Jump to content
Nytro

Colectie link-uri

Recommended Posts

Blogs, Feeds, Guides & Links

I was cleaning out my bookmarks, de-cluttering twitter favourites and closing a few tabs. Re-saw a few 'hidden gems' as well as repeating finding links for people, so I thought I would try and 'dump' them all in one place.

These are roughly sorted, if you're wanting something better - I highly recommend having a look at the pentest-bookmarks.

Programming/Coding

[bash] Advanced Bash-Scripting Guide - http://tldp.org/LDP/abs/html/

[bash] Bash shell scripting tutorial - http://steve-parker.org/sh/sh.shtml

[bash] Bourne Shell Reference - http://linuxreviews.org/beginner/bash_GNU_Bourne-Again_SHell_Reference/

[CheatSheet] Scripting Languages: PHP, Perl, Python, Ruby - http://hyperpolyglot.org/scripting

Offensive Security's Pentesting With BackTrack (PWB) Course

[Pre-course] Corelan Team - http://www.corelan.be

[Pre-course] The Penetration Testing Execution Standard - http://www.pentest-standard.org/index.php/Main_Page

[Hash] NTLM Decrypter - http://www.md5decrypter.co.uk/ntlm-decrypt.aspx

[Hash] reverse hash search and calculator - http://goog.li

http://security.crudtastic.com/?p=213

Tunnelling / Pivoting

[Linux] SSH gymnastics with proxychains - http://pauldotcom.com/2010/03/ssh-gymnastics-with-proxychain.html

[Windows] Nessus Through SOCKS Through Meterpreter - http://www.digininja.org/blog/nessus_over_sock4a_over_msf.php

WarGames / Online Challenges

[WarGames] Title - http://securityoverride.com

[WarGames] Title - http://intruded.net

[Challenge] The Ksplice Pointer Challenge - http://blogs.oracle.com/ksplice/

[WarGames] Title - http://spotthevuln.com

[WarGames] Title - http://cvo-lab.blogspot.com/2011/05/iawacs-2011-forensics-challenge.html

[WarGames] Title - http://ftp.hackerdom.ru/ctf-images/

Exploit Development (Programs)

[Download] Title - http://www.oldapps.com/

[Download] Title - http://www.oldversion.com/

[Download] Title - http://www.exploit-db.com/webapps/

Misc

[RSS] Open Penetration Testing Bookmarks Collection - https://code.google.com/p/pentest-bookmarks/downloads/list

[ExploitDev] Data mining Backtrack 4 for buffer overflow return addresses - http://insidetrust.blogspot.com/2010/12/data-mining-backtrack-4-for-buffer.html

[DIY] Repair a Broken Ethernet Plug - http://www.instructables.com/id/Repair-a-Broken-Ethernet-Plug/step5/Make-its-Head-Thin/

[Desktop] Ubuntu Security - http://ubuntuforums.org/showthread.php?t=510812

[TechHumor] Title - https://www.xkcd.com

[TechHumor] Title - http://www.blackhat.com/presentations/bh-europe-05/BH_EU_05-Long.pdf

Exploit Development

[Guides] Corelan Team - http://www.corelan.be

[Guide] From 0x90 to 0x4c454554, a journey into exploitation. - http://myne-us.blogspot.com/2010/08/from-0x90-to-0x4c454554-journey-into.html

[Guide] An Introduction to Fuzzing: Using fuzzers (SPIKE) to find vulnerabilities - http://resources.infosecinstitute.com/intro-to-fuzzing/

TiGa's Video Tutorial Series on IDA Pro - http://www.woodmann.com/TiGa/idaseries.html

[Guide] Advanced Windows Buffer Overflows - http://labs.snort.org/awbo/

[Guide] Stack Based Windows Buffer Overflow Tutorial - http://grey-corner.blogspot.com/2010/01/beginning-stack-based-buffer-overflow.htmlt

[Guide] SEH Stack Based Windows Buffer Overflow Tutorial - http://grey-corner.blogspot.com/2010/01/seh-stack-based-windows-buffer-overflow.html

[Guide] Windows Buffer Overflow Tutorial: Dealing with Character Translation - http://grey-corner.blogspot.com/2010/01/windows-buffer-overflow-tutorial.html

[Guide] Heap Spray Exploit Tutorial: Internet Explorer Use After Free Aurora Vulnerability< - http://grey-corner.blogspot.com/2010/01/heap-spray-exploit-tutorial-internet.html

[Guide] Windows Buffer Overflow Tutorial: An Egghunter and a Conditional Jump - http://grey-corner.blogspot.com/2010/02/windows-buffer-overflow-tutorial.html

[Linux] Linux exploit development part 1 – Stack overflow. - http://sickness.tor.hu/?p=363

[Linux] Linux Exploit Writing Tutorial Pt 2 – Stack Overflow ASLR bypass Using ret2reg - http://sickness.tor.hu/?p=365

[Linux] Linux exploit development part 3 – ret2libc - http://sickness.tor.hu/?p=368

[Linux] Linux exploit development part 4 – ASCII armor bypass + return-to-plt - http://sickness.tor.hu/?p=378

[TechHumor] Title -

[TechHumor] Title - http://amolnaik4.blogspot.com/2011/06/exploit-development-with-monapy.html

Exploit Development (Case Studies/Walkthroughs)

[Web] Finding 0days in Web Applications - http://www.exploit-db.com/finding-0days-in-web-applications/

[Windows] Offensive Security Exploit Weekend - http://www.corelan.be/index.php/2010/11/13/offensive-security-exploit-weekend/

[Windows] From vulnerability to exploit under 5 min - http://0entropy.blogspot.com/2011/02/from-vulnerability-to-exploit-under-5.html

Exploit Development (Patch Analysis)

[Windows] A deeper look at ms11-058 - http://www.skullsecurity.org/blog/2011/a-deeper-look-at-ms11-058

[Windows] Patch Analysis for MS11-058 - https://community.qualys.com/blogs/securitylabs/2011/08/23/patch-analysis-for-ms11-058

[Windows] CVE-2011-1281: A story of a Windows CSRSS Privilege Escalation vulnerability - http://j00ru.vexillium.org/?p=893

[Mobile] Analyzing and dissecting Android applications for security defects and vulnerabilities - https://www.net-security.org/article.php?id=1613

Exploit Development (Metasploit Wishlist)

[ExplotDev] Metasploit Exploits Wishlist ! - http://esploit.blogspot.com/2011/03/metasploit-exploits-wishlist.html

[Guide] Porting Exploits To Metasploit Part 1 - http://www.securitytube.net/video/2118

Passwords & Rainbow Tables (WPA)

[RSS] Title - http://ob-security.info/?p=475

[RSS] Title - http://nakedsecurity.sophos.com/2011/06/14/the-top-10-passcodes-you-should-never-use-on-your-iphone/

[RSS] Title - http://www.troyhunt.com/2011/06/brief-sony-password-analysis.html

[WPA] Offensive Security: WPA Rainbow Tables - http://www.offensive-security.com/wpa-tables/

[Tool] Ultra High Security Password Generator - https://www.grc.com/passwords.htm

[Guide] Creating effective dictionaries for password attacks - http://insidetrust.blogspot.com/2010/07/creating-effective-dictionaries-for.html

[Leaked] Diccionarios con Passwords de Sitios Expuestos - http://www.dragonjar.org/diccionarios-con-passwords-de-sitios-expuestos.xhtml

[Download] Index of / - http://svn.isdpodcast.com/wordlists/

[Guide] Using Wikipedia as brute forcing dictionary - http://lab.lonerunners.net/blog/using-wikipedia-as-brute-forcing-dictionary

[Tool] CeWL - Custom Word List generator - http://www.digininja.org/projects/cewl.php

[Download] Title - http://www.aircrack-ng.org/doku.php?id=faq#where_can_i_find_good_wordlists

[Leaked] Passwords - http://www.skullsecurity.org/wiki/index.php/Passwords

Cheat-Sheets

[OS] A Sysadmin's Unixersal Translator - http://bhami.com/rosetta.html

[WiFi] WirelessDefence.org's Wireless Penetration Testing Framework - http://www.wirelessdefence.org/Contents/Wireless%20Pen%20Test%20Framework.html

Anti-Virus

[Metasploit] Facts and myths about antivirus evasion with Metasploit - http://schierlm.users.sourceforge.net/avevasion.html

[Terms] Methods of bypassing Anti-Virus (AV) Detection - NetCat - http://compsec.org/security/index.php/anti-virus/283-anti-virus-central-methods-of-bypassing-anti-virus-av-detection.html

Privilege Escalation

[Linux] Hacking Linux Part I: Privilege Escalation - http://www.dankalia.com/tutor/01005/0100501004.htm

[Windows] Windows 7 UAC whitelist - http://www.pretentiousname.com/misc/win7_uac_whitelist2.html

[Windows] Windows Privilege Escalation Part 1: Local Administrator Privileges - http://www.netspi.com/blog/2009/10/05/windows-privilege-escalation-part-1-local-administrator-privileges/

Metasploit

[Guide] fxsst.dll persistence: the evil fax machine - http://www.room362.com/blog/2011/6/27/fxsstdll-persistence-the-evil-fax-machine.html

[Guide] Bypassing DEP/ASLR in browser exploits with McAfee and Symantec - http://www.scriptjunkie.us/2011/08/custom-payloads-in-metasploit-4/

[Guides] Metasploit Unleashed - http://www.offensive-security.com/metasploit-unleashed/Metasploit_Unleashed_Information_Security_Training

[Guides] Metasploit Megaprimer (Exploitation Basics And Need For Metasploit) Part 1 - http://www.securitytube.net/video/1175

Default Generators

[WEP] mac2wepkey - Huawei default WEP generator - http://websec.ca/blog/view/mac2wepkey_huawei

[WEP] Generator: Attacking SKY default router password - http://sec.jetlib.com/BackTrack_Linux_Forums/2011/01/12/Generator:_Attacking_SKY_default_router_password

Statistics

[Defacements] Zone-H - http://www.zone-h.org

[ExploitKits] CVE Exploit Kit list - http://exploitkit.ex.ohost.de/CVE%20Exploit%20Kit%20List.htm

Cross Site Scripting (XSS)

[Guide] vbSEO – From XSS to Reverse PHP Shell - http://www.exploit-db.com/vbseo-from-xss-to-reverse-php-shell/

[RSS] Title - http://www.thespanner.co.uk/2009/03/25/xss-rays/

Podcasts

[Weekly] PaulDotCom - http://pauldotcom.com/podcast/psw.xml

[Monthly] Social-Engineer - http://socialengineer.podbean.com/feed/

Blogs & RSS

[RSS] SecManiac - http://www.secmaniac.com

[Guides] Carnal0wnage & Attack Research - http://carnal0wnage.attackresearch.com

[RSS] Contagio - http://contagiodump.blogspot.com

[News] THN : The Hacker News - http://thehackernews.com

[News] Packet Storm: Full Disclosure Information Security - http://packetstormsecurity.org

[Guides] pentestmonkey | Taking the monkey work out of pentesting - http://pentestmonkey.net

[RSS] Darknet - The Darkside | Ethical Hacking, Penetration Testing & Computer Security - http://www.darknet.org.uk

[RSS] Irongeek - http://www.irongeek.com

[Metasploit] Room 363 - http://www.room362.com

[Guides] Question Defense: Technology Answers For Technology Questions - http://www.question-defense.com/

[Guides] stratmofo's blog - http://securityjuggernaut.blogspot.com

[Guides] TheInterW3bs - http://theinterw3bs.com

[Guides] consolecowboys - http://console-cowboys.blogspot.com

[Guides] A day with Tape - http://adaywithtape.blogspot.com

[Guides] Cybexin's Blog - Network Security Blog - http://cybexin.blogspot.com

[RSS] BackTrack Linux - Penetration Testing Distribution - http://www.backtrack-linux.org/feed/

[RSS] Offensive Security - http://www.offensive-security.com/blog/feed/

[RSS] Title - http://www.pentestit.com

[RSS] Title - http://michael-coates.blogspot.com

[RSS] Title - http://blog.0x0e.org

[RSS] Title - http://0x80.org/blog

[RSS] Title - http://archangelamael.shell.tor.hu

[RSS] Title - http://archangelamael.blogspot.com

[RSS] Title - http://www.coresec.org

[RSS] Title - http://noobys-journey.blogspot.com

[RSS] Title - http://www.get-root.com

[RSS] Title - http://www.kislaybhardwaj.com

[RSS] Title - https://community.rapid7.com/community/metasploit/blog

[RSS] Title - http://mimetus.blogspot.com

[RSS] Title - http://hashcrack.blogspot.com

[RSS] Title - https://rephraseit.wordpress.com

[RSS] Title - http://www.exploit-db.com

[RSS] Title - http://skidspot.blogspot.com

[RSS] Title - http://grey-corner.blogspot.com

[RSS] Title - http://vishnuvalentino.com

[RSS] Title - http://ob-security.info

Sursa:

http://g0tmi1k.blogspot.com/2011/11/blog-guides-links.html

Edited by Nytro
  • Upvote 2
Link to comment
Share on other sites

Programming e-books:

https://github.com/andrewpage/programming-ebooks

https://github.com/HackathonHackers/programming-ebooks

 

Information Security related Mind Maps:

http://www.amanhardikar.com/mindmaps.html

 

OSINT related links:

https://inteltechniques.com/links.html

Edited by Technetium
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.



×
×
  • Create New...