/
http://www.shodanhq.com/
http://www.domaintools.com/
http://centralops.net/co/
http://whois.webhosting.info/
https://www.ssllabs.com/ssltest/analyze.html
https://www.exploit-db.com/google-hacking-database/
http://www.my-ip-neighbors.com/

Phase 1.2 – Tools

OSINT Tools
http://www.edge-security.com/theharvester.php
http://www.edge-security.com/metagoofil.php
http://www.paterva.com/web6/
https://www.sans.org/reading-room/whitepapers/privacy/document-metadata-silent-killer-32974
http://www.sno.phy.queensu.ca/~phil/exiftool/
http://www.darkoperator.com/blog/2009/4/24/metadata-enumeration-with-foca.html

Phase 2 – Enumeration: Finding Attack Vectors

http://securitysynapse.blogspot.be/2013_08_01_archive.html
https://hackertarget.com/attacking-wordpress/
https://code.google.com/p/pentest-bookmarks/wiki/BookmarksList
http://www.0daysecurity.com/penetration-testing/enumeration.html
https://github.com/n3ko1/WrapMap
https://cirt.net/Nikto2
http://www.unixmen.com/install-nikto-web-scanner-check-vulnerabilities/
http://seclist.us/autoenum-nmap-enumeration-and-script-scan-automation-script.html
http://code.stephenmorley.org/articles/xampp-version-history-apache-mysql-php/
http://carnal0wnage.attackresearch.com/2007/07/over-in-lso-chat-we-were-talking-about.html
http://www.iodigitalsec.com/windows-null-session-enumeration/
https://pen-testing.sans.org/blog/2013/07/24/plundering-windows-account-info-via-authenticated-smb-sessions
http://carnal0wnage.attackresearch.com/2007/07/enumerating-user-accounts-on-linux-and.html
https://github.com/isaudits/autoenum
http://www.webpronews.com/snmp-enumeration-and-hacking-2003-09
http://carnal0wnage.attackresearch.com/2007/07/over-in-lso-chat-we-were-talking-about.html
http://www.iodigitalsec.com/windows-null-session-enumeration/
http://pen-testing.sans.org/blog/2013/07/24/plundering-windows-account-info-via-authenticated-smb-sessions
http://carnal0wnage.attackresearch.com/2007/07/enumerating-user-accounts-on-linux-and.html
http://www.madirish.net/59a

Phase 3 – Exploitation: Verifying Security Weaknesses

http://pwnwiki.io
http://download.vulnhub.com/pentesterlab/php_include_and_post_exploitation.pdf
http://ru.scribd.com/doc/245679444/hak5-org-OSXPost-Exploitation-copy-20130228-pdf#scribd
https://cyberwar.nl/d/hak5.org_LinuxUnixBSDPost-ExploitationCommandList_copy-20130228.pdf
https://www.yumpu.com/en/document/view/14963680/from-sqli-to-shell

Dump Windows Password Hashes

http://bernardodamele.blogspot.com/2011/12/dump-windows-password-hashes.html

Windows Passhing The Hash

https://www.kali.org/penetration-testing/passing-hash-remote-desktop/
https://www.kali.org/kali-monday/pass-the-hash-toolkit-winexe-updates/

Windows Privilege Escalation

http://travisaltman.com/windows-privilege-escalation-via-weak-service-permissions/
https://github.com/0xdeafbeef/PSSecSnapshot
http://it-ovid.blogspot.com/2012/02/windows-privilege-escalation.html
http://www.fuzzysecurity.com/tutorials/16.html
http://www.youtube.com/watch?v=kMG8IsCohHA
http://www.youtube.com/watch?v=_8xJaaQlpBo
http://www.greyhathacker.net/?p=738
http://bernardodamele.blogspot.ru/2011/12/dump-windows-password-hashes.html

Linux Privilege Escalation

http://incolumitas.com/wp-content/uploads/2012/12/blackhats_view.pdf
http://blog.g0tmi1k.com/2011/08/basic-linux-privilege-escalation.html
http://pentestmonkey.net/tools/audit/unix-privesc-check
http://www.rebootuser.com/?page_id=1721
http://www.rebootuser.com/?p=1758
http://www.rebootuser.com/?p=1623
http://insidetrust.blogspot.nl/2011/04/quick-guide-to-linux-privilege.html

Tunneling & Port Forwarding

https://www.sans.org/reading-room/whitepapers/testing/tunneling-pivoting-web-application-penetration-testing-36117
https://highon.coffee/blog/reverse-shell-cheat-sheet/
https://highon.coffee/blog/ssh-meterpreter-pivoting-techniques/
http://staff.washington.edu/corey/fw/ssh-port-forwarding.html
http://pentestmonkey.net/cheat-sheet/shells/reverse-shell-cheat-sheet
http://magikh0e.ihtb.org/pubPapers/ssh_gymnastics_tunneling.html
http://www.debianadmin.com/howto-use-ssh-local-and-remote-port-forwarding.html
http://www.danscourses.com/Network-Penetration-Testing/metasploit-pivoting.html
http://carnal0wnage.attackresearch.com/2007/09/using-metasploit-to-pivot-through_06.html
http://www.offensive-security.com/metasploit-unleashed/Portfwd
http://www.offensive-security.com/metasploit-unleashed/Pivoting
http://www.howtoforge.com/reverse-ssh-tunneling
http://ftp.acc.umu.se/pub/putty/putty-0.57/htmldoc/Chapter7.htmla

XSS Cheat Codes

http://www.xenuser.org/xss-cheat-sheet/
https://gist.github.com/sseffa/11031135
https://html5sec.org/

WebShells

http://www.r57shell.net/
https://github.com/b374k/b374k
https://github.com/epinna/weevely3

SQLi General Resources

http://www.w3schools.com/sql/sql_injection.asp
http://sqlzoo.net/hack/
https://information.rapid7.com/rs/rapid7/images/R7%20SQL_Injection_Cheat_Sheet.v1.pdf
http://websec.ca/kb/sql_injection
http://ferruh.mavituna.com/sql-injection-cheatsheet-oku/
http://www.unixwiz.net/techtips/sql-injection.html
http://www.sqlinjectionwiki.com/
http://sqlmap.org/
https://packetstorm.sigterm.no/papers/cheatsheets/sqlmap-cheatsheet-1.0-SDB.pdf
https://www.owasp.org/index.php/SQL_Injection_Prevention_Cheat_Sheet
http://bobby-tables.com/
https://spike188.wordpress.com/category/blind-sql-injection/
http://securityidiots.com/Web-Pentest/SQL-Injection
https://information.rapid7.com/rs/rapid7/images/R7%20SQL_Injection_Cheat_Sheet.v1.pdf

MySQLi Resources

http://pentestmonkey.net/cheat-sheet/sql-injection/mysql-sql-injection-cheat-sheet
https://websec.wordpress.com/2010/12/04/sqli-filter-evasion-cheat-sheet-mysql/
http://resources.infosecinstitute.com/backdoor-sql-injection/
http://www.michaelboman.org/books/sql-injection-cheat-sheet-mysql

MSSQLi Resources

http://evilsql.com/main/page2.php
http://pentestmonkey.net/cheat-sheet/sql-injection/mssql-sql-injection-cheat-sheet
http://www.michaelboman.org/books/sql-injection-cheat-sheet-mssql

Oracle SQLi Resources

http://pentestmonkey.net/cheat-sheet/sql-injection/oracle-sql-injection-cheat-sheet
http://www.michaelboman.org/books/sql-injection-cheat-sheet-oracle

Postgres SQLi Resources

http://pentestmonkey.net/cheat-sheet/sql-injection/postgres-sql-injection-cheat-sheet
http://www.michaelboman.org/books/sql-injection-cheat-sheet-postgresql

SQLite Resources

https://sites.google.com/site/0x7674/home/sqlite3injectioncheatsheet

RFI/LFI Tutorials

https://evilzone.org/tutorials/remote-file-inclusion%28rfi%29/
http://www.hackersonlineclub.com/lfi-rfi
https://0xzoidberg.wordpress.com/category/security/lfi-rfi/

NASM Tutorial

http://ccm.net/faq/1559-compiling-an-assembly-program-with-nasm

Buffer Overflow Tutorial

http://www.madirish.net/142
http://n01g3l.tumblr.com/post/49036035399/linux-crossfire-v1-90-buffer-overflow
http://resources.infosecinstitute.com/author/nikhil-kumar/
http://www.frequency.com/video/athcon-hack-in-paris-demo-1/40181156
http://www.savevid.com/video/athcon-hack-in-paris-demo-2.html
http://www.frequency.com/video/athcon-hack-in-paris-demo-3/11306148
https://tehaurum.wordpress.com/2015/06/22/exploit-development-stack-buffer-overflow/
http://proactivedefender.blogspot.ru/2013/05/understanding-buffer-overflows.html
https://forum.reverse4you.org/showthread.php?t=1371
http://grey-corner.blogspot.com/2010/01/beginning-stack-based-buffer-overflow.html
http://grey-corner.blogspot.com/2010/01/seh-stack-based-windows-buffer-overflow.html
http://grey-corner.blogspot.com/2010/01/windows-buffer-overflow-tutorial.html
http://grey-corner.blogspot.com/2010/01/heap-spray-exploit-tutorial-internet.html
http://grey-corner.blogspot.com/2010/02/windows-buffer-overflow-tutorial.html
http://thepcn3rd.blogspot.ru/2015/07/freeftpd-108-seh-stack-based-overflow.html

Exploit Development

https://www.corelan.be/index.php/articles/
http://www.fuzzysecurity.com/tutorials.html
https://code.google.com/p/it-sec-catalog/wiki/Exploitation
http://www.myne-us.com/2010/08/from-0x90-to-0x4c454554-journey-into.html
https://www.ethicalhacker.net/columns/heffner/smashing-the-modern-stack-for-fun-and-profit
http://x9090.blogspot.ru/2010/03/tutorial-exploit-writting-tutorial-from.html
http://ref.x86asm.net/index.html
https://sploitfun.wordpress.com/2015/06/26/linux-x86-exploit-development-tutorial-series/
https://forum.reverse4you.org/showthread.php?t=1371

Exploits and Shellcodes

https://www.exploit-db.com/
https://packetstormsecurity.com/
http://www.securityfocus.com/bid
https://nvd.nist.gov/
http://osvdb.org/
http://www.secdocs.org/
http://www.cvedetails.com/
https://cve.mitre.org/
http://www.windowsexploits.com/
http://farlight.org/index.html?type=shellcode
http://shell-storm.org/shellcode/

Reverse Engineering

https://www.cyberguerrilla.org/blog/what-the-blackhats-dont-want-you-to-know-series/
http://fumalwareanalysis.blogspot.ru/p/malware-analysis-tutorials-reverse.html
http://www.woodmann.com/TiGa/idaseries.html
http://visi.kenshoto.com/viki/MainPage
http://www.radare.org/r/
http://www.offensivecomputing.net/
http://www.oldapps.com/
http://www.oldversion.com/
https://www.exploit-db.com/webapps/
http://www.mcafee.com/us/downloads/free-tools/hacmebooks.aspx
http://www.mcafee.com/us/downloads/free-tools/hacme-casino.aspx
http://www.mcafee.com/us/downloads/free-tools/hacmeshipping.aspx
http://www.mcafee.com/us/downloads/free-tools/hacmetravel.aspx

OS Cheat Sheets and Script Syntax

https://www.owasp.org/index.php/Cheat_Sheets
http://www.cheat-sheets.org/
http://ss64.com/nt/
https://rstforums.com/forum/22324-hacking-tools-windows.rst
https://en.wikipedia.org/wiki/IPv4_subnetting_reference
http://www.nixtutor.com/linux/all-the-best-linux-cheat-sheets/
http://shelldorado.com/shelltips/beginner.html
http://mywiki.wooledge.org/BashPitfalls
https://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.xhtml
http://www.robvanderwoude.com/ntadmincommands.php
https://www.sans.org/security-resources/sec560/netcat_cheat_sheet_v1.pdf
https://countuponsecurity.files.wordpress.com/2015/06/jtr-cheatsheetimg.png
https://danielmiessler.com/study/tcpdump/
http://www.infosecwriters.com/Papers/nessusNMAPcheatSheet.pdf

Passwords Wordlists, Hashes, Tools

http://www.irongeek.com/i.php?page=videos/password-exploitation-class
https://cirt.net/passwords
http://h.foofus.net/?page_id=51
http://h.foofus.net/?page_id=55
http://foofus.net/?page_id=63
http://hashcrack.blogspot.ru/
http://www.onlinehashcrack.com/
http://www.md5this.com/
http://contest-2010.korelogic.com/wordlists.html
https://packetstormsecurity.com/Crackers/wordlists/
http://hqsoftwarecollection.blogspot.in/p/36gn-wordlist.html
https://wiki.skullsecurity.org/Passwords
https://www.sans.org/reading-room/whitepapers/testing/pass-the-hash-attacks-tools-mitigation-33283
https://www.sans.org/reading-room/whitepapers/testing/crack-pass-hash-33219
https://nmap.org/ncrack/
http://www.openwall.com/john/
http://ophcrack.sourceforge.net/
https://inquisb.github.io/keimpx/
http://null-byte.wonderhowto.com/how-to/hack-like-pro-crack-passwords-part-3-using-hashcat-0156543/

Privacy Tools

https://www.privacytools.io/

Links Collections

http://in-addr.nl/security-links.php
http://ser-storchak.blogspot.ru/p/blog-page_16.html
https://www.vulnhub.com/resources/
https://mobilesecuritywiki.com/

bookmarksv1.0.html

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s