Jump to content
Nytro

Colectie link-uri

By Nytro, in Linkuri

Recommended Posts

Nytro Mentor

Nytro

Posted
Posted (edited)

Blogs, Feeds, Guides & Links

I was cleaning out my bookmarks, de-cluttering twitter favourites and closing a few tabs. Re-saw a few 'hidden gems' as well as repeating finding links for people, so I thought I would try and 'dump' them all in one place.

These are roughly sorted, if you're wanting something better - I highly recommend having a look at the pentest-bookmarks.

Programming/Coding

[bash] Advanced Bash-Scripting Guide - http://tldp.org/LDP/abs/html/

[bash] Bash shell scripting tutorial - http://steve-parker.org/sh/sh.shtml

[bash] Bourne Shell Reference - http://linuxreviews.org/beginner/bash_GNU_Bourne-Again_SHell_Reference/

[CheatSheet] Scripting Languages: PHP, Perl, Python, Ruby - http://hyperpolyglot.org/scripting

Offensive Security's Pentesting With BackTrack (PWB) Course

[Pre-course] Corelan Team - http://www.corelan.be

[Pre-course] The Penetration Testing Execution Standard - http://www.pentest-standard.org/index.php/Main_Page

[Hash] NTLM Decrypter - http://www.md5decrypter.co.uk/ntlm-decrypt.aspx

[Hash] reverse hash search and calculator - http://goog.li

http://security.crudtastic.com/?p=213

Tunnelling / Pivoting

[Linux] SSH gymnastics with proxychains - http://pauldotcom.com/2010/03/ssh-gymnastics-with-proxychain.html

[Windows] Nessus Through SOCKS Through Meterpreter - http://www.digininja.org/blog/nessus_over_sock4a_over_msf.php

WarGames / Online Challenges

[WarGames] Title - http://securityoverride.com

[WarGames] Title - http://intruded.net

[Challenge] The Ksplice Pointer Challenge - http://blogs.oracle.com/ksplice/

[WarGames] Title - http://spotthevuln.com

[WarGames] Title - http://cvo-lab.blogspot.com/2011/05/iawacs-2011-forensics-challenge.html

[WarGames] Title - http://ftp.hackerdom.ru/ctf-images/

Exploit Development (Programs)

[Download] Title - http://www.oldapps.com/

[Download] Title - http://www.oldversion.com/

[Download] Title - http://www.exploit-db.com/webapps/

Misc

[RSS] Open Penetration Testing Bookmarks Collection - https://code.google.com/p/pentest-bookmarks/downloads/list

[ExploitDev] Data mining Backtrack 4 for buffer overflow return addresses - http://insidetrust.blogspot.com/2010/12/data-mining-backtrack-4-for-buffer.html

[DIY] Repair a Broken Ethernet Plug - http://www.instructables.com/id/Repair-a-Broken-Ethernet-Plug/step5/Make-its-Head-Thin/

[Desktop] Ubuntu Security - http://ubuntuforums.org/showthread.php?t=510812

[TechHumor] Title - https://www.xkcd.com

[TechHumor] Title - http://www.blackhat.com/presentations/bh-europe-05/BH_EU_05-Long.pdf

Exploit Development

[Guides] Corelan Team - http://www.corelan.be

[Guide] From 0x90 to 0x4c454554, a journey into exploitation. - http://myne-us.blogspot.com/2010/08/from-0x90-to-0x4c454554-journey-into.html

[Guide] An Introduction to Fuzzing: Using fuzzers (SPIKE) to find vulnerabilities - http://resources.infosecinstitute.com/intro-to-fuzzing/

TiGa's Video Tutorial Series on IDA Pro - http://www.woodmann.com/TiGa/idaseries.html

[Guide] Advanced Windows Buffer Overflows - http://labs.snort.org/awbo/

[Guide] Stack Based Windows Buffer Overflow Tutorial - http://grey-corner.blogspot.com/2010/01/beginning-stack-based-buffer-overflow.htmlt

[Guide] SEH Stack Based Windows Buffer Overflow Tutorial - http://grey-corner.blogspot.com/2010/01/seh-stack-based-windows-buffer-overflow.html

[Guide] Windows Buffer Overflow Tutorial: Dealing with Character Translation - http://grey-corner.blogspot.com/2010/01/windows-buffer-overflow-tutorial.html

[Guide] Heap Spray Exploit Tutorial: Internet Explorer Use After Free Aurora Vulnerability< - http://grey-corner.blogspot.com/2010/01/heap-spray-exploit-tutorial-internet.html

[Guide] Windows Buffer Overflow Tutorial: An Egghunter and a Conditional Jump - http://grey-corner.blogspot.com/2010/02/windows-buffer-overflow-tutorial.html

[Linux] Linux exploit development part 1 – Stack overflow. - http://sickness.tor.hu/?p=363

[Linux] Linux Exploit Writing Tutorial Pt 2 – Stack Overflow ASLR bypass Using ret2reg - http://sickness.tor.hu/?p=365

[Linux] Linux exploit development part 3 – ret2libc - http://sickness.tor.hu/?p=368

[Linux] Linux exploit development part 4 – ASCII armor bypass + return-to-plt - http://sickness.tor.hu/?p=378

[TechHumor] Title -

[TechHumor] Title - http://amolnaik4.blogspot.com/2011/06/exploit-development-with-monapy.html

Exploit Development (Case Studies/Walkthroughs)

[Web] Finding 0days in Web Applications - http://www.exploit-db.com/finding-0days-in-web-applications/

[Windows] Offensive Security Exploit Weekend - http://www.corelan.be/index.php/2010/11/13/offensive-security-exploit-weekend/

[Windows] From vulnerability to exploit under 5 min - http://0entropy.blogspot.com/2011/02/from-vulnerability-to-exploit-under-5.html

Exploit Development (Patch Analysis)

[Windows] A deeper look at ms11-058 - http://www.skullsecurity.org/blog/2011/a-deeper-look-at-ms11-058

[Windows] Patch Analysis for MS11-058 - https://community.qualys.com/blogs/securitylabs/2011/08/23/patch-analysis-for-ms11-058

[Windows] CVE-2011-1281: A story of a Windows CSRSS Privilege Escalation vulnerability - http://j00ru.vexillium.org/?p=893

[Mobile] Analyzing and dissecting Android applications for security defects and vulnerabilities - https://www.net-security.org/article.php?id=1613

Exploit Development (Metasploit Wishlist)

[ExplotDev] Metasploit Exploits Wishlist ! - http://esploit.blogspot.com/2011/03/metasploit-exploits-wishlist.html

[Guide] Porting Exploits To Metasploit Part 1 - http://www.securitytube.net/video/2118

Passwords & Rainbow Tables (WPA)

[RSS] Title - http://ob-security.info/?p=475

[RSS] Title - http://nakedsecurity.sophos.com/2011/06/14/the-top-10-passcodes-you-should-never-use-on-your-iphone/

[RSS] Title - http://www.troyhunt.com/2011/06/brief-sony-password-analysis.html

[WPA] Offensive Security: WPA Rainbow Tables - http://www.offensive-security.com/wpa-tables/

[Tool] Ultra High Security Password Generator - https://www.grc.com/passwords.htm

[Guide] Creating effective dictionaries for password attacks - http://insidetrust.blogspot.com/2010/07/creating-effective-dictionaries-for.html

[Leaked] Diccionarios con Passwords de Sitios Expuestos - http://www.dragonjar.org/diccionarios-con-passwords-de-sitios-expuestos.xhtml

[Download] Index of / - http://svn.isdpodcast.com/wordlists/

[Guide] Using Wikipedia as brute forcing dictionary - http://lab.lonerunners.net/blog/using-wikipedia-as-brute-forcing-dictionary

[Tool] CeWL - Custom Word List generator - http://www.digininja.org/projects/cewl.php

[Download] Title - http://www.aircrack-ng.org/doku.php?id=faq#where_can_i_find_good_wordlists

[Leaked] Passwords - http://www.skullsecurity.org/wiki/index.php/Passwords

Cheat-Sheets

[OS] A Sysadmin's Unixersal Translator - http://bhami.com/rosetta.html

[WiFi] WirelessDefence.org's Wireless Penetration Testing Framework - http://www.wirelessdefence.org/Contents/Wireless%20Pen%20Test%20Framework.html

Anti-Virus

[Metasploit] Facts and myths about antivirus evasion with Metasploit - http://schierlm.users.sourceforge.net/avevasion.html

[Terms] Methods of bypassing Anti-Virus (AV) Detection - NetCat - http://compsec.org/security/index.php/anti-virus/283-anti-virus-central-methods-of-bypassing-anti-virus-av-detection.html

Privilege Escalation

[Linux] Hacking Linux Part I: Privilege Escalation - http://www.dankalia.com/tutor/01005/0100501004.htm

[Windows] Windows 7 UAC whitelist - http://www.pretentiousname.com/misc/win7_uac_whitelist2.html

[Windows] Windows Privilege Escalation Part 1: Local Administrator Privileges - http://www.netspi.com/blog/2009/10/05/windows-privilege-escalation-part-1-local-administrator-privileges/

Metasploit

[Guide] fxsst.dll persistence: the evil fax machine - http://www.room362.com/blog/2011/6/27/fxsstdll-persistence-the-evil-fax-machine.html

[Guide] Bypassing DEP/ASLR in browser exploits with McAfee and Symantec - http://www.scriptjunkie.us/2011/08/custom-payloads-in-metasploit-4/

[Guides] Metasploit Unleashed - http://www.offensive-security.com/metasploit-unleashed/Metasploit_Unleashed_Information_Security_Training

[Guides] Metasploit Megaprimer (Exploitation Basics And Need For Metasploit) Part 1 - http://www.securitytube.net/video/1175

Default Generators

[WEP] mac2wepkey - Huawei default WEP generator - http://websec.ca/blog/view/mac2wepkey_huawei

[WEP] Generator: Attacking SKY default router password - http://sec.jetlib.com/BackTrack_Linux_Forums/2011/01/12/Generator:_Attacking_SKY_default_router_password

Statistics

[Defacements] Zone-H - http://www.zone-h.org

[ExploitKits] CVE Exploit Kit list - http://exploitkit.ex.ohost.de/CVE%20Exploit%20Kit%20List.htm

Cross Site Scripting (XSS)

[Guide] vbSEO – From XSS to Reverse PHP Shell - http://www.exploit-db.com/vbseo-from-xss-to-reverse-php-shell/

[RSS] Title - http://www.thespanner.co.uk/2009/03/25/xss-rays/

Podcasts

[Weekly] PaulDotCom - http://pauldotcom.com/podcast/psw.xml

[Monthly] Social-Engineer - http://socialengineer.podbean.com/feed/

Blogs & RSS

[RSS] SecManiac - http://www.secmaniac.com

[Guides] Carnal0wnage & Attack Research - http://carnal0wnage.attackresearch.com

[RSS] Contagio - http://contagiodump.blogspot.com

[News] THN : The Hacker News - http://thehackernews.com

[News] Packet Storm: Full Disclosure Information Security - http://packetstormsecurity.org

[Guides] pentestmonkey | Taking the monkey work out of pentesting - http://pentestmonkey.net

[RSS] Darknet - The Darkside | Ethical Hacking, Penetration Testing & Computer Security - http://www.darknet.org.uk

[RSS] Irongeek - http://www.irongeek.com

[Metasploit] Room 363 - http://www.room362.com

[Guides] Question Defense: Technology Answers For Technology Questions - http://www.question-defense.com/

[Guides] stratmofo's blog - http://securityjuggernaut.blogspot.com

[Guides] TheInterW3bs - http://theinterw3bs.com

[Guides] consolecowboys - http://console-cowboys.blogspot.com

[Guides] A day with Tape - http://adaywithtape.blogspot.com

[Guides] Cybexin's Blog - Network Security Blog - http://cybexin.blogspot.com

[RSS] BackTrack Linux - Penetration Testing Distribution - http://www.backtrack-linux.org/feed/

[RSS] Offensive Security - http://www.offensive-security.com/blog/feed/

[RSS] Title - http://www.pentestit.com

[RSS] Title - http://michael-coates.blogspot.com

[RSS] Title - http://blog.0x0e.org

[RSS] Title - http://0x80.org/blog

[RSS] Title - http://archangelamael.shell.tor.hu

[RSS] Title - http://archangelamael.blogspot.com

[RSS] Title - http://www.coresec.org

[RSS] Title - http://noobys-journey.blogspot.com

[RSS] Title - http://www.get-root.com

[RSS] Title - http://www.kislaybhardwaj.com

[RSS] Title - https://community.rapid7.com/community/metasploit/blog

[RSS] Title - http://mimetus.blogspot.com

[RSS] Title - http://hashcrack.blogspot.com

[RSS] Title - https://rephraseit.wordpress.com

[RSS] Title - http://www.exploit-db.com

[RSS] Title - http://skidspot.blogspot.com

[RSS] Title - http://grey-corner.blogspot.com

[RSS] Title - http://vishnuvalentino.com

[RSS] Title - http://ob-security.info

Sursa:

http://g0tmi1k.blogspot.com/2011/11/blog-guides-links.html

Edited by Nytro
  • Upvote 2

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...