Hacking Resources

GitHub - 0xsyr0/Awesome-Cybersecurity-Handbooks: A huge chunk of my personal notes since I started playing CTFs and working as a Red Teamer.GitHub

GitHub - devanshbatham/Vulnerabilities-Unmasked: This repo tries to explain complex security vulnerabilities in simple terms that even a five-year-old can understand!GitHub

• Hacking Resources

  • Usefull Web Browser plugins

  • Cool Tools/Labs

  • Linux Privilege Escalation

  • Windows Privilege Escalation

  • Windows stuff

  • Powershell

  • Linux stuff

  • Pivoting

  • Brute force/Cracking

  • Red Team

  • Exploit Development/Reversing/AV|EDR Bypass/Malware Analysis

  • Compiling exploits

  • Obfuscators

  • Deobfuscators

  • Buffer Overflows

  • General Hacking Cheatsheets/Cool Articles/Podcasts

  • Cobalt Strike

  • Bug Bounty/Web Security

  • Subdomain finders

  • Subdomain takeover

  • Discovering of Target by using ASN (IP Blocks) and reverse whois

  • Screenshotting

  • Cool presentations/videos

  • Cool Books

  • Infosec twitter accounts to follow (it’s a really awesome way to learn as well!. Will keep adding them)

Hacking Resources

This isn’t more than another hacking resources list. I basically throw here every resource I get interested on taking a look/playing with it, or stuff that I use as a reference while trying to break something.

Usefull Web Browser plugins

• https://www.wappalyzer.com/download/

• https://addons.mozilla.org/en-US/firefox/addon/foxyproxy-standard/ <—— For Firefox

• https://chrome.google.com/webstore/detail/foxyproxy-standard/gcknhkkoolaabfmlnjonogaaifnjlfnp <—— For Chrome

• https://cookie-editor.cgagnier.ca/#download

• https://addons.mozilla.org/en-US/firefox/addon/multi-account-containers/

Cool Tools/Labs

• https://hackthebox.eu/

• https://www.vulnhub.com/

• https://www.blacklanternsecurity.com/2020-12-02-WriteHat/

• https://github.com/madhuakula/kubernetes-goat

• https://github.com/m8r0wn/ActiveReign

• https://github.com/sundowndev/PhoneInfoga

• https://github.com/GoSecure/dtd-finder

• https://www.shodan.io/

• https://crt.sh/

• https://censys.io/

• https://dnsdumpster.com/

• https://mxtoolbox.com/

• https://github.com/OWASP/owasp-mstg/tree/master/Crackmes

• https://github.com/oversecured/ovaa

• https://github.com/OWASP/NodeGoat

• https://owasp.org/www-project-juice-shop/

• https://portswigger.net/web-security

• https://github.com/bee-san/pyWhat

Linux Privilege Escalation

• https://gtfobins.github.io/

• https://book.hacktricks.xyz/linux-unix/privilege-escalation

• https://guif.re/linuxeop

• https://blog.g0tmi1k.com/2011/08/basic-linux-privilege-escalation/

• https://www.win.tue.nl/~aeb/linux/hh/hh-8.html

• http://www.dankalia.com/tutor/01005/0100501004.htm

• https://blog.ikuamike.io/posts/2021/package_managers_privesc/

Windows Privilege Escalation

• https://www.absolomb.com/2018-01-26-Windows-Privilege-Escalation-Guide/

• http://www.fuzzysecurity.com/tutorials/16.html

• https://github.com/J3rryBl4nks/LPEWalkthrough/blob/master/Walkthrough.md

• https://github.com/worawit/MS17-010 <—— Eternal blue without MSF

• https://github.com/ankh2054/windows-pentest

• https://sushant747.gitbooks.io/total-oscp-guide/privilege_escalation_windows.html

• https://hackingandsecurity.blogspot.com/2017/09/oscp-windows-priviledge-escalation.html

• https://github.com/frizb/Windows-Privilege-Escalation

Windows stuff

• http://www.cheat-sheets.org/saved-copy/Windows_folders_quickref.pdf

• https://www.lemoda.net/windows/windows2unix/windows2unix.html

• https://bernardodamele.blogspot.com/2011/12/dump-windows-password-hashes.html

• https://gracefulsecurity.com/path-traversal-cheat-sheet-windows/

• https://bernardodamele.blogspot.com/2011/12/dump-windows-password-hashes.html

• https://malicious.link/post/2016/kerberoast-pt1/

• https://gist.github.com/pwntester/72f76441901c91b25ee7922df5a8a9e4 <— DotNetNuke (CVE-2017-9822) Payloads

Powershell

• https://vipulvyas0813.medium.com/introduction-to-powershell-for-penetration-testing-733236bc9547 <—— Serie about Poershell for Penetration Testing (5 posts)

Linux stuff

• http://www.pathname.com/fhs/pub/fhs-2.3.html

• http://www.linusakesson.net/programming/tty/

• http://pentestmonkey.net/blog/post-exploitation-without-a-tty

Pivoting

• https://artkond.com/2017/03/23/pivoting-guide/

• https://nullsweep.com/pivot-cheatsheet-for-pentesters/

• https://0xdf.gitlab.io/2019/01/28/pwk-notes-tunneling-update1.html

Brute force/Cracking

• https://github.com/Coalfire-Research/npk <—— Distributed hash-cracking platform on serverless AWS componentes

• https://hashcat.net/wiki/doku.php?id=example_hashes

• https://github.com/danielmiessler/SecLists

• https://github.com/rapid7/ssh-badkeys

• https://crackstation.net/

Red Team

• https://3xpl01tc0d3r.blogspot.com/2021/07/resource-based-constrained-delegation.html?m=1 <– Resource Based Constrained Delegation IN LINUX

• https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference/

• https://github.com/bluscreenofjeff/Red-Team-Infrastructure-Wiki

• https://pentestbook.six2dez.com/post-exploitation/windows/ad/kerberos-attacks

• https://www.ired.team/

• https://www.harmj0y.net/blog/ **<—— Awesome Active Directory Posts **

• https://malicious.link/post/2016/kerberoast-pt1/ <—— Serie about Kerberoasting (5 posts)

• https://github.com/S1ckB0y1337/Active-Directory-Exploitation-Cheat-Sheet

• https://www.guidepointsecurity.com/blog/delegating-like-a-boss-abusing-kerberos-delegation-in-active-directory/ <– Abuse Constrained Delegation

• https://twitter.com/cube0x0/status/1468860246307258370?s=21

Exploit Development/Reversing/AV|EDR Bypass/Malware Analysis

• https://github.com/S3cur3Th1sSh1t/Amsi-Bypass-Powershell

• https://amsi.fail/ <—- Automatic generation of some AMSI Bypass

• https://blog.sevagas.com/IMG/pdf/BypassAVDynamics.pdf

• https://ppn.snovvcrash.rocks/red-team/malware-development/code-injection/shellcode-runners

• https://samsclass.info/126/126_F21.shtml <— Practical Malware Analysis Course!

• https://www.ringzerolabs.com/2019/08/fast-and-free-malware-analysis-lab-setup.html

• https://epi052.gitlab.io/notes-to-self/blog/2021-06-16-windows-usermode-exploit-development-review/

• https://github.com/m0n0ph1/Process-Hollowing

• https://www.virusbulletin.com/virusbulletin/2011/10/okay-so-you-are-win32-emulator

• https://www.usenix.org/system/files/conference/woot16/woot16-paper-blackthorne_update.pdf

• https://blog.sannemaasakkers.com/2021/08/07/adversary-phishing-characteristics/

• https://s3cur3th1ssh1t.github.io/A-tale-of-EDR-bypass-methods/

• https://roberreigada.github.io/posts/playing_with_an_edr/

• https://github.com/jthuraisamy/SysWhispers

• https://raw.githubusercontent.com/Mr-Un1k0d3r/EDRs/main/cortex.txt <—– NON documented API’s, possible AV/EDR Bypass?

• https://0xpat.github.io/Malware_development_part_1/ <—- Malware Devlopment series

• https://github.com/BC-SECURITY/Beginners-Guide-to-Obfuscation

• https://www.shogunlab.com/blog/2017/08/11/zdzg-windows-exploit-0.html

• https://n4r1b.netlify.app/posts/2020/01/dissecting-the-windows-defender-driver-wdfilter-part-1/

• https://www.forrest-orr.net/post/malicious-memory-artifacts-part-i-dll-hollowing

• https://www.ired.team/offensive-security/code-injection-process-injection/apc-queue-code-injection <— APC Bypass

• https://pinvoke.net/ <—— Documented APIs for Bypass

• https://antiscan.me/

• https://github.com/stephenfewer/ReflectiveDLLInjection –> ReflectiveDLLInjection en Powershell!!!!

• https://github.com/PowerShellMafia/PowerSploit/blob/master/CodeExecution/Invoke-ReflectivePEInjection.ps1 –> Invoke-ReflectivePEInjection Powershell

• https://blogs.msdn.microsoft.com/joelpob/2004/02/15/creating-delegate-types-via-reflection-emit/

• https://web.archive.org/web/20120520182849/http://www.exploit-monday.com/2012_05_13_archive.html

Compiling exploits

• https://stackoverflow.com/questions/4032373/linking-against-an-old-version-of-libc-to-provide-greater-application-coverage

• https://www.lordaro.co.uk/posts/2018-08-26-compiling-glibc.html

• https://www.offensive-security.com/metasploit-unleashed/alphanumeric-shellcode/

Obfuscators

• https://github.com/danielbohannon/Invoke-Obfuscation

• https://github.com/Bashfuscator/Bashfuscator

Deobfuscators

• https://www.unphp.net/

• https://lelinhtinh.github.io/de4js/

• http://jsnice.org/

• https://github.com/java-deobfuscator/deobfuscator

Buffer Overflows

• https://github.com/justinsteven/dostackbufferoverflowgood

• https://github.com/stephenbradshaw/vulnserver

• https://www.vulnhub.com/entry/brainpan-1,51/

• https://exploit.education/phoenix/

• https://www.youtube.com/watch?v=1S0aBV-Waeo

General Hacking Cheatsheets/Cool Articles/Podcasts

• https://github.com/chvancooten/OSEP-Code-Snippets <—- OSEP Code Snippets!

• https://github.com/tagnullde/OSCP/blob/master/oscp-cheatsheet.md

• https://thedarksource.com/msfvenom-cheat-sheet-create-metasploit-payloads

• https://redtm.com/docs/web-pentest/2021-01-12-web-penetration-testing-task-check-list/

• https://github.com/Optixal/OSCP-PWK-Notes-Public/

• https://epi052.gitlab.io/notes-to-self/blog/2021-06-16-windows-usermode-exploit-development-review/

• https://github.com/OlivierLaflamme/Cheatsheet-God/

• https://github.com/sinfulz/JustTryHarder/

• https://github.com/0x4D31/awesome-oscp

• https://github.com/xapax/security

• https://book.hacktricks.xyz/

• https://0xdf.gitlab.io/2018/12/02/pwk-notes-smb-enumeration-checklist-update1.html

• https://www.netsecfocus.com/oscp/2019/03/29/The_Journey_to_Try_Harder-_TJNulls_Preparation_Guide_for_PWK_OSCP.html

• https://github.com/Hack-with-Github/Awesome-Hacking

• https://jhalon.github.io/becoming-a-pentester/

• https://www.inteltechniques.com/podcast.html

• https://darknetdiaries.com/

• https://lobuhisec.medium.com/kubernetes-pentest-recon-checklist-tools-and-resources-30d8e4b69463

Cobalt Strike

• https://github.com/S1ckB0y1337/Cobalt-Strike-CheatSheet

Bug Bounty/Web Security

• https://owasp.org/www-project-top-ten/

• https://www.hackerone.com/blog/Guide-Subdomain-Takeovers

• https://0xpatrik.com/subdomain-takeover-ns/

• https://github.com/OWASP/wstg

• https://github.com/swisskyrepo/PayloadsAllTheThings/

• https://tomnomnom.com/talks/bug-bounties-with-bash-virsec.pdf

• https://docs.google.com/presentation/d/1DAQ47VjIaQZ88Ly00eGPQupq79hAF9AAZstV7OVCY_8

• https://github.com/ngalongc/bug-bounty-reference

• https://gowsundar.gitbook.io/book-of-bugbounty-tips

• https://github.com/jdonsec/AllThingsSSRF

• https://github.com/jdonsec/AllThingsXXE

• https://xsleaks.com/

• https://www.reddit.com/r/bugbounty/comments/983odf/how_to_become_a_bug_bounty_hunter/

• https://mohemiv.com/all/exploiting-xxe-with-local-dtd-files/

• https://blog.usejournal.com/bug-hunting-methodology-part-1-91295b2d2066 **<—— Serie of 3 post about Bug Hunting Methodology **

• https://github.com/ngalongc/bug-bounty-reference

• https://pentester.land/list-of-bug-bounty-writeups.html

• https://twitter.com/FaniMalikHack/status/1355145481479999488 **<—— Tweet by @FaniMalikHack with an infographic about JWT **

Subdomain finders

• https://github.com/projectdiscovery/subfinder

• https://github.com/guelfoweb/knock

• https://crt.sh/

• https://shodan.io/

• https://censys.io/ipv4/

• https://securitytrails.com/

• https://github.com/OWASP/Amass

• https://www.crunchbase.com/search/acquisitions **<—— Discovering searching by acquisitions **

Subdomain takeover

• https://github.com/EdOverflow/can-i-take-over-xyz

• https://github.com/projectdiscovery/nuclei

Discovering of Target by using ASN (IP Blocks) and reverse whois

• https://bgp.he.net/

• https://apps.db.ripe.net/db-web-ui/#/fulltextsearch

• https://whois.arin.net/ui/query.do

• https://whoxy.com/

• https://github.com/vysecurity/DomLink

Screenshotting

• https://github.com/michenriksen/aquatone

• https://github.com/FortyNorthSecurity/EyeWitness

• https://github.com/breenmachine/httpscreenshot

• https://github.com/maaaaz/webscreenshot

Cool presentations/videos

• Defeating EDRs using Dynamic Invocation - Jean Francois Maes https://youtu.be/LXfhyTpQ7TM

• A New Era Of SSRF: Exploiting Url Parsrs - Orange Tsai https://www.youtube.com/watch?v=D1S-G8rJrEk

• HTTP Desync Attacks: Smashing into the Cell Next Door - albinowax https://www.youtube.com/watch?v=w-eJM2Pc0KI&t=1622s

• A $7.500 BUG BOUNTY Bug Explained, step by step. (Blind XXE OOB over DNS) - STOK https://www.youtube.com/watch?v=aSiIHKeN3ys&t=26s&pbjreload=101

• GitHub Recon and Sensitive Data Exposure https://youtu.be/l0YsEk_59fQ

• Cracking the Lens: Targeting HTTP’s Hidden Attack-Surface https://www.youtube.com/watch?v=zP4b3pw94s0

• How to Crush Bug Bounties in the first 12 Months https://www.youtube.com/watch?v=AbebbJ3cRLI

• The Bug Hunter’s Methodology v4.0 - Recon Edition by @jhaddix​ at #NahamCon2020​ https://youtu.be/p4JgIu1mceI

• How i became a HackerOne MVH without writing a single line of python (Motivational talk) by STOK https://youtu.be/4YjCta2fcbw

• My Journey to Cybersecurity CIA Keynote - Heath Adams (aka The Cyber Mentor) https://www.youtube.com/watch?v=q4h8A5dQsZw

• Defeating EDR’s using D/Invoke - Jean-François Maes - https://youtu.be/d_Z_WV9fp9Q

Cool Books

• https://www.amazon.com/Web-Application-Hackers-Handbook-Exploiting/dp/1118026470

• https://www.amazon.com/Real-World-Bug-Hunting-Field-Hacking/dp/1593278616/

• https://www.amazon.com/How-Linux-Works-2nd-Superuser/dp/1593275676/

Infosec twitter accounts to follow (it’s a really awesome way to learn as well!. Will keep adding them)

• securibee: https://twitter.com/securibee

• codingo_: https://twitter.com/codingo_

• hakluke: https://twitter.com/hakluke

• JackRhysider: https://twitter.com/JackRhysider

• Orange Tsai: https://twitter.com/orange_8361

• MalwareTech: https://twitter.com/MalwareTechBlog

• TomTomNom: https://twitter.com/TomNomNom

• Jason Haddix: https://twitter.com/Jhaddix

• NahamSec: https://twitter.com/NahamSec

• STOK: https://twitter.com/stokfredrik

• John Hammond: https://twitter.com/_johnhammond

• Jake Williams: https://twitter.com/MalwareJake

• Deviant Ollman: https://twitter.com/deviantollam

• J3rryBl4nks: https://twitter.com/JBl4nks

• Tib3rius: https://twitter.com/0xTib3rius

• TheColonial: https://twitter.com/TheColonial

• Rob Fuller: https://twitter.com/mubix

• g0tmi1k: https://twitter.com/g0tmi1k

• TJ_Null: https://twitter.com/TJ_Null

• Rasta Mouse: https://twitter.com/_RastaMouse

• ippsec: https://twitter.com/ippsec

• Chema Alonso: https://twitter.com/chemaalonso

• FalconSpy: https://twitter.com/0xFalconSpy

• Minh: https://twitter.com/WhiteHoodHacker

• 0verfl0w: https://twitter.com/0verfl0w_

• Markus Höfer: https://twitter.com/HashtagMarkus

• Jonas L: https://twitter.com/jonasLyk

• Will Dormann: https://twitter.com/wdormann

• Scott Piper: https://twitter.com/0xdabbad00