3 minutes
Hacking Resources
- Hacking Resources
- Usefull Web Browser plugins
- Cool Tools/Labs
- Linux Privilege Escalation
- Windows Privilege Escalation
- Windows stuff
- Powershell
- Linux stuff
- Pivoting
- Brute force/Cracking
- Red Team
- Exploit Development/Reversing/AV|EDR Bypass/Malware Analysis
- Compiling exploits
- Obfuscators
- Deobfuscators
- Buffer Overflows
- General Hacking Cheatsheets/Cool Articles/Podcasts
- Cobalt Strike
- Bug Bounty/Web Security
- Subdomain finders
- Subdomain takeover
- Discovering of Target by using ASN (IP Blocks) and reverse whois
- Screenshotting
- Cool presentations/videos
- Cool Books
- Infosec twitter accounts to follow (it’s a really awesome way to learn as well!. Will keep adding them)
Hacking Resources
This isn’t more than another hacking resources list. I basically throw here every resource I get interested on taking a look/playing with it, or stuff that I use as a reference while trying to break something.
Usefull Web Browser plugins
- https://www.wappalyzer.com/download/
- https://addons.mozilla.org/en-US/firefox/addon/foxyproxy-standard/ <—— For Firefox
- https://chrome.google.com/webstore/detail/foxyproxy-standard/gcknhkkoolaabfmlnjonogaaifnjlfnp <—— For Chrome
- https://cookie-editor.cgagnier.ca/#download
- https://addons.mozilla.org/en-US/firefox/addon/multi-account-containers/
Cool Tools/Labs
- https://hackthebox.eu/
- https://www.vulnhub.com/
- https://www.blacklanternsecurity.com/2020-12-02-WriteHat/
- https://github.com/madhuakula/kubernetes-goat
- https://github.com/m8r0wn/ActiveReign
- https://github.com/sundowndev/PhoneInfoga
- https://github.com/GoSecure/dtd-finder
- https://www.shodan.io/
- https://crt.sh/
- https://censys.io/
- https://dnsdumpster.com/
- https://mxtoolbox.com/
- https://github.com/OWASP/owasp-mstg/tree/master/Crackmes
- https://github.com/oversecured/ovaa
- https://github.com/OWASP/NodeGoat
- https://owasp.org/www-project-juice-shop/
- https://portswigger.net/web-security
- https://github.com/bee-san/pyWhat
Linux Privilege Escalation
- https://gtfobins.github.io/
- https://book.hacktricks.xyz/linux-unix/privilege-escalation
- https://guif.re/linuxeop
- https://blog.g0tmi1k.com/2011/08/basic-linux-privilege-escalation/
- https://www.win.tue.nl/~aeb/linux/hh/hh-8.html
- http://www.dankalia.com/tutor/01005/0100501004.htm
- https://blog.ikuamike.io/posts/2021/package_managers_privesc/
Windows Privilege Escalation
- https://www.absolomb.com/2018-01-26-Windows-Privilege-Escalation-Guide/
- http://www.fuzzysecurity.com/tutorials/16.html
- https://github.com/J3rryBl4nks/LPEWalkthrough/blob/master/Walkthrough.md
- https://github.com/worawit/MS17-010 <—— Eternal blue without MSF
- https://github.com/ankh2054/windows-pentest
- https://sushant747.gitbooks.io/total-oscp-guide/privilege_escalation_windows.html
- https://hackingandsecurity.blogspot.com/2017/09/oscp-windows-priviledge-escalation.html
- https://github.com/frizb/Windows-Privilege-Escalation
Windows stuff
- http://www.cheat-sheets.org/saved-copy/Windows_folders_quickref.pdf
- https://www.lemoda.net/windows/windows2unix/windows2unix.html
- https://bernardodamele.blogspot.com/2011/12/dump-windows-password-hashes.html
- https://gracefulsecurity.com/path-traversal-cheat-sheet-windows/
- https://bernardodamele.blogspot.com/2011/12/dump-windows-password-hashes.html
- https://malicious.link/post/2016/kerberoast-pt1/
- https://gist.github.com/pwntester/72f76441901c91b25ee7922df5a8a9e4 <— DotNetNuke (CVE-2017-9822) Payloads
Powershell
- https://vipulvyas0813.medium.com/introduction-to-powershell-for-penetration-testing-733236bc9547 <—— Serie about Poershell for Penetration Testing (5 posts)
Linux stuff
- http://www.pathname.com/fhs/pub/fhs-2.3.html
- http://www.linusakesson.net/programming/tty/
- http://pentestmonkey.net/blog/post-exploitation-without-a-tty
Pivoting
- https://artkond.com/2017/03/23/pivoting-guide/
- https://nullsweep.com/pivot-cheatsheet-for-pentesters/
- https://0xdf.gitlab.io/2019/01/28/pwk-notes-tunneling-update1.html
Brute force/Cracking
- https://github.com/Coalfire-Research/npk <—— Distributed hash-cracking platform on serverless AWS componentes
- https://hashcat.net/wiki/doku.php?id=example_hashes
- https://github.com/danielmiessler/SecLists
- https://github.com/rapid7/ssh-badkeys
- https://crackstation.net/
Red Team
- https://3xpl01tc0d3r.blogspot.com/2021/07/resource-based-constrained-delegation.html?m=1 <– Resource Based Constrained Delegation IN LINUX
- https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference/
- https://github.com/bluscreenofjeff/Red-Team-Infrastructure-Wiki
- https://pentestbook.six2dez.com/post-exploitation/windows/ad/kerberos-attacks
- https://www.ired.team/
- https://www.harmj0y.net/blog/ **<—— Awesome Active Directory Posts **
- https://malicious.link/post/2016/kerberoast-pt1/ <—— Serie about Kerberoasting (5 posts)
- https://github.com/S1ckB0y1337/Active-Directory-Exploitation-Cheat-Sheet
- https://www.guidepointsecurity.com/blog/delegating-like-a-boss-abusing-kerberos-delegation-in-active-directory/ <– Abuse Constrained Delegation
- https://twitter.com/cube0x0/status/1468860246307258370?s=21
Exploit Development/Reversing/AV|EDR Bypass/Malware Analysis
- https://github.com/S3cur3Th1sSh1t/Amsi-Bypass-Powershell
- https://amsi.fail/ <—- Automatic generation of some AMSI Bypass
- https://blog.sevagas.com/IMG/pdf/BypassAVDynamics.pdf
- https://ppn.snovvcrash.rocks/red-team/malware-development/code-injection/shellcode-runners
- https://samsclass.info/126/126_F21.shtml <— Practical Malware Analysis Course!
- https://www.ringzerolabs.com/2019/08/fast-and-free-malware-analysis-lab-setup.html
- https://epi052.gitlab.io/notes-to-self/blog/2021-06-16-windows-usermode-exploit-development-review/
- https://github.com/m0n0ph1/Process-Hollowing
- https://www.virusbulletin.com/virusbulletin/2011/10/okay-so-you-are-win32-emulator
- https://www.usenix.org/system/files/conference/woot16/woot16-paper-blackthorne_update.pdf
- https://blog.sannemaasakkers.com/2021/08/07/adversary-phishing-characteristics/
- https://s3cur3th1ssh1t.github.io/A-tale-of-EDR-bypass-methods/
- https://roberreigada.github.io/posts/playing_with_an_edr/
- https://github.com/jthuraisamy/SysWhispers
- https://raw.githubusercontent.com/Mr-Un1k0d3r/EDRs/main/cortex.txt <—– NON documented API’s, possible AV/EDR Bypass?
- https://0xpat.github.io/Malware_development_part_1/ <—- Malware Devlopment series
- https://github.com/BC-SECURITY/Beginners-Guide-to-Obfuscation
- https://www.shogunlab.com/blog/2017/08/11/zdzg-windows-exploit-0.html
- https://n4r1b.netlify.app/posts/2020/01/dissecting-the-windows-defender-driver-wdfilter-part-1/
- https://www.forrest-orr.net/post/malicious-memory-artifacts-part-i-dll-hollowing
- https://www.ired.team/offensive-security/code-injection-process-injection/apc-queue-code-injection <— APC Bypass
- https://pinvoke.net/ <—— Documented APIs for Bypass
- https://antiscan.me/
- https://github.com/stephenfewer/ReflectiveDLLInjection –> ReflectiveDLLInjection en Powershell!!!!
- https://github.com/PowerShellMafia/PowerSploit/blob/master/CodeExecution/Invoke-ReflectivePEInjection.ps1 –> Invoke-ReflectivePEInjection Powershell
- https://blogs.msdn.microsoft.com/joelpob/2004/02/15/creating-delegate-types-via-reflection-emit/
- https://web.archive.org/web/20120520182849/http://www.exploit-monday.com/2012_05_13_archive.html
Compiling exploits
- https://stackoverflow.com/questions/4032373/linking-against-an-old-version-of-libc-to-provide-greater-application-coverage
- https://www.lordaro.co.uk/posts/2018-08-26-compiling-glibc.html
- https://www.offensive-security.com/metasploit-unleashed/alphanumeric-shellcode/
Obfuscators
Deobfuscators
- https://www.unphp.net/
- https://lelinhtinh.github.io/de4js/
- http://jsnice.org/
- https://github.com/java-deobfuscator/deobfuscator
Buffer Overflows
- https://github.com/justinsteven/dostackbufferoverflowgood
- https://github.com/stephenbradshaw/vulnserver
- https://www.vulnhub.com/entry/brainpan-1,51/
- https://exploit.education/phoenix/
- https://www.youtube.com/watch?v=1S0aBV-Waeo
General Hacking Cheatsheets/Cool Articles/Podcasts
- https://github.com/chvancooten/OSEP-Code-Snippets <—- OSEP Code Snippets!
- https://github.com/tagnullde/OSCP/blob/master/oscp-cheatsheet.md
- https://thedarksource.com/msfvenom-cheat-sheet-create-metasploit-payloads
- https://redtm.com/docs/web-pentest/2021-01-12-web-penetration-testing-task-check-list/
- https://github.com/Optixal/OSCP-PWK-Notes-Public/
- https://epi052.gitlab.io/notes-to-self/blog/2021-06-16-windows-usermode-exploit-development-review/
- https://github.com/OlivierLaflamme/Cheatsheet-God/
- https://github.com/sinfulz/JustTryHarder/
- https://github.com/0x4D31/awesome-oscp
- https://github.com/xapax/security
- https://book.hacktricks.xyz/
- https://0xdf.gitlab.io/2018/12/02/pwk-notes-smb-enumeration-checklist-update1.html
- https://www.netsecfocus.com/oscp/2019/03/29/The_Journey_to_Try_Harder-_TJNulls_Preparation_Guide_for_PWK_OSCP.html
- https://github.com/Hack-with-Github/Awesome-Hacking
- https://jhalon.github.io/becoming-a-pentester/
- https://www.inteltechniques.com/podcast.html
- https://darknetdiaries.com/
- https://lobuhisec.medium.com/kubernetes-pentest-recon-checklist-tools-and-resources-30d8e4b69463
Cobalt Strike
Bug Bounty/Web Security
- https://owasp.org/www-project-top-ten/
- https://www.hackerone.com/blog/Guide-Subdomain-Takeovers
- https://0xpatrik.com/subdomain-takeover-ns/
- https://github.com/OWASP/wstg
- https://github.com/swisskyrepo/PayloadsAllTheThings/
- https://tomnomnom.com/talks/bug-bounties-with-bash-virsec.pdf
- https://docs.google.com/presentation/d/1DAQ47VjIaQZ88Ly00eGPQupq79hAF9AAZstV7OVCY_8
- https://github.com/ngalongc/bug-bounty-reference
- https://gowsundar.gitbook.io/book-of-bugbounty-tips
- https://github.com/jdonsec/AllThingsSSRF
- https://github.com/jdonsec/AllThingsXXE
- https://xsleaks.com/
- https://www.reddit.com/r/bugbounty/comments/983odf/how_to_become_a_bug_bounty_hunter/
- https://mohemiv.com/all/exploiting-xxe-with-local-dtd-files/
- https://blog.usejournal.com/bug-hunting-methodology-part-1-91295b2d2066 **<—— Serie of 3 post about Bug Hunting Methodology **
- https://github.com/ngalongc/bug-bounty-reference
- https://pentester.land/list-of-bug-bounty-writeups.html
- https://twitter.com/FaniMalikHack/status/1355145481479999488 **<—— Tweet by @FaniMalikHack with an infographic about JWT **
Subdomain finders
- https://github.com/projectdiscovery/subfinder
- https://github.com/guelfoweb/knock
- https://crt.sh/
- https://shodan.io/
- https://censys.io/ipv4/
- https://securitytrails.com/
- https://github.com/OWASP/Amass
- https://www.crunchbase.com/search/acquisitions **<—— Discovering searching by acquisitions **
Subdomain takeover
Discovering of Target by using ASN (IP Blocks) and reverse whois
- https://bgp.he.net/
- https://apps.db.ripe.net/db-web-ui/#/fulltextsearch
- https://whois.arin.net/ui/query.do
- https://whoxy.com/
- https://github.com/vysecurity/DomLink
Screenshotting
- https://github.com/michenriksen/aquatone
- https://github.com/FortyNorthSecurity/EyeWitness
- https://github.com/breenmachine/httpscreenshot
- https://github.com/maaaaz/webscreenshot
Cool presentations/videos
- Defeating EDRs using Dynamic Invocation - Jean Francois Maes https://youtu.be/LXfhyTpQ7TM
- A New Era Of SSRF: Exploiting Url Parsrs - Orange Tsai https://www.youtube.com/watch?v=D1S-G8rJrEk
- HTTP Desync Attacks: Smashing into the Cell Next Door - albinowax https://www.youtube.com/watch?v=w-eJM2Pc0KI&t=1622s
- A $7.500 BUG BOUNTY Bug Explained, step by step. (Blind XXE OOB over DNS) - STOK https://www.youtube.com/watch?v=aSiIHKeN3ys&t=26s&pbjreload=101
- GitHub Recon and Sensitive Data Exposure https://youtu.be/l0YsEk_59fQ
- Cracking the Lens: Targeting HTTP’s Hidden Attack-Surface https://www.youtube.com/watch?v=zP4b3pw94s0
- How to Crush Bug Bounties in the first 12 Months https://www.youtube.com/watch?v=AbebbJ3cRLI
- The Bug Hunter’s Methodology v4.0 - Recon Edition by @jhaddix at #NahamCon2020 https://youtu.be/p4JgIu1mceI
- How i became a HackerOne MVH without writing a single line of python (Motivational talk) by STOK https://youtu.be/4YjCta2fcbw
- My Journey to Cybersecurity CIA Keynote - Heath Adams (aka The Cyber Mentor) https://www.youtube.com/watch?v=q4h8A5dQsZw
- Defeating EDR’s using D/Invoke - Jean-François Maes - https://youtu.be/d_Z_WV9fp9Q
Cool Books
- https://www.amazon.com/Web-Application-Hackers-Handbook-Exploiting/dp/1118026470
- https://www.amazon.com/Real-World-Bug-Hunting-Field-Hacking/dp/1593278616/
- https://www.amazon.com/How-Linux-Works-2nd-Superuser/dp/1593275676/
Infosec twitter accounts to follow (it’s a really awesome way to learn as well!. Will keep adding them)
- securibee: https://twitter.com/securibee
- codingo_: https://twitter.com/codingo_
- hakluke: https://twitter.com/hakluke
- JackRhysider: https://twitter.com/JackRhysider
- Orange Tsai: https://twitter.com/orange_8361
- MalwareTech: https://twitter.com/MalwareTechBlog
- TomTomNom: https://twitter.com/TomNomNom
- Jason Haddix: https://twitter.com/Jhaddix
- NahamSec: https://twitter.com/NahamSec
- STOK: https://twitter.com/stokfredrik
- John Hammond: https://twitter.com/_johnhammond
- Jake Williams: https://twitter.com/MalwareJake
- Deviant Ollman: https://twitter.com/deviantollam
- J3rryBl4nks: https://twitter.com/JBl4nks
- Tib3rius: https://twitter.com/0xTib3rius
- TheColonial: https://twitter.com/TheColonial
- Rob Fuller: https://twitter.com/mubix
- g0tmi1k: https://twitter.com/g0tmi1k
- TJ_Null: https://twitter.com/TJ_Null
- Rasta Mouse: https://twitter.com/_RastaMouse
- ippsec: https://twitter.com/ippsec
- Chema Alonso: https://twitter.com/chemaalonso
- FalconSpy: https://twitter.com/0xFalconSpy
- Minh: https://twitter.com/WhiteHoodHacker
- 0verfl0w: https://twitter.com/0verfl0w_
- Markus Höfer: https://twitter.com/HashtagMarkus
- Jonas L: https://twitter.com/jonasLyk
- Will Dormann: https://twitter.com/wdormann
- Scott Piper: https://twitter.com/0xdabbad00
Read other posts