Links I like!! Capture the Flag/Wargames http://intruded.net/ http://intruded.net/ SmashTheStack Wargaming Network http://smashthestack.org/ flack & hkpco.kr http://flack.hkpco.kr/ HC's Capture the Flag site http://ctf.hcesperer.org/ The UCSB iCTF http://ictf.cs.ucsb.edu/ CTF Calendar http://capture.thefl.ag/calendar/ Cheat Sheets and Syntax Big Port DB | Cirt http://cirt.net/ports_dl.php?export=services Cheat Sheet : All Cheat Sheets in one page http://www.cheat-sheets.org/ Security Advancements at the Monastery » Blog Archive » What’s in Your Folder: Security Cheat Sheets http://blog.securitymonks.com/2009/08/15/whats-in-your-folder-security-cheat-sheets/ Agile Hacking Agile Hacking: A Homegrown Telnet-based Portscanner | GNUCITIZEN http://www.gnucitizen.org/blog/agile-hacking-a-homegrown-telnet-based-portscanner/ Command Line Kung Fu http://blog.commandlinekungfu.com/ Simple yet effective: Directory Bruteforcing http://www.securityaegis.com/simple-yet-effective-directory-bruteforcing/ The Grammar of WMIC http://isc.sans.edu/diary.html?storyid=2376 Windows Command-Line Kung Fu with WMIC http://isc.sans.edu/diary.html?storyid=1229 Windows CMD Commands http://ss64.com/nt/ running a command on every mac http://pauldotcom.com/2010/02/running-a-command-on-every-mac.html Syn: Command-Line Ninjitsu http://synjunkie.blogspot.com/2008/03/command-line-ninjitsu.html WMIC, the other OTHER white meat. http://www.zonbi.org/?p=253 Hacking Without Tools: Windows - RST http://rstcenter.com/forum/22324-hacking-without-tools-windows.rst Pentesting Ninjitsu 1 http://www.coresecurity.com/files/attachments/Core_Define_and_Win_Cmd_Line.pdf Pentesting Ninjitsu 2 Infrastructure and Netcat without Netcat http://www.scribd.com/Penetration-Testing-Ninjitsu2-Infrastructure-and-Netcat-without-Netcat/d/3064507 [PenTester Scripting] http://www.pentesterscripting.com/ windows-scripting-COM-tricks http://www.sans.org/reading_room/whitepapers/hackers/windows-script-host-hack-windows_33583 Advanced-Command-Exploitation http://www.blackhat.com/presentations/bh-dc-10/Bannedit/BlackHat-DC-2010-Bannedit-Advanced-Command-Injection-Exploitation-1-wp.pdf OS & Scripts IPv4 subnetting reference - Wikipedia, the free encyclopedia http://en.wikipedia.org/wiki/IPv4_subnetting_reference All the Best Linux Cheat Sheets http://www.nixtutor.com/linux/all-the-best-linux-cheat-sheets/ SHELLdorado - Shell Tips & Tricks (Beginner) http://shelldorado.com/shelltips/beginner.html Linux Survival :: Where learning Linux is easy http://www.linuxsurvival.com/ BashPitfalls - Greg's Wiki http://mywiki.wooledge.org/BashPitfalls Rubular: a Ruby regular expression editor and tester http://rubular.com/ http://www.iana.org/assignments/port-numbers http://www.iana.org/assignments/port-numbers Useful commands for Windows administrators http://www.robvanderwoude.com/ntadmincommands.php Rubular: a Ruby regular expression editor http://rubular.com/ Tools netcat cheat sheet (ed skoudis) http://www.sans.org/security-resources/sec560/netcat_cheat_sheet_v1.pdf nessus/nmap (older) http://www.secguru.com/files/cheatsheet/nessusNMAPcheatSheet.pdf hping3 cheatsheet http://sbdtools.googlecode.com/files/hping3_cheatsheet_v1.0-ENG.pdf Nmap 5 (new) http://sbdtools.googlecode.com/files/Nmap5%20cheatsheet%20eng%20v1.pdf MSF, Fgdump, Hping http://www.sans.org/security-resources/sec560/misc_tools_sheet_v1.pdf Metasploit meterpreter cheat sheet reference http://rmccurdy.com/scripts/Metasploit%20meterpreter%20cheat%20sheet%20reference.html Netcat cheat sheet http://h.ackack.net/cheat-sheets/netcat Conferences Information Security Conferences Calnedar https://www.google.com/calendar/embed?src=pe2ikdbe6b841od6e26ato0asc@group.calendar.google.com&gsessionid=OK Distros BackTrack Linux http://www.backtrack-linux.org/ Matriux http://www.matriux.com/ nUbuntu http://www.nubuntu.org/ Samurai Web Testing Framework http://samurai.inguardians.com/ OWASP Live CD Project http://www.owasp.org/index.php/Category:OWASP_Live_CD_Project Pentoo https://pentoo.ch/ Katana http://www.hackfromacave.com/articles_and_adventures/katana_v2_release.html KON-BOOT http://www.piotrbania.com/all/kon-boot/ Welcome to Linux From Scratch! http://www.linuxfromscratch.org/ SUMO Linux http://sumolinux.suntzudata.com/ pentesting packages for ubuntu http://blog.0x0e.org/2009/11/20/pentesting-with-an-ubuntu-box/#comments BackBox Linux | Flexible Penetration Testing Distribution http://www.backbox.org/ Exploitation Intro Exploitation - it-sec-catalog - References to vulnerability exploitation stuff. - Project Hosting on Google Code http://code.google.com/p/it-sec-catalog/wiki/Exploitation Myne-us: From 0x90 to 0x4c454554, a journey into exploitation. http://myne-us.blogspot.com/2010/08/from-0x90-to-0x4c454554-journey-into.html Past, Present, Future of Windows Exploitation | Abysssec Security Research http://www.abysssec.com/blog/2010/05/past-present-future-of-windows-exploitation/ Smash the Stack 2010 http://mariano-graziano.llab.it/docs/report.pdf The Ethical Hacker Network - Smashing The Modern Stack For Fun And Profit http://www.ethicalhacker.net/content/view/122/2/ x9090's Blog: [TUTORIAL] Exploit Writting Tutorial From Basic To Intermediate http://x9090.blogspot.com/2010/03/tutorial-exploit-writting-tutorial-from.html X86 Opcode and Instruction Reference http://ref.x86asm.net/index.html Exploits and Advisories .:[ packet storm ]:. http://www.packetstormsecurity.org/ CVE - Common Vulnerabilities and Exposures (CVE) http://cve.mitre.org/ CVE security vulnerability database http://cvedetails.com/ NIST http://nvd.nist.gov/ Nullbyte.Org.IL http://www.nullbyte.org.il/Index.html OSVDB: The Open Source Vulnerability Database http://osvdb.org/ SecDocs IT Security and Hacking knowledge base http://secdocs.lonerunners.net/ Secunia.com http://secunia.com/ SecurityFocus http://www.securityfocus.com/bid SecurityForest http://www.securityforest.com/wiki/index.php/Main_Page The Exploit Database http://www.exploit-db.com/ Hacker Media Blogs worth it Carnal0wnage http://carnal0wnage.blogspot.com/ McGrew Security http://www.mcgrewsecurity.com/ Blog | GNUCITIZEN http://www.gnucitizen.org/blog/ Darknet http://www.darknet.org.uk/ spylogic.net http://www.spylogic.net/ TaoSecurity http://taosecurity.blogspot.com/ Room362.com http://www.room362.com/ SIPVicious http://blog.sipvicious.org/ PortSwigger.net http://blog.portswigger.net/ Blog - pentestmonkey.net http://pentestmonkey.net/blog/ Jeremiah Grossman http://jeremiahgrossman.blogspot.com/ omg.wtf.bbq. http://i8jesus.com/ CатÑн²² (in)sеÑuÑitу http://blog.c22.cc/ SkullSecurity http://www.skullsecurity.org/blog/ Metasploit http://blog.metasploit.com/ Security and Networking http://www.darkoperator.com/ Skeptikal.org http://blog.skeptikal.org/ Digital Soapbox http://preachsecurity.blogspot.com/ tssci security http://www.tssci-security.com/ Blog - Gotham Digital Science http://www.gdssecurity.com/l/b/ Reiners’ Weblog http://websec.wordpress.com/ Bernardo Damele A. G. http://bernardodamele.blogspot.com/ Laramies Corner http://laramies.blogspot.com/ Attack and Defense Labs http://blog.andlabs.org/ Billy (BK) Rios http://xs-sniper.com/blog/ Common Exploits http://www.commonexploits.com/ extern blog SensePost; http://www.sensepost.com/blog/ Weapons of Mass Analysis http://wepma.blogspot.com/ Exploit KB http://exploit.co.il/ Security Reliks http://securityreliks.wordpress.com/ MadIrish.net http://www.madirish.net/index.html sirdarckcat http://sirdarckcat.blogspot.com/ Reusable Security http://reusablesec.blogspot.com/ Myne-us http://myne-us.blogspot.com/ www.notsosecure.com http://www.notsosecure.com/folder2/ SpiderLabs Anterior http://blog.spiderlabs.com/ Corelan Team | Peter Van Eeckhoutte (corelanc0d3r) http://www.corelan.be/ DigiNinja http://www.digininja.org/ Home Of PaulDotCom Security Podcast http://www.pauldotcom.com/ Attack Vector http://www.attackvector.org/ deviating.net http://deviating.net/ Alpha One Labs http://www.alphaonelabs.com/ SmashingPasswords.com http://www.smashingpasswords.com/ wirewatcher http://wirewatcher.wordpress.com/ gynvael.coldwind//vx.log http://gynvael.coldwind.pl/ Nullthreat Security http://www.nullthreat.net/ Archangel Amael's BT Tutorials http://archangelamael.blogspot.com/ memset's blog http://memset.wordpress.com/ ihasomgsecurityskills http://sickness.tor.hu/ punter-infosec http://punter-infosec.com/ Security Ninja http://www.securityninja.co.uk/ Security and risk http://securityandrisk.blogspot.com/ GRM n00bs http://www.grmn00bs.com/ Kioptrix http://www.kioptrix.com/blog/ ::eSploit:: http://esploit.blogspot.com/ PenTestIT — Your source for Information Security Related information! http://www.pentestit.com/ Forums BackTrack Forums http://www.backtrack-linux.org/forums/ EliteHackers.info http://www.elitehackers.info/forums/ InterN0T forum http://forum.intern0t.net/ Government Security http://www.governmentsecurity.org/forum/ Hack This Site Forum http://www.hackthissite.org/forums/index.php iExploit Hacking Forum http://www.iexploit.org/ Security Override http://securityoverride.com/forum/index.php bright-shadows.net http://bright-shadows.net/ ethicalhacker.net http://www.ethicalhacker.net/ sla.ckers.org http://sla.ckers.org/forum/index.php Magazines (IN)SECURE Magazine http://www.net-security.org/insecuremag.php http://hakin9.org/ http://hakin9.org/ Video The Hacker News Network http://www.hackernews.com/ Security Tube http://www.securitytube.net/ Irongeek -Hacking Illustrated http://www.irongeek.com/i.php?page=videos/aide-winter-2011 SecCon Archive http://avondale.good.net/dl/bd/ 27c3-stream/releases/mkv http://achtbaan.nikhef.nl/27c3-stream/releases/mkv/ YouTube - ChRiStIaAn008's Channel http://www.youtube.com/user/ChRiStIaAn008 YouTube - HackingCons's Channel http://www.youtube.com/user/HackingCons Labs ISO's / VMs Web Security Dojo http://sourceforge.net/projects/websecuritydojo/ OWASP Broken Web applications Project http://code.google.com/p/owaspbwa/wiki/ProjectSummary Pentest Live CDs http://heorot.net/livecds/ NETinVM http://informatica.uv.es/~carlos/docencia/netinvm/ :: moth - Bonsai Information Security :: http://www.bonsai-sec.com/en/research/moth.php Metasploit: Introducing Metasploitable http://blog.metasploit.com/2010/05/introducing-metasploitable.html Holynix pen-test distribution http://pynstrom.net/holynix.php WackoPico http://gnacktrack.co.uk/download.php LAMPSecurity http://sourceforge.net/projects/lampsecurity/files/ Hacking-Lab.com LiveCD http://www.hacking-lab.com/news/newspage/livecd-v4.3-available.html Virtual Hacking Lab http://sourceforge.net/projects/virtualhacking/files/ Badstore.net http://www.badstore.net/ Mutillidae: A Deliberately Vulnerable Set Of PHP Scripts http://www.irongeek.com/i.php?page=security/mutillidae-deliberately-vulnerable-php-owasp-top-10 Damn Vulnerable Web App - DVWA http://www.dvwa.co.uk/ The ButterFly - Security Project http://sourceforge.net/projects/thebutterflytmp/ pWnOS about:blank Vulnerable Software Old Version Downloads - OldApps.com http://www.oldapps.com/ OldVersion.com http://www.oldversion.com/ Web Application exploits, php exploits, asp exploits http://www.exploit-db.com/webapps/ wavsep - Web Application Vulnerability Scanner Evaluation Project http://code.google.com/p/wavsep/downloads/list OWASP SiteGenerator - OWASP http://www.owasp.org/index.php/Owasp_SiteGenerator Hacme Books | McAfee Free Tools http://www.mcafee.com/us/downloads/free-tools/hacmebooks.aspx Hacme Casino v1.0 | McAfee Free Tools http://www.mcafee.com/us/downloads/free-tools/hacme-casino.aspx Hacme Shipping | McAfee Free Tools http://www.mcafee.com/us/downloads/free-tools/hacmeshipping.aspx Hacme Travel | McAfee Free Tools http://www.mcafee.com/us/downloads/free-tools/hacmetravel.aspx Test Sites Test Site http://www.webscantest.com/ CrackMeBank Investments http://crackme.cenzic.com/Kelev/view/home.php http://zero.webappsecurity.com http://zero.webappsecurity.com/banklogin.asp?serviceName=FreebankCaastAccess&templateName=prod_sel.forte&source=Freebank&AD_REFERRING_URL=http://www.Freebank.com acublog news http://testaspnet.vulnweb.com/ acuforum forums http://testasp.vulnweb.com/ Home of Acunetix Art http://testphp.vulnweb.com/ Altoro Mutual http://demo.testfire.net/ NT OBJECTives http://hackme.ntobjectives.com/ Methodologies Penetration Testing Framework http://www.vulnerabilityassessment.co.uk/Penetration%20Test.html The Penetration Testing Execution Standard http://www.pentest-standard.org/index.php/Main_Page Web Application Security Consortium (WASC) http://www.webappsec.org/projects/threat/ OWASP top 10 http://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project social-engineer.org http://www.social-engineer.org/ misc/unsorted http://www.ikkisoft.com/stuff/SMH_XSS.txt http://www.ikkisoft.com/stuff/SMH_XSS.txt XFS 101: Cross-Frame Scripting Explained | SecureState Information Security Blog http://securestate.blogspot.com/2010/08/xfs-101-cross-frame-scripting-explained.html?utm_source=twitterfeed&utm_medium=twitter What The Fuck Is My Information Security Strategy? http://whatthefuckismyinformationsecuritystrategy.com/ OWASP_DanielCutbert_Evolution_WebAppPenTest.mp4 http://video.google.com/videoplay?docid=4379894308228900017&q=owasp# DeepSec 2007 - Aaron Portnoy Cody Pierce - RPC Auditing Tools and Techniques http://video.google.com/videoplay?docid=4994651985041179755&ei=_1k4TKj-PI-cqAPioJnKDA&q=deepsec# extern blog SensePost; http://www.sensepost.com/blog/4552.html Zen One: PCI Compliance - Disable SSLv2 and Weak Ciphers http://blog.zenone.org/2009/03/pci-compliance-disable-sslv2-and-weak.html HD Moore on Metasploit, Exploitation and the Art of Pen Testing | threatpost http://threatpost.com/en_us/blogs/hd-moore-metasploit-exploitation-and-art-pen-testing-040210 Network Time Protocol (NTP) Fun | carnal0wnage.attackresearch.com http://carnal0wnage.attackresearch.com/node/410 black-box-scanners-dimva2010.pdf (application/pdf Object) http://www.cs.ucsb.edu/~adoupe/static/black-box-scanners-dimva2010.pdf Database_Pen_Testing_ISSA_March_25_V2.pdf (application/pdf Object) http://www.spy-hunter.com/Database_Pen_Testing_ISSA_March_25_V2.pdf Stupid htaccess Tricks • Perishable Press http://perishablepress.com/press/2006/01/10/stupid-htaccess-tricks/ MitM Introduction to dsniff - GIAC Certified Student Practical http://www.giac.org/certified_professionals/practicals/gsec/0810.php dsniff-n-mirror.pdf (application/pdf Object) http://www.linuxsecurity.com/docs/PDF/dsniff-n-mirror.pdf dsniff.pdf (application/pdf Object) http://www.cs.uiuc.edu/class/sp08/cs498sh/slides/dsniff.pdf A Hacker's Story: Let me tell you just how easily I can steal your personal data - Techvibes.com http://www.techvibes.com/blog/a-hackers-story-let-me-tell-you-just-how-easily-i-can-steal-your-personal-data ECCE101.pdf (application/pdf Object) http://www.mindcenter.net/uploads/ECCE101.pdf 3.pdf (application/pdf Object) http://toorcon.org/pres12/3.pdf Seven_Deadliest_UC_Attacks_Ch3.pdf (application/pdf Object) http://media.techtarget.com/searchUnifiedCommunications/downloads/Seven_Deadliest_UC_Attacks_Ch3.pdf cracking-air.pdf (application/pdf Object) http://packetstormsecurity.org/papers/wireless/cracking-air.pdf bh-europe-03-valleri.pdf (application/pdf Object) http://www.blackhat.com/presentations/bh-europe-03/bh-europe-03-valleri.pdf Costa.pdf (application/pdf Object) http://www.oact.inaf.it/ws-ssri/Costa.pdf defcon-17-sam_bowne-hijacking_web_2.0.pdf (application/pdf Object) http://www.defcon.org/images/defcon-17/dc-17-presentations/defcon-17-sam_bowne-hijacking_web_2.0.pdf Live_Hacking.pdf (application/pdf Object) http://mcafeeseminar.com/focus/downloads/Live_Hacking.pdf PasstheParcel-MITMGuide.pdf (application/pdf Object) http://www.seanobriain.com/docs/PasstheParcel-MITMGuide.pdf 2010JohnStrandKeynote.pdf (application/pdf Object) http://www.more.net/sites/default/files/2010JohnStrandKeynote.pdf 18.Ettercap_Spoof.pdf (application/pdf Object) http://www.leetupload.com/database/Misc/Papers/Asta%20la%20Vista/18.Ettercap_Spoof.pdf EtterCap ARP Spoofing & Beyond.pdf (application/pdf Object) http://bandwidthco.com/whitepapers/netforensics/arp/EtterCap%20ARP%20Spoofing%20&%20Beyond.pdf Fun With EtterCap Filters.pdf (application/pdf Object) http://bandwidthco.com/whitepapers/netforensics/arp/Fun%20With%20EtterCap%20Filters.pdf The_Magic_of_Ettercap.pdf (application/pdf Object) http://www.iac.iastate.edu/iasg/libarchive/0910/The_Magic_of_Ettercap/The_Magic_of_Ettercap.pdf arp_spoofing.pdf (application/pdf Object) http://articles.manugarg.com/arp_spoofing.pdf Ettercap(ManInTheMiddleAttack-tool).pdf (application/pdf Object) http://academy.delmar.edu/Courses/ITSY2430/eBooks/Ettercap(ManInTheMiddleAttack-tool).pdf ICTSecurity-2004-26.pdf (application/pdf Object) http://www.ucci.it/docs/ICTSecurity-2004-26.pdf ettercap_Nov_6_2005-1.pdf (application/pdf Object) http://web.mac.com/opticrealm/iWeb/asurobot/My%20Cyber%20Attack%20Papers/My%20Cyber%20Attack%20Papers_files/ettercap_Nov_6_2005-1.pdf MadIrish.net Mallory is More than a Proxy http://www.madirish.net/?article=470 Thicknet: It does more than Oracle, Steve Ocepek securityjustice on USTREAM. Computers http://www.ustream.tv/recorded/12777183 OSINT Presentations Enterprise Open Source Intelligence Gathering – Part 1 Social Networks — spylogic.net http://www.spylogic.net/2009/10/enterprise-open-source-intelligence-gathering-part-1-social-networks/ Enterprise Open Source Intelligence Gathering – Part 2 Blogs, Message Boards and Metadata — spylogic.net http://www.spylogic.net/2009/10/enterprise-open-source-intelligence-gathering-%e2%80%93-part-2-blogs-message-boards-and-metadata/ Enterprise Open Source Intelligence Gathering – Part 3 Monitoring and Social Media Policies — spylogic.net http://www.spylogic.net/2009/10/enterprise-open-source-intelligence-gathering-part-3-monitoring/ Tactical Information Gathering http://www.slideshare.net/Laramies/tactical-information-gathering document_metadata_the_silent_killer__32974 (application/pdf Object) http://www.sans.org/reading_room/whitepapers/privacy/document_metadata_the_silent_killer__32974 footprinting - passive information gathering before a pentest http://infond.blogspot.com/2010/05/toturial-footprinting.html People and Orginizational spokeo.com - People Search http://www.spokeo.com/ 123people.com http://www.123people.com/ Spoke.com - Business Directory http://www.spoke.com/ Business Network - Social Network for Business Professionals http://www.xing.com/ ZoomInfo http://zoominfo.com/ Pipl - People Search http://pipl.com/ Free People Search by ZabaSearch! http://www.zabasearch.com/ Free People Finder and Company Search | SearchBug http://www.searchbug.com/default.aspx Free People Search http://skipease.com/ Addictomatic: Inhale the Web http://addictomatic.com/ Real Time Search - Social Mention http://socialmention.com/ EntityCube http://entitycube.research.microsoft.com/ yasni.com | No. 1 free people search - Find anyone on the web http://www.yasni.com/ Tweepz.com - search, find and discover interesting people on twitter http://tweepz.com/ TweepSearch :: Twitter Profile and Bio Search http://tweepsearch.com/ Glassdoor.com - Company Salaries and Reviews http://www.glassdoor.com/index.htm Jigsaw Business Contact Directory http://www.jigsaw.com/ Full Text Search http://searchwww.sec.gov/EDGARFSClient/jsp/EDGAR_MainAccess.jsp TinEye Reverse Image Search http://www.tineye.com/ PeekYou http://www.peekyou.com/ PicFog - Quick Image Search http://picfog.com/ Twapper Keeper - "We save tweets" - Archive Tweets http://twapperkeeper.com/index.php White Pages | Email Lookup | People Find Tools at The Ultimates http://theultimates.com/ Infastructure Netcraft Uptime Survey http://uptime.netcraft.com/ SHODAN - Computer Search Engine http://www.shodanhq.com/ Domain Tools: Whois Lookup and Domain Suggestions http://www.domaintools.com/ Free online network utilities - traceroute, nslookup, automatic whois lookup, ping, finger http://centralops.net/co/ http://hackerfantastic.com/ http://hackerfantastic.com/ WHOIS and Reverse IP Service http://whois.webhosting.info/ MSN IP Search javascript:document.location%20=%20'http://ha.ckers.org/weird/ipsearch.cgi?'%20+%20document.domain SSL Labs - Projects / Public SSL Server Database - SSL Server Test https://www.ssllabs.com/ssldb/analyze.html MyIPNeighbors Reverse IP Lookup http://www.my-ip-neighbors.com/ Google Hacking Database, GHDB, Google Dorks http://www.exploit-db.com/google-dorks/ Domain - reports and all about ips, networks and dns http://www.serversniff.net/index.php net toolkit::index http://clez.net/ IHS | GHDB http://www.hackersforcharity.org/ghdb/ Passwords and Hashes Password Exploitation Class http://www.irongeek.com/i.php?page=videos/password-exploitation-class Default Passwords Database http://cirt.net/passwords Sinbad Security Blog: MS SQL Server Password Recovery http://sinbadsecurity.blogspot.com/2008/10/ms-sql-server-password-recovery.html Foofus Networking Services - Medusa::SMBNT http://www.foofus.net/~jmk/medusa/medusa-smbnt.html LM/NTLM Challenge / Response Authentication - Foofus.Net Security Stuff http://www.foofus.net/?page_id=63 MD5 Crackers | Password Recovery | Wordlist Downloads http://hashcrack.blogspot.com/ Password Storage Locations For Popular Windows Applications http://www.nirsoft.net/articles/saved_password_location.html Online Hash Crack MD5 / LM / NTLM / SHA1 / MySQL - Passwords recovery - Reverse hash lookup Online - Hash Calculator http://www.onlinehashcrack.com/ Requested MD5 Hash queue http://www.md5this.com/list.php? Virus.Org http://www.virus.org/default-password Default Password List http://www.phenoelit-us.org/dpl/dpl.html Electric Alchemy: Cracking Passwords in the Cloud: Breaking PGP on EC2 with EDPR http://news.electricalchemy.net/2009/10/cracking-passwords-in-cloud.html Wordlists "Crack Me If You Can" - DEFCON 2011 http://contest.korelogic.com/wordlists.html Packet Storm Word Lists http://packetstormsecurity.org/Crackers/wordlists/ Passwords - SkullSecurity http://www.skullsecurity.org/wiki/index.php/Passwords Index of /passwd/passwords http://www.ericheitzman.com/passwd/passwords/ Pass the Hash pass-the-hash-attacks-tools-mitigation_33283 (application/pdf Object) http://www.sans.org/reading_room/whitepapers/testing/pass-the-hash-attacks-tools-mitigation_33283 crack-pass-hash_33219 (application/pdf Object) http://www.sans.org/reading_room/whitepapers/testing/crack-pass-hash_33219 Reverse Engineering & Malware TiGa's IDA Video Tutorial Site http://www.woodmann.com/TiGa/idaseries.html Binary Auditing http://www.binary-auditing.com/ http://visi.kenshoto.com/ http://visi.kenshoto.com/ radare http://www.radare.org/y/ Offensive Computing | Community Malicious code research and analysis http://www.offensivecomputing.net/ Tools OSINT Edge-Security - theHarvester- Information Gathering http://www.edge-security.com/theHarvester.php DNSTRACER man-page http://www.mavetju.org/unix/dnstracer-man.php Maltego 3 http://www.paterva.com/web5/ Metadata document-metadata-silent-killer_32974 (application/pdf Object) http://www.sans.org/reading_room/whitepapers/privacy/document-metadata-silent-killer_32974 [strike out] http://lcamtuf.coredump.cx/strikeout/ ExifTool by Phil Harvey http://www.sno.phy.queensu.ca/~phil/exiftool/ Edge-Security - Metagoofil - Metadata analyzer - Information Gathering http://www.edge-security.com/metagoofil.php Security and Networking - Blog - Metadata Enumeration with FOCA http://www.darkoperator.com/blog/2009/4/24/metadata-enumeration-with-foca.html Google Hacking Midnight Research Labs - SEAT http://midnightresearch.com/projects/search-engine-assessment-tool/#downloads Google Hacking Diggity Project « Stach & Liu http://www.stachliu.com/index.php/resources/tools/google-hacking-diggity-project/ dorkScan.py http://voidnetwork.org/5ynL0rd/darkc0de/python_script/dorkScan.html Web BeEF http://www.bindshell.net/tools/beef BlindElephant Web Application Fingerprinter http://blindelephant.sourceforge.net/ XSSer: automatic tool for pentesting XSS attacks against different applications http://xsser.sourceforge.net/ RIPS | Download RIPS software for free at SourceForge.net http://sourceforge.net/projects/rips-scanner/ http://www.divineinvasion.net/authforce/ http://www.divineinvasion.net/authforce/ Attack and Defense Labs - Tools http://andlabs.org/tools.html#sotf Browser_Exploitation_for_Fun&Profit http://www.taddong.com/docs/Browser_Exploitation_for_Fun&Profit_Taddong-RaulSiles_Nov2010_v1.1.pdf Using sqid (SQL Injection Digger) to look for SQL Injection http://carnal0wnage.blogspot.com/2007/07/using-sqid-sql-injection-digger-to-look.html pinata-CSRF-tool http://code.google.com/p/pinata-csrf-tool/ XSSer: automatic tool for pentesting XSS attacks against different applications http://xsser.sourceforge.net/#intro Clickjacker http://www.contextis.co.uk/resources/tools/clickjacking-tool/ unicode-fun.txt ≈ Packet Storm http://packetstormsecurity.org/files/view/69896/unicode-fun.txt WebService-Attacker http://sourceforge.net/projects/ws-attacker/files/ Attack Strings fuzzdb - Project Hosting on Google Code http://code.google.com/p/fuzzdb/ OWASP Fuzzing Code Database - OWASP http://www.owasp.org/index.php/Category:OWASP_Fuzzing_Code_Database#tab=Statements Shells SourceForge.net: Yokoso! http://sourceforge.net/projects/yokoso/ AJAX/PHP Command Shell http://sourceforge.net/projects/ajaxshell/ Scanners w3af - Web Application Attack and Audit Framework http://w3af.sourceforge.net/ skipfish - Project Hosting on Google Code http://code.google.com/p/skipfish/ sqlmap: automatic SQL injection tool http://sqlmap.sourceforge.net/ SQID - SQL Injection digger http://sqid.rubyforge.org/#next http://www.packetstormsecurity.org/UNIX/scanners/XSSscan.py.txt http://www.packetstormsecurity.org/UNIX/scanners/XSSscan.py.txt WindowsAttack - fimap - Windows Attacking Example - Project Hosting on Google Code http://code.google.com/p/fimap/wiki/WindowsAttack fm-fsf - Project Hosting on Google Code http://code.google.com/p/fm-fsf/ Websecurify http://www.websecurify.com/ News :: Arachni - Web Application Security Scanner Framework http://arachni.segfault.gr/news rfiscan ≈ Packet Storm http://packetstormsecurity.org/UNIX/scanners/rfiscan2.py.txt lfi-rfi2 scanner ≈ Packet Storm http://packetstormsecurity.org/UNIX/scanners/lfi-rfi2.txt inspathx – Tool For Finding Path Disclosure Vulnerabilities http://www.darknet.org.uk/2010/09/inspathx-tool-for-finding-path-disclosure-vulnerabilities/ DotDotPwn - The Directory Traversal Fuzzer 2.1 ≈ Packet Storm http://packetstormsecurity.org/files/view/95399/dotdotpwn-v2.1.tar.gz Proxies Burp fuzzing-approach-credentials-discovery-burp-intruder_33214 (application/pdf Object) http://www.sans.org/reading_room/whitepapers/testing/fuzzing-approach-credentials-discovery-burp-intruder_33214 Constricting the Web: The GDS Burp API - Gotham Digital Science http://www.gdssecurity.com/l/b/2010/08/10/constricting-the-web-the-gds-burp-api/ Browse Belch - Burp External Channel v1.0 Files on SourceForge.net http://sourceforge.net/projects/belch/files/ Burp Suite Tutorial – Repeater and Comparer Tools « Security Ninja http://www.securityninja.co.uk/burp-suite-tutorial-repeater-and-comparer-tools w3af in burp http://blog.ombrepixel.com/ Attack and Defense Labs - Tools http://andlabs.org/tools.html#dser burp suite tutorial - English http://feoh.tistory.com/22 Moses Pelham http://www.facebook.com/mosespelham SensePost - reDuh - HTTP Tunneling Proxy http://www.sensepost.com/labs/tools/pentest/reduh OWASP WebScarab NG Project - OWASP http://www.owasp.org/index.php/OWASP_WebScarab_NG_Project Mallory: Transparent TCP and UDP Proxy – Intrepidus Group - Insight http://intrepidusgroup.com/insight/mallory/ Fiddler Web Debugger - A free web debugging tool http://www.fiddler2.com/fiddler2/ Watcher: Web security testing tool and passive vulnerability scanner http://websecuritytool.codeplex.com/documentation?referringTitle=Home X5S http://translate.google.com/translate?hl=en&sl=es&u=http://xss.codeplex.com/releases/view/43170&prev=/search%3Fq%3Dhttp://www.hackingeek.com/2010/08/x5s-encuentra-fallos-xss-lfi-rfi-en-tus.html%26hl%3Den&rurl=translate.google.com&twu=1 koto/squid-imposter - GitHub https://github.com/koto/squid-imposter Social Engineering Social Engineering Toolkit http://www.secmaniac.com/ Password Ncrack http://nmap.org/ncrack/ Medusa http://www.foofus.net/jmk/medusa/medusa.html JTR http://www.openwall.com/john/ Ophcrack http://ophcrack.sourceforge.net/ keimpx in action | 0x3f http://blog.0x3f.net/tool/keimpx-in-action/ keimpx - Project Hosting on Google Code http://code.google.com/p/keimpx/ hashkill http://sourceforge.net/projects/hashkill/ Metasploit markremark: Reverse Pivots with Metasploit - How NOT to make the lightbulb http://www.indepthdefense.com/2009/02/reverse-pivots-with-metasploit-how-not.html WmapNikto - msf-hack - One-sentence summary of this page. - Project Hosting on Google Code http://code.google.com/p/msf-hack/wiki/WmapNikto markremark: Metasploit Visual Basic Payloads in action http://www.indepthdefense.com/2009/01/metasploit-visual-basic-payloads-in.html Metasploit Mailing List http://seclists.org/metasploit/ PaulDotCom: Archives http://pauldotcom.com/2010/03/nessus-scanning-through-a-meta.html OpenSSH-Script for meterpreter available ! http://meterpreter.illegalguy.hostzi.com/ Metasploit: Automating the Metasploit Console http://blog.metasploit.com/2010/03/automating-metasploit-console.html 561 http://www.workrobot.com/sansfire2009/561.html Deploying Metasploit as a Payload on a Rooted Box Tutorial http://securitytube.net/Deploying-Metasploit-as-a-Payload-on-a-Rooted-Box-video.aspx Metasploit/MeterpreterClient - Wikibooks, collection of open-content textbooks http://en.wikibooks.org/wiki/Metasploit/MeterpreterClient#download SecTor 2010 - HD Moore - Beyond Exploits on Vimeo http://vimeo.com/16852783 XLSinjector « Milo2012's Security Blog http://milo2012.wordpress.com/2009/09/27/xlsinjector/ Armitage - Cyber Attack Management for Metasploit http://www.fastandeasyhacking.com/ Nsploit http://trac.happypacket.net/ neurosurgery-with-meterpreter http://www.blackhat.com/presentations/bh-dc-10/Ames_Colin/BlackHat-DC-2010-colin-david-neurosurgery-with-meterpreter-wp.pdf (automating msf) UAV-slides.pdf http://www.blackhat.com/presentations/bh-dc-10/Egypt/BlackHat-DC-2010-Egypt-UAV-slides.pdf MSF Exploits or Easy Tenable Network Security http://www.nessus.org/plugins/index.php?view=single&id=12204 Tenable Network Security http://www.nessus.org/plugins/index.php?view=single&id=11413 Tenable Network Security http://www.nessus.org/plugins/index.php?view=single&id=18021 Tenable Network Security http://www.nessus.org/plugins/index.php?view=single&id=26918 Tenable Network Security http://www.nessus.org/plugins/index.php?view=single&id=34821 Tenable Network Security http://www.nessus.org/plugins/index.php?view=single&id=22194 Tenable Network Security http://www.nessus.org/plugins/index.php?view=single&id=34476 Tenable Network Security http://www.nessus.org/plugins/index.php?view=single&id=25168 Tenable Network Security http://www.nessus.org/plugins/index.php?view=single&id=19408 Tenable Network Security http://www.nessus.org/plugins/index.php?view=single&id=21564 Tenable Network Security http://www.nessus.org/plugins/index.php?view=single&id=10862 Tenable Network Security http://www.nessus.org/plugins/index.php?view=single&id=26925 Tenable Network Security http://www.nessus.org/plugins/index.php?view=single&id=29314 Tenable Network Security http://www.nessus.org/plugins/index.php?view=single&id=23643 Tenable Network Security http://www.nessus.org/plugins/index.php?view=single&id=12052 Tenable Network Security http://www.nessus.org/plugins/index.php?view=single&id=34477 Tenable Network Security http://www.nessus.org/plugins/index.php?view=single&id=15962 Tenable Network Security http://www.nessus.org/plugins/index.php?view=single&id=42106 Tenable Network Security http://www.nessus.org/plugins/index.php?view=single&id=15456 Tenable Network Security http://www.nessus.org/plugins/index.php?view=single&id=21689 Tenable Network Security http://www.nessus.org/plugins/index.php?view=single&id=12205 Tenable Network Security http://www.nessus.org/plugins/index.php?view=single&id=22182 Tenable Network Security http://www.nessus.org/plugins/index.php?view=single&id=26919 Tenable Network Security http://www.nessus.org/plugins/index.php?view=single&id=26921 Tenable Network Security http://www.nessus.org/plugins/index.php?view=single&id=21696 Tenable Network Security http://www.nessus.org/plugins/index.php?view=single&id=40887 Tenable Network Security http://www.nessus.org/plugins/index.php?view=single&id=10404 Tenable Network Security http://www.nessus.org/plugins/index.php?view=single&id=18027 Tenable Network Security http://www.nessus.org/plugins/index.php?view=single&id=19402 Tenable Network Security http://www.nessus.org/plugins/index.php?view=single&id=11790 Tenable Network Security http://www.nessus.org/plugins/index.php?view=single&id=12209 Tenable Network Security http://www.nessus.org/plugins/index.php?view=single&id=10673 NSE Nmap Scripting Engine Primer Tutorial http://securitytube.net/Nmap-Scripting-Engine-Primer-video.aspx NSEDoc Reference Portal http://nmap.org/nsedoc/ Net Scanners & Scripts Nmap http://nmap.org/ Information Gathering With Nmap « Penetration Testing Lab http://pentestlab.wordpress.com/2013/02/16/information-gathering-with-nmap/?goback=%2Egde_4217258_member_214808738 sambascan2 - SMB scanner http://asturio.gmxhome.de/software/sambascan2/i.html SoftPerfect Network Scanner http://www.softperfect.com/products/networkscanner/ OpenVAS http://www.openvas.org/ Nessus Community | Tenable Network Security http://tenable.com/products/nessus Nexpose Community | Rapid7 http://www.rapid7.com/vulnerability-scanner.jsp Retina Community http://www.eeye.com/products/retina/community Post Exploitation http://www.awarenetwork.org/home/rattle/source/python/exe2bat.py http://www.awarenetwork.org/home/rattle/source/python/exe2bat.py Metacab | PHX2600 http://www.phx2600.org/archive/2008/08/29/metacab/ Netcat Re: Your favorite Ncat/nc/Netcat trick? - ReadList.com http://readlist.com/lists/insecure.org/nmap-dev/1/7779.html ads.pdf (application/pdf Object) http://www.radarhack.com/tutorial/ads.pdf Netcat_for_the_Masses_DDebeer.pdf (application/pdf Object) http://www.infosecwriters.com/text_resources/pdf/Netcat_for_the_Masses_DDebeer.pdf netcat_cheat_sheet_v1.pdf (application/pdf Object) http://www.sans.org/security-resources/sec560/netcat_cheat_sheet_v1.pdf socat http://www.dest-unreach.org/socat/ NetCat tutorial: Day1 [Archive] - Antionline Forums - Maximum Security for a Connected World http://www.antionline.com/archive/index.php/t-230603.html Netcat tricks « Jonathan’s Techno-tales http://technotales.wordpress.com/2009/06/14/netcat-tricks/ Nmap Development: Re: Your favorite Ncat/nc/Netcat trick? http://seclists.org/nmap-dev/2009/q1/581 Few Useful Netcat Tricks « Terminally Incoherent http://www.terminally-incoherent.com/blog/2007/08/07/few-useful-netcat-tricks/ Skoudis_pentestsecrets.pdf (application/pdf Object) http://www.inguardians.com/research/docs/Skoudis_pentestsecrets.pdf Cracked, inSecure and Generally Broken: Netcat http://gse-compliance.blogspot.com/2008/07/netcat.html Ncat for Netcat Users http://junker.org/~tkh16/ncat-for-netcat-users.php Source Inspection Graudit - Just Another Hacker http://www.justanotherhacker.com/projects/graudit.html javasnoop - Project Hosting on Google Code http://code.google.com/p/javasnoop/ Firefox Addons David's Pen Testing (Security) Collection :: Collections :: Pengaya untuk Firefox https://addons.mozilla.org/id/firefox/collections/byrned/pentesting/?page=8 OSVDB :: Add-ons for Firefox https://addons.mozilla.org/en-US/firefox/addon/osvdb/ Packet Storm search plugin. :: Add-ons for Firefox https://addons.mozilla.org/en-US/firefox/addon/packet-storm-search-plugin/ Default Passwords - CIRT.net :: Add-ons for Firefox https://addons.mozilla.org/en-US/firefox/addon/default-passwords-cirtne-58786/ Offsec Exploit-db Search :: Add-ons for Firefox https://addons.mozilla.org/en-US/firefox/addon/offsec-exploit-db-search/ OVAL repository search plugin :: Add-ons for Firefox https://addons.mozilla.org/en-US/firefox/addon/oval-repository-search-plugin/ CVE ® dictionary search plugin :: Add-ons for Firefox https://addons.mozilla.org/en-US/firefox/addon/cve-dictionary-search-plugin/ HackBar :: Add-ons for Firefox https://addons.mozilla.org/en-US/firefox/addon/hackbar/ Tool Listings .:[ packet storm ]:. - tools http://www.packetstormsecurity.org/tools100.html Security and Hacking Tools http://tools.securitytube.net/index.php?title=Main_Page Training/Classes Sec / Hacking Penetration Testing and Vulnerability Analysis - Home http://pentest.cryptocity.net/ Network Sniffers Class for the Kentuckiana ISSA 2011 (Hacking Illustrated Series InfoSec Tutorial Videos) http://www.irongeek.com/i.php?page=videos/network-sniffers-class CNIT 124: Advanced Ethical Hacking -- Sam Bowne http://samsclass.info/124/124_Sum09.shtml CS 279 - Advanced Topics in Security http://www.cs.ucsb.edu/~vigna/courses/cs279/ CS142 Web Programming and Security - Stanford http://crypto.stanford.edu/cs142/ CS155 Computer and Network Security - Stanford http://crypto.stanford.edu/cs155/ CSE 227: Computer Security - UCSD http://cseweb.ucsd.edu/classes/wi09/cse227/ CS 161: Computer Security - UC Berkley http://www-inst.eecs.berkeley.edu/~cs161/sp11/ Security Talks - UCLA http://security.ucla.edu/pages/Security_Talks CSCI 4971 Secure Software Principles - RPI http://www.cs.rpi.edu/academics/courses/spring10/csci4971/ MCS 494 UNIX Security Holes http://cr.yp.to/2004-494.html Software Security - CMU http://www.ece.cmu.edu/~dbrumley/courses/18732-f09/ T-110.6220 Special Topics in Ifocsec -TKK https://noppa.tkk.fi/noppa/kurssi/t-110.6220/luennot Sec and Infosec Related - MIT http://stuff.mit.edu/iap/2009/#websecurity Metasploit Metasploit Unleashed http://www.offensive-security.com/metasploit-unleashed/ Metasploit Class Videos (Hacking Illustrated Series InfoSec Tutorial Videos) http://www.irongeek.com/i.php?page=videos/metasploit-class Metasploit Megaprimer 300+ mins of video http://www.ethicalhacker.net/component/option,com_smf/Itemid,54/topic,6158.0/ Metasploit Tips and Tricks - Ryan Linn http://vimeo.com/16925188 OffSecOhioChapter, Metasploit Class2 - Part1 http://www.ustream.tv/recorded/13396511 OffSecOhioChapter, Metasploit Class2 - Part2 http://www.ustream.tv/recorded/13397426 OffSecOhioChapter, Metasploit Class2 - Part3 http://www.ustream.tv/recorded/13398740 Programming Python Google's Python Class - Google's Python Class - Google Code http://code.google.com/edu/languages/google-python-class/index.html Python en:Table of Contents - Notes http://www.swaroopch.com/notes/Python_en:Table_of_Contents TheNewBoston – Free Educational Video Tutorials on Computer Programming and More! » Python http://www.thenewboston.com/?cat=40&pOpen=tutorial Python Videos, Tutorials and Screencasts http://showmedo.com/videotutorials/python Learning Python Programming Language Through Video Lectures - good coders code, great reuse http://www.catonmat.net/blog/learning-python-programming-language-through-video-lectures/ Ruby Video Tutorials - Technology Demonstrations - tekniqal.com http://www.tekniqal.com/ Other/Misc CS490 Windows Internals http://www.cs.sjtu.edu.cn/~kzhu/cs490/ T-110.6220 Lectures - Noppa - TKK https://noppa.tkk.fi/noppa/kurssi/t-110.6220/luennot/ Index of /edu/training/ss/lecture/new-documents/Lectures http://i-web.i.u-tokyo.ac.jp/edu/training/ss/lecture/new-documents/Lectures/  InfoSec Resources http://resources.infosecinstitute.com/ Robert Hansen on Vimeo http://vimeo.com/user2720399 Web Vectors SQLi MSSQL Injection Cheat Sheet - pentestmonkey.net http://pentestmonkey.net/blog/mssql-sql-injection-cheat-sheet/ SQL Injection Cheat Sheet http://ferruh.mavituna.com/sql-injection-cheatsheet-oku/ EvilSQL Cheatsheet http://www.evilsql.com/main/index.php RSnake SQL Injection Cheatsheet http://ha.ckers.org/sqlinjection/ Mediaservice.net SQLi Cheatsheet http://lab.mediaservice.net/notes_more.php?id=MSSQL MySQL Injection Cheat Sheet http://old.justinshattuck.com/2007/01/18/mysql-injection-cheat-sheet/ Full MSSQL Injection PWNage http://xd-blog.com.ar/descargas/manuales/bugs/full-mssql-injection-pwnage.html MS Access SQL Injection Cheat Sheet » krazl - â„¢ ķЯαž£ â„¢ - bloggerholic http://www.krazl.com/blog/?p=3 MS Access SQL Injection Cheat Sheet http://web.archive.org/web/20080822123152/http://www.webapptest.org/ms-access-sql-injection-cheat-sheet-EN.html Penetration Testing: Access SQL Injection http://web.archive.org/web/20101112061524/http://seclists.org/pen-test/2003/May/0074.html Testing for MS Access - OWASP http://www.owasp.org/index.php/Testing_for_MS_Access Security Override - Articles: The Complete Guide to SQL Injections http://securityoverride.com/articles.php?article_id=1&article=The_Complete_Guide_to_SQL_Injections Obfuscated SQL Injection attacks http://isc.sans.edu/diary.html?storyid=9397 Exploiting hard filtered SQL Injections « Reiners’ Weblog http://websec.wordpress.com/2010/03/19/exploiting-hard-filtered-sql-injections/ SQL Injection Attack http://sqlzoo.net/hack/ YouTube - Joe McCray - Advanced SQL Injection - LayerOne 2009 http://www.youtube.com/watch?v=WkHkryIoLD0 Joe McCray - Advanced SQL Injection - L1 2009.pdf (application/pdf Object) http://layerone.info/archives/2009/Joe%20McCray%20-%20Advanced%20SQL%20Injection%20-%20L1%202009.pdf Joseph McCray SQL Injection http://vimeo.com/3418947 sla.ckers.org web application security forum :: Obfuscation :: SQL filter evasion http://sla.ckers.org/forum/read.php?24,33903 sqli2.pdf (application/pdf Object) http://websec.files.wordpress.com/2010/11/sqli2.pdf SQL Server Version - SQLTeam.com http://www.sqlteam.com/article/sql-server-versions Overlooked SQL Injection 20071021.pdf (application/pdf Object) http://www.securityexperiment.com/se/documents/Overlooked%20SQL%20Injection%2020071021.pdf SQLInjectionCommentary20071021.pdf (application/pdf Object) http://www.securityexperiment.com/se/documents/SQLInjectionCommentary20071021.pdf uploadtricks bypassing upload file type - Google Search http://www.google.com/#hl=en&q=bypassing+upload+file+type&start=40&sa=N&fp=a2bb30ecf4f91972 Skeptikal.org: Adobe Responds... Sort Of http://blog.skeptikal.org/2009/11/adobe-responds-sort-of.html Secure File Upload in PHP Web Applications | INSIC DESIGNS http://blog.insicdesigns.com/2009/01/secure-file-upload-in-php-web-applications/ Stupid htaccess Tricks • Perishable Press http://perishablepress.com/press/2006/01/10/stupid-htaccess-tricks/ Tricks and Tips: Bypassing Image Uploaders. - By: t3hmadhatt3r http://ex.ploit.net/f20/tricks-tips-bypassing-image-uploaders-t3hmadhatt3r-38/ Security FCKeditor ADS File Upload Vulnerability - Windows Only http://www.ravenphpscripts.com/article2974.html Cross Site Scripting scanner – Free XSS Security Scanner http://www.acunetix.com/cross-site-scripting/scanner.htm VUPEN - Microsoft IIS File Extension Processing Security Bypass Vulnerability / Exploit (Security Advisories - VUPEN/ADV-2009-3634) http://www.vupen.com/english/advisories/2009/3634 Uploading Files Using the File Field Control http://msdn.microsoft.com/en-us/library/aa478971.aspx TangoCMS - Security #237: File Upload Filter Bypass in TangoCMS <=2.5.0 - TangoCMS Project http://dev.tangocms.org/issues/237 Full Disclosure: Zeroboard File Upload & extension bypass Vulnerability http://seclists.org/fulldisclosure/2006/Jun/508 Cross-site File Upload Attacks | GNUCITIZEN http://www.gnucitizen.org/blog/cross-site-file-upload-attacks/ TikiWiki jhot.php Script File Upload Security Bypass Vulnerability http://www.ipolicynetworks.com/technology/files/TikiWiki_jhot.php_Script_File_Upload_Security_Bypass_Vulnerability.html FileUploadSecurity - SH/SC Wiki http://shsc.info/FileUploadSecurity LFI/RFI http://pastie.org/840199 http://pastie.org/840199 Exploiting PHP File Inclusion – Overview « Reiners’ Weblog http://websec.wordpress.com/2010/02/22/exploiting-php-file-inclusion-overview/ LFI..Code Exec..Remote Root! http://www.notsosecure.com/folder2/2010/08/20/lfi-code-exec-remote-root/?utm_source=twitterfeed&utm_medium=twitter Local File Inclusion – Tricks of the Trade « Neohapsis Labs http://labs.neohapsis.com/2008/07/21/local-file-inclusion-%E2%80%93-tricks-of-the-trade/ Blog, When All You Can Do Is Read - DigiNinja http://www.digininja.org/blog/when_all_you_can_do_is_read.php XSS The Anatomy of Cross Site Scripting http://www.infosecwriters.com/hhworld/hh8/csstut.htm Whitepapers - www.technicalinfo.net http://www.technicalinfo.net/papers/CSS.html Cross-Site Scripting (XSS) – no script required - Tales from the Crypto http://msmvps.com/blogs/alunj/archive/2010/07/07/1773441.aspx Guide Cross Site Scripting - Attack and Defense guide - InterN0T - Underground Security Training http://forum.intern0t.net/web-hacking-war-games/112-cross-site-scripting-attack-defense-guide.html BlackHat-EU-2010-Lindsay-Nava-IE8-XSS-Filters-slides.pdf (application/pdf Object) https://media.blackhat.com/bh-eu-10/presentations/Lindsay_Nava/BlackHat-EU-2010-Lindsay-Nava-IE8-XSS-Filters-slides.pdf sirdarckcat: Our Favorite XSS Filters and how to Attack them http://sirdarckcat.blogspot.com/2009/08/our-favorite-xss-filters-and-how-to.html Filter Evasion – Houdini on the Wire « Security Aegis http://www.securityaegis.com/filter-evasion-houdini-on-the-wire/ HTML5 Security Cheatsheet http://heideri.ch/jso/#javascript XSS - Cross Site Scripting http://www.reddit.com/r/xss/ sla.ckers.org web application security forum :: XSS Info http://sla.ckers.org/forum/list.php?2 [DOM Based Cross Site Scripting or XSS of the Third Kind] Web Security Articles - Web Application Security Consortium http://www.webappsec.org/projects/articles/071105.shtml What's Possible with XSS? http://www.12robots.com/index.cfm/2010/9/14/Whats-Possible-with-XSS--Security-Series-81 Coldfusion ColdFusion directory traversal FAQ (CVE-2010-2861) | GNUCITIZEN http://www.gnucitizen.org/blog/coldfusion-directory-traversal-faq-cve-2010-2861/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+gnucitizen+%28GNUCITIZEN%29&utm_content=Twitter Attacking ColdFusion. | Sigurnost i zastita informacija http://zastita.com/02114/Attacking_ColdFusion..html Attacking ColdFusion http://www.nosec.org/2010/0809/629.html HP Blogs - Adobe ColdFusion's Directory Traversal Disaster - The HP Blog Hub http://h30507.www3.hp.com/t5/Following-the-White-Rabbit-A/Adobe-ColdFusion-s-Directory-Traversal-Disaster/ba-p/81964 254_ShlomyGantz_August2009_HackProofingColdFusion.pdf (application/pdf Object) http://cfunited.com/2009/files/presentations/254_ShlomyGantz_August2009_HackProofingColdFusion.pdf Adobe XML Injection Metasploit Module | carnal0wnage.attackresearch.com http://carnal0wnage.attackresearch.com/node/436?utm_source=twitterfeed&utm_medium=twitter Computer Security Blog: PR10-08 Various XSS and information disclosure flaws within Adobe ColdFusion administration console http://r00tsec.blogspot.com/2011/03/pr10-08-various-xss-and-information.html SharePoint The Ethical Hacker Network - Pen Testing Sharepoint http://www.ethicalhacker.net/component/option,com_smf/Itemid,54/topic,6131.msg32678/#msg32678 Lotus Lotus Notes/Domino Security - David Robert's -castlebbs- Blog http://blog.ombrepixel.com/post/2009/05/06/Lotus-Notes/Domino-Security Penetration Testing: Re: Lotus Notes http://seclists.org/pen-test/2002/Nov/43 Hacking Lotus Domino | SecTechno http://www.sectechno.com/2010/07/12/hacking-lotus-domino/?utm_source=twitterfeed&utm_medium=twitter&utm_campaign=Feed%3A+Sectechno+%28SecTechno%29&utm_content=Twitter jboss Whitepaper-Hacking-jBoss-using-a-Browser.pdf (application/pdf Object) http://www.nruns.com/_downloads/Whitepaper-Hacking-jBoss-using-a-Browser.pdf Minded Security Blog: Good Bye Critical Jboss 0day http://blog.mindedsecurity.com/2010/04/good-bye-critical-jboss-0day.html vmware web Metasploit Penetration Testing Framework - Module Browser http://www.metasploit.com/modules/auxiliary/scanner/http/vmware_server_dir_trav Oracle appserver hideaway [dot] net: Hacking Oracle Application Servers http://www.hideaway.net/2007/07/hacking-oracle-application-servers.html Testing for Oracle - OWASP http://www.owasp.org/index.php/Testing_for_Oracle OraScan http://www.ngssoftware.com/services/software-products/internet-security/orascan.aspx NGSSQuirreL for Oracle http://www.ngssoftware.com/services/software-products/Database-Security/NGSSQuirreLOracle.aspx hpoas.pdf (application/pdf Object) http://www.ngssoftware.com/papers/hpoas.pdf SAP Onapsis | Research Labs http://www.onapsis.com/research.html#bizploit '[john-users] patch for SAP-passwords (BCODE & PASSCODE)' - MARC http://marc.info/?l=john-users&m=121444075820309&w=2 Phenoelit SAP exploits http://www.phenoelit-us.org/whatSAP/index.html Wireless pyrit - WPA/WPA2-PSK and a world of affordable many-core platforms - Google Project Hosting http://code.google.com/p/pyrit/ Certified Ethical Hacker Video CBT http://www.w1zsec.info/ceh/
Thursday, February 21, 2013
Links I like!! Capture the Flag/Wargames http://intruded.net/ http://intruded.net/ SmashTheStack Wargaming Network http://smashthestack.org/ flack & hkpco.kr http://flack.hkpco.kr/ HC's Capture the Flag site http://ctf.hcesperer.org/ The UCSB iCTF http://ictf.cs.ucsb.edu/ CTF Calendar http://capture.thefl.ag/calendar/ Cheat Sheets and Syntax Big Port DB | Cirt http://cirt.net/ports_dl.php?export=services Cheat Sheet : All Cheat Sheets in one page http://www.cheat-sheets.org/ Security Advancements at the Monastery » Blog Archive » What’s in Your Folder: Security Cheat Sheets http://blog.securitymonks.com/2009/08/15/whats-in-your-folder-security-cheat-sheets/ Agile Hacking Agile Hacking: A Homegrown Telnet-based Portscanner | GNUCITIZEN http://www.gnucitizen.org/blog/agile-hacking-a-homegrown-telnet-based-portscanner/ Command Line Kung Fu http://blog.commandlinekungfu.com/ Simple yet effective: Directory Bruteforcing http://www.securityaegis.com/simple-yet-effective-directory-bruteforcing/ The Grammar of WMIC http://isc.sans.edu/diary.html?storyid=2376 Windows Command-Line Kung Fu with WMIC http://isc.sans.edu/diary.html?storyid=1229 Windows CMD Commands http://ss64.com/nt/ running a command on every mac http://pauldotcom.com/2010/02/running-a-command-on-every-mac.html Syn: Command-Line Ninjitsu http://synjunkie.blogspot.com/2008/03/command-line-ninjitsu.html WMIC, the other OTHER white meat. http://www.zonbi.org/?p=253 Hacking Without Tools: Windows - RST http://rstcenter.com/forum/22324-hacking-without-tools-windows.rst Pentesting Ninjitsu 1 http://www.coresecurity.com/files/attachments/Core_Define_and_Win_Cmd_Line.pdf Pentesting Ninjitsu 2 Infrastructure and Netcat without Netcat http://www.scribd.com/Penetration-Testing-Ninjitsu2-Infrastructure-and-Netcat-without-Netcat/d/3064507 [PenTester Scripting] http://www.pentesterscripting.com/ windows-scripting-COM-tricks http://www.sans.org/reading_room/whitepapers/hackers/windows-script-host-hack-windows_33583 Advanced-Command-Exploitation http://www.blackhat.com/presentations/bh-dc-10/Bannedit/BlackHat-DC-2010-Bannedit-Advanced-Command-Injection-Exploitation-1-wp.pdf OS & Scripts IPv4 subnetting reference - Wikipedia, the free encyclopedia http://en.wikipedia.org/wiki/IPv4_subnetting_reference All the Best Linux Cheat Sheets http://www.nixtutor.com/linux/all-the-best-linux-cheat-sheets/ SHELLdorado - Shell Tips & Tricks (Beginner) http://shelldorado.com/shelltips/beginner.html Linux Survival :: Where learning Linux is easy http://www.linuxsurvival.com/ BashPitfalls - Greg's Wiki http://mywiki.wooledge.org/BashPitfalls Rubular: a Ruby regular expression editor and tester http://rubular.com/ http://www.iana.org/assignments/port-numbers http://www.iana.org/assignments/port-numbers Useful commands for Windows administrators http://www.robvanderwoude.com/ntadmincommands.php Rubular: a Ruby regular expression editor http://rubular.com/ Tools netcat cheat sheet (ed skoudis) http://www.sans.org/security-resources/sec560/netcat_cheat_sheet_v1.pdf nessus/nmap (older) http://www.secguru.com/files/cheatsheet/nessusNMAPcheatSheet.pdf hping3 cheatsheet http://sbdtools.googlecode.com/files/hping3_cheatsheet_v1.0-ENG.pdf Nmap 5 (new) http://sbdtools.googlecode.com/files/Nmap5%20cheatsheet%20eng%20v1.pdf MSF, Fgdump, Hping http://www.sans.org/security-resources/sec560/misc_tools_sheet_v1.pdf Metasploit meterpreter cheat sheet reference http://rmccurdy.com/scripts/Metasploit%20meterpreter%20cheat%20sheet%20reference.html Netcat cheat sheet http://h.ackack.net/cheat-sheets/netcat Conferences Information Security Conferences Calnedar https://www.google.com/calendar/embed?src=pe2ikdbe6b841od6e26ato0asc@group.calendar.google.com&gsessionid=OK Distros BackTrack Linux http://www.backtrack-linux.org/ Matriux http://www.matriux.com/ nUbuntu http://www.nubuntu.org/ Samurai Web Testing Framework http://samurai.inguardians.com/ OWASP Live CD Project http://www.owasp.org/index.php/Category:OWASP_Live_CD_Project Pentoo https://pentoo.ch/ Katana http://www.hackfromacave.com/articles_and_adventures/katana_v2_release.html KON-BOOT http://www.piotrbania.com/all/kon-boot/ Welcome to Linux From Scratch! http://www.linuxfromscratch.org/ SUMO Linux http://sumolinux.suntzudata.com/ pentesting packages for ubuntu http://blog.0x0e.org/2009/11/20/pentesting-with-an-ubuntu-box/#comments BackBox Linux | Flexible Penetration Testing Distribution http://www.backbox.org/ Exploitation Intro Exploitation - it-sec-catalog - References to vulnerability exploitation stuff. - Project Hosting on Google Code http://code.google.com/p/it-sec-catalog/wiki/Exploitation Myne-us: From 0x90 to 0x4c454554, a journey into exploitation. http://myne-us.blogspot.com/2010/08/from-0x90-to-0x4c454554-journey-into.html Past, Present, Future of Windows Exploitation | Abysssec Security Research http://www.abysssec.com/blog/2010/05/past-present-future-of-windows-exploitation/ Smash the Stack 2010 http://mariano-graziano.llab.it/docs/report.pdf The Ethical Hacker Network - Smashing The Modern Stack For Fun And Profit http://www.ethicalhacker.net/content/view/122/2/ x9090's Blog: [TUTORIAL] Exploit Writting Tutorial From Basic To Intermediate http://x9090.blogspot.com/2010/03/tutorial-exploit-writting-tutorial-from.html X86 Opcode and Instruction Reference http://ref.x86asm.net/index.html Exploits and Advisories .:[ packet storm ]:. http://www.packetstormsecurity.org/ CVE - Common Vulnerabilities and Exposures (CVE) http://cve.mitre.org/ CVE security vulnerability database http://cvedetails.com/ NIST http://nvd.nist.gov/ Nullbyte.Org.IL http://www.nullbyte.org.il/Index.html OSVDB: The Open Source Vulnerability Database http://osvdb.org/ SecDocs IT Security and Hacking knowledge base http://secdocs.lonerunners.net/ Secunia.com http://secunia.com/ SecurityFocus http://www.securityfocus.com/bid SecurityForest http://www.securityforest.com/wiki/index.php/Main_Page The Exploit Database http://www.exploit-db.com/ Hacker Media Blogs worth it Carnal0wnage http://carnal0wnage.blogspot.com/ McGrew Security http://www.mcgrewsecurity.com/ Blog | GNUCITIZEN http://www.gnucitizen.org/blog/ Darknet http://www.darknet.org.uk/ spylogic.net http://www.spylogic.net/ TaoSecurity http://taosecurity.blogspot.com/ Room362.com http://www.room362.com/ SIPVicious http://blog.sipvicious.org/ PortSwigger.net http://blog.portswigger.net/ Blog - pentestmonkey.net http://pentestmonkey.net/blog/ Jeremiah Grossman http://jeremiahgrossman.blogspot.com/ omg.wtf.bbq. http://i8jesus.com/ CатÑн²² (in)sеÑuÑitу http://blog.c22.cc/ SkullSecurity http://www.skullsecurity.org/blog/ Metasploit http://blog.metasploit.com/ Security and Networking http://www.darkoperator.com/ Skeptikal.org http://blog.skeptikal.org/ Digital Soapbox http://preachsecurity.blogspot.com/ tssci security http://www.tssci-security.com/ Blog - Gotham Digital Science http://www.gdssecurity.com/l/b/ Reiners’ Weblog http://websec.wordpress.com/ Bernardo Damele A. G. http://bernardodamele.blogspot.com/ Laramies Corner http://laramies.blogspot.com/ Attack and Defense Labs http://blog.andlabs.org/ Billy (BK) Rios http://xs-sniper.com/blog/ Common Exploits http://www.commonexploits.com/ extern blog SensePost; http://www.sensepost.com/blog/ Weapons of Mass Analysis http://wepma.blogspot.com/ Exploit KB http://exploit.co.il/ Security Reliks http://securityreliks.wordpress.com/ MadIrish.net http://www.madirish.net/index.html sirdarckcat http://sirdarckcat.blogspot.com/ Reusable Security http://reusablesec.blogspot.com/ Myne-us http://myne-us.blogspot.com/ www.notsosecure.com http://www.notsosecure.com/folder2/ SpiderLabs Anterior http://blog.spiderlabs.com/ Corelan Team | Peter Van Eeckhoutte (corelanc0d3r) http://www.corelan.be/ DigiNinja http://www.digininja.org/ Home Of PaulDotCom Security Podcast http://www.pauldotcom.com/ Attack Vector http://www.attackvector.org/ deviating.net http://deviating.net/ Alpha One Labs http://www.alphaonelabs.com/ SmashingPasswords.com http://www.smashingpasswords.com/ wirewatcher http://wirewatcher.wordpress.com/ gynvael.coldwind//vx.log http://gynvael.coldwind.pl/ Nullthreat Security http://www.nullthreat.net/ Archangel Amael's BT Tutorials http://archangelamael.blogspot.com/ memset's blog http://memset.wordpress.com/ ihasomgsecurityskills http://sickness.tor.hu/ punter-infosec http://punter-infosec.com/ Security Ninja http://www.securityninja.co.uk/ Security and risk http://securityandrisk.blogspot.com/ GRM n00bs http://www.grmn00bs.com/ Kioptrix http://www.kioptrix.com/blog/ ::eSploit:: http://esploit.blogspot.com/ PenTestIT — Your source for Information Security Related information! http://www.pentestit.com/ Forums BackTrack Forums http://www.backtrack-linux.org/forums/ EliteHackers.info http://www.elitehackers.info/forums/ InterN0T forum http://forum.intern0t.net/ Government Security http://www.governmentsecurity.org/forum/ Hack This Site Forum http://www.hackthissite.org/forums/index.php iExploit Hacking Forum http://www.iexploit.org/ Security Override http://securityoverride.com/forum/index.php bright-shadows.net http://bright-shadows.net/ ethicalhacker.net http://www.ethicalhacker.net/ sla.ckers.org http://sla.ckers.org/forum/index.php Magazines (IN)SECURE Magazine http://www.net-security.org/insecuremag.php http://hakin9.org/ http://hakin9.org/ Video The Hacker News Network http://www.hackernews.com/ Security Tube http://www.securitytube.net/ Irongeek -Hacking Illustrated http://www.irongeek.com/i.php?page=videos/aide-winter-2011 SecCon Archive http://avondale.good.net/dl/bd/ 27c3-stream/releases/mkv http://achtbaan.nikhef.nl/27c3-stream/releases/mkv/ YouTube - ChRiStIaAn008's Channel http://www.youtube.com/user/ChRiStIaAn008 YouTube - HackingCons's Channel http://www.youtube.com/user/HackingCons Labs ISO's / VMs Web Security Dojo http://sourceforge.net/projects/websecuritydojo/ OWASP Broken Web applications Project http://code.google.com/p/owaspbwa/wiki/ProjectSummary Pentest Live CDs http://heorot.net/livecds/ NETinVM http://informatica.uv.es/~carlos/docencia/netinvm/ :: moth - Bonsai Information Security :: http://www.bonsai-sec.com/en/research/moth.php Metasploit: Introducing Metasploitable http://blog.metasploit.com/2010/05/introducing-metasploitable.html Holynix pen-test distribution http://pynstrom.net/holynix.php WackoPico http://gnacktrack.co.uk/download.php LAMPSecurity http://sourceforge.net/projects/lampsecurity/files/ Hacking-Lab.com LiveCD http://www.hacking-lab.com/news/newspage/livecd-v4.3-available.html Virtual Hacking Lab http://sourceforge.net/projects/virtualhacking/files/ Badstore.net http://www.badstore.net/ Mutillidae: A Deliberately Vulnerable Set Of PHP Scripts http://www.irongeek.com/i.php?page=security/mutillidae-deliberately-vulnerable-php-owasp-top-10 Damn Vulnerable Web App - DVWA http://www.dvwa.co.uk/ The ButterFly - Security Project http://sourceforge.net/projects/thebutterflytmp/ pWnOS about:blank Vulnerable Software Old Version Downloads - OldApps.com http://www.oldapps.com/ OldVersion.com http://www.oldversion.com/ Web Application exploits, php exploits, asp exploits http://www.exploit-db.com/webapps/ wavsep - Web Application Vulnerability Scanner Evaluation Project http://code.google.com/p/wavsep/downloads/list OWASP SiteGenerator - OWASP http://www.owasp.org/index.php/Owasp_SiteGenerator Hacme Books | McAfee Free Tools http://www.mcafee.com/us/downloads/free-tools/hacmebooks.aspx Hacme Casino v1.0 | McAfee Free Tools http://www.mcafee.com/us/downloads/free-tools/hacme-casino.aspx Hacme Shipping | McAfee Free Tools http://www.mcafee.com/us/downloads/free-tools/hacmeshipping.aspx Hacme Travel | McAfee Free Tools http://www.mcafee.com/us/downloads/free-tools/hacmetravel.aspx Test Sites Test Site http://www.webscantest.com/ CrackMeBank Investments http://crackme.cenzic.com/Kelev/view/home.php http://zero.webappsecurity.com http://zero.webappsecurity.com/banklogin.asp?serviceName=FreebankCaastAccess&templateName=prod_sel.forte&source=Freebank&AD_REFERRING_URL=http://www.Freebank.com acublog news http://testaspnet.vulnweb.com/ acuforum forums http://testasp.vulnweb.com/ Home of Acunetix Art http://testphp.vulnweb.com/ Altoro Mutual http://demo.testfire.net/ NT OBJECTives http://hackme.ntobjectives.com/ Methodologies Penetration Testing Framework http://www.vulnerabilityassessment.co.uk/Penetration%20Test.html The Penetration Testing Execution Standard http://www.pentest-standard.org/index.php/Main_Page Web Application Security Consortium (WASC) http://www.webappsec.org/projects/threat/ OWASP top 10 http://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project social-engineer.org http://www.social-engineer.org/ misc/unsorted http://www.ikkisoft.com/stuff/SMH_XSS.txt http://www.ikkisoft.com/stuff/SMH_XSS.txt XFS 101: Cross-Frame Scripting Explained | SecureState Information Security Blog http://securestate.blogspot.com/2010/08/xfs-101-cross-frame-scripting-explained.html?utm_source=twitterfeed&utm_medium=twitter What The Fuck Is My Information Security Strategy? http://whatthefuckismyinformationsecuritystrategy.com/ OWASP_DanielCutbert_Evolution_WebAppPenTest.mp4 http://video.google.com/videoplay?docid=4379894308228900017&q=owasp# DeepSec 2007 - Aaron Portnoy Cody Pierce - RPC Auditing Tools and Techniques http://video.google.com/videoplay?docid=4994651985041179755&ei=_1k4TKj-PI-cqAPioJnKDA&q=deepsec# extern blog SensePost; http://www.sensepost.com/blog/4552.html Zen One: PCI Compliance - Disable SSLv2 and Weak Ciphers http://blog.zenone.org/2009/03/pci-compliance-disable-sslv2-and-weak.html HD Moore on Metasploit, Exploitation and the Art of Pen Testing | threatpost http://threatpost.com/en_us/blogs/hd-moore-metasploit-exploitation-and-art-pen-testing-040210 Network Time Protocol (NTP) Fun | carnal0wnage.attackresearch.com http://carnal0wnage.attackresearch.com/node/410 black-box-scanners-dimva2010.pdf (application/pdf Object) http://www.cs.ucsb.edu/~adoupe/static/black-box-scanners-dimva2010.pdf Database_Pen_Testing_ISSA_March_25_V2.pdf (application/pdf Object) http://www.spy-hunter.com/Database_Pen_Testing_ISSA_March_25_V2.pdf Stupid htaccess Tricks • Perishable Press http://perishablepress.com/press/2006/01/10/stupid-htaccess-tricks/ MitM Introduction to dsniff - GIAC Certified Student Practical http://www.giac.org/certified_professionals/practicals/gsec/0810.php dsniff-n-mirror.pdf (application/pdf Object) http://www.linuxsecurity.com/docs/PDF/dsniff-n-mirror.pdf dsniff.pdf (application/pdf Object) http://www.cs.uiuc.edu/class/sp08/cs498sh/slides/dsniff.pdf A Hacker's Story: Let me tell you just how easily I can steal your personal data - Techvibes.com http://www.techvibes.com/blog/a-hackers-story-let-me-tell-you-just-how-easily-i-can-steal-your-personal-data ECCE101.pdf (application/pdf Object) http://www.mindcenter.net/uploads/ECCE101.pdf 3.pdf (application/pdf Object) http://toorcon.org/pres12/3.pdf Seven_Deadliest_UC_Attacks_Ch3.pdf (application/pdf Object) http://media.techtarget.com/searchUnifiedCommunications/downloads/Seven_Deadliest_UC_Attacks_Ch3.pdf cracking-air.pdf (application/pdf Object) http://packetstormsecurity.org/papers/wireless/cracking-air.pdf bh-europe-03-valleri.pdf (application/pdf Object) http://www.blackhat.com/presentations/bh-europe-03/bh-europe-03-valleri.pdf Costa.pdf (application/pdf Object) http://www.oact.inaf.it/ws-ssri/Costa.pdf defcon-17-sam_bowne-hijacking_web_2.0.pdf (application/pdf Object) http://www.defcon.org/images/defcon-17/dc-17-presentations/defcon-17-sam_bowne-hijacking_web_2.0.pdf Live_Hacking.pdf (application/pdf Object) http://mcafeeseminar.com/focus/downloads/Live_Hacking.pdf PasstheParcel-MITMGuide.pdf (application/pdf Object) http://www.seanobriain.com/docs/PasstheParcel-MITMGuide.pdf 2010JohnStrandKeynote.pdf (application/pdf Object) http://www.more.net/sites/default/files/2010JohnStrandKeynote.pdf 18.Ettercap_Spoof.pdf (application/pdf Object) http://www.leetupload.com/database/Misc/Papers/Asta%20la%20Vista/18.Ettercap_Spoof.pdf EtterCap ARP Spoofing & Beyond.pdf (application/pdf Object) http://bandwidthco.com/whitepapers/netforensics/arp/EtterCap%20ARP%20Spoofing%20&%20Beyond.pdf Fun With EtterCap Filters.pdf (application/pdf Object) http://bandwidthco.com/whitepapers/netforensics/arp/Fun%20With%20EtterCap%20Filters.pdf The_Magic_of_Ettercap.pdf (application/pdf Object) http://www.iac.iastate.edu/iasg/libarchive/0910/The_Magic_of_Ettercap/The_Magic_of_Ettercap.pdf arp_spoofing.pdf (application/pdf Object) http://articles.manugarg.com/arp_spoofing.pdf Ettercap(ManInTheMiddleAttack-tool).pdf (application/pdf Object) http://academy.delmar.edu/Courses/ITSY2430/eBooks/Ettercap(ManInTheMiddleAttack-tool).pdf ICTSecurity-2004-26.pdf (application/pdf Object) http://www.ucci.it/docs/ICTSecurity-2004-26.pdf ettercap_Nov_6_2005-1.pdf (application/pdf Object) http://web.mac.com/opticrealm/iWeb/asurobot/My%20Cyber%20Attack%20Papers/My%20Cyber%20Attack%20Papers_files/ettercap_Nov_6_2005-1.pdf MadIrish.net Mallory is More than a Proxy http://www.madirish.net/?article=470 Thicknet: It does more than Oracle, Steve Ocepek securityjustice on USTREAM. Computers http://www.ustream.tv/recorded/12777183 OSINT Presentations Enterprise Open Source Intelligence Gathering – Part 1 Social Networks — spylogic.net http://www.spylogic.net/2009/10/enterprise-open-source-intelligence-gathering-part-1-social-networks/ Enterprise Open Source Intelligence Gathering – Part 2 Blogs, Message Boards and Metadata — spylogic.net http://www.spylogic.net/2009/10/enterprise-open-source-intelligence-gathering-%e2%80%93-part-2-blogs-message-boards-and-metadata/ Enterprise Open Source Intelligence Gathering – Part 3 Monitoring and Social Media Policies — spylogic.net http://www.spylogic.net/2009/10/enterprise-open-source-intelligence-gathering-part-3-monitoring/ Tactical Information Gathering http://www.slideshare.net/Laramies/tactical-information-gathering document_metadata_the_silent_killer__32974 (application/pdf Object) http://www.sans.org/reading_room/whitepapers/privacy/document_metadata_the_silent_killer__32974 footprinting - passive information gathering before a pentest http://infond.blogspot.com/2010/05/toturial-footprinting.html People and Orginizational spokeo.com - People Search http://www.spokeo.com/ 123people.com http://www.123people.com/ Spoke.com - Business Directory http://www.spoke.com/ Business Network - Social Network for Business Professionals http://www.xing.com/ ZoomInfo http://zoominfo.com/ Pipl - People Search http://pipl.com/ Free People Search by ZabaSearch! http://www.zabasearch.com/ Free People Finder and Company Search | SearchBug http://www.searchbug.com/default.aspx Free People Search http://skipease.com/ Addictomatic: Inhale the Web http://addictomatic.com/ Real Time Search - Social Mention http://socialmention.com/ EntityCube http://entitycube.research.microsoft.com/ yasni.com | No. 1 free people search - Find anyone on the web http://www.yasni.com/ Tweepz.com - search, find and discover interesting people on twitter http://tweepz.com/ TweepSearch :: Twitter Profile and Bio Search http://tweepsearch.com/ Glassdoor.com - Company Salaries and Reviews http://www.glassdoor.com/index.htm Jigsaw Business Contact Directory http://www.jigsaw.com/ Full Text Search http://searchwww.sec.gov/EDGARFSClient/jsp/EDGAR_MainAccess.jsp TinEye Reverse Image Search http://www.tineye.com/ PeekYou http://www.peekyou.com/ PicFog - Quick Image Search http://picfog.com/ Twapper Keeper - "We save tweets" - Archive Tweets http://twapperkeeper.com/index.php White Pages | Email Lookup | People Find Tools at The Ultimates http://theultimates.com/ Infastructure Netcraft Uptime Survey http://uptime.netcraft.com/ SHODAN - Computer Search Engine http://www.shodanhq.com/ Domain Tools: Whois Lookup and Domain Suggestions http://www.domaintools.com/ Free online network utilities - traceroute, nslookup, automatic whois lookup, ping, finger http://centralops.net/co/ http://hackerfantastic.com/ http://hackerfantastic.com/ WHOIS and Reverse IP Service http://whois.webhosting.info/ MSN IP Search javascript:document.location%20=%20'http://ha.ckers.org/weird/ipsearch.cgi?'%20+%20document.domain SSL Labs - Projects / Public SSL Server Database - SSL Server Test https://www.ssllabs.com/ssldb/analyze.html MyIPNeighbors Reverse IP Lookup http://www.my-ip-neighbors.com/ Google Hacking Database, GHDB, Google Dorks http://www.exploit-db.com/google-dorks/ Domain - reports and all about ips, networks and dns http://www.serversniff.net/index.php net toolkit::index http://clez.net/ IHS | GHDB http://www.hackersforcharity.org/ghdb/ Passwords and Hashes Password Exploitation Class http://www.irongeek.com/i.php?page=videos/password-exploitation-class Default Passwords Database http://cirt.net/passwords Sinbad Security Blog: MS SQL Server Password Recovery http://sinbadsecurity.blogspot.com/2008/10/ms-sql-server-password-recovery.html Foofus Networking Services - Medusa::SMBNT http://www.foofus.net/~jmk/medusa/medusa-smbnt.html LM/NTLM Challenge / Response Authentication - Foofus.Net Security Stuff http://www.foofus.net/?page_id=63 MD5 Crackers | Password Recovery | Wordlist Downloads http://hashcrack.blogspot.com/ Password Storage Locations For Popular Windows Applications http://www.nirsoft.net/articles/saved_password_location.html Online Hash Crack MD5 / LM / NTLM / SHA1 / MySQL - Passwords recovery - Reverse hash lookup Online - Hash Calculator http://www.onlinehashcrack.com/ Requested MD5 Hash queue http://www.md5this.com/list.php? Virus.Org http://www.virus.org/default-password Default Password List http://www.phenoelit-us.org/dpl/dpl.html Electric Alchemy: Cracking Passwords in the Cloud: Breaking PGP on EC2 with EDPR http://news.electricalchemy.net/2009/10/cracking-passwords-in-cloud.html Wordlists "Crack Me If You Can" - DEFCON 2011 http://contest.korelogic.com/wordlists.html Packet Storm Word Lists http://packetstormsecurity.org/Crackers/wordlists/ Passwords - SkullSecurity http://www.skullsecurity.org/wiki/index.php/Passwords Index of /passwd/passwords http://www.ericheitzman.com/passwd/passwords/ Pass the Hash pass-the-hash-attacks-tools-mitigation_33283 (application/pdf Object) http://www.sans.org/reading_room/whitepapers/testing/pass-the-hash-attacks-tools-mitigation_33283 crack-pass-hash_33219 (application/pdf Object) http://www.sans.org/reading_room/whitepapers/testing/crack-pass-hash_33219 Reverse Engineering & Malware TiGa's IDA Video Tutorial Site http://www.woodmann.com/TiGa/idaseries.html Binary Auditing http://www.binary-auditing.com/ http://visi.kenshoto.com/ http://visi.kenshoto.com/ radare http://www.radare.org/y/ Offensive Computing | Community Malicious code research and analysis http://www.offensivecomputing.net/ Tools OSINT Edge-Security - theHarvester- Information Gathering http://www.edge-security.com/theHarvester.php DNSTRACER man-page http://www.mavetju.org/unix/dnstracer-man.php Maltego 3 http://www.paterva.com/web5/ Metadata document-metadata-silent-killer_32974 (application/pdf Object) http://www.sans.org/reading_room/whitepapers/privacy/document-metadata-silent-killer_32974 [strike out] http://lcamtuf.coredump.cx/strikeout/ ExifTool by Phil Harvey http://www.sno.phy.queensu.ca/~phil/exiftool/ Edge-Security - Metagoofil - Metadata analyzer - Information Gathering http://www.edge-security.com/metagoofil.php Security and Networking - Blog - Metadata Enumeration with FOCA http://www.darkoperator.com/blog/2009/4/24/metadata-enumeration-with-foca.html Google Hacking Midnight Research Labs - SEAT http://midnightresearch.com/projects/search-engine-assessment-tool/#downloads Google Hacking Diggity Project « Stach & Liu http://www.stachliu.com/index.php/resources/tools/google-hacking-diggity-project/ dorkScan.py http://voidnetwork.org/5ynL0rd/darkc0de/python_script/dorkScan.html Web BeEF http://www.bindshell.net/tools/beef BlindElephant Web Application Fingerprinter http://blindelephant.sourceforge.net/ XSSer: automatic tool for pentesting XSS attacks against different applications http://xsser.sourceforge.net/ RIPS | Download RIPS software for free at SourceForge.net http://sourceforge.net/projects/rips-scanner/ http://www.divineinvasion.net/authforce/ http://www.divineinvasion.net/authforce/ Attack and Defense Labs - Tools http://andlabs.org/tools.html#sotf Browser_Exploitation_for_Fun&Profit http://www.taddong.com/docs/Browser_Exploitation_for_Fun&Profit_Taddong-RaulSiles_Nov2010_v1.1.pdf Using sqid (SQL Injection Digger) to look for SQL Injection http://carnal0wnage.blogspot.com/2007/07/using-sqid-sql-injection-digger-to-look.html pinata-CSRF-tool http://code.google.com/p/pinata-csrf-tool/ XSSer: automatic tool for pentesting XSS attacks against different applications http://xsser.sourceforge.net/#intro Clickjacker http://www.contextis.co.uk/resources/tools/clickjacking-tool/ unicode-fun.txt ≈ Packet Storm http://packetstormsecurity.org/files/view/69896/unicode-fun.txt WebService-Attacker http://sourceforge.net/projects/ws-attacker/files/ Attack Strings fuzzdb - Project Hosting on Google Code http://code.google.com/p/fuzzdb/ OWASP Fuzzing Code Database - OWASP http://www.owasp.org/index.php/Category:OWASP_Fuzzing_Code_Database#tab=Statements Shells SourceForge.net: Yokoso! http://sourceforge.net/projects/yokoso/ AJAX/PHP Command Shell http://sourceforge.net/projects/ajaxshell/ Scanners w3af - Web Application Attack and Audit Framework http://w3af.sourceforge.net/ skipfish - Project Hosting on Google Code http://code.google.com/p/skipfish/ sqlmap: automatic SQL injection tool http://sqlmap.sourceforge.net/ SQID - SQL Injection digger http://sqid.rubyforge.org/#next http://www.packetstormsecurity.org/UNIX/scanners/XSSscan.py.txt http://www.packetstormsecurity.org/UNIX/scanners/XSSscan.py.txt WindowsAttack - fimap - Windows Attacking Example - Project Hosting on Google Code http://code.google.com/p/fimap/wiki/WindowsAttack fm-fsf - Project Hosting on Google Code http://code.google.com/p/fm-fsf/ Websecurify http://www.websecurify.com/ News :: Arachni - Web Application Security Scanner Framework http://arachni.segfault.gr/news rfiscan ≈ Packet Storm http://packetstormsecurity.org/UNIX/scanners/rfiscan2.py.txt lfi-rfi2 scanner ≈ Packet Storm http://packetstormsecurity.org/UNIX/scanners/lfi-rfi2.txt inspathx – Tool For Finding Path Disclosure Vulnerabilities http://www.darknet.org.uk/2010/09/inspathx-tool-for-finding-path-disclosure-vulnerabilities/ DotDotPwn - The Directory Traversal Fuzzer 2.1 ≈ Packet Storm http://packetstormsecurity.org/files/view/95399/dotdotpwn-v2.1.tar.gz Proxies Burp fuzzing-approach-credentials-discovery-burp-intruder_33214 (application/pdf Object) http://www.sans.org/reading_room/whitepapers/testing/fuzzing-approach-credentials-discovery-burp-intruder_33214 Constricting the Web: The GDS Burp API - Gotham Digital Science http://www.gdssecurity.com/l/b/2010/08/10/constricting-the-web-the-gds-burp-api/ Browse Belch - Burp External Channel v1.0 Files on SourceForge.net http://sourceforge.net/projects/belch/files/ Burp Suite Tutorial – Repeater and Comparer Tools « Security Ninja http://www.securityninja.co.uk/burp-suite-tutorial-repeater-and-comparer-tools w3af in burp http://blog.ombrepixel.com/ Attack and Defense Labs - Tools http://andlabs.org/tools.html#dser burp suite tutorial - English http://feoh.tistory.com/22 Moses Pelham http://www.facebook.com/mosespelham SensePost - reDuh - HTTP Tunneling Proxy http://www.sensepost.com/labs/tools/pentest/reduh OWASP WebScarab NG Project - OWASP http://www.owasp.org/index.php/OWASP_WebScarab_NG_Project Mallory: Transparent TCP and UDP Proxy – Intrepidus Group - Insight http://intrepidusgroup.com/insight/mallory/ Fiddler Web Debugger - A free web debugging tool http://www.fiddler2.com/fiddler2/ Watcher: Web security testing tool and passive vulnerability scanner http://websecuritytool.codeplex.com/documentation?referringTitle=Home X5S http://translate.google.com/translate?hl=en&sl=es&u=http://xss.codeplex.com/releases/view/43170&prev=/search%3Fq%3Dhttp://www.hackingeek.com/2010/08/x5s-encuentra-fallos-xss-lfi-rfi-en-tus.html%26hl%3Den&rurl=translate.google.com&twu=1 koto/squid-imposter - GitHub https://github.com/koto/squid-imposter Social Engineering Social Engineering Toolkit http://www.secmaniac.com/ Password Ncrack http://nmap.org/ncrack/ Medusa http://www.foofus.net/jmk/medusa/medusa.html JTR http://www.openwall.com/john/ Ophcrack http://ophcrack.sourceforge.net/ keimpx in action | 0x3f http://blog.0x3f.net/tool/keimpx-in-action/ keimpx - Project Hosting on Google Code http://code.google.com/p/keimpx/ hashkill http://sourceforge.net/projects/hashkill/ Metasploit markremark: Reverse Pivots with Metasploit - How NOT to make the lightbulb http://www.indepthdefense.com/2009/02/reverse-pivots-with-metasploit-how-not.html WmapNikto - msf-hack - One-sentence summary of this page. - Project Hosting on Google Code http://code.google.com/p/msf-hack/wiki/WmapNikto markremark: Metasploit Visual Basic Payloads in action http://www.indepthdefense.com/2009/01/metasploit-visual-basic-payloads-in.html Metasploit Mailing List http://seclists.org/metasploit/ PaulDotCom: Archives http://pauldotcom.com/2010/03/nessus-scanning-through-a-meta.html OpenSSH-Script for meterpreter available ! http://meterpreter.illegalguy.hostzi.com/ Metasploit: Automating the Metasploit Console http://blog.metasploit.com/2010/03/automating-metasploit-console.html 561 http://www.workrobot.com/sansfire2009/561.html Deploying Metasploit as a Payload on a Rooted Box Tutorial http://securitytube.net/Deploying-Metasploit-as-a-Payload-on-a-Rooted-Box-video.aspx Metasploit/MeterpreterClient - Wikibooks, collection of open-content textbooks http://en.wikibooks.org/wiki/Metasploit/MeterpreterClient#download SecTor 2010 - HD Moore - Beyond Exploits on Vimeo http://vimeo.com/16852783 XLSinjector « Milo2012's Security Blog http://milo2012.wordpress.com/2009/09/27/xlsinjector/ Armitage - Cyber Attack Management for Metasploit http://www.fastandeasyhacking.com/ Nsploit http://trac.happypacket.net/ neurosurgery-with-meterpreter http://www.blackhat.com/presentations/bh-dc-10/Ames_Colin/BlackHat-DC-2010-colin-david-neurosurgery-with-meterpreter-wp.pdf (automating msf) UAV-slides.pdf http://www.blackhat.com/presentations/bh-dc-10/Egypt/BlackHat-DC-2010-Egypt-UAV-slides.pdf MSF Exploits or Easy Tenable Network Security http://www.nessus.org/plugins/index.php?view=single&id=12204 Tenable Network Security http://www.nessus.org/plugins/index.php?view=single&id=11413 Tenable Network Security http://www.nessus.org/plugins/index.php?view=single&id=18021 Tenable Network Security http://www.nessus.org/plugins/index.php?view=single&id=26918 Tenable Network Security http://www.nessus.org/plugins/index.php?view=single&id=34821 Tenable Network Security http://www.nessus.org/plugins/index.php?view=single&id=22194 Tenable Network Security http://www.nessus.org/plugins/index.php?view=single&id=34476 Tenable Network Security http://www.nessus.org/plugins/index.php?view=single&id=25168 Tenable Network Security http://www.nessus.org/plugins/index.php?view=single&id=19408 Tenable Network Security http://www.nessus.org/plugins/index.php?view=single&id=21564 Tenable Network Security http://www.nessus.org/plugins/index.php?view=single&id=10862 Tenable Network Security http://www.nessus.org/plugins/index.php?view=single&id=26925 Tenable Network Security http://www.nessus.org/plugins/index.php?view=single&id=29314 Tenable Network Security http://www.nessus.org/plugins/index.php?view=single&id=23643 Tenable Network Security http://www.nessus.org/plugins/index.php?view=single&id=12052 Tenable Network Security http://www.nessus.org/plugins/index.php?view=single&id=34477 Tenable Network Security http://www.nessus.org/plugins/index.php?view=single&id=15962 Tenable Network Security http://www.nessus.org/plugins/index.php?view=single&id=42106 Tenable Network Security http://www.nessus.org/plugins/index.php?view=single&id=15456 Tenable Network Security http://www.nessus.org/plugins/index.php?view=single&id=21689 Tenable Network Security http://www.nessus.org/plugins/index.php?view=single&id=12205 Tenable Network Security http://www.nessus.org/plugins/index.php?view=single&id=22182 Tenable Network Security http://www.nessus.org/plugins/index.php?view=single&id=26919 Tenable Network Security http://www.nessus.org/plugins/index.php?view=single&id=26921 Tenable Network Security http://www.nessus.org/plugins/index.php?view=single&id=21696 Tenable Network Security http://www.nessus.org/plugins/index.php?view=single&id=40887 Tenable Network Security http://www.nessus.org/plugins/index.php?view=single&id=10404 Tenable Network Security http://www.nessus.org/plugins/index.php?view=single&id=18027 Tenable Network Security http://www.nessus.org/plugins/index.php?view=single&id=19402 Tenable Network Security http://www.nessus.org/plugins/index.php?view=single&id=11790 Tenable Network Security http://www.nessus.org/plugins/index.php?view=single&id=12209 Tenable Network Security http://www.nessus.org/plugins/index.php?view=single&id=10673 NSE Nmap Scripting Engine Primer Tutorial http://securitytube.net/Nmap-Scripting-Engine-Primer-video.aspx NSEDoc Reference Portal http://nmap.org/nsedoc/ Net Scanners & Scripts Nmap http://nmap.org/ Information Gathering With Nmap « Penetration Testing Lab http://pentestlab.wordpress.com/2013/02/16/information-gathering-with-nmap/?goback=%2Egde_4217258_member_214808738 sambascan2 - SMB scanner http://asturio.gmxhome.de/software/sambascan2/i.html SoftPerfect Network Scanner http://www.softperfect.com/products/networkscanner/ OpenVAS http://www.openvas.org/ Nessus Community | Tenable Network Security http://tenable.com/products/nessus Nexpose Community | Rapid7 http://www.rapid7.com/vulnerability-scanner.jsp Retina Community http://www.eeye.com/products/retina/community Post Exploitation http://www.awarenetwork.org/home/rattle/source/python/exe2bat.py http://www.awarenetwork.org/home/rattle/source/python/exe2bat.py Metacab | PHX2600 http://www.phx2600.org/archive/2008/08/29/metacab/ Netcat Re: Your favorite Ncat/nc/Netcat trick? - ReadList.com http://readlist.com/lists/insecure.org/nmap-dev/1/7779.html ads.pdf (application/pdf Object) http://www.radarhack.com/tutorial/ads.pdf Netcat_for_the_Masses_DDebeer.pdf (application/pdf Object) http://www.infosecwriters.com/text_resources/pdf/Netcat_for_the_Masses_DDebeer.pdf netcat_cheat_sheet_v1.pdf (application/pdf Object) http://www.sans.org/security-resources/sec560/netcat_cheat_sheet_v1.pdf socat http://www.dest-unreach.org/socat/ NetCat tutorial: Day1 [Archive] - Antionline Forums - Maximum Security for a Connected World http://www.antionline.com/archive/index.php/t-230603.html Netcat tricks « Jonathan’s Techno-tales http://technotales.wordpress.com/2009/06/14/netcat-tricks/ Nmap Development: Re: Your favorite Ncat/nc/Netcat trick? http://seclists.org/nmap-dev/2009/q1/581 Few Useful Netcat Tricks « Terminally Incoherent http://www.terminally-incoherent.com/blog/2007/08/07/few-useful-netcat-tricks/ Skoudis_pentestsecrets.pdf (application/pdf Object) http://www.inguardians.com/research/docs/Skoudis_pentestsecrets.pdf Cracked, inSecure and Generally Broken: Netcat http://gse-compliance.blogspot.com/2008/07/netcat.html Ncat for Netcat Users http://junker.org/~tkh16/ncat-for-netcat-users.php Source Inspection Graudit - Just Another Hacker http://www.justanotherhacker.com/projects/graudit.html javasnoop - Project Hosting on Google Code http://code.google.com/p/javasnoop/ Firefox Addons David's Pen Testing (Security) Collection :: Collections :: Pengaya untuk Firefox https://addons.mozilla.org/id/firefox/collections/byrned/pentesting/?page=8 OSVDB :: Add-ons for Firefox https://addons.mozilla.org/en-US/firefox/addon/osvdb/ Packet Storm search plugin. :: Add-ons for Firefox https://addons.mozilla.org/en-US/firefox/addon/packet-storm-search-plugin/ Default Passwords - CIRT.net :: Add-ons for Firefox https://addons.mozilla.org/en-US/firefox/addon/default-passwords-cirtne-58786/ Offsec Exploit-db Search :: Add-ons for Firefox https://addons.mozilla.org/en-US/firefox/addon/offsec-exploit-db-search/ OVAL repository search plugin :: Add-ons for Firefox https://addons.mozilla.org/en-US/firefox/addon/oval-repository-search-plugin/ CVE ® dictionary search plugin :: Add-ons for Firefox https://addons.mozilla.org/en-US/firefox/addon/cve-dictionary-search-plugin/ HackBar :: Add-ons for Firefox https://addons.mozilla.org/en-US/firefox/addon/hackbar/ Tool Listings .:[ packet storm ]:. - tools http://www.packetstormsecurity.org/tools100.html Security and Hacking Tools http://tools.securitytube.net/index.php?title=Main_Page Training/Classes Sec / Hacking Penetration Testing and Vulnerability Analysis - Home http://pentest.cryptocity.net/ Network Sniffers Class for the Kentuckiana ISSA 2011 (Hacking Illustrated Series InfoSec Tutorial Videos) http://www.irongeek.com/i.php?page=videos/network-sniffers-class CNIT 124: Advanced Ethical Hacking -- Sam Bowne http://samsclass.info/124/124_Sum09.shtml CS 279 - Advanced Topics in Security http://www.cs.ucsb.edu/~vigna/courses/cs279/ CS142 Web Programming and Security - Stanford http://crypto.stanford.edu/cs142/ CS155 Computer and Network Security - Stanford http://crypto.stanford.edu/cs155/ CSE 227: Computer Security - UCSD http://cseweb.ucsd.edu/classes/wi09/cse227/ CS 161: Computer Security - UC Berkley http://www-inst.eecs.berkeley.edu/~cs161/sp11/ Security Talks - UCLA http://security.ucla.edu/pages/Security_Talks CSCI 4971 Secure Software Principles - RPI http://www.cs.rpi.edu/academics/courses/spring10/csci4971/ MCS 494 UNIX Security Holes http://cr.yp.to/2004-494.html Software Security - CMU http://www.ece.cmu.edu/~dbrumley/courses/18732-f09/ T-110.6220 Special Topics in Ifocsec -TKK https://noppa.tkk.fi/noppa/kurssi/t-110.6220/luennot Sec and Infosec Related - MIT http://stuff.mit.edu/iap/2009/#websecurity Metasploit Metasploit Unleashed http://www.offensive-security.com/metasploit-unleashed/ Metasploit Class Videos (Hacking Illustrated Series InfoSec Tutorial Videos) http://www.irongeek.com/i.php?page=videos/metasploit-class Metasploit Megaprimer 300+ mins of video http://www.ethicalhacker.net/component/option,com_smf/Itemid,54/topic,6158.0/ Metasploit Tips and Tricks - Ryan Linn http://vimeo.com/16925188 OffSecOhioChapter, Metasploit Class2 - Part1 http://www.ustream.tv/recorded/13396511 OffSecOhioChapter, Metasploit Class2 - Part2 http://www.ustream.tv/recorded/13397426 OffSecOhioChapter, Metasploit Class2 - Part3 http://www.ustream.tv/recorded/13398740 Programming Python Google's Python Class - Google's Python Class - Google Code http://code.google.com/edu/languages/google-python-class/index.html Python en:Table of Contents - Notes http://www.swaroopch.com/notes/Python_en:Table_of_Contents TheNewBoston – Free Educational Video Tutorials on Computer Programming and More! » Python http://www.thenewboston.com/?cat=40&pOpen=tutorial Python Videos, Tutorials and Screencasts http://showmedo.com/videotutorials/python Learning Python Programming Language Through Video Lectures - good coders code, great reuse http://www.catonmat.net/blog/learning-python-programming-language-through-video-lectures/ Ruby Video Tutorials - Technology Demonstrations - tekniqal.com http://www.tekniqal.com/ Other/Misc CS490 Windows Internals http://www.cs.sjtu.edu.cn/~kzhu/cs490/ T-110.6220 Lectures - Noppa - TKK https://noppa.tkk.fi/noppa/kurssi/t-110.6220/luennot/ Index of /edu/training/ss/lecture/new-documents/Lectures http://i-web.i.u-tokyo.ac.jp/edu/training/ss/lecture/new-documents/Lectures/  InfoSec Resources http://resources.infosecinstitute.com/ Robert Hansen on Vimeo http://vimeo.com/user2720399 Web Vectors SQLi MSSQL Injection Cheat Sheet - pentestmonkey.net http://pentestmonkey.net/blog/mssql-sql-injection-cheat-sheet/ SQL Injection Cheat Sheet http://ferruh.mavituna.com/sql-injection-cheatsheet-oku/ EvilSQL Cheatsheet http://www.evilsql.com/main/index.php RSnake SQL Injection Cheatsheet http://ha.ckers.org/sqlinjection/ Mediaservice.net SQLi Cheatsheet http://lab.mediaservice.net/notes_more.php?id=MSSQL MySQL Injection Cheat Sheet http://old.justinshattuck.com/2007/01/18/mysql-injection-cheat-sheet/ Full MSSQL Injection PWNage http://xd-blog.com.ar/descargas/manuales/bugs/full-mssql-injection-pwnage.html MS Access SQL Injection Cheat Sheet » krazl - â„¢ ķЯαž£ â„¢ - bloggerholic http://www.krazl.com/blog/?p=3 MS Access SQL Injection Cheat Sheet http://web.archive.org/web/20080822123152/http://www.webapptest.org/ms-access-sql-injection-cheat-sheet-EN.html Penetration Testing: Access SQL Injection http://web.archive.org/web/20101112061524/http://seclists.org/pen-test/2003/May/0074.html Testing for MS Access - OWASP http://www.owasp.org/index.php/Testing_for_MS_Access Security Override - Articles: The Complete Guide to SQL Injections http://securityoverride.com/articles.php?article_id=1&article=The_Complete_Guide_to_SQL_Injections Obfuscated SQL Injection attacks http://isc.sans.edu/diary.html?storyid=9397 Exploiting hard filtered SQL Injections « Reiners’ Weblog http://websec.wordpress.com/2010/03/19/exploiting-hard-filtered-sql-injections/ SQL Injection Attack http://sqlzoo.net/hack/ YouTube - Joe McCray - Advanced SQL Injection - LayerOne 2009 http://www.youtube.com/watch?v=WkHkryIoLD0 Joe McCray - Advanced SQL Injection - L1 2009.pdf (application/pdf Object) http://layerone.info/archives/2009/Joe%20McCray%20-%20Advanced%20SQL%20Injection%20-%20L1%202009.pdf Joseph McCray SQL Injection http://vimeo.com/3418947 sla.ckers.org web application security forum :: Obfuscation :: SQL filter evasion http://sla.ckers.org/forum/read.php?24,33903 sqli2.pdf (application/pdf Object) http://websec.files.wordpress.com/2010/11/sqli2.pdf SQL Server Version - SQLTeam.com http://www.sqlteam.com/article/sql-server-versions Overlooked SQL Injection 20071021.pdf (application/pdf Object) http://www.securityexperiment.com/se/documents/Overlooked%20SQL%20Injection%2020071021.pdf SQLInjectionCommentary20071021.pdf (application/pdf Object) http://www.securityexperiment.com/se/documents/SQLInjectionCommentary20071021.pdf uploadtricks bypassing upload file type - Google Search http://www.google.com/#hl=en&q=bypassing+upload+file+type&start=40&sa=N&fp=a2bb30ecf4f91972 Skeptikal.org: Adobe Responds... Sort Of http://blog.skeptikal.org/2009/11/adobe-responds-sort-of.html Secure File Upload in PHP Web Applications | INSIC DESIGNS http://blog.insicdesigns.com/2009/01/secure-file-upload-in-php-web-applications/ Stupid htaccess Tricks • Perishable Press http://perishablepress.com/press/2006/01/10/stupid-htaccess-tricks/ Tricks and Tips: Bypassing Image Uploaders. - By: t3hmadhatt3r http://ex.ploit.net/f20/tricks-tips-bypassing-image-uploaders-t3hmadhatt3r-38/ Security FCKeditor ADS File Upload Vulnerability - Windows Only http://www.ravenphpscripts.com/article2974.html Cross Site Scripting scanner – Free XSS Security Scanner http://www.acunetix.com/cross-site-scripting/scanner.htm VUPEN - Microsoft IIS File Extension Processing Security Bypass Vulnerability / Exploit (Security Advisories - VUPEN/ADV-2009-3634) http://www.vupen.com/english/advisories/2009/3634 Uploading Files Using the File Field Control http://msdn.microsoft.com/en-us/library/aa478971.aspx TangoCMS - Security #237: File Upload Filter Bypass in TangoCMS <=2.5.0 - TangoCMS Project http://dev.tangocms.org/issues/237 Full Disclosure: Zeroboard File Upload & extension bypass Vulnerability http://seclists.org/fulldisclosure/2006/Jun/508 Cross-site File Upload Attacks | GNUCITIZEN http://www.gnucitizen.org/blog/cross-site-file-upload-attacks/ TikiWiki jhot.php Script File Upload Security Bypass Vulnerability http://www.ipolicynetworks.com/technology/files/TikiWiki_jhot.php_Script_File_Upload_Security_Bypass_Vulnerability.html FileUploadSecurity - SH/SC Wiki http://shsc.info/FileUploadSecurity LFI/RFI http://pastie.org/840199 http://pastie.org/840199 Exploiting PHP File Inclusion – Overview « Reiners’ Weblog http://websec.wordpress.com/2010/02/22/exploiting-php-file-inclusion-overview/ LFI..Code Exec..Remote Root! http://www.notsosecure.com/folder2/2010/08/20/lfi-code-exec-remote-root/?utm_source=twitterfeed&utm_medium=twitter Local File Inclusion – Tricks of the Trade « Neohapsis Labs http://labs.neohapsis.com/2008/07/21/local-file-inclusion-%E2%80%93-tricks-of-the-trade/ Blog, When All You Can Do Is Read - DigiNinja http://www.digininja.org/blog/when_all_you_can_do_is_read.php XSS The Anatomy of Cross Site Scripting http://www.infosecwriters.com/hhworld/hh8/csstut.htm Whitepapers - www.technicalinfo.net http://www.technicalinfo.net/papers/CSS.html Cross-Site Scripting (XSS) – no script required - Tales from the Crypto http://msmvps.com/blogs/alunj/archive/2010/07/07/1773441.aspx Guide Cross Site Scripting - Attack and Defense guide - InterN0T - Underground Security Training http://forum.intern0t.net/web-hacking-war-games/112-cross-site-scripting-attack-defense-guide.html BlackHat-EU-2010-Lindsay-Nava-IE8-XSS-Filters-slides.pdf (application/pdf Object) https://media.blackhat.com/bh-eu-10/presentations/Lindsay_Nava/BlackHat-EU-2010-Lindsay-Nava-IE8-XSS-Filters-slides.pdf sirdarckcat: Our Favorite XSS Filters and how to Attack them http://sirdarckcat.blogspot.com/2009/08/our-favorite-xss-filters-and-how-to.html Filter Evasion – Houdini on the Wire « Security Aegis http://www.securityaegis.com/filter-evasion-houdini-on-the-wire/ HTML5 Security Cheatsheet http://heideri.ch/jso/#javascript XSS - Cross Site Scripting http://www.reddit.com/r/xss/ sla.ckers.org web application security forum :: XSS Info http://sla.ckers.org/forum/list.php?2 [DOM Based Cross Site Scripting or XSS of the Third Kind] Web Security Articles - Web Application Security Consortium http://www.webappsec.org/projects/articles/071105.shtml What's Possible with XSS? http://www.12robots.com/index.cfm/2010/9/14/Whats-Possible-with-XSS--Security-Series-81 Coldfusion ColdFusion directory traversal FAQ (CVE-2010-2861) | GNUCITIZEN http://www.gnucitizen.org/blog/coldfusion-directory-traversal-faq-cve-2010-2861/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+gnucitizen+%28GNUCITIZEN%29&utm_content=Twitter Attacking ColdFusion. | Sigurnost i zastita informacija http://zastita.com/02114/Attacking_ColdFusion..html Attacking ColdFusion http://www.nosec.org/2010/0809/629.html HP Blogs - Adobe ColdFusion's Directory Traversal Disaster - The HP Blog Hub http://h30507.www3.hp.com/t5/Following-the-White-Rabbit-A/Adobe-ColdFusion-s-Directory-Traversal-Disaster/ba-p/81964 254_ShlomyGantz_August2009_HackProofingColdFusion.pdf (application/pdf Object) http://cfunited.com/2009/files/presentations/254_ShlomyGantz_August2009_HackProofingColdFusion.pdf Adobe XML Injection Metasploit Module | carnal0wnage.attackresearch.com http://carnal0wnage.attackresearch.com/node/436?utm_source=twitterfeed&utm_medium=twitter Computer Security Blog: PR10-08 Various XSS and information disclosure flaws within Adobe ColdFusion administration console http://r00tsec.blogspot.com/2011/03/pr10-08-various-xss-and-information.html SharePoint The Ethical Hacker Network - Pen Testing Sharepoint http://www.ethicalhacker.net/component/option,com_smf/Itemid,54/topic,6131.msg32678/#msg32678 Lotus Lotus Notes/Domino Security - David Robert's -castlebbs- Blog http://blog.ombrepixel.com/post/2009/05/06/Lotus-Notes/Domino-Security Penetration Testing: Re: Lotus Notes http://seclists.org/pen-test/2002/Nov/43 Hacking Lotus Domino | SecTechno http://www.sectechno.com/2010/07/12/hacking-lotus-domino/?utm_source=twitterfeed&utm_medium=twitter&utm_campaign=Feed%3A+Sectechno+%28SecTechno%29&utm_content=Twitter jboss Whitepaper-Hacking-jBoss-using-a-Browser.pdf (application/pdf Object) http://www.nruns.com/_downloads/Whitepaper-Hacking-jBoss-using-a-Browser.pdf Minded Security Blog: Good Bye Critical Jboss 0day http://blog.mindedsecurity.com/2010/04/good-bye-critical-jboss-0day.html vmware web Metasploit Penetration Testing Framework - Module Browser http://www.metasploit.com/modules/auxiliary/scanner/http/vmware_server_dir_trav Oracle appserver hideaway [dot] net: Hacking Oracle Application Servers http://www.hideaway.net/2007/07/hacking-oracle-application-servers.html Testing for Oracle - OWASP http://www.owasp.org/index.php/Testing_for_Oracle OraScan http://www.ngssoftware.com/services/software-products/internet-security/orascan.aspx NGSSQuirreL for Oracle http://www.ngssoftware.com/services/software-products/Database-Security/NGSSQuirreLOracle.aspx hpoas.pdf (application/pdf Object) http://www.ngssoftware.com/papers/hpoas.pdf SAP Onapsis | Research Labs http://www.onapsis.com/research.html#bizploit '[john-users] patch for SAP-passwords (BCODE & PASSCODE)' - MARC http://marc.info/?l=john-users&m=121444075820309&w=2 Phenoelit SAP exploits http://www.phenoelit-us.org/whatSAP/index.html Wireless pyrit - WPA/WPA2-PSK and a world of affordable many-core platforms - Google Project Hosting http://code.google.com/p/pyrit/ Certified Ethical Hacker Video CBT http://www.w1zsec.info/ceh/
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment