Difference between revisions of "Bookmarks"
(→Infiltration) |
m |
||
(22 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
== OSCP Prep == | == OSCP Prep == | ||
− | == | + | == CTF / Boot-to-Root VMs == |
* [https://www.vulnhub.com/ VulnHub] | * [https://www.vulnhub.com/ VulnHub] | ||
− | * [https://exploit-exercises.com/ Exploit Exercises] | + | * [https://www.owasp.org/index.php/OWASP_Security_Shepherd OWASP Security Shepherd] |
+ | * [https://www.owasp.org/index.php/OWASP_Broken_Web_Applications_Project OWASP Broken Web Application Project] | ||
+ | * [https://information.rapid7.com/metasploitable-download.html Metasploitable - VM to test your Metasploit skills] | ||
+ | * [https://challenge.synacor.com/ challenge.synacor.com: a text adventure game. Lots of programming chals, ASM especially] | ||
+ | |||
+ | == Shellcoding / Exploits / Reverse Engineering == | ||
+ | * [https://paraschetal.in/writing-your-own-shellcode paraschetal.in / Writing your own shellcode] | ||
+ | * [https://www.youtube.com/watch?v=1S0aBV-Waeo A great primer on Buffer Overflow] | ||
+ | * [https://exploit-exercises.com/ Exploit-Exercises.com] | ||
+ | * [http://overthewire.org/wargames/ Overthewire.org / Shell-based CTF-style games] | ||
+ | * [http://shell-storm.org/shellcode/ Shell-Storm.org - a huge Shellcodes database!] | ||
== Courses / Training == | == Courses / Training == | ||
Line 23: | Line 33: | ||
== Access & Escalation == | == Access & Escalation == | ||
+ | * [https://github.com/D35m0nd142/LFISuite LFISuite - Totally Automatic LFI Exploiter (+ Reverse Shell) and Scanner] | ||
+ | |||
== Data Exfiltration == | == Data Exfiltration == | ||
Line 31: | Line 43: | ||
=== Python === | === Python === | ||
* [http://pygments.org/: Pygments - python syntax highlighter] | * [http://pygments.org/: Pygments - python syntax highlighter] | ||
+ | |||
+ | == Lists / Payloads / Fuzzers == | ||
+ | * [https://github.com/danielmiessler/SecLists danielmiessler/SecLists] | ||
+ | |||
+ | == Platform-specific Topics | ||
+ | === Node.js === | ||
+ | * [https://resources.infosecinstitute.com/penetration-testing-node-js-applications-part-1/ Pentesting Node.js Applications] |
Latest revision as of 08:06, 18 July 2018
Contents
OSCP Prep
CTF / Boot-to-Root VMs
- VulnHub
- OWASP Security Shepherd
- OWASP Broken Web Application Project
- Metasploitable - VM to test your Metasploit skills
- challenge.synacor.com: a text adventure game. Lots of programming chals, ASM especially
Shellcoding / Exploits / Reverse Engineering
- paraschetal.in / Writing your own shellcode
- A great primer on Buffer Overflow
- Exploit-Exercises.com
- Overthewire.org / Shell-based CTF-style games
- Shell-Storm.org - a huge Shellcodes database!
Courses / Training
Website Reconnaissance Tools & Techniques
- BuiltWith
- Joomla Security Scanner
- Check Joomla version without hacking
- BlindElephant Web Application Fingerprinter
- ChromeSniffer Plus
Scanning
SQL Injection
Access & Escalation
Data Exfiltration
Assault
Obfuscation
Programming
Python
Lists / Payloads / Fuzzers
== Platform-specific Topics