Github pages blog
’'’Specialist Search Engines’’’
*ExploitDB Reference for SearchSploit
*OWASP Application Security Verification Standard Project *PenTest Standard Technical Guidelines *Offensieve Security Testing Framework Docs
*OWASP Phoenix Web App and Infrastructure PenTesting Tools Listing *OWASP Vulnerability Scanning Tools *Web Application Scanner List *Price and Feature Comparison of Web Application Scanners
’'’Other’’’ *Computer Security Researchers to Follow on Twitter *Linux Commands for Pentesters *Nmap CheatSheet *Cheat Sheet for Password Crackers *Target Enumeration Fierce.pl and Dnsrecon.rb *Python GUI For Infrastructure PenTesting *From LOW to PWNED Owning Exposed Services and Admin Interfaces *Web Reconnaissance using Recon-ng *Recon-ng Youtube
*OWASP Offensive Web Application Testing Framework *Kali Tools Listing *SkipFish Kali Listing *SkipFish Tutorial *PenTesting Like A GrandMaster *Video Introducing OWASP OWTF
’'’Local File Inclusion’’’ *Local File Inclusion Tutorial *Local File Inclusion to Remote Code Execution
’'’Remote File Inclusion’’’ *Imperva Paper Remote and Local File Inclusion
’'’SSRF’’’ *SSRF Bible Cheatsheet *SSRF Attacks and Sockets Smorgasbord
’'’Mongo DB Injection’’’ *MongoDB NoSQLMAP Presentation *Attacking MongoDB ZeroNights 2012 Presentation *Attacking MongoDB and Server Side Javascript
’'’Hacking SilverLight Applications’’’ *Silverlight Security OWASP 2009 Presentation *Tools for Testing Silverlight Applications *Silverlight CrossDomain Policy *Attack WCF Web Services OWASP Chapter Presentation
’'’Hacking SAP’’’ *Hardening SAP HTTP and Webservices *SAP Slapping MWR *SAP Session Fixation Attacks and Protections *Hacking SAP Business Objects
’'’Web applications that make use of WebSockets’’’ *Hacking Websockets and Websocket Authentication
*Security Tube Metasploit Framework DVD *SecurityTube Metasploit Materials *The Official Metasploit Wiki *Metasploit Unleashed *Creating Metasploit payloads and Listener Also creating webshells for aspx asp php etc
’'’Linux’’’ *Remote Detection for SQLMAP *Exploit ShellShock with Only Ping *ShellShock *Reverse Shell Cheat Sheet *SSHHatter SSH BruteForcer *Exploit ShellShock with w3af
’'’Windows’’’ *Attack Methods for Gaining Admin Rights in Active Directory
’'’Sniffing Credentials’’’ *Sniffing Credentials from Interface or extraction from pcap file
*Leveraging a Shell from SQL Injection *Advanced SQL Injection to Full Operating System Control *Executing Shell Commands MySQL Commandline Client *SQLInjection with Insert Update and Delete ExploitDb Whitepaper *Gaining a Root Shell MySQL User Defined Functions SQL Injection *MySQL Root to System Root with lib_mysqludf_sys for Windows and Linux *Creating Backdoors Using SQL Injection *Gaining a Root Shell Using MySQL User Defined Functions *MySQL Root To System Root with lib mysql udf sys For Windows and Linux *MySQL Create FUNCTION mysql dot func table arbitrary Library Injection *Command Execution with a MySQL UDF *Hack Proofing MySQL
’'’MS SQL SQL Injection’’’ *MSSQL SQL injection cheat sheet *Advanced MSSQL Injection Very Advanced
*Exploiting Difficult SQL Injections
*Stealing the Keys to the Kingdom SQLInjection with SQLMap *SQLMAp Tamper Scripts *More Advanced SQLMap Techniques *SQLMap Bypassing Weak but Meaningful Filters *Using SQLMap for Automated Vunerability Assesment MadIrish *Handy SQLMap Options *SQLMap X-Forward-For Header Injection See Page 30 *HTTP Header Injection Burp Suite And SQLMap *MySQL Injection CheatSheet PenTestMonkey *MySQL Injection Simple Load File and Into OutFile ExploitDB Paper
’'’Tricks’’’ *Weird Characters in Columns Output SQLMap *More SQLMap Tricks *SQLMap Advanced WAF ByPass Tips and Tricks
’'’DNS Exfiltration’’’ *DNS extract data SQLMAP *DNS EXFILTRATION SQLMAP
*Exploit Post XSS Silently *Exploit XSS in Post Portswigger Blog *Exploiting XSS Through Post ha Ckers Dot Org *XSS Through Post and XML Payload *XSS Tutorial *Dom XSS 101 *Obsufacate Javascript JSFUCK *Ecma Script 6 for Penetration Testers
*WifiPhisher *$20 DIY Wifi PineApple *Do I really need a Wifi PineApple *Someones Wifi Pine Apple Wiki *Rogue Access Points How To Wifi Hacking Dominic White
*Top Usernames and passwords being used by automated attackers in the Wild by frequency of Usage Updated Daily *Password List Daniel Miessler *Username List Daniel Miessler
*OpenWall List of Password Dictionaries *Security StackExchange Good Password Dictionaries *Large list of password dictonaries and wordlists Very Good Resource
*Default Credentials by Device
*Pawn Tools CTF ToolKit *CTS All of 2014 Writeups and Walkthroughs List *CTS All of 2015 Writeups and Walkthroughs List
*ForensicsWiki *ForgottenSec General Infosec Training and Reference Wiki
*Windows Exploitation in 2014 *Windows Logging CheatSheet
*Security White Paper List from GIAC Dot Org *OpenSource Web Application Training Program by OpenDNS
*MDSEC Labs Paid Training by Authors of Burp Suite and Web Application Hackers Handbook
’'’Linux’’’ *Linux Post Exploitation Cheat Sheet *Another Linux Post Exploitation Command List
’'’MySQL’’’
*Mobile Testing Checklist *Testing Guidelines for Mobile Apps *Mobile Testing Checklist From Security Dot Stackexchange *Good practical guide that shows Some Mobile App Hacking Techniques on Instagram App as Target *OWASP Guide on Insecure Storage on Android and IOS *Mobile Pentest CheatSheet
’'’Android Pentesting’’’ *OWASP Mobile Testing Guide Android Reading List *Android Device Testing with The Help of A Droid Army Blackhat 2014 *The Art of Android Hacking 2016 OWASP Chapter Presentation *An In Depth Introduction to the Android Permissions Model *Cracking Open Android Secure Containers *Android Intents and Intent Spoofing *More Info on Intent Spoofing
’'’Android Tools’’’ *Alternative to JD Gui *View Source Code of Jar Dex Apk or Class Files *MWR Drozer Automated Android App Analysis Framework *Appie General Mobile Pentesting Toolkit *APKTool DOcumentation
*Password Cracking Resources Very Extensive List *Find hash type for a hash
*Sans Top 25 Software Security Errors
*Abusing the AWS metadata service using SSRF vulnerabilities *Flaws Dot Cloud AWS Security Challenge